Cyberwarfare & Syria – Lessons from Dayr az-Zawr

October 25, 2012 by Henry Severs in Middle Eastern Politics with 8 Comments

Warfare may not require boots on the ground and jets in the sky, but instead could utilise ones and zeros and take the battlefield into cyberspace. Cyberwarfare should be considered when thinking about intervention in Syria.

Last Monday I attended a public event run by the UCL Debating Society discussing the pressing question of intervention in Syria. Presenting the argument for intervention was a group headed by Shiraz Maher of ICSR, recently interviewed in the most recent episode of Debrief. These reasons were articulated along a number of specific lines. Initially, appeals were made to the moral and legal duty to assist the people of Syria; repressed, tortured, displaced, and murdered by a wantonly violent and ruthless regime. It was further argued that intervention would substantially undermine Iranian dominance in the Arab World, a dominance bolstered by the removal of Saddam Hussein. Should the Assad regime fall, the strategic implications for Iran would be two-fold; not only eliminating a key military base, but also directly impacting the supply chain to Hezbollah militants in Lebanon. Ahmadinejad knows this, which is why members from Iran’s Islamic Revolutionary Guards Corps (IRGC) were recently sent to Assad to lend their disturbing expertise in infiltrating and suppressing populations, in an effort to subdue the groundswell and divide the Free Syria Army (FSA). Concurrently, the Syrian government has sought to stir up sectarian violence within a country characterised by a hugely diverse cultural and religious mosaic, by supporting, funding, and arming Kurdish militants within its borders. Were Syria to descend into a full-blown civil war down sectarian lines, it would not only further destabilise the region and undermine the social movement, but also allow Assad to play the long-game until the 2014 ‘election’. The pre-designed outcome of which would almost certainly secure a further 14 years of the present regime, result in claims of legitimacy from Assad, and guarantee the further subjugation of the Syrian people. The final point raised in favour of intervention was in order to kerb the influx of Islamist groups into the country, who are currently seeking to exploit the security vacuum created by the last 19 months of conflict. Al Qaeda and other jihadist groups capitalised on similar situations in Iraq, with AQI witnessing a comeback in recent times, in Somalia, and more recently in Mali on the coattails of Tuareg nationalist rebels returning home after fighting for Gadhafi in Libya.

However, I do not wish to simply regurgitate the increasingly strong case for invention already made. Indeed my own stance on whether we should, or even could, intervene in Syria has chopped and changed over the last year and a half. I am familiar with many of the counter-arguments to intervention, including the militarisation of peace keeping, the risk of escalating violence further, perceived neo-colonist attitudes to world policing, the question of China and Russia, the danger of arming and supporting extremist groups, as well as the distinct geographical and demographical differences between Syria and any other conflict of the Arab Spring. However, with the death toll now over 30,000, I believe the time for negotiation, diplomacy, and debate alone has passed, and there is an increasing urgency for some form of decisive action to assist the people of Syria. In this vein, a number of options were proposed along the lines of funding, arming, and training of rebels, enforcing a no-fly zone and naval blockade in the region, or implementing an Arab lead international ‘peace-keeping’ force to secure a buffer zone for civilians along the Turkish border. At this point a few of the audience chimed in, advocating increased aid without military involvement. The naivety of this suggestion shocked me. Whilst the use, or threat, of military action should never be a casual, throw-away decision, and hopefully the last resort after all alternative avenues have been exhausted, we should not underestimate the nature of the beast and the reality of the situation we are dealing with here. This is a regime that detains and tortures children for daring to write anti-government graffiti or supply protestors with water, the likelihood of them nonchalantly permitting the flow of food, tents, and medicine through to the 1.5 million displaced citizens would be laughable, were the situation not so desperate.

Nonetheless, despite a purely humanitarian mission being wildly idealistic, I do admire the attempt at least to think further the polarised arguments presented or the common courses of action proposed. Indeed this made me reflect on what forms of alternative intervention, what differing strategies could be feasible, other than physical military engagement or diplomatic impotence. Specifically, what forms of intervention could minimise the regimes ability to slaughter it’s people, level the playing field between the Syrian army and the FSA rebels, reduce the necessity of international forces being deployed to Syria, whilst ensuring the Syrian people were masters of their own destiny. Today warfare, or indeed the mitigation of warfare, may not necessarily require the use of bullets and missiles or involve boots on the ground and jets in the sky, but instead could utilise ones and zeros and take the battlefield into cyberspace. While scholars, practitioners, and commentators disagree on Panetta’s alarmist assessment of a pending “cyber pearl harbor”, the utility of cyber weapons in modern conflict is not merely some matrix induced paranoia, but an empirical reality. In fact one of the most significant examples of how such cyber weapons have been utilised, actually unfolded in Syria five years ago. In 2007, the Israeli Air Force carpet bombed a nuclear facility on the outskirts of Dayr az-Zawr in North-East Syria, being built for Assad by the North Koreans. Significantly, the Syrian air defence system displayed a clear night sky when Israeli F15 and F16 fighter jets descended upon the site. Before any protection or retaliation was possible the mission was complete and jets had left Syrian airspace, no one could be rallied because instead of giving up the element of surprise the Israelis controlled what the Syrians saw by hacking their systems at Tall al-Abyad. How this was actually achieved remains debatable, however many believe it is likely that the Israeli attack was most likely preceded by a small ‘stealth’ unmanned aerial vehicle (UAV). This would not have shown up on the radar, but would have intentionally flown into the Syrian radar beam and used the same open-ended radio frequency to transmit computer packets back to the radar’s computer, from there the Israelis were able to infiltrate the entire Syrian network. The malfunction warning sidestepped, a loop of a clear sky was played leaving Syrian defences completely redundant. The US have a similar cyber weapon code-named Senior Suter.

Given that five years ago the Soviet built Syrian air defence systems were infiltrated relatively easily and with such dramatically successful results, I wonder what role such techniques may play in conflicts in the future? Whilst international standards, legal frameworks, appropriate terminology, and notions of attribution and accountability are still in their relative infancy and often rather ill defined – the utility of such code in, say, minimising atrocities and protecting civilian lives by crippling state defences, military capabilities, and communications, for example, is perhaps something which should be considered. The supplementing of traditional kinetic warfare with cyber-attacks, either during or prior to engagement, will continue to grow in regularity and effectiveness as technologies develop and the strategic application of such weapons is better understood.

Photo credit: Accretion Disc

Tagged Bashar al-Assad, cyber warfare, Dayr az-Zawr, Free Syria Army (FSA), Islamic Revolutionary Guards Corps (IRGC), Syria, Tall al-Abyad, unmanned aerial vehicle (UAV)

Share this post

About Henry Severs

Henry holds 1st (Hons) in Criminology & Social Policy from the University of Sheffield, further awarded the Vaughan Bevan Prize by the Faculty of Law. Currently a postgraduate of War Studies at King's College London, reading Terrorism, Security, & Society as a Stapley Trust Scholar. Primary focus includes; domestic counter-terrorism and security policy, geopolitical risk, and cyber-security. He acts as Development Manager for The Risky Shift. Explore his personal portfolio or follow Henry on Twitter.

View all posts by Henry Severs →

HenrySeversOctober 25, 2012 at 11:09 pmReply

NB: These were essentially my midnight musings, off the back of the UCL debate, and more a proposal of the future utility of cyber weapons as a conflict or war crime mitigation tool, than a critical assessment of the international community’s cyber arsenal. I intended to demonstrate how kinetic/cyber collaboration is likely to become increasingly common going forward. The scope to explore these issues comprehensively in a blog is inherently limited. Given this, I should point out the following points courtesy of my colleague, Daniel Moore, as to the technical difficulties inherent to a concentrated cyber-attack in Syria.
1.Syria has probably not been the focus of the US thus far, I are unlikely have all the necessary cyber assets in place for a concentrated cyber-attack eg. Precluded by precise intelligence, research into the deployment, C&C systems involvedetc.
2.As pointed out, most of the Syrian military infrastructure is Russian/Soviet and Chinese. Activating a cyber-attack against them will immediately allow the equipping nations to inoculate themselves against the specific attacks,consequently “burning out” what could have a been strategic asset.
3. Most of the cyber-attacks feasible are disruptive rather than destructive (which is much more difficult), thereby only providing the FSA with a limited window in which to act, and still against massive forces that don’t rely on computerized systems.

ordbakerOctober 26, 2012 at 10:54 amReply

Chaps, thoroughly enjoyed this debate so far!
After reading both arguments, I have a quick question for you two, (and of course anyone else for that matter), that I was pondering about (and still am truth be told!):
Do you think that, in the context of military intervention for humanitarian, and violence limitation, purposes, by using cyber weapons it could open a Pandora’s box? In the sense that, as these weapons and attacks are hard to attribute responsibility, it could lead to an escalation of international tension, using Syria as a proxy cyber battlefield (if such a thing exists!) for other nations to exercise their demons with one another?
Whereas using recognised national armed forces can more easily be monitored and attributed due responsibility, cyber weapons are virtually anonymous. Therefore a rogue action by either a state or non state actor, in the midst of declared cyber action by an individual or set of states, could cause a significant amount of damage to international relations, and potentially increase international hostility. Thoughts? Am I barking up the wrong tree?

dannymooreOctober 26, 2012 at 3:04 pmReply

ordbaker: On a general sense, I would have to say that Pandora’s box has already been opened with the Stuxnet incident, which has paved the way for the offensive use of limited cyber attacks as a viable, harmful act between nations that do not wish to engage in proper warfare with one another.
As I said before, I currently doubt cyber attacks of a serious scale being tossed around without specific purpose. Unless you are talking about relatively low-damage DDOS attacks that are in comparison fairly easy to do, I would imagine cyber weapons are considered a part of a nations strategic arsenal, and consequently will be saved for when they are needed to accompany more conventional military or intelligence ops.
I agree that attribution is a big concern, and theoretically an actor can even use this to his advantage by conducting a cyber attack against another actor or nation and blaming it on a third party. But while this can raise tensions, unless we’re talking about a seriously harmful attack (which again, would constitute burning a strategic asset), I don’t see this breeding on its own a new bout of conflicts.
And specifically: I don’t see Iran/North Korea/China attacking US/Israel/other western nations through a Syrian proxy, as that would be deemed non-credible. Syria’s cyber capabilities are reportedly not substantial.

HenrySeversOctober 26, 2012 at 3:39 pmReply

Owen. Thanks for your input, some great points here.
Yes I would certainly agree that the pendulum could indeed swing the other way, and far from mitigating conflicts, the utility of cyber means could escalate tensions further. However, I must say I don’t see Syria becoming a cyber-dojo for states to pit their abilities against one another. Mainly for the reasons articulated by Danny, that states are unlikely to demonstrate their full capabilities, play their best hand as it were, or ‘burn-out’ their cyber-arsenal (and thereby undermine their position) until a time when these may be actually necessary. This said, a don’t necessarily agree with Danny’s a Pandora Box scenario is a little alarmist, reminiscent of Panetta/Clarke’s analysis, I don’t envisage a cyber-armageddon anytime soon.
Also, as you’ve pointed out, attribution, or ‘cyber-forensics’ to use CYBERCOM’s phrasing, is still extremely problematic (despite Panetta’s claims), so identifying countries let alone pinpointing non-state actors colluding/endorsed by states is unlikely eg. “al-Qassam Cyber Fighters” claiming responsibility for cyber-attacks on US Bank, PNC, & Wells Fargo earlier this month for example, Iran financed or not? States already point the finger at one another on the international political stage, sometimes with little credibility or justification, this is unlikely to see relations deteriorate any further than they have already eg. US/Iran. In my opinion covert ops by clandestine groups/agencies are far more likely in the short-term, but also the combined use of kinetic/cyber combined strategies will continue to increase, irrespective of whether they are utilised in this particular conflict or not. My hopes are that the potential use of such means to mitigate conflicts, as well as assist them, does not go overlooked.

dannymooreOctober 26, 2012 at 3:59 pmReply

HenrySevers: I agree completely that the two most likely vectors for cyber-ops will continue to be covertly by agencies and overtly in conjunction with military operation. Just to clarify – I also agree that there probably won’t be a cyber-armageddon any time soon, or perhaps even at all. Pandora’s box has been opened in the sense that cyber attacks have been legitimized (in a sense) as a disruptive measure between nations or groups in conflict in the last few years, and we will almost definitely see an uptick in that in the future.

Matt WahnsiedlerNovember 7, 2012 at 12:07 amReply

While the possibilities for cyber are potentially very important, so are the limitations. Against forces for whom computer systems are of limited importance (ie, the Syrian Army), cyber can only have a limited effect. You might jam up C2/4 but that doesn’t stop AKs from firing, and it certainly doesn’t kill the people using them. Currently, cyber seems only useful as a smaller tool in its own right, used in support of bigger ones.
Furthermore, it isn’t clear what sustained cyber war might look like in the context of an actual war. Most of our examples have been brief (Syria, Georgia) or not taken place in open warfare (Stuxnet/Iran). Re Syria, there’s every reason to think there was considerable investment in and revision of their air defence network.

HenrySeversNovember 8, 2012 at 12:12 amReply

You are absolutely correct that there are limitations to it’s utility. These points were mentioned in the NB (1st comment in this thread). You are also correct that it’s use is a supportive one. This article makes no claims towards the replacement of traditional warfare, rather that cyber with run concurrent to kinetic warfare, indeed that is the closing line and one of the main points of this article. I do not agree however that ”computer systems are of limited importance” to Syria, indeed Assad has relatively sophisticated air defence and communication systems.
I fully appreciate that our understanding of what cyberwarfare may actually look like remains unclear at this stage, I acknowledge this in my closing paragraph. Yes the Syrian defences have indeed been gradually patched and upgraded since Operation Orchard, the issue of ”burn-out” is again is mentioned in the NB below. Thanks for your input

Matt WahnsiedlerNovember 8, 2012 at 1:47 pmReply

Hi Henry, apologies, missed your NB. I think my broader misunderstanding comes from this line: ‘Today warfare, or indeed the mitigation of warfare, may not necessarily require the use of bullets and missiles or involve boots on the ground and jets in the sky, but instead could utilise ones and zeros and take the battlefield into cyberspace.’ What I was getting at is that this may one day be true, but is not now (which you acknowledge) and that such cyber options that exist would do little or nothing to reduce Syrian military effectiveness in their operations against the FSA, which do not require air defence and could largely continue with a damaged communications system.
It’s an interesting point that cyber weapons are almost entirely useless against low-tech enemies, yet potentially devastating against modern forces.

8 Comments

HenrySeversOctober 25, 2012 at 11:09 pmReply

NB: These were essentially my midnight musings, off the back of the UCL debate, and more a proposal of the future utility of cyber weapons as a conflict or war crime mitigation tool, than a critical assessment of the international community’s cyber arsenal. I intended to demonstrate how kinetic/cyber collaboration is likely to become increasingly common going forward. The scope to explore these issues comprehensively in a blog is inherently limited. Given this, I should point out the following points courtesy of my colleague, Daniel Moore, as to the technical difficulties inherent to a concentrated cyber-attack in Syria.
1.Syria has probably not been the focus of the US thus far, I are unlikely have all the necessary cyber assets in place for a concentrated cyber-attack eg. Precluded by precise intelligence, research into the deployment, C&C systems involvedetc.
2.As pointed out, most of the Syrian military infrastructure is Russian/Soviet and Chinese. Activating a cyber-attack against them will immediately allow the equipping nations to inoculate themselves against the specific attacks,consequently “burning out” what could have a been strategic asset.
3. Most of the cyber-attacks feasible are disruptive rather than destructive (which is much more difficult), thereby only providing the FSA with a limited window in which to act, and still against massive forces that don’t rely on computerized systems.
ordbakerOctober 26, 2012 at 10:54 amReply

Chaps, thoroughly enjoyed this debate so far!
After reading both arguments, I have a quick question for you two, (and of course anyone else for that matter), that I was pondering about (and still am truth be told!):
Do you think that, in the context of military intervention for humanitarian, and violence limitation, purposes, by using cyber weapons it could open a Pandora’s box? In the sense that, as these weapons and attacks are hard to attribute responsibility, it could lead to an escalation of international tension, using Syria as a proxy cyber battlefield (if such a thing exists!) for other nations to exercise their demons with one another?
Whereas using recognised national armed forces can more easily be monitored and attributed due responsibility, cyber weapons are virtually anonymous. Therefore a rogue action by either a state or non state actor, in the midst of declared cyber action by an individual or set of states, could cause a significant amount of damage to international relations, and potentially increase international hostility. Thoughts? Am I barking up the wrong tree?
dannymooreOctober 26, 2012 at 3:04 pmReply

ordbaker: On a general sense, I would have to say that Pandora’s box has already been opened with the Stuxnet incident, which has paved the way for the offensive use of limited cyber attacks as a viable, harmful act between nations that do not wish to engage in proper warfare with one another.
As I said before, I currently doubt cyber attacks of a serious scale being tossed around without specific purpose. Unless you are talking about relatively low-damage DDOS attacks that are in comparison fairly easy to do, I would imagine cyber weapons are considered a part of a nations strategic arsenal, and consequently will be saved for when they are needed to accompany more conventional military or intelligence ops.
I agree that attribution is a big concern, and theoretically an actor can even use this to his advantage by conducting a cyber attack against another actor or nation and blaming it on a third party. But while this can raise tensions, unless we’re talking about a seriously harmful attack (which again, would constitute burning a strategic asset), I don’t see this breeding on its own a new bout of conflicts.
And specifically: I don’t see Iran/North Korea/China attacking US/Israel/other western nations through a Syrian proxy, as that would be deemed non-credible. Syria’s cyber capabilities are reportedly not substantial.
HenrySeversOctober 26, 2012 at 3:39 pmReply

Owen. Thanks for your input, some great points here.
Yes I would certainly agree that the pendulum could indeed swing the other way, and far from mitigating conflicts, the utility of cyber means could escalate tensions further. However, I must say I don’t see Syria becoming a cyber-dojo for states to pit their abilities against one another. Mainly for the reasons articulated by Danny, that states are unlikely to demonstrate their full capabilities, play their best hand as it were, or ‘burn-out’ their cyber-arsenal (and thereby undermine their position) until a time when these may be actually necessary. This said, a don’t necessarily agree with Danny’s a Pandora Box scenario is a little alarmist, reminiscent of Panetta/Clarke’s analysis, I don’t envisage a cyber-armageddon anytime soon.
Also, as you’ve pointed out, attribution, or ‘cyber-forensics’ to use CYBERCOM’s phrasing, is still extremely problematic (despite Panetta’s claims), so identifying countries let alone pinpointing non-state actors colluding/endorsed by states is unlikely eg. “al-Qassam Cyber Fighters” claiming responsibility for cyber-attacks on US Bank, PNC, & Wells Fargo earlier this month for example, Iran financed or not? States already point the finger at one another on the international political stage, sometimes with little credibility or justification, this is unlikely to see relations deteriorate any further than they have already eg. US/Iran. In my opinion covert ops by clandestine groups/agencies are far more likely in the short-term, but also the combined use of kinetic/cyber combined strategies will continue to increase, irrespective of whether they are utilised in this particular conflict or not. My hopes are that the potential use of such means to mitigate conflicts, as well as assist them, does not go overlooked.
dannymooreOctober 26, 2012 at 3:59 pmReply

HenrySevers: I agree completely that the two most likely vectors for cyber-ops will continue to be covertly by agencies and overtly in conjunction with military operation. Just to clarify – I also agree that there probably won’t be a cyber-armageddon any time soon, or perhaps even at all. Pandora’s box has been opened in the sense that cyber attacks have been legitimized (in a sense) as a disruptive measure between nations or groups in conflict in the last few years, and we will almost definitely see an uptick in that in the future.
Matt WahnsiedlerNovember 7, 2012 at 12:07 amReply

While the possibilities for cyber are potentially very important, so are the limitations. Against forces for whom computer systems are of limited importance (ie, the Syrian Army), cyber can only have a limited effect. You might jam up C2/4 but that doesn’t stop AKs from firing, and it certainly doesn’t kill the people using them. Currently, cyber seems only useful as a smaller tool in its own right, used in support of bigger ones.
Furthermore, it isn’t clear what sustained cyber war might look like in the context of an actual war. Most of our examples have been brief (Syria, Georgia) or not taken place in open warfare (Stuxnet/Iran). Re Syria, there’s every reason to think there was considerable investment in and revision of their air defence network.
- HenrySeversNovember 8, 2012 at 12:12 amReply
  
  You are absolutely correct that there are limitations to it’s utility. These points were mentioned in the NB (1st comment in this thread). You are also correct that it’s use is a supportive one. This article makes no claims towards the replacement of traditional warfare, rather that cyber with run concurrent to kinetic warfare, indeed that is the closing line and one of the main points of this article. I do not agree however that ”computer systems are of limited importance” to Syria, indeed Assad has relatively sophisticated air defence and communication systems.
  I fully appreciate that our understanding of what cyberwarfare may actually look like remains unclear at this stage, I acknowledge this in my closing paragraph. Yes the Syrian defences have indeed been gradually patched and upgraded since Operation Orchard, the issue of ”burn-out” is again is mentioned in the NB below. Thanks for your input
  - Matt WahnsiedlerNovember 8, 2012 at 1:47 pmReply
    
    Hi Henry, apologies, missed your NB. I think my broader misunderstanding comes from this line: ‘Today warfare, or indeed the mitigation of warfare, may not necessarily require the use of bullets and missiles or involve boots on the ground and jets in the sky, but instead could utilise ones and zeros and take the battlefield into cyberspace.’ What I was getting at is that this may one day be true, but is not now (which you acknowledge) and that such cyber options that exist would do little or nothing to reduce Syrian military effectiveness in their operations against the FSA, which do not require air defence and could largely continue with a damaged communications system.
    It’s an interesting point that cyber weapons are almost entirely useless against low-tech enemies, yet potentially devastating against modern forces.