Cyber on the table for Syria's possible response to a U.S. missile strike?
As the world waits to see what the U.S. and its allies will do in response to Syria's purported chemical weapons attacks and much of the media mulls the repercussions of action versus doing nothing at all, the usual talking heads have started their inevitable riff on the usual cyberconflict hype playlist (attacks against the power grid and so on). In contrast to the relatively well-informed dialogue on most news channels regarding Syrian weapons systems and trade agreements with allies such as Russia, dialogue around how cyber may play a role seems to lack any sophistication or depth whatsoever. Since mainstream media is missing a trick here, it seemed like a good opportunity for a little more dialogue on the subject.
In 1999, a pair of Chinese PLA colonels published a book entitled "Unrestricted Warfare." The topic of the publication was to document ways in which a technologically inferior nation-state (such as China), may overcome its disadvantage through the use of unconventional warfare. In many ways, Unrestricted Warfare is a modern adaptation of the more subtle philosophies discussed in the Art of War. Methods discussed include economic warfare, terrorism, "lawfare" (a term for political activism aimed at causing legislative change) and electronic warfare.
Strategically speaking, in lieu of an ability to mount a conventional militarily response to action by the U.S., such an approach puts cyber front and center in terms of a viable response for Syria. Further to this, if we consider the political turmoil faced both in the U.S. and Britain as to how the world might respond to a chemical attack, consider the challenges and political collateral associated with similarly conceiving a proportionate response to a cyber-counter-offensive by Syria. I can't imagine that UN weapons inspectors have a great deal of experience attributing exploit payloads.
Thus far, most of what we know (in the public domain) about Syria's cyber capability is limited to the Syrian Electronic Army (SEA), who have been responsible for a handful of DDoS attacks, website defacements, and perhaps most notably, the compromise of an Associated Press's Twitter account, which was utilized to post misinformation regarding an act of terrorism that led to a $200 billion dip in the stock market.
Although many of the capabilities demonstrated by the SEA are far from those that we might expect from a state-level information operations program, there is currently very little evidence that the SEA is any way representative of the cyber muscle that Syria may be able to bring to bear if sufficiently provoked. Further to this, it is almost impossible to fully account for the cyber technology transfers that may occur, if Syrian sympathizers such as Iran elect to come to Syria's aid in the event of a US or allied military strike.
Although a successful offensive against the U.S. media's favorite cyber warfare target (the power grid) is extremely unlikely, if nothing else, the SEA was able to undeniably prove the viability, potential effectiveness and their ability to couple two of the key principals discussed in the Chinese colonels publication: electronic and economic warfare. While I find it unlikely that Syria is sufficiently prepared to affect a cyber counteroffensive of any significance by itself, unlike arms transfers in the kinetic warfare domain. Allies and groups sympathizing with the Syrians could likely prove a significant force multiplier, without drawing the attention that conventional military assistance may result in, possibly making such a strategy an even more attractive option for the Syrian regime.
Should a cyber-orientated cyber offensive occur, Syria may very well attempt to cast the same uncertainty and doubt on who is behind the attack, which they have rather successfully applied to the reported chemical weapons attacks. The media response, public outrage, and political circus that would likely follow would unlikely put an end to their troubles, but may throw a curve ball that few are prepared to fully address.
Tom Parker is CTO at FusionX