MICHAEL YOUNG
The political use of cyber tools is a powerful accelerator of geopolitical confrontation. The past few years have witnessed a cyber awakening in the Middle East that has been overlooked for too long. Existing political tensions and conflicts in the region have gained an additional arena allowing for a much more rapid escalation. The Qatar crisis in June 2017 provided a glimpse of how the pursuit of expansive geopolitical ambitions by means of targeted cyber attacks could generate conflict and trigger political landslides in no time at all.
Combining considerable disruptive potential and quick deployment at low political and economic cost, cyber attacks work nicely for actors who pursue an expansive geopolitical strategy with limited resources and seek to wreak havoc cheaply, quickly, globally, and with high impact.
Cyber geopolitics will in particular shape the relationship between Iran and its neighbors. Since the 2010 Stuxnet operation that exposed Iran’s vulnerability to foreign interference via cyberspace, both Iran and the Middle East and North Africa’s most seasoned cyber actor, Israel, have built and consolidated their gains as full-fledged cyber powers. Others in the region are trying to catch up. Among the immediate destabilizing effects is the impact Iranian cyber prowess could have on the Joint Comprehensive Plan of Action, the nuclear deal with Iran, and Tehran’s relations with global and regional powers.
Cyber warfare has provided Middle Eastern states with espionage and offensive capabilities that were often otherwise unavailable to them in traditional, offline domains.
The military and political strategies perfected in the region translated aptly into cyberspace. State and non-state actors that understood asymmetric warfare were the first to engage in cyber operations, namely Iran, Hamas, and Israel. Eventually, others caught on. For example, recently hackers for hire have targeted Qatar’s critics and regional adversaries. Five years ago, Lebanon was beholden to shady European companies that charged hundreds of thousands of dollars for hacking tools. Now, these same security services are using inexpensive spyware developed for criminals in order to put more people under surveillance at less cost.
It did not take long to witness the repercussions of the democratization of hacking. The manipulation of the Qatar News Agency prompted a cycle of retaliation that started with the weaponized leaks of emails sent and received by the Emirati ambassador to the United States, and quickly transcended cyberspace into economic and political subversion.
Experts often lament how much more costly it is to defend networks than attack them. This difference is multiplied for the Middle East, where countries will continue to invest in offensive capabilities that might provide a deterrent, rather than focus on the hard work of defense. Cyber capabilities have now become a necessity, so that if a state cannot defend against rivals, it nevertheless has to be able to hit back. Cyber warfare is the new normal in the Middle East.
Accessing, controlling, and manipulating information online now defines a permanent and expanding international battlefront. Countries in the Middle East have hacked each other, deployed malware as a tool of war, and interfered in each other’s communications networks. Unlike conventional battlefields, cyber warfare has the potential to alter the balance of power between countries with asymmetrical military capabilities. In Lebanon, for example, the recently revealed Dark Caracal, a largescale cyber espionage campaign operating out of the General Security building in Beirut, demonstrated that an actor with limited cyber security acumen had the ability to intercept personal and sensitive data from individuals in 21 countries, including government officials and military personnel.
As states such as Lebanon build mass surveillance infrastructure under the pretense of defending national security, few are implementing cyber security strategies that protect their own servers and networks and their citizens’ personal data. More than ever, because of the looming threat of cyber warfare, countries in the region must enact cyber security legislation, regulations, and policies that not only protect the integrity of their telecommunications, banking, and energy infrastructure, but also the digital rights of their citizens.
Hacking has become an important new piece in the political puzzle that is the Middle East. This ranges from its use in times of war—cyber warfare—to malicious activity during peacetime and the gray zone in between the two. High profile cyber attacks, such as the Stuxnet malware that targeted the Natanz nuclear facility in Iran in 2010 and the Saudi Aramco cyber incident in 2017, highlighted that hacking had reached the highest echelons of international security.
Meanwhile, it has also taken spycraft to new levels. In the blink of an eye an unprecedented amount of data can now be stolen that provide insight into the inner workings of governments and companies alike. Sometimes this information can be leaked to the public, and often it is used for political purposes. Importantly, this activity isn’t limited to politics abroad but extends to politics at home, as well. Dissidents, nongovernmental organizations, and opposition parties are as much of a target as other governments’ systems, and in some countries even more so.
No comments:
Post a Comment