How the US Could Cyber Attack Syria, Too

Image via the Navy

Over the weekend, President Obama announced that he would seek Congressional approval for a strike on Syria, and immediately began a “lobbying blitz” to bolster public and political support for intervention. But Obama needs no such approval from Congress for a cyber strike. And according to both Foreign Policy magazine and The Washington Free Beacon, some form of cyber attack on Syria will accompany a missile strike, if it isn’t happening already.

The relatively new US Cyber Command will be testing out new cyberwar capabilities, military sources told the Free Beacon, with Syrian targets including the “electronic command and control systems used by the Syrian military forces, air defense computers, and other military communications networks.”

Meanwhile, Foreign Policy speculates the military will “almost certainly” attack the Syrian military’s radar systems and air traffic control. FP also notes that the military could feasibly infiltrate the Syrian public telecommunications network and electricity grid, though it deems such measures unlikely, as the strike will be “limited” and the military will not want to give away their hand on a “a narrow, low-stakes operation.”

Micah Zenko, a national security expert and fellow at the Council on Foreign Relations told Foreign Policy that “cyberattacks in Syria will be used in ways that haven’t been used in previous wars,” and to “not utilize [cybercapabilities] would be really foolish” as it “would be like fighting with one hand behind our back.”

In a House Armed Services Committee hearing in March, the director of the National Security Agency and Commander of US Cyber Command General Keith B. Alexander told congress “our [cyber] offense is the best in the world.” According to documents from Edward Snowden published by The Washington Post last week, the US conducted 231 cyber offensive operations in 2011. It’s highly likely US undertook more operations in 2012 and 2013 though they probably won’t admit it for another couple of years.

According to “Oliver Tucket,” described by The Washington Post as a “shy, earnest, clean-cut young professional of about 30” that hacked a couple of government servers two months ago, Syria’s cyber defenses are surprisingly weak. An Algerian hacker who appears to be part of the Anonymous collective hacked Syria’s telecommunications Facebook page this morning.

So how exactly could the US military hack Syria?

As the Free Beacon suggests, attacking Syria’s infrastructure—be it the electricity grid, military radar, telecommunications, Internet, water pipes, petroleum and oil refineries, or even heavy industry—is within the realm of possibility, considering official sources say the United States has the technological prowess to do so.

Three years ago, the Stuxnet virus—confirmed to be co-written by Israel and the United States​ by the The New York Times—physically assaulted Iran’s nuclear program. The worm shut down automatic systems (and hid that it was doing this so workers wouldn’t notice) on centrifuges suspected of enriching uranium, effectively destroying the centrifuges in the process.

Stuxnet was able to do this because it was specifically designed to target the supervisory control and data acquisition (SCADA) system used by the Iranian nuclear facility. SCADAs are notoriously vulnerable, but they are still used for everything from energy distribution and communication to airport operations and the air conditioning in private buildings.

Now that Syria disconnected its power grid from Egypt, Turkey and Jordan, it relies on Iran to import power—and is therefore feasibly vulnerable to a cyber attack. Syria’s oil refineries and pipelines, one of the most important pieces of Syria’s economy, could similarly be potential targets. Again, the experts contacted by Foreign Policy state that such an attack is unlikely, given the low level of involvement the US hopes to maintain in the conflict. 

Motherboard reached out to the NSA and the Defense Department last week, but was unable to get a response on the record regarding a cyber strike on Syria.

This less-publicized element of the US’s offensive on Syria is worth keeping tabs on, especially since the bulk of our media coverage and national discussion is preoccupied with the specter of physical missile strikes. In the future, after all, such cyber attacks will likely play an increasingly central role in similar interventions. Even now, it begs the question: If our cyber war capabilities are as good as the NSA says, why risk a controversial and violent missile strike if we could bring Syria’s war machine down from the inside?