US unleashes cyber-attacks on ISIS
Beirut - The United States has declared cyberwar on the Islamic State (ISIS) in Syria and Iraq, the first known such attempt to cripple a military force in combat, ushering in a revolution in warfare that could transform the conflicts ripping the Middle East apart.
According to US Defense Secretary Ashton Carter and other military sources, the operations in Iraq being carried out by the US Cyber Command based at Fort Meade, Maryland, are focused on the Iraqi Army’s offensive to recapture Mosul. The Islamic State (ISIS) took over the northern city in June 2014 and it became the nerve centre of the Islamic caliphate ISIS proclaimed soon after.
The Middle East, where some of man’s first recorded battles were fought with spears, swords and clubs more than three millennia ago, has become a laboratory for conflict by computer, in which a country or military force can be paralysed without the other side firing a shot.
In this largely invisible conflict, military, industrial, financial, commercial and social infrastructure can be knocked out in seconds at the push of a computer key. In theory, crippling terrorist operations should not be a problem but ISIS has demonstrated considerable resilience. No details of the cyber-operations have been disclosed, which makes them difficult to assess, but the US Cyber Command, created in 2009, has infinitely greater resources than ISIS.
Carter, in his most explicit disclosure concerning the workings of the US Cyber Command and its $6.8 billion annual budget, on April 5th declared: “I have given Cyber Command its first wartime assignment.”
The objective is to disrupt and degrade ISIS’s command-and-control infrastructure in Mosul and surrounding regions for advancing Iraqi state forces to exploit. The first phase of the offensive to recapture Mosul has only just begun and by all accounts, the reconstituted Iraqi Army — which collapsed under the stunning ISIS onslaught of 2014 — will need all the help it can get to succeed.
US sources said Fort Meade operations began in December following ISIS attacks in France and California. The cyber-operations, along with 85 US air strikes, played an important role in rebel forces seizing the strategic northern Syrian town of Shaddadi and adjoining oil fields from ISIS in a four-day battle in February.
The US move appears to be part of an effort to intensify military and intelligence operations against ISIS, without having to commit large numbers of ground forces, despite the fact that the long-time US policy of minimising military involvement has allowed organisations such as ISIS to flourish.
But cyber-warfare, still largely in its infancy, could change the equation. Similar US cyber-operations are being carried out against ISIS in neighbouring Syria, in conjunction with intensified operations by recently expanded US special operations forces. The main target there is recapturing the city of Raqqa, de facto capital of the ISIS caliphate.
Carter has said the Syrian operations are designed to “cause them to lose confidence in their networks, to overload their networks so they can’t function and to do all of these things that will interrupt their ability to command and control forces there, control the population and the economy”.
There is another objective: To impede and possibly prevent threatened ISIS cyber-attacks on the West while the group is under mounting military pressure in Syria and Iraq.
John Carlin, the US assistant attorney-general for national security, told a Washington cyber-security conference on March 31st that ISIS was moving closer to a capability to unleash “cyber-jihad” on the United States and presumably its allies as well.
With the carnage of the ISIS attacks in Brussels still producing shock waves, Carlin declared: “You need to prepare because it’s going to come… We’re in a race against time.”
Carlin acknowledged that ISIS was not yet believed to be capable of unleashing “sophisticated electronic offensives” on a destructive scale against Western economic and military infrastructure. “If they had the capability, they’d use it,” he said.
But the United States says the jihadists are striving to acquire that capability and noted ISIS’s “strategic success” in using social media as a highly successful recruiting tool through “Madison Avenue-quality” propaganda.
Iran is also seen as a threat. Indeed, the opening digital salvo was unleashed at 4.31pm on June 22, 2009, by the United States and Israel against Tehran’s nuclear programme using a computer virus known as Stuxnet. It sabotaged cascades of centrifuges that enrich uranium, the core of the nuclear process, supposedly setting back the Iranian programme at least 18 months.
In April 2012, Iran’s National Oil Company was targeted with an even more virulent virus known as W32. Flame. On August 15th, Iran retaliated by hitting Aramco, Saudi Arabia’s state oil monopoly and the world’s biggest oil company, with a virus known as Shamoon that knocked out 30,000 desktop computers.
There was a simultaneous attack on RasGas, a joint venture between ExxonMobil and state-owned Qatar Petroleum in the neighbouring gas-rich emirate of Qatar.
This exchange and attacks that followed demonstrated just how vulnerable the Middle East’s oil industry was to potentially crippling cyber-attacks. The global effect of such an eventuality may have lessened but the threat remains potent.
Iran is considered one of the main regional powers with cyberwar capabilities. Tehran has reportedly invested in excess of $1 billion in cyber-infrastructure and technology and to have recruited 100,000 personnel for the effort.
In 2012, Iranian Supreme Leader Ayatollah Ali Khamenei established the Supreme Council on Cyberspace to accelerate the Islamic Republic’s cyberwar capabilities, using technology obtained from China.
“Iran’s cyber-programme was designed from the outset to be offensive and proactive in nature,” said Iranian-American political scientist Majid Rafizadeh of Harvard. “But it is advancing at a pace that needs to be addressed adequately by regional and global powers.
“From Khamenei’s perspective, the future of Iran’s cyber-programme is a matter of national security. Iranian leaders can accomplish several objectives by advancing their cyber-warfare capabilities… Iran needs the advanced cyber-programme to protect its nuclear sites in case of foreign cyber-attacks.
“In the new age of globalisation, the Islamic Republic is adapting fast to the modern cyber-technology to complement its… military prowess in order to achieve its regional hegemony and ideological ambitions,” Rafizadeh observed.