The pending U.S. military strike on Syria seems the ideal opportunity to launch a sophisticated cyberattack. President Barack Obama's administration wants to shoot from a distance, keep American casualties near zero, and degrade the Assad regime's command-and-control systems to the point that the regime cannot launch any more chemical attacks against rebel forces and civilians. The United States could do that with a digital strike on Syria's telecommunications systems, its electrical grid, or other critical infrastructures the regime needs to stay alive.
But don't bet on it. The United States and its allies will almost certainly use some form of electronic warfare to jam Syria's military radar or confuse its air-traffic control systems. They'll continue to snoop on the communications of Syrian President Bashar al-Assad's regime. But tempted though the U.S. military may be to flex its cybermuscle, there are a number of reasons that a major cyberstrike would do more harm than good, experts say.
For starters, the big, obvious target is essentially off-limits. The Syrian regime relies heavily on Syria's public telecommunications system for its command and control. Government leaders and military commanders are communicating with each other and their supporters via cell phones and Facebook, says Rafal Rohozinski, the CEO of SecDev Group, which monitors communications activity in Syria.
The problem is, the rebels are using the same systems. There are half a million more Internet and cell-phone subscribers in Syria today than there were in 2011, says Rohozinski, whose group helps supply communications technology to anti-Assad forces. The Android phone comprises 40 percent of the market today compared with 10 percent two years ago. SecDev Group has also tracked a significant increase in the use of data encryption and secure communications technology by rebels.
There is no easy way to target only government users of the telecommunications system and keep the civilians online. Everyone is using it at the same time.
And keeping access open to the rebels is precisely what the Obama administration wants to do. The State Department and other government agencies have funded several technology companies and nonprofit organizations that design technology meant to circumvent government surveillance. They've made encryption technologies available for download to Syrian rebel groups. In 2012, the State Department also funded a conference that brought together rebels with the makers of that circumvention technology.
The rebels depend on ubiquitous, easy-to-use, and relatively cheap technology. Why would the United States cut them off from that technology by taking out the Syrian Internet or turning off the electricity? That would only make it harder for the rebels to organize and plan attacks. And presumably, that's what the United States wants them to do after the U.S. military weakens Syrian forces with missile attacks.
Syrians are also using cell phones and social media to organize clinics for treating the wounded and responding to government attacks. "They're the ones who would be most affected by an outage in the system," Rohozinski says. Civilians use the Internet every day to figure out when it's safe to leave their homes. "Is the taking down of the telecom system going to have a greater or lesser impact on the civilian side?" Rohozinski asks. That's a calculation U.S. national security officials have to make before any cyberattack.
The United States could craft a more targeted cyberweapon aimed at disrupting government-only systems, such as military networks or non-public communications channels. And those may prove to be soft targets. In an interview with the Washington Post, a hacktivist who supports the rebels' cause and goes by the name "Oliver Tucket" said the Syrian government's systems are poorly defended and easily manipulated. "They're not taking [security] seriously," Tucket told the Post, adding that the regime has "no idea what is going on in their network." Officials are using unencrypted email and even sent a message with the administrative password for a server domain that is associated with the government.
But electronic exploits are hard to come by, and the U.S. military may not want to use them in what will almost certainly be a narrow, low-stakes operation.