Reshaping The Future Of War With Malware

As tensions rage beneath the Middle East cauldron, the expanded employment of cyber operations is preventing the region from boiling over. 

US Cyber Command's covert cyber operation against Iran, in response to the September attacks on oil facilities in Saudi Arabia, underscores the inclination of states to use cyber operations instead of armed force and points to broader strategic implications in the region. 

Conventional wisdom would suggest that scaled-up capabilities, growing competition, and the proliferation of malware across cyberspace presents a legitimate risk of escalation in state conflict, transcending the cyber domain toward the kinetic. However, recent history has shown that states have more often availed themselves of their offensive cyber arsenals to achieve surprisingly de-escalatory effects, according to the Atlantic Council think-tank.

Offensive cyber operations sit low on the escalation ladder, the figurative scale ranging from diplomatic engagement to all-out nuclear war, and provide states with means of signaling adversaries without using force, and potentially even deescalating tense or provocative situations.

 Through this lens, there is a case to be made for the responsible diffusion of malware as a tool of diplomacy and statecraft to de-escalate regional conflict. 

Cyber operations have served this exact de-escalatory purpose throughout recent tensions in the Persian Gulf. 
When a US Navy Carrier Strike Group was sent to the Persian Gulf in May  an Iranian threat to US assets was detected in the area, Washington signaled that it was prepared to meet potential Iranian aggression with airstrikes. 

US President tweeted that the United States was “locked & loaded,” alluding to a kinetic response option, but instead, the US deployed malware to neutralise the Iranian threat, while demonstrating that Tehran’s provocations would not go unchecked. 

The decision to prioritise cyber response options underscores Washington’s desire to cool things down and reassert its control by utilizing short-of-war tactics. A similar strategy is playing out on the eastern shores of the Mediterranean. While remaining largely out of the fray, Israel is closely monitoring tensions in the Persian Gulf. Israel, like the United States, remains chiefly concerned with breaking Tehran’s spreading influence and power in the region, but does not want to bear the risk of doing so alone. 

Israel’s Ministry of Defense recently reported to hav eased export control rules on certain malwareto allow Israeli companies to more quickly obtain exemptions for marketing to more countries than previously possible. Under the newly relaxed regulations, not only has the approval process been shortened to as few as four months, but also the Defense Ministry has indicated that the group of allowable buyers has expanded. Indications that Israeli spyware, software that enables users to surreptitiously reap information from another user’s hard drive, and other forms of malware are destined for purchase by Saudi Arabia and the United Arab Emirates have raised eyebrows amongst rights advocacy groups. 

While these human rights concerns over these malware exports are justifiable, the de-escalatory and even ethical role of offensive cyber operations cannot be ignored.

While kinetic options could escalate conflict and draw the ire of the international community, cyber operations can provide de-escalatory alternatives under challenging operational circumstances. Concerns over potential misuse of cyber tools to quash internal dissent and suppress democratic values are legitimate and should be taken seriously. So, too, should the ethical case for the responsible utilisation of these tools.

The de-escalatory and diplomatic effects offensive cyber operations can bring to bear make them legitimate tools of statecraft in navigating regional conflict. 

Atantic Council

You Might Also Read: 

Shockwave - A Global Transformation In Warfare:

 

« Fraud And The Dark Side Of AI
Hacking Skills Can Qualify You For A Top Cybersecurity Job »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

SECURITYMADEIN.LU

SECURITYMADEIN.LU

SECURITYMADEIN.LU is the main online source for cyber security in Luxembourg providing news, information and a toolbox of cyber security solutions.

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Nihon Cyber Defense

Nihon Cyber Defense

Nihon Cyber Defence’s mission is to provide robust solutions, services and support to governments, corporates and organisations in order to protect them from all forms of cyber warfare.

PiiQ Risk

PiiQ Risk

PiiQ Risk is the leader in social media risk analytics and scoring, delivering the only SaaS based social media intelligence and risk platform in the market.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.

Willyama Services

Willyama Services

Willyama Services is a certified Information Technology and Cybersecurity professional services business providing services to government and private sector clients.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.

Oxygen Technologies

Oxygen Technologies

Oxygen Technologies is a business systems strategy and integration company offering a variety of solutions to give our clients ways to work smarter not harder.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.