Reshaping The Future Of War With Malware

As tensions rage beneath the Middle East cauldron, the expanded employment of cyber operations is preventing the region from boiling over. 

US Cyber Command's covert cyber operation against Iran, in response to the September attacks on oil facilities in Saudi Arabia, underscores the inclination of states to use cyber operations instead of armed force and points to broader strategic implications in the region. 

Conventional wisdom would suggest that scaled-up capabilities, growing competition, and the proliferation of malware across cyberspace presents a legitimate risk of escalation in state conflict, transcending the cyber domain toward the kinetic. However, recent history has shown that states have more often availed themselves of their offensive cyber arsenals to achieve surprisingly de-escalatory effects, according to the Atlantic Council think-tank.

Offensive cyber operations sit low on the escalation ladder, the figurative scale ranging from diplomatic engagement to all-out nuclear war, and provide states with means of signaling adversaries without using force, and potentially even deescalating tense or provocative situations.

 Through this lens, there is a case to be made for the responsible diffusion of malware as a tool of diplomacy and statecraft to de-escalate regional conflict. 

Cyber operations have served this exact de-escalatory purpose throughout recent tensions in the Persian Gulf. 
When a US Navy Carrier Strike Group was sent to the Persian Gulf in May  an Iranian threat to US assets was detected in the area, Washington signaled that it was prepared to meet potential Iranian aggression with airstrikes. 

US President tweeted that the United States was “locked & loaded,” alluding to a kinetic response option, but instead, the US deployed malware to neutralise the Iranian threat, while demonstrating that Tehran’s provocations would not go unchecked. 

The decision to prioritise cyber response options underscores Washington’s desire to cool things down and reassert its control by utilizing short-of-war tactics. A similar strategy is playing out on the eastern shores of the Mediterranean. While remaining largely out of the fray, Israel is closely monitoring tensions in the Persian Gulf. Israel, like the United States, remains chiefly concerned with breaking Tehran’s spreading influence and power in the region, but does not want to bear the risk of doing so alone. 

Israel’s Ministry of Defense recently reported to hav eased export control rules on certain malwareto allow Israeli companies to more quickly obtain exemptions for marketing to more countries than previously possible. Under the newly relaxed regulations, not only has the approval process been shortened to as few as four months, but also the Defense Ministry has indicated that the group of allowable buyers has expanded. Indications that Israeli spyware, software that enables users to surreptitiously reap information from another user’s hard drive, and other forms of malware are destined for purchase by Saudi Arabia and the United Arab Emirates have raised eyebrows amongst rights advocacy groups. 

While these human rights concerns over these malware exports are justifiable, the de-escalatory and even ethical role of offensive cyber operations cannot be ignored.

While kinetic options could escalate conflict and draw the ire of the international community, cyber operations can provide de-escalatory alternatives under challenging operational circumstances. Concerns over potential misuse of cyber tools to quash internal dissent and suppress democratic values are legitimate and should be taken seriously. So, too, should the ethical case for the responsible utilisation of these tools.

The de-escalatory and diplomatic effects offensive cyber operations can bring to bear make them legitimate tools of statecraft in navigating regional conflict. 

Atantic Council

You Might Also Read: 

Shockwave - A Global Transformation In Warfare:

 

« Fraud And The Dark Side Of AI
Hacking Skills Can Qualify You For A Top Cybersecurity Job »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

CyberSecurityJobsite.com

CyberSecurityJobsite.com

CyberSecurityJobsite.com is a specialist job board designed to attract candidates working within Cyber Security, Information Security or Information Assurance.

Infortec

Infortec

Infortec provide consultancy and solutions for the protection of digital information and the management of computer resources.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

Drumz

Drumz

Drumz plc is an investment company whose investing policy is to invest principally but not exclusively in the technology sector within Europe.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Vana Solutions

Vana Solutions

Vana Solutions is an Information Technology Services company. We help commercial & federal organizations select, adapt, and integrate the right technology solution so you can move faster.