Reshaping The Future Of War With Malware

As tensions rage beneath the Middle East cauldron, the expanded employment of cyber operations is preventing the region from boiling over. 

US Cyber Command's covert cyber operation against Iran, in response to the September attacks on oil facilities in Saudi Arabia, underscores the inclination of states to use cyber operations instead of armed force and points to broader strategic implications in the region. 

Conventional wisdom would suggest that scaled-up capabilities, growing competition, and the proliferation of malware across cyberspace presents a legitimate risk of escalation in state conflict, transcending the cyber domain toward the kinetic. However, recent history has shown that states have more often availed themselves of their offensive cyber arsenals to achieve surprisingly de-escalatory effects, according to the Atlantic Council think-tank.

Offensive cyber operations sit low on the escalation ladder, the figurative scale ranging from diplomatic engagement to all-out nuclear war, and provide states with means of signaling adversaries without using force, and potentially even deescalating tense or provocative situations.

 Through this lens, there is a case to be made for the responsible diffusion of malware as a tool of diplomacy and statecraft to de-escalate regional conflict. 

Cyber operations have served this exact de-escalatory purpose throughout recent tensions in the Persian Gulf. 
When a US Navy Carrier Strike Group was sent to the Persian Gulf in May  an Iranian threat to US assets was detected in the area, Washington signaled that it was prepared to meet potential Iranian aggression with airstrikes. 

US President tweeted that the United States was “locked & loaded,” alluding to a kinetic response option, but instead, the US deployed malware to neutralise the Iranian threat, while demonstrating that Tehran’s provocations would not go unchecked. 

The decision to prioritise cyber response options underscores Washington’s desire to cool things down and reassert its control by utilizing short-of-war tactics. A similar strategy is playing out on the eastern shores of the Mediterranean. While remaining largely out of the fray, Israel is closely monitoring tensions in the Persian Gulf. Israel, like the United States, remains chiefly concerned with breaking Tehran’s spreading influence and power in the region, but does not want to bear the risk of doing so alone. 

Israel’s Ministry of Defense recently reported to hav eased export control rules on certain malwareto allow Israeli companies to more quickly obtain exemptions for marketing to more countries than previously possible. Under the newly relaxed regulations, not only has the approval process been shortened to as few as four months, but also the Defense Ministry has indicated that the group of allowable buyers has expanded. Indications that Israeli spyware, software that enables users to surreptitiously reap information from another user’s hard drive, and other forms of malware are destined for purchase by Saudi Arabia and the United Arab Emirates have raised eyebrows amongst rights advocacy groups. 

While these human rights concerns over these malware exports are justifiable, the de-escalatory and even ethical role of offensive cyber operations cannot be ignored.

While kinetic options could escalate conflict and draw the ire of the international community, cyber operations can provide de-escalatory alternatives under challenging operational circumstances. Concerns over potential misuse of cyber tools to quash internal dissent and suppress democratic values are legitimate and should be taken seriously. So, too, should the ethical case for the responsible utilisation of these tools.

The de-escalatory and diplomatic effects offensive cyber operations can bring to bear make them legitimate tools of statecraft in navigating regional conflict. 

Atantic Council

You Might Also Read: 

Shockwave - A Global Transformation In Warfare:

 

« Fraud And The Dark Side Of AI
Hacking Skills Can Qualify You For A Top Cybersecurity Job »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Motiv ICT Security

Motiv ICT Security

Motiv is the ICT security specialist that provides public and private sector organisations with IT security solutions and services to prevent cybercrime, data theft and data breaches.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

Limes Security

Limes Security

Limes Security GmbH is the leading OT Security expert in the German-speaking region of Europe.