Connect with us

Intelligence

Cyberspace: A Manmade Sphere for Wars

Published

on

Internet can be considered as one of the greatest achievements of humanity of the last century, which connected the entire world. It created a new space for connections, information and communications, as well as cooperation. Thus, it created also a new platform for conflicts which involved not only individuals but also states. The invention of the twentieth century, the internet, has become another sphere for international relations, and a new space for defensive and offensive policies for regulating and balancing those affairs. The space called cyberspace has become a platform for interactions not only between individuals, but also between states. The interactions on their side were not only developed in a positive manner, but were also transformed into attacks, which pose a real threat to the security of states. Thus, the following questions arise:

Can cyberspace be considered a new sphere for war? Can conflicts and offensive and defensive operations in cyberspace be considered a real war?

The aim of this article is to specify offensive and defensive actions occurring in cyberspace and to explain the differences and similarities between them and the classical approach to war present in other spheres: land, water, air, and space. Despite the overgrowth of offensive interactions in cyberspace and defensive strategies for enriching the cyber arsenal of states, military specialists have concerns over the reality of cyberwars in general. Parallels are drawn to show the similarities and differences between definitions and perceptions of war, and whether concepts from the classical approach can be transferred to describe wars in the cyber sphere.  This research puts cyberwars in line with other wars, thus analyzing their peculiarities, whilst Cyberspace is seen as another sphere for war and international relations in addition to the existing spheres of land, water, air, and space

Internet’s Two Sides of the Coin: From Good to Threat

The Internet that we use today, is based on the Transmission Control Protocol or just Internet Protocol commenced in 1973. The network became operational in January 1983. For the first two decades of its existence, it was the preserve of a technological, academic, and research elite. From the early 1990s, it began to percolate into mainstream society and is widely regarded as a General-Purpose Technology (GPT) without which modern society could not function.

Only half a century ago it was difficult to imagine that human interactions would be developed in a manmade sphere, totally virtual and artificial. It must have been impossible to imagine that it would penetrate our lives so closely that it would cover everyday life, from communication and information sharing to purchasing products and regulating temperature at home.

Now internet has connected the entire world breaking the land borders which lined geographically differentiating the places people live. It substituted land borders with digital ones, making it possible to connect the entire world into one sphere.

With the start of the World Wide Web in 1993, the greatest accretion of communication came into existence. Since then, information being secret for a limited groups or organizations that were historically used for military purposes as an intellectual advantage, soon became available for masses.

Moreover, equal access to information for all, one of the ultimate achievements of humanity and one of the supreme advantages of the internet, has started to provide information not only for good will, having also provoked irregular warfare.

These chaotic interactions, which Garnett called “fourth generation warfare” (4GW), through networks would become a wave of social reactions and pressure that would provide an opportunity for an asymmetric warfare. The tendency is obviously dangerous since not only states possess these “digital” weapons but also non-state actors including terrorist networks. Basically, the Internet allows anyone to join digitally and to be a force or power that could have a significant impact on states’ policies.

The sphere were those actions take place with the usage or within the system of information and communication technologies is broadly named cyberspace and the actions that take place in this sphere get their terminology accordingly; cyber-attacks, cyberwar, etc… Though states have various definitions of a cyberspace and with the scope it covers, it is meant to be a non-physical Information and telecommunication technologies environment (ICT).The term cybersecurity has been emerging from the US since the mid-1990s, which later have become widely used in other countries and international organizations such as United Nations (UN), Organization for Security and Co-operation in Europe (OSCE), Organization for Economic Co-operation and Development(OECD), North-Atlantic Treaty Organization (NATO), the Council of Europe(CE), BRICS, Shanghai Cooperation Organization (SCO) and many others.

A cyber-attack is not an end in itself, but a powerful means to a wide variety of ends, from propaganda to espionage, from denial of services to the destruction of critical infrastructure.

From the prism of threat, they may cause, cyberattacks can be implemented using methods, such as malicious programs, that can penetrate systems of specific or not specified group of people or entities causing dysfunctions of computer operations, stealing personal information, phishing stealing passwords of the user as well as infecting computer systems to slow down specific processes, etc.  In current internet-run infrastructure a single penetration can be fatal for a society and become a threat for a state. A penetration into the command-control system of critical infrastructures, for example, can cut the supply of energy, change the chemical construction of water thus making it poisoned, etc. and the anonymity can stand as an advantage as cyberattacks are still not attributable through international humanitarian law. Moreover, in a cyber conflict, the terrestrial distance between adversaries can be irrelevant so cyber weapon can reach its target much beyond its borders.

The advance of technology made it possible to give room for clashes between States and non-states actors involved in operations in cyberspace. These clashes have become a real threat for international security. As compared with kinetic weapons that are relatively expensive to obtain, as well as possible to detect their origin, malicious programs are available to download or buy and even create if there is a good specialist of it: even a teenager can formulate it.

Therefore, it is becoming nearly impossible to patrol all the purchase and supply chain of the cyber arsenal. Malicious viruses or programs can penetrate various computer systems of public and private usage and cause dysfunctions, changing the primary command-control systems, slowing their base speed of operation and causing very costly problems for state security.

Per media reports, the group which rampaged through and besieged part of Mumbai in November 2008 made use of readily available cellular and satellite phones, as well as overhead imagery from Google Earth, to coordinate and plan their attack.

However, this invention is an issue of arguments among scientist from the prism of war definition.

Theoretical Dilemma of cyberwars and cyber reality

Despite different conflicts occurring in cyberspace between state and non- state actors, state-sponsored operations, and developments in international relations, military specialists argue about the exact definition of cyberspace, whether to evaluate it as real war or not, and as whether to count operations in cyberspace as a real war between parties involved.

Various conflicts in cyberspace including attacks of regular and irregular origin performing symmetric or asymmetric tactic, do not correspond with the classical approach of the war including only some or one or even missing any aspect of the war characterization. Despite of the current actions and bilateral, multilateral etc., agreements signed by states and international organizations, associations on the cybersecurity issues and despite of the threats the world overcomes or will overcome in cyberspace, theorists have certain disbelieves while defining or accepting cyberspace as a new sphere for wars as well as cyberwars as already occurring facts.

The issue is that there had not been a single verifiable case of cyber terrorism nor has there been any human casualty caused by cyber-attacks, giving grounds for disbelief.

Thomas Rid a specialist of war, is among those scientists and experts who see debates about cyber wars exaggerated, moreover, he expresses mistrusts related to cyberspace as a new space for war in a classical approach of war definition. He believes that “Cyber war has never happened in the past, it is not occurring on the present and it is highly unlikely that will disturb the future.”

The fact that computer and internet assisted attacked may penetrate the operating systems of targets stealing data or causing dysfunction of potentiality of operations Rid, however, in this respect differentiates between sabotage operations and direct physical harm.

Rid refers to Carl von Clausewitz, a nineteenth-century Prussian military theorist, who defines war according to three criteria, “First, all acts of war are violent or potentially violent. Second, an act of war is always instrumental: physical violence or the threat of force is a means to compel the enemy to accept the attacker’s will. Finally, to qualify as an act of war, an attack must have political goal or intention.”

Theoretical description of war through centuries might have changed its primary strategies and instruments, while his goal is always the same. Within this respect, it is important to observe this definition on a broad way: Of course, computer warm or virus cannot kill directly a person, like it could have a sword, but it can cut the energy supply of a hospital causing a chain of violence, or it can penetrate the command control of the Airplane system and change the direction of the plane or to cause and a catastrophe.

In contrary to classical approach of war, the reality of cyber war is supported by those who believe that cyber wars have already occurred, are occurring and will, possibly, continue to occur in future, thus cyber strategies must be implemented.

In July 2016, Allies reaffirmed NATO’s defensive mandate and recognized cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea.

Former U.S. President Obama speaking about cybersecurity mentioned:

“America’s economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property.  Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas”.

Thomas Reed, a former staffer on the US National Security Council argues that Cyber wars are even new. They occurred in past, in Cold War Era, and had devastating results. As an example, he mentions about the first ever cyber-attack- a massive pipeline explosion in the Soviet Union in June 1982, counting as the most violent cyber-attack ever. “According to Reed, a covert US operation used rigged software to engineer a massive explosion in the Urengoy-Surgut-Chelyabinsk pipeline, which connected Siberian natural gas fields to Europe. Reed claims that Central Intelligence Agency (CIA) managed to insert malicious code into the software that controlled the pipeline’s pumps and valves. The rigger valves supposedly resulted in an explosion that the US Air Force rated at three kilotons, equivalent to the force of a small nuclear device.”

Although, neither there is a factual evidence of accident being a cyber-attack confirmed or supported by the official U.S, nor there are any Soviet media reports from 1983 also confirming that Reed’s mentioned explosion took place. Though Soviet Union media regularly reported about accidents and pipeline explosions at the time. In case of cyber-attacks, it is not an easy task to investigate fully and in a short period of time. Forensic examination is needed which presupposes experts and conditions for objective examination. Under the condition of Cold war, the parties would hardly agree to do such an investigation which will reveal secrets about their technical capabilities and the real cause of the explosion. Incase Reed’s claims are true, then the massive violence it could have done would theoretically rank cyber weapons among extremely dangerous means and cyber wars would have been defined accordingly.

Another example that speaks about possible cyberattack that will “suit” to the description of war can be considered the 2008th cyberattacks on Georgian most prominent websites, including those of the country’s national bank and the Ministry of Foreign Affairs. In August 2008, in the period of the military conflict over South Ossetia, Georgian Government blamed the Kremlin, but Russia denied sponsoring the attackers, and later NATO investigation found no conclusive “proof” of who had carried them out. The fact that the “proof” is not found can illustrate two possible judgments: first, the attacker is technically equipped well enough so it is hard to distinguish him, second: the attack was not carried out by a potential suspect. However, the situation can be judged by the following viewpoint: you are innocent unless your guilt is proved. And because the anonymity is a priority in cyber wars, so it is highly efficient especially for states to use it in hybrid war strategies.

In cyberspace the sides, that are involved in the attacks or counterattacks can be distinguished only in two ways: first, by their own wish (which may occur rarely, or even impossible to happen especially when attacks are carried out by States rather than other subjects) or, according to the evidence. The last one is directly connected with the technical capabilities of an attacker as well as technical competences of an attacked side to be able to detect.

According to Oleg Demidov, a Cybersecurity expert at the Russian Centre for Policy studies (PIR Center), the overview of the NATO experts suspecting Russia in attacking Estonian infrastructure in 2007, Georgian government and private sector networks in 2008, and U.S. financial institutions and private companies in 2014 Spring, as not fundamental, because there was no practical evidence of the proof of the attacker, or lack of technical capabilities to be able to define the source of the attacker.

In his contribution “Global Internet Governance and International Security in The Field of ICT Use”, Demidov stresses high possibility and risk of an international conflict between nuclear-weapon states. As he mentioned;

 “In the event of lighting-fats cyber-attack that imitates the ‘signature’ of Russian perpetrators (for example, Cyrillic code fragments and other linguistic patters) and targets the infrastructure of NATO countries using servers in Russian territory, there is a risk of NATO military retaliation against Russia. In accordance with NATO doctrine, retaliatory measures may include the use of kinetic weapons and the involvement of all NATO members in a retaliatory strike”.

These two cyber incidents- the Georgian cyber-attacks and Estonian cyberattacks, are regarded by the U.S. and other Western nations as causes for great attention and much reflection.

Estonian cyber incidents were followed by the establishment of cyber strategies for national and system level for EU members and partners.

Particularly, in 2008, a year after the attacks, NATO set up the Cooperative Cyber Defense Centre of Excellence (CCD COE) in Tallinn. The military-defense usage of Information and Communication Technology (ICT) is one of the main purposes of the center. The center is technically equipped well enough to protect its members by providing technical support and human resource to protect internet infrastructure.

Another well-known and destructive cyber program that processed a worldwide discussion over the reality of cyber wars is the “Operation Olympic Games”, a large operation, that included the “development, testing, and use of malware against specific targets to collect information about the Iranian Nuclear program, as well as to sabotage it and slow it down as much as possible. It included such malware as Stuxnet, Duqu, Flame, and Guass (all of them targeting special operation for espionage and sabotage), active in between 2007-2013.The US presidential administration and Israeli secret services have been named as perpetrators.

Ex-head of the Foreign Relations Committee of Iran’s Supreme National Security Council Seyed Hossein Mousavian, in his “The Iranian Nuclear Crisis: memoir confirms Stuxnet as a malicious computer warm developed to target the computer system that control Iran’s huge enrichment plant at Natanz. Moreover, according to Mousavian, Ali Akbar Salehi, Iran’s Representative to the International Atomic Energy Organization (IAEA) at that time confirmed that Iran was experiencing espionage at its nuclear plants. According to the IAEA, there was a big decrease in the amount of the operating centrifuges caused by the Stuxnet with a vivid decline to more than 100 – from 4920 in May 2009 to 3772 in August 2010. Despite of the Fact that Ahmadinejad mentioned about the problems directly related to the computer software, installed by the spies to slow down centrifuge’s operation, nevertheless, Mousavian does not think that this could have cause a big problem and an obstacle for enriching the centrifuges.

In fact, Stuxnet did affect the nuclear enrichment system, and did make problems for Iran’s nuclear program. The computer worm was operating inside the system for quite a long time unnoticed, slowing down the operational capabilities of both experts and technical equipment. If we note the fact that it successfully slowed down the system’s operation, then we can conclude that operations reached a certain level much later then they could have without the worm Now that sanctions have hit Iran’s economy and forced it to make concessions, we can conclude that the situation would have been different if Stuxnet had not affected Iranian programs; Iran would have finished its program faster, before sanctions could devastate its economy. But since Iran discovered the problem much later and the whole process was slowly altered by the worm, we can see that Stuxnet led to a longer timeframe for enrichment, and subsequently longer terms for sanctions.

The action brought not only psychological damage, as would be named and labeled by Israel and U.S. specialist, but it brought also to economical, technical(human resources as well as technical capabilities) crises.

According to M. Sahakyan, an Armenian researcher.

“…sanctions were hard and maybe they were the main reason why Iran agreed to the Interim agreement. Though Iranian leaders like to mention that sanctions were not problem, but the Iranian economy had been effectively hit hard by these sanctions. Iranian economy mostly declined when EU member states imposed an oil embargo on Iran. China also reduced its average oil import levels from Iran in a disagreement on Iran’s nuclear program. The depreciation of Iranian Rial, reduction of oil exports and shortages of foreign currency created hard social-economic situation in Iran. So sanctions were hard and maybe they were the main reason why Iran agreed to the Interim agreement.”

It is evident that, not directly but indirectly cyber war may influence politics of a specific State. Today cyber-attacks can target political leadership, military systems, and average citizens anywhere in the world, during peacetime or war, with the added benefit of attacker anonymity.

Stuxnet influenced the Iranians’ centrifuges, causing them to overload an intelligence program. This is a new type of and reason for war. While the basic definition of war presupposes physical violence, Stuxnet presupposes a psychological intent. In addition to the technical harm it did, it also influenced the psychology of those who had encountered the undiscovered cyber worm. Regarding the first, undiscovered phase of the computer worm, imagine a specialist working on the program, who faced long-lasting technical problems, becoming filled with doubt towards their personal professional skills and also doubting the capability of Iran in general to develop its program. This is a new approach in the definition of war, as it dramatically shifts the choice of instruments that can cause harm to a State.

From Wars with Swords to Cyber Wars: State Security is Still a Priority

Nevertheless, the war in cyberspace is real, it has happened in the past, it is happening now and it will certainly happen in future.

The classical approach to war sees physical violence carried out by military operations. Cyberwar presupposes physical violence as well as bringing a new, psychological violence, which may cause no less harm.  Ideas and things important for state security have changed over the centuries, as have the instruments and measurements of security, but the problem of state security is still a priority. Maybe unexpected ships won’t attack from the sea, but cyber-attacks will come.

In past centuries, population size was an important issue for the state in maintaining its governance. It determined the size of the workforce and the size of the army, and the strength of armies was measured by the quantity of troops.

Centuries ago, a human, a good soldier was to aim to harm the opposing side. To conquer the army was to win the war. Afterwards, the period of weapons and technology began, and would enable opposing sides measure their technical and tactical capabilities to win. At that time, to mobilize technical capabilities was to conquer the army. Due to growing population and technological achievements, in addition to the number of troops, now the amount of military equipment is of much importance. A single-pilot jet may cause greater harm than 1000 troops on the same territory. Nowadays unmanned aircraft can jeopardize enemies’ strategic targets in specific cases even without any physical violence, because in a certain situation to harm a strategical unit even without causing physical violence from neither attaching side nor from the attacked still may have fatal result for the states being attacked.

In current stage, the military parades mostly demonstrating technical capability of a certain state, will alarm a possible harm while attack or attacking. Aside from the traditional military spheres like land, sea, and air (added later),an epoch of adding a new sphere, cyberspace, has begun, in which technical capabilities do no less harm than in a traditional war. One of the ultimate advantage of cyberwars is the anonymity of the attacker, which makes it a reasonable choice for state’s foreign policy.

In addition to the traditionally distinguished types of harm for a state security, cyberwar brings the conception of psychological trauma for the sates making it doubt its capabilities on a certain level. In the case of Stuxnet, the attack was “emotional” and technical.

The definition of the emotional damage through cyberwars was used to describe Russia’s so-called internet interference in 2016. “The New Yorker” expresses viewpoints of national-security officials who believed that those series of cyber hackings were directed to destabilize the conception of democracy in the States.

For many national-security officials, the e-mail hacks were part of a larger, and deeply troubling, picture: Putin’s desire to damage American confidence and to undermine the Western alliances—diplomatic, financial, and military—that have shaped the postwar world.

To technically dysfunction a system just causing a technical harm is a small incident, while targeting CI with technically destabilizing them already has grown into a political scandal.

In turn, cyberattack may cause harm on a specific target without involving other sides especially in case of state sponsored attacks, as it remains undiscovered for a while and the stereotypes and cliché of the traditional war definition will empower the attacker to have “excuses” for the attack. Cyberwars will become more dangerous, if not included and named as war and not struggled as traditional wars.

Cyber Arm race has started

Despite of the distrust and interpretation of cyberwars within the framework of classical approach of war, states are accelerating cyber arms race. This development has several political and strategic implications that pose the need to find specifically political answers. What is often forgotten or neglected is the increasing importance of understanding cyberspace as a political domain and cyber politics is needed more than ever before.

While experts are debating over the exact description and definition of cyberwar, States are enriching their State defensive arsenal with cyber equipment and technical staff for better governance in cyberspace, as well as regulations and doctrines that will define the strategy for the defensive and offensive operations for ICT threat.

In November 2011, the Department of Defense of the U.S. issued a report to Congress confirming, that it was ready to add cyberspace to sea, land, air, and space as the latest domain of warfare – the military would, if necessary, use force to protect the nation from cyberattacks. This statement shape the interactions in cyberspace on the same level with other spheres making them equally important and in case of need, changeable and cooperative.

By this, next to the traditional war spheres: ground, sea, air, space, a new battlefield-the cyberspace is differentiated.

With the technological developments, nearly every aspect of our lives is technically run, so it becomes very sensitive to any cyberattack, since any non-functioning in a technical field may cause human harm, economic harm, and be a serious problem for the entire National security.  In this regard, the former Secretary of Homeland Security of the U.S.Jeh Johnson at The White House Cybersecurity Framework Event on February 12, 2014, specifying the seriousness of the cyberattacks on electrical substations specifically, mentioned:

“What the public needs to understand is that today the disruption of a critical public service like an electrical substation need not occur with guns and knives. A cyberattack could cause similar, and in some cases far greater, damage by taking several facilities offline simultaneously, and potentially leaving millions of Americans in the dark”.

The focus was on the electrical substations but it may refer to other sectors too: telecommunication, hospitals, libraries and federal departments courts and prisons. Any entity, that is functioning with technology may be in a real attack risk.

The technological developments of the last century bring the automated industrial control systems as well as most Critical Infrastructure (CI), the list of which may vary from state to state but have similarities, under possible cyber-attack which may be fatal for national defense. The range of facilities on the list of CIsmay include but not limited to nuclear industry, electricity, telecommunication, water supply, transport system on ground, sea and air, governmental buildings and their communication facilities, the financial and banking system, healthcare and defensive facilities etc. In 2017, the USA Department of Homeland security announced about its decision to include also election infrastructures into the list of Critically Important infrastructure for the State.

The cyber- defensive policy of states becomes an urgent issue and States are engaged in implementing special cybersecurity projects on national level to defend the CI of their countries.

Many states, for instance the U.S., Russia, China, Germany, UK, France etc. are enriching their cyber arsenals and developing cyber security system for defensive operations for their countries. Not only states are engaged in national mechanisms but they also are involved in developing global cooperative platforms for better and clean cyber environment of the World. Specifically, it would be interesting to mention U.S. Russia, China cyber triangle and their input of cyberspace as a significant priority for a State development and Security. The countries are involved in various discussions and cooperation agreements to maintain cooperation and peace in cyberspace globally. Despite of ideological differences in cyberspace and the attitudes of maintaining the policy for it, however these three cyber powers found a common ground for mutual understanding and possible fundamental cooperation. United Nations (UN) Governmental Group of Experts is one of the examples of that which is currently the only platform that has united the U.S. Russia, and China with commonly acceptable norms and suggestions. Since the scope of interests in cyberspace includes all groupings of society including governmental and federal entities private and public sectors as well as common citizens on a national level, private supra-powers regulation beyond borders and being responsible for larger audiences, there is an urgent need to focus on cooperation and establishment of fundamental rights in cyberspace as well as mechanism to establish security in this sphere.

Conclusion

Can a cyber-attack pose a serious threat to national security?

With the clear majority of undergone, ongoing and possible cyberattacks and with the current defensive strategy of the states, the cyberwar is nothing than a real threat for states’ national security as well as private sector. It enflames not only regular warfare which can cause as much harm as it is assumed to have by traditional approach of the war, it may also provoke irregular warfare with the privilege of the equal information access and anonymity.  The technological invention of twentieth century may considered to be a disaster along with such scientific invention as atomic energy. It may give a good, but it may harm severely.

The difficulty of cyberwar falls also on the lack of common norms and definitions as well as specifically composed legislation equally acceptable for all states for peaceful and collaborative regulations of problematic issues on this field.

I do believe that cooperation on this issue is of great importance. Joint legislation, understanding and definition of conceptual ideas, common cooperative grounds will bring to a better and secure life, eliminating or declining the possibility of occurring private or non-state organizational subjects to be involved in irregular warfare destabilizing the peaceful cooperation of states and people on internet sphere for a good and productive will.  The classical approach of war definition should be able to include a new sphere of violence before a certain violence occurs rather than defining right after it occurs, as mostly happens in historical approach. Aside from the traditional military spheres like land, sea, and air (added later),an epoch of adding a new sphere, cyberspace, has begun, in which technical capabilities do no less harm than in a traditional war.

Cybersecurity is an urgent, necessary strategy, which will lead to a secure sphere for cooperation, free and secure access to and sharing of information, and, due to its technical capabilities, to a more comfortable and economically developed way of life.

While Cybersecurity is an issue for the whole world, strategies for the development of cybersecurity may vary from state to state, in some cases occurring a national level, while in others limited to certain federal entities.

I believe that Cyberspace is very much like the environment; it is a digital environment, and just as a virus that penetrates a certain country is spread worldwide if not stopped, so is a computer virus. Just as pollution in one part of the world pollutes air or water that we all share, a cyberattack may cause a global problem. Networking, sharing information, and a global security approach are musts for a safe and productive global cyber environment and maintenance of all roads for better digital development for the sake of humanity.

(*) This essay adapted from the article Cyberspace – A Manmade Sphere for Wars, (21-st Century, N.1, 2017, pp.42-58). Used by permission. All rights reserved.

Intelligence

ISIS-K, Talc, Lithium and the narrative of ongoing jihadi terrorism in Afghanistan

Published

on

Terrorism

Chinese and Russian efforts are underway to strengthen the Taliban government economically and militarily, along with legitimacy and international recognition. In return, Pakistan is trying to disrupt the Taliban government’s relations with Iran and Tajikistan, as well as with China and Russia. Subsequent to the fall of the previous republican government, following Russia and China, Iran is a major supporter of the Taliban.

Iran plays a significant role in a new intelligence surge launched by major regional players in Afghanistan, which includes ISIS-K campaign against the Taliban government in country. Although Taliban have been able to crush, ISIS-K in several provinces of Afghanistan, but the group was able to mobilize a bunch of other terrorist organizations such as Turkistan Islamic Party, Khetabat Iman Ul Bekhari, Khetabat ultauhied Waljihad, Islamic Jihad Union, Jamaat Ansarullah and East Turkistan Islamic Movement, and The Army of Justice. According to sources on the ground, the group has also established contacts with the resistance front led by Ahmad Massoud to fight Taliban.

Seemingly, the group joined forces with the Resistance Front in northern part of the country to downfall the Taliban particularly in northern Afghanistan.  In addition to defeating the Taliban in the central and southern provinces of Afghanistan, the group has started a sectarian war between the Sunnis and Shiites, which has partly soured relations between the Afghan Taliban and Iran. The group had the support of Pakistan as well as other regional countries and beyond.  Furthermore, Lashkar-e-Taiba fighters entered Afghanistan with the help of the Pakistani army, joining the fight between Sunni and Shia in Afghanistan.  Efforts are underway to start a civil war in the country.  According to the information, ISIS militants have been mostly funded and financed by the Saudi government, as well as other Salafi Gulf States to minimize and even eradicate Shiites in the region.

In accordance with some sources, additional costs are being borne by the United States and Great Britain.  Beside all such financial support, Islamic State (ISIS-K) militants also obtain some funding and thrive through mining and establishing business firms throughout the region.

Let us say, Islamic State militants relatively control the oil reserves in Iraq and they illegally extract it, meantime they have hands on talc and other precious stones in Afghanistan to cover their propaganda campaign expenses. ISIS-K uses the same tactics applied by Taliban during the US occupation; Taliban began illegal mining in Afghanistan to finance their activities in order to wage the war against the US aggression.   During the Taliban’s resistance, Taliban fighters had also a strong financial support from Pakistan, and the Pakistani government accordingly received that financial sustenance from other countries namely western and the Arab world.  However, the Taliban forcibly mined Afghanistan’s lapis lazuli and smuggled it to Pakistan. Under the auspices of the Pakistani government, the gems were shipped to the United States and the European countries.  In return, the Taliban were paid in cash.  Likewise, the Taliban, ISIS chose the same path, and made the most of money via mining in Afghanistan.

Subsequently, the ISIS group has chosen Nangarhar province as its stronghold in Afghanistan, since it has mineral deposits of talc, chromite, marble and other precious and rare earth minerals in addition, the group is also trying to control smuggling routes, to launch cross border terrorism.

 Consequently, ISIS-K endeavors to bring Ghazni province under its control, since a huge Lithium, mine exists in the province. The group is well aware of its preciousness in the world market because the element is mainly used by automotive industries to produce batteries for electric cars.

The anti-corruption network of the former Afghan government reported that the Taliban and the Islamic State together received about 46 million in 2016 thru illegal mining from a single district of Nangarhar province. That is why ISIS has spent millions of dollars in Afghanistan because of holding its campaign and propaganda, allegedly, most of which came from mining.

Furthermore, district governors have been appointed by ISIS for Afghanistan’s 387 major districts, with a monthly salary of up to 80,000 Afghanis.  This is a huge financial burden for the Islamic State, but the Islamic State group’s representatives say that they stick to their words, so that everyone will be paid on time. The ISIS group needs a large amount of financial support to achieve its major goals, but the group is not overstrained financially, because it receives a chockfull financial support.

Conversely, Iran is trying to increase the number of Shiite orientated proxies in the world and especially in Afghanistan to eliminate ISIS-K in return; the Saudi and other Gulf Sates want to prevent it. Therefore, they use ISIS and other associates of the group to counter Iran’s ambitious trans-national agenda; ISIS-K takes advantage of having been provided with huge financial support by anti-Iran camp.

Iran has repeatedly tried to spread Shia religion around the world, most notably at Mustafa International School in Bamko, the capital of Mali in Africa.  There have been several attempts by the Iranian government to convert the students to Shi’ism, an issue that has become the topic of international debate supported by Saudi Arabia.  Finally, all of these events are currently having a direct and indirect impact on Afghanistan and the country’s ongoing security crisis, which will affect the entire region at the end.

Continue Reading

Intelligence

The means to manage cyberspace and the duty of security

Published

on

Over and above the ethical concepts regarding the near future, it is also good to focus on the present. Governments are required to protect their national resources and infrastructure against foreign and domestic threats, to safeguard the stability and centrality of human beings and political systems and to ensure modern services for civilians. Suffice it to recall the chaos that arose some time ago in the Lazio region for the well-known health issues.

Governments must play a key role in developing and leading the local ecosystems, but this national effort must involve many other stakeholders: local businesses, entrepreneurs, multinational companies, local and foreign investors, State agencies, Ministries and academics, people in education, professional institutions and the public at large.

Furthermore, cybersecurity is a national opportunity for developing the local economy and for positioning any country in the international arena as a safe place to establish and develop economic relations between States and companies. It is also important as a regional cyber hub.

Cyber strategy therefore consists in prioritising operational cyber activities with a view to optimising and monitoring the overdevelopment of cyber intelligence that could one day take such turns as to be ungovernable.

This is the reason why investment in technology, local capacity building and resource allocation and concentration are required. This means providing strategic advisory services to government agencies that are seeking to advance cyber security at a strategic and operational level.

It is therefore necessary to work with governments to develop their strategic and operational capabilities in cybersecurity, either at the national or sectoral level, as well as providing comprehensive cyber projects that combine cyber defence and the development of a local cyber ecosystem, based on the models tried and tested by various countries around the world, such as the People’s Republic of China, Israel, the United States of America, etc.

There is a need to specialise in setting up Cyber Units and Cyber Centres (SOC & Fusion Centres) and in developing Cyber Eco-Systems and Cyber Strategies. This means providing various cyber solutions, services and know-how to companies in various sectors, such as financial, industrial, energy, health, technology and many other sectors.

Stable OT (operational technology) security services and strategic advice to companies in the fields of energy, manufacturing, security, medicine, transport, critical infrastructure and many others create the prerequisites for defending cyberspace. As well as helping OT-based organisations integrate cybersecurity into their processes and products. Design, develop and deliver advanced technologies and solutions to protect critical assets in OT environments, such as ICS, SCADA, IIoT, PLC, etc.

In this regard there is a basic need for creating professional IT schools around the world that teach the meaning of cyberspace, and not just how to use Word and other simple Office programs.

The expansion and creation of universities and institutes of cyber knowledge is a starting point from which partnerships are launched with organisations seeking to create their own cyber schools or with academic or educational organisations offering cyber training to their students.

Providing comprehensive solutions for IT schools, enables the training of IT professionals and new recruits in all IT roles, so that hackers do not remain the sole repository of digital truth. Advanced training is a solid starting point for organisations seeking to train their IT professionals. Professionals who can manage and master schemes such as Cyber Defender, Cyber Warrior, Cyber Manager, SOC Analyst, Digital Forensics, Basic Training and many others, including through the use of simulation.

Leading the creation and development of the high-level cybersecurity ecosystem is a duty of States towards the citizens who elect their leaders. The same holds true for seeking and employing highly experienced experts in the various security subject matters, including strategic cyber defence, cyber warfare, cyber intelligence, cyber research and development and cyber strategy, as well as defining training policies for these branches of operation.

Having examined the prerequisites for protecting cyberspace, it is worth addressing the structure of some of the risks faced by institutional network systems.

One of the most typical operations made by hackers relates to the use of client/server technology to combine several computers as a platform to launch DDoS (Distributed Denial of Service) attacks against one or more targets, thus exponentially increasing damage.

A malicious user normally uses a stolen account to install the DDoS master programme on a computer. The master programme will communicate with a large number of agents at any given time and the agent programmes have been installed on many computers in the network. The agent launches an attack when it receives an instruction. Using client/server technology, the master control programme can activate hundreds of agent programmes in a matter of seconds.

A DDoS uses a group of controlled machines to launch an attack on a computer, be it server or client. It is so fast and hard to prevent that is therefore more destructive. If we consider that in the past network administrators could adopt the method of filtering IP addresses against DDoS, it becomes more difficult to prevent such actions today. How can measures be taken to respond effectively?

If the user is under attack, defence will be very limited. If there is a catastrophic attack with a large amount of traffic pouring onto the unprepared user, it will very likely that the network will be paralysed before the user can recover. Users, however, can still take the opportunity to seek defence.

Hackers usually launch attacks through many fake IP addresses. At that juncture, if users can distinguish which IPs are real and which are fake – and hence understand from which network segments these IPs come – they can ask the network administrator to change them. Firstly, the PCs should be turned off to try to eliminate the attack. If it is found that these IP addresses are coming from outside rather than from the company’s internal IP, a temporary investigation method can be used to filter these IP addresses on the server or router.

The solution would be to discover the route through which the attackers pass and block them. If hackers launch attacks from certain ports, users can block these ports to prevent intrusion. After the exit port is closed, all computers cannot access the Internet.

A more complex method consists in filtering the Internet Control Message Protocol (ICMP), a service protocol for packet networks transmitting information regarding malfunctioning, monitoring and control information or messages between the various components of a computer network. Although it cannot completely eliminate the intrusion during the attack, filtering the ICMP can effectively prevent the escalation of the aggression and can also reduce the level of constant damage to a certain extent.

The DDoS attack is the most common attack method used by hackers. Some conventional methods of dealing with it are listed below.

1. Filter all RFC1918 IP addresses. The RFC1918 IP address is the address of the internal network, such as 10.0.0.0, 192.168.0.0, 172.16.0.0, etc. These are not fixed IP addresses of a particular network segment, but confidential local IP addresses within the Internet, which should be filtered out. This method serves to filter out a large number of fake internal IPs during an attack, and can also mitigate DDoS attacks.

2. Use many PCs to resist hacker attacks. This is an ideal response phase, if the user has sufficient ability and resources to enable a defence against hackers who attack and continue to access and take over resources. Before the user is fatally attacked, the hacker has little means to control many PCs. This method requires considerable investment and most of the equipment is usually idle, which does not correspond to the actual functioning of the current network of small and medium-sized enterprises.

3. Make full use of network equipment to protect resources. The so-called network equipment refers to load balancing hardware and software such as routers and firewalls, which can effectively protect the network. When the network is attacked, the router is the first to fail, but the other devices have not yet collapsed. The failed router will return to normalcy after being restarted and will restart quickly without any loss. If other servers collapse, their data will be lost and restarting them is a lengthy process. In particular, a company uses load balancing equipment so that when a router is attacked and crashes, the other will work immediately. This minimizes DDoS attacks.  

4. Configure the firewall. The firewall itself can resist DDoS and other attacks. When an attack is discovered, it may be directed to certain sacrificial hosts, which are able to protect the actual host from the attack. The sacrificial hosts may obviously choose to redirect to unimportant hosts or to those having systems with fewer vulnerabilities than some operating systems and with excellent protection against attacks.

5. Filter unnecessary services and ports. Many tools can be used to filter out unnecessary services and ports, i.e. filter out fake IPs on the router. For example, Cisco’s CEF (Cisco Express Forwarding) can compare and filter out Source IP and Routing Table packets. Opening only service ports has become a common practice for many servers. For example, WWW servers open only 80 ports and close all the others or use a blocking strategy on the firewall.

6. Limit SYN/ICMP traffic. The user must configure the maximum SYN/ICMP traffic on the router to limit the maximum bandwidth that SYN/ICMP packets can occupy. Therefore, when there is a large amount of SYN/ICMP traffic exceeding the limit, this means it is not normal network access, but hacking. In the beginning, limiting SYN/ICMP traffic was the best way to prevent DDoS. Although the effect of this method on DDoS is currently not widely used, it can still play a certain role.

7. Scan regularly. Existing network master nodes should be scanned regularly, checked for security vulnerabilities and new vulnerabilities cleaned up promptly. Computers on backbone nodes are the best locations for hackers to use because they have higher bandwidth. It is therefore very important to strengthen the security of these hosts. Furthermore, all computers connected to the major nodes of the network are server-level computers. Hence regular scanning for vulnerabilities becomes even more important.

8. Check the source of the visitor. Use suitable software to check whether the visitor’s IP address is true. This should be done by reverse-searching the router: if it is fake, it will be blocked. As said above, many hacker attacks often use fake IP addresses to confuse users and it is hard to find out from where they come. Therefore, for example, the use of Unicast Reverse Path Forwarding can reduce the occurrence of fake IP addresses and help improve network security.

As seen above, we need experts who know more than hackers, and this is the duty that States and governments have towards their institutions, but primarily towards their citizens.

Continue Reading

Intelligence

The visit of the head of Israeli Mossad intelligence to Bahrain

Published

on

The visit of the UAE Foreign Minister, Sheikh Abdullah bin Zayed to Damascus on Tuesday, November 9, 2021 and the meeting with Syrian President Bashar Al-Assad, sparked a great controversy that began from the moment it was announced, which was highlighted by Western analyzes mainly from outside the region, that it comes for a (comprehensive Arab reassessment of the reality of the relationship with Syria and its importance in combating terrorism in the region, and the importance of the current Syrian reality in the calculations of Arab and Gulf national security, primarily towards Iran, and breaking the American “Caesar Law” towards imposing an economic blockade on Syria), and various analyzes and speculations about the future of these have increased. The Emirati step, its implications and dimensions in the Arab and Gulf relations towards the Syrian regime, and whether it represents one of the indicators of the transition to another new phase of political action towards opening up to Damascus, and the return of Syria to its regional and international role. Especially with the clarification of the “Emirati-Syrian coordination” some time before that visit to arrange the rapprochement between the two sides, which became clear by the announcement of the contact between the Crown Prince of Abu Dhabi (Sheikh Mohammed bin Zayed and President Bashar Al-Assad), as well as an official invitation to Syria to participate in the “International Expo Exhibition In Dubai” and then my meeting with the Syrian and Emirates oil ministers in Moscow.

    But what stopped me in that Emirates visit, was perhaps other events that were not addressed during those analyzes, which caught my attention analytically and academically, and the most different of them was (I was alerted by a foreign researcher during my commentary on the same analysis, that the Emirates move is mainly in the interest of Tehran the Iranian regime, not to stifle and besiege Iran in its areas of influence and its known role in Syria).  Despite the strangeness of this analysis, I occupied my mind with another matter to respond to it, regarding: (the significance of the visit of the head of the Israeli Mossad to Bahrain, and the visit of Emirates officials to Tel Aviv, and what is even clearer to the public is the organization of joint naval exercises in the Red Sea with the joint Israeli naval forces with Bahrain and the UAE), at the same time as the aforementioned visit.

    Accordingly, my analysis mainly focuses on whether that visit took place through (arranging and coordinating with Tel Aviv to curb Iran in Syria and the region, by attracting Syria to the Arab League and collective Arab action again), and the Gulf rejectionist and Arab reservations towards the step of rapprochement.  The Syrian-Iranian, or did I aim for a clearer Gulf rapprochement with Iran through rapprochement with Syria, as I went to a number of mainly Western analyzes, which I received.  From here, the Egyptian researcher will analyze all the following elements:

Analyzing the implications of the visit of the UAE Foreign Minister (Bin Zayed) to Syria on November 9, 2021.

And its relationship to the “joint naval maneuvers” between (Israel, the UAE and Bahrain) in the Red Sea on November 10, 2021 on the Iranian existence at Syria

The visit of (the head of the Israeli Mossad intelligence service to Bahrain) at the time of the naval joint maneuvers with Israel in the Red Sea, with (the visit of the UAE Air Force commander to Israel).

Then, finally, analyzing the impacts of the Israeli Mossad intelligence moves in the Red Sea on its rapprochement with the USA in the face of (China, Russia and Iran).

   To answer those questions, it is necessary to verify and respond to number of inquires and some other different analyses, such as:

The UAE’s motives for taking such a step of rapprochement with Syria, through the visit of the UAE Foreign Minister “Sheikh Abdullah bin Zayed” to Damascus on Tuesday, November 9, 2021, and the meeting with Syrian President “Bashar Al-Assad”.

Rather, will this Emirates step (encourage the rest of the Arab countries to follow the Emirates footsteps)  and open up to the Syrian regime?

What is the fate of the “Syrian opposition to the Emirati-Syrian rapprochement”, and is this Emirates move aimed at weakening the Syrian opposition track, especially the Syrians opposing the regime of President “Bashar Al-Assad” abroad?

Then, it will remain to analyze (the Syrian opposition’s options if more Arab countries open up to the Al-Assad’s regime).

Will there be a (Syrian-Emirati consensus) towards the step of solving the (return of Syrian refugees from abroad and the settlement of their situation with the current Syrian regime)?

Finally, the question arises, regarding: (the impact of the intensity of American and international criticism of the UAE’s step of rapprochement with the Syrian regime and President “Bashar Al-Assad” on the completion of the remaining Arab steps seeking to integrate and return Syria once more to its membership in the League of Arab States)?

In fact, the most dangerous and important analysis for me remains completely analytical, namely: (What was raised about the fact that the UAE obtained the green light from the United States of America itself and from the Israeli side before the visit of the UAE Foreign Minister “Bin Zayed” to the Emirates, in pursuit of forming (Gulf-UAE-Israeli alliance against Iran), and seeking to neutralize the Syrian regime in the face of these Iranian moves as a closely related ally of the Iranians?) Accordingly, we can analyze that, as follows:

Perhaps what reinforces and supports my recent view regarding the “Israeli Gulf mobilization with the help of the UAE and Washington’s support to confront Iran through Syria” is (the joint security coordination between Israel and the Emirati and Bahraini naval forces to conduct joint naval maneuvers in the Red Sea, which lasted for five full days), which began on Wednesday, November 10, 2021, which comes at the same time as the UAE rapprochement with Syria, meaning:

 (There are joint security arrangements between Israel, the UAE and Bahrain in the face of Iran through the move of rapprochement with Syria as an ally of Iran)

As I mentioned, the joint naval maneuvers between Israel and the UAE at the same time as the UAE visit confirms (the continuation of joint security coordination between Israel and the UAE), especially to curb and limit Iranian influence.  Knowing that the step of joint security coordination between the Emirates and Israel began three years ago, when the naval forces of the Gulf states, mainly the “UAE and Bahrain”, began conducting joint naval maneuvers with the Israeli side, which were the first for them ever with their Israeli counterpart, in cooperation with the forces of the United States of America’s Navy.

We find that the current joint naval maneuvers in the Red Sea with the participation of the UAE and Israel, with the participation of (warships from the Emirates, Bahrain and Israel), in addition to the United States of America, is a “joint Israeli-Gulf assertion” to send a message to the Iranian side, that these naval maneuvers with  Israel, aims to:

 “Securing the maritime traffic in the face of Iran, and seeking to secure the movement of the straits and maritime navigation in the Red Sea with the help of Israeli security, especially that these joint maritime training operations included training on encirclement and raid tactics”

This was confirmed by the US Naval Forces Central Command, in an official statement, to confirm that:

“The Israeli, Emirates, and Bahraini training aims to enhance the ability to work collectively among the forces participating in the maneuvers”

From here, we understand that the step of joint Israeli-Emirati security coordination, and the consequent step of the joint naval maneuvers, came after the signing of the “Abraham Accords” in September 2020, and the normalization of their relations with Israel by the UAE and Bahrain. Since then, it has strengthened the (diplomatic, military, and intelligence relations between Israel, the UAE and Bahrain, as the two most important Gulf countries that share Tel Aviv’s concerns about Iran’s activities in the Red Sea and the region).

The most prominent here, is (the visit of the head of the Israeli intelligence service Mossad in a public visit to Bahrain at the time of the joint naval maneuvers with Israel in the Red Sea, with the commander of the UAE Air Force heading at the same time also on a first-of-its-kind visit to Israel in October  2021).

In general, the (re-opening of the Emirati and Bahraini embassies in Damascus) in December 2018, was considered at that time as (a major change in the Gulf policy towards Syria, and it was among the first indications of a more comprehensive normalization). There is no doubt that these steps came after consulting Saudi Arabia.  However, it seems that Saudi Arabia, as usual, is taking a cautious and secretive attitude towards the move of rapprochement with Syria due to its fear of the “Al-Assad regime’s relations with Tehran”.

At the time, the UAE and Bahrain talked about (the geopolitical benefits of rehabilitating the regime of President Bashar Al-Assad). The State of Bahrain confirmed that “the step of integrating Bashar Al-Assad aims to strengthen the Arab role and prevent regional interference in Syrian affairs”.

The most important analytical question for me is whether Abu Dhabi has completely severed its relations with Damascus at all, given (the continued presence of prominent Syrian figures loyal to Damascus living and working in the Emirates).

In general, this (continuous stream of signals emanating from Damascus and other Arab capitals, led by the Emirates for rapprochement with Syria), indicates that the former opponents of the Syrian government have come close to reaching mutually beneficial arrangements with the Syrian government, some of which pledged a few years ago to drop it.

The most important gains for the Syrian regime from that rapprochement with the UAE and the rest of the Arab countries will be (reconstruction contracts for Syria and energy deals), in addition to the markets that will be opened to it if they reconcile with the Arab countries, which may later pave the way for “inclusion of Damascus again and  returning its membership in the League of Arab States”, which is of course the most important strategic step for the UAE and the Gulf states, to help Syria to return back to the “Arab House”, and consequently put pressure on it not to rapprochement with Iran, as it is a rival opponent for the UAE and the Gulf states.

    In this context, the Syrian capital, Damascus is now hoping for (influential Arab voices to exert international pressure in order to lift the severe sanctions imposed on the Syrian regime), which aims to (punish Syrian officials and Syrian organizations for their alleged involvement in human rights violations).

Continue Reading

Publications

Latest

Africa58 mins ago

Q&A: Arguments for Advancing Russia-African Relations

As preparations are underway for the second Russia-Africa summit planned for 2022, African leaders, politicians, academic researchers and experts have...

Terrorism Terrorism
Intelligence3 hours ago

ISIS-K, Talc, Lithium and the narrative of ongoing jihadi terrorism in Afghanistan

Chinese and Russian efforts are underway to strengthen the Taliban government economically and militarily, along with legitimacy and international recognition....

Health & Wellness3 hours ago

Left Ventricular Aneurysm Surgery

A heart aneurysm is a serious illness that causes impairment of the contractile activity of the affected area of the...

Middle East5 hours ago

Vienna Talks: US-Russia-China trilateral and Iran

Talks between Iran and other signatories to the Joint Comprehensive Plan of Action (JCPOA) 2015/Iran Nuclear deal regarding the revival...

Africa7 hours ago

Nigeria’s role in ECOWAS peacekeeping

ECOWAS is the 44-year-old economic community of West African states. “The evolution of ECOWAS from the level of an organization...

Africa9 hours ago

What a Successful Summit for Democracy Looks Like from Africa

The Biden administration is wrapping up preparations for its Summit for Democracy, to be held virtually next month. While the...

Reports11 hours ago

Small Businesses Adapting to Rapidly Changing Economic Landscape

The World Economic Forum has long been at the forefront of recognizing the strategic importance of sustainable value creation objectives...

Trending