Reshaping The Future Of War With Malware

As tensions rage beneath the Middle East cauldron, the expanded employment of cyber operations is preventing the region from boiling over. 

US Cyber Command's covert cyber operation against Iran, in response to the September attacks on oil facilities in Saudi Arabia, underscores the inclination of states to use cyber operations instead of armed force and points to broader strategic implications in the region. 

Conventional wisdom would suggest that scaled-up capabilities, growing competition, and the proliferation of malware across cyberspace presents a legitimate risk of escalation in state conflict, transcending the cyber domain toward the kinetic. However, recent history has shown that states have more often availed themselves of their offensive cyber arsenals to achieve surprisingly de-escalatory effects, according to the Atlantic Council think-tank.

Offensive cyber operations sit low on the escalation ladder, the figurative scale ranging from diplomatic engagement to all-out nuclear war, and provide states with means of signaling adversaries without using force, and potentially even deescalating tense or provocative situations.

 Through this lens, there is a case to be made for the responsible diffusion of malware as a tool of diplomacy and statecraft to de-escalate regional conflict. 

Cyber operations have served this exact de-escalatory purpose throughout recent tensions in the Persian Gulf. 
When a US Navy Carrier Strike Group was sent to the Persian Gulf in May  an Iranian threat to US assets was detected in the area, Washington signaled that it was prepared to meet potential Iranian aggression with airstrikes. 

US President tweeted that the United States was “locked & loaded,” alluding to a kinetic response option, but instead, the US deployed malware to neutralise the Iranian threat, while demonstrating that Tehran’s provocations would not go unchecked. 

The decision to prioritise cyber response options underscores Washington’s desire to cool things down and reassert its control by utilizing short-of-war tactics. A similar strategy is playing out on the eastern shores of the Mediterranean. While remaining largely out of the fray, Israel is closely monitoring tensions in the Persian Gulf. Israel, like the United States, remains chiefly concerned with breaking Tehran’s spreading influence and power in the region, but does not want to bear the risk of doing so alone. 

Israel’s Ministry of Defense recently reported to hav eased export control rules on certain malwareto allow Israeli companies to more quickly obtain exemptions for marketing to more countries than previously possible. Under the newly relaxed regulations, not only has the approval process been shortened to as few as four months, but also the Defense Ministry has indicated that the group of allowable buyers has expanded. Indications that Israeli spyware, software that enables users to surreptitiously reap information from another user’s hard drive, and other forms of malware are destined for purchase by Saudi Arabia and the United Arab Emirates have raised eyebrows amongst rights advocacy groups. 

While these human rights concerns over these malware exports are justifiable, the de-escalatory and even ethical role of offensive cyber operations cannot be ignored.

While kinetic options could escalate conflict and draw the ire of the international community, cyber operations can provide de-escalatory alternatives under challenging operational circumstances. Concerns over potential misuse of cyber tools to quash internal dissent and suppress democratic values are legitimate and should be taken seriously. So, too, should the ethical case for the responsible utilisation of these tools.

The de-escalatory and diplomatic effects offensive cyber operations can bring to bear make them legitimate tools of statecraft in navigating regional conflict. 

Atantic Council

You Might Also Read: 

Shockwave - A Global Transformation In Warfare:

 

« Fraud And The Dark Side Of AI
Hacking Skills Can Qualify You For A Top Cybersecurity Job »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

TUV Sud

TUV Sud

TÜV SÜD is one of the world's leading technical service organisations. Services offered include industrial cyber security.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

HYPR

HYPR

HYPR Decentralized Authentication minimizes the risk of enterprise data breaches while providing an enhanced user experience for your customers and employees.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

VMware

VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control.

Elastio

Elastio

Elastio's cloud-native platform safeguards cloud data from the risks posed by ransomware, application failures and storage security vulnerabilities.

Zally

Zally

Using advanced behavioural biometrics and AI, Zally is the world's answer to next-generation security.