Richard Bingley: A cyber war is on the way


Originally Published at Conservative Home

Richard Bingley is the CEO of the London-based Global Cyber Academy, an independent education organisation dedicated to making technology safer.

Iran’s government often causes incumbent American presidents a headache during election year, although Donald Trump seems immune to diplomatic migraines.  His decisive swoop to eliminate top Iranian general Qassem Soleimani will certainly provoke a response from Tehran. But it might not be in a format we expect or understand.

After all, this was not a clandestine attack by an American secret agency practicing stealth-like ‘plausible deniability’. Rather, it was a highly brazen and visceral public lashing by Trump’s White House.

Iran’s government views herself as being humiliated in her own backyard. Soleimani was viewed domestically as leader (now martyr) who rekindled the military power of Hizbollah in Lebanon and a man who was instrumental in helping Assad’s government in Syria – so far – to defeating Daesh (ISIS).

Yet even among her allies in Asia and The Gulf, Tehran is struggling to drum up much genuine sympathy for – if you believe western media hype – a cartel of uniformed gangsters who, seemingly, operated almost with a carte-blanche licence to kill beyond their own borders.

If any credit is to be had from this sorry episode, it is that the USA didn’t even bother with an ambiguous operation that could be batted away in the United Nations with suppressed smirks, nods and winks which follow ‘plausible deniability’ covert ops.

Tehran therefore has no dilemma to struggle with. Iran will tangibly respond. The only questions remaining are when and how.  This week’s symbolic missile attack of US troop bases in Iraq is highly unlikely to draw a line under this recent escalation from both sides.

Although numerically strong, Iran’s military rank-and-file will be acutely aware that it will, in all likelihood, produce a feeble, disjointed performance on any battlefield.  Moreover, such a bedraggling spectacle – of high-tech machinery pummeling the futile billows of religious-inspired rhetoric – will occur under the full spotlight of 24/7 satellite television and mass digital voyeurism.

Coupled with likely trade sanctions from some Gulf partners, then Russia and China, sitting on their hands, there can only be one short-term winner, if full-scale military confrontation broke out: the United States. Nevertheless, beneath her fighting rhetoric, Tehran’s boisterous government is often clever, agile, highly rational and practices – most of the time – a strong, survivalist, realpolitik.

For a prediction of what’s about to come, we should analyse the life of last week’s target: General Soleimani.
According to some defence journalists and journals, Soleimani was an expert exporter of asymmetric warfare; the types of lethal guerilla operations that can bring great humiliation, and even draw out precautionary fear and retreat, from larger military giants.

Soleimani’s speciality was hybrid and deniable covert operations, which terrorized opponents and sent an intimidating ‘signal’ or projection of power to Iran’s regional adversaries: principally Iraq’s fledgling government, Saudi Arabia, non-Shia of the Lebanon and, of course, Israel.

Hybrid means the mixing up of attack methods; allegedly in the general’s case, utilizing good old traditional ammonium nitrate fueled bombs that can liquidate an apartment block or garrison, but also increasingly deploying advanced technical capabilities: phone intercepts, target espionage and tracking, drone navigation, communications jamming, etc.

The second part of this modus operandi, technical sabotage, is likely to be Tehran’s principle chosen retaliation.
Tehran will know that President Trump is consistent only ever in his dramatic inconsistency. If a bombing campaign is launched against US or allied troops in the Middle East, Trump is likely to strike hard, possibly to the point of driving regime change.

Ringing in his ears will be two presidential scenarios. President Kennedy who noted, that his personal approval ratings rose despite the unsuccessful 1961 Bay of Pigs invasion to topple Fidel Castro. Voters like ‘tough’ and they like ‘action’.

Second, nice guy Jimmy Carter’s attempt to skillfully negotiate the way out of post-revolutionary Iran for seventy trapped US embassy officials in 1979. The debacle lasted 444 days.

Carter’s cerebral, plaintive, attempt failed dismally. Ronald Reagan nailed Carter for his dithering and hand-wringing weakness, to successfully defeat him in 1980, sending the esoteric one-termer back, figuratively, to his Peanut farm in Georgia.

Iran’s government knows all of this. Her President, Hassan Rouhani, was educated as a postgraduate at a Glasgow university and is deeply steeped in security and philosophical strategy. As such, Iran has perhaps one of the most finely tuned asymmetric warfare strategies out there. As with her partly successful nuclear enrichment negotiations with Barack Obama’s White House (and the EU), Tehran thinks that it knows exactly how far to push back at an adversary, or camouflage a glitch, without necessarily provoking a Washingtonian trigger-pull.

Tehran’s retaliation will probably be in the form of escalating cyber attacks upon the USA, its infrastructure and its close allies. Namely, the UK, Saudi Arabia and Dubai Emirate, part of the UAE.

Why?

Because, even though the evidence of a cyber-attack stemming from Iran would be almost incontrovertible to insiders, general public audiences are still susceptible to claims that cyber space is too ambiguous. (Most of us are, thankfully, optimists, unless we see damning proof of something!)

Cyber-attacks are a little like taking a complicated fraud case before a jury. The evidence trail is often too difficult to prove, then the end result is perceivably not lethal. Thus, at present, few countries, if any, have gone to war over a cyber-attack.

However, let’s think back to form. Iran has the capability, in spades. In June 2017 MPs email accounts in the Houses of Parliament were successfully hacked. Initial suspicion fell upon Russia, China and North Korea’s infamous Lazarus cyber-crime group.

But after a four-month investigation, forensic investigators at GCHQ (the UK government’s signals intelligence agency) pointed HMG’s finger squarely at Tehran.

In 2005, Iran’s Islamic Revolutionary Guard established a cyber army, most notably attacking Chinese tech firm Baidu in 2009 and also Twitter. World-leading cyber analysts at the Israel Institute for National Security Studies ranked the IRG as the world’s fourth most powerful cyber army by 2013.

Moreover, if (for example) planned troop movements, or traffic planning systems, or hospital systems, power station systems, car GPS systems – many coordinated by automated and unchecked supervisory controls – are breached, then it simply is a fact of life that any decent cyber-attack upon a critical system will cause physical harm to citizens. And lots of us.

It’s worth recalling that North Korea’s cyber-attack using the WannaCry ransomware led to more than one thousand NHS operations being cancelled back in 2017.  Unlike Israelis or Iraqis, we Brits simply do not believe that a devastating cyber attack will happen to us. Nor do we fully understand what the impacts might be.

Therefore, time spent away from television news, updating our antivirus software, subscribing to VPNs, organizing data back-up and storage, and avoiding dodgy URL links that promise enthralling Instagram images, might be the best retaliation by the UK citizen to this unfolding, highly worrying, skirmish.