Syria-Iran cyberwar fears are a diversion from real issues

Will western military action against Syria redound as cyber-disaster in western Internet infrastructure? There are many reasons for the US not to attack, but this isn't one of them.
Written by Larry Seltzer, Contributor

You've read it before, maybe in the New York Times (although not yesterday): The US is vulnerable to a debilitating "cyberattack". Remote enemies, from the comfort of their military bases and dorm rooms, can poison our water supplies, cripple our power grids and (gasp!) even stop us from tweeting.

With a US military action against the Syrian government possibly imminent, the usual harbingers of cyberwar are out warning the world of what awaits us when the cruise missiles strike. This Reuters analysis notes that this would be the first time the US directly attacked a country with cyberwar capability, although this is a reference to the Syrian Electronic Army (SEA), responsible for yesterday's DNS misdirection attacks against Twitter and the New York Times. The SEA may profess loyalty to the Baath regime in Syria, but we don't know who they really are. They could be a bunch of smart-ass kids anywhere trying to sound as obnoxious as possible. (There have been some reasonable efforts to trace the actual identities of the SEA, but none of them are conclusive.) Honestly, with the troubles they have these days, I'd be surprised of the Syrian government puts meaningful funds into cyberwarfare research, but perhaps I overestimate their rationality.

Reuters also alludes to help Syria might get in such attacks from their ally Iran, and this is certainly more reasonable.

"It's likely that the Syrian Electronic Army does something in response, perhaps with some assistance from Iranian-related groups," said former White House cybersecurity and counter terror advisor Richard Clarke.

You need years of government experience at the highest levels to come up with insight like that.

Former U.S. National Security Agency director Michael Hayden told Reuters that the SEA "sounds like an Iranian proxy," but the article also notes that there's no evidence that the group has the sort of capabilities that are the subject of real cyberwarfare talk: crashing major banks and ISPs, causing outages and damage to public utilities, disabling basic governmental functions and so on. The SEA is best known for hacking an AP Twitter feed; impressive as these things go, but not exactly World War III.

It's reasonable to assume that the Iranians are capable of much more. It's even more reasonable, as Reuters notes, that the Russians have not only high-level capabilities in cyberwar, but the most real-world experience in hot conflicts, owing to their work in Estonia and (to a much lesser extent) Georgia.

There are many, many good reasons for us not to attack Syria. This isn't one of them. Personally, I think that since we've waited this long we've lost the opportunity for any attack we make to have a constructive effect; the only thing we could show at this point is that we're willing to follow through on our insincere threats even when it's not in our interests to do so.

But as for the threat of cyberwar, if it's not the attack on Syria then another perfectly good pretext for Syrian/Iranian/Russian proxies to attack us is just months away. Either we retreat into isolationism or we're going to piss off someone out there, and if we're going to oppose anyone I'd say that the Iranian and Syrian governments seem worth opposing. 

Editorial standards