According to Freedom House’s 2018 report, 32% of the Syrian population has access to Internet (2018), an ever-increasing part of Syria can therefore use Information and Communication Technology (ICT); this shows the importance that cyber tools hold in the Syrian society as it has been described as the most socially mediated civil conflict so far (Lee, s.d.). Moreover, it is well-known the major role played by the social media during the Arab Spring, in Syria as across Northern Africa. The Syrian civil war encompasses a broad range of players, all of them having using ICT to varying degrees, due to the fact that it’s cheap but it can actually wreak havoc. Cybernetics are important in times of war and have become a main point for States and non-state actors to “win” a war to some extent because “unlike conventional battlefields, cyber warfare has the potential to alter the balance of power between countries with asymmetrical military capabilities” (Najem, 2018).
At the moment, there is no shared definition of the cyberspace at the international level. Every State and every entity adopted a national definition, which sometimes is opposed or simply it doesn’t enclose the same attributes. One of the definition of cyber domain that is quite technical, but comprehensive, is Todd’s who defines it as “an evolving man-made domain for the organization and transfer of data using various wavelengths of the electromagnetic spectrum. The domain is a combination of private and public property governed by technical rule sets designed primarily to facilitate the flow of information”(2009). Nonetheless, the need for a shared definition is a necessary to clearly define every aspect of this realm, considering the multitude of national and arbitrary définitions. Therefore, in order to define a cyber operation, it is preferable to use the International Telecommunication Union (ITU) definition, which describes cyber operations as “the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cyber security thrives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment” (ITU, 2008). The definition is quite technical but it encompasses important aspects that sometimes are forgotten by other authors. Definitions are essential in this context because show how far an individual or a group of individuals can go to defeat an enemy and what possibilities are given to them. But first, let’s define who the “them” is.
Whose war is this?
Countless players can be taken into account in the “anti-government” groups and militias category; nonetheless, the most active are the Supreme Council of the Syrian Revolution, the Free Syrian Army, the Hackers of the Syrian Revolution as well as Anonymous, Oliver Tucket and the Chinese Army for Crushing Syrian Regime Shabiha which also participate in the conflict. Nevertheless, they exert pressure on the Bashar al-Assad’s government using different tools and also with dissimilar aims. Those groups have been using social media as a battlefield to raise awareness and to spread misinformation, while pro-government groups have taken a more military approach using for example more Distributed Denial of Service attacks (DDoS consist in sending multiple signals to a website until it overloads and breaks down). Pro-government groups have been keen on using malware to spy on pro-groups’ family members leading them to find out about the locations and potential targets of those opposing the government (Baezner, 2017). In general, both sides have used three main techniques but to varying degrees: DDoS, defacement (replacing the content of a web page with something else) and malwares (programs that interfere in computer operations). These opposing modi operandi can be explained by three main factors:
- The government can easily shut down the Internet network making it difficult for anti-government groups to operate, while it has been commonly used by pro-government forces to slow down the network. The telecommunication sector has been, from the beginning, under heavy bureaucratic control of the state. Bashar al-Assad has welcomed telecommunications but he has always made sure that they remained under his surveillance; the Syrian Telecommunication Establishment (STE) was the Internet service provider. Even private Internet Service Providers (ISPs) had to sign a memorandum accepting that their connections would go through the STE, therefore retaining control on the telecommunications services;
- The government has more resources to invest in defensive software and very powerful malwares. Only “hacktivists”, such as Anonymous, have the knowledge to counter it and the tools to cause some major event to some extent (Racicot, 2015);
- Cyber space gives power to non-combatants and non-state actors to engage in the conflict and to damage State’s facilities as they rely more and more on complex cyberspace operations, nonetheless anti-government groups are still very much opposed to each other. In that sense, the opposition groups don’t communicate between themselves therefore they lack a common comprehensive strategy which limits their effectiveness.
Are ICT effective to Syrian civilians?
So far, cyber activities have been undertaken in order to gather intelligence on the opponents but caused no real physical damage (Baezner, 2018). Still cyberwarfare is a major issue for states and its use is ever-growing. It can cause online damages (sometimes even financial disruptions) by taking down websites, spreading misinformation or even disrupt the daily conduct of operations by sending malware and disturb software. Syrian civilians are keen on using the Internet for the aforementioned reasons. As a new tool of empowerment, the question remains of how relevant it is at times of war. Low-intensity attacks have proven to be important to gather support showing what’s really happening out there. But as civilians decide to take up cyber arms, they would still be behind compared to Bashar al-Assad and his back-up groups. Only 30% of the population has access to Internet and many are fleeing the country. In that regard, less and less Syrian civilians are actually using those weapons in this war. Foreign countries help them improve their cyber tools, but none of them are giving more sophisticated hardware and software to counter the Syrian government and feel more equal. Plus, cyberwarfare is not decisive in the sense that it causes no physical damage, therefore it doesn’t give any real military advantage unless, as it happened before, one party misguides the other one in order to get precious information for its own advantage.
The cyberspace can have the double role of becoming a vehicle to statual and non-state actors, to share counterposed ideological ideas or can become a powerful weapon in conflicts.The proper use of cyberspace is not easy, as demonstrated by the pro-regime forces and their use of it.:“However, it is a disturbance, and the surveillance capabilities may prevent supporters from joining the cause. Less funded and coordinated, the anti-regime groups are also more vulnerable” (Ringnes, 2014). On the short but also long term, civilians will encounter several challenges in the cyber space for the reasons aforementioned, but also because countries are starting to regulate this environment as they see how dangerous it can get for them. Those regulations will be difficult to apply to non-state actors and, in this case, to civilians as they usually are not responsible under those rules.
Cybercrimes are hard to be addressed properly by the Countries involved owing to the unanimity of the cyber domain. An international legal framework would be needed to guarantee the protection/incrimination of international actors, being states or non-governmental actors. These provisions should regulate cyberwar and how it is framed within armed conflicts. Ad hoc legal measures enabling sanctions cyber meddling in armed conflicts by third actors, notably states, would be beneficial.
Laura Gonzalez Priede
Academic Assistant at the Centre Européen de Recherches Internationales et Stratégiques (CERIS)
– Freedom House. (2018, November 15). Syria. Retrieved December 13, 2018, from https://freedomhouse.org/report/freedom-net/2018/syria.
– O. D. (2013). L’utilisation stratégique du Cyber au Moyen-Orient (pp. 1-58, Publication No. 1504119642). Paris, France: Délégation aux Affaires Stratégiques.
– Kausch, K., Anderson, C., Najem, M., & T. (2018, February 1). How Important Has Cyber Warfare Become to the States of the Middle East? Retrieved December 5, 2018, from http://carnegie-mec.org/diwan/75395?lang=en/.
– Baezner, M. (2018). Hotspot Analysis: Synthesis 2017: Cyber-conflicts in perspective (pp. 4-31, Rep.). Zürich, Switzerland: CSS ETH Zürich.
– Racicot, J. (2015, August). The Syrian Civil Conflict in the Cyber Environment. Retrieved December 5, 2018, from https://www.researchgate.net/publication/281257586_The_Syrian_Civil_Conflict_in_the_Cyber_Environment.
– Lee, B. (n.d.). The Impact of Cyber Capabilities in the Syrian Civil War. Retrieved December 19, 2018, from http://smallwarsjournal.com/jrnl/art/the-impact-of-cybercapabilities-in-the-syrian-civil-war.
– Ringnes Willhelmsen, V. C. (2014). SOFT WAR IN CYBERSPACE How Syrian nonstate actors use hacking to influence the conflict s battle of narratives (Master’s thesis, University of Oslo, 2014) (pp. 1-93). Oslo: University of Oslo.
– Todd, G. H. (2009). Armed Attack in Cyberspace: Deterring Asymmetric Warfare with an Asymmetric Definition. Retrieved December 19, 2018, from https://heinonline.org/HOL/LandingPage?handle=hein.journals/airfor64÷=6&id=&page=
– ITU. (Ed.). (n.d.). Study Groups 17. Retrieved December 19, 2018, from https://www.itu.int/en/ITU-T/studygroups/com17/Pages/cybersecurity.aspx