Cyber crimes have long been recognized as serious threats to businesses and individuals. Cyberwars threaten nations in ways previously unimaginable and rival the damage that may be caused by conventional wars.
The threats Egypt faces demonstrate the urgent need for Egypt to develop its defensive and offensive capabilities. Yet the technology, required for cyber war, could threaten citizens’ access to information and violate their privacy.
Cyber war is a term used to describe the use of cyber technology to attack nation states. It is often initiated by enslaving a computer, thousands or even millions of computers, turning them into robots or “botnets” under the control of a master in some other country. Enslaved computers can be programmed to report to their master as instructed and can report every single keystroke as well as memory content. In the most basic of cyber war, websites can be forced to shut down or be completely misdirected to other locations. During the 2003 Iraq War, the use of Cyber war saw Iraqi officers receiving fake internal emails from the Iraqi Ministry of Defense with instructions for surrender. After cyber attacks on Estonia in a spat, Russia deployed cyber war weapons against Georgia isolating the country, in the first ever cyber blockade.
It is believed, that Israel’s Operation Orchard against Syria’s alleged nuclear construction site in 2007 relied on Cyber war tactics to shut down Syria’s radar, enabling long undetected flights over Syrian airspace. Last year, computers inside the US Department of Homeland Security were enslaved and used to attack election related networks in two US states. The hacking of the Clinton Campaign emails has been widely reported, with the fingers again pointing towards Russia. Iran too, has been building its cyber war capabilities. Its conflict with Saudi Arabia has a cyber front evident from the 2012 attack against Saudi Aramco.
Dyn, an Internet infrastructure company that facilitates the operation of the internet globally, suffered an unprecedented attack last year. The enslavement technique was used, but with net enabled devices other than computers, thus turning these simple devices into weapons shutting down Dyn’s servers. Just think of hundreds of millions of net enabled devices coming under the control of an aggressor. Richard A. Clarke, the former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States, suggested that enslaved internet connected photocopiers or printers in a large building can be instructed to overheat, setting buildings on fire, no longer seems that far fetched. I can add that remotely accessed security and safety systems could actually be enslaved to stop any reporting or fighting of such fires.
Why bomb a country when you can take over its military communications, shut down its electric grid, stop the payments of pensions and destroy its critical infrastructure?
While the debate rages over the use of the term “cyber war” versus cyber sabotage or cyber terrorism, many countries, around the world have formed specific divisions with significant budgets for cyber war units, both offensively and defensively. The assessment of the strength of a country from a cyber viewpoint is dependent on its ability to attack other countries, its degree of dependence on the Internet and its ability to defend against attacks. While the USA has strong offensive capabilities, it is considered rather vulnerable to attacks, whereas North Korea, with virtually zero dependence on the Internet, is considered strong.
Egypt has relatively high Internet penetration with over 30 Million users, a high percentage of these users have no form of firewall or other protection against viruses or other forms of malware. Egypt made great strides in the digital revolution with many critical services now reliant on the Internet. Yet, Egypt has relatively little control over imported devices and uses mostly imported software. Cyber security has not been an issue of focus, many top government officials continue to use commercial email servers and unprotected devices. These factors combine to make Egypt highly vulnerable to cyber war threats; it has a serious need to develop cyber war defenses. And, like it or not, cyber war offensive capabilities act as a deterrent. They are vital for defenses and are often much faster and easier to deploy than cyber defenses.
In the last two years, there has been sporadic coverage of a draft Cyber Crimes Law, a law that tackles cyber security and indirectly cyber war. Recently we saw Egypt move to tighten its grip on the Internet with the blocking of Signal, a secure chat and communication service. Most recently, Egypt blocked Al Jazeera and other sites for their alleged support of terrorism. Much of the negative feedback surrounding Egypt’s draft law centred around its probable use in curbing freedoms and invading privacy.
With the nature of the terror threat Egypt faces, it is vitally important that the security services have the technical capabilities to spy on and disrupt potential perpetrators. Yet, it is critical that such work is done within the Law. Judicial oversight must be required for net spying just as it is for physical spying. The arguments citing the excesses of the authorities and their disregard for laws as well as fears of overly compliant judges may all be valid and must be addressed. However, that does not mean Egypt can afford to do away with cyber spying on potential terrorists. Perhaps an interim safeguard could be the setting up of special independent courts for the issuance of spying permits and for the review of complaints against abuse of Internet tools.
Egypt’s Cyber Crimes Law should not be about activists’ Facebook pages or the spreading of rumors or the disparagement of the President or the courts, it should have nothing to do with blasphemy either. Rather it must be focused on cyber war threats such as the detection of logic bombs, cyber threats that can lay dormant for years. The severe penalties in the draft law must also apply to any malpractice arising from it.
While Iran and China can apply draconian measures in their cyber war efforts, Egypt cannot afford to match them. Egypt faces tough competition for vitally needed investment and tourism and would further weaken its competitive position if it were to turn its relatively free internet into a closed, heavily policed and sanitized intranet. Egypt, government and opposition, must come to learn that the tools of cyber war are exactly like police weapons: they are there for use in a lawful manner; misuse of these tools constitutes serious malpractice.
It is hard for the opponents of the regime to come to terms with the need for the state to have the tools for cyber war. It is harder still for a state with a totalitarian legacy to have the discipline only to use such powerful weapons for genuine security threats and not for the suppression of dissent.