There are some additional and excellent reporting/background on the cyber bit that I’d highly recommend:
- secalliance.com/blog/us-and-is…
- sophos.com/en-us/blog/cyb�����
- sentinelone.com/blog/seg/sentinelo…
- halcyon.ai/ransomware-ale…
And many others!
Ref 3: My colleague had noted earlier jn Feb that operational clarity is an essential element to any potential op.
Unfortunately that is getting trickier and trickier with the spread of the conflict to other parts of the Middle East. www.rusi.org/explore-our-...
Ref 2: @jonrlindsay reflects on the mixed signals, objectives and perils of comparing/contrasting US ops. Great read: dolos.substack.com/p/the-perils...
Ref 1: I’ve written on the ‘layered ambiguity’ of the 🇺🇸 description of cyber in 🇻🇪 following claims that such capabilities had led to a ‘blackout’ in Caracas. www.rusi.org/explore-our-...
Seventh, uncertainty remains over when and how Iranian cyber activity could expand to directly target the US homeland and its allies, although many are already in alert.
The layering of uncertainty, as ever, reinforces, the corollary risk is a period of decentralised, proxy-led escalation with limited central restraint, making the coming days particularly volatile and difficult to attribute.
Important to note that we don’t know how much this alleged attack has disrupted the IRGC’s capacity to conduct and plan its cyber campaigns.
Sixth, observing and understanding shifts in priorities, chain of command and use of capabilities within the IRGC in this moment of leadership change will be important albeit difficult esp after the IDF claimed to have hit IRGC’s intel directorate and cyber warfare headquarters.
Fifth, tracking the cognitive effects/psy ops targeting populations in 🇮🇷 🇺🇸 🇮🇱 will be essential. People are talking about the BadeSaba app hack but we need to look at this within a longer timeline (eg 🇮🇷 broadcast being hacked to air regime change narratives+other examples).
Fourth, with the conflict expanding across the broader Middle East following Iranian retaliatory strikes on US bases in Bahrain, Qatar, Kuwait and the UAE, it is also important to monitor hacktivist activities beyond the ‘immediate parties’.
Third, and perhaps more importantly, it will be crucial to continue monitoring how proxies might expand the fog of crisis.
iii)how the ‘layering’ of intel sources supported by cyber esp can enable strikes of greater precision and therefore limit collateral damage to civilians; (iv) and (again!) an invaluable reminder that cyber is only as good as the other capabilities & intel sources it is paired w/
The sequencing of HUMINT, SIGINT and cyber espionage in the killing of the Ayatollah shows: (i) how cyber supports reconnaissance; (ii) how pre-positioning in strategic networks well ahead of an operation can enable it to be used in critical strikes
Second, as important as non-kinetic ‘effects’ is the layering of those effects with intelligence collection to support in successfully achieving military objectives throughout an operation.
Not to mention that, in the case of Venezuela, infrastructure was suffering from gradual and critical decay & cyber capabilities within the country are far from developed.
Midnight Hammer and Absolute Resolve are more contained. Each contains their own set of risks of escalation, of course. But the objectives and scope are clearer. [2, 3]
Epic Fury is possibly the most contextually challenging given the leadership decapitation and spillover to other parts of the Middle East and the incredibly ambiguous set of strategic objectives of the US-Israeli intervention.
Op Midnight Hammer, Absolute Resolve and now Epic Fury represent successive opportunities that the US has been using to sharpen the institutional, operational and tactical integration of cyber capabilities in military operations but we should think twice before bundling them up.
Speaking of ‘layering effects’: Gen Caine’s statement uses similar language to the briefing after Op Absolute Resolve in 🇻🇪[1]. However, rather than only mentioning cyber as helping pave the way for the op, it notes this more sustained approach in disrupting comms&sensor netwrks
Gen Caine’s press conference speech notes two roles for cyber in the ‘layering of effects’: as ‘first-movers’ in using ‘non-kinetic effects’ to shape the environment for the subsequent phases of the Op; secondly, in maintaining a ‘continuous layering’ throughout the first 57hs.
First, as more information is shared about the operations, these cases might contribute to our ongoing assessment of whether cyber remains more useful as a first-strike enabler, or they may provide additional lessons on how cyber might sustain physical effects.
Some of my initial thoughts for @rusi.bsky.social on a seven areas we should keep in mind when assessing the use of cyber capabilities in the context of the US-Israeli operations in Iran + where we should just please drop the 🔮.
🧵
'uncertainty remains over when and how Iranian cyber activity could expand to directly target the US homeland and its allies, although many are already on alert.’
Writes @lmhurel.bsky.social in the latest #RUSICommentary.
'Most governments do not disclose offensive cyber operations. Boasting about capabilities is not the usual game' writes @lmhurel.bsky.social in the latest RUSI Commentary.
I don’t argue that it’s new.
I think you should read the piece first.
🎄Merry Christmas from all of us at RUSI!
Had a marvellous time speaking at Oxford Analytica’s Global Horizons Conference about AI supply chains, tech-trade competition, US-China relations, and the role of AI in the offense-defence balance in cybersecurity w @kellolucas.bsky.social Eduardo Plastino and @tatiabolkvadze.bsky.social.
The Open-Ended Working Group (OEWG) on cybersecurity recently concluded a five-year negotiation on how nations should behave in cyberspace. Experts who have been tracking these talks offer their insights on the group's progress and what the future holds for the OEWG's goals and themes.
“This innovation equips drones with side-mounted rocket boosters, enabling them to perform abrupt, high-G maneuvers just seconds before a missile or interceptor strikes. The result: a dramatic increase in the odds that these drones can evade destruction and complete their missions.”
