Junaid Hussain, a Pakistani descent ISIS terrorist with a British Passport, was one of the first victims of a coordinated cyber and kinetic action by military. He was an ISIS hacker and recruiter, who had declared himself as the head of cyber-caliphate in 2015. Among the most wanted list of men of ISIS, he was given the third highest priority. During the period between 2014 and 2015, the terrorist cum hacker, had become an excruciating headache for the authorities as he helped ISIS supporting lone wolves to carry out attacks within America, while he lived thousands of miles away in Syria, ensconced in ISIS’s security. After grinding their nails on the grindstone over the internet, American Cybercommand, Cybercom, ring fenced one of Junaid’s associates, who helped the authorities in locating Junaid’s GPS location. Finally, it took US military one hellfire attack in Raqqa, Syria, to kill Junaid Hussain, a man who could have very well elevated himself to be the next Osama Bin Laden.
This hellfire attack laid the foundation stone for a new epoch in warfare strategies when “cyber-bombs” and missile attacks began to be considered equally potent.
2019, when myriads of cyber-attacks culminated in missile launches
The year 2019 started with a face-off between Indian and Pakistan. Indian Air Force claimed that they carried out an aerial attack on Pakistani terrorist camp, and Pakistani military establishment vehemently denied such an attack having taken place. In the ensuing din between the two countries, it was Israel’s missile attack on Hamas’s cyber Headquarter that went unnoticed by many across the world.
After the attack, Israeli defence forces in their statement had said that they had thwarted a cyber-attack by Hamas and annihilated HamasCyberHQ.exe. On May 4, at about 9 am Israeli time, Hamas had launched a cyber-attack on Israel, and later fired approximately 50 rockets on southern Israel. This drew the ire of Israeli defence forces (IDF), which decided to counter the strikes with brute military force. At 5:55 pm Israeli time, IDF destroyed the Hamas’s cyber Headquarter.
Israel’s attack on Hamas did not surprise many, but it did set abuzz international forums with discussions on the threshold of cyber-attack which when surpassed can lead to violent reprisals.
America used a strategy similar to Israel’s, after the attack by Iranian proxies based in Yemen on two Saudi oil processing facilities at Abqaiq and Khurais and downing of an American drone. But America treaded the path very cautiously as it calibrated the attacks to stay well below the threshold of war. In the month of June last year, the Islamic Revolutionary Guard Corps (IRGC) mined Norwegian and Japanese tankers as they were crossing the narrow strait of Hormuz in the middle east. This incident provoked the GCC (gulf cooperation council), their client countries and America, which was tasked to protect the strait. Initially, the Trump government had decided to down the Iranian radars and missile installations, but at the eleventh hour US President backed out from a kinetic action against Iran. This is when Cybercom—US’s cyber-command, came into action. It was later revealed that Cybercom had attacked IRGC’s database, which had list of ships maneuvering through the strait of Hormuz. With the database destroyed, US had diminished Iran’s capability to carry out covert attacks in the strait.
Trump government’s prudent decision to avoid a kinetic action may have been inspired by its decision in 2017 when it combined a cyber-attack and kinetic military action.
A combination of Cyber and kinetic action that weakened ISIS
In 2017, as ISIS continued to wreak havoc in Syria and Iraq, US defence forces were having trouble locating the sub-commands of ISIS forces, despite US having figured out the GPS location of ISIS’s primary command. US military’s assessment after combing through swaths in Iraq and Syria, was– if the primary command of ISIS is hit with a missile or by a special forces raid, then the ISIS high value targets (HVT) would move to sub-commands, and continue to attack American and the allied forces. This would have watered down their efforts to destroy the primary command. Ergo, it was decided to surreptitiously locate the sub-commands first. The strategy was executed promptly—US Cybercom carried out cyber-attacks on ISIS’s systems in their primary command. Once their systems were knocked out, ISIS HVTs moved to the peripheral posts or the sub-commands to continue their attacks on American forces. But this led to them exposing themselves to the kinetic actions of the American and allied forces. The simple idea of following an overt attack after a series of covert cyber-attacks worked in American and allied forces advantage. As a result, ISIS began to lose its footing in both Syria and Iraq.
Many think tanks across the world have questioned the actions of the states which have either used missiles to counter a cyber-attack or have provoked another state into a war like situation by covertly subduing cyber assets. While there exists a Tallinn manual, which is an influential guide to applying International laws to cyberspace, not many countries follow it. Albeit, France has adopted Tallinn manual 2.0, and France’s interpretation says– digital interference in its internal or external affairs constitutes prohibited intervention if it is likely to affect the French political, economic or social system.
In an epoch when countries have relied on cyber-attacks to influence the populace of an enemy country, or have stolen designs of defence assets, it is difficult to establish the threshold which when crossed could lead to a conventional war. ISIS despite being a hydra headed monster, has so far not been able to acquire a nuclear bomb. In the Indian subcontinent where both Pakistan and India have nuclear arsenals, would a cyber attack on one of the state’s economic or defence asset, lead to launching of aerial strike or missile attacks? An ambiguity and lackadaisical attitude of the states in defining the threshold of war could exacerbate a situation in the future. This is just a heads-up.