People gather outside the American University hospital after the arrival of several men who were wounded by exploded handheld pagers, in Beirut, Lebanon, Tuesday, Sept. 17, 2024. (AP Photo)
On September 17, thousands of pagers belonging to the militant organisation Hezbollah detonated across Lebanon, killing nine people and wounding nearly 3,000 others, including the group’s fighters and Iran’s envoy to Beirut. The following day another round of attacks happened, this time on handheld radio sets as well as cellphones and laptops which left 20 people dead and more than 450 people injured.
Hezbollah is known to use pagers as a low tech communication ecosystem to evade Israeli location detection techniques. It is reported to have recently deployed about 5,000 new such devices from a Taiwanese company Gold Apollo whose Hungarian supplier is also being mentioned in the attack. Explosives to the measure of three grams, slotted near the battery of the pagers, connected to the remote command slot are being reported as the cause of the explosions. Likewise the hand held radio sets were also recently procured and had the logos of the Japanese manufacturer Icom.
Clearly, the attacks and the suspicion of these pagers as well as radio sets being compromised are on Israeli agencies with Hezbollah also threatening to take revenge. It reminds one of the Stuxnet virus attack by Israel in 2010 which targeted Iran’s nuclear programme centrifuges, again a unique cyber attack at that time.
As reported in the current case, the pagers as well as the radio sets and other devices were filled with explosives, which is a physical activity, while the remote trigger points to the cyber aspect. Compromising the supply chain and cyber attacks are part of many geopolitical security conversations. There is a global worry now about employing such attacks.
Not that these are the first incidents that showcase a combination of physical and cyber attack. But they point to a new dimension where supply chain compromises of digital assets could be attempted by nations as well as rogue elements employed by them or criminal syndicates. As more interconnected devices come on networks, it adds to the risks to critical infrastructure which today remains vulnerable to attacks as well as sabotage. A coordinated attack, compromising multiple device types could have cascading effects, disrupting emergency services, shutting down critical infrastructure, or causing widespread chaos that results in loss of life.
There are three aspects to this massive attack.
First, the usage of digital technology to levels that force multiple physical attacks and as a combination, lead to concerns over creating a larger havoc. With artificial intelligence becoming a major factor in enhancing kinetic weapons capabilities, the horizon is more complex.
Second, is the use of such techniques a harbinger for more deadly forms of cyber attacks. Can nations be allowed to go to such an extent of causing violence and death using digital techniques?
Third, how will the supply chain ecosystem deal with such attacks. Modern technology supply chains are incredibly complex, with components and software often sourced from multiple countries and suppliers. This complexity creates ample opportunities for malicious actors to introduce compromised hardware or software at various points in the supply chain. These compromises can be extremely difficult to detect and may lie dormant until activated for an attack.
After much negotiations over years, the UN backed group working on cyber crimes was able to provide a final draft UN Convention against Cybercrime in August this year to be deliberated upon and approved by the UN General Assembly in a few weeks. It has elements of how nations need to stay away from launching cyber attacks on others as well as prevent their soil from being used for cyber attacks. Clearly, the current episode is a direct violation of the intent of most nations and civil society and acts as a motivation to get this legislation in place sooner than later.
Further efforts to define cyber warfare and its various connotations need to be ushered in among the comity of nations. A much wider conversation than the UN open ended working group deliberations trying to build on the UN Norms of Responsible Behaviour in Cyberspace as provided by the Group of Governmental Experts in its report of June 2021 has to be undertaken to see that cyber attacks, as a concomitant element of physical attacks, don’t become the norm and mutate further to worrying levels.
Present day global conflicts, notably the Russian-Ukraine conflict as well as the Middle East conflict, have had their elements of cyber skirmishes but not to the scale of the pager and radio set attacks. With attribution still being an area of concern for cyber attacks, the propensity to target digital or physical assets with cyber attacks could result in a rat race that would trigger a belligerent digital ecosystem.
The writer, a defence and cyber security analyst, is former country head of General Dynamics
© The Indian Express Pvt Ltd
First uploaded on: 19-09-2024 at 11:48 IST