‘You’ll shut me down with a push of your button’: 21st century sabotage
Hezbollah’s pagers and radios surreptitiously changed into anti-personnel explosive devices and detonated across Lebanon and Syria. Russia-linked fires plague European and American factories supporting Ukraine’s defence. Ukrainian nationals implicated in the Nord Stream 2 pipeline bombing. Concerns raised about Chinese components in systems internationally, at moments of future crisis. Alarm on the Olympics’ opening day, as arsonists strike France’s high-speed railway network.
Sabotage—destroying, damaging or obstructing for military and/or political advantage—is back.
Australia needs to learn from these events and adopt such responses as checking equipment and keeping an eye on supply chains.
In fact, sabotage never really went away. Just as we’ve become habituated to fraud in a digital society, we became tolerant of sabotage. Until Russia’s invasion of Ukraine, Europe accepted too many acts against it. We should not repeat these mistakes in the Indo-Pacific.
Sabotage for military advantage had its heyday during World War II when Britain’s Special Operations Executive (SOE) was instructed to set occupied Europe ablaze. During the early Cold War, western security services focused on protecting industrial plants. This interest was deepened in the 1970s by revelations of Soviet planning for sabotage in Britain and elsewhere should the Cold War turn hot.
Until recently, modern sabotage was conceived as a matter of ones and zeroes. Even during the Cold War, the best-known example of anti-USSR sabotage was in the 1980s, when the CIA modified software destined for Soviet gas pipeline controls. Once installed, it caused explosions resulting in massive system malfunctions and devastating damage, undermining the commercial viability of energy exports and wasting Moscow’s limited hard currency.
Then there was Stuxnet, an early 21st century computer virus that was designed to destroy Iran’s nuclear centrifuges and was attributed to both the US and Israel by media reporting.
Sabotaging hardware is much more logistically difficult than sabotaging software. At the scale used against Hezbollah, it’s extraordinary.
Imagine what this would have required: detailed real-time intelligence insights into Hezbollah’s logistics and operations; sustained, clandestine access to the target equipment, and the right skills to emplace and conceal the explosives; rigorous operational security; and plenty of luck.
Should we be worried about such a tactic being used against Australians, including by terrorists?
At this scale, supply chain interference with such lethality is likely only a capability for sophisticated state actors. Yes, there have been terrorist concealments beyond the stereotypical placement of explosives in luggage—notably in a meat grinder in 2017, printer cartridges in 2010, and worn shoes and clothing—but these didn’t involve intruding into supply chains. Also, there are cheaper and easier supply-chain opportunities for terrorists, such as copying the lacing of Tylenol with cyanide in Chicago in 1982.
The fundamental answer, especially in an Australian context, is prosaic but also more insidious. When your manufacturing base exists almost wholly outside of your borders and includes potential adversaries, you’re unavoidably vulnerable. While state actors may not have the intent now, they certainly could in a conflict scenario, hence why ‘suppliers of concern’ were excluded from our 5G communications systems.
This asks a hard question of government: to what extent are the supply chains of our critical infrastructure dominated by rivals or adversaries who might wish to harm us, perhaps even before a conflict?
There are other lessons:
—Cyber threats can’t be avoided simply by retrogression (for example, Hezbollah trading smart phones for pagers). It’s worth remembering that even carrier pigeons can conceivably be a vector for sabotage: MI4d, responsible for Britain’s World War II pigeon capability, took precautions when retrieving messages from birds returning from Europe, fearing German tampering.
—Entangling counterintelligence and sabotage (and hybrid warfare) threatens to degrade norms of intelligence contest that eschew violence (such as those observed in the Cold War, or at least in its more gentlemanly theatres). The mannered boulevards of international espionage could end up looking more like the rougher alleyways of counterterrorism.
—Indeed, there can be an intended auxiliary intelligence objective to sabotage such as that directed against Hezbollah. It drives targets to use communication methods that are less efficient and maybe more conducive to intelligence collection. It also sows distrust and internal conflict, distancing targets from their support networks internally and externally.
What should be done to guard against sabotage like this?
Be more security conscious in government procurement. Think about security in the same way we typically think about insurance: as an investment in addressing risk. Test procured equipment randomly and systematically and have standing technical capabilities to do so.
Know your supply chain, as difficult as this is amid the lack of clarity inherent in globalisation.
Randomise and obfuscate sensitive procurement channels and destinations. And recognise the potential value of seemingly benign logistical and technical information and take appropriate steps to protect it.
However, also be clear-eyed. There are economic costs that must be balanced against considered risks and the opportunity costs of using security resources in this way. Those costs reveal an additional objective to sabotage: diverting resources away from defence capability to securing supply chains and inventories.
These are the difficult choices of the new age when our ‘crystal ball ain’t so crystal clear’.
No comments:
Post a Comment