The prospect of a military strike against Syria in the next few days has private U.S. firms bracing for retaliation — in cyberspace.
A group calling itself the Syrian Electronic Army has already gone after some U.S. targets, including The New York Times, whose website was taken down for an extended period this week. The group supports the Bashar Assad regime in Syria and has vowed to help defend the country against its enemies, including the United States.
The Syrian Electronic Army could soon have that opportunity, most likely with the blessing of the Syrian government. Cyberretaliation against civilian targets might be seen by the Syrian leadership as less risky than counterstrikes against U.S. or allied military assets.
"I think the Syrians have all the interest in the world in disrupting as many websites as possible and making commercial operations as difficult as possible inside the United States and elsewhere to communicate a message that it can respond," says Chris Bronk, who specializes in cybergeopolitics at Rice University.
Cyberattacks are silent. They can be invisible until it's too late to defend against them. And they are hard to trace. Given their dependence on computer network operations, U.S. firms are taking notice of the risk they may face from Syrian hackers.
"A lot of companies are coming and asking us to do assessments on the Syrian Electronic Army and other actors in the broader region and how they may suffer attacks in the coming weeks from them," says Dmitri Alperovitch, co-founder and chief technology officer at CrowdStrike, which provides companies with cybersecurity advice and assistance.
"My phone has been buzzing off the hook over the last few days because of this," he says.
So far, the Syrian hackers have generally carried out relatively unsophisticated "denial of service" attacks, directing so much computer traffic at a website that it is overloaded and shuts down. The group has targeted the news media in particular, taking credit for attacks against The Washington Post and NPR, among other organizations.
This week's attack on The New York Times, however, was somewhat more sophisticated, involving a penetration of the Domain Name System, the directory that translates domain names into numerical Internet addresses. The attack raised the possibility that the Syrian Electronic Army could go after other targets and cause more damage.
"It has potentially both the capabilities of a grass-roots movement and an intelligence service," says Bronk. "It's a new type of organization."
Should Syria's leaders decide to retaliate in cyberspace for a U.S. missile strike against them, they might also call for help from their ally Iran, which is developing an increasingly serious cyberwarfare capability of its own.
U.S. cybersecurity experts worry most about an attack on critical infrastructure in the United States, including the power grid or the transportation system. Such an attack would probably result in an escalation of any military conflict with the United States.
"I think there will be a judgment call on behalf of the Syrian government to see if they want to provoke the U.S. into further escalation and trip over another red line, or whether they just want to endure the strike and move on," says Alperovitch.
The Department of Homeland Security, or DHS, hasn't issued any special alerts for U.S. companies to be on the lookout for cyberattacks in the next few days, largely because there's been no official U.S. decision yet on whether to strike Syria.
"DHS is closely following the situation and actively collaborates and shares information with public and private sector partners every day in the face of constantly evolving threats," says Peter Boogaard, a Homeland Security spokesman.