The reported cyberstrike by the Islamic State or some of its acolytes on social media accounts of the U.S. Central Command — responsible for American military operations in the Middle East — is more insult than injury.
While that’s hard to believe, it is the case.
First, as of this writing we don’t know who exactly is behind the attack. While the hackers claim to be the “CyberCaliphate,” it’s not clear if they are directly related to the Islamic State of Iraq and Syria (ISIS) infamy.
Indeed, we may never know whether the cyberstrike was an Islamic State job, whether it was outsourced by the Islamic State to a group of like-thinking “hacktivists,” pulled off by Islamist volunteers or even a completely unassociated troublemaker.
That’s the “beauty” of cyber operations: Attribution is tough. (Other advantages to the strikers are the low cost — a little electricity and a laptop; wide access to the Internet; the ability to easily cross international borders and high levels of effectiveness.)
Second, the hack reportedly didn’t get into classified systems where Central Command, or CENTCOM, secrets reside, but rather into controlled social media accounts on commercial websites such as YouTube and Twitter; some personal information of high ranking military personnel may have been disclosed.
In other words, this attack didn’t mess with the warfighting capability of CENTCOM, but the disruption undoubtedly distracted some elements of the command from its duties — such as fighting the Islamic State — for a period of time.
Think of it this way: If someone hacked your personal email or social media account, it would be a headache, but it’s not the end of the world — at least in the minds of the vast majority of people, right?
All that said, the CENTCOM cyber caper does matter. Here’s why.
While CENTCOM wasn’t disabled by the attack, a misunderstanding of the gravity of the event might prove to be a significant public relations victory for the CyberCaliphate — whoever they are — and for the Islamic State.
Perception is reality after all.
If the mighty U.S. military appears vulnerable or weak, the Islamic State and other terrorist groups like al-Qaeda in the Arabian Peninsula might feel a gust of wind in their sordid sails, bringing aboard new followers and funders.
Plus, misunderstanding the effect of the cyberstrike may also have an impact on the perception of American national security capabilities and credibility in Middle Eastern capitals and on the Arab Street. Once an impression is made, it can be hard to change.
So, score a couple for the bad guys.
Lastly, considering the seeming alarm that this attack has caused, it seems reasonable to expect that our enemies will pick up on our anxiety — and we’ll see more of this kind of activity at varying levels of sophistication and with varying levels of success.
So while the damage was limited this time, there’s a sort of cyber “sting” associated with the hacking — one that the Islamic State (a social media superpower in its own right) will likely try to trumpet as a triumph, whether the hack was the terror group’s doing or not.
- Peter Brookes is a Heritage Foundation senior fellow and a former deputy assistant secretary of defense.
Originally appeared in the Boston Herald