TL;DR: In this piece, I will arrive at certain definitive conclusions on the actors’ intent as well as directly attribute parts of the operation to a soft war/propaganda arm of the Iranian government. This is not an attempt at domestic sabotage but a desperate bid to propagate a counter-narrative — as Iran feels suffocated by the Western media’s discourse, portraying it in a uni-dimensional way.
With Facebook taking down pages linked to Pakistani cyber actors spreading disinformation in India ahead of the 2019 Lok Sabha elections, it’s becoming increasingly clear that India has been late in spotting the danger: if there is a Pakistani inter-services directorate as lethal as the Inter Services Intelligence, it is, undoubtedly, the Inter-Services Public Relations.
In 2010, I led the first joint cyber operations with the Indian Air Force. Nine years too late, we have started talking about cyber jointness.
“Synergy in Joint Cyber Operations,” presented at an Indian National Defence University event, backed by the Integrated Defence Staff. The first time ever that jointness was discussed in the Indian context. Not very verbose for obvious reasons – I flagged politics and turf wars. Some shakeups are happening; the Defence Cyber Agency is up. Winds of change…
Cyber analysts like me have been this envisioning this scenario since a decade: how the South Asian flashpoint would manifest itself in the cyber-enabled information battlespace.
If there’s one inter-services directorate that is as lethal as the Inter-Services Intelligence, it’s the Inter-Services Public Relations. I know, I know — most of you would balk at my comparison. Hear me out:
“In IT security, offensive problems are technical – but most defensive problems are political and organisational.” — Halvar Flake AKA Thomas Dullien
“We do not have a cybersecurity problem. We have a nation state problem.” — Dmitry Alperovitch
“Our choice is no longer between government regulation and no government regulation, but between smart government regulation and ill-advised government regulation.” — Bruce Schneier
The first rule of a national cyber shield is that there’s no cyber shield. There are no borders, fortresses or moats to be breached. It actually works a bit like the immune system. National cyber shields are situational awareness platforms operating at scale, but with an explicit political mandate.