MELISSA BLOCK, HOST:
From NPR News, this is ALL THINGS CONSIDERED. I'm Melissa Block.
ROBERT SIEGEL, HOST:
And I'm Robert Siegel. With the prospect of a military strike against Syria in the next few days, the United States must brace for possible reprisals. The Syrian government or groups allied with it could hit back, not with traditional warfare but with cyberattacks. A group of pro-government hackers calling itself the Syrian Electronic Army has already gone after some U.S. targets, most recently The New York Times.
NPR's Tom Gjelten says more companies could find themselves on the front lines.
TOM GJELTEN, BYLINE: War in the cyber domain is different. It's not armies or navies that are most exposed. In a country like the United States, it's companies, banks, energy providers, airlines or media organizations. Plus, cyberattacks are silent. They can be invisible until it's too late, and they are hard to trace. No wonder, then, that the Syrian government, if it comes under attack, might choose to retaliate in cyberspace.
Chris Bronk specializes in cyber-geopolitics at Rice University.
CHRIS BRONK: I think the Syrians have all the interest in the world in disrupting as many websites as possible and making commercial operations as difficult as possible inside the United States and elsewhere to communicate a message that it can respond.
GJELTEN: Plus, the Syrian government has a group of computer hackers apparently willing to do the work for them, the so-called Syrian Electronic Army. They say they support the Assad regime, and they're promising to defend the country against its outside enemies, including the United States. Chris Bronk says the group should be taken seriously.
BRONK: It has potentially both the capabilities of grassroots movement and of an intelligence service. It's a new type of organization. And what's not hypothetical is the achievements.
GJELTEN: Before The New York Times was targeted this week, the Syrian Electronic Army claimed credit for hacking into The Washington Post and other news organizations, including NPR. Not surprisingly, with all the talk of military action against Syria, U.S. companies are worrying they might suffer the consequences of cyber retaliation, if not from the Syrian Electronic Army, then from cyber-warriors out of Iran, Syria's ally.
Dmitri Alperovitch is the co-founder of CrowdStrike, a company that provides cybersecurity advice.
DMITRI ALPEROVITCH: A lot of companies are coming and asking us to do these assessments on the Syrian Electronic Army and other actors that we see out of Iran and the broader region and what their capabilities are and how they may suffer attacks in the coming weeks from them.
GJELTEN: So you are getting requests like that?
ALPEROVITCH: Oh, all the time. I mean, my phone has been buzzing off the hook over the last few days because of this.
GJELTEN: The attacks attributed to the Syrian Electronic Army have been mostly unsophisticated. The group has not yet targeted critical infrastructure in the U.S. like the power grid or the transportation system. Alperovitch suggests that whether there will be a major cyberattack in retaliation for a U.S. strike on Syria would depend on how significant the U.S. action would be.
ALPEROVITCH: I think there will be a judgment call on the behalf of the Syrian government to see if they actually want to provoke U.S. into further escalation and tripping over another red line or whether they just want to enjoy the strike and move on.
GJELTEN: The Department of Homeland Security hasn't issued any special alerts for U.S. companies to be on the lookout for cyberattacks in the next few days. After all, there's been no official decision yet on whether to strike Syria. A DHS spokesman says the department shares information with companies every day in the face of constantly evolving threats. Tom Gjelten, NPR News, Washington.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.