Murad A. Al-Asqalani is an open-source intelligence analyst based in Cairo, Egypt. Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.
(Author’s Note — “Do You Have A Flag?” is a reference to the Eddie Izzard sketch of the same name.)
National Security Situation: Response to offensive Information Operations in cyberspace against the Government of Egypt (GoE).
Date Originally Written: May 15, 2017.
Date Originally Published: June 1, 2017.
Author and / or Article Point of View: This article discusses a scenario where the GoE tasks an Interagency Special Task Force (ISTF) with formulating a framework for operating in cyberspace against emergent threats to Egyptian national security.
Background: In 2011, a popular uprising that relied mainly on the Internet and social media websites to organize protests and disseminate white, grey and black propaganda against the Mubarak administration of the GoE, culminated in former President Mubarak stepping down after three decades in power.
Three disturbing trends have since emerged. The first is repeated deployment of large-scale, structured campaigns of online disinformation by all political actors, foreign and domestic, competing for dominance in the political arena. Media outlets and think tanks seem to primarily cater to their owners’ or donors’ agendas. Egyptian politics have been reduced to massive astroturfing campaigns, scripted by creative content developers and mobilized by marketing strategists, who create and drive talking points using meat and sock puppets, mask them as organic interactions between digital grassroots activists, amplify them in the echo chambers of social media, then pass them along to mainstream media outlets, which use them to pressure the GoE citing ‘public opinion’; thus, empowering their client special interest groups in this ‘digital political conflict’.
The second trend to emerge is the rise in Computer Network Attack (CNA) and Computer Network Exploitation (CNE) incidents. CNA incidents mainly focus on hacking GoE websites and defacing them with political messages, whereas CNE incidents mainly focus on information gathering (data mining) and spear phishing on social media websites to identify and target Egyptian Army and Police personnel and their families, thus threatening their Personal Security (PERSEC), and overall Operation Security (OPSEC). The best known effort of this type is the work of the first-ever Arabic Advanced Persistent Threat (APT) group: Desert Falcons.
The third trend is the abundance of Jihadi indoctrination material, and the increase in propaganda efforts of Islamist terrorist organizations in cyberspace. New technologies, applications and encryption allow for new channels to reach potential recruits, and to disseminate written, audio, and multimedia messages of violence and hate to target populations.
Significance: The first trend represents a direct national security threat to GoE and the interests of the Egyptian people. Manipulation of public opinion is an Information Operations discipline known as “Influence Operations” that draws heavily on Psychological Operations or PSYOP doctrines. It can render drastic economic consequences that can amount to economic occupation and subsequent loss of sovereignty. Attributing each influence campaign to the special interest group behind it can help identify which Egyptian political or economic interest is at stake.
The second trend reflects the serious developments in modus operandi of terrorist organizations, non-state actors, and even state actors controlling proxies or hacker groups, which have been witnessed and acknowledged recently by most domestic intelligence services operating across the world. Attributing these operations will identify the cells conducting them as well as the networks that support these cells, which will save lives and resources.
The third trend is a global challenge that touches on issues of freedom of speech, freedom of belief, Internet neutrality, online privacy, as well as technology proliferation and exploitation. Terrorists use the Internet as a force multiplier, and the best approach to solving this problem is to keep them off of it through attribution and targeting, not to ban services and products available to law-abiding Internet users.
Given these parameters, the ISTF can submit a report with the following options:
Option #1: Maintain the status quo.
Risk: By maintaining the status quo, bureaucracy and fragmentation will always place the GoE on the defensive. GoE will continue to defend against an avalanche of influence operations by making concessions to whoever launches them. The GoE will continue to appear as incompetent, and lose personnel to assassinations and improvised explosive device attacks. The GoE will fail to prevent new recruits from joining terrorist groups, and it will not secure the proper atmosphere for investment and economic development.
This will eventually result in the full disintegration of the 1952 Nasserite state bodies, a disintegration that is central to the agendas of many regional and foreign players, and will give rise to a neo-Mamluk state, where rogue generals and kleptocrats maintain independent information operations to serve their own interests, instead of adopting a unified framework to serve the Egyptian people.
Gain: Perhaps the only gain in this case is avoidance of further escalation by parties invested in the digital political conflict that may give rise to more violent insurgencies, divisions within the military enterprise, or even a fully fledged civil war.
Option #2: Form an Interagency Cyber Threat Research and Intelligence Group (ICTRIG).
Risk: By forming an ICTRIG, the ISTF risks fueling both intra-agency and interagency feuds that may trigger divisions within the military enterprise and the Egyptian Intelligence Community. Competing factions within both communities will aim to control ICTRIG through staffing to protect their privileges and compartmentalization.
Gain: Option #2 will define a holistic approach to waging cyber warfare to protect the political and economic interests of the Egyptian people, protect the lives of Egyptian service and statesmen, protect valuable resources and infrastructure, and tackle extremism. ICTRIG will comprise an elite cadre of highly qualified commissioned officers trained in computer science, Information Operations, linguistics, political economy, counterterrorism, as well as domestic and international law to operate in cyberspace. ICTRIG will develop its own playbook of mission, ethics, strategies and tactics in accordance with a directive from the political leadership of GoE.
Other Comments: Option #1 can only be submitted and/or adopted due to a total lack of true political will to shoulder the responsibility of winning this digital political conflict. It means whoever submits or adopts Option #1 is directly undermining GoE institutions. Since currently this is the actual reality of GoE’s response to the threats outlined above, uncoordinated efforts at running several independent information operations have been noted and documented, with the Morale Affairs Department of the Military Intelligence and Reconnaissance Directorate running the largest one.
 Eddie Izzard: “Do you have a flag?”, Retrieved from: https://www.youtube.com/watch?v=_9W1zTEuKLY
 Desert Falcons: The Middle East’s Preeminent APT, Kaspersky Labs Blog, Retrieved from https://blog.kaspersky.com/desert-falcon-arabic-apt/7678/