Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?Security Experts Size Up Impact of US Rush to Leave Afghanistan
It's unlikely that the U.S. abandoning its embassy and other facilities in Afghanistan poses cyber risks, thanks to the emergency planning that was in place, some security experts say.
"Realistically, any cybersecurity impacts from the rapid evacuation are minimal to nonexistent," says Jake Williams, a former member of the U.S. National Security Agency's elite hacking team and co-founder and CTO at BreachQuest. "However, this is only because of lots of planning and practice with equipment and document destruction. Even if the situation on the ground moved faster than anticipated, these facilities would have prioritized lists of what to destroy first."
The Taliban is not likely to be a cybersecurity threat to the U.S. because the group is focused primarily on establishing control of the Afghanistan government, security experts say.
Plus, as Frank Downs, a former NSA offensive analyst, notes: "Based upon the operating procedures of the Taliban in the past, it would be hasty to assume they are an advanced cyberthreat."
Part of the advanced planning to secure the embassy and other sites took place last week when the Department of Defense Inspector General sent a notification to U.S. Army commands in the U.S. and Afghanistan, including the Special Inspector General for Afghanistan Reconstruction, describing the steps that must be taken to secure sensitive information as the U.S. withdraws from that county.
"In addition to executing the full withdrawal of its forces, the U.S. military must ensure the proper removal of sensitive data from the equipment it plans to either retrograde back to the United States or dispose of in theater," the notification states.
No Simple Task
Dr. Kenneth L. Williams, executive director of the Center for Cyber Defense at American Public University System, notes, however, that because securing or destroying sensitive data is no simple task, there's always the risk that some was left potentially accessible.
"One of the greatest threats is derived from the equipment left by the U.S.," he says. "Often, when countries such as the U.S. leave in a hurry, there is little time to sanitize documents and equipment, contributing to a cybersecurity threat."
But other cybersecurity experts are confident that all sensitive documents and equipment were likely removed or destroyed, leaving little or nothing for the Taliban to recover.
"Several physical mechanisms are in place to ensure the thorough destruction of all systems holding classified information within U.S. buildings," says Downs, who is now director of proactive services for the security firm BlueVoyant. "They are maintained and ready for immediate implementation at any time. These destructive mechanisms, which involve incendiary mechanisms, thoroughly ensure that all information on the systems is destroyed. In almost all cases, those systems are destroyed along with the data resident on them."
Embassy personnel are trained to handle these tasks. In fact, these actions were taken in Libya when the embassy and consulates were attacked, says Rosa Smothers, a former CIA cyberthreat analyst and now a senior vice president at security firm KnowBe4.
"Embassy personnel are trained to conduct emergency destruction procedures - shredding documents, the physical destruction of computer hard drives, etc., - and they had enough lead time to do so. It is expected that our embassy would be a target of the Taliban and/or looters once the facility is vacated," she says.
The U.S. embassy in Kabul, Afghanistan, was among the largest such facilities in the world, housing 4,000 workers, so it might have proven challenging to remove all equipment in an emergency, some security experts note.
"The greater concern for cybersecurity comes from the compromise of the overall telecommunications infrastructure in Afghanistan," Downs says. "The Taliban is now free to do whatever they want with that infrastructure and could potentially use it as a platform to develop and launch cyberattacks," he notes, although he says he does not believe the Taliban is likely to take such action.