The United States may have left classified or sensitive intelligence behind as US forces withdrew and evacuated from Afghanistan. That information might now be in the hands of the Taliban. There was also a report this week about an alleged cyber breach at the US State Department. These are both concerns with potential implications for national security, but there is no need to panic.
Should we be concerned that sensitive intelligence may have fallen into the hands of the Taliban? Not really—at least not from a cybersecurity perspective. There are terrorist organizations with relatively impressive cyber capabilities, but offensive attacks are rarely part of their standard MO.
Terrorist organizations use cyber capabilities for overseeing command and control of physical operations, and fundraising. The internet is also a powerful tool for radicalizing and recruiting and spreading propaganda.
I do not believe the Taliban has the cyber capabilities necessary for offensive cyber operations or cyber espionage. I also don’t think it’s a priority for them at this point. Now that they have control of the wealth and resources of an entire country, that could eventually change. For now, the cyber risk posed by any intelligence the Taliban may have would only be a concern if they shared it with or sold it to a more capable adversary—like Russia or China.
What about the alleged breach at the US State Department? When we are talking about a US government agency like the State Department, it is easy to jump to the conclusion that it was a nation-state attack—but that is not necessarily a good assumption.
The US State Department networks and data are most likely under constant siege. They have to deal with all of the standard threats circulating on the internet, and they also have a larger bullseye on their back that attracts hacktivists, nation-states, terrorists, and other groups. There has been no official confirmation of the attack and no details have been shared, so it is hard to say.
The Taliban and the State Department data breach both have potential national security implications, but neither event seems to pose a significant risk based on what we know. The bottom line, though, is that we have to be prepared to defend regardless.
I have been on both sides of nation-state cyber engagements. Defenders have to protect against all attacks. Every time. Some nation-state adversaries have more advanced or sophisticated cyber capabilities, but that is not an excuse. An attack is an attack. Government agencies and private organizations cannot just shrug their shoulders and accept an attack because it came from a nation-state.
That is still true even if the Taliban has classified intelligence, or attackers have data from a State Department breach. It is true whether an attack has national security implications or not.
Where the attack originated or how the attacker got into your network isn’t important. If you have the right tools in place to identify suspicious or malicious behavior early in the attack sequence, you can take action before damage is done and stop the attack.