Does US abandonment of embassy in Kabul pose a cybersecurity risk?

Security experts assess impact of U.S. withdrawal from Afghanistan. With contingency plans in place, the abandonment of the U.S. embassy and other facilities in Afghanistan is unlikely to pose a cyber risk, some security experts said.

Media reports on Aug. 14 that U.S. embassy staff in Kabul have been told to begin destroying sensitive materials underscores that the Biden administration is preparing for the possibility that the embassy could be seized by the Taliban, despite public assurances that the building is still in place. operate.

According to a copy obtained by Bloomberg News, the embassy facilities manager issued a management notice to all U.S. personnel earlier Friday, asking staff to “reduce the amount of sensitive material on the property.” It requires them to destroy any U.S. emblems, flags “or items that could be misused in publicity efforts.”

The emails detail the way diplomats destroy materials: paper using burner boxes and shredders, Electronic shredders, incinerators for medical waste, and pressure “that can shred items that are too large for shredders.” real machine. It said the embassy would provide so-called “destruction support” between 8.30am and 4pm. until further notice.

“These methods of destruction do not apply to weapons, ammunition and similar items,” it wrote.

Two administration officials, who spoke on the condition of anonymity, discussed internal memos that said destruction procedures were standard when U.S. outposts overseas were scaled back. One of the officials said it was in line with a stated plan for most U.S. troops in Afghanistan to leave by the end of the month, but acknowledged the Taliban’s progress played a role.

Former US National Security Agency (US National Security Agency) elite hacker team member, BreachQuest co-founder and CTO Jack “In reality, the impact of a rapid evacuation on cybersecurity is minimal to non-existent,” said Jake Williams. “However, this is only due to extensive equipment and document destruction planning and practices. Even if the situation on the ground is more Expect it sooner and the facilities will also prioritize what to destroy first.”

Security experts say the Taliban are unlikely to pose a cybersecurity threat to the United States because the group is primarily focused on establishing control over the Afghan government.

Also, as Frank? As Frank Downs pointed out: “Based on the Taliban’s past operating procedures, it would be rash to think of them as an advanced cyber threat.”

Last week, the U.S. Department of Defense Inspector General issued a notice to U.S. Army Commands in the U.S. and Afghanistan, including the Special Inspector General for Afghanistan Reconstruction, describing the steps the U.S. must take to gain access to sensitive information after the U.S. withdraws from the country. .

The management guide says lessons from past monitoring of contingency operations should be used to ensure better control during the current withdrawal from Afghanistan. In past surveillance work, it has been found that the handling of devices containing sensitive information remains inadequate, increasing the risk of theft or disclosure of information held on that device. The responsible person did not ensure that the controlled data on the hard drive was cleared before receiving the device. For example, the force did not clear sensitive data from four navigation systems and a counter-radio-controlled improvised explosive device system.

“In addition to executing a total withdrawal, the U.S. military must ensure that sensitive data from equipment planned to be returned to the United States or disposed of in a theater is properly deleted,” the notice said.

This is not an easy task

However, Dr. Kenneth L. Williams, executive director of the Center for Cyber ​​Defense of Public University Systems, noted that because protecting or destroying sensitive data is not a simple task, there is always some risk that it could be accessed.

“One of the biggest threats comes from equipment left by the United States,” he said. “Typically, when countries like the U.S. leave in a hurry, there is little time to ‘sanitize’ documents and equipment, which creates a cybersecurity threat.”

But other cybersecurity experts believe that all sensitive documents and equipment could be removed or destroyed, leaving little or nothing for the Taliban.

Downs, now director of active services at security firm BlueVoyant, said: “Some physical mechanisms are in place to ensure the complete destruction of all systems in US buildings that hold classified information.” “They are maintained and can be implemented immediately. These destruction mechanisms are , including the burnout mechanism, thoroughly ensures that all information about the system is destroyed. In almost all cases, these systems are destroyed along with the data on them.”

Embassy staff are trained to handle these tasks. In fact, the operations came at a time when Libyan embassies and consulates were attacked, said Rosa Smothers, a former CIA cyber threat analyst who is now senior vice president at the security firm KnowBe4. taken.

He said: “Embassy personnel are trained to perform emergency destruction procedures, such as shredding documents, destroying computer hard drives, etc., and they have enough time to do these things. It is expected that once the embassy is evacuated, our embassy will become the Taliban and/or target of predators,” she said.

lingering threat

Some security experts point out that the U.S. embassy in Kabul, Afghanistan, is one of the largest such facilities in the world, with 4,000 staff, so removing all equipment in an emergency could be challenging.

“The bigger concern about cybersecurity comes from attacks and compromises on Afghanistan’s overall telecommunications infrastructure,” Downs said. “The Taliban are now free to use this infrastructure to do whatever they want and potentially use it as a platform to develop and launch cyber-attacks,” he noted, though he said he didn’t think the Taliban would take such a step. action.

The Links:   MG100Q2YS42 FM400TU-07A IGBT-CENTER