Afghanistan, and cyberspace- a few thoughts…
Edward Farrell
The events in Afghanistan over the past few days have been heart breaking to watch. The loss of life and the social impact are substantial however the events of the next few weeks will be equally upsetting.
I was running through my head what this might mean from the standpoint of digital infrastructure, its current state and an indicator of patterns of life, and the misuse of information as a result of subsequent unauthorised access.
who is now responsible for the nations information infrastructure?
An immediate thought that had come to mind was the multitude of systems that are owned by or were at least employed by the Afghani government which are now due to fade away or be subjected to misuse. An analysis of Shodan indicates at least 1665 identifiable Afghan government systems out of a total of 32,214 systems facing out to the internet.
Out of a sample of some 5800 of these hosts that were known to be accessible in the past 60 days, only 3062 (roughly 50%) are up and running.
In addition to the provision of communications, where does the liability now stand for maintaining these systems and any notion of security? Another thought had also crept in.
Is there an obligation to wipe or otherwise protect systems that are readily exploitable?
An immediate thought that had come to mind was the information contained within that can be used by the Taliban to prosecute anyone that has been supporting the Government. Should such access be achieved, could it expedite any purges or acts of retribution against Afghanis, local or seeking refuge in other countries? Destruction protocols exist for information in Embassies or friendly positions overrun. Why would this practice not extend to a country that no longer exists.
That being said, a number of these systems also include hospitals and essential services; is there also an obligation to ensure these services can be maintained for humanitarian purposes? Additionally, does any overzealous destruction cause more harm than good or have an impact on peoples lives?
That this article does not advocate any position, and is merely an observation of concern as the tragedy unfolds, perhaps one we can learn from.
I will look to revisit aspects of digital infrastructure within Afghanistan as the environment evolves.
