BLUF

With the Taliban back in control in Afghanistan, and with the departing US forces having left behind a lot of equipment and hardware, the CTI community is keeping an eye on the inevitable shifts in cyber threats arising from or involving Afghanistan.

Background

The rapid advance of Taliban troops taking over Afghan cities forces businesses and leaders in cyber communities to ask questions regarding how cyber landscapes might change. The following are a few observations with some historical/ cultural context.

Infrastructure may be left in place. In the hasty departure, equipment and infrastructure deemed non-essential was left behind. With the relative rush to depart prior to the impending attacks and many of the forces already gone, incapacitation efforts were likely minimal if at all. There are certainly elements of infrastructure still operational, e.g. utilities and telecom. Retaining infrastructure capabilities would make sense to improve overall quality of life for the new generation Taliban, but it may not happen because:

Taliban are low tech, though allies might not be. We are talking about a people who use very low tech means to counter the higher technology used by their enemies. These are the descendants of the same people who used anchors tied to mountains to bring down Soviet helicopters. The relative success seen in overtaking of the country lends to their perspective that technology is not only useless against their efforts, but not beneficial to be incorporated into their culture. That said, other allied groups such as Al-Qaeda may well convince them to keep the tech operational for future use against the next attacker.

Other actors may start wanting to use the leftovers. Another potential threat would be the now-friendly nation-states and their assessed interests in the new Taliban acquisitions. China and Russia are predominantly featured in these conversations – desiring new operational outposts, forensic access to abandoned equipment (SIPR/ JWICS logs and shadow remnants, anyone?), taking advantage of the vacuum created with the absence of US/ Allied forces. Trouble will be convincing the Taliban that this isn’t the next attempted takeover, as both nation-states have historically been against Muslim populations (Uighurs and Chechnyans as prominent examples). The means China used to secure infrastructure and operations in Africa won’t work here – as the Taliban likely won’t want their tech, stadiums, or interference. However, China recognises the value of the Afghan Rare Earths – so they will do whatever necessary. There is also the possibility of incorporating Afghanistan in China’s belt-and-road initiative. At the end of the day, any aid provisioned to the Taliban over the last twenty years was limited at best and it will be a hard-sell for any other foreign powers to get traction with the current generation of Taliban.

From a cyber perspective, the landscape likely won’t change much once the dust settles. Certainly worth watching for changes, but cyber activity from or involving Afghanistan would be a significant shift from normal – raising huge flags to alert CTI.

-scl