Cybersecurity Expert: Syria Faces a Hybrid Information War to Undermine Its Stability

“Syrian institutions were denied access to the latest global cybersecurity tools and protection licenses. “

“Syrian institutions were denied access to the latest global cybersecurity tools and protection licenses. “

a day ago

12

Print

Share

Cybersecurity expert Ali Alrahbe said that developing comprehensive security policies to counter expected attacks targeting Syrian government websites at this stage is not a luxury, but a matter of national security.

In an interview with Al-Estiklal, Alrahbe said Syria’s biggest cybersecurity challenge is not purely technical, but rather organizational and structural, due to the digital infrastructure inherited by the government after years of international sanctions.

He noted that Syria is facing a hybrid information war based on taking control of influential platforms to neutralize opponents and shape public opinion through networks that exploit online trends to undermine social stability and weaken the efforts of Syria’s new era.

Ali Alrahbe is a Syrian computer systems engineer and cybersecurity expert currently pursuing a master’s degree in cybersecurity in Berlin. He has more than a decade of experience in information security management, cybersecurity policy development, compliance, and governance.

National Security

What is cybersecurity, and how do cyberattacks affect government websites?

Cybersecurity, simply put, is the set of practices and technologies designed to protect systems, networks, and data from hacking, disruption, or theft. The term “cyber” refers to the digital space—the virtual environment made up of networks, systems, and data that forms the point of interaction between humans and technology in everyday life.

When it comes to government websites specifically, the issue is not only about protecting an online platform, but also about protecting public trust in the state itself.

In the latest incident, in early March 2025, at least 10 accounts belonging to sovereign and public-service institutions were compromised on X, including the General Secretariat of the Presidency, the Syrian Central Bank, and the ministries of transport, higher education, education, and youth and sports. The breach occurred at a sensitive moment amid rising regional tensions linked to Iran.

France also experienced a major denial-of-service attack in March 2024, which the prime minister’s office described as unprecedented in scale. The attack affected more than 300 government websites for an entire day, highlighting how attacks on public infrastructure can disrupt services relied upon by millions of citizens within hours.

Why is developing comprehensive security policies to defend government websites against expected attacks important?

Developing such policies in Syria today is not a luxury; it is an urgent national security issue for several reasons:

Lack of unified standards: At present, each government institution develops its own security policies separately, without a binding national framework. In the absence of common standards, the weakest link in the system becomes the easiest entry point for attackers seeking to compromise larger government institutions.

Risk management and preparedness: Security policies establish clear protocols for protecting data and impose strict controls over access privileges.

Incident response: Studies show that having a tested and ready response plan significantly reduces the cost and impact of cyber breaches. Syria needs such policies to prevent confusion and uncoordinated responses when cyberattacks occur.

The RSIS research institute at Singapore’s Nanyang Technological University has noted that Syria still lacks the ability to track cyberattacks or attribute them to specific actors due to limited digital forensics capabilities. Without a comprehensive policy requiring every government institution to meet minimum security standards, each ministry will remain a separate “security island”—the weakest possible model of cyber defense.

How can Syria’s critical sectors and institutions be supported in confronting cyber threats?

There are already efforts underway in this area. In July 2025, the Syrian government signed a strategic cooperation agreement with Saudi cybersecurity company Cypher aimed at rebuilding Syria’s cyber infrastructure. At the same time, Saudi telecommunications companies signed investment agreements with the Syrian government worth nearly $1 billion in total to support the development of digital infrastructure.

But financial support alone is not enough. Critical sectors, including energy, banking, and telecommunications, need locally trained and qualified professionals, as well as efforts to bridge the gap between education and the labor market. Both the public and private sectors also need a national framework of standards, policies, and binding regulations governing cybersecurity practices across these industries.

Why are international partnerships important for strengthening Syria’s cyber capabilities?

Cyberspace is now widely recognized as the fifth domain of warfare, following the traditional four domains: land, sea, air, and outer space. Major military institutions, including NATO and the U.S. Department of Defense, have adopted this concept for more than a decade.

Cyberspace does not recognize geographic borders, and an attacker can be located on another continent. Syria therefore cannot build a cyber defense system from scratch in isolation from the rest of the world. The government understands this, and international partnerships can provide several strategic advantages:

Threat intelligence sharing: By gaining access to indicators of compromise before attacks reach national systems.

Closing the technical and knowledge gap: These partnerships allow for knowledge transfer and help train Syrian engineers in advanced digital forensics techniques and the handling of complex cyber threats.

Reintegrating the Syrian economy into the global system and restoring investor confidence: This is a practical necessity, as any telecommunications company or international bank considering investment in Syria will first require evidence that its Syrian counterpart follows internationally recognized data protection standards, such as ISO 27001.

Does Syria currently have national legislation for protecting personal data?

Syria does have a legal framework in place through Law No. 12 of 2024 on the Protection of Electronic Personal Data, which provides for the establishment of an independent public body called the Personal Data Protection Authority and criminalizes unauthorized access to, copying, leaking, or destroying data.

The irony is that the law was issued by the former government just weeks before its fall, but it did not come into actual force until January 1, 2025—weeks after the regime had collapsed. As a result, the new government inherited a legal framework that existed on paper, but it was not the government that drafted it or established its implementing institutions in practice.

Completing this framework remains urgent for three main reasons. First, international investment requires effective legal guarantees, not inactive legislation. Second, accountability in the event of breaches requires a functioning regulatory authority, not merely an institution that exists in name. Third, with national digital identity projects expected to move forward, delaying implementation represents a sovereignty risk, not just a technical issue.

Hybrid Information Warfare

Can Syria build a cyber defense system capable of countering common attacks?

Yes. However, I believe the biggest challenge is not purely technical, but rather organizational and structural. The government has inherited a digital infrastructure weakened by years of international sanctions, which deprived Syrian institutions of access to the latest global cybersecurity tools and protection licenses. This has created a technological gap that cannot be closed overnight.

The concept of a “cyberattack” must also be expanded. Today’s attackers do not target only software and servers; they also target public awareness through what is known as cognitive hacking.

Finally, we have technically detected a form of hybrid information warfare that relies on taking control of influential platforms to neutralize opponents and shape public opinion through networks that exploit online trends to undermine social stability and weaken the efforts of Syria’s new era.

Building a Syrian cyber defense system therefore requires addressing both the technical dimension and the flow of information on social media before it escalates into a public opinion crisis. It also requires launching media and digital awareness programs targeting Syrian citizens to strengthen their resilience against incitement and sectarian mobilization content.

Who is behind the attacks on Syrian government websites after the fall of al-Assad? 

The picture is complex and involves multiple actors, but two main patterns can be identified based on motives and timing:

First: attacks linked to Israel and regional tensions. These include the hacking of government accounts on X and the posting of pro-Israel content. This type of attack appears to function as an accompanying tool of political and military escalation in the region, rather than as an isolated incident.

Second: domestic threats. The country has witnessed widespread disruptions to communications services following the cutting of fiber-optic lines across Syria. This was followed by the leak of thousands of documents and diplomatic cables from the Ministry of Foreign Affairs and Expatriates in a data breach in June of this year. The pattern suggests a coordinated attempt to disrupt state institutions from within, potentially involving remnants of the former regime.

The common factor linking both patterns is the lack of technical attribution capabilities, monitoring systems, and digital forensic investigations, making it difficult for the government to take decisive diplomatic or legal action against any party.

A Clear Gap

How do you assess the role and effectiveness of cybersecurity during the former regime?

A distinction must be made between offensive and defensive capabilities. The former regime had a relatively effective offensive tool in the form of the Syrian Electronic Army, which used phishing emails, website defacement, malware distribution, and denial-of-service attacks beginning in 2011 to target opposition groups, media outlets, and human rights organizations.

But this capability, like Syria’s broader security apparatus, was focused almost entirely on political repression rather than building institutional national defenses. As a result, the country’s actual government infrastructure remained vulnerable. This is reflected in what the new government inherited: the absence of modern incident response centers and a lack of advanced digital forensic capabilities.

In other words, “cybersecurity” during that period functioned more as a tool of surveillance and internal intelligence than as a genuine national system for protecting the digital sphere.

With the rapid development of artificial intelligence models, how do you assess the growth of the AI sector in Syria?

The growth is real, but it remains at a very early stage of development. One positive indicator is that the Syrian Private University established the first independent and specialized artificial intelligence engineering college among Syrian universities in the fall of 2025. Damascus also hosted the first regional conference on artificial intelligence and entrepreneurship, with the participation of the Ministry of Communications. The conference produced recommendations including the establishment of a National Artificial Intelligence Center, the launch of youth training programs, and the signing of memorandums of understanding with global technology companies.

However, the gap between Syria’s AI ambitions and the current reality of its cybersecurity capabilities remains clear and concerning. A more realistic approach, according to local experts, would focus on practical, high-priority applications—such as using robotics for landmine clearance and improving essential services—rather than attempting to follow the latest technological trends without first building a strong foundation. That is the trap Syria must avoid.

My concern, frankly, is that any artificial intelligence system rapidly integrated into government, financial, or healthcare services without a qualified cybersecurity team capable of assessing its risks could create an entirely new attack surface, adding to the traditional vulnerabilities that have yet to be fully addressed.