What Cyber Attacks on Ethiopian Government Tell Us About The Future of Armed Conflict in Africa

Africa’s reliance on Information and Communication Technology (ICT) for development is growing exponentially. Due to very poor basic infrastructure and to close the large gap of unbanked adults on the continent, Africa has looked to digitization for solutions. Unfortunately this reliance on digital infrastructure opens new vulnerabilities and national defense […]

Africa’s reliance on Information and Communication Technology (ICT) for development is growing exponentially. Due to very poor basic infrastructure and to close the large gap of unbanked adults on the continent, Africa has looked to digitization for solutions. Unfortunately this reliance on digital infrastructure opens new vulnerabilities and national defense weaknesses.

Both state-sponsored actors and non-state actors are increasingly using cyber weapons to attack African states, the latest of such an attack being the attack on Ethiopian cyber infrastructure by seemingly Egyptian non-state actors over the grand renaissance dam dispute, yet most African states are unprepared for this change in tactics and means of international coercion. This article looks at the cyber attack on Ethiopian government and what it tells us about the future of armed conflict in Africa.

Key Takeaways

  • African states are increasingly dependent on ICT for development and economic growth.
  • African states should expect a rise in cyber attacks as a tool for coercion and influence.
  • African states themselves will begin to engage in cyber offensive operations because cyber attacks are cheaper than using kinetic military action and as more government services go online.
  • Current wars and conflicts should be expected to pivot in to hybrid warfare.
  • Most African states are not prepared for cyberwarfare. The ease at which government services, agencies and their websites are attacked and defaced points to unpreparedness.

Attack on Ethiopia

If the river’s level drops, let all the Pharaoh’s soldiers hurry and return only after the liberation of the Nile, restricting its flow. To prepare the Ethiopian people for the wrath of the Pharaohs.” is the text that was displayed on numerous hacked Ethiopian government websites under an image of a skeleton pharaoh, on June 19 and 20, 2020. While the images and texts were removed as announced[1] by the Ethiopian Information Networks Security Agency (INSA), the websites apparently remained offline until June 27.

The Ethiopian authorities attributed the attack to an Egyptian based group called Cyber_Horus Group, who also claimed responsibility for the attack with the objective to pose burdens on Ethiopia related to the water filling of the Grand Renaissance Dam, a $4.6billion hydroelectric dam being built by Ethiopia on the Blue Nile. The renaissance dam project has been causing tensions between Egypt and Ethiopia as Ethiopia pushes ahead to start filling the dam despite negotiations with Egypt and Sudan surrounding a legally binding deal that would guarantee minimum flows and a mechanism for resolving disputes before the dam starts operating stalling multiple times.

While there is currently no known link between the Egyptian hacking group Cyber_Horus and the Egyptian government, using cyber means to influence and put pressure on Ethiopia by the Egyptian government cannot be ruled out especially if negotiations continue to fail as they have been. Egypt has already tried other means to put pressure on Ethiopia by taking the matter to the UN security council[2] after they failed to reach a deal in February 2020. They’ve also influenced[3] the US to suspend aid to Ethiopia over the dam dispute and both countries have reportedly hinted to use military means to protect their interests on the Nile. Egypt’s Minister of Foreign Affairs Sameh Shoukry even warned[4] in June that conflict could erupt if the UN fails to intervene. Experts and observers are however split on whether a breakdown in talks could actually lead to war between the countries.

It should also be noted that the cyberwarfare strategy of taking down government services and websites has been used before, and was in fact used in one of the very first cyberwarfare attacks in history, when Russia attacked Estonia in 2007, dismantling banking services, news and government services.

Use of Cyber Attacks As a Means Of Warfare In Africa

If there is anything to be learned from recent diplomatic tussles and global security issues in which the US, China, Russia, Israel and Iran are each engaged in, it is that states are increasingly using cyber capabilities in place of kinetic military force. Not only is it a perfect tool for states that are unsure whether use of kinetic force will achieve a political objective, it is also great for states who want to coerce another state without the intention of escalating the conflict to a conventional armed conflict. The use of offensive cyber capabilities by states remains a grey area in International law, as there is no agreement yet whether the meaning of “force” under Article 2(4) of the United Nations Charter is broad enough to encompass cyber attacks. Another reason why cyberwarfare is growing more attractive to both state and non-state actors is the difficulty in confidently attributing an attack to an actor, including the ease at which false flags can be used by an adversary to carry out cyber attacks. Determining a location on the Internet from which commands or actions come from depends on the Internet protocol (IP) address of the computer(s). Unfortunately, an attacker can obfuscate their IP address or use multiple intermediary hops or computers to perform an action or even make it look like someone else committed the act (false flag). For example, an actor in Russia could use computers with IP addresses in Africa to perform an act against another state.

Regardless of whether Egypt ever chooses to use cyber capabilities to coerce Ethiopia into a Nile water deal instead of kinetic force like they have threatened, the use of offensive cyber capabilities to coerce states over a political issue like the Nile by non-state actors from another country which is party to the dispute, sets a precedence in African conflict. We are sure to see the practice increase rather than reduce on the continent and not only for non-state actors, we’ll also begin to see state actors use cyber capabilities on the continent. The reason for this is not just because the use of cyber weapons remains in the grey areas of International law or because attribution is difficult, but because more importantly, cyber attacks are cheaper than using kinetic military action. This analysis of predicted increase in use of cyber weapons aligns with a research[5] done by the Swedish Security & Defence Industry Association (SOFF) which found that today, security researchers at top vendors spend 90% of their time looking into nation-state sponsored attacks aimed at either stealing secrets or at sabotage, compared to 10 years ago where the same amount of time was spent looking at criminal campaigns like big botnets, worms and emerging banking Trojans.

Africa’s Preparedness of Cyber Attacks

The above analysis begs the question whether African states are prepared and are able to defend against this new form of ‘force’ and warfare. One thing is for sure, the ease at which government services, agencies and their websites are attacked and defaced in Africa points to unpreparedness. Even worse is their ability to respond to these attacks in a timely manner. It’s been more than a decade now since the first politically motivated cyber attack with the intent of dismantling a nation’s services and economy through the attack of government information systems and websites was first carried out on Estonia by Russia, yet, African government systems and websites continue to be very easily dismantled or defaced.

Identified in 2013 as the world’s poorest inhabited continent, but at the same time the world’s second fastest growing economy[6], Africa depends on information and communications technology (ICT) infrastructure to deliver the economic ambitions it has. Because of very low road density[7] and up to 66% unbanked[8] adults according to a 2014 World Bank statistic, the continent depends on ICT infrastructure to deliver health services, banking, communication, educational resources and government services. Most countries in Africa have turned to e-government services to bridge the gap. As proof of the positive impact of digitization on the society, the unbanked adults in Africa had in 2017 dropped to 57%, all due to mobile money and finance technologies (Fintech). In Kenya for example where up to 80% of adults use digital payments and mobile money services like Mpesa, it is not difficult to imagine a scenario where cyber attacks target the infrastructure supporting digital finance and banking, with the intention to sabotage and shut it down. Even less difficult to imagine is the harm and disruption that such an attack will cause, including physical harm and death since critical services like healthcare are sometimes paid for with mobile money and most times, a patient must pay for their treatment before doctors can treat the patient. If such an attack were to be successful and sponsored by a state, it would be considered an act of war. But regardless of whether the attack is state-sponsored or carried out by a terrorist group, the impact to the economy and psychological impact to the society would be grave. This underscores why effective security and cyber resilience is critical for the continent’s continued economic development and security.

There have been numerous other incidents of cyber attacks targeting countries’ critical infrastructure and services on the continent. Unfortunately, little attention is being paid to the increased cadence of these attacks to critical infrastructure in Africa by policy makers. For example, in 2019, Kenya’s Integrated Financial Management System (IFMIS), Judicial Service Commission (JSC), the Immigration Department, Kenya Meat Commission, Petroleum Ministry and Refugees Affairs were among 18 government websites that were attacked[9] on the same day by an Indonesian group called “KURD Electronic team”, who left their logo on the pages of the hacked website before the websites were taken down by government responders. This event occurred 2 years after the agency (Communications Authority of Kenya) meant to protect all Kenya government systems and services had its websites hacked and defaced. Still, it was not the first time non-state actors were targeting government services and officials in Kenya. In January 2012, an Indonesian hacker[10] brought down 103 websites in one night, in July 2013, a Gaza hacking team breached the website of the Central Bank of Kenya and in July 2014, the Latin America-based Anonymous cell Anon_0x03 hacked and took over Twitter accounts operated by Kenya Defense Forces and the deputy president’s accounts. In the 2019 Kenyan attacks, the state was quicker to respond and take the websites offline. It did within 24 hours though it is unclear from reports how long it took for the services to resume.

In South Africa, a more recent cyber attack in June 2020 aimed at Life Healthcare[11] affected the hospital’s admissions systems, business processing systems and email servers. It shows just how vulnerable Africa’s most critical infrastructure is. This followed two prior attacks on other South African critical infrastructure in 2019. In October 2019, the city of Johannesburg fell victim to a ransomware attack[12] which saw its website and billing systems shut down. Earlier that same year, the city’s electricity distribution company, City Power also suffered a ransomware attack[13] which left city residents without electricity. The attack affected customers’ ability to buy prepaid electricity and the company’s ability to respond to localized blackouts.

If a map of all cyber attacks in Africa were to be plotted, it’ll show that the countries most advanced in the use of ICT infrastructure for critical services in the society are the most attacked. Countries at the top of that list are South Africa, Kenya, Nigeria, Uganda, Ghana, Mauritius and Rwanda. It is therefore important that as countries roll out eGovernment strategies, digitize the banking and finance sector to close the unbanked gap and make cities smart, they must commit national resources and budget proportional to the criticality of the infrastructure, services and assets to the country’s economy and livelihood.

Best practices, and in some instances regulations are needed to ensure operators of such infrastructure keep them secure and take responsibility. Cameroon has a good example of this, where a repository[14] containing good safety practices for the implementation and deployment of secure websites, including the monitoring of .cm websites with the aim of detecting websites engaged in illegal activity have been developed. In addition, Cameroon has passed laws[15] that require the operators of ICT infrastructure to secure them and make the operators responsible for the infrastructure’s security; with heavy fines if such responsibilities are not met. While more still needs to be done even in Cameroon, especially with regards to implementation, this is a good place for African countries to start.

Hybrid Warfare

The military and defense industry in Africa recognizes the need to develop at a minimum, defensive cyber capabilities, but only very few countries are doing something about it. They must realize recognition alone is not enough. Historically, African militaries have been and continue to fight insurgent groups, rebel groups, transnational terrorism and crime cartels. It is expected that these conflicts will evolve into hybrid wars, where both cyber and conventional kinetic armed forces are used. In some instances, adversaries using cyber attacks to distract or prepare the battlespace for a conventional attack. Two out of the six[16] active armed conflicts in Africa today are led by insurgent groups with affiliation to international terrorist groups like ISIS in the case of Boko Haram in Nigeria, and al-Qaeda – in the case of Al-Shabaab in Somalia. Both of these groups are known to use cyber capabilities in some form in their operations. For example, in 2012, Boko Haram attacked[17] Nigeria’s secret service and leaked the personal records of more than 60 past and current spies from the domestic spy agency.

Conclusion

While the cyber attack on Ethiopia itself is not unprecedented, the use of offensive cyber capabilities to coerce a state over a political issue like the Nile by non-state actors from another country which is party to the dispute, sets a precedence in Africa and it sheds more insight in to the future of conflict in the region. It tells us that there is increasing likelihood for cyber weapons to be used to achieve political and other conflict objectives in Africa. Projects or political and economic agendas like the Grand Ethiopian Renaissance Dam that bring out strong nationalistic sentiments might see citizens take it upon themselves to be involved in the conflict through the use of cyber attacks, since cyber weapons are easily and affordably accessible to individuals and groups.

It is therefore imperative that African governments commit resources to develop cyber capabilities in their defense forces in order to prepare for the future of conflict in the region. Direction and leadership will be required from the African Union. Even as they’ve kicked off the campaign on “Silencing the Guns in Africa by 2020”, they must realize the possibility of conflicts in the region being taken to cyberspace after fighters lay down their guns. Hopefully, the newly formed AU Cybersecurity Expert Group provides this leadership.

And like in other areas of defense policy, deterrence should play a key role in cyber defense. Attackers, especially non-state actors must be made to believe that there is sufficient indication of the State’s ability to respond to attacks. This of course relies on the evidence of cyber capacity, research and development. Therefore, African states must begin to demonstrate their commitment to cyber security efforts, because the prosperity of Africa and the safety of her people depend on it.

References

[1] https://www.press.et/english/?p=24517#

[2] https://www.aljazeera.com/news/2020/06/20/egypt-calls-on-un-to-intervene-after-impasse-in-nile-dam-talks/

[3] https://theconversation.com/suspension-of-us-aid-to-ethiopia-is-yet-another-example-of-trumps-disregard-for-africa-146460

[4] https://www.aljazeera.com/news/2020/06/20/egypt-calls-on-un-to-intervene-after-impasse-in-nile-dam-talks/

[5] https://soff.se/wp-content/uploads/2018/03/Cybersecurity_statsunderst%C3%B6dda-akt%C3%B6rer.pdf

[6] https://www.afdb.org/en/news-and-events/africa-remains-worlds-second-fastest-growing-region-17036

[7] https://www.worldbank.org/en/region/afr/publication/why-we-need-to-close-the-infrastructure-gap-in-sub-saharan-africa

[8] https://globalfindex.worldbank.org/sites/globalfindex/files/referpdf/FindexNote1_062419.pdf

[9] https://citizentv.co.ke/news/nys-jsc-among-government-websites-hacked-by-indonesian-group-256068/

[10] https://www.washingtonpost.com/news/worldviews/wp/2014/07/30/how-anonymous-and-other-hacktivists-are-waging-war-on-kenya/

[11] https://www.reuters.com/article/us-life-healthcare-cyber/south-africas-life-healthcare-hit-by-cyber-attack-idUSKBN23G0MY

[12] https://www.smartcitiesworld.net/news/news/city-of-johannesburg-battles-ransomware-attack-4741

[13] https://www.bbc.com/news/technology-49125853

[14] https://thegfce.org/wp-content/uploads/2020/06/CybersecuritytrendsreportAfrica-en-2.pdf

[15] https://www.antic.cm/images/stories/laws/Law%20relating%20to%20cybersecurity%20and%20cybercriminality%20in%20Cameroon.pdf

[16] https://www.un.org/africarenewal/magazine/december-2019-march-2020/work-progress-africa%E2%80%99s-remaining-conflict-hotspots

[17] https://www.yahoo.com/news/ap-exclusive-nigeria-secret-police-details-leaked-103822711.html