evn report cyberwar

Illustration by Armine Shahbazyan.

Since 2007, just a year after Iran announced it would resume uranium enrichment at its nuclear plant, the country’s nuclear facilities have faced unprecedented mysterious attacks. In 2009, a serious nuclear accident, supposedly a blackout of several centrifuges, led to the resignation of Gholam Reza Aghazadeh, the head of the Atomic Energy Organization of Iran. In 2010, according to Iranian officials, the country’s main uranium enrichment facility stopped functioning repeatedly due to technical problems. They later admitted that their nuclear plants had come under cyber attack. With the help of a Belarusian antivirus company, the Iranian government discovered that it had been subjected to the most sophisticated cyber attack recorded until that time, allegedly developed and carried out jointly under U.S.-Israeli command engaging the CIA, NSA, Mossad, the Israeli Ministry of Defense and the Israeli SIGINT National Unit. The operation, codenamed “Olympic Games,” used a malicious computer worm named Stuxnet to target the supervisory control and data acquisition (SCADA) systems of the Iranian nuclear facilities. The software temporarily shut down, damaged or destroyed nearly 1,000 of the 5,000 centrifuges at Natanz between November 2009 and late January 2010.

It was widely believed that the operation’s main goal for the U.S. command was not to completely demolish the Iranian nuclear program, but rather prevent a conventional military strike against the targets by Israel, and slow down progress enough to force the Iranian government to the negotiating table through sanctions and diplomacy. It would seem the tactic worked. In 2015, Iran did eventually sign the “Iran Nuclear Deal,” formally known as the Joint Comprehensive Plan of Action (JCPOA). The Stuxnet virus was not confined to Iran, however. It would spread throughout the world, infecting millions of Windows computers. However, it seemed to do absolutely nothing other than spread itself; only specific industrial SCADA systems were harmed.

A documentary called Zero Days, directed by Alex Gibney in 2016, revealed even deeper plans for cyber attacks against Iran, prepared and funded by the U.S. and Israel under the name Nitro Zeus project. According to Gibney, the top secret program not only intended to target the Iranian nuclear program’s facilities, but also to infiltrate, disrupt and degrade major vital systems such as air defense, communications, the power grid and other critical infrastructure without firing a bullet. The project was considered as a Plan B in case the Iranian nuclear program negotiations failed. Moreover, it was confirmed that Nitro Zeus and Stuxnet were developed during the Bush administration, only three years after the first U.S. cyber security military unit was created.

In July 2020, a series of explosions hit not only the centrifuge assembly facilities near Natanz, but also power plants, an oxygen factory, a petrochemical plant, missile sites, clinics, oil pipelines and other industrial and military complexes in different parts of Iran. The latest case was registered in April 2021, when the Natanz nuclear facility was subjected to “sabotage,” which Iran has described as a terrorist act and blamed Israel for.


The Changing Nature of War

Stuxnet demonstrated that the nature of warfare itself had changed, causing a new digital arms race that challenged the very fundamentals of societies. It was an unofficial start to cyber wars,  the first documented cyber warfare operation, the most sophisticated example of states using cyber weapons for offensive purposes. Pandora’s Box had been opened, and it led other countries, including Iran, to see the value in using offensive cyber operations to achieve political goals.

Every year, the Director of National Intelligence of the U.S. issues a public threat assessment, where he (and now she) runs down a list of dangers confronting the country. In the 2007 report, there was not even one word about cyber threats. In 2009, it showed up at the bottom of the list, after drug trafficking in West Africa. However, since 2013, cyber threats have climbed up to be one of the top national security threats facing the U.S. Moreover, in 2011, the U.S. government declared that cyber attacks constitute an act of war that can provoke a conventional military retaliation by the U.S. Armed Forces.

Cyber weapons have also become attractive for countries with limited resources, because of their asymmetric potential. The whole concept of war has been revolutionized, how it’s conducted, what the rules are and who your enemy is. Cyber weapons greatly reduce the cost of entry, in comparison to nuclear or biological weapons programs. However, their destructive potential can be at a similar level. Nowadays, not only countries, but also non-state actors, usually extremist groups, are capable of destroying a very specific target, a piece of critical infrastructure in the physical world, shutting down electric power grids, disrupting clean water supply to cities, paralyzing the work of airports, causing floods or fires, crashing cash machines and payment systems, and generally creating public panic. Any such attacks could cause tremendous damage, potentially requiring days, weeks or even months to recover. But the most important aspect is that the perpetrators could stay unrevealed. The battlefield is invisible, in the 1s and 0s of computer memory, where teams of hackers of different nations duel and bring their adversaries to submission without guns or bombs. A person with a notebook can do way more than a person with a rifle.

While superpowers like the U.S. have access to more sophisticated cyber weapons, this new reality actually leaves them at a disadvantage. Their computerized and connected infrastructure, which is not always updated to fix vulnerabilities, can be turned against them. The rapid computerization of the world has radically changed the landscape of national security. Virtually all critical industries now rely on computers, and this increases as technologies improve. The last decade significantly deepened the interconnectivity between systems. We want access to everything from anywhere, anytime. It makes life more convenient for companies and operators, but also for hackers. Control systems are very penetrable, easy to connect to, disable and manipulate. As a result, nowadays, the national security services of countries go beyond the traditional air, land and naval defenses and are pursuing cyber defense shields as well.


North Korea as a Cyber Power

On July 4, 2009, Independence Day in the United States, a series of DDoS attacks hit major U.S. and South Korean governments, news media and financial websites. The attacks lasted for several days and affected the websites of the White House, the Pentagon, the New York Stock Exchange, the Washington Post newspaper, the NASDAQ, and Amazon, as well as South Korea’s Blue House (President’s Office), Ministry of Defense, Ministry of Public Administration and Security, National Intelligence Service, National Assembly, one of South Korea’s largest banks and a national newspaper. According to different estimates, up to 166,000 computers were hijacked, targeting about 39 particular websites in both countries. Different security experts, as well as South Korean National Intelligence Services, pointed the finger at the “Lazarus Group,” a cyber crime group believed to be sponsored by the North Korean regime, stating that the attacks were carried out under the name “Operation Toy.” Even though the 2009 attacks were unsophisticated in terms of the techniques used, and were quickly addressed, that was just the beginning of North Korea’s cyber operations. Later cyber attacks sponsored by North Korea were much more organized; their tools and techniques became more and more advanced and effective. From 2011 to 2013, a new wave of cyber attacks hit major South Korean media companies, financial institutions, ATMs, mobile payments and other critical infrastructure, causing about $750 million in economic damage.

The next year, in 2014, the same Lazarus Group hacked the Sony Pictures Entertainment film studio, leaking not only confidential information about the personal data of its nearly 4,000 employees, their families, social security numbers, financial accounts, executives’ salaries, copies of scripts of unreleased and future-planned films, but also information about the behind-the-scenes politics within the industry, emails between executives and employees that provoked huge scandals. For example, in one of the emails exchanged between the Sony Pictures co-chairman Amy Pascal and famous producer Scott Rudin, the latter called Angelina Jolie “a minimally talented spoiled brat who thought nothing of shoving this off her plate for eighteen months so she could go direct a movie…” And this was only one episode in a series of intrigues after the publications. However, their main target was a then-unreleased film called “The Interview,” a comedy by Sony about a plot to assassinate North Korean leader Kim Jong-un. The financial cost of the attack for the company was about $35 million.

Since 2015, to overcome international financial sanctions and the economic isolation imposed on the country and its authoritarian regime, North Korean hackers have started to consistently target financial institutions. In 2016, they successfully hacked and stole about $101 million from the Bangladesh Central Bank through the SWIFT system, $12 million from Ecuadorian Banco del Austro and a Vietnamese commercial bank. These were the first-ever internationally-revealed cases of stealing funds through a state-sponsored cyber attack. In 2017, the WannaCry' ransomware and other cryptocurrency attack campaigns infected over 200,000 computers in 150 countries. According to security experts, the economic losses resulting from these attacks could exceed $4 billion, including attacks on South Korean cryptocurrency exchange companies Bithumb and Youbit.

In 2019, the U.S. Treasury Department issued a statement claiming that, over the last three years, North Korean state-sponsored hacking groups managed to steal between $700 million and $2 billion from banks and cryptocurrency exchange platforms, as well as carried out industrial espionage and ideological warfare.


Iran as a Cyber Power

Even though Iran is one of the major cyber warfare targets, it is also one of the most aggressive players in this field. As an Iranian Revolutionary Guard general would claim, Iran is the 4th cyber power in the world. Iran has been blamed for hundreds of cyber attacks against the U.S., Western European countries, Israel and Persian Gulf countries. The cyber war between Iran and the United States started back in the early 2010s and was characterized as the first cyber-war in history. Iran first responded to the Stuxnet fiasco in 2012, when its Qassam cyber fighters unleashed a flurry of cyber attacks, under the codename Operation Ababil, against U.S. financial institutions, including specific targets such as the New York Stock Exchange, U.S. Bancorp, J.P. Morgan Chase, Bank of America, PNC Financial Services and SunTrust Bank. In 2013, another operation called “Cleaver” hit over 50 targets in 16 countries around the globe, initially with the objective to damage critical infrastructure such as oil and gas, energy and transportation entities, as well as airports, hospitals and aerospace industries. Among the victims of the attacks were Saudi Arabian state-owned Saudi Aramco, Qatar Airways, the U.S. Navy Marine Corps intranet, Korean Air and others.

One of the most scandalous cyber attacks carried out by the Iranians, however, was revealed in 2014 under the code name Operation Newscaster, which targeted around 2,000 high ranking military personnel, diplomats, politicians, journalists and think tank experts from the United States, Israel, UK, Saudi Arabia, Syria, Iraq and Afghanistan, through their social networks. The type and volume of information stolen was left unidentified. It is believed that the perpetrators had been following their targets since 2011, trying to gather intelligence about the ongoing discussions surrounding the Iran nuclear negotiations.

The examples of North Korea and Iran demonstrate that even the most isolated countries are capable of asymmetrically responding to their more powerful adversaries, causing significant damage to their vital physical and non-physical domains, infrastructure, societal structures and psychologies, and even posing existential threats to their national security. These threats are only going to grow as cyber weapons become more sophisticated and industrial systems become more computerized and connected. Despite this, countries and their national security organizations have continued to devote the majority of their resources toward developing even more powerful offensive cyber weapons, instead of focusing on restricting the development of cyber weapons and setting a global policy of prevention. The result is an international cyber arms race. Not only states but also non-state actors and groups with extremist views are involved. The motto of this digital arms race could be defined as following: “Do what you can get away with and deny any involvement.” As the initiators of the vast majority of cyber attacks stay unidentified and countries almost always officially deny their involvement in any cyber campaigns, this type of new war makes the national security threat environment way more complex, uncertain and more crowded, as there is no one and no tool to hold someone accountable.

Today major corporations and governments pay millions of dollars every year to “white hat” (the good guys) hacker armies in a desperate fight to keep their systems safe. They find vulnerabilities in their systems before the bad guys do and help to protect them from cyber attacks. The investment is well worth it as cyber crimes are estimated to cost the global economy around $10.5 trillion annually by 2025.

With these points in mind, the role of specialized cyber warfare forces is now essential. Many countries invest more and more of their resources to maintain special military units that are capable of carrying out defensive and offensive activities in the cyber warfare environment. For example, North Korea’s cyber warfare agency is called Bureau 121; it operates under the Reconnaissance General Bureau, an intelligence agency of the General Staff Department of the Korean People's Army. It consists of three units: Lab 110, Unit 180 and Unit 91. It is reported that Lab 110 only selects the best graduates of Pyongyang's Command and Automation University, Kim Chaek University of Technology and Pyongyang Computer Technology University, training about 90 specialists each year. The main task of the unit is to infiltrate the computer networks of military-related organizations of targeted countries and steal confidential data or spread malicious viruses. Meanwhile, Unit 180 is mainly responsible for covert hacking of financial institutions around the globe to supply the agency with funds. Security experts confirm that North Korea is continuously increasing its cyber warfare potential by producing more and more specialist hackers through its military academic institutions. This definitely annoys South Korea, which currently has only about 400 specialized hackers in its military unit, while North Korea has over 3,000 personnel.

Regarding Iran, its cyber capabilities started to strengthen especially after the disputed presidential election in 2009, when large civil unrest took place. Back then, the Iranian Supreme Leader Ayatollah Khamenei announced the critical necessity for Iran to get ready to fight its enemies also in “Soft War,” in the ideological and cyber domains. This call was well-supported, especially by the Islamic Revolutionary Guard Corps, which immediately started to recruit talented youngsters and professionals into their newly-created cyber force units. In 2010, the Commander of the Security and Protection Division of the IRGC stated that they had succeeded in establishing a Cyber Army. New courses in “Cyber War'' were included in military academic institutions' curriculums. Since then, different units and organizations were deployed into Iran’s cyber space, such as the Passive Defence Organization (PDO) which took control over the Iranian Cyber Army (ICA) and deals mainly with protecting the Iranian political regime from internal and external threats. The Cyber and Information Exchange Police (FATA) focuses on surveilling and prosecuting potential cyber criminals. The Cyber Defence Command is run under the IRGC and controls the entire online content of Iranian internet users. In 2012, the Chief Commander of another unit of the IRGC, the civilian paramilitary organization called “Basij,” announced the formation of two new cyber battalions to combat Iran's enemies; it allegedly had about 1,500 highly-skilled cyber soldiers, in addition to tens of thousands of volunteers and grassroots cyber activists recruited and contributing to Khamenei’s strategies through Basij’s connections with Iranian universities and religious schools. However, all these units are governed by the Supreme Council of Cyberspace (SCC), established in 2012, the top authority in the cyber sphere in Iran managed by Khamenei himself. It is the Grand Ayatollah who appoints senior officials within these agencies, as he takes part directly in developing general guidelines for cyber space governance. It is composed of representatives from the Islamic Republic's executive, legislative and judicial branches, as well as some of the highest-ranking officials from the Revolutionary Guard, the police and the ministries of intelligence, culture and communications. The annual budget of the IRGC cyber department was believed to be about $80 million back in 2010. This number might have grown several times today, as Iran has ramped up cyber offensives on its adversaries.

In short, many countries have been investing intensively in building their cyber capacities; however, there are countries that reached very sophisticated heights in this sphere and are using advanced techniques and tools in their activities. The United States, China, Russia, the United Kingdom, India and Pakistan are members of that elite group. However, there is one smaller country that possesses the largest, well-equipped and trained cyber military units per capita, and that is Israel.


Unit 8200: The Israeli Army’s Elite Cyber Branch

Israel is considered to be one of the global VC hotspots, ranking in the top three for R&D, entrepreneurship and high-tech production. Tel-Aviv with Jerusalem are among the top global startup ecosystems. Israel is also the world leader in cyber technologies. It receives roughly one fifth of the world’s global private investment in cyber security. Israelis had long ago realized that, as their country is very small, a deserted area with no significant natural resources, practically an island surrounded by unfriendly nations, they were left with no choice but to develop their creativity in order to compensate for the weaknesses and overcome national security threats. They understood that, since their country is under a constant threat of annihilation, they needed to conduct constant surveillance over their neighbors to be a few steps ahead, as going into wars and launching massive military operations bears unbearable costs, first in terms of human lives, as well as in economic costs and international legitimacy. Therefore, the political and military establishment decided to bet on cyber. Today, cyber intelligence units make up a large part of the Israel Defense Forces (IDF). These entire units, with an estimated 20,000 cyber soldiers, are involved in different divisions of the Israeli army, solving different problems. However, there is one particular cyber military unit that has been covered under a haze of mystery for a long time. Unit 8200 or as locals call it in Hebrew, Yehida shmonae - Matayim, an elite branch of the Israeli Intelligence Corps of the IDF is responsible for military intelligence collection and monitoring, and specializes in cyber security, cyber espionage and cyber attacks. An equivalent of the U.S. National Security Agency (NSA) or the UK General Communications Headquarters (GCHQ), Unit 8200 is considered the backbone of the Israeli Intelligence community. It is widely believed that Unit 8200 was behind many cyber offensives in the past two decades, including the creation of the Stuxnet worm, the infiltration into Kaspersky Lab servers, the destruction of the Syrian nuclear power reactor in 2007 and many other operations.


The Army as the Major HR Recruiting Agency

Most of the Unit 8200 staff is aged 18-21, young boys and girls (up to 45% of the unit), teenagers, some of the best high school students coming from different backgrounds, who demonstrated “homemade” practical skills and tendencies to be hackers, with abilities to infiltrate computers, intercept information and other skill sets in high demand at Unit 8200. Normally, the recruitment and selection of potential candidates takes place when they reach their mandatory military age of 18, after high school. However, the IDF also carries out its “headhunting” through after-school computer programs, a sort of “feeder” program for the unit, where 16-18 year-olds learn hacking and coding skills, showing off their specific talents toward mathematics, computer science, hacking, analyzing sophisticated scenarios and reading between the lines. Unit 8200 has the privilege of picking anyone they want before other IDF divisions. According to the ex-commander of the unit, Yair Cohen, about 90% of all intelligence collected in Israel is generated by Unit 8200, and there is no significant military operation conducted by Mossad or other security services without the active participation of the unit. It is estimated to have nearly 5,000 officers, the largest unit of the Army, composed of different subunits. Thus, the Army has become a great recruitment agency that screens across Israeli society. Sometimes, the recruitment is done secretly so that the prospect does not even know they are being screened.


Who is Unit 8200 Looking For?

Different units of the Israel Defense Forces look for youngsters with different skill sets and abilities. They all make students pass through various physical and psychological tests, interviews, analysis and courses, and they all look for proficiency in math, engineering, computing, communications and foreign languages. Nevertheless, Unit 8200 has its own specific approach to selecting prospects, consisting of long and harsh 5-7 stages of tests and interviews that can take up to six months. The emphasis is put on students that can learn things quickly, adapt to constantly changing environments, be a great team member and do things that others think is undoable. That is why you can find Unit 8200 officers that were socially awkward in their high schools but turned out to be latent geniuses, the best intelligence officers in the country. The culture and philosophy of the unit basically revolutionized the way Israeli society looks at education and training. The paradigm of spending 5, 6 or 7 years at a university is challenged by Unit 8200, taking into account the chaotic and complex security environment that Israel finds itself in.

As soon as youngsters enter the unit, they are introduced to unsolved problems, complicated tasks and operational activities. Meanwhile, they are given significant freedom and responsibilities, necessary tools, equipment and resources, with practically no guidance, ready blueprints, doctrine or compasses about what to do and how to do it; they are left to figure everything out for themselves. Whereas all other Army units have a strict hierarchy and discipline, Unit 8200 has a flat power structure, where officers are given the right to challenge the authorities and traditions, improvise and give their own innovative solutions. This proved that the Unit 8200 education system is more adaptive, faster and more efficient at addressing modern challenges. The brightest people in Israel are concentrated in a few rooms to brainstorm, analyze and solve the most complicated problems day and night. While most people that age are preoccupied with flirting, fashion, sports, movies and parties, the Unit 8200 intel agents employ state-of-the-art technologies, mechanisms and algorithms, in a super stressed environment, where they are involved in life-saving missions, making critical decisions under the strictest deadlines and hardly have a right to fail. This makes them incredible team players as they go through hardships together, always taking joint responsibility for failures, as well as gives them a strong sense of ownership and responsibility toward the agency, the decisions and the country. It’s “them against the world,” a motivation that no money can buy. Maybe that is why their internal motto sounds like: “What's hard we do easily, what's impossible takes a bit more time.”


Boot Camp of the “Startup Nation”

The Israeli military intelligence Unit 8200 does not only ensure the national security of the country in the cyber sphere, but also has had a fundamental role in building and nourishing the Startup Nation's high-tech industry. Even though the high command of the unit does everything possible to keep their brightest graduates in full-time positions, the vast majority of them still eventually enter the civilian market.

It is a well known fact that, in this small country, with a population of just 9 million, there are over 6,000 active startups. A few hundred are born every year. But not many know that more than 1,000 of those most successful companies have been created by Unit 8200 alumni. With an average length of service of four years in the elite tech unit, graduates are not just being exposed to state-of-the-art technologies, highly advanced paradigms and methodologies, receiving hard science, deep technology expertise with real world practical implementations, often in life-or-death situations, but also get a reputation for their unique entrepreneurial skills that helps them create extraordinary, successful and innovative startups. When they leave the service at age 22-23, either they team up with their fellow colleagues to found their own startups, or occupy top positions in the biggest international and local IT companies. From the point of view of the largest tech companies, these guys and girls are top candidates, as the army has already scanned, screened and selected the best. After what the Unit 8200 graduates experience and go through while serving in the army, the problems and tasks in civilian life seem like an easy game.

Moreover, all Unit 8200 alumni and veterans go through continuous yearly training, lasting up to three weeks, as active reserve members until their 40s. This helps them stay updated with the latest technologies and tools designed by their successors, and share experiences and knowledge. It is a lifetime commitment that boosts intergenerational connections, knowledge transfer and community sense.

Especially after the unit’s existence was declassified in the early 2000s and the army command decided to market the unit in order to attract more and more talented youngsters, Unit 8200 became a brand in Israel and abroad, a prestigious school and a good filter for corporations. Just a few years ago, it was a top secret unit where the slogan “Never say the number, never say the name” was at their essence, but now it is labeled as the Harvard of Israeli entrepreneurs. Saying “these guys from Unit 8200” became like saying “these guys from MIT or Stanford.” It turned into a brand of confidence in cyber capabilities and a priceless asset for Israel.

Unit 8200 is like a large incubator. Allegedly, 120 officers graduate from the unit annually. The hundreds of Israeli startups founded by Unit 8200 alumni have valuations of hundreds of millions of dollars, and many of them were acquired by giant tech corporations such as Microsoft, Facebook, PayPal and others. Moreover, due to the brand of Unit 8200, Israel became a world leader not only in chip printing, biotech and corporate software, but also in security. Their cyber security startups and companies intensively cooperate with the biggest corporations in the world, thus having access to massive amounts of data. Their private cyber industry relies on the people and knowledge coming from security and military agencies. It is very remarkable how Israel manages to turn its soldiers into great entrepreneurs that are perfectly suited for today’s world economy.

To sum up, the harsh reality of Israel’s neighborhood is the driving force behind the intelligence community developing the best technological skills, in order to maintain the edge over the enemy.


Last Call for Armenia

In 2020, worldwide there was a new cyber attack every 39 seconds, 2,200 daily. Global spending on cyber security is expected to reach $1 trillion by the end of 2021. It is already an obvious fact that cyber security plays a crucial role in the broader threat landscape of a nation. Before, nations knew exactly who their main adversaries were, their intentions and capabilities. Today, the threat environment is way more complicated and covert, filled with different actors and ever-changing.

Even though time has shown that countries with strong state institutions succeed better at using the advantages of cyber, having a basic survival instinct can also go a long way. Armenians love to compare themselves with Israel in many areas. Indeed, the similarities are obvious: a long history, unique culture, language and religion, sad historical experiences and a lot of lessons to learn. However, with all its problems, Israel managed to learn its lesson and adopt a unique approach to forming its security culture. Of course, it is also important to have good friends all around the world through active diplomacy, as today no one person, agency or country can manage cyber security by itself. In the case of Armenia, however, we see no coordinated strategy, no clear action plan to jump several steps ahead of our direct and indirect adversaries.

Armenia has no choice but to turn into a worldwide heavyweight in cyber security. And this does not require billions of dollars like acquiring heavy weaponry. There cannot be any excuses. Even the wars in 2016 and 2020 with Azerbaijan, despite their heavy consequences, did not change our mentality. Armenia is still at the wrong end of global cyber security indexes and ranks at the top of lists among the countries subjected to cyber attacks.

The indicators are alarming, and threats are mainly being mitigated by grassroots volunteer cyber groups. The lack of a comprehensive cyber security national policy makes the country's network and information systems more vulnerable. The 2020 Artsakh War, which was accompanied by a digital war through disinformation, propaganda and cyber attacks, clearly proved this thesis. And even though both sides managed to hack hundreds of state and media platforms in extensive tit-for-tat attacks, and published sensitive data about each other, it became obvious that Azerbaijani cyber security forces were more prepared for virtual clashes.

The importance of cyber security in Armenia has still not sunk in for either the government or society. State cyber security policy does not provide adequate cyber security for the country's critical infrastructure, such as energy, drinking water, air traffic or nuclear facilities. Due to the lack of capacity and understanding, it is not possible to figure out what degree of protection against cyber threats these systems possess. There is no systematic, universal, unified or nationwide approach to cyber sector management and different agencies try to ensure their security separately. But having neighbors like Azerbaijan and Turkey, whose special services constantly conduct cyber attacks against us and continuously improve their offensive capabilities, leaves Armenia with no choice to fail in this domain, especially when Turkey and Israel actively support Azerbaijan in strengthening its cyber forces.

Since the early 2000s, there have been several attempts to come up with strategic plans and concept notes on cyber and information security. Many hacker groups in Armenia and the diaspora appeared on the scene. The Ministry of Defense tried to use their potential, initiating the “High-Tech” project that aimed to increase Armenia’s cyber security and insert advanced information technologies into the army. In 2019, a memorandum of understanding was signed between the Ministry of Defense, the Foundation for Armenian Science and Technology (FAST) and the "Hay Tech" Cyber Security Center Foundation on establishing the “Subdivision 1991” cyber unit. After the 2020 Artsakh War, the Government approved the five-year Armenian Digitalization Strategy according to which a National Center for Excellence in Cyber Security will be established in Armenia, which will guarantee the cyber security of state systems, provide protection of personal data and promote the development of cyber literacy. Nevertheless, all mentioned legislative changes, projects and steps have been going too slow and did not keep pace with global tendencies, our national security challenges and ambitions. Moreover, they all were mainly devoted to defensive purposes, whereas security experts claim that information/psychological wars and hacking of critical infrastructure will be the first shot before a future war begins. So, if one side is not well-prepared not only to defend itself but also to counterattack, they will be quickly defeated and the physical war itself might not even start. That is why national security will depend on collective defense, where everyone in society has a part to play.

2020 was a disastrous year for Armenia. Once again in our history, we have paid a heavy price. Even though the war caused tremendous losses, wiped out an entire generation of bright young Armenians and damaged our national pride and dignity, this can also be seen as the “last alert” for us to finally learn lessons from the past, accept our mistakes and assess the situation more pragmatically. The state should take serious measures to mobilize all-Armenian resources and talents. The army should change its mindset and play a critical role in these transformation processes. A passive, reactionary approach to everything would be fatal. Only a proactive attitude, long-term oriented narratives and development of more offensive capabilities can be a game-changer in reaching our goals.

Now there is a unique chance for the army and security services to screen and scan the younger layers of our society, to identify and select the most-talented throughout the country and diaspora from early ages. It can be done in collaboration with existing infrastructure and talent hubs, such as the TUMO Center for Creative Technologies, "Armat" Engineering Laboratories, Physics and Mathematics Specialized School, Real School, COAF SMART Centers and other initiatives. This would also test the efficiencies and methodologies of these centers and could prove once again the talents of our kids and youngsters.

Special school and after-school cyber courses, a massive education campaign on cyber security need to be developed and taught in all public and private schools throughout Armenia, meanwhile new methodologies, guidelines and approaches must be designed to discover, select and work with talented teenagers before joining the army, during their service in the army and after they leave the army. In addition, new elite cyber intelligence units and special forces have to be created in order to solve big tasks and unsolvable problems with small teams and resources. Thus, a strong internal work culture and motivational scheme must be put in place. This in its turn would also feed and strengthen Armenia’s IT sector and startup ecosystem in the future, like it did in Israel during the last two decades.

The military and security services should also actively engage existing experts and professionals, both Armenians and Armenian-oriented non-Armenians from all over the world. The situation is critical, particularly with the young talents of pre-army age and those once working in the Armenian tech sector. The latest war put incredible psychological pressure on them, as many found themselves deeply disappointed by the outcomes. On the other hand, they lost their brothers, friends and classmates, leaving them full of anger and a sense of revenge. If the state does not work with them properly, mobilizing them, setting up clear objectives and purposes for their lives in Armenia, the most creative, innovative and active part of society will eventually leave the country, which could only mean one thing for the country: a total collapse and no future. Then, we would really start to ask ourselves whether we indeed need a state or not.

All of the above is a MUST. We must be able to educate our public, organize our military, civil, economic, social, psychological and digital defence shields. We must extensively develop our offensive capabilities and become a player and not an instrument. We must be able to create a fertile ground to destroy our enemies from within, destroying their informational/ideological fields, sabotaging critical infrastructure, affecting the mindsets of their masses before they harm us, and keep an eye on them and surveille each step they take. Finally, we must be able to create and protect our own information and ideological fields.

Remember, cyber threats of tomorrow will not leave us a warning before the attack and will require a long response time. The damage can be irreversible and asymmetric. They will make not only our information unsafe, but also our physical life unsafe, disabling the cars we drive, airplanes, turning off water and electricity, incapacitating our military potential or turning our own weapons against us.

We have been thriving in this chaotic geographic environment for many centuries. We know how to adapt. The most creative innovations happen on the edge of chaos.

Thank you for your submission! We will review it soon.

Subscribe to our mailing list

new on EVN Report 

Artsakh’s Cultural Heritage Under Threat

Armenian cultural, religious and historical monuments and sites currently under Azerbaijani control in the aftermath of the 2020 Artsakh War are under immediate threat of vandalism and destruction.

Dealing With a New Wave of Land Mines

Following the First Karabakh War, landmines and explosive remnants of war became a major hazard for civilians. Today, four regions of Armenia are still contaminated with unexploded ordnance, impacting over 35,000 residents.

Military Expenditures and the Economy: Behind the War of Weapons

Azerbaijan increased its military spending by 17% in 2020; this was among the largest annual increases in Eastern Europe and Eurasia. Ani Avetisyan breaks down the numbers of the military expenditures of both Armenia and Azerbaijan.

Are Armenia-EU Trade Relations Entering a New Stage?

COVID-19 and the 2020 Artsakh War impacted Armenia-EU trade and economic relations and not only. Moving forward, Armenia must balance opportunities and risks in two directions of integration - CEPA and as a member of the Eurasian Economic Union.

The Calamitous 1921 Treaty of Moscow

The Treaty of Moscow reaffirmed, almost identically, the borders laid out in the Treaty of Alexandropol. Armenia, thus, conceded 20,000 square kilometers to Turkey. Mikayel Yalanuzyan reveals the details of those turbulent times.

The Hunt for Spies

There have been numerous public accusations related to espionage and high treason since the start of the 2020 Artsakh War. Despite all the noise, only one case of high treason and one case of espionage were filed during and after the war.

also see 


Issue N 3

security 3

Armenia’s New Security Architecture: Russia as Geopolitical Bodyguard

Armenia needs to reconfigure the political economy of its security architecture by utilizing its security alliance with Russia, through a mechanism of burden-sharing, where Russia’s geopolitical interests are aligned with Armenia’s security interests.

The Cyber Battlefield is Just as Important: Armenia’s Cybersecurity

The scale and level of coordination of cyberattacks by Azerbaijani hackers in 2020, indicates careful planning and centralized coordination. Artur Papyan writes about the need for education about cybersecurity in Armenia, in both the private and public sectors.

Avoiding the Empty Nest: Armenia’s Demographic Security

Armenia’s significant demographic decline over the past 30 years due to emigration and declining birth rates has affected nearly all areas of life in the country from industry to education to the military.

Armenia’s Food Security

In a world where pandemics, extreme climatic phenomena and natural disasters are becoming more common, the issue of food security is a global challenge of increasing importance. Armenia is not immune to these developments.

Laying Off the Gas: Energy Security in Armenia

Diversifying Armenia’s energy sources is a strategic need of national importance. The coming decade presents an opportunity to turn direction and tackle the considerable obstacles facing the country. Strong political commitments and a focused approach are needed to make real progress.

Armenia’s Environmental Security

Armenia has an incredible potential to tap into its natural resources sustainably and moreover ensure green economic growth. What is needed is visionary thinking as well as effective, professional and technocratic governance.


our latest podcasts 

Robin the Robot

00:00 00:00


Mardiros Merdinian

Great analysis of the recent history of cyber security and its critical nature in national security. I don’t think I had seen this detailed article on Armenia’s Cyber Security on any Armenian news or media outlet. Agree wholeheartedly that Armenia is a fertile ground to become a cyber security power. We just need a well- funded and well-run program in this area to become more competitive. Thank you for the great thoughts.

All rights reserved by EVN Report
Developed by Gugas Team