Syrian Attack or Cyberattack

Use of force against Syria could trigger retaliation in multiple forms and venues, but government and private entities are increasingly wary of a retaliatory cyberattack against US critical infrastructure. Beyond central government systems, critical infrastructure spreads deeply into subcontracted entities and private groups, extending the list of potential targets.

Public and Private Works

Government and private information security groups deem the threat at least worthy of consideration within their independent DRPs (Disaster Recovery Plans). Owners and operators already plan for the defense and recovery of critical systems such as the power grid, transportation, water, and communication.

Government Oversight or Privately Owned

Whether a system is rigidly monitored by government oversight or privately owned and regulated, the lines blur between such entities involving infrastructure and public services. Small divisions and subcontracted services directly controlled or funded by government resources fall under the same security regulations as large government entities.

National and Private Security Overlap

The regulations are different for privately owned and operated systems, but most still comply not only with federal expectations for information system security, but also the guidance regulated by NIST (National Institute of Standards and Technology) and the AICPA’s Service Organization Controls (SOC).

Cyberthreat Potential from SEA (Syrian Electronic Army)

Private entities have already been attacked by the SEA. Though, not officially allied with the government, the SEA does target political opposition groups and western web sites, particularly by hijacking or defacing media sources such as The New York Times. Though the precedent cyberthreat from the SEA focuses on the media, other information systems critical to the US infrastructure are equally valid targets for a retaliatory cyberattack.


Beyond critical infrastructure, damage to communication, banking, and other systems can be significantly debilitating to business continuity in the US. As such, private systems may be strategic targets. Since the lines between national and private security are indeed blurring, however, the scope of all Disaster Recovery Plans typically prepare to defend systems from cyberattacks and effectively mitigate the response and recovery regardless of the source.