IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cyber in Afghanistan: Tech’s Vital Role in Kabul Evacuation

The desperate images coming out of Afghanistan following the Taliban’s takeover last weekend underline the importance of technology and the real-life impacts when planning goes well — or not so well.  

Protesters outside the United Nations in New York City on Aug. 15, 2021, call on the U.S. to sanction Pakistan.
Protesters outside the United Nations in New York City on Aug. 15, 2021, call on the U.S. to sanction Pakistan.
Shutterstock/Steve Sanchez Photos
As the world watches the events unfold in Afghanistan after the Taliban took control of Kabul, the chaotic images of troops patrolling the streets with guns can leave the initial impression of a century-old, Lawrence of Arabia-type conflict with little or no technology involved.

However, as we watch images of Afghanistan residents showing blue cards on their smartphones to CNN reporters, the on-the-ground reality is much different. Indeed, the Internet access has been generally pretty reliable in Kabul, and many people trying to contact others around the world are relying on technology and a long list of apps to communicate with friends and relatives trying to help.
There are numerous tech and cybersecurity stories emerging from this situation that deserve significant attention. Some of these stories provide good news, while others ... not so much.

Here is a sampling of related headlines:

The Washington Post: “Today’s Taliban uses sophisticated social media practices that rarely violate the rules”

“For a group that espouses ancient moral codes, the Afghan Taliban has used strikingly sophisticated social media tactics to build political momentum and, now that they’re in power, to make a public case that they’re ready to lead a modern nation state after nearly 20 years of war.

“In accounts swelling across Facebook, Twitter and Instagram — and in group chats on apps such as WhatsApp and Telegram — the messaging from Taliban supporters typically challenges the West’s dominant image of the group as intolerant, vicious and bent on revenge, while staying within the evolving boundaries of taste and content that tech companies use to police user behavior.”

NPR: “Journalist In Kabul Says City Is Quiet, Internet Intact — For Now”

“We have to remember that it’s a different time from when the Taliban came to power in 1996. You know, I was just thinking about it. Like, right now we still have internet access, you know? So for a lot of us, you know, a lot of the news came from the internet. You know, there were a lot of rumors. There was a lot of talk.

“And the first report that I saw, that the president had left came from, you know, the biggest private TV station. They posted it online. And then other networks and other agencies picked it up. And other places started to verify it. So in that sense, you know, it’s interesting how different it is. Like, we still have access to TV and radios and, you know, things that weren‘t allowed in 1996.”

GovInfoSecurity: “Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?”

Reuters: “Afghans scramble to delete digital history, evade biometrics”

“Thousands of Afghans struggling to ensure the physical safety of their families after the Taliban took control of the country have an additional worry: that biometric databases and their own digital history can be used to track and target them.

“U.N. Secretary-General Antonio Guterres has warned of ‘chilling’ curbs on human rights and violations against women and girls, and Amnesty International on Monday said thousands of Afghans — including academics, journalists and activists — were ‘at serious risk of Taliban reprisals.’

“After years of a push to digitise databases in the country, and introduce digital identity cards and biometrics for voting, activists warn these technologies can be used to target and attack vulnerable groups.”

The Intercept: “The Taliban Have Seized U.S. Military Biometrics Devices”

The Taliban have seized U.S. military biometrics devices that could aid in the identification of Afghans who assisted coalition forces, current and former military officials have told The Intercept.

“The devices, known as HIIDE, for Handheld Interagency Identity Detection Equipment, were seized last week during the Taliban’s offensive, according to a Joint Special Operations Command official and three former U.S. military personnel, all of whom worried that sensitive data they contain could be used by the Taliban. HIIDE devices contain identifying biometric data such as iris scans and fingerprints, as well as biographical information, and are used to access large centralized databases. It’s unclear how much of the U.S. military’s biometric database on the Afghan population has been compromised.”

The Daily Mail (UK): “Taliban is intensifying hunt for Afghans who worked for US and UK as they go door-to-door to threaten relatives, UN report warns despite the terror group’s claims of an ‘amnesty’”

Politico: “What an Afghan News Outlet’s Early Encounters With the Taliban Tell Us About the Country’s Future”

“We’re taking this one day at a time. We’re taking this one hour at the time. There are essentially three phases, if one was to speculate. The first phase is: they consolidate rule over Afghanistan. It’s about forging alliances. It’s about getting rid of opposition. It’s about installing people in key positions to make sure they have security. It’s working on their international relationships, whether that’s with multilaterals like the U.N. or with governments. It’s important for them to continue to receive aid from different countries.

“In that first phase, I think the media is going to be relatively OK, unless you put something out that’s very controversial. I think the pain threshold will be pretty high.

“The second phase will be a transitional government because they need to have some sort of a government takeover. They need to have a cabinet. They need to have ministers, police chiefs, governors and so forth. In this second phase, I think we will see some restrictions because, despite what we’re saying, the Taliban is a religious movement first and foremost. And they have constituencies that will demand changes, whether it’s media or social behavior and so forth. So we will probably have some restrictions — or maybe lots of restrictions — in that second phase — call it appointment or installation of a transitional government or arrangement. And in this transitional period, they’re going to work on the state — what is this new Afghanistan going to look like? The state, the structures — will we have a parliament, will we have a constitution or no constitution.

“And essentially the third phase will be the Emirate of Afghanistan. We may perhaps even have more restrictions in the third phase.”

The Washington Post: “The Cybersecurity 202: Sensitive government data could be another casualty of Afghan pullout”


What is a clear trend across all of these Afghanistan stories is the vital role that cybersecurity and technology are now playing in Kabul. If ID management and digital identities are now being used against residents by the Taliban trying to round up people who worked with the U.S., the underlying need for “people, process and technology” components should be re-examined.

As I’ve written in several articles over the past decade, the physical and digital worlds are merging globally, and there is really no longer much separation between the two.

As we have seen in other areas of technology, from artificial intelligence to encryption, new technologies can be used for good or evil. Global organizations must consider the risk mitigation steps that should be followed, should the sensitive information or advanced technologies that they possess fall into the wrong hands.

While I don’t have the detailed information regarding the specific current situation on the ground in Afghanistan (and all of these stories are available from open media), I am hopeful that the Department of Defense and supporting agencies and partners have these types of mitigation plans in place.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.