Financial Constraints, Technical Challenges, and Political Pressures

Cyber threats are escalating globally, posing a significant risk to Syrian civil society organizations. The organizations face a complex web of challenges, including financial constraints, technical limitations, and political pressures. These factors have resulted in security gaps that jeopardize the data and archives of civil society workers.

1. North and east Syria have relied on multiple sources to secure a connection, including the Syrian government’s communications network, satellite internet, Turkish internet services, and the local Rcell network.
2. The constant shifting between providers has created significant chaos in data security, leading to data loss and inaccessibility.

Preserving Critical Archives

The preservation of critical archives, particularly those containing testimonies and records of victims or their families, is a critical concern for civil society organizations in Syria. Abbas Ali Mousa, an activist with the Synergy Association, emphasizes the importance of handling such data with care.

“Most of the available funds are directed towards field projects and immediate humanitarian needs rather than the development of technical infrastructure,” he explains. “Political instability and logistical challenges” also pose systemic obstacles to digital security efforts.

Lack of Digital Security Measures

Helez Fateh Abdulaziz from Insight Organization notes that funding constraints are preventing the adoption of robust digital security practices. Organizations tend to underestimate the importance of securing technical resources, treating them as a lesser priority despite the challenges they pose.

1. The lack of skilled staff, especially in the early stages of organizations, exacerbates the issue.
2. Donor priorities often focus on immediate needs, leaving digital security underfunded.

Internal Digital Communication

Civil society organizations in Syria do not use official emails and secure cloud storage solutions, explains Mousa. External hard drives holding information about thousands of beneficiaries and numerous projects have malfunctioned frequently, causing significant data losses. “The total absence of adequate protection exposes the data of beneficiaries, donors, and staff to potential breaches or leaks,” explains Sherine Ibrahim from Dar Association for Victims of Forced Displacement.

Danger of Data Breaches

The loss of control over communication systems complicates the coordination of relief and humanitarian efforts. Data breaches can lead to data distortion, potentially delaying the delivery of services and reducing operational efficiency. In some cases, stolen data could be used to target beneficiary communities or to leak sensitive information about activists and human rights defenders. It could also be falsified or manipulated to tarnish the reputation of the organization.

Digital Military-Political Conflict

Turkey has used digital warfare as an offensive tool in north and east Syria, repeatedly attempting to penetrate systems and broadcasting sites of local media in these areas. Turkish authorities have also restricted social media accounts of civil and media activists and legal professionals in Syria. Some organizations have adopted protective measures, such as utilizing paid and encrypted software for storing information and having a dedicated data entry employee to ensure controlled access.

1. Despite the precautions, digital security remains a challenge.
2. Officials in civil society organizations, local media, and activist circles show little interest in preventive tools and protective programs.

Political Tensions and Digital Security
Political tensions have led to increased digital violations among civil society groups in Syria. The director of one organization spoke on condition of anonymity due to security concerns: “During our work under former president Bashar al-Assad, we encountered an international donor who was operating both in north and east Syria and in Damascus.”
“Given the political sensitivity between the two locations, we objected to the non-disclosure of projects in north and east Syria and were assured confidentiality,” he explains. “But over time we found that the Syrian regime could access operational details and other data.”
Workers in these organizations continue to fear ongoing threats in today’s Syria. Experience of Civil Organizations
An anonymous director shared her experience, recalling the challenges of data security under the previous regime. “Working in the capital, protecting our data was a constant nightmare. We only carried out projects with donors licensed to operate in Syria, meaning security agencies were aware of their activities. Still, we feared leaks, especially of beneficiary names, who risked harassment.”
“Some beneficiaries faced security harassment and were questioned about the support they received, a clear sign that our data had been compromised,” she adds. In north and west Syria, areas out of the former regime’s control, the situation was exceedingly harsh. In Idlib, according to statistics from the Women’s Empowerment Office, 53 percent of women experienced some form of digital violence. This prompted civil organizations to allocate significant budgets for digital security for their workers, leading to the early 2012 launch of the SalamaTek digital platform. Call for Digital Security Measures
Despite the significant cybersecurity risks civil society faces in Syria, organizations have yet to implement robust digital security measures against breaches and infiltration. With the ongoing changes in the country, these organizations continue their operations without any solid plans or strategies for digital security, which could lead to a digital disaster.