Iran-U.S. Cyber Warfare Could Hurt Both Sides, U.S. Security Advisor Says 

By Natasha Phillips


[Excerpts from the interview with Dr. Seth Jones have been added below this report.]


June 28  – The United States has carried out cyber strikes on Iranian computer systems connected to missile launchers, after U.S. President Donald Trump called off a conventional military strike on unnamed targets inside Iran last week. Cyber attacks by Iran have also been reported. Analysts say cyber warfare carries high risks — and could be damaging to both sides.

The U.S. strikes temporarily disabled the Islamic Republic’s rocket and missile launchers and were ordered by the U.S. president in response to Iran shooting down a U.S. surveillance drone.

Offensive cyber operations by Iran against the U.S. have increased significantly in the last few years, as tensions between the two countries have escalated over sanctions and disagreements on the Joint Comprehensive Plan of Action (JCPOA) nuclear deal.

Documented cyber attacks by Iran include the development of online networks used to spread false information about the U.S., Israel, and Saudi Arabia, as well as a hacking campaign against banks, local government bodies, and several other public agencies in the United Kingdom. Yet Iran’s cyber capabilities still lag behind the U.S., said Dr. Seth Jones, the director of the Transnational Threats Project at the Center for Strategic and International Studies in Washington D.C., in an interview with Kayhan Life.

“Right now, the United States has the greatest capacity in terms of U.S. versus Iran, no question. The U.S. has a very robust cyber capability, probably the best on the planet,” Dr. Jones said.

“The British have the Government Communications Headquarters (GCHQ). The Russians and the Chinese also have very strong cyber capabilities,” Dr. Jones explained. “But in terms of the U.S. and Iran, it’s a mismatch.”

Dr. Jones said that cyber warfare was increasingly being prioritized over conventional warfare, and that the extent of any damage from an unrestricted cyber conflict was still unclear: “We don’t know yet what the impact of a full scale cyber war might mean as it’s a relatively new element within the context of state conflict.”

A further cyber attack was carried out by the U.S. on Iranian proxy group Kata’ib Hezbollah this week. It aimed to disable the militia by dismantling its networks, according to two U.S. officials with knowledge of the operation. Kata’ib Hezbollah was designated a terrorist organization by the U.S. in 2009.

In 2010, a virus called Stuxnet attacked a nuclear facility in Natanz, Iran. Widely believed to have been orchestrated by the U.S. and Israel, the attack destroyed around 1,000 nuclear centrifuges.

Enlarge

STUXNET-NATANZ554
FILE PHOTO: An interior view of the Bushehr nuclear power plant, some 1,200 km (746 miles) south of Tehran. REUTERS/Mehr News Agency/Majid Asgaripour

On June 17, Iran said it uncovered a large cyber espionage network which it alleged was run by the U.S. Central Intelligence Agency (CIA), and said it arrested a number of U.S. spies in different countries as a result of the discovery.

FILE PHOTO:Mohammad-Javad Azari Jahromi.
Author: Zoheir Seydanlo. CC BY 4.0

Iran’s Minister of Information Mohammad-Javad Azari Jahromi tweeted on June 24 that the Islamic Republic was the object of ongoing offensive cyber operations, and said that it had managed to deflect 33 million attacks.

Meanwhile, cyber security firms CrowdStrike and FireEye said Iran had recently stepped up its offensive cyber operations against the U.S., flooding government agencies as well as the country’s oil and gas sectors with spear-phishing emails.

The following are excerpts of Kayhan Life’s interview with Dr. Jones.

What are the main differences between conventional and modern warfare, and how do they relate to current Iran-U.S. tensions?

There are a couple of changes, in particular when talking about major powers like the U.S. and even Iran for that matter. One of them is the ability to conduct asymmetric strikes.

The U.S. can conduct precision strikes in ways that improve year on year. For example if the United States wants to place a missile in a specific location, the technology for very precise strikes has improved dramatically.

We can see that in the way the U.S. has conducted operations in many places around the globe, mostly for counter-terrorism purposes but the technology can be used against states as well. These aircraft don’t have to be flown any more by manned vehicles, they can be flown by unmanned vehicles which can also collect information as we saw with the Global Hawk. The fidelity within which one collects information has changed as well. We can now gather pretty precise information using satellite imagery, for example.

The additions of the cyber and the space domains make this kind of competition very different. Both the U.S. and  Iran have better and better capabilities every year when it comes to conducting offensive cyber operations against each other, but also against other countries and corporate entities.

Some of these operations take time in terms of groundwork, however they can then be executed at some point down the road.  We can also include attempts to access space assets within modern warfare, however all of these actions present issues in that there are vulnerabilities associated with targeting countries’ assets, like satellites.

If tensions continue to escalate between Iran and the U.S., what cyber security options might the U.S. use to push back Iran?

The U.S., including through organizations like the U.S. National Security Agency (NSA), has significant cyber capabilities. The Trump administration has passed policy changes which have given the government more authority to conduct offensive cyber operations.

The challenge is that the U.S. as a country is vulnerable to cyber operations itself. That’s because it is well connected, and its companies — including its defense companies – rely heavily on everything from the internet to GPS in many cases, such as space-based systems. People drive connected cars, and we also have critical infrastructures in the U.S. which are connected.

While the U.S. has significant capabilities to shut down and potentially destroy parts of computer systems of missile programs, and shut down power for periods of time in some or all parts of Iran, including cities like Tehran, the challenge ultimately lies in the fact that we are also vulnerable to attacks.

We also don’t know yet what the impact of a full scale cyber war might mean, as it’s a relatively new element within the context of state conflict. During the Cold War, limits were well defined when it came to nuclear weapons. States were aware that they had second strike capabilities, so despite the fact that the U.S. had missiles pointed at the Soviet Union, and the Soviet Union had missiles pointing at the U.S., neither side ended up using them. That deterrence held because of second strike capabilities and the fear of mutually assured destruction.

We haven’t quite found that boundary in the cyber realm. This means that countries including the U.S. are going to be pretty cautious in how frequently and in what ways they use offensive cyber. Importantly, when you’re using offensive cyber, the nature of the action means that you’re also giving away very sensitive information, including code that you have, so cyber as a tool needs to be used very cautiously.

There’s also an espionage component to cyber, which will continue for the foreseeable future. That is, countries stealing information from one another by accessing government computer systems or companies, to collect information.

Can you explain what asymmetric strategies Iran uses which threaten regional and global stability?

During the Iran-Iraq war in the 1980s, Iran recognized – particularly as it saw the capabilities of other countries in the region – that it was not going to be a major conventional power. While every country needs to build some military capability in the form of procuring an army, an air force and a navy, Iran has chosen to spend much of its proportional money on funding its Islamic Revolutionary Guard, especially its Quds Force.

Asymmetric in this context means that Iran has a competitive relationship with Israel, that they view each other as enemies. However, Israel is a much stronger conventional power, and has nuclear weapons, which Iran does not, so one of the way Iran has focused its efforts is on building its capabilities with local partners, proxies.

So if we look at asymmetric actions from an Iranian standpoint, one very important component is leveraging local partners in a range of countries in the Middle East that can conduct operations against Iranian adversaries such as the Saudis in Yemen, the Israelis in Lebanon and the U.S. in several places including Iraq. In other words, Iran is not taking on these countries directly, it is taking them on through partners.

One of the most significant proxies has been Hezbollah in Lebanon. We can see that during the 2006 war with Israel and the way in which Hezbollah had been fortified with reasonable equipment by Iran. If we fast-forward to today, Hezbollah has capabilities in Lebanon and it’s been conducting operations in Syria, so Iran has a formidable partner against the Israelis through Lebanese Hezbollah. The Iranian government has also provided training, money and funding to some of the Shia militias in Iraq, and the Houthis in Yemen which they have used against countries like Saudi Arabia.

In terms of cyber warfare, which country has the greatest capability and what damage could the U.S. and Iran do in real terms to one another and potentially the international community?

The U.S. has a very robust cyber capability, probably the best on the planet.

The British have the Government Communications Headquarters (GCHQ), the Russians and the Chinese also have very strong cyber capabilities, but in terms of the U.S. and Iran, it’s a mismatch.

Still, it’s a challenge being able to deter Iran using cyber strategies, while being vulnerable to offensive cyber operations at the same time.

We do know that security measures used by companies to defend their online infrastructures is very expensive. If we look at a scenario like security grids being taken down, one can assume that would cause considerable damage. If you’re able to take financial networks down and keep them down, these actions are also going to cause major issues. The reality with offensive cyber is that no one is immune, so if you’re going to engage in that kind of activity, you then leave yourself open to attack.

It’s like launching nuclear weapons at one another. They can do tremendous damage but you’re also risking much of that to happen to you. As a result, a full scale cyber war between the U.S. and Iran would be highly unlikely.


Natasha Phillips

Natasha Phillips

Managing Editor

Natasha is Kayhan Life’s managing editor and journalist writing on foreign affairs, Iran, and human rights.She is a regular commentator on BBC, Sky News, London Live, France 2, RFI and RTL.

Natasha runs a child rights project called Researching Reform, which aims to improve legislation and policy for children around the world.

Email: [email protected]

Twitter: @SobukiRa