In the evolving discourse regarding cybersecurity now visible in Washington, the Islamic Republic of Iran has generally gotten short shrift. Indeed, the Iranian regime—currently facing widening multilateral sanctions as a result of its nuclear ambitions, and grappling with an increasingly contentious domestic political scene—tends to be dismissed as neither a serious nor an imminent cyber threat to the United States.
Yet, for precisely those reasons, U.S. policymakers would do well to focus on the Iranian regime's cyberwarfare capabilities, as well as its growing ability to hold the homeland at risk. Doing so begins by understanding the nature of Iran's contemporary focus on cyberspace.
Iran versus the World-Wide Web
In a very real sense, the Iranian regime today can be said to be erecting an "electronic curtain" aimed at isolating its population from the World Wide Web. It is doing so through an array of concrete initiatives.
The most prominent of these is the creation of an alternative national intranet. Originally slated to go online in August 2012, this "halal" or "second" internet represents a more sophisticated alternative to filtering systems such as China's "Great Firewall." While those simply deny users access to proscribed sites, Iran's will reroute them to regime-approved search results, websites, and online content. By doing so, it will give Iranian authorities the power to create an Islamic Republic-compliant online reality for their citizens.
The Iranian government is also dedicating a new agency to monitor cyberspace. This "Supreme Council of Cyberspace," now in formation, will be headed by top officials from both Iran's intelligence apparatus and the Revolutionary Guards and tasked with "constant and comprehensive monitoring over the domestic and international cyberspace." Once operational, it will be able to issue sweeping decrees concerning the Internet that would have the full strength of law.[1]
This has been supplemented by draconian new rules and restrictions on Internet usage. Internet cafes, for example, are now mandated to record the personal information of customers—including vital data such as names, national identification numbers, and phone numbers—as well the installation of closed-circuit cameras to keep video logs of all customers accessing the World-Wide Web.[2] Onerous penalties for online content deemed inappropriate or subversive have been passed as well.
Finally, the Iranian regime has harnessed new technologies for monitoring, filtering, and limiting access. In this effort, Iran has been assisted by a number of foreign entities. Most notably, China's ZTE Corp. has partnered with the state-controlled Telecommunication Company of Iran (TCI) to implement advanced monitoring of the country's telecom sector.[3]
Iran's focus on constricting Internet freedom is understandable. The Iranian regime faces an array of domestic challenges to its authority. These include the so-called "Green Movement" which coalesced following the fraudulent reelection of Mahmoud Ahmadinejad to the Iranian presidency in June of 2009. That event galvanized an outpouring of popular discontent, which coalesced into a broad opposition front known as the "Green Movement." "Green Movement" activists relied heavily on social media—including Twitter, Facebook and other networking platforms—to organize their protests and activities. In response, the Iranian regime utilized information and communication technologies extensively in its suppression of the protests—and thereafter has invested heavily in capabilities aimed at controlling and restricting access to the World-Wide Web.[4]
An additional source of concern is the so-called "Arab Spring" which has swept over the Greater Middle East over the past year-and-a-half. So far, Iran has been spared the anti-establishment sentiment that has led to upheavals in Tunisia, Libya, Egypt and, most recently, Syria. But Iran's leaders are deeply worried about the possibility of anti-regime sentiment migrating to their country, and as a result have done their best to limit their population's exposure to such ideas via the media and Internet.
Quiet conflict over Iran's nuclear program
Over the past three years, the Iranian nuclear program has come under sustained and repeated cybernetic attack. To date, at least five distinct cyber worms targeting the Iranian nuclear program have been identified and isolated. These include Stuxnet, the malicious software that attacked Iran's centrifuge arrays between mid-2009 and late 2010; "Stars," a software script targeting execution files; DuQu, a successor to Stuxnet aimed at gaining remote access to Iran's nuclear systems; another piece of malware named Wiper, which attacked internal Internet communications; and, most recently, Flame, a cyber espionage virus.
And still more are on the horizon. In July of 2012, it was revealed that Iran has been attacked by a new cyberworm dubbed "Mahdi."[5] Although comparatively unsophisticated, "Mahdi"—unlike previous such attacks—appears to be of indigenous origin, suggesting that the Iranian regime now faces cyber enemies not only outside its borders, but within them as well.
The Iranian regime has begun a significant mobilization in response. It has launched an ambitious $1 billion governmental program to boost national cyber capabilities—an effort that involves acquisition of new technologies, investments in cyber defense, and the creation of a new cadre of cyber experts.6 It has also activated a "cyber army" of activists which, while nominally independent, carried out a series of attacks on sites and entities out of favor with the Iranian regime, including the social networking site Twitter, the Chinese search engine Baidu, and the websites of Iranian reformist elements.[7]
As these developments indicate, Iran appears increasingly to be moving from defense to offense in terms of how it thinks about cyberspace. Accordingly, in late July 2011, the hardline regime newspaper Kayhan, wrote in an editorial that America, which once saw cyberwarfare as its "exclusive capability," had severely underestimated the resilience of the Islamic Republic. The United States, the paper suggested, now needs to worry about "an unknown player somewhere in the world" attacking "a section of its critical infrastructure."8
This is not idle bluster; security professionals have taken note of Iranian efforts to probe segments of U.S. critical infrastructure, most notably the country's electrical sector.9 Along those lines, cybersecurity experts warn that, should the standoff over Iran's nuclear program precipitate a military conflict, Iran "might try to retaliate by attacking U.S infrastructure such as the power grid, trains, airlines, refineries."[10]
Bracing for contact
There is an old axiom that the gravity of a threat is determined by both capability and intent, and this holds true for cyberwarfare as well. Today, Iran is not the greatest cyber threat arrayed against the United States. Indeed, while significant, Iranian capabilities are generally judged to be inferior to those of China and Russia—perhaps considerably so.[11] What Iran lacks in capability, however, it makes up for in intent. Politically, a cyber attack from Iran is significantly more likely than from either China or Russia, in light of the ongoing international impasse over its nuclear program.
It is not out of the question that the Iranian regime could independently initiate a cyber attack on the United States. Iran has grown significantly bolder in its foreign policy of late, and no longer can be relied upon to refrain from direct action in or against the U.S. homeland. As Director of National Intelligence James Clapper noted in his testimony before the Senate Select Committee on Intelligence this past January, "Iranian officials—probably including Supreme Leader Ali Khamenei—have changed their calculus and are now willing to conduct an attack in the United States."[12]
Far more probable, however, is the possibility of a development related to Iran's nuclear program serving as a trigger for some sort of attack in the cyber realm by the Iranian regime. A complete breakdown of current diplomatic negotiations, a further strengthening of economic sanctions, or the use of military force against Iranian nuclear facilities could all potentially trigger an asymmetric retaliation.
Should that happen, the United States will find itself confronted with a new, and qualitatively different, cyber threat—one for which it is still ill-prepared. For, while the past year has seen a dramatic expansion of governmental awareness of cyberspace as a domain of conflict, serious institutional awareness of Iran's cyberwarfare potential has lagged behind the times. So has a comprehensive governmental response to it.
It is a deficiency that the United States can no longer afford to tolerate.
[1] Ramin Mostaghim and Emily Alpert, "Iran's Supreme Leader Calls for New Internet Oversight Council," Los Angeles Times, March 7, 2012, http://latimesblogs.latimes.com/world_now/2012/03/iran-internet-council-khamenei.html.
[2] Radio Free Europe, January 4, 2012
[3] Steve Stecklow, "Special Report: Chinese firm helps Iran spy on citizens," Reuters, March 22, 2012, http://www.reuters.com/article/2012/03/22/us-iran-telecoms-idUSBRE82L0B820120322.
[4] See, for example, Saeid Golkar, "Liberation or Suppression Technologies? The Internet, the Green Movement and the Regime in Iran," International Journal of Emerging Technologies and Society 9, no. 1 (2011), 50-70, http://www.swinburne.edu.au/hosting/ijets/journal/V9N1/pdf/Article%204%20Golkar.pdf.
[5] "New Cyber Espionage Virus Found Targeting Iran," Reuters, July 17, 2012, http://www.jpost.com/International/Article.aspx?id=277803.
[6] Yaakov Katz, "Iran Embarks On $1b. Cyber-Warfare Program," Jerusalem Post, December 18, 2011, http://www.jpost.com/Defense/Article.aspx?id=249864http://www.jpost.com/Defense/Article.aspx?id=249864.
[7] Farvartish Rezvaniyeh, "Pulling the Strings of the Net: Iran's Cyber Army," PBS Frontline, February 26, 2010, http://www.pbs.org/wgbh/pages/frontline/tehranbureau/2010/02/pulling-the-strings-of-the-net-irans-cyber-army.html; Alex Lukich, "The Iranian Cyber Army," Center for Strategic & International Studies, July 12, 2011, http://csis.org/blog/iranian-cyber-army.
[8] "STUXNET has Returned Home," Kayhan (Iran), July 27, 2011. (Author's collection).
[9] Author's personal communication, August 17, 2011.
[10] Brian Ross, "What Will Happen to the US if Israel Attacks Iran?" ABC News, March 5, 2012, http://abcnews.go.com/Blotter/israel-attacks-iran-gas-prices-cyberwar-terror-threat/story?id=15848522#.T4g5tqvY9Ll.
[11] Kevin Coleman, "Iranian Cyber Warfare Threat Assessment," Defense Tech, September 23, 2008, http://defensetech.org/2008/09/23/iranian-cyber-warfare-threat-assessment/.
[12] James Clapper, testimony before the Senate Select Committee on Intelligence, January 31, 2012.