A New Age of Cyber Conflict for Iran? Increasing Capabilities and Incentives

Iran has been shaken by dozens of mysterious explosions and fires across the country over the last few weeks, including at nuclear facilities, prompting the question about who is responsible for these attacks among Iran’s adversaries, whether it be Israel, Saudi Arabia or the U.S. Some of the seemingly random incidents have been deadly, revealing Iran and its foes are utilizing all technologies and tools in hand to undermine moral, defense, and deterrence capabilities. A prior rare public exchange of cyberattacks between Israel and Iran on civilian targets demonstrates that Iran is also furthering its ability to wield its cyberweapons to advance its geopolitical will.

Over the past decade, Iranian cyber capabilities have risen dramatically as the state has consistently invested in new technologies to strike global competitors and retaliate against cyberattacks. Since the devastating Stuxnet attack against Iran’s nuclear facilities in 2010, which has since been attributed to the U.S. and Israel, Iran has had a strong motive to invest in malicious cyber technologies and as such, has made cyber developments a priority. Despite being considered to be lagging behind Russia, China, Israel, and the U.S. in cyber capabilities, its cyber weapons are likely to continue gaining sophistication. From the initial Shamoon attack against Saudi’s Aramco in 2012 to the ongoing “Fox Kitten” cyber espionage campaign against the U.S. and Israel, Iranian cyber activity is not new. It may, however, be entering a phase of renewed development. 

In late April this year, Iran targeted an Israeli water distribution facility with a cyberattack aimed at increasing the levels of chlorine in the water supply to dangerous levels. The attack was intercepted early on, leading to minimal long-term damage, but a few weeks later on May 9, Israel retaliated against the Iranian Shahid Rajaee Port near the Strait of Hormuz with a cyberattack. The attack reportedly led to disrupted roads and waterways for multiple days. This recent exchange of attacks has the potential to mark a new cyber era for multiple reasons– the attacks were much more public than previously covert operations, and despite the attacks crossing a “red line” by targeting civilian infrastructure, they caused little physical damage. In addition, the exchange poses a potential blueprint for cyber deterrence going forward. 

A Strong Cyber Government Order

Iran’s progress in the cyber realm is largely due to its organized and increasingly consolidated bureaucratic structure. Under the leadership of Supreme Leader Khamenei, the Iranian government has evolved to center hardliners while shutting down moderates, conservatives, and reformists, including in the realm of cyberspace. In 2013, Supreme Leader Khamenei created the Supreme Council of Cyberspace (SCC), which is made up of senior military and intelligence officials, to coordinate internet policies and oversee their implementation. According to Freedom House, the SCC was intentionally formed to be under his control, “minimizing the roles of the executive, legislative, and judicial branches.” 

Some of the SCC’s members include officials from the Revolutionary Guard Corps (IRGC), the Basij, and Iran’s Passive Defense Organization (NPDO), all of whom contribute to building up Iran as an aggressive cyber power. The IRGC perpetrates cyberattacks while Basij, which operates under the IRGC, manages thousands of cyberwar volunteers. The tightly-controlled chain of command surrounding cyber operations allows Khamenei and hawkish Iranian military officials full control over Iran’s cyber warfare apparatus, which they have an abundance of motivation to utilize.

Pressure to Level-up

With regional and international enemies focused on countering Iran, the Iranian government faces no shortage of pressure to exert dominance. From the U.S., Iran faces immense economic and political  pressure. Stringent sanctions have continually hit the Iranian economy and a recent report released by Congressional Republicans called for further increasing sanctions, which President Trump has vocally supported. Tehran’s influence in Iraq has been compromised with the recent increase in popular demand to limit Iranian influence in the country. In addition to Iran’s decades-long rivalry with Riyadh and Abu Dhabi, Israeli-Iranian competition continues through flare ups in the cyber realm and elsewhere. 

The long list of powerful enemies Iran has cultivated provides significant incentive to expand Iran’s dominance, especially militarily. While a UN arms embargo allows for little ability to expand military capabilities with weapons or machinery, cyberattacks provide a crucial means for advancing Iranian acts of aggression and could be a powerful tool to advance its geopolitical interests.

A New Era?

The Iranian-Israeli exchange marks a notable shift in cyber competition as both countries targeted civilian infrastructure, which they have avoided in the past. However, although the attacks on the water distribution facility and the port affected civilians, the consequences were non-lethal and resulted in significant inconveniences rather than the destruction of life or property. 

These attacks are also set apart by the fact that Israel appeared to have leaked information about its counterattack. Normally, cyber-attacks are hard to track from the outside because the attacker and the victim are often motivated to keep quiet so as to not reveal their capabilities or highlight their weaknesses, respectively. Although Iran officially denied its involvement, its role was widely reported. The fact that these were more public, low-damage, civilian attacks signals that cyber conflict has the potential to shift away from tactical hits against the enemy and further into the realm of geopolitics, where strikes hold a more symbolic role in demonstrating power and revealing regional dynamics rather than focus on pragmatic, high-damage targets. Although the latter remains a dominant feature of cyber conflict, this exchange may exemplify a new category of attacks going forward as cyberattacks become continually lower cost and more technologically advanced. 

Retaliation or Deterrence?

Factors ranging from Iran’s increasing technological capabilities, pressures faced by stringent economic limitations from U.S. sanctions, and regional competition from Israel and Saudi Arabia lead to a situation in which cyberattacks of increased visibility provide a clear way for Iran to show strength.

They also, however, do run the risk of provoking a more severe cyber retaliation from Israel, which maintains some of the most sophisticated cyber-weapons. An escalation will undoubtedly lead to an increase of attacks and retaliation between Tel Aviv and Tehran that would seek out more civilian targets in order to show strength and increase the geopolitical power.