By: Zaheema Iqbal & Hammaad Salik
The US-Iran relations have escalated since the withdrawal of the United States of America from the Iran nuclear deal. This resulted in harsh sanctions exacerbating the sharp decline of Iran’s economy. The US government has prohibited trade with many Iranian business sectors including carpets, pistachios, aviation and gold. The cyberattacks are the latest episode in the “Ghost Wars” as both Iran and US are heavily engaged in targeting each other’s cyberspace. On the upside, even if the current US campaign fails to dislodge the Tehran government, it could cause significant long-term damage to Iran’s economic, military and scientific infrastructure, setting back the country’s military ambitions in the region. This outcome is probably most feasible to US allies in the Middle East, who aren’t worried about the prospect of United States committing to an open-ended military conflict with Iran.
The Trump administration appears ready to decertify Iranian compliance with the Joint Comprehensive Plan of Action (JCPOA), despite a lack of evidence of Iranian violations. For critics of the JCPOA, this represents a move in the right direction; the goal of U.S. policy should be the end of the Islamic Republic and the overthrow of the existing regime in Tehran. Instead of an invasion, the United States would likely induce regime collapse through a policy of military and economic strangulation, led by airstrikes, sea-launched cruise missile strikes and the vigorous employment of special cyber operations forces.
The recent cyberattacks led by US Cyber Command (USCYBERCOM) in coordination with US Central Command (CENTCOM) against Iranian defense and ballistic missile control systems can be linked to the White House announcement and the issuance of FY19 Cyber Strategy in which USA claimed to go offensive in cyberwarfare while USSTRATCOM is on standby in case of escalation. This cyberattack can be termed as a reaction to the shooting down of US RQ-4A Global Hawk BAMS-D surveillance drone with a Khordad-3 surface-to-air missile over the Strait of Hormuz and limpet mine attacks on oil tankers in Gulf of Oman which US has blamed IRGC for; which was already designated a foreign terrorist group by the Trump’s administration earlier this year. According to DHS and NSA there is a sudden influx in digital traffic from Iran to USA suggesting attacks on US core critical infrastructures.
On 22nd June US CYBERCOMM Mission Command was tasked to go offensive in Iranian cyberspace. These short yet effective cyberattacks codenamed “Operation Hellfire” were aimed to cripple Iranian computers which are designated to control air defense systems and ballistic missile launch pads. As per various sources, the cyber-attacks have disabled the weapons and missile system of Iran. However, some other sources suggest that it was intended to disable the systems offline for a period of time. For US to launch an aggressive attack on Iran, it relies heavily on its naval presence – USS Abraham Lincoln Carrier Strike Group and a Bomber Task Force to the Central Command are already strategically deployed in the Gulf of Oman for quick responsiveness, also US will rely on its Gulf Allies to provide air bases for operations alongside naval deployment. To carry out successive air strikes, the first logical step was to take down the Iranian air defense systems and ballistic missile controls. Other military officials suggest this was just as an act of power to show Iran that their defense networks can easily be penetrated. Earlier this year in a similar operation, servers belonging to Internet Research Agency (IRA) – St. Petersburg Russia were also jammed and brought offline in a Cyber Command operation called Synthetic Theology.
Whatever the case may be, Iran has had a contentious cyber history with the US. In the past, Iran has also been engaged in hacking US government companies, banks, energy sector, dams and agencies. The Iranian state-backed actors involved in cyberattacks dubbed “Refined Kitten” has been continuously targeting US defense and energy sector for years. The Department of Homeland Security has also stated that Iran has increased digital attacks against the US government since the escalation between the two countries. Cybersecurity firms like FireEye and CrowdStrike said that Iranian stated backed APT (Advanced Persistent Threat) Groups have launched massive cyberattacks against US critical infrastructure including oil and gas. These APT’s have been using spear-phishing emails to lure Federal and State employees to gain access into the US systems. According to sources, CrowdStrike has also shared images of spear-phishing emails. One such email appeared to come from the Executive Office of the President and seemed to be trying to hire people for an Economic advisory position. Another email was more generic in nature and appeared to have Microsoft Outlook’s global address signature. The most recent explosion and massive fire on 21st June 2019 rocked a refinery complex in South Philadelphia, one of the largest on the East coast. This is one such example in which Iran has used “destructive- ‘wiper’ attacks”. The US Government is still investigating the events but the digital trace and evidences show it as a cyber-attack. These cyberattacks appear to have started shortly after the Trump administration-imposed sanctions on the Iranian petrochemical sector.
Development in cyber weaponry takes years to create a new weapon. The cyberattack of Stuxnet on Iranian nuclear system damaged more than 70% of nuclear centrifuges earlier in 2009. The attack was launched by the joint US-Israel forces in an operation called “Operation Olympic Games” against Iran nuclear facilities at Natanz. The Stuxnet is also considered as world’s first known ‘digital weapon’ which was an experiment to test the US cyber warfare capabilities. US military strategists came up with a blueprint with selective indicators targeting Iran’s core critical infrastructure in a vicious plan called ‘Nitro Zeus’. The early stages of the Nitro Zeus are to target Iran’s existing military infrastructure, including air bases, naval bases and ballistic missile installations. These attacks would do significant damage, notwithstanding existing Iranian air defenses, which would also come under attack. Iran’s naval and air forces would suffer terribly, and widespread strikes would also exact a toll on Iran’s ground and missile forces.
The action by US Cyber Command shows the increasingly mature cyber warfare capabilities and the aggressive cyber strategy under the leadership of President Trump. Over the last year, the Trump administration has focused on continuously engaging with adversaries in cyberspace and undertaking more offensive operations. In the Cyber Strategy, Trump vows its people to preserve peace and security by strengthening the ability of the United States – in concert with its allies and partners – to deter and if necessary, punish those who use cyber tools for malicious purposes.
As nations enhance their abilities to be engaged in cyberspace offensively, their ability to pick and initiate a war physically is drastically reduced. Cyber war is not a magic nuke one can fly over and drop one day. It takes decades of planning and preparation. With so much technological advancement in the last few decades, cyber wars are now one of the most difficult wars to defend against.
About the Authors
Zaheema Iqbal is a senior cyber security policy researcher at National Institute of Maritime Affairs, Bahria University Islamabad and is affiliated with Strategic Warfare Group. She can be reached at [email protected]
Hammaad Salik is an entrepreneur, and the founder of Strategic Warfare Group. His expertise is in Cyber Warfare Operations & Kinetic Warfare. He can be reached at [email protected]