Iran’s nuclear ambitions have been much in the news — and rightly so. The rogue state’s propensity to meddle violently in its neighbors’ affairs make the prospect of a nuclear Iran frightening, indeed.
But the international community’s focus on the mullahs’ nuclear and missile programs has left Iran’s cyberwarfare somewhat ignored. That must change.
Such attacks can be expected to increase in both frequency and the damage done, as Iran continues to expand its cyberwar program.
Since 2011, Iran has invested $1 billion in cybertechnology, infrastructure and expertise. In 2012, the Iranian Revolutionary Guard Corps claimed to be training over 120,000 individuals for advanced cyberwarfare. That same year, Iranian Supreme Leader Ayatollah Khamenei created the Supreme Council of Cyberspace — its mission: to oversee the “defense of the Islamic Republic’s computer networks and develop new ways of infiltrating or attacking the computer networks of its enemies.”
Some of the most devastating cyberattacks, thought to have originated in Russia or China, actually came from Iranian hackers.
Professionals have detected Iranian hackers targeting networks of defense contractors, aviation firms, and oil and gas companies. The U.S. government linked a sizable cyberattack on the U.S. banking system to Iranin 2013. More recently, the U.S. Department of Justice indicted nine members of the IRGC for attempting to penetrate and steal more than $3 billion in intellectual property from over 300 American and foreign universities.
Similar attacks have been leveled at U.S. allies. A 2016 cyberattack on Saudi Aramco, arguably the most valuable company in the world, erased important data on more than 30,000 hard drives. In 2017, the United Kingdom blamed Iran for hacking the email accounts of dozens of members of Parliament.
The Iranian cyberthreat also extends to its own citizens. The regime heavily regulates the information its citizens can access on the internet, while using the web to attack its domestic critics. Meanwhile, it digitally surveils human-rights defenders, perceived enemies of the state and even its own agencies.
The Iranian government publicly boasts about its cybercapabilities, while simultaneously denying all accusations of cyberwarfare. Certainly, their capabilities have become increasingly sophisticated over the years. Experts note that Iranian hackers steal more intellectual property than any country but China.
Iranian hackers are also more difficult to track — largely because Iran uses proxies when carrying out attacks. These intermediaries often disappear immediately following an attack.
The United States has begun pushing back on Iran’s cyberattacks but still could do more. Countering the cyberthreat will require a national grand strategy for cybersecurity. Currently, we have none. This puts us on the defensive, responding to attacks as they come rather than effectively preventing them.
A national strategy must establish specific goals and address all major concerns regarding vital U.S. cyberinterests. Since the majority of our most valuable and vulnerable assets are privately held, the public and private sectors must learn to work together to secure these interests.
That will not be easy. Historically, the U.S. government has been the only key player in national security. But cybertechnology has changed that reality. Private organizations now have a responsibility to understand and protect their data from emerging threats. But they must also work with the public sector to establish mutual interests and explore new opportunities that improve overall cybersecurity for the nation.
Iranian aggression — whether on the ground or in cyberspace — is a destabilizing force that must be deterred. As the U.S. and the broader international community debate how to contain Iran’s nuclear program, they must not forget the rapidly evolving cyberthreat.