ICYMI, NBC’s William M. Arkin, Ken Dilanian and Robert Windrem report that the CIA is in the process of “opening cyber doors, selecting targets and making other preparations for an operation.” The goal, according to the NBC report, is “to harass and ‘embarrass’ the Kremlin leadership. . . . the agency had gathered reams of documents that could expose unsavory tactics by Russian President Vladimir Putin.” A lot more is going on, however, and our toying with Russia is being done against a backdrop of larger strategic cyber machinations.
Fortune’s David Z. Morris (@DavidZMorris) sees a pattern, reminding that at the end of July, Reuters reported that Russian officials disclosed that spyware had been discovered on multiple government networks.” At the end of September, Morris reported that “companies responsible for the basic infrastructure of the Internet are experiencing an escalating series of coordinated attacks that appear designed to test the defenses of its most critical elements.” And while we may have temporarily averted the nuclear threat Iran may have represent to the Middle East, Iran understands that cyber is the way to play with the big kids on the block.
According to The Washington Institute for Near East Policy Michael Eisenstadt, “Cyber is emerging as Tehran’s weapon of choice for dealing with domestic opponents and foreign adversaries.” It make complete sense. Nuclear’s hard. It’s messy. Relatively speaking, cyber’s easy. It’s accessible. And cyber-morality is still fuzzy. Eisenstadt notes, “Cyber can be used in peacetime, since norms have not been established that would define cyberspying or cyberattacks as acts of war that justify a military response.” (Indeed, some in the American audience finds Russia’s alleged dabbling in our elections funny; welcoming minor cyber invasions isn’t collusion with the enemy: it’s just good politics of contemporary campaigning.) Cyber represents a great strategic equalizer.
Iran, Eisenstadt writes, “supports the regime’s narrative that the Islamic Republic is an emerging scientific and technological force whose cyber achievements are second only to cyber superpowers Russia, China, and the United States.” And they’ve been at it for a while now. Since at least 2005, Iranian hacktivists have been harassing Iran’s rivals. Iran leveraged that capacity and turned it on subversives inside Iran. The Green Revolution and, then, our US-Israelis Stuxnet attack really work Iran up to the possibilities of cyber weapons, and in 2012, “Supreme Leader Ali Khamenei ordered the creation of the Supreme Council of Cyberspace in March 2012, to consolidate cyber decisionmaking in a single body that answered to him.” Since then, Iran’s been exercising its cyber-spying capacity, hacked our Navy’s intranet, interfered with Saudi Arabia’s and Qatar’s oil industry, and launched effective disruption and denial attacks on American financial institutions. Today, Eisenstadt writes, “Iran’s cyber toolkit has evolved from a low-tech means of lashing out at its enemies to a pillar of its national security concept.”
Eisenstadt goes to great and convincing lengths to explain the historical logic behind Iran’s cyber ambitions, and he proposes an approach that could counter, or at least stem, Iran’s cyber ambitions rooted in the history of the Republic’s warfighting strategies and the general character of Iran’s image and culture.
One thing’s pretty certain, while the US ramps up cyber-excursions with Russia and China, and while Russia and China counter and escalate to test capabilities and defenses, Iran is watching closely, and it’s anxious to join the big kids on the block, and while neither Russia nor China would like take Iran too seriously, Iran could certainly serve as their proxy as thing get heated up.
To keep up, take some time to work through Eisenstadt’s primer on “Iran’s Lengthening Cyber Shadow.”