The New Battleground in the U.S.-Iranian Covert War
The emergence of cybersecurity as a global problem reveals that states are harnessing cyber technologies in the service of their respective national security and foreign policy interests. One question arising from this phenomenon is how the embrace of cyber means and methods might affect strategic and geopolitical competition among rival powers. Will the increasing exploitation of cyber technologies destabilize power politics given the technologies’ unique qualities? Or will these technologies become just another tool rivals use jockeying for international influence?
David Sanger’s story in the New York Times on February 22 about the “growth of cyberwarfare between the U.S. and Iran” provides some food for thought concerning how rival states are using cyber means. The story analyzes an April 2013 NSA document published by The Intercept, courtesy of Edward Snowden, that contained talking points about Iran for then-NSA director Keith B. Alexander.
Sanger emphasizes “the striking acceleration of the use of cyberweapons by the United States and Iran against each other” and the “computer competition between the United States and Iran.” Sanger quotes David Rothkopf as arguing that, in U.S. strategic decision-making, the cost of using cyber weapons is sufficiently low that U.S. officials seem to believe that “we can’t afford not to use them.” That certainly appears to be the attitude with respect to Iran, with the document highlighting NSA’s successful cooperation with Britain’s GCHQ on “multiple high-priority surges” against Iran that allowed NSA to “maximize our target coverage.”
Based on Sanger’s analysis and the NSA document, it looks as if Iranian officials have reached the same conclusion. The document describes Iranian cyberattacks against U.S. financial institutions and Saudi Aramco in retaliation for cyber attacks Iran experienced, including the Stuxnet operation and a cyberattack on its oil industry. The NSA notes Iran’s “clear ability to learn from the capabilities and actions of others” and its “striving for increased effectiveness by adapting its tactics and techniques to circumvent victim mitigation attempts.”
Here, competition is taking place in two contexts. First, the United States and Iran are engaged in cyber-centric competition, with each side playing offense and defense in cyberspace. According to the NSA, Iran developed and used cyber means and methods to retaliate against cyber attacks it suffered. The retaliation involved unsophisticated DDoS attacks in response to Stuxnet, and cyberattacks to destroy data on Saudi Aramco computers “after having been a victim of a similar attack against its own oil industry.” In this cyber-on-cyber context, Iran is increasing its capabilities and demonstrating its willingness to use them.
The second context involves the larger strategic and geopolitical relationship between the United States and Iran. The U.S. government faces multiple challenges with Iran, including—as the NSA document mentions—the negotiations on Iran’s nuclear program and Iran’s efforts to “extend [...] its influence across the Middle East.” Neither of these are specific to, or dependent on, cyber technologies. The NSA document reveals the U.S. government bringing its cyber capabilities to bear on these challenges, including cyber espionage designed to support U.S. negotiators in the nuclear talks and integration of cyber inputs into crisis contingency planning for Iran. In this cyber-in-realpolitik context, the United States applies its cyber capabilities, in parallel with other sources of material power, to advance its overarching strategic and geopolitical interests vis-à-vis Iran.
Sanger characterizes the NSA document as evidence of expanding cyberwarfare between Iran and the United States, which implies that cyber-on-cyber competition between the two has the potential to destabilize the broader strategic and geopolitical relationship. I read the document differently.
In the cyber-on-cyber context, the Iranian actions described in the document are retaliatory and do not appear to involve escalation from the attacks it experienced. In that sense, the Iranian counter-strikes look calibrated to respond in kind, signal commitment and capabilities to compete in this realm, and perhaps deter future attacks. Presently, neither DDoS nor destruction-of-data attacks constitute warfare. The United States has not treated them as such, as evidenced by its labeling of the North Korean cyber attack on Sony, which included the destruction of data, as “cyber vandalism.”
The destabilizing strategic factors for the United States in the NSA document—Iran’s nuclear program and its attempts to spread its influence in the Middle East—do not arise from cyber-on-cyber competition. The strategic nightmare of Iran developing a nuclear weapons capability is what led the United States to deploy its cyber power against Iran in the Stuxnet operation. Even in this cyber-in-realpolitik context, neither the Stuxnet attack nor the escalating “cyberwarfare” has stopped the two countries from continuing to negotiate a possible nuclear deal, which demonstrates how subordinate the cyber elements of this rivalry are in the broader scheme of things. The expansion of Iranian influence in the Middle East also has nothing to do with cyber-on-cyber competition, and this geopolitical problem is not one the United States will manage effectively by focusing on cyber power.
In addition, the U.S. attempt to use a cyber attack to address its strategic concerns about Iran’s nuclear program did little, it appears, to mitigate that threat, but, according to the NSA document, contributed to Iran’s ability to compete more effectively in the cyber-on-cyber context. This boomerang effect suggests that using cyber attacks as leverage for strategic and geopolitical interests might be counterproductive because they have little impact on the balance of influence and advantage but can help the adversary, in the NSA’s words, “learn from the capabilities and actions of others.”
One leaked two-page document does not, of course, tell us everything about how cyber technologies affect power politics now or in the future. Cyber-on-cyber competition might, one day, prove sufficiently disruptive to upset strategic and geopolitical calculations among rivals. But, based on the NSA document in question, that is not what is happening between the United States and Iran.
David P. Fidler is a Visiting Fellow for Cybersecurity at the Council on Foreign Relations and is the James Louis Calamaras Professor of Law and a Senior Fellow at the Center for Applied Cybersecurity Research at Indiana University and an Associate Fellow with the Centre on Global Health Security at Chatham House.
This article originally appeared on CFR's Net Politics blog here.
Image: Flickr/ Chairman of the Joint Chiefs of Staff