The Buzz

The New Battleground in the U.S.-Iranian Covert War

The emergence of cybersecurity as a global problem reveals that states are harnessing cyber technologies in the service of their respective national security and foreign policy interests. One question arising from this phenomenon is how the embrace of cyber means and methods might affect strategic and geopolitical competition among rival powers. Will the increasing exploitation of cyber technologies destabilize power politics given the technologies’ unique qualities? Or will these technologies become just another tool rivals use jockeying for international influence?

David Sanger’s story in the New York Times on February 22 about the “growth of cyberwarfare between the U.S. and Iran” provides some food for thought concerning how rival states are using cyber means. The story analyzes an April 2013 NSA document published by The Intercept, courtesy of Edward Snowden, that contained talking points about Iran for then-NSA director Keith B. Alexander.

Sanger emphasizes “the striking acceleration of the use of cyberweapons by the United States and Iran against each other” and the “computer competition between the United States and Iran.” Sanger quotes David Rothkopf as arguing that, in U.S. strategic decision-making, the cost of using cyber weapons is sufficiently low that U.S. officials seem to believe that “we can’t afford not to use them.” That certainly appears to be the attitude with respect to Iran, with the document highlighting NSA’s successful cooperation with Britain’s GCHQ on “multiple high-priority surges” against Iran that allowed NSA to “maximize our target coverage.”

Based on Sanger’s analysis and the NSA document, it looks as if Iranian officials have reached the same conclusion. The document describes Iranian cyberattacks against U.S. financial institutions and Saudi Aramco in retaliation for cyber attacks Iran experienced, including the Stuxnet operation and a cyberattack on its oil industry. The NSA notes Iran’s “clear ability to learn from the capabilities and actions of others” and its “striving for increased effectiveness by adapting its tactics and techniques to circumvent victim mitigation attempts.”

Here, competition is taking place in two contexts. First, the United States and Iran are engaged in cyber-centric competition, with each side playing offense and defense in cyberspace. According to the NSA, Iran developed and used cyber means and methods to retaliate against cyber attacks it suffered. The retaliation involved unsophisticated DDoS attacks in response to Stuxnet, and cyberattacks to destroy data on Saudi Aramco computers “after having been a victim of a similar attack against its own oil industry.” In this cyber-on-cyber context, Iran is increasing its capabilities and demonstrating its willingness to use them.

The second context involves the larger strategic and geopolitical relationship between the United States and Iran. The U.S. government faces multiple challenges with Iran, including—as the NSA document mentions—the negotiations on Iran’s nuclear program and Iran’s efforts to “extend [...] its influence across the Middle East.” Neither of these are specific to, or dependent on, cyber technologies. The NSA document reveals the U.S. government bringing its cyber capabilities to bear on these challenges, including cyber espionage designed to support U.S. negotiators in the nuclear talks and integration of cyber inputs into crisis contingency planning for Iran. In this cyber-in-realpolitik context, the United States applies its cyber capabilities, in parallel with other sources of material power, to advance its overarching strategic and geopolitical interests vis-à-vis Iran.

Sanger characterizes the NSA document as evidence of expanding cyberwarfare between Iran and the United States, which implies that cyber-on-cyber competition between the two has the potential to destabilize the broader strategic and geopolitical relationship. I read the document differently.

In the cyber-on-cyber context, the Iranian actions described in the document are retaliatory and do not appear to involve escalation from the attacks it experienced. In that sense, the Iranian counter-strikes look calibrated to respond in kind, signal commitment and capabilities to compete in this realm, and perhaps deter future attacks. Presently, neither DDoS nor destruction-of-data attacks constitute warfare. The United States has not treated them as such, as evidenced by its labeling of the North Korean cyber attack on Sony, which included the destruction of data, as “cyber vandalism.”