With renewed sanctions imposed on it by the United States, Iran may be poised to increase the frequency and destructiveness of its cyber-attacks, two experts warned in a paper published on Tuesday by the Foundation for Defense of Democracies.
Annie Fixler, a policy analyst at FDD, and Frank Cilluffo, the director of the McCrary Institute for Cyber & Critical Infrastructure Security at Auburn University, argue that facing an economy “whose currency is already in free fall and appears headed for a deep recession,” Iran’s leadership “may become a more aggressive actor both in the virtual and physical worlds.”
Tehran has previously shown that it “will exploit deficient cyber defenses to wreak havoc on its adversaries’ networks.”
In a brief overview of Iran’s cyberwarfare capabilities and methods, Fixler and Cilluffo describe Iran’s cyber capabilities as the “latest” addition to its “asymmetric toolkit.” Specifically, they observed that Iran engages in “cyber-enabled economic warfare—a strategy involving cyber attacks against an adversary’s economic assets in order to reduce its political and military power.”
There is also increasing evidence that it is Iran’s Islamic Revolutionary Guard Corps that is behind Iran’s cyber warfare.
Fixler and Cilluffo identify 2009-10 as the time that Iran “accelerated” the development of its cyber capabilities, following the Stuxnet virus, reportedly engineered by the United States and Israel, that wreaked havoc on Iran’s nuclear program. In 2012, in response to U.S.-imposed economic sanctions, Iran targeted both American banks and Saudi Arabia with cyber attacks.
But Iran never gave up its cyber warfare, even while it was negotiating the nuclear deal. Though it mostly targeted regional neighbors with destructive attacks during this time, from 2013 to 2017 “Iranian hackers infiltrated hundreds of universities, private companies and government agencies in the U.S. and around the world, stealing more than 30 terabytes of academic data and intellectual property,” Fixler and Cilluffo reported.
Earlier this year, the United States indicted nine Iranians for their role in this massive hacking scheme.
Given Iran’s use of cyber attacks in the past as a response to sanctions, Fixler and Ciluffo warn that with the newly imposed U.S. sanctions threatening to destabilize Iran’s economy further, and with a proven capacity to engage in “aggressive and destructive cyber and non-cyber-related malign activities,” Iran is a threat to ramp up its cyber attacks on U.S. targets.
To counter this threat, the authors call on America to take a series of measures to blunt the effectiveness of Iran cyber offensives. These measures include accurately assessing Iran’s past cyber activities, targeting those assets that boost Iran’s cyber capabilities, sharing information with allies to counter the Iranian threats, and announcing that the United States will defend its allies against Iranian cyber attacks.
In their conclusion, Fixler and Cilluffo observe that “while Iran does not have the cyber capabilities of China, Russia or North Korea, Tehran is willing to take greater risks and cause greater destruction.”
They call on U.S. policymakers to “begin to initiate more robust defensive initiatives with allies and the private sector, and simultaneously prepare cyber and kinetic countermeasures, Washington may well prevent a more devastating cyber battle in the future.”