Cyber war in the US-Iran escalation

0
225
  • The current conflict may depend on cyber war

By Zaheema Iqbal and Hammaad Salik

US-Iran tensions have escalated since the withdrawal of the USA from the Iran nuclear deal. This resulted in harsh sanctions exacerbating the sharp decline of Iran’s economy. The US government has prohibited trade with many Iranian business sectors, including carpets, pistachios, aviation and gold. Cyberattacks are the latest episode in the “Ghost Wars” as both Iran and the USA are heavily engaged in targeting each other’s cyberspace. Even if the current US campaign fails to dislodge the Tehran government, it could cause significant long-term damage to Iran’s economic, military and scientific infrastructure, setting back the country’s military ambitions in the region. This outcome is probably most feasible for US allies in the Middle East, who aren’t worried about the prospect of the  USA committing to an open-ended military conflict with Iran.

The Trump Administration was ready to decertify Iranian compliance with the Joint Comprehensive Plan of Action (JCPOA), despite a lack of evidence of Iranian violations. For critics of the JCPOA, this represented a move in the right direction; the goal of US policy should be the end of the Islamic Republic and the overthrow of the existing regime in Tehran. Instead of an invasion, the USA would likely induce regime collapse through a policy of military and economic strangulation, led by airstrikes, sea-launched cruise missile strikes and the vigorous employment of special cyber operations forces.

Cyber war is not a magic nuke one can fly over and drop one day. It takes decades of planning and preparation. With so much technological advancement in the last few decades, cyber wars are now one of the most difficult wars to defend against

The recent cyberattacks led by US Cyber Command (USCYBERCOM) in coordination with US Central Command (CENTCOM) against Iranian defense and ballistic missile control systems can be linked to the White House announcement and the issuance of FY19 Cyber Strategy in which USA claimed to go offensive in cyberwarfare while USSTRATCOM is on standby in case of escalation. This cyberattack can be termed as a reaction to the shooting down of a US RQ-4A Global Hawk BAMS-D surveillance drone with a Khordad-3 surface-to-air missile over the Strait of Hormuz and limpet mine attacks on oil tankers in Gulf of Oman for which the USA blamed the IRGC; which was already designated a foreign terrorist group by the Trump administration earlier this year. According to DHS and NSA there is a sudden influx in digital traffic from Iran to the USA, suggesting attacks on US core critical infrastructures.

On 22 June US CYBERCOMM Mission Command was tasked to go offensive in Iranian cyberspace. These short yet effective cyberattacks, codenamed ‘Operation Hellfire’, were aimed to cripple Iranian computers which are designated to control air defense systems and ballistic missile launch pads. As per various sources, the cyber-attacks had disabled the weapons and missile system of Iran. However, some other sources suggest that it was intended to disable the systems offline for a period of time. For the USA to launch an aggressive attack on Iran, it relies heavily on its naval presence– the USS Abraham Lincoln Carrier Strike Group and a Bomber Task Force integrated to the Central Command  are already strategically deployed in the Gulf of Oman for quick responsiveness, also the USA will rely on its Gulf allies to provide air bases for operations alongside naval deployment. To carry out successive air strikes, the first logical step was to take down the Iranian air defense systems and ballistic missile controls. Other military officials suggest this was just as an act of power to show Iran that their defense networks could easily be penetrated. Earlier this year in a similar operation, servers belonging to the Internet Research Agency (IRA) in St Petersburg Russia were also jammed and brought offline in a Cyber Command operation called Synthetic Theology.

Whatever the case may be, Iran has had a contentious cyber history with the USA. In the past, Iran has also been engaged in hacking US government companies, banks, energy sector, dams and agencies. The Iranian state-backed actors involved in cyberattacks dubbed “Refined Kitten” has been continuously targeting the US defence and energy sector for years. The Department of Homeland Security has also stated that Iran has increased digital attacks against the US government since the escalation between the two countries. Cybersecurity firms like FireEye and CrowdStrike said that Iranian stated backed APT (Advanced Persistent Threat) Groups have launched massive cyberattacks against US critical infrastructure, including oil and gas. These APTs have been using spear-phishing emails to lure Federal and State employees to gain access into the US systems. According to sources, CrowdStrike has also shared images of spear-phishing emails. One such email appeared to come from the Executive Office of the President and seemed to be trying to hire people for an economic advisory position. Another email was more generic in nature and appeared to have Microsoft Outlook’s global address signature. The most recent explosion and massive fire on 21 June rocked a refinery complex in South Philadelphia, one of the largest on the East coast. This is one such example in which Iran has used “destructive- ‘wiper’ attacks”. The US Government is still investigating the events but the digital trace and evidences show it as a cyber-attack. These cyberattacks appear to have started shortly after the Trump Administration imposed sanctions on the Iranian petrochemical sector.

Development in cyberweaponry takes years to create a new weapon. The cyberattack of Stuxnet on Iranian nuclear system damaged more than 70 percent of nuclear centrifuges earlier in 2009. The attack was launched by the joint US-Israel forces in an operation called “Operation Olympic Games” against Iran nuclear facilities at Natanz. The Stuxnet is also considered as world’s first known ‘digital weapon’ which was an experiment to test the US cyber warfare capabilities. US military strategists came up with a blueprint with selective indicators targeting Iran’s core critical infrastructure in a vicious plan called ‘Nitro Zeus’. The early stages of the Nitro Zeus are to target Iran’s existing military infrastructure, including air bases, naval bases and ballistic missile installations. These attacks would do significant damage, notwithstanding existing Iranian air defenses, which would also come under attack. Iran’s naval and air forces would suffer terribly, and widespread strikes would also exact a toll on Iran’s ground and missile forces.

The action by US Cyber Command shows the increasingly mature cyber warfare capabilities and the aggressive cyber strategy under the leadership of President Trump. Over the last year, the Trump Administration has focused on continuously engaging with adversaries in cyberspace and undertaking more offensive operations. In the Cyber Strategy, Trump vows to his people to preserve peace and security by strengthening the ability of the USA– in concert with its allies and partner– to deter and, if necessary, punish those who use cyber tools for malicious purposes.

As nations enhance their abilities to be engaged in cyberspace offensively, their ability to pick and initiate a war physically is drastically reduced. Cyber war is not a magic nuke one can fly over and drop one day. It takes decades of planning and preparation. With so much technological advancement in the last few decades, cyber wars are now one of the most difficult wars to defend against.

Zaheema Iqbal is a senior cyber security policy researcher at National Institute of Maritime Affairs, Bahria University Islamabad and can be reached at [email protected]

Hammaad Salik is the founder of Strategic Warfare Group,with expertise is in Cyber Warfare Operations & Kinetic Warfare, and can be reached at [email protected]