President Trump approved an offensive cyber strike that disabled computer systems used by Iran’s Islamic Revolutionary Guard Corps to control rocket and missile launches, “crippling Iran’s military command and control systems,”
U.S. ATTACKS IRAN WITH CYBER NOT MISSILES — A GAME CHANGER, NOT A BACKTRACK
By Zak Doffman, Security and Surveillance, Forbes, June 23, 2019:
The decision by U.S. President Trump to pull back from a retaliatory strike against Iran for the downing of a surveillance drone because there would be “too many deaths for a proportionate response” has been painted as a backtrack. Instead, “President Trump approved an offensive cyber strike that disabled computer systems used by Iran’s Islamic Revolutionary Guard Corps to control rocket and missile launches.”
“Though crippling to Iran’s military command and control systems,” reported the Washington Post, “the operation did not involve a loss of life or civilian casualties—a contrast to conventional strikes, which the president said he called back Thursday because they would not be ‘proportionate’.”
That is not a backtrack, it’s a game changer.
A physical missile strike against military targets in Iran would generate headlines and newsworthy images. It would kill scores of people. But in the end, it would make little difference to the standoff between Washington and Teheran. If, however, the reports are true and the U.S. has compromised Iran’s networks to the extent that Teheran’s core command and control systems are now vulnerable, that changes the dynamics completely.
Offensive cyber capabilities have long been the most sensitive and nationalistic of government activities. Despite all the media speculation, most government cyber spend remains focused on the defense of data and networks. And where offensive cyber attacks have taken place, they are not disclosed let alone publicized. For that reason, the reports on June 21 and 22 on the U.S. cyber attack are significant and not by accident.
The physical and digital are entwined. This decision by the U.S. to treat the disclosure of a cyber attack as it might a physical attack when in truth there is no footage and so no need, clearly shows this to be the case. The mix of physical and cyber, retaliating in one dimension for an attack in the other does the same.
We saw this in Gaza in May, when Israeli forces launched a physical strike in retaliation for a cyber attack in what was a world first. Israeli forces announced that they had “thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work.”
And so to this attack and the Washington Post’s report that “the [U.S. Cyber Command] strike against the Islamic Revolutionary Guard Corps was coordinated with U.S. Central Command,” and that the attack had been in the works for weeks, not hours, and could have come any time after the attacks on the oil tankers for which the U.S. blames the IRGC.
There are no official details on the offensive cyber operation which was first reported by Yahoo News. A Department of Defense spokesperson told the media that “as a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning.”
According to Yahoo News, the U.S. “digital strike” also targeted the “Iranian spy group… with ties to the Iranian Revolutionary Guard Corps” that supported the tanker attacks and which “has over the past several years digitally tracked and targeted military and civilian ships passing through the economically important Strait of Hormuz.”
The U.S. cyber attack “imposes costs on the growing Iranian cyber threat, but also serves to defend the United States Navy and shipping operations in the Strait of Hormuz,” Thomas Bossert, a former senior White House cyber official the Washington Post. “Our US military has long known that we could sink every IRGC vessel in the strait within 24 hours if necessary, and this is the modern version of what the U.S. Navy has to do to defend itself at sea and keep international shipping lanes free.”
Iran has also been developing its offensive cyber capability, with Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency, disclosing the “recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies.”
Iranian hackers are thought to be actively targeting U.S. government agencies and commercial organizations. And the U.S. is not alone. The U.K. acknowledged an Iranian cyber attack late last year that compromised high-profile government and commercial systems. Iran does not have anything like the capabilities of China or Russia, but it has made significant improvements in recent years. Iran is now “looking to do much more than just steal data and money,” Krebs said in his statement, “what might start as an account compromise… can quickly become a situation where you’ve lost your whole network.”
Late last week, the National Security Agency confirmed to AP that “there have been serious issues with malicious Iranian cyber actions in the past. In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defenses are in place.”
Krebs attributed this “shift in geopolitical dynamics” to his agency’s decision to issue a formal warning.
Last week, the New York Times cited sources, reporting that the U.S. “is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cyber tools more aggressively.” These new authorities were “slipped into the military authorization bill[which approved] the clandestine military activity deter, safeguard or defend against attacks or malicious cyber activities against the United States.”
Offensive cyber attacks can be mistakenly portrayed as remote, digital-only exercises. This is not the case. Offensive cyber attacks are not isolated and have a critical physical dimension. Compromising nation state systems is complex and mixes physical and digital assets. A wide range of covert ground-based activity and digital espionage targeting individuals and organizations supports the work of the cyber agencies. And it works both ways. Yahoo News reported on the Iranian “honey pots” which use social media to identify vulnerable U.S. sailors, creating fake profiles of “attractive young women” to “gather intelligence on ship movements.”
The Iranian (and Russian) attacks on the U.S. are nothing new, nation-state attacks on systems have become par for the course. We saw this with the NASA hack, as reported by my colleague Davey Winder for Forbes, which bore many of the hallmarks (albeit unconfirmed) of a state-sponsored action. What is new is the openly militaristic dimension to cyber warfare which was in the minds of those who architected the recent U.S. legislation and the remit of the country’s Cyber Command.
And so while the cyber headlines continue to be dominated by talk of Russian election meddling and the U.S. blacklist against China’s technology giants, including Huawei, the cyber legacy from 2019 looks set to be the integration of cyber and physical forces in a way we have not seen before. Yes, such capabilities have been around for some time and have been used effectively on numerous occasions. But not publicly, and not in the mix and match way we’re seeing now.