Last February, Iran was hit by a major cyber-attack which brought national internet connectivity down to 75%. The powerful attack came after recent failed Iranian satellite launches, raising doubts about a potential role of cyber-attacks. However, and despite Israeli reports, Iran continued to deny the occurrence of any systematic attacks which seem to be mounted by the U.S. and its allies.
On February 8, 2020, Iran was subjected to a powerful cyber-attack. According to NetBlocks, a non-governmental organization that monitors cyber-security and the governance of the internet, data from Iran showed that Iranian communication networks were down for several hours, and Iranian authorities found themselves obliged to block access to the Internet by 75%, in order to be able to repel cyber-attacks and protect the country's sensitive infrastructure.
The Iranian Ministry of Information and Technology claimed that it repelled the attack by using the so-called "Digital Fortress" which serves as the country's cyber defense system against distributed-denial-of-service attacks. The "Digital Fortress" system was rolled out in May 2019 following an uptick in cyber-attacks against the country. The latest attack is the largest to date, but recent months have seen a steady increase in cyber-attacks against Iran.
The Iranian authorities remained silent about who launched the latest attack. Officials in Tehran claimed that the authorities "have not yet reached any indication of a state sponsor of the attack, adding that the large-scale attack was launched using misleading Internet protocols in East Asia and North America." Such an explanation is most likely intended for face-saving.
Iran's Weak Response (So far)
The tendency not to discuss the identity of the attackers in the cyber domain has become an Iranian tradition. Perhaps the best rationale for this is that Tehran does not want to appear weak by admitting that it is vulnerable to cyber-attacks. Iranian officials also refused to point the finger at any particular country of being behind the attacks when Iranian government institutions were similarly attacked in December 2019.
Meanwhile, Iran's ability to finance cyber defenses remains an open question at best, while the country continues to suffer from harsh economic sanctions. For example, the "Digital Fortress" system has a reported cost of only $1.4 million. Further, there have been reports that there are 10 other sub-projects under the "Digital Fortress" at a total cost of $2.1 million. If this is proven to be true, a budget of $3.5 million is considered to be very small, unless Iran has enough experts and domestic resources that Tehran can use in cyber defense strategy, without the need to pursue international cyber-security deals or purchases.
Who Are the Attackers?
The United States and Israel are clearly the most likely actors behind these attacks. Both countries have the motivation and ability to launch such attacks. The history of the using cyber-attacks dates back to the Cold War era. The United States, driven by the perception that the former Soviet Union had the upper hand in technology after the launch of the Sputnik spacecraft, established the "Defense Advanced Research Projects Agency" in the Pentagon. Obstructing enemy communications has been a major task for the new agency since its inception, and remains so to this day.
The recent attack on Iran was a distributed-denial-of-service attack using computers ranging in number from several devices to thousands of "malicious" devices to coordinate a massive attack, on one network, that will continue as long as the attacker wants it. The cost of these cyber-attacks is relatively low.
One of the most high-profile cyber-attacks is the Russian operation in 2007 against Estonia that brought the latter’s IT infrastructure to the brink of collapse. A year later, Russia again launched an attack against Georgia during the Russo-Georgia War. The Russian operations involved psycho-political goals.
In previous attack on Iran, the U.S. and Israeli attacks were more targeted, such as the malicious "Stuxnet" worm that targeted control systems in 2010, and penetrated the network built by the German company "Siemens" to control Iran's centrifuges. The Stuxnet worm was exceptionally dangerous for two reasons:
The Stuxnet worm attack was like a surgical procedure. Despite the impact of the attack on computers around the world, it was designed to operate only when it reached the Iranian nuclear program. In 2012, it became clear that the United States and Israel jointly developed the Stuxnet virus to derail Iran's nuclear program.
Perhaps what set a precedent in the Stuxnet worm is the fact that it considered an example of a cyber-weapon that left actual damage to Iranian nuclear reactors. Not only did it slow down the reactor system, but it caused real physical damage, as if the centrifuges were bombed.
Possible Restrictions on Cyber-War
There is a large international debate going on at the present time about the legality of using cyber warfare and whether a cyber-attack, for example, is different from a missile attack, as long as the cyber-attack sometimes has the ability to inflict material damage similar to the missile attack. The answers to this question will largely depend on political, diplomatic and strategic considerations, and not on abstract discussions about international law. However, cyber warfare at the present time has not been largely studied, and therefore, it remains an open field of controversy.
The United States and Israel view cyberspace as one of the areas of war in which they favor attack. The "Stuxnet" attack was a prominent example of this position, but the Trump administration could be willing to go further in such an attack. The same applies to Israel, if it believes that Washington will not object to utilizing the cyber warfare against countries like Iran.
Israelis excel at using cyber weapons. In the case of Syria, the Israelis employed cyber warfare simultaneously with conventional war tactics to hit Syrian weapons installations. Israel did this by penetrating the Syrian defense network, controlling air defense computers, and making the Syrian airspace appear empty when Israeli warplanes were in fact attacking a Syrian facility. For this reason, there was speculation whether the Israelis could actually control the Iranian air defense network, or deceive the Iranian Revolutionary Guard in one way or another, about the identity of the Ukrainian plane that was shot down by Iran on January 8. According to Iran's established tradition of not naming the attackers, Tehran did not say that Israel might have been able to do so. Meanwhile, Israel today continues to receive stronger support from the U.S., and may participate in a wider campaign against Iran, including its satellite project.
Iran’s Failed Satellite Launch Record
The administration of former US President Barack Obama previously cooperated with Israel in developing and launching the Stuxnet virus, but the Trump administration seems more willing to accept cooperation with Israel in carrying out bold attacks against Iran.
Iran had already managed to put a satellite into orbit during 2009, 2011, and 2012, but its efforts in this area have not succeeded recently. According to some estimates, 67 percent of Iran satellite launches fail compared with 5 percent only at the global level.
In 2019, Iran failed in two satellite launch attempts in addition to a rocket explosion on the launch pad in August of the same year. A separate fire broke out at the Imam Khomeini Space Center in February 2019, which killed three researchers, according to the Iranian authorities.
This persistent failure might suggest that sabotage is a possible reason. The last satellite launch failure occurred on the eve of the most recent cyber-attack on Iran. Israeli Prime Minister Benjamin Netanyahu has suggested that Israel was behind this, but it could be just part of the psychological warfare against the Iranians. Also, Trump mocked the Iranians, in August 2019, when the satellite rocket exploded on the launch pad.
The failed launch attempts may have been caused by Iranian incompetence or conducting highly dangerous experiments. The Iranians said that the latest rocket, which failed to deliver the Zafar-1 satellite to orbit on February 9th, had used a new generation of rocket engines made of composite materials instead of steel. Commander-in-Chief of the Revolutionary Guards, Major General Hossein Salami, said that the new rocket engines "will make Iranian rockets cheaper, lighter, faster and more accurate."
Iran's pursuit of cost reductions may be a reason for the failed satellite launches, or it may have been the result of Israeli sabotage. Meanwhile, one thing is certain: the Trump administration has, since 2017, accelerated efforts to sabotage the Iranian missile project and hamper Iran's efforts to develop missiles. One of the first steps that Mike Pompeo took as CIA chief in 2017 was to strengthen the sabotage program against Iran. It was President George W. Bush who initiated this program, which included sabotaging Iranian supply chains and purchases of materials needed by Tehran to build its missile program.
Political Fallout of Cyber-Attacks Against Iran
While Tehran wants to avoid public humiliation by not admitting that it is being subjected to cyber-attacks by the United States and Israel, it is no secret that there has been a major ten-year campaign of sabotage against the country.
That campaign began as a specific effort, first targeting the supply chain of Iranian missile programs, and then that effort became more aggressive with the use of the Stuxnet virus and other acts of sabotage against Iran. The question now is; how far will the sabotage by the United States and Israel go? Will it become more violent, and therefore more lethal? How can Iran respond - if it can do so - or protect itself?
This path of escalation over recent years is undoubted. At the same time, the situation could escalate easily and at a faster pace, with a team of hard-line officials in the White House like Mike Pompeo at the State Department, and Gina Haspel at the CIA.
Dr. Ebtesam al-Ketbi | 24 Sep 2020
Ahmed Zaghloul Shalata | 21 Sep 2020
Shereen Mohammed | 21 Sep 2020