Cyberattacks – a neglected consequence of withdrawing from the Iran nuclear deal
Following the U.S.’ decision to withdraw from the Iran Nuclear Deal, it is expected that Iranians will retaliate in the form of cyberattacks with potentially devastating results.
When President Trump decided to withdraw from the JCPOA, most commonly known as the Iran Nuclear Deal, he was aware of the repercussions on foreign relations but neglected a critical consequence – cyberattacks.
The Iran nuclear deal did not only prevent dangerous nuclear developments, but also fostered a greater understanding of peace and cooperation. The overall environment of improved relations and trade also included a significant decline on Iranian state-sponsored cyber attacks. Prior to the agreement, Iran had a history of inflicting powerful attacks on U.S. public and private functions.
With the abrupt killing of the agreement, a resumption of these types of attacks is possible as a form of retaliation from the Iranian government.
On top of that, on 21 May, Secretary of State Mike Pompeo outlined an aggressive strategy towards Iran. Although this set of demands calls for an end to “destructive cyber attacks”, the tone of the speech is likely to serve as a provocation for further cyber-hostilities rather than a warning.
Iran: a country with proven massive cyber capabilities
Up until today, the U.S. and Iran have been launching multiple digital attacks against one other for various purposes from inflicting real damage to espionage. The most notable U.S. attack was the 2010 compromise of the Iranian Uranium enrichment facilities using a malware worm called Stuxnet. Since then, a large majority of Iranian attacks were not only ideologically-driven, but also a form of direct retaliation.
It is worth reviewing the most impactful Iranian cyber attacks in order to understand the country’s cyber capabilities of damaging critical infrastructure.
One of the most notable attacks was Operation Ababil, which managed to cripple the websites and subsequently operations of 46 banks in the U.S. The hacker group named Izz ad-Din al-Qassam launched Denial of Services attacks that effectively flooded the servers and spread panic.
Another prominent attack, this time on infrastructure, was in 2013, when hackers associated with the Revolutionary Guard Corps managed to gain access to the systems of a small dam in Rye Brook, New York. The Bowman Avenue Dam computers that controlled the water levels and flow gates were infiltrated, but no physical damage occurred. An attempt to do so would have failed anyway, as the systems were offline due to a repairing process. Even though there was no real harm caused by this attack, it is a great indicator of the capacity to exploit vulnerabilities in critical infrastructure.
Lastly, there have been successful Iranian cyber attacks on infrastructure outside of the U.S. One example is a series of attacks over the last year and a half on Saudi petrochemical plants. The most serious incident occurred in 2017, when hackers seized the plant’s operational safety controls that had the potential to ignite a chemical explosion. The extent of this attack as well as its recency shows that as time progresses, Iran develops its cyber-capabilities rapidly and exponentially.
Trump’s contradictory cyber security strategy
While Europe strives to implement a robust cybersecurity framework, the Trump presidency has not yet managed to improve U.S. security systems. On May 2017, President Trump signed an executive order on cybersecurity that revised some measures on accountability and IT modernization, but lacked some essential elements such as a security plan for the private sector and most importantly- innovation. Most experts consider this order a move towards strengthening cyber security, but warn that it is not really a strategy nor does it promise speedy progress.
Since signing the order, there has been little progress on the issue. Apart from lacking a clear plan and the disregard of senators’ recommendations on innovative cybersecurity measures, Trump seems to manifest a general attitude of disinterest. It was reported recently that the President’s smartphone has not been assessed for months, as he considers the process “too inconvenient”. This stance signifies an underestimation of the potential damage that could be caused by cybercrime.
Moreover, the U.S.’ cybersecurity strategy has thus taken a contradictory form. On the one hand, there is little action on security, while on the other, President Trump often publicly stresses the importance of prioritizing cybersecurity. At the time when JCPOA was scrapped, and officials were warning about the high possibility of Iranian cyber attacks, the White House completely removed the position of Cybersecurity Coordinator.
Outlook
Undoubtedly, Iran has invested significant resources in developing its cyber-expertise, and has the ability to inflict critical damage to networks and systems. That being said, it is not certain that Iran will increase its cyberattacks due to the U.S.’ withdrawal from the nuclear deal, nor that, if it does, the success of these attacks is guaranteed. After all, the U.S. is still one the most advanced actors in the field of cybersecurity.
However, Trump’s stance of underestimating the significance of cyber threats as well as the administration’s aggressive approach towards the Iranian regime are major motivating factors that suggest Iran may pursue a cyber-hostile agenda.
