Intelligence brief | 18 November 2013

Irans cyber posture

In early October 2013, t e !eat of a it erto little "no#n in!ivi!ual by t e name of $o%taba & ma!i #as reporte! near 'ara%, slig tly nort #est of (e ran) & ma!i #as s ot t#ice in t e c est from a passing motorcycle accor!ing to an eye#itness account in t e Iranian press t at #as later ta"en offline) & statement by t e Iranian *evolutionary +uar!s ,orps -I*+,. in contrast !enie! t at an assassination a! ta"en place, a!!ing only t at investigations #ere un!er#ay) &s it turne! out, & ma!i #as a "ey cyber #arfare comman!er, an! possibly Irans cyber #ar c ief) ( e trut of t e matter asi!e, t is event brings to min! t e spate of Iranian nuclear scientists # o #ere targete! in similar circumstances over t e past seven years) In a!!ition to assassination attempts, t e covert tit/for/tat #ar bet#een Iran on t e one an!, an! t e 0nite! 1tates, Israel an! various 2estern allies on t e ot er as stea!ily e3pan!e! to inclu!e a coc"tail of !iplomatic pressure, economic sanctions, attac"s !irecte! at civilians overseas, an! no#, a virtual #ar #it real/life conse4uences) By force of circumstance as muc as by !esign, Iran as respon!e! in "in! an! is clearly c annelling greater resources to#ar!s its o#n cyber front)

5orce structure an! capabilities

( e Iranian aut orities ave been policing !omestic #ebsites, social me!ia an! virtual private net#or"s -67Ns., mainly #it , inese assistance, in or!er to clamp !o#n on !issent an! inter!ict soft influences from abroa!, especially after t e +reen $ovement protests of mi!/2008) & Cyber Police unit -59(&. #as set up in 2008 to combat internet crimes an! neutralise online !issent net#or"s an! enforce Islamic cyberspace !ecorum -t e latter in tan!em #it t e Committee for the Identification of Unauthorised Websites, # ic reports to t e 1upreme ,ouncil of t e ,ultural *evolution.) ( e Iranian government as also ta"en steps to implement an alternative searc engine -!ubbe! Ya Hagh, :O +o! ;(rut <. an! is planning a parallel, = alal= Iran/only internet net#or") It as matc e! t ese moves by slo#ing !o#n regular internet spee!s in or!er to eventually !iscourage its use) ( e i!ea of cyber !efence #as purporte!ly raise! #it t e lea!ers ip as far bac" as 200> but Iran=s cyber policy only effectively too" s ape in t e #a"e of t e 1tu3net attac"s !iscovere! in late 2010)

Open Briefing | 1

& Cyber Defense Command -Qarargah-e Defa-e Sayberi. #as establis e! un!er t e %uris!iction of t e 7assive -or ,ivil. ?efence Organisation -Sazeman-e Padafand-e gheyr-e amel. an! ultimately, t e @oint 1taff of t e &rme! 5orces) Aea!e! by Briga!ier/+eneral + olam/*eBa @alali, t e 7assive ?efence Organisation as also over recent years overseen a large number of country/#i!e cyber rea!iness !rills) In $arc 2012, upon its initiative, cyber !efence programmes #ent online in a number of Iranian universities) &lso in $arc 2012, t e Supreme Council of Cyberspace -Shora-ye Ali-ye Faza-ye Majazi., # ic subsumes all ot er cyber organisations un!er its fol!, came into being by !ecree of t e 1upreme Cea!er) ( is #as a clear signal t at cyber #arfare #as encefort to be regar!e! as a strategic t reat, an! cyberspace a !istinct arena for Irans ongoing conflict #it 2estern status 4uo po#ers an! Israel) ( e series of viruses inclu!ing 1tu3net, ?u4u, 5lame an! possibly 1tars, # ic attac"e! its uranium centrifuge programme before targeting ot er critical sectors, is very li"ely to ave impelle! t e Iranian government to cross t e cyber !efense t res ol! to one of offensive !eterrence) (e ran is estimate! to ave investe! over D1 billion in !eveloping an off/t e/boo"s Cyber Army consisting of a nebulous an! ig ly compartmentaliae! ne3us of official an! semi/official ac"tivists, all of # ic comes un!er t e comman! of t e I*+, accor!ing to t e 1upreme Cea!er=s representative to t e organisation, &li 1aee!i) & number of ot er foot sol!ier/type cyber battalions ave come online #it in t e paramilitary Basi% volunteer force, organise! aroun! t e Basi Cyberspace Council! &ccor!ing to reports, members of t e latter engage in massive pro/regime public !iplomacy campaigns as #ell as t e trac"ing an! removal of anti/regime content) 5urt ermore, in!epen!ent, competing groups suc as &s iyane, @e a!/e +omnam/e $a%aBi -6irtual &nonymous @i a!., 1 abgar! an! 1imorg are "no#n to ave aut ore! ig ly visible ac"ing campaigns in increasing cooperation #it t e Iranian government) Castly, in a!!ition to cyber units affiliate! #it AeBbolla , 1yria, an! allege!ly to some e3tent, Aamas, Iran may conceivably be enlisting t e assistance of ot er actors, bot state an! non/state, far beyon! its bor!ers) In @uly 2011, a spy#are trace! bac" to Iran an! !ubbe! $a !i, #it capabilities not !issimilar from t ose of 5lame, #as !iscovere! infecting infrastructural targets in Israel an! a number of states aroun! t e 7ersian +ulf) But rat er t an pure espionage, t e tren! as s ifte! to#ar!s cyber offensives) In &ugust 2012, a group "no#n as t e ,utting 1#or! of @ustice unleas e! a virus !ubbe! 1 amoon on t e internal communications net#or" belonging to 1au!i &rabia=s &ramco state oil corporation) ( e virus blan"et/ !elete! crucial !ata in t ree/4uarters -i)e) 30,000. of t e companys computers an! replace! it #it t e image of a burning 01 flag) &not er attac" too" place a fortnig t later against *as+as, Eatar=s "ey li4uefie! natural gas pro!ucing company) Bet#een 1eptember 2012 an! @anuary 2013, a group "no#n as t e 9BBe!!in al/Eassam ,yber 5ig ters carrie! out multiple !istribute! !enial/of/service -??o1. attac"s against several ma%or 01 financial institutions inclu!ing Ban" of &merica ,orp, ,iti+roup, @7$organ, , ase an! 2ells 5argo) ( is amounte! to attac"s against 01 targets on 01 territory) Iranian ac"ers are also believe! to ave carrie! out cyber attac"s on a large number of #ebsites belonging to foreign governments -e)g) t e 0nite! 1tates, t e 0nite! 'ing!om, 5rance, t e 7ersian +ulf states, Israel an! , ina., commercial entities -e)g) ?utc #eb security firm ?igiNotar., me!ia outlets -e)g) *a!io Famane an! 6oice of &merica 7ersian. an! social net#or"s -e)g) (#itter.)

Open Briefing | 2

Intentions
0nli"e most ot er states in t e $i!!le 9ast, Iran possesses t e uman an! tec nological resources to turn cyberspace into a battlefiel!G accor!ing to some sources, it alrea!y ran"s among t e top five cyber states H along #it t e 0nite! 1tates, *ussia, , ina an! Israel) ( e recor! suggests t at Iran=s military cyber policy -in contra!istinction to !omestic surveillance. remains largely !efensive in c aracter) But it is increasingly !ifficult to !ra# a clear line bet#een offensive an! purely !efensive means, an e3ercise t at #oul! ave been more practicable in t e previous century) Iran=s cyber con!uct closely mirrors t at of its offline security !octrine, # ic is in t e first instance pre!icate! on t e !efence of its sovereign territory an! t e 7ersian +ulf an! 1trait of AormuB) & secon!ary but significant aspect is t e !eployment an! activation of assets beyon! its bor!ers in #ays t at actively !eter potential aggressors) 2 ere t is fails, retaliation can be e3pecte!, # ic case bot offline an! online) Iran=s emerging cyber posture fits an!/in/glove #it in its current palette of strategic responses o#ing to its asymmetric c aracter -outsiBe! yiel! for a relatively lo# input, an! against a conventionally superior a!versary., t e ig !egree of plausible !eniability it confers, t e possibility of outsourcing e3pertise, an! more importantly, t e active !eterrence emplace! against # at (e ran perceives, #it %ustification, as attac"s initiate! against it) *ecall t at Iran starte! en ancing its cyber capabilities in earnest follo#ing t e attac"s targeting its centrifuges in t e NatanB uranium enric ment facility) +iven t at t e 0nite! 1tates an! Israel are also prime movers in t e cyber !omain # o see" increasing recourse to it as a #eapon of preference, Iran s oul! be e3pecte! to respon! in "in!) as been t e

Implications
,yberspace provi!es a me!iate! environment for alternative forms of #arfare) 2 ile t is, prima facie, avoi!s t e ris"s of !irect "inetic confrontation, t e results can ave very tangible an! t erefore !isruptive conse4uences on t e life of a society an! t e economy t at "eeps it going) If 1tu3net, # ic is believe! to ave been %ointly scripte! by t e 0nite! 1tates an! Israel, coul! #rec" p ysical !amage on Iran=s centrifuges by merely upsetting t eir spin fre4uencies, any ot er critical installation !epen!ent on computerise! accuracy an! reliability is li"e#ise vulnerable) +iven t at ban"ing systems, t e stoc" e3c ange an! critical infrastructure suc as po#er, transportation an! communications gri!s in mo!ern/ !ay cities are patc e! into cyberspace, massive avoc is only a matter of ability an! e3ecution) ,ontemporary #eapons systems are also increasingly ot#ire! into ig ly integrate! comman!, control, communications, computers an! intelligence net#or"s an! are ence e3pose! to similar vulnerabilities) In more comple3 #artime scenarios, cyber operations coul! aim at !isrupting critical infrastructure simultaneously or near/simultaneously #it actual "inetic offensives) In a!!ition, t ere are a number of issues specifically associate! #it cyber #arfareI

Open Briefing | "

&lt oug imperfect information is a constant in any t eatre of operations -t e :fog of #ar., a surface/to/surface missile for instance can rat er easily be trace! bac" to its origins) ( e cyberspace me!ium on t e ot er an! militates against unambiguous attribution of acts of aggression) In t e absence of certainty, !ecision/ma"ers are oblige! to s ape a response base! only on a suboptimal t res ol! of error) Ao# !oes one t en !etermine t at t res ol!, an! t e correspon!ing yar!stic"s for !ecision/ma"ing, if t ere is no smo"ing gunJ I7 a!!resses, for e3ample, ave become e3tremely flui! an! manipulable, allo#ing an infinite regression of false flag operations) &n alternative is to matc perpetrators against t eir "no#n cyber capabilities, but even t en t is may only ren!er one suspect more probable t an ot ers, not certain)

Because cyberspace by its nature merges t e military #it t e civilian, cyber #arfare li"e#ise fails to !iscriminate bet#een combatants an! civilians) ( is is a !istinction ens rine! in t e 5ourt +eneva ,onvention, # ic as for t e past alf/century lain at t e basis of t e la#s regulating arme! conflict) ( erefore, cyber #arfare clearly necessitates a !istinct international regulatory frame#or") 5urt ermore, it is not al#ays clear, for instance, # et er omelan! cyber !efence s oul! fall #it in t e remit of t e military, !omestic la# enforcement or civilian structures)

(ra!itional security concepts, suc as !eterrence, clearly remain vali! but re4uire fun!amental ret in"ing in cyberspace # ere bor!ers melt a#ay an! t e topograp y of #arfare as been altere!)

,yber connectivity ren!ers entire societies more vulnerable an! e3pose! t an ever) 2 en couple! #it t e problem of attribution, t is re4uires an e3tremely robust !efensive posture first an! foremost)

&s it stan!s, t e "ey a!vantage t at in eres #it in a cyber attac" is its plausible !eniability) &ssuming t is consi!eration to be prepon!erant, a battleplan entailing a simultaneous -or near simultaneous. "inetic offensive #ill nee! to be !esigne! !ifferently) ( e 4uestion also follo#s if a cyber offensive can elicit a strictly cyber response, #it out recourse to conventional "inetic means)

7ro%ections
+iven t e increase! sta"es an! t e asymmetric a!vantages associate! #it cyberspace, Iran is highly li$ely to ramp up its online capabilities an! activities, especially for so long as t e stan!off #it 2estern po#ers an! Israel continues) Ao#ever, given its !efence posture, Iran is also highly li$ely to refrain from full/scale cyber offensives, barring retaliation to # at it !eems to be acts of #ar)

Open Briefing | #

Open Briefing is t e #orl!s first intelligence agency for civil society) 2e pro!uce actionable an! pre!ictive intelligence) 2e tell you # at as appene! an! # at is li"ely to appen ne3t) $ost importantly, #e tell you # y) 2e !o t is so t at better informe! citiBens can more effectively engage in peace an! security !ebates an! civil society organisations can ma"e t e rig t a!vocacy c oices) (oget er, #e can t en influence positive !efence, security an! foreign policy !ecisions by our governments) Open Briefing is an innovative an! !ynamic not/for/profit social enterprise) 2e are a uni4ue international collaboration of intelligence, military, la# enforcement, government an! me!ia professionals) &&&!openbriefing!org

Open Briefing | %