PerspectiveIran Spent Years Building a Cyber Arsenal. Will It Unleash That Arsenal Now?

Published 8 January 2020

In 2007, a computer virus crippled centrifuges at Iran’s uranium enrichment facility in Natanz, setting back its nuclear program by years. Chris Meserole writes that the Stuxnet attack—not uncovered until a few years later—taught the revolutionary regime in Tehran a valuable lesson about how effective cyber weapons can be, prompting Tehran to invest heavily in cyber capabilities of its own. “The results speak for themselves: Iranian hacking groups have graduated from conventional distributed denial of service (DDoS) and domain name system (DNS) attacks to more sophisticated operations against critical infrastructure and industrial control systems,” he writes.

In 2007, a computer virus crippled centrifuges at Iran’s uranium enrichment facility in Natanz, setting back its nuclear program by years. Chris Meserole writes in Lawfare that the Stuxnet attack—not uncovered until a few years later—taught the revolutionary regime in Tehran a valuable lesson about how effective cyber weapons can be, prompting Tehran to invest heavily in cyber capabilities of its own. “The results speak for themselves: Iranian hacking groups have graduated from conventional distributed denial of service (DDoS) and domain name system (DNS) attacks to more sophisticated operations against critical infrastructure and industrial control systems,” Meserole writes, adding:

In the wake of Qassem Soleimani’s killing last week, the question of how Iran aims to use its cyber arsenal has acquired a newfound urgency. Tehran will need to respond forcefully to Friday’s attack, as well as related recent strikes. Iran’s cyber weaponry would seem to offer a ready-made option for high-impact, low-cost retaliation, as Iran’s national security chiefs have apparently recognized.

Yet fears of a devastating Iranian cyberattack are premature. The coming days and weeks will almost certainly bring an uptick in Iranian activity, as always happens when the two countries are engaged in brinksmanship. But it would be surprising if Tehran’s promised retaliation leveraged cyber operations alone.

Consider Iran’s three options going forward: a response that escalates the conflict further, a strike that maintains the status quo, and an attack that “saves face” while de-escalating the conflict. In each case, cyber weapons would not be able to signal Iran’s preference effectively.

As Suzanne Maloney has noted, Iran is likely to take some time to evaluate its options — and in the interim, it will want a low-cost way of probing for vulnerabilities while signaling to the White House that it fully appreciates the seriousness of what has just taken place. Cyber operations are ideally suited for such a task.

“The U.S. and its allies would do well to prepare for heightened cyber activity from Iran. But they would do better to prepare for military force more” Meserole concludes.