Cyber operationsNew document details U.S.-Iran cyber tit-for-tat

Published 24 February 2015

Just as U.S. Secretary of State John Kerry and his Iranian counterpart discuss plans to ensure Iran does not weaponized its nuclear program, a newly disclosed National Security Agency (NSA) document details the intensifications of cyber skirmishes between the two countries. While the document does not describe the specific targets in Iran, it acknowledges, for the first time, that the NSA’s attacks on Iran’s nuclear program, a George W. Bush administration project, initiated the cycle of retaliation and escalation of the U.S.-Iran cyber conflict.

Just as U.S. Secretary of State John Kerry and his Iranian counterpart discuss plans to ensure Iran does not weaponized its nuclear program, a newly disclosed National Security Agency (NSA) document details the intensifications of cyber skirmishes between the two countries. The document, first reported this month by the Intercept, was written in April 2013 for Gen. Keith B. Alexander, then the NSA director. It describes how Iranian officials had found evidence in 2012 that the United States was preparing computer surveillance or cyberattacks on Iranian networks.

According to theNew York Times, the document also details the U.S. and U.K. cooperation in containing the damage from “Iran’s discovery of computer network exploitation tools” — the building blocks of cyberweapons. This discovery came more than two years after the Stuxnet worm, released by the United States and Israel, damaged computer networks at Iran’s uranium enrichment plant.

While the document does not describe the specific targets in Iran, it acknowledges, for the first time, that the NSA’s attacks on Iran’s nuclear program, a George W. Bush administration project, initiated the cycle of retaliation and escalation of the U.S.-Iran cyber conflict. “Iran continues to conduct distributed denial-of-service (DDOS) attacks against numerous U.S. financial institutions, and is currently in the third phase of a series of such attacks that began in August 2012,” the document reads. “SIGINT (intelligence derived from electronic signals and systems used by foreign targets, such as communications systems) indicates that these attacks are in retaliation to Western activities against Iran’s nuclear sector and that senior officials in the Iranian government are aware of these attacks.”

Even as nuclear negotiations play out between the two countries, hostilities continue in cyberspace. “The potential cost of using nuclear weapons was so high that no one felt they could afford to use them,” said David J. Rothkopf, CEO of The FP Group, adding that but the cost of using cyberweapons is so low that, “we seem to feel we can’t afford not to use them” and that “many may feel they can’t afford ever to stop.”

Adm. Michael S. Rogers, the NSA’s new director, has declared that his agency would deter attacks against the United States by making it costly for countries like Russia, China, and Iran to wage cyberwar, but a former senior intelligence official who reviewed the two-page document said it provided “more evidence of how far behind we are in figuring out how to deter attacks, and how to retaliate when we figured out who was behind them.”

The document also identifies Iran as responsible for the “destructive cyberattack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers.” That attack, the document suggests, was in response to “a similar cyberattack” on Iran’s oil industry earlier that year, though it does not mention who launched that attack.