Perspective: Cyberattacking IranThe Urgent Search for a Cyber Silver Bullet Against Iran

Published 23 September 2019

After spending billions of dollars to assemble the world’s most potent arsenal of cyberweapons and plant them in networks around the world, United States Cyber Command — and the new era of warfighting it has come to represent — may face a critical test in the coming weeks. To punish Iran for its last month’s attack on Saudi oil facilities, a second U.S. cyberstrike — after one launched against Iran just three months ago — has emerged as the most appealing course of action for President Donald Trump. “The question circulating now through the White House, the Pentagon and Cyber Command’s operations room is whether it is possible to send a strong message of deterrence with a cyberattack without doing so much damage that it would prompt an even larger Iranian counterstrike,” David Sanger and Julian Barnes write, noting that in the past decade, the United States has launched at least three major cyberattacks against Iran. “In each case, the damage to Iranian systems could be repaired over time. And in each case, the effort to deter Iran was at best only partly successful,” they write.

After spending billions of dollars to assemble the world’s most potent arsenal of cyberweapons and plant them in networks around the world, United States Cyber Command — and the new era of warfighting it has come to represent — may face a critical test in the coming weeks.

David E. Sanger and Julian E. Barnes write in the New York Times that President Trump is considering a range of options to punish Iran for this month’sattack on Saudi oil facilities, and has toughened sanctions on Iran and ordered the deployment of additional troops to the region. “But a second cyberstrike — after one launched against Iran just three months ago — has emerged as the most appealing course of action for Mr. Trump, who is reluctant to widen the conflict in a region he has said the United States should leave, according to senior American officials,” Sanger and Barnes write.

But even as the Pentagon considers specific targets — an attempt to shut down Iran’s oil fields and refineries has been one of the “proportionate responses” under review — there is a broader debate taking place inside and outside the administrationover whether a cyberattack alone will be enough to alter Iran’s calculations, and what kind of retaliation a particularly damaging cyberstrike might provoke.

Sanger and Barnes write:

The question circulating now through the White House, the Pentagon and Cyber Command’s operations room is whether it is possible to send a strong message of deterrence with a cyberattack without doing so much damage that it would prompt an even larger Iranian counterstrike.

At least three times over the past decade, the United States has staged major cyberattacks against Iran, intended to halt its nuclear or missile programs, punish the country or send a clear message to its leadership that it should end its support for proxy militant groups.

In each case, the damage to Iranian systems could be repaired over time. And in each case, the effort to deter Iran was at best only partly successful.