Iran’s growing cyber threat

· Through technical forensics of cyber attacks, researchers documenting these campaigns can provide a unique window into the worldview and capabilities of Iran’s security services and how it responds to a rapidly changing technological and geopolitical environment.

U.S. responses going forward

· While Iran does not have a public strategic policy with respect to cyberspace, its history demonstrates a rationale for when and why it will engage in attacks. Iran uses its capabilities in response to domestic and international events. As conflict between Tehran and Washington subsided after the 2015 nuclear deal, so too did the cycle of disruptive attacks. However, Iran’s decision-making process is obscured, and its cyber capabilities are not controlled by the presidency, as evident in cases of intragovernmental hacking.

· The United States is reliant on an inadequately guarded cyberspace and should anticipate that future conflicts, online or offline, could trigger cyberattacks on U.S. infrastructure. The first priority should be to extend efforts to protect infrastructure and the public, including increased collaboration with regional partners and nongovernmental organizations targeted by Iran.

·  Narrowly targeted sanctions could be used to deter foreign countries or other actors from providing assistance to Iranian offensive cyber operations. Such restrictions should still prioritize allowing Iranian society wide access to the internet and information technologies, to mitigate the regime’s ability to control information and communications.

· The United States has pursued a name and shame strategy against Iranian threat actors, and should continue to do so. The Justice Department has issued indictments against Iranians implicated in disruptive campaigns and has successfully obtained the extradition from a third country of a hacker involved in the theft of military secrets. Because of the small operational footprint of the groups, targeted sanctions or legal proceedings are more symbolic than disruptive. These indictments may at least chill participation by talented individuals who wish to travel or emigrate.

· Iran continues to pursue its interests through cyber operations, engaging in attacks against its regional opponents and espionage against other foreign governments. A better understanding of the history and strategic rationale of Iran’s cyber activities is critical to assessing Washington’s broader cyberwarfare posture against adversaries, and prudent U.S. responses to future cyber threats from Iran and elsewhere.

— Read more in Collin Anderson and Karim Sadjadpour, Iran’s Cyber Threat: Espionage, Sabotage, and Revenge (Carnegie Endowment, 4 January 2018)