By: Ben Schaefer, Columnist
Photo credit: United States Department of State
In 2015, the P5+1 and Iran signed the Joint Comprehensive Plan of Action (JCPOA), which intended to curb Iran’s nuclear ambitions.[i] The agreement inflamed passions on both sides of the United States political divide. Republicans in Congress insisted that the JCPOA deal would allow Iran to obtain a nuclear weapon in the near future, while Democrats claimed the deal would increase the chances of curbing Iran’s nuclear ambitions by offering Iran a seat at the diplomatic negotiation table.[ii] On May 8, 2018, over two years after signing the JCPOA, President Donald Trump formally withdrew the United States from the deal, stating, “It didn’t bring calm, it didn’t bring peace, and it never will.”[iii] After a period of relative stability, the president’s actions altered the balance in US-Iranian relations.
While US policymakers debated the merit of the JCPOA since its 2015 inception, international cybersecurity experts noticed an interesting trend occurring in cyberspace.[iv] Soon after the singing of JCPOA, the number of cyberattacks against US interests tied to Iran’s government sharply decreased.[v] Despite the circumstance under which the United States withdrew from the JCPOA, the major question remains: should the United States brace for a renewed cyber offensive from Tehran?
Prior to 2015, Iran was considered a capable if improbable cyberpower. Iran’s foray into the cyberworld was largely inspired by the Stuxnet computer virus that wreaked extensive damage on Tehran’s nuclear ambitions in 2009.[vi] Stuxnet not only demonstrated the damage that could be inflicted through cyber weapons, but it showed Tehran that in order to compete in the modern digital era, Iran would need to develop both offensive and defense cyber capabilities to gain legitimacy.[vii]
In the years following Stuxnet, Iran’s economy was damaged by international sanctions, complicating technological development in both the public and private sector.[viii] American policymakers reasoned that sanctions could inhibit Tehran from developing an effective cyberforce capable of causing major damage to the public or private entities in the United States.[ix] In response, Iran developed a diffuse network of government affiliated hacking teams who used servers located outside Iran’s borders to accomplish sophisticated attacks.[x] Iran showed that it would innovatively overcome sanctions by creating a cyberforce that leveraged access to infrastructure outside of its borders.[xi]
Over the years, Iran has clearly shown the capability as well as intent to conduct cyberattacks and acts of espionage against the United States within the financial, energy, and government sector. A 2016 Department of Justice indictment indicated that between 2011 and 2013, Iranian hackers tied to the Islamic Revolutionary Guard Corps conducted several devastating attacks against the US financial sector which cost millions of dollars in remediation.[xii] Additionally, Iranian hackers took digital control of a dam in upstate New York; however, due to a technical issue within the dam’s operating system, the hackers were unable to flood a New York City suburb near the dam.[xiii] Further, Iranian hackers not only participated in offensive attacks, they also appeared to participate in cyber espionage; reportedly using cyber tools to spy on State Department officials amidst the JCPOA negotiations in 2015.[xiv]
Despite Iran’s surge in cyber espionage in the summer leading up to the JCPOA’s signing, attacks by Iranian government hackers sharply decreased soon after. This may indicate that Iran’s government was keenly aware that continued cyberattacks might have soured the negotiations.[xv] After October of 2015, Iranian cyberattacks resumed but with far less frequency than before the JCPOA negotiations.[xvi] This trend could be indicative of the importance Iran placed on JCPOA’s success, as signing the JCPOA placed Iran at the negotiating table with the world’s major geopolitical powers, the P5+1. The agreement also provided economic reprieve to Iranian society, which may have provided additional incentivize for Tehran to reduce its harassment against foreign adversaries. Finally, the agreement gave Iran the ability to continue to produce nuclear energy, thus boosting Tehran’s competitiveness in the global energy industry. For these reasons, Iran had a vested interest in the JCPOA’s success and would likely to not risk damaging the agreement through malicious cyber activities. However, does the 2018 American withdraw from the JCPOA change the calculus on whether the United States should now brace for a renewed cyber offensive from Tehran?
There appears to be more than just hearsay evidence indicating the JCPOA was beneficial for curbing Tehran’s cyberattacks against the US, regardless of its effectiveness on Iran’s nuclear arsenal. Since signing the agreement, Iran has had ample opportunities to observe and learn from other nations’ cyberattacks, as well as honing its hackers’ skills against regional adversaries.[xvii] Without the JCPOA, and particularly if targeted sanctions are renewed against Iran, the United States should expect to see a marked increase of cyberattacks emanating from hackers owing loyalty to the Islamic Republic of Iran. In cyberspace, as in war, all actions have consequences, and the enemy always gets a vote.
[i] William A. Gallston, “On Iran, public opinion reveals a supportive and skeptical America,” Brookings, March 31, 2015, https://www.brookings.edu/blog/fixgov/2015/03/31/on-iran-public-opinion-reveals-a-supportive-and-skeptical-america/.
[ii] Parisa Hafezi, Louis Charbonneau, John Irish, Arshad Mohammed, “Iran deal reached, Obama hails step towards ‘more hopeful world,’” Reuters, July 13, 2015, https://www.reuters.com/article/us-iran-nuclear/iran-deal-reached-obama-hails-step-towards-more-hopeful-world-idUSKCN0PM0CE20150714.
[iii] Mark Landler, “Trump Abandons Iran Nuclear Deal He Long Scorned,” The New York Times, May 8, 2018, https://www.nytimes.com/2018/05/08/world/middleeast/trump-iran-nuclear-deal.html.
[iv] Andy Greenberg, “The Iran Nuclear Deal’s Unraveling Raises Fears of Cyberattacks,” Wired, May 9, 2018, https://www.wired.com/story/iran-nuclear-deal-cyberattacks/.
[vi] Kim Zetter, “An Unprecedented Look at Stuxnet, the World’s First Digital Weapon,” Wired, November 3, 2014, https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.
[vii] Greenberg, “The Iran Nuclear Deal’s Unraveling Raises Fears of Cyberattacks.”
[viii] Emily Burlinghaus, “The Electronic Republic: How Sanctions Could Damage Iran’s Startup Scene,” Foreign Affairs, October 31, 2017, https://www.foreignaffairs.com/articles/iran/2017-10-31/electronic-republic; Dr. Hassan Hakimian (interviewee) and Toni Johnson (interviewer), “How Sanctions Affect Iran’s Economy,” The council on Foreign Relations, May 22, 2012, https://www.cfr.org/interview/how-sanctions-affect-irans-economy.
[ix] U.S. Congress, House, Iran Cyber Sanctions Act of 2016, H.R.5222, 114th Cong., 2nd Session, introduced in House May 12, 2016, https://www.congress.gov/bill/114th-congress/house-bill/5222/text?format=txt.
[x] Collin Anderson and Karim Sadjadpour, “Iran’s Cyber Threat: Espionage, Sabotage, and Revenge,” the Carnegie Endowment for International Peace, January 4, 2018, https://carnegieendowment.org/2018/01/04/iran-s-cyber-threat-espionage-sabotage-and-revenge-pub-75134, 54.
[xi] Anderson and Sadjadpour, “Iran’s Cyber Threat,” 3.
[xii] “Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector,” Department of Justice, Office of Public Affairs, March 24, 2016, https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged.
[xiv] David E. Sanger and Nicole Perlroth, “Iranian Hackers Attack State Dept. via Social Media Accounts,” The New York Times, November 24, 2015, https://www.nytimes.com/2015/11/25/world/middleeast/iran-hackers-cyberespionage-state-department-social-media.html.
[xvii] Greenberg, “The Iran Nuclear Deal’s Unraveling Raises Fears of Cyberattacks.”