Commentary: Will Iran consider cyberattacks to retaliate against Soleimani's killing?

Commentary: Will Iran consider cyberattacks to retaliate against Soleimani's killing?

Although Tehran has built a credible cyber arsenal, its use in this case is limited, says Chris Meserole.

Iran hackers
According to security experts, Iranian hacking groups have graduated from conventional distributed denial of service (DDoS) and domain name system (DNS) attacks to more sophisticated operations against critical infrastructure and industrial control systems. (AFP/Philippe HUGUEN)

WASHINGTON: In 2007, a computer virus crippled centrifuges at Iran’s uranium enrichment facility in Natanz, setting back its nuclear program by years.

The Stuxnet attack — not uncovered until a few years later — taught the revolutionary regime in Tehran a valuable lesson about how effective cyber weapons can be, prompting Tehran to invest heavily in cyber capabilities of its own.

The results speak for themselves: Iranian hacking groups have graduated from conventional distributed denial of service (DDoS) and domain name system (DNS) attacks to more sophisticated operations against critical infrastructure and industrial control systems.

TEHRAN’S CYBER ARSENAL

In the wake of Qasem Soleimani’s killing last week, the question of how Iran aims to use its cyber arsenal has acquired a newfound urgency.

READ: Commentary: Why Trump just may win big from killing Soleimani

Tehran will need to respond forcefully to Friday’s attack, as well as related recent strikes. Iran’s cyber weaponry would seem to offer a ready-made option for high-impact, low-cost retaliation, as Iran’s national security chiefs have apparently recognised.

Yet fears of a devastating Iranian cyberattack are premature. The coming days and weeks will almost certainly bring an uptick in Iranian activity, as always happens when the two countries are engaged in brinksmanship.

But it would be surprising if Tehran’s promised retaliation leveraged cyber operations alone.

READ: Commentary: The 2010s – when tolerance and pluralism came under attack

Consider Iran’s three further options going forward: A response that escalates the conflict further, a strike that maintains the status quo, and an attack that “saves face” while de-escalating the conflict. In each case, cyber weapons would not be able to signal Iran’s preference effectively.

OPTION 1: ESCALATION

Iran repeatedly escalated its shadow war with the US last year, first by downing an American drone over the Strait of Hormuz and then by striking oil fields in Saudi Arabia.

The purported wreckage of the American drone is seen displayed by the Islamic Revolution Guards Cor
The purported wreckage of the American drone is seen displayed by the Islamic Revolution Guards Corps (IRGC) in Tehran, Iran June 21, 2019. Tasnim News Agency/Handout via REUTERS

If Iran wants to escalate again, it will need to carry out an operation even more consequential than Soleimani’s killing or either of those attacks.

For all their sophistication, Iran’s APT33 and other hacking groups have yet to demonstrate that they can inflict sufficient damage — such as a “digital 9/11” that shuts down power grids nationwide — to dramatically escalate the conflict from here.

READ: Commentary: Why Soleimani assassination risks all-out war between the US and Iran

READ: Iran fires missiles at US troop bases in Iraq

If Iran wants to escalate, a major military attack or even outright war is the most likely path forward.

OPTION 2: STATUS QUO

Now that the Soleimani killing has brought Iran and the US to the brink of war, Tehran may decide it wants to stay there.

In that case, Iran will need to respond in a way that signals it does not seek war but has no interest in backing down either.

Ironically, the revolutionary regime is more aware than anyone of how poorly suited cyber operations are for that task.

If cyberattacks worked well as a non-escalatory deterrent, Soleimani would likely still be alive: In response to the drone downing and Saudi oil field attacks last summer, the US launched major cyber operations designed to prevent further escalations like the recent embassy breach.

A woman holds a picture of Iranian Major-General Qassem Soleimani, who was killed in a airstrike ne
A woman holds a picture of Iranian Major-General Qassem Soleimani, who was killed in a airstrike near Baghdad, during a condolence ceremony outside the Embassy of Iran in Kuala Lumpur, Malaysia, January 7, 2020. REUTERS/Lim Huey Teng

That Soleimani escalated the conflict even after massive US cyber operations suggests they have limited value as a strategic deterrent.

READ: Commentary: The end of the decade – how the world has become a less safe place

If Tehran wants to match but not exceed the Pentagon’s latest show of force, it knows all too well that cyber operations alone won’t be enough.

OPTION 3: DE-ESCALATION

Finally, although it seems unlikely, Iran’s revolutionary regime may seek de-escalation. With America’s key European allies urging restraint — and a Saudi delegation in Washington to do the same — Tehran may decide it has more to gain through discretion than bellicosity, particularly in the short run.

Yet if Iran opts to de-escalate, it will need to respond in a way that signals to its allies and adversaries strength, and to the Trump administration acquiescence.

READ: Commentary: The thorny challenge of justifying strike on Soleimani

Cyberattacks are one way of doing that, but in this case they will be insufficient: Soleimani was too public a figure, and the weight of his office too solemn, for his killing not to warrant a further public response.

Iranian people celebrate in the street after Iran launched missiles at U.S.-led forces in Iraq, in
Iranian people celebrate in the street after Iran launched missiles at U.S.-led forces in Iraq, in Tehran. (File photo: Reuters)

Even if Iran seeks to de-escalate from here, it’s unlikely to resort to cyberattacks in doing so.

None of this is to suggest that Iran’s cyber capabilities will go unused altogether. As my colleague Suzanne Maloney has noted, Iran is likely to take some time to evaluate its options — and in the interim, it will want a low-cost way of probing for vulnerabilities while signalling to the White House that it fully appreciates the seriousness of what has just taken place.

Cyber operations are ideally suited for such a task.

The US and its allies would do well to prepare for heightened cyber activity from Iran. But they would do better to prepare for military force more.

Chris Meserole is a fellow in Foreign Policy at the Brookings Institution and deputy director of the Brookings Artificial Intelligence and Emerging Technology Initiative. He is also an adjunct professor at Georgetown University. This commentary first appeared in the Brookings Institution’s blog Order from Chaos.

Source: CNA/ml

Bookmark