Pandora’s Box of cyber warfare was opened when the United States and Israel initiated the Stuxnet attack on Iranian nuclear infrastructure in the summer of 2010. In response, Iran hit back by attacking the computer systems of Bank of America and Saudi Aramco—affecting around seventy-five percent of the latter corporation’s computer systems.
Tensions subsided with a rapprochement between the two sides, ultimately culminating in the signing of the Joint Comprehensive Plan of Action (JCPOA) in 2015. Those days are gone—now, the remaining “adult in the room” is the walrus-mustached U.S. National Security Advisor John Bolton, who has publicly threatened Iranian Supreme Leader Ayatollah Khamenei may not have many more anniversaries to celebrate.
Michael Morford, a former U.S. Army captain, and a Security Fellow at the Truman National Security Project has warned that it appears the so-called neoconservatives in Washington are attempting to steer the U.S. towards another war in the Middle East—this time with Iran. If this assumption is valid, the Trump administration will need to garner public support by presenting a case ostensibly justifying the use of military force. The Trump administration could follow a strategy similar to the one employed by the Bush administration before the U.S. invasion of Iraq: forcefully presenting a narrative that Iran constitutes a significant threat to U.S. national security.
In 2003, members of the Bush administration were pushing the narrative that Iraq had weapons of mass destruction. In creating a pretext for military action against Iran, the Trump administration could argue that kinetic military action is warranted in response to an Iranian cyber attack. Such a scenario would set a dangerous precedent but would be a fitting pretext for a major U.S. military operation in the Middle East. Some recent incidents have made such an outcome all the more likely and should, therefore, be addressed.
Missile sabotage claims answered by drone hack footage release
After two unsuccessful satellite lunches—the first on January 15 and then on February 5—assumptions were made by U.S. media outlets that a secret satellite-launch sabotage operation started in the second Bush administration had been revived.
However, Iranian officials have rejected these claims, and Iran’s semi-official Fars News Agency released footage of what it claimed were U.S. drones in Iraq that were hacked by Iranian proxies, ostensibly in response to the allegedly sabotaged satellite launches. Iranian officials declared the rocket suffered a third-stage failure, and the U.S. Operation Inherent Resolve (OIR) declined to comment on the alleged drone hack.
The Citrix breach
Recently, an Iranian-linked hacking group known as Iridium was reported to have targeted one of the largest U.S. government software contractors and stole anywhere from six to ten terabytes of data. Iridium is also believed to have been behind hacks into the Australian and British Parliaments in 2017.
Particularly concerning is the recent Citrix cyber attack could be the first in a series of operations. “It’s possible that adversaries could gain insights into the company’s network configuration and the defenses of the government agencies,” said Suzanne Spaulding, a former senior official at the Department of Homeland Security, “and that would make hacking those government agencies easier.”
A history no one wants to repeat
As he was making a case for war against Iraq at the UN Security Council in 2003, then-Secretary of State Colin Powell held up a model vial of anthrax. Shortly after that, “Operation Iraqi Freedom” began, initiating a series of events that would leave hundreds of thousands of Iraqis dead, trillions of dollars wasted, the destruction of much Iraq’s infrastructure, and the eventual formation of ISIS (Daesh). History can repeat itself; however, rather than citing the possession of weapons of mass destruction (WMDs), the next Middle East conflict could originate in cyberspace.
In the 2018 Nuclear Posture Review (NPR), the U.S. states that it will consider a nuclear strike in response to a major non-nuclear strategic attack. The NPR defines a “major non-nuclear strategic attack” as including—but not limited to—”attacks on the U.S., allied, or partner civilian population or infrastructure, and attacks on U.S. or allied nuclear forces, their command and control, or warning and attack assessment capabilities.”
Infrastructure, command and control capabilities, along with warning and attack assessment capabilities, could all be hampered through cyber attacks. Although it is a highly remote possibility that the U.S. would use nuclear weapons in response to a cyber attack—given the strength of its conventional forces—a cyber attack could be used by the White House as justification for the use of force against Iran, with a U.S. diplomat referring to a flash memory drive instead of anthrax.
Even if a major Iranian cyber attack (real or imagined) isn’t enough to initiate a major conflict, there is always the risk of inadvertent or accidental escalation between the two countries, and between Iran and its regional rivals. Furthermore, when one takes into account the proliferating social media disinformation and misinformation campaigns throughout the Middle East that fan the flames of war, the highly risky cyber game currently being played by the U.S. and Iran can’t be overestimated.