The United States, on Nov. 5, implemented sanctions against Iran, where the U.S. Treasury Department explained as the largest ever single-day action targeting the Iranian regime. While the sanctions were seemingly targeting Iran’s growing nuclear program, the FDD (Foundation for Defense of Democracies), a think tank which waver between nonpartisan, hawkish, and neoconservative in terms of its political leanings, argued in a report published Tuesday that the U.S. should be concerned about the Cybersecurity implications of the new sanctions.
In the report, FDD indicated a 2016 study from MalCrawler, a computer security firm, which studied the actions and efforts to weigh the intentions of malicious cyber operators in various countries. The report described that Iran has a lack of conventional forms of military, geopolitical power, and economic system, so it uses asymmetric capabilities to wage war against the U.S. and its allies. As its asymmetric capabilities toolbox has previously included taking hostages, sponsoring terrorist activities, and overseas assassinations, the foundation argued that Iran has added cyber-enabled economic warfare to its toolbox. Iran has already responsible for data theft and extortion against HBO, Shamoon 2 (destructive malware against Saudi government ministries and companies), APT33 (cyber penetration and trade secret theft against a U.S. aerospace company, Saudi aviation conglomerates, and a South Korean petrochemical company), and APT Leafminer (cyber infiltration against governments and businesses in the Middle East), and other attacks.
As the report described that the sanctions threaten to further destabilize an economy whose currency is already in free fall and appears headed for a deep recession. As their economy deteriorates, FDD anticipated that the nation, which is already inclined to aggressive and destructive cyber activities, may become far more hostile online. While this seems to be an awful warning, the report provided recommendations to U.S leaders to counter Iranian Cyber behavior.
The report said that to counter the Islamic Republic’s malicious cyber activity, Washington must be prepared to impose significant costs on the leadership in Tehran and to use cyber and kinetic means to hold at risk the Islamic Republic’s most valuable assets. At the same time, Washington must work with its allies and the private sector to strengthen defenses so that Iranian operations are less likely to succeed. The report also added that as the Islamic Republic’s capabilities do not match those of China and Russia, its cyber capabilities are hazardous to U.S. national security and rapidly maturing.
In the end, the report argued that while Iran doesn’t have the cyber capabilities of China, Russia, or North Korea, Tehran is willing to take greater risks and cause greater destruction. If U.S. lawmakers begin to commence more robust defensive initiatives with allies and the private sector and simultaneously prepare cyber and kinetic countermeasures, Washington may well thwart a more devastating cyber battle in the future.