Developments in Iranian Cyber Warfare, 2013-2014
INSS Insight No. 536, April 3, 2014
Gabi Siboni, Sami Kronenfeld
http://www.inss.org.il/index.aspx?id=4538&articleid=6809
SUMMARY: Over the course of 2013, Iran became one of the most active players
in the international cyber arena. Iran’s progress can be attributed to a
combination of two elements: a certain easing of the restraints on offensive
activity in cyberspace by Iranian decision makers, and a qualitative leap by
the Iranian cyber warfare system. The rapid development of Iran’s cyber
warfare capability means that Israel and other Western countries must work
decisively and systematically to maintain qualitative and operational
superiority in cyberspace. The importance of cyberspace for Israel’s
security concept and the urgency of creating a “digital Iron Dome” were well
expressed by IDF Chief of Staff Lt. Gen. Benny Gantz: “Israel must be on a
superpower level in cyberspace…we must not wait with this.”
.
In early 2013, a senior official from the cyber security company CrowdStrike
described Iran as a “third tier” country in terms of its cyber capabilities,
and estimated that they lagged significantly behind the capabilities of
leading countries such as the United States, Russia, Great Britain, and
China. The perception was that Iran had the ability to be a nuisance to
Western information security systems, but that it lacked the knowledge and
means to carry out a strategic cyber attack. These assumptions largely
dissolved over the course of 2013, when Iran became one of the most active
players in the international cyber arena. Iran’s progress can be attributed
to a combination of two elements: a certain easing of the restraints on
offensive activity in cyberspace by Iranian decision makers, and a
qualitative leap by the Iranian cyber warfare system. This major advance by
Iran has surprised many Western experts in terms of its scope, its
professional sophistication, and the ambitious choice of targets.
The Defense Concept: Cutting Iran Off from the World
From its past experience with events such as the Stuxnet virus and the
post-election riots in June 2009, Iran learned the importance of an
effective cyber defense system and effective control of the internet. To
this end, Iran has worked on three main tracks to create a multi-dimensional
cyber-defense system: (1) creating a defense envelope against cyber attacks
on critical infrastructures and sensitive information; (2) neutralizing
cyber operations by opposition elements and regime opponents; 3) keeping
Western ideas and content, which could contribute to the development of a
“soft revolution” that would harm the stability of the regime, out of
Iranian cyberspace.
Each of these three tracks in the Iranian cyber defense system underwent a
significant upgrade during 2013, mainly as a result of the maturation of
organizational technologies and systems. First, Iran has introduced an
isolated domestic intranet that gives it close control over content in
cyberspace within the country. Second, Iran has invested in developing
technologies and cyber defense mechanisms locally in order to reduce its
dependence on foreign products that could be Trojan horses. In addition, the
Iranian regime has increased physical enforcement against regime opponents
who are active online, mainly through aggressive use of the cyber police.
Furthermore, the Iranian cyber authorities have instituted a routine of
training, exercises, and inspections among the country’s security and
civilian institutions. The impact of these measures was reflected during the
elections in June 2013, when the Iranian cyber system worked efficiently and
largely succeeded in controlling the discourse on the domestic internet and
monitoring subversive activity.
It appears that as of today, the Iranian cyber defense system still has a
long way to go in coping effectively and consistently with highly
sophisticated cyber attacks such as Stuxnet. But Iran’s technological and
organizational leap in the past year indicates that the Iranians could
formulate a comprehensive and effective defense system sooner than
anticipated.
The Offense Dimension: Seeking “High Quality” Attacks
The Islamic Republic sees the cyber arena as an effective offensive platform
enabling it to cause harm to adversaries with clear military superiority,
and at the same time, maintain a margin of denial that will prevent
international censure or even sanctions and a counter attack. During 2013,
cyber warfare became a key tool used by Iran to attack Western targets in
response to the sanctions and as a means of deterring escalation by Western
countries against Iran. The scope, targets, and relative success of those
cyber attacks of the past year ascribed to Iran show its improved
capabilities. Western sources attribute the progress in Iran’s cyber warfare
program to its success in combining the capabilities, knowledge, and
manpower in Iranian computer science departments with the experience and
capabilities of the Iranian hacker community, much of which identifies with
the regime and its goals. Furthermore, the increasingly close ties between
the Iranian cyber system and cyber criminals, hackers, and information
security experts, mainly Russians, who are prepared to sell their services
for money, contribute to the rapid progress in Iran’s cyber warfare program.
In addition to reinforcing its own cyber system, Iran is working to expand
and strengthen the cyber warfare capabilities of its allies. It appears that
the Iranians are seeking to create an effective system of proxies that work
for them in cyberspace. One of the centers of this Iranian activity is in
Syria, where Iran is supporting the Syrian Electronic Army (SEA), a hackers
organization that is an increasingly important player in cyberspace.
The progress in Iranian cyber warfare capabilities can be seen in a number
of attacks that occurred in the second half of 2012 and during 2013. These
attacks made use of sophisticated techniques, had high quality targets, and
were wider in scope than previous Iranian attacks. Among the most prominent
of these was the large scale attack on websites of major banks and financial
institutions in the United States, which one information security expert
described as unprecedented in scope and effectiveness. Another wave of
attacks blamed on Iran focused on US energy and infrastructure companies and
involved attacks on control systems that could have harmed their physical
operation or the safety measures for critical infrastructures such as gas
and oil conducting systems and electrical systems. In the past year,
Iranian-affiliated elements have also taken responsibility for cyber attacks
against Israeli institutions, and in June 2013 Prime Minister Benjamin
Netanyahu announced that there had been a significant increase in Iranian
cyber attacks against important computer infrastructures in Israel.
The rapid development of Iran’s cyber warfare capability and that of its
proxies and allies means that Israel and other Western countries must work
decisively and systematically to maintain qualitative and operational
superiority in cyberspace. The importance of cyberspace for Israel’s
security concept and the urgency of creating a “digital Iron Dome” were well
expressed by IDF Chief of Staff Lt. Gen. Benny Gantz: “Israel must be on a
superpower level in cyberspace...we must not wait with this.”
|