Last week Business Insider reported on Iran’s growing cyberwar capabilities, noting that Tehran can now field a sophisticated cyber army that is capable of targeting key global critical information infrastructure.
“Iran was once considered a D-grade cyber threat. Now it’s almost on the same level as Russia or China,” an expert assessed, “five years ago, I would have never imagined Iran to be where they are today,” he further emphasized.
“In 10 years time, Iran’s cyber capabilities will be more troubling than its nuclear program,” an alarmed Ian Bremmer, president of the Eurasia Group, tweeted, according to Business Insider.
Additionally, back in November 2014, the cybersecurity expert, Dmitri Alperovitch, cautioned that, “out of any country on the planet, I can’t think of a country that has been more focused than Iran from the high levels of government on cyber, and that includes the United States.”
One indication that the concerns of observers are not entirely unfounded is Tehran’s substantially increase in spending on cybersecurity. A February 2015 report on Iran’s internet infrastructure notes:
“One of the most striking spending trends of the last three years is the dramatic increase in cyber security funding. When Rouhani took office, the funding allocation for cyber security was 42,073 million IRR. The following year, it shot up to 178,800 million IRR. It currently stands at a whopping 550,000 million IRR, an increase of over 1200% in just three years.”
The Islamic Revolutionary Guard Corps (IRGC) alone has now an annual cybersecurity budget of approximately $19.8 million.
Also, Russia is actively helping Iran boost its cyberwar capabilities, which is one explanation for the increased sophistication of Iranian operations in cyberspace. U.S. intelligence agencies have known for years that Russia is a much more capable adversary in cyberspace than China and that Moscow employs more sophisticated and stealthier cyberattack methods (see “Russia Tops China as Principal Cyber Threat to US”).
However, Iranian hackers are also learning from their principal adversary, the United States, as I have written back in February (see “Iran and the United States Locked in Cyber Combat”). A leaked N.S.A. memo summarized:
“Iran’s destructive cyberattack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary. Iran, having been a victim of a similar cyberattack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others.”
The memo also noted:
“NSA expects Iran will continue this series of attacks, which it views as successful, while striving for increased effectiveness by adapting its tactics and techniques to circumvent victim mitigation attempts.”
Yet, is the Iranian cyber threat inflated?
For one thing, sophisticated strikes on Western critical information structures such as SCADA (supervisory control and data acquisition) systems that monitor and control power grids are hard to pull off, since they demand sophisticated knowledge (e.g., massive troves of intelligence), require layers of resources and are difficult to coordinate. It is far from certain that Iran has the necessary expertise to do so just yet.
One expert concludes:
“Iran, as a cyber adversary, is both less capable and more bellicose than China. The Iranian economy, unlike China’s, is largely divorced from that of the United States. And Iran was the only nation to actually suffer a catastrophic cyber attack, for which it blames Israel and the U.S. As a result of these and other factors, Iran may have more of a will for cyber-mayhem even if it lacks the most dangerous tools (…) In this way, Iran is the perfect cyber adversary for Washington’s hawks to rattle sabers against, and the rattling is becoming more frequent.”