An alleged secret US cyber-attack against Iran’s Islamic Revolutionary Guard Corps (IRGC) took place in June 2019, the NYT reported, citing unnamed senior US officials.
The attack allegedly wiped out a “critical database” used to plot operations against oil tankers and degraded Tehran’s ability to covertly target shipping traffic in the Persian Gulf.
Close to two months later, Iran is allegedly still attempting to recover some of the information lost after the June 20th attack and is even struggling with restarting some of the computers, according to the anonymous NYT sources.
The June 20th as a date is of significance, since that is specifically when the IRGC shot down a US RQ-4A Global Hawk BAMS-D spy drone with a surface-to-air missile.
Initially, according to some reports US President Donald Trump ordered a strike on Iranian targets, but then called it off and instead a cyber attack commenced, which according to Iran achieved nothing since it was all firewalled.
According to the NYT, the White House saw the cyberattack as a more proportional response than airstrikes to the downing of the US drone by Iran.
Brandon Valeriano, a cybersecurity expert and the chair of military innovation at Marine Corps University was cited by Business Insider saying that the reported operation was “deescalatory, in that it was a step taken to give us options outside of war.”
“It was an option to move us away from conventional strikes,” Valeriano added. “It’s a response that doesn’t raise the risk of war.”
Norman Roule, a former senior intelligence official, cited by the NYT said that the US cyber ops are targeted changing Iran’s behavior without leading to a broader conflict or being sufficient cause to prompt a retaliation. They were perfect for such an occasion, since they are seldom announced publicly, he said.
“You need to ensure your adversary understands one message: The United States has enormous capabilities which they can never hope to match, and it would be best for all concerned if they simply stopped their offending actions,” Roule said.
Of course, cyber operations also have their weakness, most of them can only be used once, since the target can rectify the backdoor used to access the system and cause damage.
“Iran is a sophisticated actor. They will look at what happened,” said Mark Quantock, a retired major general, who served as intelligence chief at US CENTCOM.
“Russia, China, Iran and even North Korea would all be able to see how they were penetrated.”
It also “shuts off the tap” on intelligence that US operatives are allegedly collecting, by way of the mentioned backdoor.
Military and intelligence agencies always weigh the costs of a cyberoperation and the risks of lost information ahead of a strike, according to former officials refered by the NYT. Some intelligence officials have long considered opting out of aggressive cyber operations, due to potentially losing a way of gathering critical information on adversaries and competitors.
“It can take a long time to obtain access, and that access is burned when you go into the system and delete something,” said Gary Brown, a professor at the National Defense University and former legal counsel for Cyber Command. “But on the same token, you cannot just use that as an excuse not to act. You can’t just stockpile access and never use it.”
Taking into account that despite the US claims, Iran is in fact successfully projecting power across the Persian Gulf region, the NYT report is likely just another US attempt to ‘save face’ after the tactical defeat in the ongoing standoff.
MORE ON THE TOPIC: