Assessing Iran’s Cyber Warfare Capacity
When he presented the new US defense budget Monday Feb 24, Secretary of Defense Chuck Hagel explained that spending and cutbacks were predicated on America’s need to boost spending on cyber warfare technology at the expense of traditional military systems and services.
“We chose further reductions in troop strength and force structure in every military service – active and reserve – in order to sustain our readiness and technological superiority and to protect critical capabilities like special operations forces and cyber resources,” Hagel said
The same day, senior administration officials confirmed to New York Times correspondent David Sanger that President Barack Obama had turned down the option of launching a cyber attack on the Syrian President Bashar Assad and his army, fearing that this still novel form of warfare would invite retaliation in kind by the Syrian army or Assad’s allies in Tehran and Moscow.
For DEBKA Weekly's military and intelligence sources, this episode was a striking illustration of how much President Obama’s military thinking on the use of military means to achieve diplomatic ends has changed in the last five years.
In 2009, Obama approved a US-Israeli cyber attack on Iran. The weapon was the Stuxnet computer virus, which was designed to disable the Siemens Step7 software running on a Windows operating system that controlled Iran's nuclear program.
Today, the US president refuses to approve cyber warfare on Syria, whose own capabilities in this field are far inferior to those of Iran, because he fears that its use will create a precedent for future conflicts.
Harking back to Iran’s downing of the US RQ-170 Sentinel
Some Washington sources say that in avoiding a cyber attack on Syria, even though it would have given him the chance to repair his hesitant image on Syria, Obama was guided by a quite different motive: a secret deal with President Vladimir Putin on their red lines for Syria.
Paralyzing Assad's military capability would generate his ouster from power. Putin has been crystal clear to Obama that this is something he would not tolerate, and would even send Russian forces in to save the Syrian ruler.
Yet a third motive is offered by other Washington sources: Paralyzing the Syrian army, they say, would be a boon for the Islamist terrorists. No one would be left to fight Al Qaeda’s Syrian Nusra Front and Al Qaeda Iraq and Levant-ISIS and prevent them from sweeping to victory in Damascus.
President Obama's long-term strategists add two more considerations:
1. On Dec. 4, 2011, an American Lockheed Martin unmanned aerial vehicle (UAV), the RQ-170 Sentinel, was captured by Iranian forces near the city of Kashmar in northeastern Iran. Tehran claimed the high-tech US drone was intercepted and downed by Iran’s cyber warfare unit, which commandeered the aircraft and brought it to earth intact.
Washington has always officially denied Tehran’s claim, anxious to conceal the most disturbing repercussions of this episode.
Iran and many intelligence experts are of the opinion that the RQ-170 was not captured by Iran but by Chinese cyber war specialists who managed to penetrate the CIA satellite computers which controlled and transmitted instructions to the drone.
Iran’s cyber warfare resources are still unknown terrain
This explanation is supported by the fact that the Iranians have never since downed another American UAV. It suggests that the RQ-170 incident was a one-off feat engineered by a foreign agency to help Iran try out its own capabilities. But without firm information on the case, the administration can’t be sure how much capacity Iran has acquired for retaliating to a potential cyber attack on Syria.
2. The other episode causing alarm in Washington was the successful, four-month penetration by Iranian hackers of the Navy Marine Corps Internet. The intruders monitored the unclassified voice, video, and data communications of the network's 800,000 users world wide, The Wall Street Journal reported. However, the invasion, which left Iranian spy ware prowling through the US system, was deeper, more damaging and more prolonged than previously thought.
The experts took more than four months to try and fix gap, during which they discovered enough security breaches to cause alarm. The hackers had apparently managed to lurk inside the computer system for months after the US Navy believed they were removed.
This invasion was one of Iran’s most successful break-ins to a public Internet system.
Vice Adm. Michael Rogers will no doubt face probing questions on this affair at his confirmation hearings as new Director of the National Security Agency.
As head of Fleet Cyber Command, Rogers comes from the post of head cyber security chief who oversaw the Navy's response to the Iranian cyber attack.
Adm. Rogers was criticized for his approach to the attack for being broad and strategic instead of focused and swift. Some people maintained that he gave the hackers a chance to stay in the system far too long; others that it was the right approach.
Widespread collaboration between cyber security firms and US intelligence
The hacking of the US Navy computers was the latest Iranian attack to take US intelligence officials by surprise. Until a short time ago – and despite the RQ-170 incident – Iran wasn't regarded as an important player in cyber warfare. But cyber attacks on financial institutions and fuel companies in the Persian Gulf over the past year have alerted Washington to Iran’s burgeoning capabilities.
US security experts were much taken aback by the Iranian hackers’ skills in the Navy break-in. They proved able to communicate with the Navy computers via remote control servers.
This week the RSA, one of the largest cyber warfare events, opened in San Francisco. A rival conference called TrustyCon also began nearby.
Some people said the RSA conference should be boycotted when it was found that the National Security Agency had paid the RSA $10 million to RSA to create a security breach for US intelligence to penetrate the organizations protected by RSA members.
Some conference sources said the boycott is misplaced: taking aim at the RSA removes the heat from the technology companies and suppliers which played ball with the NSA. In any event, the suspicion is growing that all or most of the important security companies collaborate with US intelligence.