The United States Must Work With Allies to Deter Iranian Cyberwarfare Threat

The ransomware attack by the hacking group DarkSide against a critical gas and jet fuel pipeline on the East Coast has shuttered hundreds of gas stations and disrupted travel. Initial assessments say the attack was criminal in nature, although many experts believe that the cyber criminals operate with tacit approval of the Russian government. This serious attack occurred in the wake of the February attack by Chinese hackers against Microsoft software.

The most concerning aspect of these two operations is what they say to adversaries: Critical infrastructure with a direct impact on the economy of America can be manipulated or taken offline by experienced criminal or proxy enterprises with little response against the countries that tolerate – or enable – their work.

America’s adversaries have poured investment into developing offensive cyber capabilities to be deployed against the United States and its allies in recent years. While China and Russia are considered our primary cyberthreats, North Korea and Iran operate aggressive offensive cyber programs that have successfully targeted the United States and our partners. Iran in particular has punched above its weight, carrying out the most sophisticated, wide-ranging and costliest cyberattacks in the history of the internet age aimed at U.S. sectors ranging across “financial services, energy, government facilities, chemical, healthcare, critical manufacturing, communications, and the defense industrial base,” according to the U.S. Cybersecurity and Infrastructure Security Agency.

We should not forget that Iran’s cyber warriors – loosely organized in hacker collectives backed by the Islamic Revolutionary Guard Corps – launched Dedicated Denial of Service attacks costing U.S. banks tens of millions of dollars, hacked into the controls of a dam in upstate New York, installed wiper malware that deleted the data and rendered inoperable 30,000 computers at Saudi Aramco, carried out a data deletion attack against a Las Vegas casino, launched disinformation campaigns meant to influence U.S. elections, stole data from hundreds of universities and government agencies and attacked foreign firms responsible for the foundations of internet security. More recently, Iran has demonstrated the interest and capacity to poison Israeli water supplies, attack the U.S. electrical grid, steal government secrets and undermine our democracy.

Though the Biden administration and the Trump administration were – and currently remain – primarily focused on Iran’s nuclear program and state sponsorship of terrorism, the regime’s offensive cyber capabilities remain an important threat. Tehran is also likely to use its cyber tools against Israel and possibly the United States in support of Hamas.

We have only begun to develop the architecture needed to counter this threat. Further progress will require a more robust public-private sector engagement as well as deepening our cooperation with allies and partners. Congress has taken an important step with efforts to develop bipartisan legislation aimed at strengthening our cyber partnership with Israel. But we would be wise to consider other important economic and security partners that have also been targets of similar attacks. Japan, South Korea, Bahrain, Saudi Arabia and the United Arab Emirates would be important candidates for this last category.

Special attention against Iran must continue. In September, the Treasury Department imposed sanctions on cyber actors linked to Iran’s Ministry of Intelligence and Security. But while these sanctions send an important message, they are unlikely to deter Iran’s leadership from further cyberattacks. Iran must understand that its most important economic assets will also be at risk should it – or its proxies – use cyber weapons against the United States. Those negotiating a follow-on to the nuclear deal – and those in Congress who will be asked to approve the deal – should keep this in mind as talks progress.


Norman T. Roule is the former national intelligence manager for Iran at the Office of the Director of National Intelligence and a senior adviser to United Against Nuclear Iran. Jordan Steckler is a research analyst at UANI.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Morning Consult