Merely hours after the assassination of Major General Qassem Soleimani, Iran’s most powerful military leader, the US Department of Homeland Security warned that critical domestic systems might form targets for Tehran’s response.

“Iran maintains a robust cyber program and can execute cyber attacks against the United States,” the DoHS noted.

At the time of writing, however, there is little evidence of any cyber action specifically related to President Trump’s controversial order beyond the juvenile defacement of a couple of websites with anti-US rhetoric. Moreover, having launched what many see as a symbolic rocket attack already, Tehran must also digest the consequences of its forces’ apparently accidental but definitely horrific downing of a civilian airliner.

Iran’s cyber-warfare capabilities are nevertheless very real and have been growing for some time. Indeed, one of the ironies behind the DoHS warning is that Iran started to give the development of digital weaponry far greater prominence almost exactly a decade ago because of what it considers an earlier and illegal US-Israeli action (though it has never been acknowledged as such): the 2010 deployment of the Stuxnet virus to disrupt the operation of centrifuges Iran was using to enrich uranium.

As much as Stuxnet may have seeded Iran’s decision to strike a nuclear deal with the US and the larger European powers (since repudiated by Trump), it also stiffened the regime’s determination to delve deeper into this fast-evolving branch of asymmetric warfare. So, 10 years on, just how much of a threat does Iran represent?

It is not entirely unreasonable to view the DoHS warning somewhat phlegmatically, although it is being talked up by some of Washington’s digital doom merchants. Consultants gotta eat… and all that.

As most cyber-security professionals acknowledge, Iran has some ‘history’. Over the years, its ‘signatures’ have been found on a range of attacks, including some aimed at gleaning information of military or political value, seriously damaging US banking, or embedding ‘sleeper’ code within utilities.

In terms of sophistication and frequency, these and other efforts are generally ranked behind those of the US’s two main rivals in cyberspace, Russia and China, but ahead of just about any others.

Iran could do a lot of damage. But do note that the calmer, wiser heads seem to be putting more emphasis on ‘could’ than ‘will’.

First, any serious digital security strategy should already be taking Iran into account. It has been a significant factor for quite a while (although, being fair to the DoHS, a word to the not-so-wise doesn’t go amiss at any time).

Second, and of more immediate relevance, hard-nosed cyber-security experts do wonder just how much  an aggressive ‘cyber revenge’ would benefit Iran right now. Tehran’s priority remains the ejection of US forces from its specific region of influence. The signs are that the Soleimani killing is proving to be a geopolitical blunder of epic standards, even when judged against other examples of Trump’s global cackhanded­ness. The Iraqi leadership has now formally told American forces to leave. That pressure persists despite the downing of Ukrainian International 752.

In that context, why would Tehran seek to launch any kind of direct and attributable attack on US soil thousands of miles from its objectives, be it traditional terrorism or an attempt to shut down a utility or hospital?

Rather, it can keep such potential in reserve, should the US escalate, while confining its promised payback to its own theatre. So, Iran could seek to disrupt US and Coalition military communications, seeing those as fair game (and legally, probably much more so than threats to cultural sites).

Of course, fail to prepare, prepare to fail… and all that. But the engineering view and strategy I’m hearing in response to warnings about an imminent digital Iranian offensive is that a wee bit more fear is being whipped up than may be justified. 

Merely hours after the assassination of Major General Qassem Soleimani, Iran’s most powerful military leader, the US Department of Homeland Security warned that critical domestic systems might form targets for Tehran’s response.

“Iran maintains a robust cyber program and can execute cyber attacks against the United States,” the DoHS noted.

At the time of writing, however, there is little evidence of any cyber action specifically related to President Trump’s controversial order beyond the juvenile defacement of a couple of websites with anti-US rhetoric. Moreover, having launched what many see as a symbolic rocket attack already, Tehran must also digest the consequences of its forces’ apparently accidental but definitely horrific downing of a civilian airliner.

Iran’s cyber-warfare capabilities are nevertheless very real and have been growing for some time. Indeed, one of the ironies behind the DoHS warning is that Iran started to give the development of digital weaponry far greater prominence almost exactly a decade ago because of what it considers an earlier and illegal US-Israeli action (though it has never been acknowledged as such): the 2010 deployment of the Stuxnet virus to disrupt the operation of centrifuges Iran was using to enrich uranium.

As much as Stuxnet may have seeded Iran’s decision to strike a nuclear deal with the US and the larger European powers (since repudiated by Trump), it also stiffened the regime’s determination to delve deeper into this fast-evolving branch of asymmetric warfare. So, 10 years on, just how much of a threat does Iran represent?

It is not entirely unreasonable to view the DoHS warning somewhat phlegmatically, although it is being talked up by some of Washington’s digital doom merchants. Consultants gotta eat… and all that.

As most cyber-security professionals acknowledge, Iran has some ‘history’. Over the years, its ‘signatures’ have been found on a range of attacks, including some aimed at gleaning information of military or political value, seriously damaging US banking, or embedding ‘sleeper’ code within utilities.

In terms of sophistication and frequency, these and other efforts are generally ranked behind those of the US’s two main rivals in cyberspace, Russia and China, but ahead of just about any others.

Iran could do a lot of damage. But do note that the calmer, wiser heads seem to be putting more emphasis on ‘could’ than ‘will’.

First, any serious digital security strategy should already be taking Iran into account. It has been a significant factor for quite a while (although, being fair to the DoHS, a word to the not-so-wise doesn’t go amiss at any time).

Second, and of more immediate relevance, hard-nosed cyber-security experts do wonder just how much  an aggressive ‘cyber revenge’ would benefit Iran right now. Tehran’s priority remains the ejection of US forces from its specific region of influence. The signs are that the Soleimani killing is proving to be a geopolitical blunder of epic standards, even when judged against other examples of Trump’s global cackhanded­ness. The Iraqi leadership has now formally told American forces to leave. That pressure persists despite the downing of Ukrainian International 752.

In that context, why would Tehran seek to launch any kind of direct and attributable attack on US soil thousands of miles from its objectives, be it traditional terrorism or an attempt to shut down a utility or hospital?

Rather, it can keep such potential in reserve, should the US escalate, while confining its promised payback to its own theatre. So, Iran could seek to disrupt US and Coalition military communications, seeing those as fair game (and legally, probably much more so than threats to cultural sites).

Of course, fail to prepare, prepare to fail… and all that. But the engineering view and strategy I’m hearing in response to warnings about an imminent digital Iranian offensive is that a wee bit more fear is being whipped up than may be justified.