The demise of Qasem Soleimani, commander of Iran’s Quds Force, in a U.S. drone strike on Jan. 2 has provoked a firestorm of commentary.
Make no mistake: Soleimani was a lethal adversary of the United States who long fixed America in the crosshairs and had recently intensified his activity in this regard. He possessed substantial skill, demonstrated effectiveness, exercised deadly leadership, and evinced charisma. Removing a military leader of his caliber and stature from the battlefield is significant even if not determinative.
How things unfold from here on in is largely up to Iran. The threat of kinetic retaliation in the physical world is certainly top of mind for officials charged with protecting U.S. interests. The biggest concerns are U.S. military, diplomatic and economic entities in and around the Persian Gulf. Bear in mind, though, that Soleimani led Iran into the cyber domain, just as he led troops on the physical battlefield.
Cyber domain is unique: It affords the ability to touch your adversary without setting foot on their soil. If you want to hit the U.S. homeland directly, without encountering the challenges that come with trying to enter the country in real life, then cyber means offer a tempting tool.
To be clear, Iran has long recognized this and has invested heavily in its cyber capability. At the same time, the country’s Islamic Revolutionary Guard Corps (IRGC) – which Soleimani led – has deepened its involvement in cyber operations, manifesting a solid grip on offensive cyber operations.
Indeed, Iran has a history of flexing its cyber muscles – including against the U.S. homeland. And in the physical world, Iran has been brazen in its efforts: recall the 2011 plot to assassinate on U.S. soil Saudi Arabia’s ambassador to the United States.
In the Gulf region, Iran has honed its craft in the cyber domain by using neighbors – Saudi Arabia and the United Arab Emirates – as practice fields. While engaging in such activity, Iran has focused on energy sector targets such as Saudi Aramco, and on industrial control systems that are the linchpin of critical infrastructure operations.
Iran’s past practice in relation to the United States is set out in a Department of Homeland Security (DHS) Alert released on Jan 6. This activity includes distributed denial of service (DDoS) attacks on the U.S. financial services sector; “unauthorized access to a dam in New York State”; and “a massive cyber theft campaign” directed at “academic and intellectual property data as well as email account credentials.”
Moreover, in a Bulletin issued on Jan. 4 under the National Terrorism Advisory System, DHS noted, “Iranian leadership and several affiliated violent extremist organizations have publicly stated they intend to retaliate against the United States.” The document described Iran’s cyber program as “robust,” stating that, “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
Cyber capability, motivation and intent. Iran has had all three, for some time – and now, more than ever. Notably, Iran has long used proxy forces in both the physical and virtual worlds in order to amplify its indigenous capabilities. Proxies are a significant concern insofar as some – such as Hezbollah – are highly capable and possess global reach.
There are also regime sympathizers (“hacktivists”). The latter appear to have been responsible for some “low-level” activity, roughly 20 “website defacements,” that occurred in the days immediately following Soleimani’s death. While not sophisticated, these types of incidents can nevertheless cause disruption. More importantly, sympathizers that occupy a position as an “insider” could also pose a threat-from-within to critical U.S. infrastructure.
Bottom line: Cyber tactics, techniques and procedures have allowed Iran to achieve asymmetric gains out of proportion to its conventional military power. Moving ahead, we would do well to remain on guard and attuned to the threat. To this end, on Jan. 6, the DHS Cybersecurity and Infrastructure Security Agency (CISA) published guidance for both cyber and physical protection.
Iran may choose patience, so vigilance should guide us – not just today but into the future.
Frank J. Cilluffo is director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, and Center for Cyber and Homeland Security.
Sharon L. Cardash is deputy director of Auburn’s Center for Cyber and Homeland Security.