Iran’s Cyber-Retaliation

Iran’s Cyber-Retaliation October 25, 2012

Most of our attention to Iran has been on an amateur sketch of a nuclear bomb and talk of red lines during Presidential debates. Many are worried America will soon take military action against Iran over the issue of nuclear proliferation.

Military action is dangerously close – and not because of nuclear weapons. U.S. banks have experienced cyber-attacks recently. Back in August, the Saudi Arabian oil giant Aramco suffered a cyber-attack. Here’s a description of the attack from Nicole Perlroth, writing for the New York Times:

That morning [August 15], at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.

United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.

As Secretary of Defense Panetta notes, there is an escalation of the situation taking place, especially with blame settling on Iran. But it’s important to realize that, by the Department of Defense’s stance on cyber-attacks, that these recent electronic infiltrations are classifiable as acts of war.

Early this year, I summarized the key parts of the Department of Defense’s position on cyber-attacks:

Drawing from the United Nations Charter on what constitutes an act of war, the report argued that “some activities conducted in cyberspace could constitute a use of force, and may as well invoke a state’s inherent right to lawful self-defense.” The words “some” and “may” make the statement vague and open to interpretation, but it’s clear enough that cyber attacks are classifiable as acts of war.

Earlier in the report, it explains that the United States is working with its allies to improve its cyber-defenses in order to defend the “strategic calculus.” Furthermore, it states that attacks meant to cripple America’s cyber-infrastructure would be taking a “grave risk,” bound to be responded to by the Commander in Chief with “all means necessary.”

To return to Iran’s recent cyber-attacks against U.S. Banks and the Saudi oil company Aramco, the U.S. has grounds to take military action against Iran using “all means necessary.” It’s unlikely that America will take immediate action against Iran, what with the pending Presidential election and the threat of sequestration setting in early next year.

Nonetheless, we should pay careful attention to how these cyber-attacks develop. The conflict with Iran could easily escalate to war some time next year due to cyber-attacks. America still lacks solid, definitive proof of nuclear proliferation. Burning American flags that suddenly appear on computer screens, however, indicate with fairly substantive proof that a cyber-attack has taken place. And if America has more definitive grounds to go to war against Iran, it probably will, for it can then attempt to end Iran’s nuclear program as part of the war.


Browse Our Archives