Recent analysis has demonstrated the depth to which Iranian cyber operations have sought to disrupt the US political system.
The cyber domain is a connective tissue that links industries and businesses, governments and people, and even military commanders with one another on the battlefield.
As such, it is no surprise that cyber operations have become an increasingly attractive mechanism for state-sponsored or state-based groups to disrupt the everyday business or political traditions of their adversaries and thus undermine their resilience.
Indeed, all industries are at risk. Whether it’s a nation’s defence force or defence industry, right through to critical civilian infrastructure like energy and water, the cyber space has provided an exploitable vector for threat actors to attack their adversaries with little risk of physical response.
One needs to look no further than the 2007 attacks on Estonia to understand the broad threat surfaces in which cyber wars can be waged. Throughout the allegedly Russian operation, the malicious actors targeted Estonia’s parliament, financial services industries and media outlets. A similar cyber campaign was observed in the lead-up to the Russian invasion of Georgia in 2008.
As a result of this broad threat surface, cyber-enabled information warfare has become a mainstay of international grey zone operations, where countries engage one another in a contest that falls below the legally defined threshold of an armed attack with large operational level impacts.
If Carl von Clausewitz’s notion that “everything in war is very simple”, cyber operations are arguably the most simple. Few can legally be held to account for the attacks, with the victim holding little legal recourse for compensation or indeed the right to self-defence.
An Iranian case study
A recent analysis by Mark Grzegorzewski, Michael Spencer, and Ken Brown in the Modern War Institute this week hypothesised that Iranian cyber operations were symptomatic of a “security-seeking” state rather than a purely offensive measure.
As cyber operations have “a low barrier to entry… the gain in security is realized when the US information environment around Iran is diluted and divided. If the United States cannot agree on consistent, effective policy to deter Iran, that makes the US security posture toward Iran weaker,” the trio argue.
Subscribe to the Defence Connect daily newsletter.
Be the first to hear the latest developments in the defence industry.
“Information operations also allow Iran to permeate the open US society and shift or muddy the information environment toward Iran’s preferred narrative, or to effectively dilute and counter US information about Iranian actions and sow doubt regarding US credibility.”
According to the recent report, even as early as 2010, some 2,200 Iranian Facebook “assets” reached six million users with an additional 8,000 Twitter accounts producing in excess of 8.5 million Tweets.
“Iran’s goal was to change US perceptions regarding its meddling in the Syrian civil war and its nuclear ambitions,” the trio noted.
Though, Iran’s actions weren’t simply aimed toward reorienting the international narrative but firmly focused on fostering divisions within the US body politic.
“After the 2018 midterm elections, an Iranian influence campaign was used to describe the American democratic process as subverted by right-wing radicals (i.e., the Trump administration) and the United States as a divided country with failing institutions,” the trio argued.
“In 2020, it was the discovery by Facebook of Iranian penetration of 766 pages, followed by some 5.4 million Facebook users, that put an Iranian influence campaign on the US government’s radar. Furthermore, and as noted above, Twitter discovered 7,896 accounts had shared over 8.5 million messages of potential Iranian propaganda.”
For comparison, The New York Times reported that Russian disinformation campaigns “published more than 131,000 messages on Twitter”.
The trio argue that such cyber operations went as far as to foster fear with social engineering attempts, not only smearing the elected government, but fomenting concerns of physical violence in the lead up to the Presidential election.
“In addition to the concurrent social media infiltration, an Iranian influence campaign made another attempt at voter coercion by distributing phony emails to thousands of Alaska, Arizona, and Florida registered voters. These emails portrayed the sender as the Proud Boys and threatened harm to anyone who did not vote to reelect President Donald Trump.”
Sonja Swanbeck in the Lawfare Blog hypothesised that “Iran’s brash foray into US election interference may have been a sign of Iran’s increasing desperation to escape the maximum pressure campaign mounted by the Trump administration by supporting an opposing candidate it believed would be a less aggressive and more predictable adversary.”
Cyber operations are a quest for competitive control over a nation’s polity
In 2019, French Minister for the Armed Forces Florence Parly declared that “cyber warfare has begun”, noting that France was already competing against “intelligence operations [and] influence operations”.
Unsurprisingly, foreign interference has also been detected in French, German and Spanish elections demonstrating that foreign governments and intelligence agencies are competing for control over Western polity.
In this manner, the US Navy Commander (Ret’d) Mike Dahm succinctly argued that “violent action is one way to accomplish a mission; it is not the objective” with cyber enabled information operations critical to control “foreign hearts and minds”.
How should Australia better prepare for a conflict environment defined by cyber and information operations?
Editor – Defence and Security, Momentum Media