Concerned about a cyberwar between the United States and Iran? Would you participate? Share your comments below or express your views via multimedia on Underground Iran.
On January 17, 1991, as the 34-nation coalition of Operation Desert Storm prepared for its first aerial bombardment of targets in Iraq, the U.S. military sprung a surprise.
Iraqi radar screens suddenly blinked and went dark, momentarily blinding Saddam Hussein’s military. The “Kari” radar control system had been infected with a computer virus, planted and controlled by the Pentagon. “It was a French system,” notes intelligence historian Matthew Aid of the Iraqi radar control. “They gave us the schematics and we found a way to insert some buggies into their system as the first wave of American bombers streaked toward Baghdad.”
It worked brilliantly. Iraq’s defenses were paralyzed, allied bombers faced no serious opposition, and the U.S. became the first-ever nation to launch a documented cyber-attack.
Since then, war and conflict – like many other things – have increasingly moved online. In Kosovo, Lebanon, Estonia, Georgia and elsewhere, digital weapons have been deployed to create mischief, havoc and damage. Now, as tensions rise between Iran and the U.S. and Israel, serious questions are being asked about whether the coming months may bring a new cyberwar, and what it may mean for countries in the Persian Gulf and elsewhere the world.
Is cyberwar for real?
It’s no secret that tensions between Iran and the U.S. and Israel are running unusually high. There’s lots of reasons, but really only one explanation: Iran’s continuing pursuit of nuclear technology.
Earlier this month U.S. President Barack Obama spoke of a “window of opportunity” for pursing a diplomatic solution over a military one – comments that won rare praise from Iranian supreme leader Ali Khamenei. But as the month has dragged on with little to show, Obama is now cautioning that window may be “shrinking.” In the meantime, Israeli officials continue to speak openly about the necessity of “action” – widely interpreted as a warning that military strikes on Iranian targets may be in the offing.
The possibility of traditional military action is worrisome enough, but a growing number of observers are increasingly concerned the tensions may spark the world’s first genuine cyberwar in the Persian Gulf region.
Observers say may, because honestly no-one knows what a cyberwar would look like. In fact, there’s little to no agreement about what it actually might be.
According to retired National Security Council terrorism adviser Richard Clarke, cyberwar could mean many things – none of them good:
“It could blow up pipelines. It could cause blackouts and damage electrical power grids so that the blackouts would go on for a long time. It could wipe out and confuse financial records, so that we would not know who owned what, and the financial system would be badly damaged. It could do things like disrupt traffic in urban areas by knocking out control computers. It could, in nefarious ways, do things like wipe out medical records.”
Planes could fall from the skies, says Clarke; water systems could be flooded with sewage and panicked mobs could run riot. More alarmingly, he claims all this could happen in just 15 minutes.
“Things are exploding, planes are crashing, thousands of people die,” says Lawson of predictions of digital apocalypse. “And of course in reality we haven’t seen any cyber-attacks that come anywhere close to causing these kinds of impacts.” Lawson chides those like Clarke who frighten the public with a combination of worst-case events and a mish-mash of Internet jargon. War is war, he says, and no nation has ever yet launched a digital war on another:
“The conflation of lots of very different kinds of threats into one sort of umbrella term of cyberwar is actually a rhetorical tactic that’s used to try to help motivate a response. We get very ambiguous in our use of language. But also we’re getting sloppy with our use of terms like war and attack. In this way of thinking, it’s not just physical damage against property or damage or injury caused to people or death and destruction that are the key components of war, but now stealing information or taking down a website or defacing a website gets lumped under the term war. Which really cheapens what the word war means.”
To be certain, everyone agrees that digital weapons exist and have been used. The most famous example is probably the “Stuxnet” virus, which in 2010 targeted Iranian centrifuges used in processing nuclear material, disabling them. Stuxnet was remarkably good at its job, but once Iranian and other engineers discovered it, they were quickly able to neutralize the threat.
What cyberwar might look like
Debate about what it actually looks like aside, what weapons might Iran, Israel and the U.S. possess, and what could a battle look like? Answering that is one part intuition, one part experience, and a whole lot of guess work.
“The Iranians…have a fairly robust cyberwar capability,” says intelligence historian Matthew Aid:
“If they think the threat is real, they could unleash the weapons that they have available to them in sort of a preemptive mode, or in a post-attack retaliatory mode. There are a couple universities outside Tehran that specialize in real-time research into cyberwar, offensive and defensive. My concern is that if the Iranians think the balloon is about to go up, they could launch that capability.”
In small-level hacks, both Iran and Israel have demonstrated skill at fouling up each others online activities. But analysts believe both nations probably possess far more potent “logic bombs” and other digital weaponry they haven’t yet used. A genuine online war between the two could get ugly very quickly.
That said, the battles might actually begin small. Think online skirmishes between angry bands of nationalist hackers, busting into systems and defacing websites, but doing no serious long-term damage. Or perhaps, says Matthew Aid, should Israel decide to strike Iranian targets, it might begin with online operations to knock out crucial defense systems, “…like the artillery barrage before the cavalry goes up the hill.”
That, cautions University of Utah professor Sean Lawson, would probably elicit a response from Iran, and soon after from allies like Hezbollah, Syria and possibly even North Korea. And if that were to happen, hacker havens like Russia, China and those in Europe and North America might soon join the fray. One genuine danger of cyberwar, says Lawson, is how quickly it could spread around the globe.
Another possibility is that the U.S. may then strike first, yet most agree that’s unlikely. More probable is a defensive punch back with undetermined weaponry, followed up with proxy attacks on a wide range of targets. Or perhaps, if a more severe conflict were in the offing, digital warriors might try to disable the FALCON and Gulf Bridge International submarine communications cables – the primary links between Iran and the rest of the digital world. That, however, could also affect Kuwait, Bahrain and other Persian Gulf nations as everything on the Internet is connected to something else.
Whatever the tools at hand, everyone agrees the U.S. has the most sophisticated digital weaponry available. And if the Pentagon were to hit Iran online, it would probably start from Fort Meade, Maryland – home to the U.S. Cyber Command and the National Security Agency. If the past holds true, any digital weapons launched from there would serve mostly as a support function for other military activities – much like blinding Iraq’s radar before aerial bombardment.
Are you prepared? Will you enlist?
The possibility of a full-scale cyberwar raises the specter of involving millions of civilians across a nation or region in battle. Some logic bombs, like Stuxnet, might have specific targets. But attacks on civilian infrastructure, like power grids or pipelines, could lead to widespread chaos and suffering that can’t be treated in a hospital emergency room.
Because the full threat of digital conflict isn’t truly known, it can be practically impossible to prepare for. Should I withdraw my money from the bank? Should I stock up on fresh water? Will the pipeline near my house explode, or my daily train derail? Just thinking about it can feel overwhelming.
Another aspect is cyberwar is how it may be fought. Traditional armies train recruits for months before they’re battle-ready, but a hacker army needs no training and no draft. New members can “enlist” at a moments notice, even conducting their mischief in their off hours. If one nation strikes another, it’s very likely a flood of new cyber recruits will flood the Internet, carrying out attacks large and small in their nation’s name.
How worried are you about the prospect of cyberwar? Is there anything you’re doing to prepare? If a conflict breaks out, how willing might you be to enlist in the online battle and digitally attack the nation that attacked you? Share your comments below or express your views via multimedia on Underground Iran.
Doug Bernard has been a working journalist for nearly three decades. Prior to coming to VOA, he was a contributor with National Public Radio, the New York Times, the Christian Science Monitor and SPIN, among others. He was APSA's Burton Broadcast Fellow in 1994, and the Wallace Broadcast Fellow at the Knight-Wallace Fellowships in 2000. While at VOA as host of "Talk to America" he was named International Presenter of the Year, 2006 by the Association of International Broadcasters; he also hosted the popular "Daily Download" web series. Currently he is managing editor of VOA's "Digital Frontiers" project.