#1267133: What Really Happened in the Cyber Command Action Against Iran?

Description: Amid rising tensions with Iran following the country’s downing of a U.S. surveillance drone last month, President Trump reportedly ordered and then called off military strikes against targets in Iran. Soon, news reports indicated that, in lieu of those strikes, U.S. Cyber Command had taken offensive action against Iranian targets. The operation was first reported by Yahoo News, which described it as a “retaliatory digital strike against an Iranian spy group.” Shortly afterward, several other outlets picked up the story.

After the news broke, Bobby Chesney, writing about the legal context for the reported operations on Lawfare, offered a note of caution: “Details remains sparse, and so the analysis that follows is necessarily subject to revision as more emerges.” But two weeks later, the specifics of the operation remain unclear. The Pentagon has declined to provide further details, saying that “as a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning.” Moreover, the available reports demonstrate a lack of agreement, even among major news outlets, as to what precisely happened. But a careful reading of the reporting suggests that the U.S. response consisted of three distinct operations.

Multiple outlets have reported that U.S. Cyber Command targeted command and control systems used by the Islamic Revolutionary Guard Corps (IRGC) to launch missiles and rockets. This appears to be the first operation. The Washington Post writes, “President Trump approved an offensive cyberstrike that disabled Iranian computer systems used to control rocket and missile launches,” and adds that the attack was carried out “against the Islamic Revolutionary Guard Corps.” Reports from the Wall Street Journal and the New York Times, meanwhile, confirm that Cyber Command targeted control systems for missile launches. The Journal, however, refers to the target organization as “an Iranian intelligence group,” which could be understood to mean either the IRGC or an affiliated organization. The Times does not identify the target organization at all.

But the Times, unlike the other outlets, reports explicitly that multiple operations took place. The article states that in addition to targeting missile control systems, “an additional breach” compromised “multiple computer systems … including those believed to have been used by an Iranian intelligence group that helped plan the tanker attacks.” This seems to be a distinct, second operation that targeted the systems of an IRGC-affiliated intelligence organization seeking to manipulate or destroy software used to track tankers in the Strait of Hormuz. CNN reports similarly: According to the outlet, the target organization was a “spy group, which has ties to the Islamic Revolutionary Guard Corps,” and the “online strike targeted an Iranian spy group’s computer software that was used to track the tankers that were targeted in the Gulf of Oman on June 13.” Yahoo News offers a similar identification of this second target organization, writing it was an “Iranian spy group that supported last week’s limpet mine attacks on commercial ships, according to two former intelligence officials.”

Finally, CNN also reports what appears to be a third operation targeting the “networked communications” of Kata'ib Hezbollah, an Iranian-backed paramilitary organization, “in the days after Iran shot down a US drone.”

There also appears to be disagreement about whether any of the operations were successful— and, if so, which. The Times acknowledges that “determining the effectiveness of a cyberattack on the missile launch system is particularly difficult” and that the only way to know would be “if Iran tried to fire a missile and failed” because the U.S. operation had successfully disabled the systems necessary to communicate and authorize launch orders. Similarly, CNN said of the operation against Kata’ib Hezbollah that “neither of the officials … would discuss how successful the cyberattack may have been.” Though the Journal writes that sources characterized the operations in aggregate as “very” effective and the Post quotes a source as saying, “This is not something they [Iran] can put back together so easily,” it is not clear precisely what the sources mean or what it is that Iran will have difficulty “put[ting] back together.”
More info: https://www.lawfareblog.com/what-really-happened-cyber-command-action-against-iran

Date added July 11, 2019, 6:27 p.m.
Source Lawfare Blog
Subjects
  • Government USA
  • Kataib Hezbollah - Iraq
  • Latest Global Security News
  • . News Iran
  • News USA
  • US CYBERCOM / U.S. Cyber Command / Also JFHQ-DoDIN
Country USA