A diplomatic deal with Iran to limit its nuclear program could inadvertently jumpstart the country’s cyber warfare efforts.
Experts say Tehran might use the economic sanctions relief from the nuclear pact to buttress its growing cyber program, which has already infiltrated critical networks in over a dozen countries, including the U.S.
Negotiators appear to be in a catch-22 when it comes to Iran’s online aggression.
If the deal falls apart, Tehran is expected to retaliate aggressively against U.S. companies through cyberspace.
And while Iranian cyber warriors might spare the U.S. if a deal is reached, they would also gain access to better technology and training, speeding the already rapid pace at which the country is becoming a major cyber power.
“We’re in a lose-lose situation from that standpoint,” said Fred Kagan, a national security scholar at the conservative American Enterprise Institute (AEI) and co-author of a recent report on the Iranian cyber threat. “Would you rather have them do that with more resources or fewer?”
The Obama administration is pushing for a diplomatic agreement with Iran that would lift crippling economic sanctions in exchange for Tehran restricting its nuclear program and agreeing to international inspections.
Republicans are skeptical of the talks, with many convinced the deal won’t stop Iran from acquiring nuclear weapons. Some lawmakers worry that the easing of sanctions will empower the country’s agenda in other areas, such as cyberspace.
“I do not agree with the assertion that a so-called agreement on Iran’s nuclear program will reduce incentives for Iran to launch cyberattacks on the U.S.,” Rep. John Ratcliffe (R-Texas), who chairs a House subcommittee on cybersecurity, told The Hill.
“If anything, the increased revenue and Iran’s perceived ‘improved standing’ in the international community would only whet its appetite for heightened aggression,” he added.
Numerous security researchers preach caution.
While a successful pact won’t slow Iran’s advancing cyber program — now considered top-five worldwide — it could dissuade Tehran from escalating the severity of attacks against the United States.
“It holds [Iran] back for awhile,” said Jeff Bardin, chief intelligence officer at cyber data firm Treadstone 71. “I don’t think we’ll see any major hits against the U.S.”
Iran’s most assertive hacking groups have gone nearly silent in recent months, which could be an attempt to lay low while the nuclear talks play out.
“Right now we’re not seeing anything,” said Stuart McClure, CEO of security firm Cylance, which published a groundbreaking report on the extent of Iranian hacking. “It’s been pretty dead.”
Iran is already heavily investing in cyber — tens of millions of dollars annually by most estimates.
Over the last few years, the country has spared few expenses to establish top-notch cyber education programs, take over security companies as fronts for cyberattacks, and build out stockpiles of cyber weapons infrastructure.
With significant sums already earmarked for cyber, Iranian leaders are expected to inject any newfound capital from a nuclear agreement into the banking sector and other areas decimated by sanctions.
“If there’s a deal, Iranian priorities will be the economy, the economy and the economy, in no particular order,” said Cliff Kupchan, an expert on Iranian policy and chairman of the Eurasia Group. “Could they spend some extra walking-around money that comes out of the nuclear program on cyber? Sure. But there’s lot of things they need to spend money on.”
There remains a slim possibility that the parties to the Iran talks might pledge to limit cyberattacks on each other as part of the deal.
“I’m not sure we’ll see any of that at the public level,” Bardin said. “But something of that type might be on the table.”
President Obama recently signed an executive order giving the Treasury Department power to impose economic sanctions on foreign regimes in retaliation for hacking.
But AEI’s Kagan thinks it’s “extremely unlikely” the administration would use this new authority to narrowly target Tehran’s cyber program. Iran has made clear the nuclear deal is contingent on sanctions being lifted across the board.
“Iranians will say that it’s in bad faith and will take it very hard,” Kagan said.
For many, the disagreement boils down to what they believe the ultimate goal of Iran’s cyber program is.
Some see a successful deal morphing Iran’s cyber program into a “mini-China,” focused on commercial and political espionage, with little intent of launching a destructive cyberattack on the U.S., such as taking out an electric grid or manipulating oil prices.
“If they’re going to cooperate more in the global economy, and we know they have cyber espionage operations, why not use it to steal information that would help shore up their burgeoning industry?” said Jen Weedon, threat intelligence manager at security researcher FireEye.
Others insist Iran is unequivocal about its stance that the country is at cyberwar with the U.S., regardless of its political agreements.
Ratcliffe recalled a speech last year in which Ayatollah Khamenei reminded university students they were “cyberwar agents.”
“I do not expect Iran’s quest for power to decrease if an agreement is reached, and cyber warfare is clearly part of its strategy,” he said.