The Obama administration is reportedly poised to indict the Iranian hackers responsible for infiltrating a New York dam in 2013.
The anticipated move is widely seen as an attempt to deter Tehran’s rapidly developing cyber program, and head off concerns that the country will use a new influx of resources from its recently struck nuclear deal to fund cyber warfare efforts.
“It’s a pretty big deal,” said Adam Segal, a cyber policy specialist and senior fellow at the Council on Foreign relations.
But conservatives worry it will do little to deter Iran.
If the White House publicly blames Iran for a 2013 cyberattack on a small dam about 20 miles north of New York City, the charges would be the first public step the government has taken to curb Iran’s hacking program.
The administration had previously only gone after Iran clandestinely in cyberspace, reportedly launching a 2010 computer worm that crippled Iran's nuclear infrastructure.
The indictments would also be the first major action against Iran since the nuclear deal was signed to lift sanctions on Tehran in exchange for limits on its nuclear program.
The charges would be the first time the DOJ has indicted foreign government workers for hacking since 2014, when prosecutors accused five members of the Chinese military of trying to infiltrate various American companies.
Cyber policy specialists explain that these indictments are meant primarily as a message to other countries: We know what you’re up to.
“Clearly they want to decrease the level of hacking, but they also want to send a signal about U.S. attribution capabilities in an attempt to kind of create a deterrence,” said Segal, author of the new book, “The Hacked World Order.”
Experts believe the Department of Justice held off on the Iran indictments until after the Iran deal was finalized.
The 2013 intrusion became public in December — three months after Congress failed to reject the nuclear deal — when officials leaked details of the classified incident to the media.
It makes for an ideal test case of the Obama administration's emerging “name and shame” cyber policy, experts said. It was a relatively minor attack — the hackers never took control of the system — and the details had already been made public.
Iran’s economic sanctions were also lifted in January, giving Tehran access to roughly $100 billion of its formerly frozen assets that can now be funneled into cyber and technology development, Kagan said.
“Investing in the economy in Iran means investing in [information technology],” he explained.
All these factors make the timing ideal for the White House to say, “We’re getting better at attribution,” and “Iran should be careful,” Segal said.
Conservatives are skeptical, however, that the indictments will do anything to deter Iran.
“Shame only works if someone is going to be embarrassed about this,” said Fred Kagan, a national security scholar at the conservative American Enterprise Institute (AEI) and co-author of a recent report on the Iranian cyber threat. “I think the Iranians are quite proud of this. I would bet you that there are guys in Iran who are high-fiving … getting huge public credit for this.”
A few Republican lawmakers say President Obama has been far too slow to act.
“It is downright shameful that it has taken President Obama three years to denounce Iran for a malicious cybersecurity attack on our country while at the same time sitting at a negotiating table with them,” Sen. Steve Daines (R-Mont.) said in a statement last week.
Policy experts concede that indictments and public accusations are unlikely to demonstrably stymie Iran’s cyber program. But the charges will provide evidence that could lay the groundwork for economic sanctions.
Obama last year issued an executive order that empowered the Treasury Department to levy sanctions for hacking. But the administration has yet to wield its new powers. Many suspect the Iranian dam hack may be the first test case.