Just a couple weeks ago I wrote about the newest weaponry in warfare, namely what we're now discussing as "cyberwarfare." I'll be forever hesitant in using the "cyber" prefix because, to me, it makes its subject almost childish or toy-like. I'm losing that battle, to no real detriment, and cyber-this-or-that will continue to be part of our modern parlance. Cyberwarfare, therefore, is front and center again, and it also pains me that we're not that removed from the recent, related strife between us and Iran.
To recap briefly two oil tankers, one from Japan the other from Norway, were in the Gulf of Oman on June 13 when they were attacked with explosives. The White House pointed to Tehran and levied the claim that it was nothing short of sabotage. This, by the way, happened four weeks after another Persian oil tanker attack near the United Arab Emirates. The international community's jury is still out with many wanting for more evidence of the Iranian connections. We contend that the trend is all toward disrupting the oil market and that the Islamic Republic of Iran is instigating again some of its long held animosity against the U.S. and its allies, particularly as to oil trading.
Then, Iran seemingly dismissed the allegations against it four days later when it announced that its uranium production was ramping up. Tensions were high. Acting Secretary of Defense Patrick Shanahan resigned. Secretary of State Mike Pompeo continued blasting Iran and tried to balance the president's ire with diplomacy, hardened as it may be. On June 20, no one in the international community, nor in Iran, would dispute that Iran struck out at the U.S. by shooting down a $130 million naval surveillance drone flying over the Strait of Hormuz. The debate over whether it was in Iranian or national airspace went unsolved. Washington's response was initially to launch a counterattack but cooler heads prevailed after analysis showed that hundreds would die from our strikes. The U.S. Cyber Command was a fitting supplant to all out military attack.
The online fighting remains in full force. USCYBERCOM tweeted (how else?) that they received credible reports that a vulnerability in Microsoft Outlook was being exploited, and not by some crunchy slacker with orange fingertips hammering away in some basement. One analyst group says what many are thinking. The Outlook threat was borne of and is being continually used by a hacker group, APT33 for those of you keeping score, at the Iranian government's direction (and, I presume, with its funding, protections, etc.). This is unsurprising news to some, such as Joint Chiefs Chairman Gen. Dunford who's been on record claiming Iranian build-up of all styles of aggression. We cannot leave cyberwarfare out of that mix.
Now, to a more historic recap. Gen. Dunford among many others knows full well that this didn't just begin this summer when tankers were destroyed, though life was not. Iran's so-called Passive Civil Defense Command has been overseeing another organization known as The Cyber Defense Command in Iran since at least 2010. The "Passive" label being what it is, make no mistake that the group is, in fact, part of the Iranian military. Now, on the other hand, there is something in the fact that Iran needs cyberdefense. It's no coincidence that in 2010 one of its nuclear sites famously underwent a cyberattack known to most in this business as Stuxnet. Stuxnet was a virus that now serves as a case study in any school worth its digital salt. Even before Stuxnet, Iran's Cyber Army was building its strength and armament, as it were. And, Iran's Cyber Police was formed in 2011 to, at least on the surface, counter all of the internet crimes that Iran faced.
Our tensions with Iran began long ago, to be true. Now, more than ever since, we're at another precipice. There may be some comfort in the fact that direct, military, deadly strikes are being pulled back before enaction. At first blush you, like me, may believe that the destruction of ones and zeroes seems almost trite as compared with arms trading from decades gone by, or more modern effects of the two nation-states that could leave soldiers and civilians dead. Yet, there's something even more eerie, maybe, in the unknowns of cyberwarfare. We're talking about hacking that is much more meaningful than stealing money and passwords. We're talking about using computers and talented technologists toward destroying infrastructure, energy systems, maybe the internet itself if taken to the extreme.
The fact that the tankers and drone are in our rearview mirrors gives me no solace. The power of the computer, which finds its way into the arms cabinets of such powerhouses as the U.S., Iran, Israel, Russia of course, and many other Western and modern societies has yet to show its might, I'm afraid. If you think that here in the Tri-County nothing of this magnitude or import would ever find its way to our hollers, churches, or schools, then I might remind you that 90 miles south sits the Oak Ridge Nuclear Laboratory. Regrettably, this is not the time to shuck off fears of "all that computer stuff" because, as is becoming clearer every week, that stuff is no less powerful than bayonets or swords were; than grenades or handguns were; than machine guns; mines; or Tomahawk missiles. See, it's not the technology that causes pain and suffering in warfare settings, it's the ideology that transforms the technology into a weapon. "What's next?" is a question that I'd rather not contemplate until I better understand cyberwarfare in its current state.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at firstname.lastname@example.org.