The world shook at the news in early January that a United States drone strike had killed Iran’s top military general, Major General Qassem Soleimani, outside Baghdad’s airport. According to the Pentagon, the attack was conducted as a decisive defensive action at the direction of President Donald Trump to protect US personnel abroad.
There are widespread concerns that these events might fuel further conflict between the two countries. Considering the importance of information networks and cyberspace for our everyday lives, there is also concern that this conflict might not only take place in the physical world, but could take the form of cyberattacks. These could have serious consequences, particularly since Iran has demonstrated an increase in its cyber capability in the past decade.
The most memorable cyberattack between Iran and the US was the Stuxnet virus in 2010, which infected Iranian uranium enrichment facilities and caused their centrifuges to malfunction. Although no country claimed responsibility, it is widely considered to be the work of state-supported US and Israeli experts.
At the moment, US cyberwarfare capabilities are multifaceted, organized and of a very high level. In October 2019, US officials told Reuters that the US had launched a secret cyber operation against Iran’s propaganda infrastructure following an alleged Iranian drone and missile attack on Saudi Arabian oil facilities.
On the other side, it was discovered in 2013 that Iranian hackers who allegedly perform work for the Iranian government had penetrated the computer controls of a small dam north of New York City. These same hackers also launched cyberattacks against dozens of large financial institutions and blocked customers from accessing their accounts online.
In the current climate, Iran could consider using its cyberattack capability as part of its retaliation for the killing of Soleimani. Acknowledging the possibility of a spate of cyberattacks from Iran-affiliated parties, the US Department of Homeland Security warned US companies to consider and assess the possible impact such an attack could have on their business.
Contrary to these concerns, Iran’s capability to launch major cyberattacks that could affect a large part of the US population has been downplayed by some cybersecurity experts. Others have argued that cyberattacks might not be aggressive enough retaliation for Iran, which is more vulnerable than it is capable online.
It’s one thing to talk about cyberattacks by hackers with a political or nationalist motivation—of which there has been a reported increase in the wake of Soleimani’s death. But it’s another issue altogether to talk about acts that are so forceful and monumental that they could amount to cyberwar.
Cyberwarfare is far more serious and could amount to taking control of critical infrastructure to disable military targets or seriously harm sections of the public. Acts of war involve states and relate to actions led by governments or military forces. But it’s often difficult to attribute a certain cyberattack to a particular government. Attacks can be perpetrated at a distance and by hacker groups not openly employed by the government involved.
Under international law, countries can legitimately defend themselves if they come under armed attack—which could include an equally serious cyberattack. The US has explicitly reserved the right to respond to cyberattacks with military force. But the justification for any counterstrike would be weakened if it’s unclear whether the state accused of being behind a cyberattack had explicit knowledge that the attack was going on.
From Cyber to Physical attacks
In the current climate, there is a serious concern that a cyberattack—even if it’s not successful—could lead to physical retaliation. The memory of an Israeli missile attack in May 2019 against Hamas hackers, accused by the Israeli Defense Force of attacking Israeli targets, is still fresh.
If the US believed that Iran was imminently about to target critical infrastructure in a cyberattack, this could provide legitimate justification under international law for a pre-emptive physical strike against Iranian targets. But judging when an attack is imminent in cyberspace is challenging: a serious cyberattack could be planned well in advance or be executed very quickly.
Although the immediate threat of further military violence between the US and Iran seems to be diffusing, the fallout from the strike on Soleimani is taking place in a new era of modern warfare, where basic notions of war and international law are constantly evolving.
The world is yet to see a government admit to launching a cyberattack so grave that it has been considered an act of war by the target country, yet the potential for such attacks does exist. Even if such capabilities are not used, the threat of them could provide justification for physical counterattacks with destructive results in future conflicts.
Vasileios Karagiannopoulos is a Reader in Cybercrime and Cybersecurity at the University of Portsmouth. A version of this article was originally published on The Conversation.