In the weeks before two Japanese and Norwegian oil tankers were attacked, on June 13th, in the Gulf of Oman—acts which the United States attributes to Iran—American military strategists were planning a cyberattack on critical parts of that country’s digital infrastructure. According to an officer involved, who asked to remain anonymous, as Iran ramped up its attacks on ships carrying oil through the Persian Gulf—four tankers had been mined in May—and the rhetoric of the national-security adviser, John Bolton, became increasingly bellicose, there was a request from the Joint Chiefs of Staff to “spin up cyber teams.” On June 20th, hours after a Global Hawk surveillance drone, costing more than a hundred million dollars, was destroyed over the Strait of Hormuz by an Iranian surface-to-air missile, the United States launched a cyberattack aimed at disabling Iran’s maritime operations. Then, in a notable departure from previous Administrations’ policies, U.S. government officials, through leaks that appear to have been strategic, alerted the world, in broad terms, to what the Americans had done.
During much of the Obama Administration, the United States’s cyber arsenal was strictly classified. As Michael Hayden, a former director of the N.S.A. and the C.I.A., told the filmmaker Alex Gibney in the documentary “Zero Days,” from 2016, “For the longest time, I was in fear that I actually couldn’t say the phrase ‘computer network attack.’ ”
This past September, the Department of Defense issued a strategic plan that not only confirmed the existence of cyber weapons but declared its commitment to using them “to advance U.S. interests” and “defend forward.” The cyberattack on Iran in June was a manifestation of this new, more aggressive approach. (A spokesperson from Cyber Command, the military unit that oversees U.S. digital warfare, said, “As a matter of policy and for operational security, we do not discuss cyberspace operations, planning, or intelligence.”)