Iran has rapidly improved its cyber capabilities. It is still not in the top rank of cyber powers, but it is ahead of most nations in strategy and organization for cyber warfare. Iran has a good appreciation for the utility of cyber as an instrument of national power. Its extensive experience in covert activities help guide its strategy and operations using cyber as a tool for coercion and force, and it has created a sophisticated organizational structure to manage cyber conflict. This means any attack on the United States will not be accidental but part of a larger strategy of confrontation.
Iran sees cyberattacks as part of the asymmetric military capabilities it needs to confront the United States. Iran’s development of cyber power is a reaction to its vulnerabilities. Iran is the regular target of foreign cyber espionage. Iran and Israel are engaged in a not-always covert cyber conflict. Stuxnet, a cyberattack on Iranian nuclear weapons facilities, accelerated Iran’s own cyber efforts. What Iran’s leaders fear most, however, is their own population and the risk that the internet will unleash something like the Arab Spring. Iranian security forces began to develop their hacking abilities during the 2009 “Green Revolution” to extend domestic surveillance and control. These domestic efforts are the roots of Iran’s cyber capabilities.
Iran’s trajectory shows how a medium-sized opponent willing to allocate resources can build cyber power. Three military organizations play leading roles in cyber operations: the Iranian Revolutionary Guard Corps (IRGC), the Basij, and Iran’s “Passive Defense Organization (NPDO).” The IRGC is the perpetrator behind a series of incidents aimed at American targets, Israeli critical infrastructure, Saudi Arabia, and other Gulf States. The Basij, a civilian paramilitary organization controlled by the IGRC, manages what Basij leaders say are 120,000 cyberwar volunteers. The number is probably exaggerated, but the Basij uses its connections with universities and religious schools to recruit a proxy hacker force. The NPDO is responsible for infrastructure protection. To ensure coordination between cyber offense and defense, Supreme Leader Ali Khamenei created a “Supreme Council of Cyberspace” composed of senior military and intelligence officials.