US military carried out secret cyberstrike on Iran to prevent it from interfering with shipping, officials say
By ELLEN NAKASHIMA AND PAUL SONNE | The Washington Post | Published: August 29, 2019
American military cyber forces in June knocked out a crucial database used by Iran's elite paramilitary force to target oil tankers and shipping traffic in the Persian Gulf hours after that force shot down an unmanned U.S. surveillance drone, according to U.S. officials.
The retaliatory strike by U.S. Cyber Command against the system used by the Islamic Revolutionary Guard Corps was approved by President Donald Trump, who that same day called off a military airstrike against Iran because killing Iranians would not be "proportionate to shooting down an unmanned drone."
U.S. Cyber Command did not address questions on the secret operation. "As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning," Elissa Smith, a Pentagon spokeswoman, said in a statement.
The operation was first reported by The New York Times and a story was posted on Stars and Stripes' website. It has not been publicly acknowledged by the U.S. government.
The cyberstrike was in the works for weeks if not months, officials have said, adding that the Pentagon proposed launching them after Iran's alleged attacks on two tankers in the Gulf of Oman earlier in June.
The cyber response to a military shootdown of an unmanned drone shows how the Pentagon is expanding its repertoire of options to integrate cyber into military plans, said officials, who spoke on the condition of anonymity to describe a sensitive operation.
It also shows how CyberCom, which coordinated the strike with Central Command, which oversees the Middle East, is able to support regional commanders to achieve strategic aims — in this case to preserve freedom of navigation in one of the world's most important shipping lanes.
The drone shootdown and retaliatory computer attack reflect how increasingly hostilities are playing out below the threshold of use of force, in what is often called the "gray zone."
The cyberstrike was designed to be debilitating — Iran is still trying to restore data — but proportionate and not so provocative as to result in escalation, officials said.
"When you're in this realm there's always the chance for miscalculation," said one official, adding "there were concerns generally about Iranian responses," perhaps against U.S. or Israeli interests. But the feeling was the strike would not lead to a retaliatory spiral, the official said.
The cyber operation did not target missile and rocket launch systems, as the Washington Post previously reported, said U.S. officials.
It nonetheless represents a flexing of offensive muscle by Cyber Command, led by Gen. Paul Nakasone, which was elevated to a full combatant command in May 2018. It leveraged new authorities, granted by the president, that have streamlined the approval process for such measures. It follows an operation last fall in which the command disrupted Internet access to a Russian entity, the Internet Research Agency, to prevent cyber "trolls" from sowing discord among Americans during the 2018 midterm elections.
Iran said the drone flew into its airspace, while the United States said it was in international airspace.
"To the extent that Iran is conducting unlawful operations, I think [the cyber strike] was an appropriate measure to take to preclude their ability to conduct further unlawful operations," said Michael Schmitt, international law professor at the U.S. Naval War College. "Sometimes cyberspace allows you to take operations that are not as escalatory as other options on the table. And this would strike me as one such operation."
Jason Healey, a former White House and military cyber official, said that though such operations may prove less escalatory, they may also encourage U.S. adversaries to imitate them. "China might say, 'you did it to Iran, we're just doing it to Taiwan. What are you getting so upset about?'"