Wednesday, July 3, 2019

What's Next With Iran?


Iran Strikes Back

 VINCENT STEWART



Iran’s Foreign Minister Javad Zarif confirmed Monday that Tehran has violated the limits imposed on uranium enrichment that were a key part of the 2015 nuclear deal. 

The U.S. withdrew its support for the deal last year.  The Trump Administration on Monday responded to the confirmation of increased uranium enrichment, vowing ‘maximum pressure on the Iranian regime”.  A statement from the White House press secretary said “We must restore the longstanding nonproliferation standard of no enrichment for Iran.  The United States and its allies will never allow Iran to develop nuclear weapons.”
Experts who have followed escalating tensions between Iran and the U.S. over the past several weeks have looked at the likelihood of retaliation and what form it might take.
In a conflict with the United States, the Iranian strategy would be to avoid where possible, direct conventional force on force operations. They would attempt to impose cost on a global scale, striking at U.S. interests through cyber-operations and targeted terrorism with the intent of expanding the conflict, while encouraging the international community to restrain America’s actions.

Iran has demonstrated and continues to refine its capabilities against its enemies in the region.  It’s 2012 attack against Saudi Aramco is an excellent example.  Iran knows how to conduct the necessary reconnaissance and deliver destructive payloads.  I would expect them to have begun selected targeting through socially-engineered phishing activities focused on the oil and gas sector, the financial sector and the electric power grid in that order.  There may be instances now where they already have some persistent access.  If they do, I expect they would use it, or risk losing the access and employ that capability early in the escalation of the crisis.

If I had a business in the sectors mentioned, I would not assume that my firewall has not been penetrated, or that my antivirus and malware tools are fully deployed and protecting my networks.  I would ensure that I have an integrated threat intelligence picture that provides global insights before it reaches my moat; I would be focused on countering phishing or whaling attempts; and I would deploy my red teams to hunt for persistent threats inside my networks.

Meanwhile, CYBERCOM and its partners are tasked with defending and disrupting forward.  Traditional military activities (TMA), to include reconnaissance, shaping, pre-positioning, preemptive deception etc. should all be in play at this point.  CYBERCOM by way of the NDAA now has all the authority needed for conducting TMA. Our increased authorities combined with our approach to defend forward allows us to be more disruptive and could reduce the threat vectors that the private sector would be required to address.
Defending forward and engaging persistently will not eliminate all threats though it does allow us to be more pro-active in reducing the threat, placing our adversary on the defensive and positions us to impose cost when approved.



No comments: