When we talk about the security challenges presented by Iran, it’s often in the realm of Iranian nuclear ambitions, sponsorship of terror groups like Hezbollah, or involvement in conflicts like Syria and Yemen. But the Islamic Republic is also a burgeoning cybersecurity threat.
Iran generates aggressive operations in cyberspace for a variety of purposes—espionage, stealing information, attacks on critical infrastructure, and influence campaigns are only a few examples. In fact, the use of cyber tools fits well in Iranian security thinking. Supreme Leader Ayatollah Ali Khamenei often employs a carefully calibrated approach that will allow the Iranian system to fulfill its political interests and ensure plausible deniability, but without paying a price for the activity—in other words, below the threshold of escalation. An analysis of Iran’s conduct in the cyber dimension reveals that Tehran has recently transitioned from cyber defense to offense because of an evolution in thinking over three phases of its cyber development that highlighted to the Iranian leadership the importance of this tool.
Khamenei has highlighted the need for a “cyber jihad” in his public remarks at least twice in the past year. In September, he counseled, “young people can promote true, correct thoughts on the internet and struggle on the path of God.” In February, the ayatollah said, “today, countering the enemy’s push to distort the realities, achievements, progresses, and epic measures of the Islamic establishment requires a defensive move and a hybrid offensive based on the urgent and definite task of the jihad of explanation.”
The top brass of the Islamic Republic thus understands that as part of its desire to be a global force, it must be at the forefront of cyber technology. As Gholamreza Soleimani, the commander of the Islamic Revolutionary Guard Corps’ Basij Resistance Force, recently proclaimed, “We can confidently say that now the time of enemies’ hit-and-run attacks has come to an end on cyberspace.”