On the 20th of June 2019, Iran shot down an unarmed US Global Hawk surveillance drone.
They claimed it had wandered into their airspace and were – therefore within their rights to act. Typically, the US stand by the assertion that the drone was operating outside of Iranian airspace and as such the attack was unwarranted.
Regardless of which side of the line the drone was on, the attack provoked an unusual response from the US.
In most instances where one nation attacks another – without specifically declaring war – a response is expected.
It’s a strange tit-for-tat approach to escalating tensions without going so far as starting a shooting war.
One country attack another by – for example – shooting down transport plane. The other country responds by blowing up fuel dumps, radar stations and maybe a runway or two.
This proportionate response – as it’s known – tells the attacking country to stand down or face the consequences.
It’s a show of force (and a willingness to use it) that usually stops things from going any further.
In most instances, some lives are lost, and millions wasted in rebuilding. But the act of violence has been dealt with and a clear message sent.
It’s been this way for decades.
Instead of repeating the same pattern, this time the US launched a cyber-attack on Iran’s missile systems.
The US launched cyber-attack targeted Iranian weapon systems on Thursday, disabling computer systems that controlled rocket and missile launchers.
The attack had been planned for several weeks with the intention of hitting the weapon systems of the Islamic Revolutionary Guard Corps. Although there was no independent verification of the attacks, indications are that they were successful.
Iran has responded by stepping up their own cyber-attacks directed at the US. According to law enforcement malicious cyber activity coming from Iran has increased significantly with both private businesses and government agencies coming under attack.
The Iranians have been using wiper attacks, spear phishing, password spraying and credential stuffing in a bid to take control of entire networks. They have also been trying to hack US naval ship systems.
There is no indication that the Iranians were successful. Although it’s likely the US would be doing all they could to suppress that information if they had been.
This is all just the next step in the rising tensions between the two nations since the US pulled out of the Joint Comprehensive Plan of Action – or the Iran Deal to everyone else – in 2018.
This was swiftly followed up by sanctions that starved the economy and caused the value of the Iranian rial to plummet.
Sanctions aside, the cyber-attack intended to cripple missile systems for ‘a period of time’ was designed to be both proportionate and a warning.
Which was quite simply – ‘if we wanted to attack, we could cripple your means of defending yourself before we do it’.
But the fact it was a cyber-attack raises a major question:
Warfare is as old as time. The tactics and weapons may have become more sophisticated, but the formula of attack and counterattack is largely unchanged.
There have been inventions that prompted a leap forward, giving one force a major advancement over the other.
The bow and arrow, crossbow, chariots, gunpowder, rifles, automatic weapons, tanks and aircraft all advanced warfare in their own way, making it easier to defeat the enemy while requiring fewer and fewer soldiers to do the job.
Cyberwarfare is the next step. It’s a single person, or the collection or people, crippling infrastructure or disabling weapon systems without a shot being fired.
The US cyber-attack on Iran signals a step-change in how conflicts will and are being fought.
Wars – or at the very least conflicts – now have the potential to happen almost entirely in secret. Admittedly this has been happening for years with espionage and covert operations.
But that was silenced pistols and garrotting wire in the dead of night.
This is attacks on defensive systems or infrastructure. The only way the general populous would know anything is happening is because the lights would go out and the power companies wouldn’t know – or wouldn’t be able to say – why.
Cyberwarfare is also an obvious pre-cursor to conventional war too.
When a country like the US weighs up going to war, they consider the number of soldiers, tanks and other equipment needed.
The logistics to effectively support a ground force of that size. Add in air and sea elements.
Then they account for attrition. Casualty rates, injuries, destroyed vehicles etc.
In most scenarios – after the Vietnam war – the US won’t consider a large-scale military conflict unless they can assure a 10:1 advantage in terms of soldiers and superior hardware.
In most cases that’s easy to achieve. And why they’re not rushing to go to war with China or Russia.
But if you can lock out radar, shutdown airports or isolate aircraft and armour by severing the link between them and command and control…
That represents a staggering tactical advantage. Compound this with attacks on infrastructure and other civilian assets so there is domestic unrest and prosecuting a war becomes all but impossible.
Of course, this is taking a single cyber-attack against a missile system and extrapolating that out to a reimagining of the cult classic Wargames but the point stands.
While by no means the first successful cyber-attack by one government against another, this is the first in a retaliatory capacity following a physical attack. The cyber-attack against the Iranian missile systems is significant.
And is about to make robust cyber security one of the biggest priorities for private and public organisations around the world.
KDC Resource are expert technical and engineering recruiters, specialising in the cyber security sector. If you’re looking for your next role, upload your CV today.
Or if you’re looking to find leading cyber talent, register your details with us and a member of the team will be in touch.