Ellen Nakashima is a first class reporter, she researches, networks, and has developed a world class network of sources. I worked extensively with Ellen in the past, she has proven herself absolutely trustworthy. She will not publish unless she verifies and/or corroborates. If Ellen writes it, I believe it.
President Trump approved an offensive cyber strike that disabled Iranian computer systems used to control rocket and missile launches, even as he backed away from a conventional military attack in response to its shoot-down Thursday of an unmanned U.S. surveillance drone, according to people familiar with the matter.
The cyber strikes, launched Thursday night by personnel with U.S. Cyber Command, were in the works for weeks if not months, according to two of these people, who said the Pentagon proposed launching them after Iran’s alleged attacks on two oil tankers in the Gulf of Oman earlier this month.
The strike against the Islamic Revolutionary Guard Corps was coordinated with U.S. Central Command, the military organization with purview of activity through the Middle East, these people said. They spoke on the condition of anonymity because operation remains extremely sensitive.
The operation, though crippling to Iran’s military command and control systems, did not involve a loss of life or civilian casualties in contrast to military strikes on Iran, which the president said he called back Thursday because they would not be “proportionate.”
The White House declined to comment, as did officials at U.S. Cyber Command. Pentagon spokeswoman Elissa Smith said, “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning.”
The cyber strikes were first reported Saturday by Yahoo News.
“This operation imposes costs on the growing Iranian cyber threat, but also serves to defend the United States Navy and shipping operations in the Strait of Hormuz,” said Thomas Bossert, a former senior White House cyber official in the Trump administration.
“Our U.S. military has long known that we could sink every IRGC vessel in the strait within 24 hours if necessary. And this is the modern version of what the U.S. Navy has to do to defend itself at sea and keep international shipping lanes free from Iranian disruption.”
Thursday’s strikes against the IRGC represented the first offensive show of force since Cyber Command was elevated to a full combatant command in May. It leveraged new authorities, granted by the president, that have streamlined the approval process for such measures.
Cybercom launched an operation against Russia last fall to deny Internet “trolls” affiliated with the Internet Research Agency the ability to carry out political influence operations on U.S. social media platforms. But the operation against Iran was more disabling.
“This is not something they can put back together so easily,” said one person, who like others was not authorized to speak for the record.
The digital strike was an example, two people said, of what national security adviser John Bolton meant when he suggested recently that the United States is stepping up offensive cyber activity. “We’re now opening the aperture, broadening the areas we’re prepared to act in,” Bolton said at a Wall Street Journal conference.
The United States in April designated the IRGC as a foreign terrorist organization in response to its destabilizing behavior across the Middle East.
Iranian cyber forces have tried to hack U.S. naval ships and navigation capabilities in the Persian Gulf region for the last few years. The Strait of Hormuz is a strategically important sea lane through which about one-fifth of the world’s oil passes daily.
On Saturday, the Department of Homeland Security issued a warning to U.S. industry that Iran has stepped up its cyber targeting of critical industries — to include oil, gas and other energy sectors — and government agencies, and has the potential to disrupt or destroy systems.
“There’s no question that there’s been an increase in Iranian cyber activity,” said Christopher Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency. “Iranian actors and their proxies are not just your garden variety run-of-the-mill data thieves. These are the guys that come in and they burn the house down.”
Krebs in an interview said, “We need everyone to take the current situation very seriously. Look at any potential incidents that you have and treat them as a worst-case scenario. This is not you waiting until you have a data breach . . . This is about losing control of your environment, about losing control of your computer.”
Iran has unleashed destructive cyber attacks in the past. In 2012, it launched the Shamoon virus that nearly destroyed more than 30,000 business network computers at Saudi Aramco, a state-owned oil company, and erased backup copies of data. Saudi Arabia and Iran are fierce adversaries.
Private sector analysts have documented a gradual increase in Iranian cyber activity targeting U.S. industry since 2014. It has come in the form of spearphishing attempts seeking access to computer systems in the energy sector.
“In the last year, the activity has sped up,’’ said Robert M. Lee, co-founder of the cyber firm Dragos, who conducted cyber operations for the National Security Agency and U.S. Cyber Command from 2011 to 2015. “In the last six months we saw another hike. And last week, we saw additional activity.”
“The reality is we’ve been seeing more and more aggressive activity for quite some time,” he said. It’s just getting worse.”