The Iran-Russia Cyber Agreement & US Strategy In The Middle East

Uploaded on 2021-03-23 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

The new cooperation agreement between Russia and Iran on cybersecurity and information technology is likely to create new hurdles for the United States and its allies in the Middle East. This January, Russian Foreign Minister Sergey Lavrov and his Iranian counterpart Javad Zarif signed a cooperation agreement on cybersecurity and information and communications technology (ICT).

The agreement includes cybersecurity cooperation, technology transfer, combined training, and coordination at multilateral forums, like the United Nations.  

Iran / Russia Cybersecurity Alliance

Although the cooperation with Moscow outlined in the agreement could upgrade Tehran’s offensive cyber capabilities, the agreement is largely defensive, motivated by the countries’ shared animus toward the United States and U.S. influence in the Middle East as well as a desire to reduce dependence on Western technology.

There are limits, however, to how closely the two sides can be expected to work together.

The relationship between Russia and Iran has long suffered from mutual suspicion, ideological differences, and competition. Moreover, in the past, Russian and Iranian operators have operated at cross purposes. For example, in October 2019, British and U.S. officials revealed that the Russian threat actor Turla had hijacked Iranian hacking infrastructure as part of a false-flag operation.

Due to suspicion and conflicting objectives, cyber cooperation between Moscow and Tehran is likely to be focused on intelligence sharing and improving cyber defenses, rather than sharing offensive capabilities. Nonetheless, the agreement could pose four challenges to U.S. cyber operations. 

  • First, Russia could help Iran obtain stronger cyber defense systems. Harvard’s Belfer Center’s National Cyber Power Index 2020 lists Iran as the lowest-scoring nation for cyber defense capabilities, with Russia ranked in the middle of the countries surveyed. If Tehran addresses these defensive deficiencies with the help of Russian technology and training, it could make U.S. initiatives like 'Defend Forward' more challenging and costly.
  • Second, Iran-Russia cyber cooperation could entail Russian cyber teams deploying to Iran to monitor Iranian networks in order to collect insights and identify U.S. malware, similar to U.S. Cyber Command’s “Hunt Forward” operations. Acquiring and analyzing Cyber Command or National Security Agency hacking tools and techniques could help improve Russian and Iranian defenses, thwart future U.S. cyber operations, and force U.S. hackers to develop new exploits sooner than they hoped.
  • Third, if able to access Iranian defense systems, Russian hackers could acquire and reverse engineer U.S. or Israeli malware that has been used against Iran. This occurred with the Stuxnet worm, which targeted Iran’s nuclear facilities in 2010 and was attributed to the United States and Israel. Since then, numerous cyber actors have developed over 22 million pieces of malware that used Stuxnet’s blueprint to target organizations around the world. Stuxnet eventually infected thousands of networks globally, so hackers had access to lots of samples, but an attack that did not become as widely known could still be repurposed if Russia is able to access Iranian networks.
  • Fourth, technologies and techniques that Iran acquires from Russia could be provided to Iran’s proxies around the Middle East, including Hezbollah and militias in Iraq and Yemen. Some of these groups have already shown considerable hacking capabilities. In January, security firm ClearSky revealed that a Hezbollah-affiliated hacking group named Lebanese Cedar was involved in an extensive campaign that targeted telecoms and internet service providers in the United States, Europe, and Middle East. Equipping Iranian proxies with advanced Russian cyber capabilities could allow them to threaten government agencies, businesses, and U.S. operations in the Middle East. It could also hamper investigations into cyber operations conducted by Iranian proxies and lead to misattributing them to Russia, possibly causing unintended escalation.

US Reaction & Strategy

Although the agreement between Moscow and Tehran could pose challenges for U.S. cyber strategy, some of its disruptive implications can be mitigated. To minimize the risk of their hacking tools being repurposed for use against them, the United States and its allies should establish a unified vulnerability disclosure mechanism to share vulnerabilities, including those that have already been exploited, with each other and vendors. 

While the United States already has a vulnerability equities process, other allies seem to have only varying degrees of similar processes, if at all. Because victims are likely to patch vulnerabilities once they’ve been targeted, the attacking country can disclose the vulnerabilities it used after they’ve been exploited without weakening its offensive capabilities. Furthermore, the United States could promote the responsible development of offensive capabilities by adding self-destruct code modules to prevent them from being analyzed by adversaries. These modules have been deployed as part of highly sophisticated malware campaigns in the past and are designed to overwrite their own file data in order to prevent forensic analysis.

Establishing a standardized vulnerabilities disclosure mechanism could take place as part of a broader effort to strengthen intelligence sharing and security ties between the United States, Israel, the Gulf States, and possibly other actors in the region. As cyber cooperation between Russia and Iran grows, leaving it unchallenged could pose new threats to U.S. security and strategy in the Middle East.

This article was first publised  by the Council on Foreign Relations (Creative Commons BY-NC-ND 4.0)   

Image: Unsplash

You Might Also Read: 

The Cyber Security Top Ten Power List:

 

« British Companies Compromised By Exchange Email Hacking
2021 Blockchain Trends »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Lima Networks

Lima Networks

LIMA design and deliver IT Infrastructure solutions and services including managed Security Monitoring services.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

Israel Aerospace Industries (IAI)

Israel Aerospace Industries (IAI)

IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

Center for Education & Research in Information Assurance & Security (CERIAS)

Center for Education & Research in Information Assurance & Security (CERIAS)

CERIAS is one of the world’s leading centers for research and education in areas of information and cyber security.

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group, Ltd. (STIGroup) is an innovative firm that provides CyberSecurity consulting, secure IT engineering, managed security services, and human capital solutions.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.