How Does Iran Conceive of Cyber as part of its National Strategy?

The aim of this Capstone project was to understand the place of cyber capabilities in Iranian strategic culture, outline potential areas of misunderstanding between the U.S. and Iran, and project outlooks for Iranian cyber threat activity following U.S. withdrawal from the Joint Comprehensive Plan of Action (JCPOA). To meet these goals, the team conducted research using academic and primary sources, interviews with experts, and analysis of Iranian cyber intrusions.

The research began by characterizing Iranian strategic culture, which can be understood as the ingrained “ideas, conditioned emotional responses, and patterns of habitual behavior”1 shared within a community of national decision-makers and derived from that community’s common experiences. Strategic culture helps explain why decision-makers in a given country view tools for the use of force, like cyber network operations (CNO) or nuclear weapons, differently than their counterparts elsewhere. As a characterization of Iranian strategic culture, the research found that Iranian decision-makers: prioritize regime security; emphasize self-reliance; orient conventional military forces towards defense; pursue regional hegemony; and favor asymmetric means for projecting power.

Through examining behavior of known Iranian advanced persistent threat (APT) groups and reviewing Iran-attributed CNO, the Capstone team further defined the cyber-specific element of Iranian strategic culture as seeking information for strategic advantage; perceived victimhood, therefore retaliatory behavior; use of cyber as a pillar of deterrence; and xecuted by a pseudo-capitalist hacker ecosystem (PCHE) rather than official military assets.

The team then applied their model of Iranian strategic culture to four distinct future scenarios to glean insights about U.S.-Iran relations and develop overarching policy recommendations for U.S. policymakers. The team made the following recommendations to help the U.S. mitigate the damage done by Iranian cyber threat activity and avoid unintended escalation:

●    Continue indicting Iranian hackers

●    Maintain dialogue through Track 2 diplomacy

●    Engage early with allies and competitors

●    Harden defenses around critical infrastructure.

 1 Jack Snyder, The Soviet Strategic Culture, p. 8.