American military cyber forces in June knocked out a crucial database used by Iran’s elite paramilitary force to target oil tankers and shipping traffic in the Persian Gulf hours after that force shot down a U.S. surveillance drone, according to U.S. officials.
The retaliatory strike by U.S. Cyber Command against the system used by the Islamic Revolutionary Guard Corps was approved by President Trump, who that same day called off a military airstrike against Iran because killing Iranians would not be “proportionate to shooting down an unmanned drone.”
U.S. Cyber Command did not address questions on the secret operation. “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning,” Elissa Smith, a Pentagon spokeswoman, said in a statement.
The operation was first reported by the New York Times. It has not been publicly acknowledged by the U.S. government.
The cyberstrike was in the works for weeks if not months, officials have said, adding that the Pentagon proposed launching it after Iran’s alleged attacks on two tankers in the Gulf of Oman earlier in June.
The cyber response to a military shoot-down of a drone shows how the Pentagon is expanding its repertoire of options to integrate cyber into military plans, said officials, who spoke on the condition of anonymity to describe a sensitive operation.
It also shows how Cybercom, which coordinated the strike with Central Command, which oversees the Middle East, is able to support regional commanders to achieve strategic aims — in this case to preserve freedom of navigation in one of the world’s most important shipping lanes.
The drone downing and retaliatory computer attack reflect how increasingly hostilities are playing out below the threshold of use of force, in what is often called the “gray zone.”
The cyberstrike was designed to be debilitating — Iran is still trying to restore data — but proportionate and not so provocative as to result in escalation, officials said.
“When you’re in this realm there’s always the chance for miscalculation,” one official said, adding that “there were concerns generally about Iranian responses,” perhaps against U.S. or Israeli interests. But the feeling was the strike would not lead to a retaliatory spiral, the official said.
The cyber operation did not target missile and rocket launch systems, as The Washington Post previously reported, U.S. officials said.
It nonetheless represents a flexing of offensive muscle by Cyber Command, led by Gen. Paul Nakasone, which was elevated to a full combatant command in May 2018. And it follows an operation last fall in which the command disrupted Internet access to a Russian entity, the Internet Research Agency, to prevent cyber “trolls” from sowing discord among Americans during the 2018 midterm elections. This more aggressive posture is enabled in part by new authorities granted by Congress and the president.
Iran said the drone flew into its airspace, while the United States said it was in international airspace.
“To the extent that Iran is conducting unlawful operations, I think [the cyberstrike] was an appropriate measure to take to preclude their ability to conduct further unlawful operations,” said Michael Schmitt, international law professor at the U.S. Naval War College. “Sometimes cyberspace allows you to take operations that are not as escalatory as other options on the table. And this would strike me as one such operation.”
Jason Healey, a former White House and military cyber official, said that although such operations may prove less escalatory, they may also encourage U.S. adversaries to imitate them. “China might say, ‘You did it to Iran, we’re just doing it to Taiwan. What are you getting so upset about?’ ”