CFR says cybersecurity co-op agreement between Russia, Iran likely to create hurdles for U.S.

March 16, 2021 - 21:45

TEHRAN - The new cooperation agreement between Russia and Iran on cybersecurity and information technology is likely to create new hurdles for the United States and its allies in West Asia, the Council on Foreign Relations said in a commentary on Monday.

Following is an excerpt of the article:

This January, Russian Foreign Minister Sergey Lavrov and his Iranian counterpart Javad Zarif signed a cooperation agreement on cybersecurity and information and communications technology (ICT). The agreement includes cybersecurity cooperation, technology transfer, combined training, and coordination at multilateral forums, like the United Nations.

The cooperation with Moscow outlined in the agreement could upgrade Tehran’s cyber capabilities. The agreement is largely defensive, motivated by the countries’ shared animus toward the United States and U.S. influence in the Middle East (West Asia) as well as a desire to reduce dependence on Western technology. There are limits, however, to how closely the two sides can be expected to work together.

Cyber cooperation between Moscow and Tehran is likely to be focused on intelligence sharing and improving cyber defenses, rather than sharing offensive capabilities. Nonetheless, the agreement could pose four challenges to U.S. cyber operations. First, Russia could help Iran obtain stronger cyber defense systems. Harvard’s Belfer Center’s National Cyber Power Index 2020 lists Iran as the lowest-scoring nation for cyber defense capabilities, with Russia ranked in the middle of the countries surveyed. If Tehran addresses these defensive deficiencies with the help of Russian technology and training, it could make U.S. initiatives like defend forward more challenging and costly.

Secondly, Iran-Russia cyber cooperation could provide a golden opportunity for Russian cyber teams to deploy in Iran to monitor Iranian networks in order to collect insights and identify U.S. malware, similar to U.S. Cyber Command’s “Hunt Forward” operations. Acquiring and analyzing Cyber Command or National Security Agency hacking tools and techniques could help improve Russian and Iranian defenses, thwart future U.S. cyber operations, and force U.S. hackers to develop new exploits sooner than they hoped.

Russian hackers could acquire and reverse engineer U.S. or Israeli malware that has been used against Iran by accessing Iranian defense systems. This occurred with the Stuxnet worm, which targeted Iran’s nuclear facilities in 2010 and was attributed to the United States and Israel. Since then, numerous cyber actors have developed over 22 million pieces of malware that used Stuxnet’s blueprint to target organizations around the world. Stuxnet eventually infected thousands of networks globally, so hackers had access to lots of samples, but an attack that did not become as widely known could still be repurposed if Russia is able to access Iranian networks.

Technologies and techniques that Iran acquires from Russia could be provided to Iran’s allies around West Asia, including Hezbollah as some of these allies have already shown considerable hacking capabilities.

These allies with advanced Russian cyber capabilities could allow them to sabotage government agencies, businesses, and U.S. operations in West Asia.

The agreement between Moscow and Tehran could pose challenges for U.S. cyber strategy.

To minimize the risk of their hacking tools being repurposed for use against them, the United States and its allies should establish a unified vulnerability disclosure mechanism to share vulnerabilities, including those that have already been exploited, with each other and vendors. While the United States already has a vulnerability equities process, other allies seem to have only varying degrees of similar processes, if at all. 

Biden’s administration could promote the responsible development of offensive capabilities by adding self-destruct code modules to prevent them from being analyzed by adversaries. These modules have been deployed as part of highly sophisticated malware campaigns in the past and are designed to overwrite their own file data in order to prevent forensic analysis.

Establishing a standardized vulnerabilities disclosure mechanism could take place as part of a broader effort to strengthen intelligence sharing and security ties between the United States, Israel, the Persian Gulf Arab states, and possibly other actors in the region.

As cyber cooperation between Russia and Iran grows, leaving it unchallenged could pose new threats to U.S. security and strategy in West Asia.