USCYBERCOM: in the right place, at the right time

Some would be tempted to write that cyberspace is a (not so) new dimension of conflict, transversal to the air, sea and land and intrinsically endowed with the qualities of virtuality and ubiquity. Others would have liked to be gifted with these same attributes to better understand the unfolding of this summer's geopolitical soap opera. “I asked how many people were going to die. 150 people, sir, replied a general. [It was] not proportionate to an attack on a drone […] I am in no hurry, our army is […] ready and by far the best in the world.”

It is Thursday June 20, 2019, it is 19:30 p.m. This scene – which we can easily visualize – is the 45e president of the United States, the most powerful man in the free world who describes it to us after the révélations du New York Times. In a 280-character message of which he has the secret, Donald J. Trump invites us to take a seat in his office, The Oval Office, or even in the Location Room, it is according to, to experience this moment, the one where everything could have changed. That very morning, nearly 131 million dollars (or even 223 million with research and development) of sheet metal, cutting-edge optronics and star-spangled banners descended in flames between the Strait of Hormuz and the Gulf of Oman.

Iran made the powder speak – or rather the guardians of its revolution – by shooting down an unmanned aircraft, an RQ-4 A GlobalHawk, a U.S. Air Force drone. Horror and fear, the hawks demand revenge. THE Commander in chief will apparently decide otherwise, triggering de-escalation. We were close to the worst. 

Magnanimous Donald Trump? Let's admit that we smiled...

Then nothing. Summer passes, and the daily life of the Big Apple gives us a new version of events, ones that juxtapose history and history. So, what really happened on this famous Thursday, June 20, 2019? According to Norman Roule, a former senior intelligence official, it was through a cyber operation that the president chose to respond to his Iranian counterpart. More specifically, USCYBERCOM would have targeted a strategic database used by the Revolutionary Guards to prepare attacks against foreign-flagged oil tankers venturing into the Strait of Hormuz, thus reducing – temporarily – the nuisance capabilities of Tehran in the area.

content dam mae online articles 2014 12 global hawk Dec 18, 2014 Defense Analysis | Communication and Defense Networks | UNITED STATES
US Navy RQ-4A Globalhawk drone shot down by Iranian air defense threatens to trigger massive US response

Always according to New York Times the desired final effect would have been obtained and better, the Pasdaran would still be recovering. Could this be the reason for the interruption of attacks against tankers in the area? Apart from entering the Stena Imperio on July 21 – almost a month to the day after the events – no act of sabotage has since been reported. According to Mr. Roule: "You have to make sure your adversaries get one message: the United States has enormous capabilities that it can never hope to match [so] and it would be better for all parties concerned if they simply stopped their warlike actions. »

Loud and clear? Nothing is less certain.

Since the end of the 2000s and Operation Olympic Games, the United States and Iran have engaged in a series of skirmishes in cyberspace, a veritable “cyber war” hidden from view. Although overused, this term takes on its full meaning here. But these operations are thought out, calibrated and executed in such a way as to never leave the gray zone between war and peace.

“Cyber ​​operations […] are designed to change Iran's behavior, without triggering a wider conflict or provoking retaliation” according to the former senior official. It is partly due to the intrinsic difficulty of attributing the attack that cyberspace – used for warlike purposes – today plays a predominant role in the management of acute crises. By placing themselves below the threshold of armed conflict using cyberspace, military and intelligence officials seek to discourage Iran from committing further aggression, or even bring the country back to the negotiating table. And the facts seem to prove them right.

Operation Olympic Games

By anesthetizing – temporarily – the cascades of Iranian uranium enrichment centrifuges in the Natanz and Bushehr power plants, the Olympic Games operation led by the United States and Israel had dangerously flirted with the limits of international law. But the effects have undoubtedly enabled the development of a doctrine specific to this region of the world for American cyber forces.

If the APT Stuxnet (Advanced Persistent Threat) – although it never officially had this name – managed to paralyze these installations, Iran did not take long before resuming its nuclear ambitions where it had left them.

1 Centrifuges 1 Defense Analyzes | Communication and Defense Networks | UNITED STATES
Note the impact of Operation Olympic Games (APT Stuxnet) during 2009.

With the inspections carried out by the UN International Atomic Energy Agency (IAEA) as part of the implementation of the Vienna Iran Nuclear Agreement (JPOA – Joint Action Plan), the UN inspectors could only note that the halt at the beginning of the 2010s had only been temporary. This strategy therefore seems to be bearing fruit again, with Iran in any case. According to American officials, although the effects of this operation were measured to be limited, they still managed to render their target(s) bloodless for a longer period than initially planned.

A double-edged blade

“War is nothing other than the continuation of politics by other means.”

Carl Von Clausewitz

In a way, cyber operations make sense of this quote, by providing a more than credible alternative to the use of force in the literal sense, but the very nature of these means makes them difficult to use. Like other technologies, reverse engineering a cyberattack is a crucial, even mandatory, step that no actor can ignore. The targets of these cyber operations can then derive various benefits through the methodical and detailed examination of these programs.

On the one hand, the majority of cyberattacks use specific vulnerabilities not previously detected: Zero Day. As soon as this flaw is used, studying the code allows it to be quickly identified and corrected with a corrective patch, improving de facto the security (the passive layer of protection) of the targeted systems. A malware used in the context of a cyber operation is therefore most often for single use. According to Mark Quantock, a retired major general who served as director of intelligence at U.S. Central Command: “Iran is a sophisticated actor. They will look into what happened. Russia, China, Iran and even North Korea could all see how they were attacked and therefore could also use this knowledge to conduct operations using the same vulnerabilities used against them. Finally, the actions carried out for intelligence purposes through this security breach will inevitably end from the moment it is revealed while informing the target that it was indeed under surveillance, by what means and at what types of information the attackers had access to.

Defense Cyber ​​Analysis Room | Communication and Defense Networks | UNITED STATES
US CYBERCOM is today at the heart of the majority of American offensive and defensive operations.

In fact, therefore, the use of this type of tool is subject to a trade-off between costs and benefits. Whether it is the military or the intelligence agencies, skepticism is growing in the ranks, with facts often demonstrating that immediate profitability does not always live up to expectations, so the issue is sometimes purely policy. Gary Brown, a professor at the National Defense University and former legal counsel for USCYBERCOM, said: “It can take a long time to gain access, and that access is consumed [sic] when one enters the system. and we delete something. But by the same token, you can't use it as an excuse not to act. You can’t store access and never use it.”

The rise of Cyber ​​Command, continued

We mentioned it in a previous article, the American military cyber operations command (USCYBERCOM) is in the process of becoming independent from the CSS and the NSA, in fact, it is becoming emboldened. General Paul M. Nakasone – current head of the CSS – describes his strategy as a “resolute engagement” against the adversaries of the United States (and its allies, according to the established phrase). And it's partly within the Trump administration, thanks to the new congressional authority (NDDA 2019) that USCYBERCOM begins to increase the intensity of its actions autonomously.

Ultimately, this series of events pushes us to glimpse the future of cyber operations. There is no doubt that Iran will have responded again as after the Olympic Games operation, when the Saudi energy operator Aramco suffered a vast campaign of cyberattacks attributed to Iran which caused the erasure of data (wiping) of nearly 75% of its IT systems with APT Shamoon.

However, the Iranian case is on the way to becoming a textbook case of the use of cyber tools for the pursuit of short and medium term political objectives. Direct consequence or not, the chronology of the facts leads us to wonder if the JPOA could have seen the light of day without Stuxnet and the other sides of the American-Israeli operation to hinder (at a minimum) the enrichment of Persian uranium; just as this summer's de-escalation could have been triggered by the action of CYBERCOM. When Israel openly threatened preemptive strikes on the Islamic Republic's enrichment sites, the American president at the time – George W. Bush – requested a “ third option » between being drawn in and triggering a third conflict in the Middle East or allowing Iran to acquire nuclear weapons.

The third option will come from the US Strategic Command commanded by General James Cartwright who had just created a small cyber unit which would later become USCYBERCOMMAND.

The equalizing power of the line of code

The question can therefore be asked: as in “conventional” spaces of conflict, the threat of the use and use of force constitute tools for the use of politics. But the qualities intrinsically linked to cyberspace allow us to place the cursor further. This “gray zone” described by Norman Roule may seem to be a unique space for expression in international relations: For a controlled cost, decision-makers have a formidable tool for extending their political will without going as far as force. strictly speaking, and the United States seems to have understood this very well.

In France, caution remains in order. To be able to talk with everyone, you must not get angry with anyone. Since the withdrawal of the United States from the Vienna Accords on May 8, 2018, the Iranian nuclear issue has become polarized around antagonistic visions and increasingly divergent interests. Recent developments show an increase in signs of mistrust between Tehran and Washington despite a French initiative noted in Biarritz.

As part of its “maximum pressure” strategy dear to Donald Trump, the United States has just imposed new sanctions on “16 entities, 10 individuals and 11 ships”. After announcing the increase in its stock of enriched uranium beyond the planned thresholds, Hassan Rouhani declared this Wednesday to implement “all measures [deemed] necessary in terms of research and development […] and abandon all commitments” made within the framework of the JPOA, essentially threatening to increase the enrichment threshold to 20% instead of the 3.67% provided for by the Vienna agreement.

If the various stakeholders seem ready to do battle, the arrival of Mohammad Javad Zarif on the sidelines of the G7 proves that behind the scenes the channels of discussion remain open. Ironically, the Iranian foreign minister is personally under US sanctions. No one has an interest in going as far as conflict, but the use of cyber operations plays a predominant role and remains an ace in the political sleeve to get messages across without inflaming often complex situations. In a context where appearances have a significant diplomatic impact, cyberspace ultimately offers a framework allowing people to communicate, in one way or another, out of sight.

Jean Lebougre
Cyberwarfare Specialist

For further


Last articles