Russian Foreign Minister Sergey Lavrov and his Iranian counterpart Javad Zarif signed a cybersecurity cooperation agreement in January 2021. The cooperation in cybersecurity, technology transfer, combined training, and coordination at multilateral forums such as the United Nations are all part of the agreement.
The agreement’s cooperation with Moscow could help Tehran improve its cyber capabilities. The deal is primarily defensive in nature, motivated by the countries’ shared animosity toward the US. The agreement’s influence is in the Middle East and also a desire to reduce reliance on Western technology. However, there are limits to how closely the two sides can expect to collaborate.
Instead of sharing offensive capabilities, cyber cooperation between Moscow and Tehran is likely to focus on intelligence sharing and improving cyber defences.
The agreement may pose four difficulties for US cybersecurity operations
- Russia could assist Iran in developing more powerful cyber defence systems. If Tehran uses Russian technology and training to address these defensive flaws, US initiatives like defending forward will be more difficult and expensive.
- Similar to US Cyber Command’s “Hunt Forward” operations, Iran-Russia cyber cooperation could provide a golden opportunity for Russian cyber teams to deploy in Iran. Thus, it requires monitoring of Iranian channels to collect insights and identify US malware. Obtaining and analyzing Cyber Command or National Security Agency hacking skills and methods could aid Russian and Iranian defences. It thwarts future US cyber operations and forces US hackers to develop new exploits sooner than planned.
- Russian hackers could obtain and reverse engineer US or Israeli malware to use against Iran if they gain access to Iranian defence systems. This happened in 2010 with the Stuxnet worm, which was blamed on the US and Israel for targeting Iran’s nuclear facilities. Since then, over 22 million pieces of malware have been created using Stuxnt’s blueprint to target organizations all over the world. Stuxnet infected thousands of networks around the world. Therefore, giving hackers access to a large number of samples. Thus, an attack that was less well-known could still be repurposed if Russia can gain access to Iranian networks.
- Iran has proxies in the Middle East, such as Hezbollah and militias in Iraq and Yemen. This could be useful and can benefit from technologies and techniques acquired from Russia. Some of these groups have already demonstrated significant hacking abilities. Lebanese Cedar, a Hezbollah-affiliated hacking group, was involved in an extensive campaign. It targeted telecoms and internet service providers in the US, Europe, and the Middle East, according to security firm ClearSky.
The United States’ Reaction and Strategy
- The US and its allies should ensure a consistent vulnerability disclosure framework to share vulnerabilities with each other and vendors. It includes those that have already been exploited. Thus, this reduces the risk of their hacking tools being used against them. While the US has a vulnerability equity process in place, other allies appear to have only varying degrees of similar processes.
- By including self-destruct code modules to prevent adversaries from analyzing offensive capabilities. Biden’s administration could encourage responsible development of offensive capabilities. These modules have previously been used in highly sophisticated malware campaigns. Thus, they are designed to modify their own file data to avoid forensic analysis.
The development of a standardized approach which focuses on mechanisms could be part of a larger effort. Therefore it improves intelligence sharing and security ties between the US, Israel, and Arab states of the Persian Gulf. Also, possibly with other regional actors as well. Furthermore, allowing Russia and Iran’s cyber cooperation to grow unchecked could pose new threats to US security and strategy in West Asia.