Iran’s Military Reserves Right to Respond With Force if Cyberattack Causes Major Real World Damage

The General Staff of the Iranian Armed Forces has issued a new policy document warning that cyberattacks against Iran by any state, group or individual will be dealt with decisively, and indicating that Tehran’s response may not be limited to cyberspace.

The document, released Monday and cited by Tasnim, says that the principles of international law, including equality and respect for sovereignty and the prohibition of the use of force, can and should “be applied to the use of cyberspace.”

Accordingly, the military notes, “any deliberate use of cyber-force with physical [real world] or non-physical consequences which threaten national security or lead to political, economic, social and cultural destabilization violates the sovereignty of the state.”

“If such operations affect national vital infrastructure, including defence infrastructure, they would naturally violate the principle of the use of force, be it under the ownership of the government or the private sector,” the document adds.

For this reason, the General Staff warns, Iran’s armed forces are legally entitled under international law to respond in self-defence, using real-world force if necessary, if the intensity of a cyberattack on key infrastructure is so great that it reaches the threshold of a conventional armed attack.

“Iran reserves the right to take the appropriate and proportional reciprocal action at the appropriate time. We may employ any tool to defend ourselves against cyberattacks, including cyberspace or other weaponry,” the document says.

The military also stresses that in the event of such an attack “we will do our utmost to prove the international responsibility of the country starting or facilitating such attacks, and to make them held accountable for their illegal [actions].”

Undeclared Iranian-Israeli Cyberwar

The Islamic Republic and the State of Israel have been waging a mostly invisible, low-intensity cyberwar since at least 2010, when a Mossad mole allegedly installed the infamous Stuxnet malware programme into the Natanz nuclear power station in a sabotage attack supported by the CIA and Dutch intelligence.

Since then, dozens of other cyberattacks have been reported, with each side accusing the other of targeting everything from internet infrastructure such as websites to real world facilities including power generation facilities, utilities, ports, and even defence-related infrastructure.

Last month, Arab media alleged that the July 2 explosion at Iran’s Natanz nuclear enrichment facility may have been the result of an Israeli cyberattack. Soon after the blast, Javad Karimi Qoddousi, a member of the Iranian parliament’s national security committee, said the incident was the result of an unspecified “security breach.” Israeli Defence Minister Benny Gantz dismissed claims of Israeli involvement in the incident, saying “not every event that happens in Iran is connected to us.” Iranian officials have vowed to retaliate if it was confirmed that the explosion was the result of sabotage.

In June, shortly after the alleged cyberattack on Iran’s Shahid Rajaee Port, Israel’s elite high-tech cyber Unit 8200 was awarded certificates of appreciation for their success in an unspecified covert operation, prompting media speculation that the awards were related to the port sabotage attack.

Last month, Iranian foreign ministry spokesman Abbas Mousavi commented on the state of the Islamic Republic’s cyber defence forces, revealing that Iran faces “thousands” of cyberattacks on its infrastructure every day, with “most of them…repelled without any effect [on infrastructure] by our advanced and sophisticated defence systems and computer disaster response teams.” Mousavi insisted, however, that the recent string of explosions and fires across the country had “nothing to do with cyberattacks.”