Cyber operations were almost certainly used against Iran in the early hours of Operation Epic Fury. Here is how it may have played out.
The opening of Operation Epic Fury, the joint US-Israel operation to topple Iran’s government, has been defined by surprise kinetic strikes & Iran’s retaliation to its neighbours. But underneath the visible attacks, there may have been invisible strikes brought about through cyber operations.
Cyber Activities
There has been no official word from the US or Israel that cyber effects were brought to bear in the 1st 48 hours of the conflict, though there have been reports of cyber activities inside Iran having taken place.
However, given the reality of modern-day warfare, as well as the long history of cyber war specifically around Iran, it seems implausible that cyber capabilities have not played a role so far.
7 Sources
7 sources were canvassed, ranging from former senior-level cyber officials to operators to military cyber lawyers, to understand how the early days of a cyber operation such as Epic Fury would likely unfold. All 7 sources stated they had no inside knowledge of the actual operations, but their insights are likely to match up to the kind of efforts US Cyber Command & US Central Command would be exploring. CYBERCOM did not respond to a request for comment.
One former Pentagon cyber official noted that following the operations in Venezuela to capture former President Nicolás Maduro, there is a greater appreciation for the role of cyber, with current officials seemingly more willing to talk about the use of cyber in planning & integration of kinetic operations.
10-plus Years
But that does not mean the use of cyber in such operations is new. Several former officials explained cyber has been part of the planning & integration with operations going back, & one of CYBERCOM’s 3 stated missions is to conduct cyber operations for combatant commanders & the joint force.
“It’s taken some time for people not directly exposed to that in witnessing to that, to understand it,” a former senior cyber commander commented.
‘Know What We’re Doing’
“Some of these recent operations have made people, whether they’re civilians that are in the legislative branch, or whether they’re civilians or senior people in the US Department of War & the executive branch that weren’t exposed to it, to finally realise we know what we’re doing, we know how to do this, & if we give the resources & the ability to get after the targets & not hold them back, our cyber warriors can make it happen.”
Defensive Posture
Ahead of any action, the sources stated, the 1st move planners would have been undertaken is a defensive posture to protect military communications systems & networks. Iran has reasonably capable cyber operators that have become significantly better over the last handful of years, the former senior cyber commander commented.
Ahead of any strikes, cyber would also be used to provide some intelligence value, either conducting reconnaissance of targets to strike physically or providing insights into the thinking of certain members of the regime.
High Value Individuals
Those insights could include the location of high value individuals, what the current intentions of the regime are in terms of where they might move those people, how they might be defending them, or how they may be preparing to respond & shoot missiles at what targets, the former senior military cyber commander explained.
All those insights can provide the ability to undertake action before the adversary can achieve what they are trying or to posture people to be prepared to defend themselves.
There would also be work to see what the adversary’s networks look like, so if there is an operation that requires an effect on those networks, they can be understood & deconflicted with other activities, another former cyber commander suggested.
Complementary
When it came time for the kinetic strikes to start, cyber could prove complementary, targeting enemy defences & communications to not only allow friendly forces to strike with less risk, but also make it harder for the enemy to execute their own operations. This could include targeting integrated air defence systems, early warning radar, command & control & communications networks.
One former operator, however, noted that they thought it is unlikely cyber played a part in disrupting Iran’s early warning or air defence systems, noting that the US likely burned a lot of access the last time it undertook operations like that in 2019 in Iran and the generally degraded nature of the Iranian air defences after last summer’s ‘Operation Midnight Hammer.’
Information Operations
Experts also pointed out that cyber could play a role in the information operations front. Those could include messaging the people of Iran prior to, or even during, this operation to determine how the populace could rise up while the Iranian regime is in disarray.
It could also manifest itself in messages to members of the Iranian regime & military apparatus, such as the Islamic Revolutionary Guard, telling them things along the lines of “’you can still save you & your family, here is what you need to do. But if you continue to listen to what the regime is telling you, you do not have much of a future,’” the former senior military cyber commander observed.
President Donald Trump
In fact, in his address announcing the strikes President Donald Trump told members of the IRGC & others “you must lay down your weapons & have complete immunity. Or in the alternative, face certain death. So, lay down your arms. You will be treated fairly with total immunity, or you will face certain death.”
Given the multi-day nature of Epic Fury, it likely will require a greater use of messaging & information operations than one-off strikes such as those that took place in Iran last year & Venezuela in Jan. another former senior cyber commander said.
Adversary Intent & Plans
Likely, cyber has & will continue to play a supporting intelligence role, a former cyber operator suggested, collecting on adversary intent & plans while trying to determine battle damage assessment for the strike operations.
It will also likely help determine if the initial wave of strikes killed any senior leaders, what senior leaders still alive are planning to do in response & where those targets are located for secondary strikes.
