On the 10th anniversary of the discovery of the Stuxnet computer virus, designed by the U.S. and Israel to target Iran’s nuclear program, the Islamic Republic is facing a new wave of unclaimed acts of sabotage. While military and nuclear facilities in Parchin and Natanz have been attacked, this latest wave is not limited to only high-value and sensitive facilities. From a major fire at a port in Bushehr to explosions at a clinic in Tehran and a number of industrial sites across the country, the sudden outbreak of incidents has left the Iranian public bewildered and wondering just what is going on.

Some of these events are likely legitimate accidents, but there are clear signs that foreign intelligence services — namely the CIA and the Mossad — may be involved, and questions about the possible application of cyberwarfare in these attacks will be mulled over in the days and weeks to come. If foreign powers are carrying out acts of sabotage inside Iran, that is likely meant to achieve two primary objectives: to set back and impede Iran’s nuclear program and to give reason for the authorities in Tehran to reconsider their military, nuclear, and regional policies. So far, while Tehran is startled, it also appears undeterred.

Cyber attacks? 

Iranian officials have been guarded in identifying both actors and methods behind the acts of sabotage. This could be simply a case of face-saving and not admitting to yet another humiliating penetration of Iran’s critical infrastructure by foreign intelligence services. In any event, it is too early to say if any of the explosions in Iran were caused by cyber attacks. This, naturally, was an early suspicion after the first detonation at Natanz — the nuclear facility that was famously the target of the Stuxnet virus.

First of all, from a simple cybersecurity perspective, it is very difficult to make lightning strike in the same place twice — especially on a target as secure as a nuclear enrichment facility. To hit the same target twice with a missile, you simply fire at it twice. But a cyber attack relies on the vulnerabilities in the systems being targeted, and given Stuxnet is perhaps the most studied virus of all time, it is inconceivable that Israel, the U.S., or anyone else could have simply used the same exploits. A second cyber attack would need to discover entirely new vulnerabilities — a highly costly endeavor — and would depend on those patched and updated systems being similarly vulnerable.

It is also worth noting that Stuxnet was specifically designed to be “quiet” — the virus did not cause explosions or even enough disruption to indicate tampering to the facility’s scientists. It was carefully calibrated to slowly degrade Natanz’s enrichment capability and cause just enough malfunctioning to make the Iranian government doubt the scientists’ competence. The latest explosions, by contrast, are “loud” — quite literally. If this were a “second Stuxnet,” it would be a radical deviation from the original modus operandi.  

Finally there is the issue of the follow-on explosions. Cyber attacks are not easy to scale up unless they are targeting the same operating system, like Windows XP, which does not lend itself to causing physical explosions. New exploits would need to be developed for each different system targeted, which is not a simple, replicable task. Sneaking a bomb into a country — while not easy — is a much more straightforward task to carry out repeatedly.

Cyber specialists rarely speak in absolutes, and by no means is it impossible that the Iranian explosions are being caused by cyber attacks. Only Iran can perform a forensic examination of the sites of the detonations and make that determination with confidence. It, however, is not likely that these explosions were caused by cyber attacks.

Iran’s bigger worry: Infiltration 

What is evident is that while Iran wants to minimize the significance of these incidents, the U.S. and the Israelis want to inflate it. For example, through their information operations in the media, the Israelis have deliberately floated two scenarios that are bound to create panic inside the Iranian system. The possibility of a cyber attack by Israel is one. The second is that the explosions may have been the result of sabotage carried out by insiders who have been recruited by the Israeli intelligence services. Both scenarios would be hugely embarrassing to Tehran, which is why Iranian officials continue to refuse to admit any foreign-instigated sabotage has taken place. 

The Iranian denials, however, have been less than convincing. In fact, they have only reinforced the impression among the public that foreign actors have been behind at least some of the explosions. The psychological pressures that such popular beliefs put on the Iranian authorities are considerable. In a worst-case scenario, the idea of large-scale infiltration feeds into the narrative that the Islamic Republic is in its dying days and creates more momentum for defections from the ranks of those serving the state.

In addition, there are some important implications about the recent incidents. First, what looks to be a coordinated American-Israeli campaign of sabotage suggest that the Trump administration and the Israelis have concluded that Tehran will not change any of its policies while Donald Trump is in the White House. This is likely why the sabotage campaign has been launched to set Iran’s nuclear and missile programs back as much as possible before Trump leaves office. 

There are two other likely reasons why the U.S. and Israel have decided to act as well. First, to force the Iranians to kick out international nuclear inspectors on charges that they are passing sensitive information to U.S. and Israeli intelligence services, which might be the reason such sabotage attacks are possible in the first place. Were Iran to kick the inspectors out, it would be the end of the 2015 nuclear deal, a goal long sought by both the Trump administration and the Israelis. Second, these acts of sabotage might even be intended to force Iran to retaliate, an event that could easily escalate into a broader military conflict. 

What’s next?

The Iranians, however, are unlikely to retaliate in any major way. They will huff and puff, but ultimately Tehran will bite its tongue and move on. This is also what happened 10 years ago, when the Americans and the Israelis used the Stuxnet computer virus to sabotage Iran’s nuclear program. Tehran basically accepted the losses it incurred and simply continued its nuclear program as before. Something similar may happen now after these latest acts of sabotage. 

For Iran, though, one aspect must be troubling that goes beyond the nuclear issue. The perception that the country is awash with CIA and Mossad agents running around carrying out attacks with impunity undermines the regime in a serious way. It undoubtedly also gives the domestic opposition confidence. This is exactly why the Iranian authorities suddenly decided to execute a former defense official, Reza Askari, on charges of supplying information to the CIA. The hope is to deter anyone from collaborating with foreign intelligence services. 

Deterring the public in such a fashion is a time-tested policy in Iran, but there is a chance of blowback. Excessive punishment, as with the ongoing saga around plans to execute three young men for participating in anti-regime protests, has the potential to unleash more public anger and protests against the regime.

And here lies the toughest challenge for the authorities in Tehran: If the CIA and Mossad were behind these latest attacks, how might they look to escalate this campaign? It seems highly likely that few, if any, of the acts of sabotage so far have been carried out by means of cyber attacks. That means there are Iranians inside the country that are central to the staging of these attacks and involved in physically planting explosives at selected sites. Not only does that signal resourcefulness, but it also suggests unprecedented risk-taking by the U.S. and Israel. If foreign intelligence services can go this far inside Iran, what else might they be able to do? That is surely a matter of the utmost concern for Tehran.

 

Michael Sexton is a Fellow and the Director of MEI's Cyber Program. Alex Vatanka is a Senior Fellow and the Director of MEI's Iran Program. His forthcoming book is The Battle of the Ayatollahs in Iran: The United States, Foreign Policy and Political Rivalry Since 1979 (2021). The views expressed in this piece are their own.

Photo by AMIR KHOLOUSI/ISNA/AFP via Getty Images


The Middle East Institute (MEI) is an independent, non-partisan, non-for-profit, educational organization. It does not engage in advocacy and its scholars’ opinions are their own. MEI welcomes financial donations, but retains sole editorial control over its work and its publications reflect only the authors’ views. For a listing of MEI donors, please click here.