ADD UP THE SANCTIONS — The Senate is getting set to take a hard look at countering Iran’s “shadow army” and proxy networks at a time when experts are sounding the alarm over Tehran’s rapidly expanding cyber warfare capabilities — and questioning whether more sanctions will truly change the game. The high-profile session in the Senate Foreign Relations committee on Wednesday comes just weeks after the Biden administration rolled out a new round of sanctions targeting Iran's cyber warfare apparatus, including elements of the powerful Islamic Revolutionary Guard Corps. But some experts contend the U.S. has already maxed out sanctions leverage against Tehran, and it is unlikely to fundamentally alter its calculation regarding offensive cyber operations targeting the U.S. and its allies. "The reality is the instrument of sanctions is not deterring the Islamic Republic on not just the cyber front, but across the board," said Alex Vatanka, Iran program director at Washington think tank Middle East Institute. “It’s just not enough.” Now, senators will debate over how to tackle Iran's extensive proxy networks in the Middle East — which increasingly include a cyber arm that's started taking Westward swings. “Iran's already the most sanctioned country in the history of the world,” a former State Department official who worked closely on Iran policy, granted anonymity to talk about sensitive policy discussions, told MC. “Yet we keep rolling out these new batches of sanctions. So doesn't that speak to the efficacy of the sanctions?” — History lesson: Iran’s once subpar capabilities were built up to an advanced level with help from partners like Russia, China and North Korea just over the last 15 years when it realized a security gap following Stuxnet — widely believed to be a joint U.S.-Israeli operation to derail Iran’s nuclear program. Since then, Iran tends to frame cyberattacks as retaliation, Vatanka said, with cyber superpower Israel a prime target given its long history of pushing back against Iran’s nuclear program and regional ambitions. That includes analysts reporting that Iran uses Persian-language Wikipedia to spread propaganda and disinformation by manipulating editorial teams and content. Now, Iran is estimated to have around 16 intelligence agencies within its government. "This is a regime that does engage in careful cost-benefit analysis," Vatanka said. "The idea that rogue Iranian cyberattackers do things because they feel a certain way, on a certain day — I don't believe it." But those tit-for-tat campaigns take on new life when they spill onto American soil, including the targeting of at least 18 water utility plants in recent months. — So what *should* be done?: “It's an easy thing to do in Washington on multiple fronts,” the former state official said. “But it's not going to stop the Iranians from doing the things that we don't like that they do.” Instead, the Biden administration will need to consider more creative deterrence measures, Vatanka said, like building up U.S. cyber defenses or carrying out more offensive cyber strikes. It’s not like offensive strikes are off the table, either: Three U.S. officials told NBC News that the Biden administration in early February hit an Iranian spy ship with a cyberattack to disrupt intelligence sharing with Houthi rebels (that is now back at sea). — Food for thought: There are already thousands of sanctions smacking Iran that began to bubble up once the regime was established in 1979, but blacklisted individuals more recently tend to have minimal exposure to the U.S. and Western financial systems. And remember, a 2021 Cyware report showed that China state-linked hacker group UNC215 has hit Israeli organizations since 2019, pretending to be Iranian while evading detection, in a campaign demonstrating China's interest in Middle Eastern targets that researchers expected to continue against critical infrastructure. Tehran’s municipal systems are also reportedly still recovering from a major cyberattack that disrupted their websites last June. FIRST IN MC: SECURE THE VOTE — Reps. Abigail Spanberger (D-Va.) and David Valadao (R-Calif.) are today introducing bipartisan legislation to enhance the cybersecurity of the nation’s voting systems that would mandate vulnerability testing for machines before they can earn federal certification. The Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing Act — or SECURE IT Act — mirrors a Senate bill from last year spearheaded by Sens. Mark Warner (D-Va.) and Susan Collins (R-Maine) that hit a wall after at least one Republican objection derailed its inclusion in the 2024 National Defense Authorization Act. “We continue to hear reports of foreign governments, individuals, and companies actively working to influence U.S. elections and subvert our democracy,” Spanberger said in a statement. “The sanctity of our free and fair elections is core to our identity as Americans.” — How would it look?: Under the duo's bill, the Election Assistance Commission would have to stand up a program allowing vetted researchers to try and penetrate the voting machines' cyber defenses and test how malicious hackers might seek to compromise the vote, as a condition for earning the agency's stamp of approval. “People need to have confidence in their vote and our elections in order for democracy to succeed,” Valadao said in a statement. “This is an important step to ensure the safety and security of our nation’s elections.” TIKTOK, MAYBE STOP — Rep. Raja Krishnamoorthi (D-Ill.), ranking member of the House Select Committee on China, tore into TikTok over its handling of Chinese disinformation campaigns targeting Taiwan’s elections, alleging the social media giant dragged its feet in taking down Beijing-linked accounts pushing false narratives. Krishnamoorthi leveled the criticism at the end of a three-day congressional delegation trip to Taiwan with committee Chair Mike Gallagher (R-Wis.) and other members of the committee. — In his own words: The lawmaker said the level of Chinese meddling was "pretty tremendous" in the run-up to Taiwan's presidential vote last month, with tactics heavily leveraging TikTok and the Chinese messaging app WeChat to spread disinformation narratives. “One of the toughest challenges that [Taiwanese officials] had was with apps that are beholden to the [Chinese Communist Party],” Krishnamoorthi said during a call with reporters on Friday. “What ends up happening is they find a bunch of bots and fake accounts, then they report it to TikTok, and when [TikTok] took down those accounts, they took them down after the election.” — The U.S. solution: Krishnamoorthi contrasted TikTok's response with U.S.-based social media companies, claiming the latter companies were quicker to ax malign accounts. He said Taiwan still managed to fend off such campaigns "to some degree" thanks to "a significant social media presence," but Beijing's interference blitz was intense — mirroring assessments from experts and Taiwanese officials, which China has denied.
| 
No comments:
Post a Comment