Micah Zenko

Politics, Power, and Preventive Action

Zenko covers the U.S. national security debate and offers insight on developments in international security and conflict prevention.

Print Print Cite Cite
Style: MLA APA Chicago Close


National Security Leaks and Iranian Revenge

by Micah Zenko
July 23, 2012

U.S. senator John McCain addresses a newsroom in Washington, DC (Jonathan Ernst/Courtesy Reuters). U.S. senator John McCain addresses a newsroom in Washington, DC (Jonathan Ernst/Courtesy Reuters).


On June 1, 2012, the New York Times featured a remarkable work of journalism by David Sanger that opened with the following revelation:

“From his first months in office, President Obama ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.”

In his 2009 book The Inheritance, Sanger revealed details about the National Security Agency’s (NSA) penetration of Iranian government computers—also known as cyber exploitation—that helped inform the 2007 National Intelligence Estimate, which judged “with high confidence that in fall 2003, Tehran halted its nuclear weapons program.” Sanger also offered clues about activities covered in a spring 2008 presidential finding that authorized covert action in Iran, including “efforts to interfere with the power supply to nuclear facilities—something that can sometimes be accomplished by tampering with computer code, and getting power sources to blow up.” While there were leaks about suspected U.S. covert activities targeting the Iranian nuclear program, no confirming evidence about the offensive cyber attacks had been published before last month.

Many members of Congress and Obama administration officials reacted with the rote condemnation that has followed national security leaks throughout history. These most recent leaks, however, prompted a new and surprising response: freed from the normative constraints against offensive cyber attacks, other states and nonstate actors will now target the United States with unrelenting cyber attacks against its critical infrastructures.

In an interview in the National Journal, chairman of the House Intelligence Committee Representative Mike Rogers warned: “Other nations, or even terrorists or hackers, might now believe they have justification for their own cyberattacks.” Senator Diane Feinstein, chairman of the Senate Intelligence Committee, argued that the leak could “to some extent” provide justification for similar cyber attacks against the United States. During a recent hearing of the Senate Homeland Security and Governmental Affairs Committee, former CIA director Michael Hayden and Senator John McCain had the following exchange:

HAYDEN: Going to cyber, whether the story was true or false, a publication that the United States was responsible for that activity is almost taunting the Iranians to respond at a time and in a manner of their own choosing.

MCCAIN: I was just going to say if I were the head of Iranian intelligence, I’d have been in the supreme leader’s office the next day.

HAYDEN: I would have gone in with something. Mr. Khamenei, remember that briefing I gave you about a year ago and you told me to put it on the back-burner? Well, I’ve brought it forward.

And in the absence of any Obama administration scapegoat, Sanger has often been targeted in the outcry against the leaks. In a hearing of the House Judiciary Committee, Colonel Kenneth Allard (ret.) declared, “If all of a sudden, utilities stop operating, you have [Sanger] to thank for it.” (In a truly revealing anecdote about the lack of congressional oversight over such high-risk covert operations, Representative Dan Lungren wondered aloud at the same hearing: “Would it bother you to know that the detail that was described in the New York Times, if true, is a level of detail not presented to members of Congress, such as the chairman of the Cybersecurity Subcommittee on Homeland Security, that is, happens to be me.”)

Beyond the cyber attacks against Iran, Representative Louie Gohmert added, “You have the Taliban target a helicopter with nearly two dozen of SEAL Team Six members…when the vice president, the president outed SEAL Team Six?” If the Taliban successfully penetrated U.S. battlefield communications to the extent that, out of the one hundred thousand U.S. soldiers in Afghanistan, they can identify who is on each helicopter, Gohmert should initiate a hearing on the subject as soon as possible.

The argument that the leaks describing U.S. (and Israeli) offensive cyber attacks against Iran’s nuclear facilities will compel a commensurate response rests on three assumptions:

  1. Iran is a rational actor previously constrained by international norms. If this is true, congressional members should hold hearings to investigate the Obama administration’s breach of prohibitory norms. As Ward Thomas noted in his excellent book, The Ethics of Destruction: Norms and Force in International Relations, such “power-maintenance” norms work by banning “weapons or practices that have the potential to close the gap between strong and weak states in international society.” As President Obama wrote in a recent op-ed, “It’s time to strengthen our defenses against this growing danger.” If you believe in the power of norms as do House Republicans, then U.S. cyber attacks against Iran only served to amplify retaliatory threats.
  1. Iran was unaware that America was engaged in covert operations—cyber exploitation or attack—against its nuclear program. Earlier this month, the Wall Street Journal reported, “The U.S. military is accelerating its cyberwarfare training programs in an aggressive expansion of its preparations for conflict on an emerging battlefield.” The Air Force lieutenant colonel who oversees one of the cyber courses noted, “Our curriculum is based on attack, exploit and defense of the cyber domain.” If Iranian officials subscribe to the Journal or read anything about the NSA, they would be well aware that preventing Iran from obtaining a nuclear weapon is the highest national security priority for the United States. And that the United States would utilize its well-publicized, unmatched cyber capabilities to achieve this goal.
  1. Leaks about U.S. covert actions against weak and distant states lead to a retaliation against America using similar means. In April 1984—after a few cocktails—Senator Barry Goldwater spontaneously read a classified memo on the Senate floor that detailed the direct role of the CIA in mining three Nicaraguan harbors. The next day, the Wall Street Journal ran the headline, “U.S. Role in Mining Nicaraguan Harbors Reportedly Is Larger than First Thought.” Did the Sandista government respond by mining American harbors, or retaliate directly?

Unauthorized leaks by government officials are a routine, if at times unfortunate, occurrence in Washington, DC—no matter who occupies the White House. However, it is ridiculous to believe that these particular revelations from David Sanger would now untie Tehran’s cyber warriors to target U.S. critical infrastructure. The Iranian regime is assuredly exploring this capability as well, and its decision to attack will not hinge on a New York Times headline.

Post a Comment 2 Comments

  • Posted by Matt

    The thing about Bin Laden is that al-Qaida has to use its own network to pass the information around, that takes time. By announcing it publicly the whole of al-Qaida was informed in one go. Making a lot of real time intelligence useless, if you are in a safe house or have an operation you are going to move or change it for security purposes.

    On Iran the who, why and how is a luxury the US has, to leak and take credit. In Israel the who, why and how is not important, it outcomes. That is all that matters is the outcome, the end result not the who, why and how. Israel does not have that luxury, the Iranian matter is too important.

    Petraeus was talking about cyber capabilities early in the year, he was talking about a Flame type virus. He did not refer to it by name, but the characteristics and capabilities, of what turned up in Tehran. That is not confirmation, because many nations have such tools.

    Some leaks have a purpose some are counter productive, before wikileaks outed the Arabs position on Iran,Arab/Israel cooperation. Israel had to deal with the Straits of Hormuz. The US injected itself into what was a limited conflict to a regional possible, global conflict. Israel could drop the module in relation to the Straits of Hormuz. Which made an Israeli strike more likely as the Hormuz module was complex and stretched capabilities to the limit.

    Things like protecting the Saudi fields and keep Hormuz open. That required a complex disinformation campaign of get F series hulks from the Boneyard painting them in Israeli colors and dumping them in the Nefud Desert and a media blitz that the Saudi’s had shot them down. So Iran would not hit the Saudi oil fields.

    Leaking the assassination has led to a campaign of murder of Israeli’s abroad by Iran, the point is Israel never claimed responsibility. Even the US get a wink but not confirmation. That also led to the storming and closing of the UK embassy as Iran looked for the substation. No one was hurt in relation to the embassy storming, as Iran found out the substation was not in the UK embassy or residence. The UK were going to close up shop before an attack on Iran, because of the risk of hostages and that civilian radars will also be down so no flights out of country.

    Then the leak that the US had people placed inside Israel planning to foil the Israel plans to attack Iran. That just makes them go into the bunker and that could get people killed too. If Israel believe that people helping them are there for that purpose.

    Assad was going to gas people last week, the who, why and how of what prevented that is not important if the US wants to take credit and responsibility that is fine.

  • Posted by Matt

    The leak that was really disgraceful, was when they burnt Davis, it was in a UK paper but it was a US official. Then they had to backtrack. He is lucky to be alive once they outed him, that was a death sentence and almost impossible for the Pakistani’s to release him. That was uncool. At worse a simple criminal matter a self-defense plea at court, ability to work down the prison security clearance to escape was turned into espionage and a death sentence absolutely. Not to mention it was illegal under US law to out him as CIA. The person that did it should be in jail themselves, at the very least Scooter got charged and convicted.

Post a Comment

CFR seeks to foster civil and informed discussion of foreign policy issues. Opinions expressed on CFR blogs are solely those of the author or commenter, not of CFR, which takes no institutional positions. All comments must abide by CFR's guidelines and will be moderated prior to posting.

* Required