National Security National Security

An Alarming Arrangement Between Two Hostile Nations

On January 26, 2021, Russia and Iran signed an “intergovernmental agreement on cooperation in ensuring information security.”  The Russian Foreign Minister asserted that due to the importance of cyber issues on international relations, cooperation with Iran provides an opportunity to coordinate activities with a similar-minded partner.  More alarmingly, the agreement brings two of the United States’ most ardent adversaries and cyber antagonists together in a public show of solidarity in addition to their mutual benefit in cyberspace.  Both Iranian and Russian actors have been identified in Department of Justice indictments for committing cyber malfeasance against the United States.  Therefore, any formal partnership has potential implications for the United States, as such an alliance can be interpreted as a show of force to test the resolve of the new President’s Administration.

As of this writing, there are no details on the agreement, though broad principles include strengthening information security, collaborating against crimes committed using information and communications technologies, and providing assistance to ensure national and international security.  However, the timing of the agreement comes at an important time for the United States.  The new Administration is finding its legs, coming off a contentious election during which both Iran and Russia were suspected of conducting various cyber operations against both Democratic and Republican campaigns.  Russian in particular was identified of having targeted more than 200 organizations, many of which were affiliated with the U.S. election or European policy.  Iranian actors are suspected of obtaining voter data and sending threatening, faked e-mails to voters.  Both Russian and Iranian cyber activities were largely believed to favor the incumbent rather than the individual who won.  This was an interesting development given Iran’s tempestuous relationship with the former Administration, and the current President’s more favorable views of Tehran and prior agreements made with the Islamic Republic.

Regardless, election meddling by foreign actors appears to be an issue that both U.S. political parties agree should not be allowed to happen without consequence.  Election interference notwithstanding, Russia has recently been identified by the U.S. government as the responsible party for the Solar Winds breach, the global cyber espionage campaign that exploited an IT management and monitoring solution an thereby compromised the networks of its clients.  The breach was especially impactful for the United States with the following federal agencies and organizations identified as victims:  Department of Homeland Security, U.S. Cyber Command (CYBERCOM), the Federal Bureau of Investigation, and the Departments of Commerce, Defense, Energy, and Treasury, among others.  Data exfiltration and email monitoring are just two known activities in which Solar Winds attackers engaged.  Once compromised, the victim is at the mercy of the attackers’ intent.

In the aftermath of election meddling and Solar Winds, an agreement between Iran and Russia appears to be a gesture designed to show the United States that the Tehran-Moscow cyber agreement is aimed to directly confront U.S. cyber actions in cyberspace.  The U.S. government made it little secret that it was going to use CYBERCOM to “defend-forward” –  a strategy that dictates disrupting or halting malicious cyber activity at its source.  Among its known but limited successes include the take down of a Russian Troll Farm in 2019, and activities against Iranian and Russian hackers in the steps leading up to the 2020 Presidential election.  Therefore, it isn’t surprising that the two adversarial governments would want to show unity against potential further U.S. cyber actions.  Russia in particular is worried about U.S. cyber reprisal for its alleged role in Solar Winds.  Despite denying involvement in the attack, Russian intelligence issued a security warning after U.S. comments about potential response to Solar Winds that Moscow interpreted as a threat.

A cyber pact between Iran and Russia is not necessarily a new development.  In 2015, the defense ministers of both countries agreed to work together on mutual cyber defense.  The agreement laid out principles for collaboration and focusing on identification of mutual threats, data protection, and key areas, and basic forms of cooperation. Of note, an incident involving the use of sophisticated Duqu malware to target venues hosting nuclear talks between Iran and the United States, China, Russia, France, Germany, and the United Kingdom may have served as a catalyst for the timing of the cyber pact.  This is important and may provide insight into how both Iran and Russia responds to cyber threats.  In this instance, a cyber incident may have prompted the urgency of the signing an agreement.  Six years later, the two governments signed another agreement in the wake of the U.S. defend-forward operations.

While it remains to be seen if this agreement is more about posturing than actual collaboration, nation states are increasingly using cyber space to carry out geopolitical and economic differences.  Western countries have long enjoyed traditional intelligence-sharing partnerships such as the “Five Eyes” and NATO that provide a venue for cooperation on such cyber threats.  Governments like Iran, North Korea, and Russia don’t appear to have similar arrangements, or at least, not with so many partners.  That is why such agreements elicit curiosity – is this just solely a gesture or a recognition that to legitimately try to neutralize U.S. defend-forward activities in cyberspace, Tehran and Moscow must do more than make symbolic gestures.  According to one news source, Iran’s Civil Defense Organization unveiled plans for Iran-Russia joint cooperation that focused on the exchange of intelligence, interaction against threats, and joint defense.  That type of engagement raises eyebrows and intimates more than just a token cyber security partnership.  As more state activity occurs in cyberspace, authoritarian governments like Iran and Russia may seek to develop agreements like this that can serve as a counterweight to the activities conducted by Western nations.

The Takeaway:

How the U.S. government responds to SolarWinds may very well impact the nature of the Iran-Russia cyber agreement.  A disproportionate response action may strengthen a seemingly token pact, catalyzing these two adversaries into a more aggressive posture.  Doing nothing or not doing enough risks conveying to these two cyber powers that the current Administration has not determined a position when it comes to cyber attacks.  This invariably benefits both Tehran and Moscow whose leaders have years of experience in developing how their respective states conduct operations in cyber space.  Time is not on the new Administration’s side, and in this day and age, the United States can’t risk not having an answer.