and if they were smart, they would ignore the big cities, who have the law enforcement to handle the chaos. Attack middle america where all the people are scared shitless already
— John Cole (@Johngcole) January 4, 2020
christ, they'd have all the gun humpoing gomers out in force, probably end up killing a bunch of innocent people who look like terrorists. Iran could start total fucking chaos here for basically nothing.
— John Cole (@Johngcole) January 4, 2020
Given the asymmetry in the types of military power between the US and Iran, as well as the ability to wield it, Iran’s response to yesterday’s strike that killed Suleimani and Muhandis, and tonight’s strike near Taiji (Taiji is where Abu Ghraib is for those wondering about where Taiji is – it is the northernmost of the agricultural districts, or qadas, that ring Baghdad and separate Baghdad Province from the surrounding provinces), will undoubtedly be unconventional. But it is important to keep in mind that an unconventional response doesn’t mean an unconventional use of military power. The Iranians, like all states, have other elements of national power that they can leverage and use to respond. We refer to these elements of national power as the DIME-FIL (Diplomatic, Informational, Military, Economic, Financial, Intelligence, and Legal). The Iranians also have a well developed and effective cyber operations capacity. And the cyber domain, the tools used to operate effectively in it, and the cyber operations themselves are all very effective ways of utilizing the non-military forms of power.
As we consider what the Iranians might do, we need to move beyond the low hanging fruit of attacks by their proxies on US and our Coalition partners in the region. Or attacks on the petroleum sector in our regional partners that would spike oil and gas prices. I’m not suggesting these won’t happen, I’m sure there will be some of them, but these are obvious and we can plan for them, to manage them, and to mitigate them. There are also less obvious targets and less obvious weapons and tools that the Iranians can use to strike back.
This past fall DHS, the FBI, the Secret Service, and the Arlington, VA Police Department participated in a table top simulation, dubbed Operation Blackout, focusing on the 2020 election. They were the Blue Team (the good guys). The opposing force, or Red Team (the bad guys), were a group of white hat hackers. The Red Team were not permitted to hack the actual election in the simulation, they couldn’t hack machines, voting systems, anything like that. So what did they do? They hacked everything else. And, as a result, within the simulated world of the exercise they created so much chaos that martial law was declared by the person on the Blue Team playing the president in the exercise and the 2020 election, within that notional world, was cancelled. You can read the Red Team’s write up of the exercise here.
In early 2018 I prepared a strategic analysis on Russia’s active measures campaign. I wrote:
Putin’s cyberwarfare has also targeted actual American infrastructure. Russian for cover officials have been tracked mapping US critical physical infrastructure, such as the communication and power transmission grid. This was in support of a cyberwarfare campaign to infiltrate and compromise another important American center of gravity: the US power generation and transmission grid. Putin’s ability to weaponize information and the platforms where American’s get their information combined with his ability to bring down all or portions of the US power grid should have every national security professional very, very, very worried. Putin’s cyberwarriors have already tried to create a response through planting false social media stories of actual fake news reports about a foreign terrorist attack on the US energy sector, an ebola outbreak, and a riot in response to a police shooting. All of which never happened. Imagine what happens when Putin starts turning parts of the US power grid off during extreme weather events while at the same time he’s spreading disinformation made to look like actual news reports or official municipal, state, and/or Federal responses to the disaster he’s created. This is the threat we face.
Now imagine what happens when the Iranians start doing the things that I described above or creating the type of chaos that the Red Team created in the 2020 election simulation. And not in or just in New York or DC or LA or Seattle or Miami or Atlanta or Chicago, but in more suburban and rural areas. In red states that have no where near the state and local capabilities to respond. Imagine what happens when they hack into banks and the financial service sector and start stealing financial information and manipulating the markest. Imagine what happens when they release the Signals Intercepts they have of US elected and appointed officials, as well as those of people running major corporations or the news networks and newspapers.
And this is where the embarrassment comes in. If you want to strike back at the President, you do so in a way that gets under his skin. Skin that he demonstrates daily on his Twitter feed is exceedingly thin. The President is noted for spending hours speaking to world leaders, his outside advisors and friends on an unsecured phone from the White House residence each night, or from one of his properties when he goes to Mar a Lago or plays golf at his clubs, presents a target rich environment all on his own. The Iranians have a target rich environment given the President’s well documented poor Op-Sec and Info-Sec practices. The Iranians have a target rich environment given Rudy Giuliani’s poor Op-Sec and Info-Sec practices. The Iranians have a target rich environment because Jared Kushner communicates with Muhammed bin Salman on WhatsApp, which is not secure. The Iranians have a target rich environment in the largely wide open US information and cyber domains. And they have the ability to exploit weaknesses in those domains to leverage power, other than military power, across the DIME-FIL. And they will leverage those capabilities to wage an unconventional war against the US and one of the strategic objectives will be to embarrass the President. And that embarrassment will be both an end in itself and done to goad him into badly overreacting out of anger, which will then provide the Iranians with further opportunities to wage their unconventional campaign.