Before brokering its historic nuclear agreement with Iran, the U.S. developed contingency plans for launching a series of sophisticated cyberattacks to neutralize the Middle Eastern nation, in case relations deteriorated into military conflict, the New York Times reported Tuesday.
According to the Times, as early as 2009 the Pentagon began devising a plan, code-named Nitro Zeus, designed to dismantle Iran's air defenses, communications systems and portions of its power grid infrastructure. A key aspect of the strategy involved embedding electronic implants in Iranian computer networks that could monitor the country's activities and — if so ordered by President Obama — sabotage its infrastructure.
“Nitro Zeus quickly emerged as one possible response for Mr. Obama, a way to turn off critical elements of the Iranian infrastructure without firing a shot,” the Times report said. The plan would not be without risk, however, as it would require infiltrating multiple networks while minimizing collateral damage.
The plan would have been difficult to pull off, but not necessarily impossible. “It would be difficult to succeed in an ambitious attack if fundamental security practices are followed [by the targeted critical infrastructure]; however it takes due diligence to ensure that you are aware of the vulnerabilities in your realm of control and have adequate measures in place to mitigate large-scale disruption,” said Merike Kaeo, CTO of cybersecurity firm Farsight Security, in an interview with SCMagazine.com.
Simultaneously, U.S. agencies were separately planning to physically or remotely implement a computer worm to covertly disable Iran's Fordo nuclear enrichment site, built inside a mountain near the city of Qum, the Times report said. These plans were rendered moot upon the July 2015 signing of the Joint Comprehensive Plan of Action, which sets terms for Iran to eliminate its nuclear stockpile.
These bombshell revelations were a byproduct of the Times' reporting on the documentary film Zero Days, which premiered Wednesday at the Berlin International Film Festival. Zero Days examines the Stuxnet virus attack—widely believed to be launched by U.S. and Israel — that set back Iran's uranium enrichment program in 2010.
Corey Nachreiner, CTO at unified threat management company WatchGuard Technologies, told SCMagazine.com that offensive-minded campaigns like Stuxnet can provide "short-term benefits, but have long-term consequences." He recommended that nations focus more on shoring up their defensive capabilities. "Stuxnet opened the Pandora's box of the cyber arms race. If we want to close that box, we should focus less on the arms and more on the bulletproof vest," he continued.
