The recent uprisings in Iran are notable for at least one thing: They represent the first example of worldwide cyber conflict. This is an unprecedented event and it might well have a place in shaping the course of future warfare and civil unrest.
Cyber conflict is a subset of information conflict and, from the perspective of the Iranian uprisings, we have a major instance of this phenomenon.
Information conflict occurs, conceptually, on a continuum that has, at one end, a concept known as the noosphere (pronounced “nu-o-sphere”). The noosphere is the realm of pure thought. An example of actions in the noosphere is propaganda.
At the other end of the continuum there is the cybersphere or, if you prefer, just “cyber.” Cyber is the realm of pure technology. Although “cyber” implies computers and networks, in this context it also can mean any technological means of delivering a message. That might include television, radio, computer networks, satellites, telephones, etc.
In the middle of the continuum is the area called the infosphere where the noosphere and cyber converge. Rather than being a single point, it is an area that, at one end, emphasizes information and, at the other, technology. It is where virtually all information conflict takes place.
Of course, there can be both offensive and defensive information operations. For example, offensive operations at the cyber end of the continuum may include such activities as jamming radio and TV signals, computer and network attacks or other offensive technical assaults.
Defensive operations are any technical measures that the target takes to protect itself. In the private sector, most of us are focused on defensive operations against criminal hackers, cyber fraudsters and hacktivists among others. The events in Iran took place squarely in the infosphere.
The world is no stranger to information operations. In the commercial world, we see examples all the time. Television commercials, especially political ads around election time, are examples of information operations.
The public relations professionals and communications officers in our corporations and governments are practitioners of information operations. They generally practice at the noosphere end of the infosphere since the cyber end is little more than a delivery mechanism.
There have been more obvious examples, however. During the uprising in Tiananmen Square, Chinese students used faxes to organize and communicate with the outside world. More recently, Russia has been accused of cyberattacks against Estonia (2007), Georgia (2008) and Kyrgyzstan (2009). China has been accused of coordinated cyberattacks against the United States since 2003 (“Titan Rain”).
These cyberattacks have some things in common: They are extremely hard to attribute. Subsequent investigation, for example, of the Estonia events suggested that the attacks were carried out by Russian students in support of a physical uprising.
All of the above attacks took place at the far cyber end of the infosphere. They all were constrained to limited participants consisting of the attackers attempting to disrupt websites, interrupt banking transactions and other directed operations, as well as some nearly pure noosphere activities. The events in Iran were quite different.
What happened in Iran?
Iran is unique for a couple of reasons. Virtually the entire infosphere was in use by both sides of the conflict. Second, the operations included participants across the planet and were a defining aspect of the protests.
Probably the most obvious and most reported aspect of the conflict was the global use of social networking sites as a means of communicating to the world. The leading site appears to have been Twitter, regarded as a micro blog. That characterization is important here.
The format of a micro blog allows short concise messages and participation by anyone who follows the postings. It is one of the preferred means of communications for the younger generation. A very large percentage of the Iranian population is under 30 years of age and that had a major impact on the selection of social networking as the means of contact among the protesters.
This was a case of information operations as a force multiplier for kinetic operations. That means that the participants sought to use information operations to augment their physical actions.
They also hoped, within Iran, to rally supporters to their cause and their demonstrations. The use of the noosphere end of the infosphere delivered globally by the cyber end was intended to enflame supporters around the world. Video clips of the dying moments of an Iranian student (Neda Agha-Soltan) are examples of this.
If the communications had stopped at this, the events would have been interesting and certainly newsworthy, but unremarkable examples of information operations. But, what happened next assured that these events will have an important place in cyber history.
About midway through the height of the demonstrations, the Iranian government reportedly began to join the information operations fray at both ends of the infosphere. At the cyber end, the government jammed cell phone signals and took down websites. At the noosphere end, Iran engaged in mis- and disinformation. Members of the Iranian government also masqueraded as protestors in attempts to redirect or minimize demonstrations supporting the information with kinetic responses from the militia.
At that point, in an attempt at deception, Iranian protesters urged sympathizers around the world to change the time zones on their social networking accounts to appear to be in Tehran. The government responded by masquerading as outsiders supporting the protesters both for plausible deniability of their own activities and for obfuscation of their participation in the information operations.
As the demonstrators’ operations escalated, they became force multipliers around the world supporting physical demonstrations in many world capitals. This is, arguably, the most important and potent aspect of information operations: The ability to increase the impact of and provide support to kinetic operations.
Now that the Iranian demonstrators have been forced underground, we can expect further information operations activity in this conflict. More important than that, however, we can expect information operations to become a staple of this type of resistance. However, and this is a further uniqueness of the Iranian uprising, this is the first time in history that the people en masse around the world have used information operations simultaneously as a strong force multiplier for kinetic operations.
This poses serious challenges to defenders, both kinetic and technological. For years, hacktivists have engaged in mini-information operations, such as defacing websites. Movements such as the Tamil Tigers and hacktivist groups such as the Silver Lords, who precipitated cyber conflicts between India and Pakistan, have long used the techniques of information operations in a rather amateurish manner.
Chinese hacktivists have supported their nation’s agendas against the West for years. But all of these represent only the tip of the iceberg of sophisticated information operations. Years hence, when we look back on the history of warfare, we will point to the Iranian uprisings of 2009 as the birth of open global information operations.
Peter Stephenson is the technology editor of SC Magazine. He is the chair of the department of computing, CISO, and director of the Advanced Computing Center at Norwich University in Vermont.