Critical Infrastructure Security, Threat Intelligence, Malware

U.S. drew up scenarios for Iran cyberattack in case of military aggression, report says


Before brokering its historic nuclear agreement with Iran, the U.S. developed contingency plans for launching a series of sophisticated cyberattacks to neutralize the Middle Eastern nation, in case relations deteriorated into military conflict, the New York Times reported Tuesday.

According to the Times, as early as 2009 the Pentagon began devising a plan, code-named Nitro Zeus, designed to dismantle Iran's air defenses, communications systems and portions of its power grid infrastructure. A key aspect of the strategy involved embedding electronic implants in Iranian computer networks that could monitor the country's activities and — if so ordered by President Obama — sabotage its infrastructure.

“Nitro Zeus quickly emerged as one possible response for Mr. Obama, a way to turn off critical elements of the Iranian infrastructure without firing a shot,” the Times report said. The plan would not be without risk, however, as it would require infiltrating multiple networks while minimizing collateral damage.

The plan would have been difficult to pull off, but not necessarily impossible. “It would be difficult to succeed in an ambitious attack if fundamental security practices are followed [by the targeted critical infrastructure]; however it takes due diligence to ensure that you are aware of the vulnerabilities in your realm of control and have adequate measures in place to mitigate large-scale disruption,” said Merike Kaeo, CTO of cybersecurity firm Farsight Security, in an interview with

Simultaneously, U.S. agencies were separately planning to physically or remotely implement a computer worm to covertly disable Iran's Fordo nuclear enrichment site, built inside a mountain near the city of Qum, the Times report said. These plans were rendered moot upon the July 2015 signing of the Joint Comprehensive Plan of Action, which sets terms for Iran to eliminate its nuclear stockpile.

These bombshell revelations were a byproduct of the Times' reporting on the documentary film Zero Days, which premiered Wednesday at the Berlin International Film Festival. Zero Days examines the Stuxnet virus attack—widely believed to be launched by U.S. and Israel — that set back Iran's uranium enrichment program in 2010.

Corey Nachreiner, CTO at unified threat management company WatchGuard Technologies, told that offensive-minded campaigns like Stuxnet can provide "short-term benefits, but have long-term consequences." He recommended that nations focus more on shoring up their defensive capabilities. "Stuxnet opened the Pandora's box of the cyber arms race. If we want to close that box, we should focus less on the arms and more on the bulletproof vest," he continued.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.