ArchiveOODA OriginalSecurity and Resiliency

Iran Joins the Cyber Sovereignty Debate

In December 2021, Iran’s Ambassador to the United Nations issued a formal statement rejecting Iran’s use of force in cyberspace. According to the statement, the Ambassador acknowledged Iran’s victimization by cyber-attacks, underscoring the 2010 Stuxnet attack that directly impacted a key infrastructure by disrupting its nuclear enrichment process. A key component in this address was Iran’s assertion of a series of principles including the rights of state sovereignty in cyberspace, rejection of states using the digital domain to interfere in the internal affairs of other states, and codifying and implementing a legally-binding measure for responsible state behavior in cyberspace.

Perhaps most importantly, the Ambassador identified the Open-End Working Group on Security of and in the Use of Information and Telecommunications Technologies (OEWG), as being “the UN’s first-ever inclusive, transparent, and multilateral intergovernmental process,” a subtle dig on the United Nations’ Government Group of Experts (GGE) in the Field of Information and Telecommunications in the Context of International Security.

Not surprisingly, Iran’s support of these principles coincides with similar positions held by both China and Russia both of which have advocated for the state cyber sovereignty model for a state’s inherent right to control its portion of the Internet as it sees fit. Beijing and Moscow have been actively pushing back against Western interests that have favored the United Nations via the Government Group of Experts (GGE), taking on the challenges of creating cyber norms that have pushed back against cyber sovereignty in favor of a more open Internet. Iran has not been as vocal as Russia about these matters in the past, perhaps preferring to allow the two bigger and more globally influential states to spearhead the movement to sell cyber sovereignty to a larger audience.

However, Iran has appeared to shift tactics. In July 2020, the General Staff of the Armed Forces of the Islamic Republic of Iran issued a declaration regarding international law’s applicability to cyberspace. Iran strengthened its position on these issues from its 2019 position that it presented before the OEWG. This declaration is the basis of the Ambassador’s formal statement, reaffirming the key components of national security of a state’s information space, the illegality of state’s intervention into another state’s affairs using the digital domain as a conduit, and the qualifying criteria when cyber-attacks constitute a use of force.

It is important to recognize the following:

  1. Iran is not just parroting China and Russia’s positions but has put its own spin on areas where the three governments have common interests, and
  2. The statement by the Iranians represents a detailed position by a prominent cyber actor that is not from the West.

As one legal expert points out, Iran’s threshold for when a cyber-attack constitutes a use of force is more restrictive than countries like France and the Netherlands, while the thresholds for cyber sovereignty and intervention have lower bars. Tehran is clearly communicating its acknowledgment of how soft-power information campaigns and influence operations can have a resounding impact on a state’s internal stability.

Collectively, the 2021 statement by its UN ambassador, the July 2020 declaration, and Iran’s April 2020 comments on an OEWG pre-draft report show that Iran has evolved its thinking with respect to cyber operations through the prism of international law. What’s more, as one researcher points out, this maturation appears consistent with some of the thinking captured in The Tallin Manual 2.0 with respect to the applicability of the effects of cyber operations toward violating a state’s sovereignty.

This evolution in Iranian stance indicates that they are not looking to create their own rules but are willing to work within the current and leading international community’s academic work on these subjects and rely on existing international law, albeit through its own interpretation, to justify its reasoning. Iran clearly wants a larger role in the discussions transpiring in the OEWG that is all at once unliteral and partially bilateral with China and Russia, at the same time.

It remains to be seen if Iran will try to push for more of a leadership role in the OWEG. The continued failed efforts of the GGE to codify norms and address the issues of cyber sovereignty indicate a greater success potential for the OEWG. After all, the GGE’s greatest drawback is its limited membership, where the OEWG is far more inclusive, accepting the participation of any interested state. And this may be why Iran is reimaging itself, trying to look the part of a responsible state cyber power. It has conducted hostile cyber activities, but so have many of the nations listed in the recent Cyber Capabilities and National Power Assessment, which doesn’t bar them from discussing these issues.

There may be an increasing appetite for cyber sovereignty, especially as disinformation, misinformation, and propaganda continue to plague the globe, creating instability and sowing discontent. Governments may find that barring the dissemination of these types of information in the name of national security is a favorable recourse.  Even the United States has allowed its social media platforms to self-police, efforts that appear to focus on issues deemed important by the platforms themselves (guided by their own policies) and not necessarily those defined by law. These platforms have shown political leanings, calling into question the objectivity of their actions and the consistency with how they are enforced. When specific individuals and organizations are victimized by these activities, this supports the argument for cyber sovereignty.

Time will tell how Iran navigates these discussions now that it had demonstrated its interest in a firm seat at the OEWG table. As a regional leader and a cyber power, it certainly believes that its voice must be heard. The challenge will be drumming up support:  though states may agree on bigger policies, they differ when their unique interests are in play.  Nevertheless, the “one voice/one vote” principle of the OEWG makes this a perfect venue for Iran to express its position on these issues. And based on its formal declaration on cyber sovereignty, nonintervention, and use of force, Tehran just may find a more receptive audience than people think.

Opportunities for Advantage

All of this exponential disruption means we must make focused efforts to gain advantage. Stay informed on a variety of these critical issues at OODAloop.com and during our monthly OODA Network meetings and Salons.

 

Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for business and governments

From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

Quantum Computing Sensemaking

OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking.

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.