Shortly after President Barack Obama took office, plans were drawn up to unleash absolute hell on parts of Iran’s power grid, air defense system, communications and command and control apparatus via a series of coordinated cyber attacks, according to a new report in The New York Times.
This unprecedentedly large-scale cyber attack operation was code-named “Nitro Zeus” and it would have been a retaliatory alternative to a full on conventional military response against Iran should they have lashed out against U.S. interests and allies in the region following failed nuclear negotiations. This never occurred and the so called P5+1 Iranian nuclear deal was agreed upon and executed.
The Times reports that the plan involved thousands of intelligence personnel and operatives, costing tens of millions of dollars over multiple years. Planting physical hardware within Iran’s existing computer networks was also part of the plan. It remains unclear if this portion of it actually took place or was still in the planning stages. Either way, the program would have involved the seven-year-old Cyber Command and the National Security Agency’s Tailored Access Operations unit that masters penetrating foreign computer networks.
Nitro Zeus comes to light as the world is just now fully understanding the first time an advanced cyber weapon was used, and on a much smaller scale. That would be the Stuxnet worm developed by the U.S. and Israel and deployed deeply into the heart of the industrial control software that ran Iran’s uranium enrichment centrifuges.
The story of this landmark moment in military and technological history is best told by the book Countdown To Zero Day. Not only does it go over Stuxnet’s development, deployment and eventual discovery in painstaking detail, but it also explains how these weapons are created and unveils the murky marketplace on which so called zero-day exploits, the back door vulnerabilities in existing software that make cyber attacks possible, are traded on.
The revelations about this much more expansive cyber attack plan aimed at Iran comes from an upcoming documentary about zero-day exploits and cyber warfare in general dubbed aptly Zero Days. The movie is directed by celebrated documentary maker Alex Blibney (We Steal Secrets: The Story of WikiLeaks, Going Clear) and is premiering at the Berlin Film Festival this week.
According to the film, another contingency operation was also planned should Iranian nuclear talks have failed that focused directly on disabling the Fordow nuclear enrichment site buried deep under a mountain near the Iranian city of Quam. This attack plan was not designed to be used only in response to Iranian aggression like the Nitro Zeus, instead it could have been executed at anytime the White House thought it necessary.
The plan would have seen a worm injected into the Fordow’s main computer system, frying it with the goal destroying Iran’s centrifuge cascade operations in the process. This plan would have been a more aggressive follow-on to the Stuxnet worm that struck Iran’s enrichment facility at Natanz clandestinely in the late 2000s.
Above all else, these programs underline how cyberwarfare is quickly developing into a go-to “non-kinetic” military tool that can be scaled to an incredible degree depending on the effects sought against the enemy. Because it can be so devastating, striking not just the enemy’s military capability but also civilian infrastructure such as access to power, it is becoming more and more a viable alternative to traditional forms of attack.
The small glimpse we have into Nitro Zeus also underlines how a multiple-pronged attack, striking different areas of a target’s infrastructure and military capability at once, can be paired for synergistic effect, leaving its target country’s military blind and deaf and its population suffering. And all this can be had without ever dropping a bomb and even under the veil of plausible deniability.
Also of interest is that Nitro Zeus is most likely one of a whole slew of plans to attack potential enemies via cyber weaponry. Plans surely exist for all of America’s potential adversaries, and some are likely to be far more elaborate and deadly than anything that has been disclosed to date. (And surely America’s potential enemies have similar contingency plans.)
With all this in mind, the wars of the future, especially the hybrid kind that we are beginning to become accustomed to today, will likely prominently feature cyber weaponry, and nobody seems prepared for the potential consequences of their use. Keep in mind that once you deploy a cyber weapon, others will eventually be able to dissect it, and considering the low cost of entry for developing such weaponry and the wide-array of threatening state and non-state actors that exist today, America will likely be the largest target for them of all.
Contact the author at Tyler@jalopnik.com.