November 24, 2015

Iranian Cyber Strategy: A View from the Iranian Military

U.S. officials and private researchers acknowledge that Iran ranks among the most advanced countries with regards to cyber capabilities.[1] Iranian officials appear determined to ensure that the regime maintains this edge and have prioritized boosting Iran’s cyber capabilities in the wake of the nuclear deal.[2] As is the case with most states, Iran does not have a comprehensive, published cyber strategy—something which Iranian military leaders have lamented.[3] Iran watchers were able to gain insight into the regime’s intentions and activities in cyberspace, however, during a June news interview with a senior military official tasked with managing Iran’s cyber strategy, Islamic Revolutionary Guards Corps (IRGC) Brigadier General Second Class Behrouz Esbati.[4] His comments offer a unique window into the regime’s evolving perceptions of cyberspace and suggest what to expect as Iran seeks to achieve its goals in the post-deal environment.  

Broadly speaking, Iran’s cyber activities have both offensive and defensive dimensions. Iran’s offensive cyber capabilities provide a theoretically low-cost option to Iran’s leaders for deterring and managing foreign threats. Should Israel, the United States, or any other state decide to conduct kinetic operations against Iran, the regime could retaliate offensively with cyber attacks, likely in conjunction with any one of the other tools in its sizeable asymmetric arsenal. The regime has also taken steps to strengthen its hold on the country’s Internet infrastructure to prevent the “corruption” of Iranian society by Western values, simplify the monitoring of Iranian citizens, and block cyber attacks by foreign actors.  Recent weeks have seen intense discussions about whether to block Telegram, a new social media platform whose popularity in Iran has been growing rapidly.[5]

Behrouz Esbati holds a key position in the management of Iran’s defensive cyber operations as commander of the Cyber Headquarters under the Armed Forces General Staff (AFGS).  The AFGS is responsible for coordinating activities between the different branches of Iran’s military, namely the Iranian Army and, to a more limited extent, the IRGC. The AFGS Cyber Headquarters appears to play a similar role in the coordination of cyber policy in Iran’s military. The Intelligence, Defense, and Information and Communication Technology ministries also cooperate with the AFGS Cyber Headquarters to identify weaknesses and track threats to Iran’s cyber infrastructure, according to one senior Iranian official.[6] The AFGS Cyber Headquarters’ orientation therefore is primarily defensive in nature, as Esbati himself indicates in the interview. This is not particularly surprising, since offensive cyber operations would likely be placed under the direct control of the IRGC. 

The choice of Esbati to command the AFGS Cyber Headquarters reflects the regime’s perception of cyberspace as a cultural battlefield between Iran and the Western world. Esbati’s professional experience does not indicate any previous technical or administrative expertise in cyber operations. Instead, his background reveals that he is skilled in promoting and managing cultural affairs for the regime and its military. Esbati first entered the public stage as the manager for various Basij cultural organizations and conferences on the arts, culminating in his appointment to Basij Cultural Deputy.[7] The Canadian government sanctioned Esbati for his role in the Basij Organization before he was appointed to AFGS Cyber Headquarters commander in early 2013.[8]

It is clear from the interview that Esbati considers the cyber domain as the setting for a new front in the war between the Iranian regime and the West, especially the United States. Esbati does not perceive this war as focusing on attacking computer systems or networks, however. Esbati states in the interview, “In the cyberwar between Iran and America, the defining issue is culture. The world in the 21st century is a world of thoughts and ideas, and not of hardware…Nowadays, America is the symbol of the evil person and the Islamic Republic is the symbol of the divine person. There is no common ground for these two.” Esbati is interpreting the “cyberwar” as essentially a zero-sum struggle over the control of the production and management of information in cyberspace, specifically content that promotes the West’s values versus those of the Islamic Revolution. This perception of cyberspace reflects the threat perceptions of Iranian officials more broadly, particularly the regime’s notions of “soft war,” or the West’s use of cultural and political ideals to subvert the Iranian state.    

Esbati’s language in the interview underscores Iran’s prioritization of its cyber capabilities in the contours of this escalating “cyberwar.” In one part of the interview, Esbati proclaims,  “Cyber security is no less important than the nuclear issue.” The topic of Iran’s offensive cyber operations does not explicitly come up during the interview— maybe Iranian officials have learned to tone down their boasting about the regime’s “cyber armies.” Esbati does, however, discuss Iran’s relative defensive cyber capabilities. He recognizes that Iran’s capabilities lag behind those of the United States, the “principal enemy of Iran” in the words of the interviewer. Esbati asserts that Iran must seize the “right” to manage its Internet sovereignty and become a rival source of software development in order to combat U.S. hegemony in cyberspace. Esbati claims that if the regime can employ this strategy, Iran can emerge victorious from this “cyberwar.” Esbati and other military leaders’ rhetorical focus on developing the regime’s defensive capabilities is not entirely benign, however. The regime can maintain a second-strike capability in the face of kinetic or cyber attacks by hardening Iran’s Internet infrastructure.

Esbati describes Iran’s activities in this campaign along several key lines, including the state’s development of the National Information Network (NIN). The NIN is designed to be an indigenous Iranian intra-net accessible only from within Iran. Outside research has shown that it is apparently being built, at least at the moment, using the same physical infrastructure as the normal Iranian Internet that is connected to the World Wide Web. The NIN, however, is using the IP address ranges reserved for private use, such as the sub-net. Misconfigurations have allowed researchers to identify the NIN IP addresses for systems that also have globally-facing IP addresses.[9] As Esbati alludes to in the interview, the NIN represents the state’s securitized perception of the Internet. In separating the county’s Internet from the World Wide Web, the regime hopes to insulate its online infrastructure against cyberattacks by foreign actors.

During the interview, Esbati declares that mobile applications such as WeChat and Viber—both of which the regime has blocked—serve as avenues for Western intelligence gathering and the promotion of Western values. When Esbati recommends that Iran must prioritize developing new services and “content” as a result, he is referring to Iran’s well-documented campaign to produce “Iranian” application software and online services.[10] More often than not, “Iranian” applications are simply clones of popular Western services. BeepTunes, for example, is the Iranian version of iTunes.[11]  The campaign to indigenize web content and Internet infrastructure achieves several overarching goals for the state. It promotes content supportive of the regime’s ideology while limiting access to material considered a threat. Additionally, and more nefariously, it helps the regime monitor its citizens.

 Behrouz Esbati’s comments also shed new light on Iran’s bureaucracy tasked with managing cyber operations, the regime’s filtering of social networks, the state’s reaction to the Stuxnet virus, and other topics. The full interview with the government-supported Defa Press is translated below. For further commentary, please refer to the translator notes.

Translated Interview:

Defa Press: Commander! Considering the emphasis of the Supreme Leader on the strategy of “threat against threat,”[12] has our country benefited from this strategy against the attacks of the enemy in cyberspace?

Behrouz Esbati: The meaning of “threat against threat” is not an attack. In other words, this topic must not be interpreted to mean that we should act in the exact manner of the enemy. After all, the enemy looks at cyberspace and the cyber domain from an arrogant position. The Americans a few weeks ago presented a document about cyberspace that had a few principles. The first principle, however, was that we (the Americans) must be the absolute controllers of cyberspace.

With this arrogant perspective, they naturally planned things that were of a destructive and offensive nature. But our perspective is not like this, at least in the sector where I have responsibility, because we have a logical position and rational goals.

I took this position around two years ago; we have understood in our observations since that time that one of the main campaigns of the enemy against the values of the Islamic Republic of Iran was in cyberspace. We reached this conclusion that in order to confront this approach of the enemy we must enter into a positive discussion regarding cyberspace. Meaning that because the Islamic Revolution was a cultural revolution, instead of thinking destructively and thinking about a war of hardware, we established this [positive discussion] as the foundation of our work so that we could move forward in the cultural, positive, dimension of cyberspace according to certain parameters and values.

Now that the enemy considers our cultural activities to conflict with their national interests and refers to them as an attack or threat, the enemy has resorted to its very arrogant and false foundations that they have established in cyberspace.

Considering that the Islamic Revolution has presented a new interpretation in every area it has entered— in “hard war” our perspective towards defense was considered to be the cause of our victory— we [in the Cyber Headquarters] try to present a new perspective with a focus on the Armed Forces and the institutes related to them, like the Basij. We strive to analyze this subject for our audience with a righteous and perfect perspective and try to allow our audience to understand this perspective.   

The reality is that we are not comparable with the enemy with respect to the West’s meaning of power in cyberspace; however, we consider ourselves to be able to define this word “power” [in our own context] and we have focused on this strong point of ours, similar to the familiarity of the oppressed and the people of Iran with the concept of soft war and cultural aggression.

Defa Press: Apparently, the Americans were the first country to establish a cyber headquarters for thwarting cyberattacks. What is the difference between the model of our cyber headquarters and their model?

Behrouz Esbati: The Americans have not formed a headquarters. They have brought forward two models for cyber security. The first model involves the creation of departments that deal with security and the second model is entrusting the duty of cyber security to these departments. They have three departments for this purpose. This is really important since the Americans always honor this notion that they have a “small government.” So this shows how important cyber security is for them. In addition, within their armed forces, they have established a “Cyber Command.”

When you talk about a headquarters, your meaning is the headquarters’ actual structure. You, however, are changing the model of this layout [when you refer to America having a headquarters], since various units and groups are placed under the command of a headquarters [in the Iranian sense of the word “headquarters”]. The Americans have instead formed a “Cyber Command,” meaning the formation of an independent force that can make decisions and conduct operations. This is also a return to the arrogant nature that is at their essence. Their security models are also based on threats and destruction.

We can act precisely based upon the mobilization and engagement capability of the nation. This is exactly opposite the approach of the Americans. So we are able to have a headquarters and our behavior is no different than the collective behavior of the people and the nation. We picked the model of a headquarters and this is the difference between us and the Americans in the field of cyberspace.

Defa Press: With this interpretation, you consider the issue of “content” rather than technical issues. A few years ago, we confronted a virus by the name of Stuxnet, which, according to the interpretation of the head of the Passive Defense Organization, was the first official act of war in cyberspace. What activity have we had in this sector?

Behrouz Esbati: One of the things that have been brought about with individuals like me, and my dear brother commander Jalali,[13] has been a change in the literature. Before this, people would divide the cyber environment and new channels of media into two segments, hardware and software. The analysis of the actions of the enemy was also based on the analysis of hardware and software and people made preparations according to this analysis.

With the formation of the Passive Defense Cyber Headquarters by commander Jalali-- the work of this headquarters is extremely valuable and in my opinion is  one of the key points in the Islamic Revolution-- the issue of hardware has been taken up.[14] So naturally, when people track and analyze threats, they look at threats in the hardware environment.

We ought to have either taken this approach and have the model of our analysis be software and hardware or we would have to come up with a new word and we would consider war in cyberspace with a different analysis.

In my opinion, cyberspace includes three domains; hardware, software, and “brainware.”[15] Nowadays, the influential factor in cyberspace is the concept of “brainware:” namely, the establishment of goals in cyberspace, activity related to meaning and content, and types of analysis occurring in the cyber domain. The issue of “brainware” is currently growing in cyberspace and actually the Americans do not want anyone to enter this sphere at all because the Americans consider this realm an exclusive environment for them.

Today, there are tens of organizations and structures that deal with the field of hardware, from the Ministry of Information and Communication Technology, the Ministry of Intelligence, the Telecommunications Company of Iran to the relevant institutions in the Armed Forces. The activity of these institutions is necessary. No institution is present, however in the “brainware” sphere, meaning the management of content, services, and applications. We have left this area empty. The first individual who mentioned this topic was the Supreme Leader who 22 or 23 years ago stated that the “Internet is both an opportunity and a threat; from now on, pay attention to the management of this issue.”

The creation and engineering of communications in the Internet can be turned into a threat; for example it is possible for you to Google something and for another individual to manage the meaning of the search results.

It is possible for me to claim that our headquarters was the first place where this issue was considered a priority and it has established its work on the basis that we are going towards war and we will confront the management of “brainware” in cyberspace.

ISIS took shape from the very heart of the management of “brainware” with the assistance of the leaders in America and Europe. The leaders in America and Europe established “the balance of terror” as the foundation [for this group] and in this way, ISIS was able to take over regions with text messages. Meaning that they would send text messages to a few individuals that they were coming and not only the people but the military as well would also flee. The topic of “the balance of terror” has to do with the management of “brainware” and does not have to do with hardware. We must implement the management of “meaning,” “content,” and “services” in the field of cyberspace. Today, no message can have meaning without the provision of service.

What is Viber?  Viber means the management of information in Iran through favorable services. Viber does not do anything new; this program at first provided a service that Iranian youths wanted and now it manages information. It is also no longer arranged for Viber’s services to steal our information and give it to the Americans and the Europeans. Now, our information is managed in our own institutions.

My perspective towards the cyber environment is this and I started in a context that we are inexperienced in; however, I am confident that the power of the Islamic Republic of Iran will very soon be brought to bear in this area as well. This issue is not only restricted to the Internet. We have entered the sphere of satellite communications, computer games, and cell phones.

In this headquarters, we do not enter conversations over hardware but we do relatively go into the sphere of software. In some of our planning, content and services are connected to the sector of software, which we are therefore engaged in. In the context of the management of information, however, we consider ourselves officially responsible.

Defa Press: Considering the recent news about the gathering of information in cyberspace by the enemies, this question is always asked in the field of applications: why is my information useful to the enemies? What is your answer to this question?

Behrouz Esbati: The only powers that can be transformed into civilizations have some sort of fundamental element crucial to their power. For example, I believe that this is oil for America. Oil was the intrinsic and vital element that consolidated America’s power after the Second World War. The Americans were able to take on the task of managing the world’s oil both directly and indirectly. In the past, elements like population, weapons, or defensive arrangements caused some people to be able to control the world with these elements.

The essential question is what vital element of the future, accessible to everyone, can control the world? I believe that this essential element is information. Today, the value of information is greater than anything. Information has two characteristics; one is quantitative and the other is qualitative. We must possess both to be in control of this power.

The Americans understand this concept well and are seeking to be the manager of information in the next decade; meaning that while before this their management model was dominant in the software and hardware industry, today it is not so important to them that the Chinese have entered the industry of hardware and software. The Americans do not specify any red lines regarding the software and hardware industry, although they manage this sector with an exceptionally high cost. Regarding the issue of information today, the Americans have specified red lines, however, and today they spy on their friends like Germany, France, or the Zionist regime. And this spying means the management of information.

America’s activity in this field has two main goals. The first is to become the most powerful in collecting the world’s information and the second is to monopolize their systems of analyzing this information. With this interpretation, we must address another question. Who has the key to the Internet? The only person in the world who has control of the Internet is the President of the United States.

During the Sony Pictures hack by North Korea a surprising thing occurred. The Americans officially for the first time cut off North Korea’s Internet. This event was the management of information. If a country comes and finds America’s sources of information, the Americans will not want that country to even exist!

Today we are informed that the Americans are engaged in analyzing and collecting messages. They have raised the topic of data mining that means the automatized identification of certain messages from gathered information.  The Americans have constructed automatized systems and complicated software that systematically classifies and analyses information.

The Americans have constructed three vast and enormous centers for the gathering of information that they have acknowledged. The task of these centers is to track the information of the world through applications and services that the [Americans] provide.

Defa Press: What importance does all this personal data and information have for them?

Behrouz Esbati: The automatized analysis systems require new intelligence. Therefore the resources of finding, gathering, and sending this information is important. Some applications like Viber and other mobile messaging services are obedient to America’s objective of gathering intelligence for analysis. In addition, we must consider that when we speak about intelligence, the Americans are analyzing its collective weight. It is possible that something for me or for you is very simple and not important but is a treasure for the Americans.

Some time ago, I was invited to the house of one of my friends. They had children that were playing with an Xbox. I tried not to play the game in the front of the console’s camera. The owner of the house asked why I was doing this. I answered, “For your own security. The Americans have all of my information. When you turn on the Xbox, they are tracking me in your house and tomorrow your name will go on a list of people that I am in contact with.”

With regards to Viber, is does not make a difference whether the maker of this service is Israel or not. All of the information in the program goes to the occupied lands [Israel]. It is said that the information in the program WeChat, which is Chinese, does not go to China. Today, the Chinese have bought Viber. But in the exchange of information, this makes no difference. Because this strategy, the strategy of gathering information, is done by the Americans.

Those people who took slaves with ships, then took old statues and with them made a civilization, now with our information are making a civilization. This issue has to do with that discussion of “brainware” management in the flow of information that is prevalent today.  Unfortunately we are not present in this sphere. However, we must be there, because science and scientific discovery was a divine gift to Islam. We have the duty to make discoveries as God ordained. And yet, we give everything to the enemy.  

Defa Press: You have explained that our presence in cyberspace is an opportunity for the enemy: such that if we produce mobile apps, the information in these programs is available to the enemy. So what is the solution?

Behrouz Esbati: The issue that is presented here is that when human life is bound up with the concept of information management in cyberspace, where is our [Iran’s] contribution and role in these two concepts? We have these rights [to contribute and have a role] and we must implement them. It is proven in the nuclear issue that they [the U.S. and the West] will not give these rights to us, so we must take them.

In the meantime, our role is different; we must see what our role is regarding new content in making the individual, society, the country, and the region secure. This must be clarified. This assumption that, regardless of what technology we produce, the Americans can collect information from it is incorrect. Just as when we said during the [Iran-Iraq] War that, whatever we do, the Iraqis will still be stronger than us so let us not go to the front.  Cyberspace is like this. It is possible for one to work in this field and increase the level of security. It is possible for one to produce secure software or relatively secure software. Cyberspace is not an “absolute environment”; it is, rather, a relative environment.

Information security is different from hardware security, although the two are not separate from each other. We must create this type of security and we do have the capability. We must take this subject seriously and confront it. Cyber security is no less important than the nuclear issue.

Another subject is the creation and improvement of content. We must see where our sources of content are now. We have lost this. For example, our clerics used to go to Najaf for religious studies; now they go to Qom. We must see where our “Najaf” and “Qom” are in cyberspace. You must consider now what happened that led to Qom replacing Najaf. We must do the same in cyberspace.[16]

In the eight-year [Iran-Iraq] War, the RPG [rocket-propelled grenade] became a strategic weapon for us even though the Iraqis had more RPGs. In Operation Beit al Moqaddas, we came into contact with the T-72 for the first time, which withstood RPG blasts.[17] We all said it was impossible, but one person said that we must go closer and fire from there. Guys moved forward and aimed at the area between the turret and the chassis of the tank and the tank exploded. We all said it could not happen, but one individual believed it could. This caused the tide of the battle to change.

In cyberspace, we must first accept that this is a setting for combat. Second, we must rationalize our endeavors in this area. Thirdly, a single command organization must have the ability to collect and share everything. If these [three] things happen, they will transfer their power to us and they will cede the field of software, hardware management and other areas.

Our problem in the field of cyberspace is that we have created this falsehood in our minds: namely that we cannot be powerful in cyberspace. We, however, say that we can play important roles in all the dimensions of cyberspace.
If we believe we can, the next web will be ours just as web 1.0, 2.0, and 3.0 have been created. If we are able to produce a web that is not compatible with the things that America has made, that place will belong to us.

Defa Press: What is your assessment of the Supreme Council of Cyberspace’s activities?

Behrouz Esbati: We should pay attention to two issues here. The model of the Supreme Council of Cyberspace’s creation is a perfect model.[18] When you form a council whose head is the most supreme executive in the country [the president] and all relevant institutions, whether in the field of management investment, science, or media have representation, this model is honestly perfect.

Our problem is operating and implementing that model. In my opinion, our country is currently in a trial-and-error type of management mode with this council. During Mr. Ahmadinejad’s era, he and the system secretariat were not in agreement with one another; this issue did not have a solution. In Mr. Rouhani’s era as well, still this issue has not had a solution.[19] But I do not see this as a problem with the people. In my opinion, our system still has not been polished. For as long as the Ministry of Information and Communications Technology sees the Supreme Council of Cyberspace as a competitor, this model will not evolve. These two [institutions] are not harmonious because the budget is in the Ministry of Information and Communications Technology, and decision-making and legislation are elsewhere. Our problem is a structure which must be polished. I must emphasize that my opinion on this issue is not political; Rather, I look at this issue from a military perspective.

I still feel that we should give an opportunity to everyone; because we are inexperienced in cyberspace. We still need time for the Supreme Leader’s opinion on implementing this management.[20] However, fundamental principles should be insisted upon, and the status of the Supreme Council of Cyberspace should be protected.

Defa Press: You said that our enemy is working quickly in this area, and at the same time, we still need time for the growth of this space. Doesn’t our work become harder under these conditions?

Behrouz Esbati: This is a necessity. In a race, participants are divided into three groups of “forerunner,” “middle,” and “lagging.” Until several years ago, we were the “lagging” group just as 90 percent of the world is in this group today. But now the Islamic Republic is advancing as a “forerunner” regarding cyberspace. We are not the first and second person [in the race], but we have arrived at a place in which we have managed to protect ourselves in this group of pioneers. Do not compare us with America; rather, compare us with 205 other countries. I think the resources circulated by Americans in cyberspace in one year equals our budget of a hundred years!

Defa Press: But in any case, our main enemy is America; the competition of the Islamic Republic’s capability with America takes place automatically in the mind of every Iranian.

Behrouz Esbati: I said this is a necessity. We did not have the opportunity to create good management in cyberspace. Not only did we not have the opportunity but the Americans did not really allow anyone to create good management. But now we have models like the Supreme Cyberspace Council. I said its formation takes time, but the essence is correct. At no moment should it be like the enemy. In the most favorable state, we will be equal. We must have our own models for confronting the enemy, and we need time for that.

Defa Press: The issue of launching the National Information Network in the country has been proposed for years. Is this network necessary for the country?

Behrouz Esbati: The National Information Network must be brought into existence, and this is one solution for us. Today, countries like Denmark, Korea, China, and recently Germany have separated their own national network from the Internet. The Koreans have announced that 90% of its information circulation takes place in its own national information network. It is not that the Internet is closed, although the Korean model created all the icons and applications that are needed in the Internet. Of course, we are not able to do this work because the Koreans create immoral sites in their national information network as well. Our problem is harder. We cannot create an Iranian version of all the Internet’s topics in the National Information Network; We must build this [network] from its own essence. If we want to enter this field and be victorious, one of the tools for that is the National Information Network.

Defa Press: In these conditions, how can one reconcile space for the Internet with space for the National Information Network?

Behrouz Esbati: We are a civilization-promoting nation, and we have been able to look with theism and monotheism to our own good thoughts, deeds, and actions for at least 1,400 years. If we return to our own national and religious teachings, we can trust in the people’s belief system and social and individual morals instead of us searching for filtering hardware, and we can create a reasonably refined order in Iranian society that does not create evil. What has happened today in the Internet is evil.

Iranian society is moral, and we are not like the Americans. These people who are said to watch satellite television programs are the same people who beat their chests in the month of Muharram.[21]

Throughout the history of this country, we had been faced with unethical issues. “Mazdakians”[22] promoted sharing spouses. In the fifth century [anno hejirae], they went to war together in some places. But this issue never became our common culture.

The Internet is the same way, although I admit that the quantity and the subject are different from past issues. But I believe God has created no person with an evil nature.

Defa Press: Do you mean you are against filtering?

Behrouz Esbati: I’m not against filtering. I believe filtering is a tool and method of management that Americans use themselves. The entire world does this. But it is more complicated. For example: we filter with a blacklist, they do with a whitelist. This is also the Islamic method. “Hey,” we say, “do not do this; although in our religious instructions, giving commands and recommendations means more than prohibition. But we are the political system, and we must use all of the tools of that [order], a part of which is filtering.

Defa Press: Do you also agree with filtering social networks and mobile communication software?

Behrouz Esbati: I completely agree. I propose this question: We still do not have the S-300 air defense system in commission, and the Americans want to attack us. So because we do not have the S-300 air defense system, we should not face the Americans’ attacks? We must fight and use everything that the military has in commission. In cyberspace, one of these tools is filtering. We know the sex messaging networks, so they must be managed. Until we have designed an indigenous model and services for that, we must use this option.

Defa Press: It has been several years since the hacking of American, Zionist sites… happened under the name of the “Cyber Army of Iran.”

Behrouz Esbati: The concept of the Cyber Army of Iran is made by and paid by American media. They [the Americans] must have an enemy in order to justify their attack on us, and they gave the media that representation. I do not have information about other actions, but I believe this concept that the Americans have trumpeted is a psychological war until they can justify an attack itself against us.

Every individual can choose a name for himself in cyberspace. Sometimes the question arises of whether people who gave themselves this name are even Iranian. Especially some of the attacks that happened with this name set the stage for conspiracy.

A while ago, they announced Iran took revenge for the viruses it got by cutting off electricity to half of Turkey. When we say, “What are your citations?” they say that “Cyber Army of Iran” is written on there when the systems are hacked. What person writes their own name when they commit such sabotage? It is clear that this is a conspiracy.[23]

I don’t have information on a hack. But in the observation of psychological war that is my expertise, I say this is a game that the Americans are behind. In cyberspace, the factors of time and space are limited, and it is possible that there are both engaged and non-engaged young people in Iran who do such work.

Defa Press: Analysts say that the entrance of the Stuxnet worm into our nuclear infrastructure is a turning point in cyber activities, and we know there has been an increase in our infrastructure’s security. How do you see this issue?

Behrouz Esbati: This development that you described is not only relevant to Iran. Even in the science of cyberspace, the entire world has acknowledged a movement that is a new chapter in the cyber arena at the worldwide level in the designing, manufacturing, and influence of this worm that was executed on the infrastructure of Iran. It means that when you consult reference books for discussions on security hardware nowadays, those who designed them and those who discovered them and did not announce it (one of the antivirus businesses had said “I was building this virus several years ago,” but in the interactions we know, money had been paid to them and they remained silent) – they acknowledged that this movement is the start of a new chapter in the cyber arena. So the Stuxnet worm was that important.[24]

Therefore detection, clashes, and the activities after that are very valuable for Iran because we independently discovered and cleared it [Stuxnet].[25] This subject is also strange for the world.

Defa Press: However, should the defense not execute a counterattack?

Behrouz Esbati: We must defend, but the type of defense is important. If you are in a game that you cannot win even with your utmost power, must you enter it at all? So we must change our own analytic domain, and bring our methods, tools and goals forward based on our own environment. 

In a cyberwar between Iran and America, the defining issue is “culture.” The hacking system will not be an answer for us or for them. The world in the 21st century is a world of thoughts and ideas, and not of hardware. Humans are the rulers of the world. Now what people are with divine thoughts, and what people are with evil intentions?  Nowadays, America is the symbol of the evil person and the Islamic Republic is the symbol of the divine person. There is no common ground for these two. One of these two must be victorious over the other. It is with the same analysis that, God willing, we must wait for the return of Imam Mahdi.[26]


[1] Frederick W. Kagan and Tommy Stiansen, The growing cyberthreat from Iran: The initial report of Project Pistachio Harvest,” AEI’s Critical Threats Project, April 17, 2015,; Natasha Bertrand, “Iran is building a non-nuclear threat faster than experts ‘would have ever imagined,’” Business Insider, March 27, 2015,
[2] Paul Bucala, “The Day after A Deal: What to Expect From Iran,” AEI’s Critical Threats Project, July 13, 2015,
[3] “Niaz-e faza-ye majazi beh estratejhi-e kalon/ motahva-ye saibari motavali nadarad” [Cyberspace requires a comprehensive strategy/ Cyber content does not have any trustee], Mehr News Agency, November 7, 2015. Available in Persian: http://www(.)mehrnews(.)com/news/2958630/%D9%86%DB%8C%D8%A7%D8%B2-%D9%81%D8%B6%D8%A7%DB%8C-%D9%85%D8%AC%D8%A7%D8%B2%DB%8C-%D8%A8%D9%87-%D8%A7%D8%B3%D8%AA%D8%B1%D8%A7%D8%AA%DA%98%DB%8C-%DA%A9%D9%84%D8%A7%D9%86-%D9%85%D8%AD%D8%AA%D9%88%D8%A7%DB%8C-%D8%B3%D8%A7%DB%8C%D8%A8%D8%B1%DB%8C-%D9%85%D8%AA%D9%88%D9%84%DB%8C-%D9%86%D8%AF%D8%A7%D8%B1%D8%AF.
[4] “Beh jang-e madiryat-e maghzafzar-e internet raftehim” [We have gone to a war of information management], Defa Press, June 15, 2015. Available in Persian: http://www(.)defapress(.)ir/Fa/News/47566; “Barkhi hakha ba nam-e artesh-e saibari-e iran tarfand amrikast” [Some hacks by the name of Iran’s Cyber Army are ruses of America], Defa Press, June 20, 2015. Available in Persian: http://www(.)defapress(.)ir/Fa/News/48404;
[5] “Iran News Round Up, November 19, 2015,” AEI’s Critical Threats Project,
[6] “Rahandazi-e gharargah-haye defa-e eghtesadi va saibari be manzur-e payesh-e tahdidat-e doshman” [The creation of ‘economic defense’ and cyber headquarters for the monitoring of the enemies’ threats], Fars News Agency, September 26, 2011. Available in Persian: http://www(.)farsnews(.)com/newstext.php?nn=13900704000665; “Tasis-e gharargah-e saibari-e iran” [The establishment of Iran’s cyber headquarters], Iran’s Telecommunications News Agency, May 17, 2011. Available in Persian: http://www(.)itna(.)ir/vdcd9z0f.yt0jn6a22y.html.
[7] “Behrouz Esbati: jayize-haye adabi-e defah-e moghaddas mitavanad bein elmelali shavand” [Behrouz Esbati: The prizes for ‘Sacred Defense’ literature can become international], Iran’s Book News Agency, July 7, 2014. Available in Persian: http://www(.)ibna(.)ir/fa/doc/tolidi/202783/%D8%A8%D9%87%D8%B1%D9%88%D8%B2-%D8%A7%D8%AB%D8%A8%D8%A7%D8%AA%DB%8C-%D8%AC%D8%A7%DB%8C%D8%B2%D9%87-%D9%87%D8%A7%DB%8C-%D8%A7%D8%AF%D8%A8%DB%8C-%D8%AF%D9%81%D8%A7%D8%B9-%D9%85%D9%82%D8%AF%D8%B3-%D9%85%DB%8C-%D8%AA%D9%88%D8%A7%D9%86%D9%86%D8%AF-%D8%A8%DB%8C%D9%86-%D8%A7%D9%84%D9%85%D9%84%D9%84%DB%8C-%D8%B4%D9%88%D9%86%D8%AF; “Azerbaijan-e gharbi mizban-e kongereh-e ‘shehr-e maqavemat-e bein elmelal-e eslami’ mishavad,” [West Azerbaijan is the host of the ‘International Islamic Resistance Poetry’ conference], Mehr News Agency, October 9, 2010. Available in Persian: http://www(.)mehrnews(.)com/news/1165172/%D8%A2%D8%B0%D8%B1%D8%A8%D8%A7%DB%8C%D8%AC%D8%A7%D9%86-%D8%BA%D8%B1%D8%A8%DB%8C-%D9%85%DB%8C%D8%B2%D8%A8%D8%A7%D9%86-%DA%A9%D9%86%DA%AF%D8%B1%D9%87-%D8%B4%D8%B9%D8%B1-%D9%85%D9%82%D8%A7%D9%88%D9%85%D8%AA-%D8%A8%DB%8C%D9%86-%D8%A7%D9%84%D9%85%D9%84%D9%84-%D8%A7%D8%B3%D9%84%D8%A7%D9%85%DB%8C-%D9%85%DB%8C-%D8%B4%D9%88%D8%AF
[8] Special Economic Measures (Iran) Regulations (2010), Canada Gazette Part II 144(16). Available:; “Tamam-e donya dar ghalamru-ye farhang-e basij gharar khahad gereft.” [The entire world is the territory of ‘Basiji culture’], Fars News Agency, April 7, 2013. Available in Persian: http://www(.)farsnews(.)com/newstext.php?nn=13920118001136.
[9] See Colin Anderson, “The Hidden Internet of Iran: Private Address Allocations on a National Network.” ArXiv 1209.6398, 2012,
[10] “Iranian Internet Infrastructure and Policy Report,” Small Media, July 2014,
[11] Ibid.
[12] Translator’s Note: This comment is in reference to remarks made by the Supreme Leader’s Office and top military officials. See Amir Mohebbian, “Senario-haye mohtamel-e tahdid aliye Iran + jadval” [Possible scenarios of threat against Iran + chart], The Center for the Preservation and Publication Office of Ayatollah Seyyed Ali Khamenei, November 18, 2011. Available in Persian: http://farsi(.)khamenei(.)ir/others-note?id1788.
[13] Translator’s Note: Esbati is referring to IRGC Brigadier General Gholam Reza Jalali, the Head of the Passive Defense Organization.
[14] Translator’s Note: Esbati appears to be referring here to the Passive Defense Cyber Headquarters unveiled in June 2015. For more information visit “Iran News Round Up, June 15, 2015,” AEI’s Critical Threats Project,
[15] Translator’s Note: Behrouz Esbati is coining this word (??? ????? ) for a uniquely cyber context.
[16] Translator’s Note: This paragraph establishes a parallel between cyber content and Shi’a religious teachings.  All Shi’a are required to choose a “source of emulation” (marja-e taqlid), a senior cleric of the rank of ayatollah who has been recognized by other ayatollahs as a legitimate marja.  The Shi’a clerical establishment in Najaf, Iraq, has long been the foremost Shi’a theological center.  Ayatollah Ruhollah Khomeini, founder of the Islamic Republic of Iran, labored hard to create a new center of Shi’a teaching at Qom, a theological center near Tehran.  The rise of Qom as a major source of Shi’a religious thought and teaching has been a major achievement of the regime, particularly because the leading Qom clerics support the religious basis Khomeini created for the Islamic Republic (called the rule of the jurisprudent or velayat-e faqih), whereas the Najafi establishment rejects it.  See Frederick W. Kagan, “Islam, Shi’ism, and Iran,” AEI’s Critical Threats Project,  The equivalent of this effort in cyber-space would be the creation of one or more centers of cyber-content supporting the regime’s ideology that would come to rival, if not dominate, Western sources.
[17] Translator’s Note: Operation Beit al Mogaddas was an Iranian operation conducted during the Iran-Iraq war which led to the successful retaking of the city of Khorramshahr from Iraqi forces. The T-72 was an advanced (for the time) Soviet tank that Saddam Hussein’s army relied on.  It was superior to any tank the Iranians had access to and, as noted here, was much harder to kill with man-portable anti-tank weapons like the RPG.  This is an example that would probably speak to a limited selection of Iranians who participated in some of these battles or studied the war carefully.
[18] Translator’s Note: Formed in March of 2012 by the order of the Supreme Leader, the SCC is the highest government body in Iran tasked with developing and coordinating the state’s cyber policy. The president, the intelligence minister, the head of the judiciary, the commander of the IRGC, and various other senior government officials are represented on the council.
[19] Translator’s Note: Behrouz Esbati here is identifying competition between the SCC and Ministry of Information and Communications Technology and conflict between the President and the SCC Secretary as key factors in the “problem of operating and implementing” the SCC.
[20] Translator’s Note: Likely in response to the above shortcomings in the SCC’s structure, the Supreme Leader issued a new directive on September 5, 2015 calling for centralizing authority even further under the SCC.  Khamenei also called for implementing the National Information Network and establishing Iran as a top cyberpower in the region. A new SCC Secretary was also appointed on September 17 who has historical ties to President Rouhani, which might signal a new turn in the relations between the Secretary and President Rouhani.  For more information, see “Iran News Round Up, September 8, 2015,” AEI’s Critical Threats Project, and “Iran News Round Up, September 17, 2015,” AEI’s Critical Threats Project,
[21] Translator’s Note: Esbati here is referring here to the Ashura mourning ceremonies, which occur on the tenth day in the month of Muharram in the Islamic Calendar. 
[22] Translator’s Note: Mazdakians refer to followers of the Mazdak, a Zoorastrian priest during the time of the Sassanid Empire. Mazdak called for greater economic and social equality in Iranian society, which reportedly included the sharing the woman. For more information, see Touraj Daryaee, Sassanian Persia: The Rise and Fall of an Empire, (New York: T.B. Tauris & Co Ltd, 2009), 86.
[23] Translator’s Note: Whatever the provenance of the Iranian Cyber Army, this argument is bizarre.  Many hackers sign their work, at least to the extent of claiming credit for it in the name of some group.
[24] Translator’s Note: Iran watchers tend to characterize the Stuxnet virus as an inflection point in Iran’s cyber program. According to this narrative, Iranian officials recognized the strategic advantages of using offensive cyber weapons and the weaknesses in Iran’s cyber infrastructure with the destructive efficiency of Stuxnet. Esbati’s comments confirm this analysis.
[25] Translator’s Note: Esbati’s remark that the regime was able to independently identify and contain Stuxnet is not surprising given the regime’s insistence on self-reliance in military matters. It is not entirely accurate though as a security firm based in Belarus first discovered the virus. As technology transfers between Iran and foreign entities will likely increase with the nuclear deal, Iran may be placed in a more advantageous position to thwart similar cyber operations going forward. 
[26] Translator’s Note: Imam Mahdi is the name given to the twelfth and last Shi’a Imam in the line succeeding Imam Ali.  A core tenet of “Twelver Shi’ism,” by far the most common variety in Iran and Iraq, is that the Twelfth Imam did not die, but instead went into “occultation,” and will return one day heralding the restoration of a righteous world and Judgment Day.  As with much of the rest of the rhetoric in this interview, this reference suggests that Esbati is very devout and almost mystical in his religious views. References to the return of the Mahdi are not all that common in interviews with senior IRGC commanders.
View Citations