It has been two years that cyber attacks on Iran have increased and “the level and complexity of these attacks in Iran compared to other countries is unprecedented” (1). This is the statement of the Secretary of the Supreme Council of Cyberspace about Iran’s situation in the field of cyber security in the first decade of November this year. More than 10 years after the Stuxnet attack that targeted Iran’s nuclear facilities.

In the past one to two years, it has been a difficult time for cyber security in Iran. In the first days of the year 1399, we were faced with the leakage of information from 42 million Iranian Telegram users, which was placed on a system called “Hunting System”. From the discovery on the second of Farvardin 1399 to the removal of this information on the sixth of this month, it did not take more than a few days. However, this period was enough to put the security of millions of Iranian Telegram users at risk. The information was publicly released and each of them was sold for five hundred dollars in hacker forums.

The next event regarding the information of five million Iranian users of the “SibApp” store, an Iranian iOS store, was also put up for auction by the same group of hackers who had auctioned off Telegram’s information. Similar events also occurred for the Civil Registration Organization, Rightel, a startup called “Ponisha”, and other governmental and non-governmental organizations such as the Ports Organization, Railway Company systems, Ministry of Roads and Urban Development headquarters, and the Abra Arvan Company (2)(3)(4)(5). The information that was exposed was later put up for auction.

In each of the above events, investigations were conducted by the same government or non-governmental institutions and they provided responses. For example, in regards to the attack on the Ministry of Roads, the Mahir Center (Computer Emergency Response Coordination Center) under the supervision of the Ministry of Communications and Information Technology, in their investigations showed that the country’s networks were not properly protected against cyber threats and attacks. Additionally, “incorrect configuration, failure to timely update, and failure to implement proper security policies when using HP Integrated Lights-Out were identified as the main reasons for this weakness in the country’s networks.” (5)

But ultimately, who is responsible? The field of information security is one of the areas in the country (like other areas such as culture, economy, etc.) that is faced with a multitude of responsibilities. Of course, on paper, the responsible party is a specific organization. In November 2018, in its forty-fourth session, the Supreme Council of Cyberspace, with the approval of the “National System for Prevention and Combating of Virtual Incidents”, defined the responsibility of executive agencies in dealing with virtual incidents. The result was that the “law enforcement force” is responsible for dealing with virtual incidents in the public sphere. Of course, this decision also had other divisions of duties. On the other hand, the General Inspectorate of the country took responsibility for collecting digital evidence of administrative offenses in organizations. The Ministry of Communications and Information Technology also became responsible for dealing with virtual incidents that occur in organizations, and those incidents that occur in the field of vital infrastructure were assigned to be

But like all fields, in this field too, despite the obvious and clear weaknesses, news is constantly published indicating Iran’s advancement in cyber security! In July 2021, just a few days before the attack on the railway company and the Ministry of Roads and Urban Development, news of Iran’s six-level advancement in cyber security indices was published. If we test the various branches of cyber security, such as penetration testing, information security, network security, secure coding, reverse engineering (code analysis and evaluation), cybercrime investigation and tracking, vulnerability assessment in the red and blue teams, threat hunting and reverse engineering of malware, etc. (6), is it really true that Iran has grown six levels and reached the 54th position among 194 countries in such a dangerous period in terms of cyber security? Of course, this advancement has been entrusted to the Information Technology Organization, as the representative of the Ministry of Communications in international collaborations with global organizations such as the International Telecommunication Union (ITU)

When the story reaches the issue of solution, the first thing is always to clean up the face of the problem. Closing everything that is called the national internet or in fact the national intranet. The deputy chairman of the parliamentary industries commission also enters and says, “We must also launch a national information network for cyber security so that a national intranet can be created for our domestic systems.” And of course, he kindly allows the people to “use the internet and the World Wide Web” and believes that this use “must be under the supervision of the national information network” (8). This is the same as the plan known as protecting users, which is actually an attempt to restrict the internet and censor it, and it is ongoing. The government’s solution for various issues is always to clean up the face of the problem. Whether it’s the internet, economic problems, water shortages, or other issues. The question here is whether other countries, by separating the internet and intran

However, the Islamic Republic of Iran is trying to attack other countries that it considers enemies by organizing cyber hacker groups, in such a situation of cyber security. These hackers, affiliated with the Islamic Republic system, attack non-military infrastructures of Israel or target websites in countries like Saudi Arabia and some African countries such as Tunisia and Morocco (9) (10). These mentioned cases are just a few examples and there are many more. In fact, with such a situation of cyber security, the Islamic Republic has entered into a cyber war and by attacking other countries in the region and the world, it has made itself a target for their cyber attacks. It is no doubt that Iran, with its geopolitical and geostrategic position, is an important country in the region and regional and transregional rivals are trying to penetrate it. However, when a fortress does not have a well-organized and precise defense system, and there is no command unit for this defense, attacking others can only be seen as

In this current era of cyber competition and defense, in the month of Aban of this year, over four thousand and three hundred fuel stations in Iran will come under attack, causing disruption in the country’s fuel supply (11). Additionally, the airline Mahan will also be targeted (12). The first is attributed to foreign countries by the Secretary of the Supreme Council of Virtual Space, while the perpetrators of the second claim that their actions are in response to their alleged involvement with terrorist activities of the Revolutionary Guards. Regardless of the reason and perpetrator, this attack highlights the critical state of cyber security in Iran and the need for improvement in infrastructure and reconstruction.

From Stuxnet until now, it has been more than a decade that the issue of cyber security has become a vital matter in various security and economic sectors of the Islamic Republic of Iran. However, facing it, like facing all the problems of the country, has been accompanied by multiple decision-making centers, multiple operational centers, confusion and disorganization in action, claims of superiority in this field, and attempts to defend by attacking others. In the age of information technology, an era in which the whole world has taken shape on the virtual information platform and is in constant communication, such solutions or answers are either ineffective or short-term and have limited practicality. Corruption and mismanagement in this field have also become a problem for the Islamic Republic, just like in other areas. With such a situation, we will definitely hear more news about the vulnerability of Iran to cyber attacks in the future. Vulnerability that ultimately harms the people who use various services at different levels that are dependent on cyber platforms. At

Notes:

1- The Secretary of the Supreme Council of Virtual Space announced: Iran’s status in the field of cyber security, ISNA, 9 November 2021.

2- Cybersecurity in Iran in the past year; widespread attacks in the shadow of remote work, Digito, July 10th, 2021.

3- The “Sib App” platform confirmed the disclosure of some user information, Digiato, 13 Farvardin 1399.

4- Startup Ponisha confirmed the leakage of some of its users’ information, Digiato, 21 Bahman 1399.

5- When cyber attacks become normal for ordinary officials in the country/ Where is the flaw in the country’s response to virtual attacks, Fars News Agency, 23 Tir month 1400.

6- Branches and trends of cyber security, Academy of Day Zero, 19 Ordibehesht 1400.

7- Iran’s promotion of 6 ranks in cyber security indicators, ISNA, July 6, 2021.

8- Deputy Chairman of the Industries Commission of the Parliament: National internet must be launched for cyber security, ILNA, 8 November 2021.

9- Taqvayi, Babak, why has the Islamic Republic of Iran become the main loser in the cyber battle against Israel?, Independent Farsi, 5 November 1400.

10- Cyber attack by an Iranian hacker group on targets in Israel, Saudi Arabia, and African countries, Radio Farda, 18 November 2021.

11- The cyber attack on fuel stations was from a foreign country; America was taken aback by the response, EuroNews Farsi, October 27, 2021.

12- Cyber attack by “Vigilant Patriots” on Mahan Airline Company; “Stay tuned for the disclosure”, Zeytoon, 30th of Aban month 1400.