The head of Iran’s Presidential Center for International Legal Affairs has announced that Iran plans to bring legal action against those that launched cyber attacks against their uranium enrichment equipment in a move that promises to raise the stakes for the U.S. cybersecurity policy officials.
Majid Jafarzadeh made the announcement this week after consulting Iranian and foreign legal experts, saying Iran has decided to file a lawsuit against the “cyber terrorists” who have attacked the country’s nuclear enrichment infrastructure.
Most individual I spoke with believe that even though there are a couple of options, Iran will most likely try and bring this actions before–– the International Court of Justice and name the United States and Israel as the defendants.
The move is in response to reports that the U.S. and Israel were behind the creation of malware – including the Stuxnet worm, Duqu, and Flame – that were used to disrupt Iran’s nuclear facilities.
One cyber warfare subject matter expert I spoke to was quick to point out that, “this attack does not come close to the definition of cyber terrorism” and I have to agree. It does raise a number of issues worth considering:
1. The disinformation and misdirection components that have become common and integral in the design of the digital weapons used in cyber attacks would make solid attribution as to who was behind the attack extremely difficult – many would say nearly impossible!
2. The clandestine/black-ops entities that were likely involved in the planning, development and execution of the cyber attack that targeted the Iranian nuclear enrichment infrastructure are so deeply covered, their identities are not and will not be known. All that is likely to found is a ghost shooter so to speak.
3. Given the international attention received by the New York Times article quoting sources in or near the White House Situation Room, it is highly likely that Iran’s legal team would call that reporter to testify. Depending on what court hears this case, the reporter may not be able to keep silent about the sources of their information.
4. If this goes to trial it will be a ground-breaking case. There is no case law on acts of cyber war or cyber attacks that constitute an act of war. The closest area would be criminal actions brought against cyber criminals and that will be a stretch.
It is important to keep in mind that lawyers practicing in public international law and the law of war attorneys are few and far between.
Those that do practice in these areas had better be accustomed to working in a vaguely defined arena.
This development demands close monitoring especially if Iran goes through with the legal action. I will be covering this matter and updating the blog readers as the case proceeds. This will be fascinating!
Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute where he provides consulting services on strategic technology and security issues. He writes a weekly blog for Breaking Gov on the topic of cyber intelligence.