Russia-Iran cooperation poses challenges for U.S. cyber strategy, global norms
Russia and Iran inked an agreement last month on information security, a term that in Russian strategic doctrine encompasses not only cyber but information and communications technology (ICT) more broadly. Such cooperation will help these authoritarian regimes to continue suppressing internal dissent and to expand joint efforts to counter the Western goal of preserving an open and free internet.
According to Russian Foreign Minister Sergei Lavrov, the deal will allow Russia and Iran “to coordinate [their] activities given the growing importance of cyber issues and their increasing impact on” both “international relations” and “situations in various countries.” Andrei Krutskikh, Moscow’s lead diplomat on information security, elaborated that the agreement stipulates broad cybersecurity cooperation, including coordination of actions, exchange of technologies, training of specialists, and coordination at the United Nations and other international organizations.
Calling the deal “a milestone” in Russian-Iranian cyber cooperation, Iran’s Foreign Ministry said that the agreement envisions “international cooperation including detection” of cyber intrusions and “coordination … to ensure national and international security.” This statement suggests that Moscow and Tehran may share intelligence about U.S. cyber operations, posing new challenges for U.S. Cyber Command as it seeks to “defend forward” against foreign cyber threats. Moreover, stronger Iranian defenses may complicate America’s ability to use cyber operations to respond to Iranian aggression as the Trump administration reportedly did.
Last week’s agreement follows a preliminary Russian-Iranian cyber deal in 2015, which the head of Iran’s Civil Defense Organization said was necessary because the two countries face common enemies in cyberspace. In 2017, Moscow and Tehran signed a memorandum of understanding for cooperation on ICT-related issues, including “internet governance, network security,” and “international internet connection.”
Under the new agreement, Tehran stated, the two countries will cooperate against “crimes committed with the use of” ICT, which these authoritarian regimes define as including political dissent. As with Tehran-Beijing cooperation on Iran’s national internet, Tehran will likely seek to learn from Moscow’s efforts to develop the Russian surveillance state and so-called “sovereign internet.” The latter is designed to expand Moscow’s censorship and monitoring capabilities and enable it to “unplug” connections to the global internet, which Russian President Vladimir Putin has called “a CIA project.” During 2019 and 2020 workinggroup meetings on ICT cooperation, for example, Moscow offered to help Iran emulate Russia’s Smart Cityproject, which allows authorities to track citizens through technologies such as facial recognition — something Moscow specifically offered to provide to Iran.
Tehran will also likely seek insights — and potentially technology — from Russia as both nations seek to reduce their dependence on Western technology. In 2016, the countries agreed to cooperate on “demonopolizing software” to end “unilateral Western domination” in the field. For example, Iran may be interested in a Russian alternative to Windows and in Russia’s “MyOffice” product, which allows for local data storage. In 2017, Moscow offered to provide Tehran with Russian servers built on Russian processors.
The new agreement also builds on existing collaboration in the information sphere. In 2018, at Tehran’s initiative, the two sides established a bilateral committee on media cooperation, aimed at combating what Tehran’s delegation head has called Western “media terrorism.” The committee works on issues such as exchanges of journalists, mutual provision of favorable media coverage, coproduction of content, counteringWestern media narratives, and media cooperation targeting foreign audiences. Russia has also provided the Iranians with training in new media platforms and techniques.
Additionally, Russian and Iranian disinformation and global communications efforts have converged since the COVID-19 crisis began. In August 2020, that convergence culminated in a Russian-Iranian agreement to counter what Russia’s Foreign Ministry called “increasing information pressure from the West” designed “to discredit Russia and Iran,” as well as alleged Western discrimination against Russian and Iranian media abroad.
For Russia, last week’s agreement is part of a broader effort that has seen Moscow sign over 30 international cyber cooperation agreements and at least 50 international media cooperation agreements since 2014. These agreements often involve countries Moscow sees as areas of historical Russian influence or as vulnerable to Western interference.
As analysts at the Institute for the Study of War (ISW) have documented, Moscow uses these deals to expand its human and institutional networks, cultivate Russia’s image as a trustworthy information security partner, and promote Kremlin-friendly outlets, narratives, and global information security norms while countering perceived Western “digital neocolonialism” and destabilization. The ISW analysts warn that Moscow may also seek to enhance Russia’s cyberattack capabilities by expanding its access to foreign cyber infrastructure and systems.
Tehran also supports Russia’s ongoing push at the United Nations to advance authoritarian-friendly rules and norms of state control of the internet. Similar efforts are underway at the Shanghai Cooperation Organization (SCO), where Iran holds observer status and has called for increased cooperation against “cyber terrorism” stemming from foreign social media networks. Russia and Iran also both participate in the Russia-based Caspian Media Forum, established in 2015 to facilitate discussion on issues such as combating “imposed external values alien to” regional countries.
To counter authoritarian corruption of internet norms and to cooperate with allies and partners to hold malicious hackers accountable, “well-resourced and persistent diplomatic efforts” are essential, as the congressionally mandated Cyberspace Solarium Commission observed in its March 2020 report. During his confirmation hearing, Secretary of Defense Lloyd Austin commented that from the Pentagon’s perspective “it is absolutely important that the State Department be resourced adequately.” Indeed, U.S. Cyber Command chief Gen. Paul Nakasone has noted that U.S. cyber “capabilities are meant to complement, not replace” diplomacy and other tools of U.S. statecraft.
To date, however, the State Department’s efforts have fallen short. Both the Government Accountability Office (GAO) and members of Congress have criticized the State Department’s cyber diplomacy for its poor interagency coordination and inefficiency. In a report released last week, the GAO concluded that as currently structured, the State Department may not be able to “effectively set priorities and allocate appropriate resources to achieve its intended goals.” Given this assessment as well as the expanding cooperation among U.S. adversaries, the Biden administration and Congress should work together to better resource and organize the State Department to defend U.S. values and interests in cyberspace.