Key Questions in U.S. Cyber Attack on “Iranian Spy Ship” – Just Security

by and
February 15, 2024
, , , , , , , ,
by and
February 15, 2024
Earlier today, NBC reported, and the New York Times confirmed, that the United States conducted a “covert” cyber operation against an Iranian ship in the Red Sea, the MV Behshad, over a week ago. The MV Behshad is a merchant vessel registered to the Rahbaran Omid Darya Ship Management Company. It is believed to have been used by Iran’s Islamic Revolutionary Guard Corps to provide the Houthis with real-time intelligence to guide strikes on ships transiting the Red Sea. 
Unnamed U.S. officials are reported to have described the operation as aimed at inhibiting the ship’s “ability to share intelligence with Houthi rebels in Yemen,” who have been attacking mostly cargo ships in the Red Sea since November and have vowed to do so until Israel ceases military operations against Hamas in Gaza. The officials also said, however, that the U.S. operation was “part of the Biden administration’s response to the drone attack by Iranian-backed militias in Iraq that killed three U.S. service members in Jordan late last month and wounded dozens of others [at Tower 22].”
Here are a few key questions to address as more details emerge: 
What was the nature of the “cyber attack”? “Cyber attack” can mean many different things – the specific facts of any cyber operation matter, both in terms of legal and policy implications. Was this a simple jamming operation that interfered with transmission of information? Or another type of cyber operation that would likely fall below the threshold of a use of force (perhaps deleting or modifying data, which could potentially explain the Houthis’ seemingly errant attack last week on a cargo ship bound for Iran)? If the operation did not constitute a use of force, did it violate any other potentially applicable international laws (such as duties related to sovereignty and non-intervention) and, if so, was the operation viewed by the United States as a lawful countermeasure – an otherwise unlawful action short of armed force that is designed to induce compliance with international law on the part of a breaching state? 
If a use of force, was it necessary in self-defense? If the operation rose to the level of a use of force (possibly by permanently destroying infrastructure on the Iranian ship, although this seems unlikely based on what has been reported to date), it would of course not be a lawful act of self-defense in response to the attack on Tower 22 in Jordan. Instead, it is clearly related to Houthi attacks on shipping in the Red Sea. U.S. officials have reportedly said “Iran uses the ship to provide targeting information to the Houthis so their attacks on the ships can be more effective.“ What is the relationship between the “Iranian spy ship” and Houthi attacks on vessels in the Red Sea? Does the United States believe Iran bears State responsibility for the Houthi attacks? 
How is Iran likely to respond? Iran has been vocal about the MV Behshad in the past two weeks, stressing that it would retaliate for an attack on the ship. In a video posted on its Telegram channel on Feb. 11, the Iranian Army claimed the MV Behshad was engaged in a mission to “counteract piracy” in the Red Sea and the Gulf of Aden. The video urged the United States not to attack, warning that “those engaging in terrorist activities against the MV Behshad or similar vessels, jeopardize international maritime routes, security and assume global responsibility for potential future international risks.” Iran has a large cyber arsenal that includes an ability to conduct sophisticated data deletion and Supervisory Control and Data Acquisition (SCADA) attacks on critical infrastructure, capabilities that could be deployed against U.S. ships or military assets in the region. 
What are the implications for potential conflict escalation – or de-escalation – with Iran? U.S. and Iranian redlines in cyberspace are unclear, and even non-lethal cyber attacks may have unintended consequences. Signaling in cyberspace is notoriously complex, and it is difficult to predict and control the impact of malware, for example, once it has been released (the Stuxnet virus that targeted Iranian nuclear facilities at Natanz, for example, also infected computers around the world, including at U.S. oil refineries). 
It is striking that the unnamed U.S. officials framed the operation as a response to the attack on Tower 22 in Jordan carried out by Iran-backed militia groups in that region, as opposed to part of its efforts to protect against Houthi attacks on vessels in the Red Sea. The common denominator is a level of Iranian involvement, although precisely what level is unclear. If this operation was intended to signal to Tehran that the United States holds Iran accountable for the actions of both sets of non-state actors, and will respond in kind, does it increase the likelihood of direct confrontation between U.S. and Iranian armed forces? Alternatively, if the operation fell below the level of a use of force (which again, seems quite plausible based on what has been reported thus far), does it signal potential room for de-escalation through the use of non-kinetic and non-lethal levers of coercion?
, , , , , , , ,
All-source, public repository of congressional hearing transcripts, government agency documents, digital forensics, social media analysis, public opinion surveys, empirical research, more.
by , and
Feb 20th, 2024
by , , and
Feb 18th, 2024
by
Feb 16th, 2024
by , , and
Feb 15th, 2024
by
Feb 13th, 2024
by and
Feb 10th, 2024
by
Feb 6th, 2024
by
Feb 5th, 2024
by and
Feb 1st, 2024
by
Jan 31st, 2024
by
Jan 30th, 2024
by
Jan 26th, 2024
by and
Jan 26th, 2024
by and
Jan 25th, 2024
by
Jan 24th, 2024
by
Jan 22nd, 2024
by
Jan 19th, 2024
by and
Jan 12th, 2024
by and
Jan 12th, 2024
by
Jan 11th, 2024
by
Jan 10th, 2024
by and
Jan 10th, 2024
by , and
Jan 9th, 2024
by and
Jan 8th, 2024
by and
Jan 6th, 2024
by
Jan 5th, 2024
by and
Jan 4th, 2024
by and
Jan 2nd, 2024
by
Dec 29th, 2023
by and
Dec 22nd, 2023
by
Dec 15th, 2023
by , and
Dec 12th, 2023
by
Dec 2nd, 2023
by
Nov 30th, 2023
by and
Nov 28th, 2023
by and
Nov 27th, 2023
by
Nov 21st, 2023
by
Nov 16th, 2023
by
Nov 13th, 2023
by , and
Nov 10th, 2023
by
Nov 9th, 2023
by , , , , and
Nov 8th, 2023
by and
Nov 7th, 2023
by and
Nov 7th, 2023
by , and
Nov 3rd, 2023
by
Nov 2nd, 2023
by
Nov 1st, 2023
by
Oct 31st, 2023
by
Oct 26th, 2023
by
Oct 24th, 2023
by and
Oct 19th, 2023
by
Oct 18th, 2023
by
Oct 18th, 2023
by , and
Oct 17th, 2023
by
Oct 13th, 2023
by
Oct 13th, 2023
by
Oct 11th, 2023
by
Oct 11th, 2023
by and
Oct 9th, 2023
by and
Oct 6th, 2023
by and
Oct 5th, 2023
by
Oct 4th, 2023
by
Oct 4th, 2023
by
Oct 3rd, 2023
by
Sep 27th, 2023
by , and
Sep 27th, 2023
by
Sep 26th, 2023
by
Sep 25th, 2023
by , and
Sep 22nd, 2023
by and
Sep 18th, 2023
by and
Sep 15th, 2023
by
Sep 15th, 2023
by and
Sep 14th, 2023
by
Sep 12th, 2023
by
Sep 11th, 2023
by
Sep 11th, 2023
by
Sep 5th, 2023
by and
Sep 1st, 2023
by
Aug 31st, 2023
by , and
Aug 30th, 2023
by
Aug 28th, 2023
by , , , , , and
Aug 25th, 2023
by and
Aug 25th, 2023
by
Aug 24th, 2023
by
Aug 22nd, 2023
by
Aug 21st, 2023
by
Aug 21st, 2023
by
Aug 18th, 2023
by , , , and
Aug 16th, 2023
by
Aug 16th, 2023
by
Aug 15th, 2023
by
Aug 15th, 2023
by
Aug 14th, 2023
by
Aug 9th, 2023
by and
Aug 9th, 2023
by
Aug 8th, 2023
by and
Aug 8th, 2023
by
Aug 7th, 2023
by
Aug 3rd, 2023
by
Jul 31st, 2023
by , and
Sep 27th, 2023
by
Jan 11th, 2024
by , and
Jan 30th, 2023
by and
Nov 18th, 2022
by , , , , , , and
Oct 27th, 2022
by
Feb 20th, 2024
by
Feb 19th, 2024
by
Oct 31st, 2023
by
Oct 18th, 2023
by
Sep 11th, 2023
by
Jul 17th, 2023
by
May 9th, 2023
by , , , , , , and
Feb 13th, 2023
by and
Jan 26th, 2023
by and
Jan 4th, 2023
by and
Nov 18th, 2022
by
Oct 10th, 2022
by
Oct 25th, 2022
by
Sep 20th, 2022
by and
Mar 24th, 2022
by and
Aug 15th, 2022
by
Feb 18th, 2022
by
Jan 24th, 2022
by , , , and
Jan 20th, 2022
by , and
Oct 29th, 2021
by
Sep 13th, 2021
by , and
Sep 7th, 2021
by
Jul 19th, 2021
by
Jun 30th, 2021
Brianna Rosen (@rosen_br) is a Senior Fellow at Just Security and a Strategy and Policy Fellow at Oxford University’s Blavatnik School of Government. She previously served for a decade in the U.S. government, including at the White House National Security Council and Office of the Vice President.
Tess Bridgeman (@bridgewriter) is co-editor-in-chief of Just Security and Senior Fellow and Visiting Scholar at the Reiss Center on Law and Security at NYU School of Law. She previously served as Special Assistant to the President, Associate Counsel to the President, and Deputy Legal Adviser to the National Security Council (NSC), and prior to that served at the U.S. State Department in the Office of the Legal Adviser as an attorney adviser in the Office of Political-Military Affairs and as Special Assistant to the Legal Adviser.
Send A Letter To The Editor
by , and
Feb 16th, 2024
by
Feb 13th, 2024
by and
Feb 9th, 2024
by
Jan 24th, 2024
by
Jan 19th, 2024
by and
Jan 19th, 2024
by
Jan 16th, 2024
by
Jan 12th, 2024
by
Jan 8th, 2024
by
Jan 5th, 2024
by and
Jan 2nd, 2024
by
Dec 29th, 2023
Just Security is based at the Reiss Center on Law and Security at New York University School of Law.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *