What's next: Alleged U.S. cyber operations against Iran run risk of retaliation

Various media outlets have reported that the U.S. waged some form of cyber operation against the Iranian military last week in response to attacks on oil tankers in the Gulf of Oman and an unmanned U.S. drone.

The big question: Given its history of responding to various threats with cyberattacks of their own, how will Tehran respond? It's a complicated question to answer, especially given how close President Trump was to launching physical attacks as part of his own response to escalating tensions with Iran.

Background: In 2012, just after the U.S. implemented sanctions against Iran — and with the memory still fresh of the Stuxnet malware likely designed by the U.S. and Israel to disable Iran's nuclear program — Iran is believed to have launched several cyberattacks against the U.S. financial sector.

• Since then, Iran has also been suspected of destructive cyberattacks against the state-owned oil giant Saudi Aramco and the Sands Las Vegas Corporation.
• "You'd be right to think about those attacks," said Ben Buchanan, an assistant teaching professor at Georgetown who studies escalation in cyber warfare.
• "It is fair to say Iran has a history of lashing out with its destructive cyber capabilities in response to perceived provocations," he said. "How they play it this time though is unclear, given that the risk of kinetic strikes seems very real."

The intrigue: Iran has recently been increasing its cyber espionage efforts against the United States. But the operations appear (at this point) to be more about gathering intelligence to guide Tehran than causing damage. That could change at any time.

• "Bottom line: A cyberattack is among the worst tools we could have chosen to respond to the Iranian attack on our drone because it will engender retaliation, cyber retaliation," said former deputy director of the CIA Michael Morell, who currently hosts the Intelligence Matters podcast.
• A better response, said Morell, would have been a physical strike on a military asset with "near-zero probability" of casualties.

But, but, but: While the specter of U.S. cyberattacks against Iran might bring to mind Stuxnet, we don't know what form these attacks took. It could have been something minor — more of a brushback pitch designed to deter, rather than destroy.

• "The reporting is not clear on what form the 'attacks' took," said Michael Daniel, former cybersecurity coordinator for the Obama White House and current CEO and president of the Cyber Threat Alliance, via email.
• "If they were fairly simple, like a DDoS or locking the Iranians out of social media accounts used to troll for information, then I would say the escalation risk from those actions would be low."