This article is part of the contribution made by the Joint Special Operations University to the series “Compete and Win: Envisioning a Competitive Strategy for the Twenty-First Century.” The series endeavors to present expert commentary on diverse issues surrounding US competitive strategy and irregular warfare with peer and near-peer competitors in the physical, cyber, and information spaces. The series is part of the Competition in Cyberspace Project (C2P), a joint initiative by the Army Cyber Institute and the Modern War Institute. Read all articles in the series here.
Special thanks to series editors Capt. Maggie Smith, PhD, C2P director, and Dr. Barnett S. Koven.
Today, malign influence campaigns pose a clear and present danger to US national security. Beyond the most well-known threats emanating from Russia—like their efforts to shape the outcome of the 2016 presidential election—other adversaries, namely China, North Korea, and Iran, also employ operations in the information environment for their own, malicious purposes. The US government has observed China’s digital penetrations of US supply chains, North Korean cyberattacks on US corporations, and Iranian attacks on American banks. Even though US public has demanded action, and the US government has responded by countering adversaries in and through cyberspace, questions of effectiveness remain. Namely, are US government efforts to deter adversaries from engaging in cyber-based influence campaigns working? And can the US government deter malign influence campaigns without fully understanding the motivations and perceptions of those it is attempting to deter?
To explore these questions, we examine Iran’s perceptions of its security environment and the information capabilities it brings to bear in pursuit of its national interests. Specifically, through the lens of defensive realism, we argue that Iran is not a power-seeking state but rather a security-seeking one, which causes it to act in the information environment in particular ways. By examining Iran’s influence campaign through this lens, we not only gain a greater understanding of its objectives but also highlight US vulnerabilities in the information space. Based on this analysis, we then provide recommendations to address the threats foreign campaigns pose to US security.
Like many, we view cyberspace as a subset of the information environment, and a separate domain in which states can pursue their national interests. Influence through cyberspace has a low barrier to entry. For states that cannot compete with the United States in terms of economic and military power, cyberspace provides a medium through which countries can employ cheap and easy-to-conduct influence operations with little infrastructure costs and virtually no risk to personnel. Iran is one such state that employs influence campaigns via cyberspace against the United States to gain security. The gain in security is realized when the US information environment around Iran is diluted and divided. If the United States cannot agree on consistent, effective policy to deter Iran, that makes the US security posture toward Iran weaker.
This is clearly demonstrated by Iran’s influence campaign against the United States. Information operations are a low-cost, potentially high-impact capability that, if discovered, are unlikely to result in a kinetic response. As such, they have the benefit of acting against the United States while simultaneously keeping the target on Iran from growing. Information operations also allow Iran to permeate the open US society and shift or muddy the information environment toward Iran’s preferred narrative, or to effectively dilute and counter US information about Iranian actions and sow doubt regarding US credibility. Open societies are easier to target than closed ones and their civilian populations can be used to achieve effects that impact the United States short of war. The effect may be to sway public opinion or for the United States to expend resources to counter the narrative and pursue the threat in its information space.
Closed societies also wage internal information campaigns, an area where Iran is very effective. Authoritarian states realize that control over information is crucial if they are to stay in power. Once an authoritarian state opens its information space, it must contend with narratives that may contradict the state. Iran sees itself in a “soft war” with the West and thus has focused much of its security efforts inward to controlling the narrative. In this war, Iran perceives itself as constantly on the defensive against the power-seeking United States, and its regional allies Israel and the Gulf Cooperation Council (GCC) states, and therefore is compelled to react to aggressive actions.
Iran’s “victim mentality,” wherein it views itself not as the aggressor but rather as responding to US and allied actions, explains why it targets the United States with information campaigns. Iran wants to hit back against the power-maximizing United States but does not want to be disruptive enough to trigger an unmanageable kinetic response. The Iranian government realizes that it cannot go toe to toe with the United States in a conventional fight, so it employs asymmetric and hybrid methods, including cyber-enabled influence operations to compete with the United States and maintain its security. Iran also uses its information campaigns in concert with its asymmetric and proxy operations as a mutually supportive line of effort.
Thus, although, Iran does seek to gain regional power vis-à-vis its neighbors, globally it seeks to gain security vis-à-vis the United States. Since the United States could easily overwhelm Iran through its conventional military capabilities, it is not in Iran’s interest to seek relative gains in power, which would be extremely expensive and risky. Rather, Iran is seeking to stay out of the US gaze while simultaneously increasing its power in the region, and to compete directly with what it views as US client states, Israel and the GCC countries. While seeking power and security can often work at cross purposes, especially when the objectives are misperceived by other states, we hold that Iran primarily seeks security gains and secondarily gains in power. After all, a state like Iran cannot gain meaningful regional power if its existential security is directly threatened by the United States. This means Iran must first ensure its continued existence and then pick up gains in regional power when those opportunities do not antagonize the United States. As such, Iran employs influence campaigns against the United States to weaken it internally by causing domestic strife and pushing for objectives that align closer with Iran’s interests. Gaining these insights is key to understanding why Iran engages in its brand of cyber-enabled information operations and enabling the US government to defend itself more effectively.
(Counter?) Punching Above Its Weight: Iran
Iran tests US leadership’s resolve and willingness to retaliate against gray zone actions. Hybrid warfare has evolved to the point where the staples of everyday American life such as computers, software, smart phones, social media outlets, and apps can be weaponized. When hybrid warfare techniques are applied against institutions, especially those with low public confidence levels (e.g., US Congress and journalists), Iranian influence campaigns can effectively target US populations through internet and social media platforms. Such activities have been used to inflame political rivalries and influence public opinion.
In the hybrid warfare environment, electronic mediums utilizing cyber warfare, intellectual property theft, and influence operations have become mainstream. Of increasing concern and importance are the relatively low-cost influence campaigns that are designed to change or manipulate a targeted group’s perception to the benefit of the perpetrator. Influence campaigns have already been used to inflame controversies and aggravate existing sociopolitical conflicts to undermine a nation’s stability or that of its institutions.
Iran’s use of online influence campaigns began with the application of sock puppets and bots through Facebook and Twitter accounts. By 2010, Iran was able to use these mechanisms to push its state-sponsored propaganda to over 2,200 Facebook outlets reaching six million viewers and to nearly 8,000 Twitter accounts exposing Twitter viewers to over 8.5 million tweets. With this success, Iran grew its “cyber battalions” over the following year to more than 8,000 personnel. The focus was on creating new content, designing fake websites, generating blogs for propaganda, and hacking into existing systems. The new operatives were able to further expand Iran’s penetration into Twitter and Facebook accounts by adding more bots to the already saturated platforms. As this practice continued, Iran was able to affect international debate through Twitter and distribute favorable political content through fake identities and manipulated Facebook sources.
In 2012, Iran started using proxies to expand its state media influence campaign. These proxies established dozens of what appeared to be smaller independent news stations to spread Iranian state-sponsored news. Major wire services like AP and Reuters, along with national media outlets, were routinely plagiarized for their news content to provide credibility to the stories. By 2015, Iran and its proxies had expanded their influence efforts, to include additional US platforms like Reddit. Iran’s goal was to change US perceptions regarding its meddling in the Syrian civil war and its nuclear ambitions.
2018 witnessed a further escalation of Iranian influence, as Iranian propaganda was delivered through a growing number of online personas such as US journalists, popular bloggers, social media influencers, and local newspapers. 2018 was also the first year Iran initiated a serious effort to affect US elections. Iran had already made some attempts at voter manipulation in the 2016 presidential election, albeit with questionable success. After the 2018 midterm elections, an Iranian influence campaign was used to describe the American democratic process as subverted by right-wing radicals (i.e., the Trump administration) and the United States as a divided country with failing institutions.
In 2020, it was the discovery by Facebook of Iranian penetration of 766 pages, followed by some 5.4 million Facebook users, that put an Iranian influence campaign on the US government’s radar. Furthermore, and as noted above, Twitter discovered 7,896 accounts had shared over 8.5 million messages of potential Iranian propaganda. In addition to the concurrent social media infiltration, an Iranian influence campaign made another attempt at voter coercion by distributing phony emails to thousands of Alaska, Arizona, and Florida registered voters. These emails portrayed the sender as the Proud Boys and threatened harm to anyone who did not vote to reelect President Donald Trump. As a result of these actions, the Office of the Director of National Intelligence announced Iran was among a group of several nations attempting “to undermine US democratic institutions . . . and to divide the country,” and replace the current administration with one with a more favorable foreign policy approach to Iran.
What is evident in Iran’s influence campaigns is the rapid improvement of its capabilities and performance with the greatest advances occurring recently. For instance, in 2018, FireEye, a prominent cybersecurity and intelligence analysis company, assessed that Iran’s influence campaign capabilities were “sloppy and redundant.” However, in 2020, the Atlantic Council determined that Iran’s information campaign had progressed quickly and demonstrated distinct improvements in tradecraft against its adversaries. Iran and its proxies are now proficient at exploiting social media platforms for intelligence collection, monitoring, messaging, and executing coordinated influence campaigns. Collectively, Iran’s influence campaigns demonstrated surprising proficiency at accessing and redirecting left-leaning personnel and their causes throughout Western democracies to Iran’s ends.
It also appears that Iran’s influence campaigns and propaganda messaging have less to do with Western elections and voter manipulation and more to do with strategic persuasion. Iran’s long-term goal is to damage the reputation of the United States and other Western democracies. To accomplish this, Iranian operatives take a position that is in direct opposition to US policy and then attempt to sway other countries against the US position. Iran has no problem disseminating outright lies or misinformation to further its messaging and has found influence campaigns to be a formidable form of gray zone power projection without engaging in kinetic warfare. Iran understands it needs to be careful to not step US gray zone tolerance. If Iran’s hybrid warfare operations or its influence campaign pushes too hard to manipulate US elections or interfere with its Middle East interests, these actions could result in war or retaliation. This applies to Iran’s proxies as well, which have been trained and equipped to provide Iran plausible deniability.
As noted, it is much easier to target open, liberal democracies that do not place geographical constraints around the information space. Closed authoritarian systems have hardened their information space against unrestrained external narratives threatening to pierce their information bubbles. Therefore, in conducting cyber-enabled information operations against the United States, Iran likely is cognizant of the impact of any retaliatory information operations against its own country. While information operations in Iran would be difficult to execute, if the information space was pierced, it could weaken Iran’s state security by highlighting the repressive controls put in place or offer competing narratives that discredit the regime. Successfully piercing this closed space is more possible than probable, but it demonstrates how a state’s perceived strength, control over its information space, could be employed to achieve ruinous strategic ends.
As the Iranian case study reflects, cyber-enabled influence operations pose a direct, often underappreciated danger to US national security. Nebulous, surreptitious, and insidious, they strike at the heart of democratic governing structures by exacerbating divisions, undermining trust, manipulating decision makers, and raising fundamental questions about the meaning of truth. When effective, influence operations can impose costs that become increasingly difficult to repair as the damage feeds on itself and undermines the effectiveness of the very institutions that are needed to counter it.
Although influence operations’ effectiveness is difficult to objectively measure, it is nonetheless clear that the United States has been subjected to extensive adversarial campaigns that are directly undermining our national security. From attacking electoral systems to exploiting social cleavages, these operations have had direct and negative impacts on US unity and political integrity. Thus, just as the United States has taken decisive steps to counter the dangers of cyberattacks, it must also actively work to counter adversaries’ influence operations and their negative effects.
Wanted: Risk-Takers and Imaginative Thinkers
As with any complex challenge, the first step is to recognize that a problem exists. Although US government organizations have acknowledged some influence operations and taken steps to compete in the information environment, the White House and Congress have not adopted a unified and enduring stance against information threats. Instead, reports about adversary operations have been subjected to scorn or exploited as political opportunities. As evidenced by the turmoil surrounding recent elections, this approach is not only ineffective, but also exacerbates the damage and creates a more favorable environment for adversaries to manipulate.
Second, the US government must take proactive and effective countermeasures based on a globally integrated campaign that leverages all elements of power at home and abroad. Unfortunately, modern government information activities fall short because they are often poorly handled, uncoordinated, and too limited in scope. The scope of these US government institutions is artificially constructed with lines between internal and external created and then reified through institutional practice. In an open information environment supported through globally distributed information infrastructure, the scope of these concepts, foreign and domestic, becomes imprecise, allowing malign actors to exploit seams between institutions. Two instructive examples include the Department of Defense’s Office of Strategic Influence and the State Department’s Global Engagement Center. Although both reflected an important prioritization of the information environment, the former failed due to public backlash against military propaganda, while the latter is limited to international threats, which creates an artificial bifurcation of a problem that knows no borders.
To avoid these pitfalls, therefore, any influence campaign must be freed from the bureaucratic strictures inherent in the executive departments. Thus, while the Departments of Defense and State have robust capabilities and a global presence, they are ill suited as lead organizations. Instead, the National Security Council must more actively execute its statutory responsibilities of coordinating government actions to combat malign foreign influence and the law should be updated to reconceptualize what domestic and foreign mean in the information space. Moreover, the current coordinator should be appointed as a senior director, with the attending responsibility for leading the development and implementation of an integrated strategy and instituting the requisite support structures.
Third, any campaign must involve public-private ventures that leverage education, science, technology, social, and other organizations to attack malign messaging at all levels and in all forms. While the government should not be in the business of telling people what to think, it is important that the public be equipped to recognize malign influence operations and to critically analyze what they are being told. In the process, we should expose the harmful campaigns, publicize their techniques, poke holes in their logic, demonstrate their poor execution, and help audiences at home and abroad recognize the damage caused. Moreover, the US government must actively bring private enterprise into the campaign, as it plays a critical role in how and what information is disseminated. This will require steps to incentivize the information marketplace through financial and other tools that encourage private venture support and self-policing efforts.
Finally, the campaign must target the source of the problem through defensive and offensive operations designed to counter malign messages and undermine adversaries’ willingness and ability to act. Examples include public messaging campaigns to reduce security dilemmas or to undermine hostile foreign leaders’ credibility, redirecting adversaries’ ire by highlighting tension points with other powers, or changes in the narrative that emphasize our commonalities and cultural ties. It is critically important, however, that the campaign be based on in-depth understanding of the environment we are attempting to influence and the adversaries we are trying to counter.
This is clearly demonstrated by the case of Iran. The United States must understand Iran’s perceptions and interests. Knowing your adversary is crucial for success when influencing, and it is especially important when protecting the US information environment against Iranian influence campaigns. Since Iran’s influence campaigns are designed to increase the security of its state, we know where these campaigns will target the US information space, what narratives they will likely employ, and how Iran will conduct operations. In the end, the opportunities to counter Iranian influence campaigns are limited only by imagination and willingness to take risks, both of which, unfortunately, have been lacking. Innovative, objective leadership, founded on an active, cross-government campaign involving in-depth knowledge and critical private sector partners is critical to success.
Mark Grzegorzewski, PhD, is a resident senior fellow in the Department of Strategic Intelligence and Emerging Technology at the Joint Special Operations University, US Special Operations Command. He has recently coedited and contributed a chapter to a JSOU Press edited monograph titled Big Data for Generals . . . and Everyone Else over 40 and published an article with Cyber Defense Review titled “Technology Adoption in Unconventional Warfare.” He has a forthcoming coauthored chapter titled “A Strategic Cyberspace Overview: Russia and China.”
Dr. Michael Spencer is a professor at Saint Leo University where he teaches courses in democracy, democratic institutions, and historical immigration. He is also the founder and a director for the Halcyon Institute, a new technology-based research and policy analysis think tank dedicated to the development and integration of dual-use digital technologies. Prior to this endeavor he was the director of Synergia Innovare, a nonprofit research company focused on identifying viable research lines for private sector and government investing. Dr. Spencer holds a PhD in government with a specialization in international security, an HMBA, and a master’s degree in international management. He currently resides north of Tampa, Florida with his wife and three children and a completely insane puppy affectionately named Pyscho.
Dr. Ken Brown is a former naval officer and intelligence professional with extensive experience in the special operations community. He currently serves with the Office of the Chief Digital and Artificial Intelligence Officer in the Department of Defense. He holds a PhD in government with a specialization in international relations, a juris doctor, and a master of arts in national security studies. He currently lives in the metro DC area.
The views expressed are those of the authors and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.
Image credit: Nicolas Raymond