Late 02 January 2020 (US Eastern time), the United States launched a strike outside Baghdad airport killing Qasem Soleimani, Iranian general and leader of the paramilitary Qods Force. General Soleimani was a despicable person responsible for promoting conflict and prolonging strife in various areas of the Middle East (among other locations), and his passing should not be mourned. Yet the manner in which his assassination took place and its repercussions are quite interesting, both for providing a look at the evolution of US policy and for determining just how useful “cyber” really is in traditional state conflict situations.

To start, the assassination of General Suleimani is highly provocative and unusual as he was a publicly-acknowledged and widely-known member of the Iranian government. While the relationships between the Iranian ‘state’ and the clerical and Iranian Revolutionary Guard Corps (IRGC) are fraught and strange to observers from a Western government perspective, it remains that the IRGC and its foreign paramilitary arm, the Qods Force, are part of the Iranian state. Following the post-Watergate Church Committee hearings, which revealed several US intelligence agency assassination plots of foreign government officials, then-President Gerald R. Ford issued Executive Order 11905, Section 5 of which declared that “No employee of the United States Government shall engage in, or conspire to engage in, political assassination.” (emphasis mine)

The emphasis on political means that targeted killing (essentially, assassination) for purposes other than political – military expediency, law enforcement, self defense, etc. – all presumably were legal. Prohibited instead were those sorts of killings like the alleged plot against Patrice Lumumba of Congo or potentially the US government’s tacit approval of 1973 Chilean coup – which included the death (under murky circumstances) of Chile’s socialist president, Salvador Allende. However, as many found either to their satisfaction or dismay in the post September 11, 2001 world, such prohibition did not appear to extend to enemy combatants (terrorists), and especially those in war zones as declared by the hastily-passed Authorization for Use of Military Force (AUMF). Initially limited to invaded Afghanistan, extended to subsequently invaded Iraq, then further expanded to cover locations as varied as the Philippines, Yemen, Somalia, Libya, Syria, and elsewhere, AUMF-justified targeted killing seemed to know few legal bounds.

Yet, the AUMF still held some restrictions in terms of specific terrorist groups targeted (only those remotely connected to the Taliban, al Qaeda, or related entities fell under its purview), while intervention in areas outside of either obvious warzones (Iraq, Afghanistan), ungoverned places (Somalia), or compliant regimes (then-Yemen) was not only politically difficult but legally dubious. Thus, the presence of a murky blank check in the form of the Covert Action Statute was a godsend for trickier operations. Operating under US Title 50 (generally intelligence authorities) instead of US Title 10 (military authority), the Covert Action Statute provided a mechanism to legally justify interventions in places where they were unwelcome or against groups not legislatively defined as threats.

This distinction, and what it could enable, became clear in 2011 following the killing of Osama bin Laden in Abbottabad, Pakistan as park of Operation Neptune Spear. That raid, while against a known terrorist individual covered by AUMF, took place in Pakistan – a nominal but difficult ally of the US. Thus, to maintain legal niceties, such an action would either need the approval and acquiescence of the host country (extremely unlikely), or some alternative legal fig leaf to enable operations. Thus the operators from Naval Special Warfare Development Group (DEVGRU, more popularly known as SEAL Team 6) entered Pakistan on the evening of Neptune Spear as hastily deputized intelligence operatives working under Title 50, covert action authorities as opposed to uniformed military personnel operating under Title 10 restrictions. While seemingly pointless given the amount of political chest-thumping that took place after the targeted killing of bin Laden (along with the al Kuwaiti brothers and other residents of the Abbottabad compound), from a legal perspective such declarations and assignments were necessary to make the operation possible and legally justifiable.

So how does this relate to General Suleimani? Well, in April 2019, the United States declared the IRGC Qods Force a terrorist organization. Initially interpreted as a mechanism to deploy ever harsher financial sanctions against Iranian leadership, subsequent events reveal a more interesting trajectory. While the US has (publicly) adhered to the prohibition on assassinations outside of exceptions carved by the use of military force or “covert action” operations, the order to kill Suleimani appears to be based on the reclassification of the IRGC-Qods Force as a terrorist organization as opposed to an arm of the Iranian state. Given that the US Department of Defense issued an official statement on the event combined with additional reporting, the operation to kill Suleimani appears to have been conducted under Title 10 authorities enabled by the declaration of Qods Force as a terrorist organization while taking advantage of the AUMF’s enablement to conduct missions in Iraq with legal impunity.

Thus, for an administration that has largely proved itself adept at finding new and unique ways to fail at execution and daily operations, various entities deployed a series of legal edge-cases to allow for the execution of a foreign government official. The sheer audacity of this action is shocking to observers in the US, and likely is at least as much to observers elsewhere. Which sets up the next part of the discussion: what does Iran do in response to this dubiously legal action?

Much ink (or at least pixels) have already been spilt about the seriousness of Iran’s retaliation, with cyber being a particularly alluring avenue given relative cheapness of delivery combined with plausible deniability post-execution. Yet I think, although definitely outraged, Iranian leadership is just as confused and caught off-guard as the Washington national security ecosystem as to the action itself and what it may justify afterwards.

Looking at the recent history of US actions in the Gulf region, we have a mixed record. Since summer 2019, we’ve seen the US decline to respond to the downing of a (very expensive) drone by Iranian forces, then initiate (and publicly announce) a very rare cyber attack against Iranian infrastructure two months later, followed by no meaningful response to the drone and missile attack on the heart of the Saudi oil industry. In addition to other items in Syria and Iraq, the US has sent incredibly mixed messages to Iranian (and other) leadership as to exactly where “red lines” lie, and what the repercussions of crossing them might be.

Therefore, from an Iranian leadership perspective, while some response to the assassination of General Suleimani is necessary, precisely what that response should be is murky given lack of clarity of how the US would respond. In this case, a statement by former US Marines General James Mattis gets turned around from its usual implications. That statement is rather simple: “The enemy gets a vote.” In this specific case though from an Iranian perspective, the “enemy” is the US, and what precisely that vote would be is almost entirely unclear given a recent history that includes both shirking from action and (in the case of Suleimani) possible overreaction to recent events (siege of the American embassy in Baghdad).

While neither laudable nor likely deliberate, Trump administration policies have placed Iranian leadership into an interesting position of not knowing precisely the decision calculus of the United States. This severely constrains retaliatory actions by Iran against the US, as the Iranian regime (despite US pundit declarations otherwise) is rational and more than anything else wishes to remain in power. If Supreme Leader Ayatollah Ali Khamenei thinks that the response to a retaliatory action for killing Suleimani (such as disrupting or destroying US critical infrastructure) will be waking up in Tehran to a Tomahawk Land Attack Missile (TLAM) greeting him one morning, then he will likely not pursue such a path.

Thus the circumstances around Suleimani’s assassination begin to appear more complex. While Iranian regime legitimacy and efficacy would seem to call for at least some demonstration of consequences to prove itself, such an action could in turn invite a series of events that (while considerably costly to the US) would also entail the termination of the Islamic Republic. Therefore, rather than simply lashing out immediately and indiscriminately, Iranian national command authority must instead ponder precisely to what degree they wish to impose costs on the US (physically, logically, or otherwise) for this event, and what amount of blowback they are willing to absorb in response. While I think the Suleimani killing was a mistake, it is less so than many pundits would like to argue as the Iranian regime is just as (if not more so) constrained as the United States in terms of responses and the implications such actions may contain.

Furthermore, going back to the Mattis quote, it is not as if the US need sit idly by while Iran plans its retaliatory operations. Since Suleimani’s death, there have been subsequent airstrikes and other operations against Iranian-afilitated groups in Iraq. As shown in August with US CYBERCOM (allegedly) taking down infrastructure used for tracking (and possibly disrupting) maritime shipping in the Gulf, potential cyber operations also appear to be on the table at this stage. Thus, US (or US-associated elements) could use this period of Iranian uncertainty to disrupt or destroy command and control or infrastructure nodes required to control or launch retaliatory cyber strikes, nullifying such a capability before it could be called into action.

Overall, I feel the decision to kill General Suleimani, despite his terrible record and contributions to human suffering, was a mistake. The legal regimes underpinning this decision are murky at best, and alarming at worst for what they might enable in subsequent administrations or decisions under current US leadership. However, much public conversation on how the attack killing Suleimani  will lead to dire consequences for the US and its allies overlooks just how game-changing this event was, and the array of options available to the US (and its allies) in response to any Iranian reaction. Thus matters are neither as simple as they would appear, while also far more dangerous given the possibilities for escalation and losing control of events.


15 Comments

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US | Mr Tech News · 01/06/2020 at 00:12

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US - ZDNet - TLO · 01/06/2020 at 02:36

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US - M9 Tech News Network · 01/06/2020 at 03:00

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US – Ethical Hacking Solutions · 01/06/2020 at 03:01

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US – life insurance · 01/06/2020 at 03:10

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US · 01/06/2020 at 03:14

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US | Proxy Discount · 01/06/2020 at 03:55

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US | Proxy 4 You · 01/06/2020 at 04:10

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US | Proxies Rocks · 01/06/2020 at 04:13

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US – pcsecurity-99.com · 01/06/2020 at 05:21

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US - TechieTricks.com · 01/06/2020 at 06:51

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

US Homeland Security issues rare alert warning of cyber attacks from Iran - Telecoms Tech - Business Mayor · 01/06/2020 at 13:53

[…] Slowik, an ICS malware hunter for Dragos, wrote in a blog post: “US (or US-associated elements) could use this period of Iranian uncertainty to disrupt or […]

US Homeland Security Issues Rare Alert Warning Of Cyber Attacks From Iran - RSSFeedsCloud · 01/07/2020 at 02:14

[…] Slowik, an ICS malware hunter for Dragos, wrote in a blog post: “US (or US-associated elements) could use this period of Iranian uncertainty to disrupt or […]

US Homeland Security issues rare alert warning of cyber attacks from Iran - Techregister · 01/07/2020 at 06:49

[…] Slowik, an ICS malware hunter for Dragos, wrote in a blog post: “US (or US-associated elements) could use this period of Iranian uncertainty to disrupt or […]

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US - ZDNet - TLO · 01/23/2020 at 02:36

[…] cyber strikes, nullifying such a capability before it could be called into action,” Slowik said in a blog post published on […]

Comments are closed.