Quick viewing(Text Mode)

Acknowledgement

Acknowledgement

ACKNOWLEDGEMENT

One might say acknowledgement reveals to the reader something about the personality behind the writer. As a poet suggests, an acknowledgements page acts as an alternate to the content page, a skeleton key to the literary world in which the writer aspires to. The enduring process of thesis writing has been a purposeful experience for professionally and personally. Writing thesis has given the smacking feeling, delivered with an open hand, to wake you up to eventually realize that after years of studying over assortment of courses, you actually have not comprehend anything comprehensively.

It is with no doubt my highest gratitude goes to thank Allah SWT, the sole Almighty God who without His permission and decree nothing would be possible, and the Prophet Muhammad Sallahu Alaihi Wasallam, who always has my complete adoration. The indescribable feeling and journey towards developing extraordinary qualities of a human being will not be attained without others’ help, guidance, assistance and more importantly, existence. My indebtedness feeling upon thesis completion would not be actualized without the presence of these respective people:

1. Mr. Teuku Rezasyah and Mr. Makmur Widodo as the best thesis mentors, whom without their valuable time, enduring support, and persistent guidance, I would not be able to sustain this thesis writing. 2. Muzhadi and his significant other, Rosdiana Monoarfa. The thesis is solely dedicated to their persistent and continuous support, love, and encouragement. 3. Significant friends and partners. Zay, Puspa, Ayu, Meydi, Salim, Wibi, Brimoresa, Atin for our consistent togetherness, laughter, and happiness we bring to each others’ lives. Iskandar Shah, for putting up with me during ups and downs, for being my worst distraction, my rhythm, my blues.

Jakarta January 20th 2014

THE STRATEGY TOWARDS THROUGH

(2006-2013)

By

ANISSA SYIFA ADRIANA

ID 016201000012

A thesis presented to the Faculty of International Relations, Communication, and Law President University In partial fulfillment of the requirements for Bachelor Degree in International Relations Major in Strategic and Defense Studies

JANUARY 2014

DECLARATION OF ORIGINALITY

I declare that this thesis entitled “The United States Foreign Policy towards

Iran: Fulfilling Its National Objectives through Cyberwarfare Strategy

Covered in Operation Olympic Games (2006-2013)” is, to the best of my knowledge and belief, an original piece of work that has not been submitted, either in whole or in part, to another university to obtain a degree.

Jakarta, 19 January 2014

Anissa Syifa Adriana

CHAPTER I

INTRODUCTION

1.1. Background of the Study

The pace of global change in international affairs has quickened dramatically during twenty first century. To comprehend thoroughly the fundamental paradigm one needs to fathom the substantial characteristic of International Relations. International Relations have always been dynamic and will continue to be so. The idea of interactions happenings amongst state-actors and non-state actors are complex and compounded. The interactions also follow with vast coherent and developed theories such as stability versus instability, mutual deterrence and balanced arms control, and ideally, national interest versus international security. As written by James E. Dougherty about international politics, “hundreds of actors are pouring into the international arena at the same time... The behavior of individual actors is purposive, but the process as a whole knows no purpose and no overall direction...”1

Power, strategy and foreign policy are some of many tools of a nation-state to pursue its national interests as well as to secure the viability of alliances under such strain. Foreign policy is widely considered as a strategy that a nation possesses in obtaining and securing national interest. Pattern of interactions within foreign policy

1 Andrew M. Scott, “The Logic of International Interaction,” International Studies Quarterly, 21(3) P 438 Retrieved 4 October 2013

1 are a set of processes by which decision makers in one national unit, interact with each other and respond to inputs from the domestic and international environment.2

The globally interconnected world where digital information as well as communications infrastructure known as “cyberspace” has affected the way the U.S. reassesses their current policies. Cyberspace practically touches everything. The nation’s digital infrastructure, which is largely based upon internet, has changed significantly due to the growing threats of cyber-crime operations. The idea of current digital revolution that U.S. and the world are facing has come to the realization that sensitive and confidential information is no longer secure.

The unimaginable boundaries of cyberspace marks no edge or limit. United Nations (UN) defines cyberspace as the global system of systems of interconnected computers, communications infrastructures, online conferencing entities, databases, and information utilities generally known as Net.3 Meanwhile, the Department of Defense (DoD) defines cyberspace as the national environment in which digitized information is communicated over computer networks.4 Cyberspace has provided new battlefield for cyberwarfare. Critical cyber-infomation infrastructure and other national infrastructure are every nation’s greatest investment. Cyberwarfare is applicable to every nation-state. The Economist (2010) called cyberwarfare aggression in the “fifth domain”, other than sea; land; sea; air; and space, which many of nation-states start to realize, including the U.S.

Another definition of cyberwarfare is symmetric or asymmetric offensive and defensive digital network activity by states or state-like actors, encompassing danger to critical national infrastructure and military systems. It requires a high degree of

2 James E. Dougherty. Robert L. Pfaltzgraff, Jr. "System, Structure, Agent, and International Relations Theory." Contending Theories of International Relations: A Comprehensive Survey. 5th ed. N.p.: Longman, 2001. p 105. Print. Retrieved 4 Oct 2013 3 Andress, Jason. Winterfeld, Steve. “Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners”. Elsevier 2011. p. 2 4 Joint Publication 3-13 Information Operations. Department of Defense. 13 Feb 2006

2 interdependence between digital networks and infrastructure on the part of the defender, and technological advances on the part of the attacker. It can be understood as a future threat rather than a present one, and fits neatly into the paradigm of Information Warfare. 5 Cyberwarfare is understood as the act of disruption to sabotage with motivation of hacking adversaries’ computer network. The motives are mostly based on political background, seen as the bloodless non-kinetic warfare yet cause similar destruction to critical infrastructure.6

The first major event that took everyone’s attention was the Estonian government cyberwarfare.7 The Estonian government was making a huge leapfrog from a paper-based government to a web-based infrastructure in conducting all the business. As the Estonian government was part of the North Atlantic Treaty Organization (NATO), they then went for help resolving the cyber-attack issue. Hence, Estonia has gone to be one of the leading nations in the arena of Cyber Strategy and the Cooperative Cyber Defense Center. There were plenty of speculations on the Soviet government as the attacker, noting the fact that Estonia was an outcry from Russian population.

The next similar cyber-attack happened during the war in Georgia, over South Ossetia. Albeit South Ossetia had achieved its de facto independence from Georgia, international community still perceives South Ossetia as part of Georgia. Therefore, a peacekeeping force was sent to help and Georgia to control the region. In 2008, Georgia moved forces into South Ossetia to quell the separatist movement. Russian then counterattacked to protect the South Ossetia citizens. In the following g weeks, Georgian government’s computer network was then received series of attacks

5 Shane M. Coughlan, “Is There a Common Understanding of What Constitutes Cyberwarfare?,” The University of Birmingham School of Politics and International Studies, 30 September 2003, p. 2. 66 Sanger, David E. (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". . Retrieved 1 June 2013

3 such as denial of service attacks against the government computer network where spamming email flooded the system.

Many of intelligence officials consider cyberwarfare in the U.S. as a larger threat than terrorism.8 In 2010, the U.S. worked with Israel to launch cyber-attacks on Iran targeting Iran’s uranium enrichment plant, , using a worm known as . 9 This was believed by many as an ‘illegal’ attempt to hassle Iranian nuclear program. Stuxnet is considered to be the first-known worm designed to target real- world infrastructure such as power stations, water plants and industrial units. Stuxnet’s complexity was so superior that it was claimed by researchers to only have been written by a “nation-state”.10 Symantec, a Belarus-based security firm, stated that there have been more infections targeting Iran than anywhere else in the world.11

Stuxnet –code-named Olympic Games— had been initiated and designed to subtly sabotage Iran’s nuclear program in early 2006 during the George W. Bush administration. President George W. Bush approved $300m on joint covert projects aimed at Iran, assumed to have included Stuxnet, before leaving the office in 2009.12 The program was then expanded and escalated under tenure by secretly ordering sophisticated attacks on the computer systems.13

Operation Olympic Games was a covert campaign of sabotage by means of cyber disruption targeted at Iranian nuclear facilities by the U.S. and Israel. This is not the first time the U.S. attempt to delay the alleged Iranian nuclear weapons. During Clinton administration, as a covert operation was undertaken by providing Iran with a flawed design for building a

8 Dilanian, Ken. "Cyber-attacks a bigger threat than Al Qaeda, officials say", Los Angeles Times, 12 March 2013 9 "Legal Experts: Stuxnet Attack on Iran Was Illegal ‘Act of Force’". Wired. Retrieved 5 Oct 2013. 10 Fildes, Jonathan. "Stuxnet Worm 'targeted High-value Iranian Assets'" BBC News. BBC, 23 Sept. 2010. Web. 05 Oct. 2013 11 Ibid 12 Ibid 13 David E. Sanger. “Obama Order Sped Up Wave of Cyberattacks Against Iran.” The New York Times 1 June 2012. Web. 06 Oct 2013

4 programs. Unfortunately, it backfire the U.S. and causing Iran to accelerate the nuclear program due to useful information provided by the U.S. Operation Olympic Games is different with the previous one as this is reported to be the first known use of offensive cyber weapons.14

Having been first detected in June 2010 by Symantec, Stuxnet are unlike most viruses. 15 The worm targets systems that are traditionally not connected to the internet for security reasons. Once Stuxnet has infected a machine on a firm’s internal network, it seeks out a specific configuration of industrial control software. With five different variants of Stuxnet, the U.S. targeted five Iranian organizations with uranium enrichment infrastructure as their main functional purpose. 16 This caused the Iran’s uranium enrichment programs to suffer setbacks infecting staff computers, Iranian officials admitted. The five organisations were targeted repeatedly between June 2009 and April 2010.17

In the following 2011, the malware is also thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University of Technology produced a sixty-page report stating that the worm is a Stuxnet-like malware.18 Instead of being destructive, Duqu, considered as Trojan, was to collect information that could be useful in attacking industrial control system.19 The purpose of Duqu was to modify computer protections with the help of an infected Microsoft Word document. Duqu uses the zero-day exploit method in which the unknown attack occurs on day zero of awareness of the

14 Sanger, David (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". The New York Times. Retrieved 19 October 2012 15 "W32.Stuxnet - Network Information." Endpoint, Cloud, Mobile & Virtual Security Solutions. N.p., n.d. Web. 05 Oct. 2013. 16 "Stuxnet Virus Targets and Spread Revealed". BBC News. 5 Oct 2013. 17 Ibid 18 "Duqu: A Stuxnet-like malware found in the wild, technical report". Laboratory of Cryptography of Systems Security (CrySyS). Retrieved Oct 16, 2013 19 W32.Duqu – The precursor to the next Stuxnet (Version 1.4)". Symantec. 23 November 2011. 5 vulnerability where the targeted victims know the vulnerability.20 The infections of Duqu was to be reported being found around these countries such as France, Netherlands, Switzerland, Ukraine, India, Indonesia, Iran, Sudan and Vietnam.

Stuxnet and Duqu was then followed by in 2012, a new form of malware that infiltrated several networks in Iran and across the Middle East that was discovered in early 2012.21 22 The discovery was announced by MAHER Center of Iranian National Computer Emergency Response Team (CERT),23 Kaspersky Lab24 and CrySyS Lab of the Budapest University.25 The security scientist reported that Flame is the most complex and most sophisticated malware they encountered. Flame is also believed as part of classified effort code-named Olympic Games, developed by U.S. National Security Agency, CIA as well as Israel’s military.

1.2. Problem Identification

As a form of modern information warfare, cyber-attacks mostly possess political agenda so as to conduct a sabotage of other nation-states’ classified information. Cyberwarfare is also widely believed as an act or practices in securing national security go hand in hand with national interest. Sabotaging components of a system, or cyber-attacking is considered as illegal political espionage. Cyberwarfare capability are not relatively new. There is a large difference of cyberwarfare conducted by nation states and non-nation states. In a cyber-war sense, attack conducted by small groups of hackers might cause similar level of damage but the

20 "About Zero Day Exploits". Netsecurity.about.com. 2010-11-11. Retrieved 1 December 2013 21 Lee, Dave (28 May 2012). "Flame: Massive Cyber-Attack Discovered, Researchers Say". BBC News. 22 McElroy, Damien; Williams, Christopher (28 May 2012). "Flame: World's Most Complex Computer Virus Exposed". The Daily Telegraph. Retrieved 6 Oct 2013 23 "Identification of a New Targeted Cyber-Attack". Iran Computer Emergency Response Team. 28 May 2012. Retrieved 6 Oct 2013 24 Gostev, Alexander (28 May 2012). "The Flame: Questions and Answers". Securelist. 25 "sKyWIper: A Complex Malware for Targeted Attacks". Budapest University of Technology and Economics. 28 May 2012.

6 capability to take actions into conventional warfare requires for those with much greater resources as in nation-states.

A leaked US embassy cable revealed that the U.S. was advised to adopt “covert sabotage” of Iran’s nuclear facilities, including hacking and “unexplained explosions”.26 Stuxnet have included two major components, one was designed to send Iran’s nuclear centrifuges to be out of control and the other was to record the normal operations at the nuclear plant, to hunt down the systems of industrial controls.27 Meanwhile, Duqu’s purpose was to collect and gather all the intelligence and passed it back out to the attackers. Flame, which is 20 times bigger than Stuxnet was also among the most sophisticated piece of malware to have ever found. Flame aimed to invisibly spy on and record the log of keyboard strokes by taking screen shots, extracting geolocation from images and send as well as receive commands and data through Bluetooth wireless technology.28 The Stuxnet, Duqu, and Flame cyber- attacks happen to be the first time that the U.S. have repeatedly used cyber weapons to hassle another country’s infrastructure with computer codes.

U.S. and Israel participatory involvement in the Operation Olympic Games, targeting on Iran uranium enrichment centrifuges, has been the subject of controversy. In June 2013, a leaked of an eighteen-page presidential memo revealed how Barrack Obama had ordered intelligence officials to draw up a list of potential overseas targets for U.S. cyber-attacks.29 The Presidential Policy Directive 20 was issued in October 2012, calls the policy as the Offensive Cyber Effects Operations (OCEO). It defines OCEO as:

26 Josh Halliday. "WikiLeaks: US Advised to Sabotage Iran Nuclear Sites by German Thinktank." The Guardian. N.p., 18 Jan. 2011. Web. 05 Oct. 2013. 27 William J. Broad, John Markoff, David E. Sanger. “Israeli Test on Worm Called Crucial in Iran Nuclear Delay”. The New York Times. 15 January 2011. Web. Retrieved 6 Oct 2013 28 Ellen Nakashima, Greg Miller, Julie Tate. “U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Official Say”. . June 20, 2012. Web. Accessed 16 December 2013. 29 Presidential Policy Directive. (PDF) from Epic.org. Retrieved Oct 16 2013

7

“The operations and related programs or activities … conducted by or on the behalf of the U.S. Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks.”30

Obama has authorised the “anticipatory actions taken against imminent threats”. It reserves the right to use offensive cyber-attack in foreign nations without government permission whenever “U.S. national interest and equities” requires such non-consensual attacks.31

Many evidences of cyber-attack conducted by state and non-state actors have significantly increased for the past ten years. The leaked Presidential Policy Directive is relevant to the Operation Olympic Games where offensive cyber-attacks was conducted by the U.S. This thesis is intended to examine the U.S. cyberwarfare, namely the cyber-attacks on Iran nuclear program conducted from 2010 to 2013, under the Operation Olympic Games. Main discovery of the topic will revolve around the strategy that was implemented to conduct the cyberwarfare.

1.3. Statement of the Problem

Stuxnet is believed as the major case study of cyber-attack conducted by nation-states namely the U.S. and Israel. It also becomes the trigger for another possible cyber-attacks conducted by nation-states. The Presidential Policy Directive 20 was signed in 2012 and, complements NSPD-54/Homeland Security Presidential Directive HSPD-23 that was authorised by George W. Bush in January 2008. 32 Meaning that despite the fact that the cyber-attack launched in 2010, the authorization of such power to conduct surveillance happened during Bush

30 Glenn Greenwald. Ewen MacAskill. “Obama orders US to draw up overseas target list for cyber- attacks”. The Guardian. Web. June 7, 2013. Retrieved Oct 16, 2013 31 Ibid 32 National Security Presidential Directives (NSPD): George W. Bush Administration. Federation of American Scientists. Web. Retrieved Oct 16 2013

8 administration in 2008. Therefore, the permission to conduct overseas cyber-attack has been legitimate since Bush administration.

Cyber-attack is also sometimes conducted collaboratively with other nation- states participation or the allies. Cyberwarfare conducted by nation-state shed some light, postulate cyberwarfare as a new threat to national and international security. Cyberwarfare is believed to be the new perception nation-states regard it as a strategic interest and the way a nation-state achieve national interests.

Refer to the identification above and thereof, the thesis will try to answer the research question below:

 How the United States implemented the cyberwarfare strategy toward Iran through Operation Olympic Games, (2006-2013)?

1.4. Research Objectives

In his book Research Methodology, Kothari described that research refers to the search for knowledge in a scientific and systematic way on a specific topic. According to Clifford Woody, research comprises defining and redefining problems, collecting, organising and evaluating data and reaching the conclusion.

All research is done for the purpose of discovering and finding answers to questions through the applications of scientific procedures. Kothari divides research objectives into four groups with different purposes. This thesis is classified as exploratory-descriptive with research objectives as follows:

a. To penetrate and explore in detail the cyber-attack strategy that United States implements as a political means to pursue national objectives. b. To understand the U.S. national interest though their foreign policy towards Iran.

9

c. To comprehend the motives behind the cyberwarfare conducted by the U.S. on Iran. d. To explore the U.S. cyberwarfare doctrine and how it relates to the Operation Olympic Games.

1.5. Significance of the Study

Social science research often use the term Ex post facto research for descriptive research, where the researchers have no control over the variable and can only report what has happened or what is happening.33 Going hand in hand with the background of the study, the significance of the study will touch any comprehensive discussions about the chosen topic based on existing relevant and valid conceptual framework.

The researcher opts to choose the significance of the study as stated below:

a. To gain in-depth understanding of the implementation of the U.S. cyber- attack strategy as political means to achieve national objective. b. To encourage further research regarding cyberwarfare conducted by nation- states. c. To help the readers get a closer view and further understanding about cyberwarfare phenomenon in twentieth century.

1.6. Scope and Limitation of the Study

The scope and limitation of the chosen topic revolved around as the following:

33 Kothari, C. R.. “Research Methodology: Methods & Techniques” New Age International Ltd. Publishers. 2004. ISBN (13) : 978-81-224-2488-1 pp. 2-4

10

a. The main work of the thesis will primarily examine and observe the implemented strategy by the U.S. in conducting cyber-attacks on Iran targeting the nuclear centrifuges from 2010 to 2012 that was covered under the Operation Olympic Games. b. The thesis will attempt to discover the historiography of the U.S. and Iran bilateral relations and the U.S. national interest towards Iran implemented in its foreign policy.

1.7. Definition of Terms

Definitions of frequently used lexicons used in this thesis are noted below:

a) Foreign Policy: Foreign policy is considered as a strategy that a nation-state possess to obtain and secure their national interest. Pattern of interactions within foreign policy are a set of processes by which decision makers in one national unit, interact with each other and respond to inputs from domestic and international environment.34 Foreign policy is used by the governments to guide their actors in the international arena so as to secure both domestic as well as nation-states.

b) Cyberwarfare: Cyber warfare refers to politically motivated hacking to conduct sabotage and espionage. It is considered as a form of information warfare between person and/or nation-states. 35 Cyberwarfare refers to the information-related conflict at a grand level between nations or societies. This represents a new entry on the spectrum of conflict that spans economic,

34 James E. Dougherty. Robert L. Pfaltzgraff, Jr. “System, Structure, Agent, and International Relations th Theory.” Contending Theories of International Relations: A Comprehensive Survey. 5 ed. N.p.: Longman, 2001. P. 105. Print. Retrieved 4 Octo 2013 35 Department of Defense – Cyberspace. Dtic.mil. Retrieved 8 Oct 2013 11

political, and social as well as military form of “war”.36 Cyberwarfare could be distinguished by their targeting of classified information and communications. Motives behind cyber warfare are various, from military to political reason.

c) Cyber-attacks: According to a Congressional Research Service Report, a sophisticated cyber-attacks desire quiet and impede the computer systems and data. They must also stay hidden to maintain control and father more intelligence and to maximise the damage.37 Cyber-attacks can be launched from outside the network, using hackers, or from the inside, using agents and rogue components. Cyber-attacks are enabled not through the generation of force but by exploitation of the enemy’s vulnerabilities.38 Cyber-attack is similar with cyber espionage, which both acts are launched to obtain secrets, proprietary and classified information. These actions are usually illegal exploitation through internet, software and networks.

d) Operation Olympic Games: Operation Olympic Games is an unacknowledged campaign of sabotage by means of cyber disruption targeting on Iran’s nuclear facilities designed by U.S. and Israel. It was first initiated in 2006, under the Bush administration and then was accelerated under Obama administration. The strategy was believed by Bush as the only way to hinder and prevent Israel from launching conventional strike on Iranian nuclear facilities.39 Noting that Israel’s former possess deep intelligence over nuclear

36 “Cyber War is Coming!”. RAND National Security Research Division. 2009 (PDF). Web. Retrieved 2 Oct 2013 37 Clay Wilson, “Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress,” Washington, D.C.: Congressional Research Service, April 1, 2005, p. 37. Retrieved 1 Oct 2013 38 Libicki. Martin. C. “Cyberdetterence and Cyberwar”. RAND National Security Division. 2009 (PDF) ISBN 978-0-8330-4734-2. Retrieved 1 October 2013 39 Ibid., 18

12

operations at Natanz, Israel involvement becomes vital and critical to succeed the cyber-attack.

I.8. Thesis Outline

As with other thesis’, the structure of the research will be divided into five chapters. The thesis outline comprises of Introduction followed by chapters on Theoretical Framework (literature review), Research Methodology, Data Analysis and Interpretation and followed by Conclusion. Elaborated specifically as follows:

Chapter I: Introduction

Beginning with a background to the study to give closer exposure on to the chosen topic and then followed by Problem Identification. Problem Identification elaborates briefly on the problematic issues that the researcher is concerned about, what problems have arisen or been observed, why the problems have occurred, and why the researcher decided to choose these problems as an object for investigation. Statement of the Problem states the actual research questions that researcher has and must be answered or solved by this research. Research Objectives are the outcomes or deliverables that the researcher aims to achieve.

Significance of the Study explains the key areas or points of the study that can give contribution or bring about benefits to the academic community, or beneficiaries of the research. Conceptual Framework is a concept in formulating the variables or relationships to be investigated. Scope and Limitations of the Study identifies the areas that are covered, and those areas which are not covered by the

13 study. Definition of Terms is a detailed explanation of specific terms used in the study.

Chapter II: Literature Review

This chapter elaborates the applied theories as the approach of the research and a collection of interrelated theories. All research should be based on good theoretical grounding. The pertinent material relevant to the study is the important reason for writing a thesis. The literature provides a clear background as a theoretical grounding. Materials are variously taken from books, journals, and other published sources.

Chapter III: Research Methodology

The research methodology will follow the guideline of a Qualitative Research. Qualitative Research is a naturalistic and interpretative approach concerned with understanding the meanings of certain observed phenomena or actions. It examines, analyses and interprets observations for the purpose of discovering underlying meanings and patterns of relationships in a manner that does not involve mathematical models. Qualitative research also provides explanation of reasons and associations between social variables.

Chapter IV and V: Data Analysis and Interpretation

As the core of every thesis, chapter IV and chapter V will examine the chosen topic. The extensive report of the research will be reported systematically into a full of analysis of the data gathered using table, figures and/or charts to support the explanation. Exploration of the main object revolves around the strategy being implemented by the U.S. in achieving their foreign policy though cyberwarfare.

Chapter VI: Conclusion

14

Finally, every thesis will be ended with a conclusion, allowing the researcher to evaluate whether the questions have been answered through the process of research. Possible recommendation will be made if possible as an initiative that could be undertaken to improve the quality of the research. On a broader spectrum, recommendation(s) will be included, so as to be more beneficial for the readers.

CHAPTER II

THEORETICAL FRAMEWORK

2.1. Theoretical Background

2.1.1 Foreign Policy as a Theory

The international political affairs can be viewed as consisting of issues of multidimensional issues. The foreign policy analysis has become all approaches to study international relations. The approach is diverse concentrating from political economy to international society that includes the notion of what state is and how its foreign policy results.40 The foreign policy analysis involves the study of how a state produces such foreign policy including international as well as domestic politics. Foreign policy as a theory can be summed up as:

"As a field of study, foreign policy analysis is characterized by its actor- specific focus. In the simplest terms, it is the study of the process, effects, causes, or outputs of foreign policy decision-making in either a

40 Steve Smith. “Theories of Foreign Policy: an Historical Overview”. (1986) Review of International Studies. P. 13-29. Jstor. Accessed 20 January 2014

15

comparative or case-specific manner. The underlying and often implicit argument theorizes that human beings, acting as a group or within a group, compose and cause change in international politics."41

Foreign policy as a theory can also be considered as a sub-field of international relations study that aims to understand the process behind foreign policy decision making. The making of foreign policy involves number of stages namely assessment of the international and domestic political environment; goal settings; determination of policy options; formal decision making action and implementation of policy action.

2.1.2 Structural Realism (Neorealism)

Many of international scholars believe that the Realism theory remains obsolete. In 1979, Kenneth Waltz introduced the revised version of Classic Realism called Structural Realism, or many refer to Neorealism. He believes that albeit old ways of thinking would no longer be relevant if the changes of the system happen, changes within the system will remain relevant. The limited role of International Institutions, Waltz believes, still has limited functions and benefits to the weaker states.42

The anarchy nature of international structure have caused the system to be decentralised where there is no formal central authority and sovereign nation-states are formally equal. The international security theory of Neorealism and Offensive realism suitably portrays the behaviour of the U.S. towards Iran, hence, below is the elaboration.

A. Waltz’s Neorealism

41 Foreign Policy Analysis, Department of Political Science, College of Arts & Science, and the University of Missouri. http://foreignpolicyanalysis.org/. Accessed January 20, 2014 42 Waltz, Kenneth. “Structural Realism after the Cold War”. International Security. Vol. 25, No. 1 pp.2- 41. 2000 (p. 21)

16

Kenneth Waltz laid out a new perception toward classical realism within his book entitled Theory of International Politics. He started looking for answer by looking at different point of view on the international environment that nation-states exist in rather than merely states themselves for providing answers. One of core assumptions that Waltz believes, which is conjoined with classic realism, is that all nation-states prioritize their own survival. Thus, the states have an inclination towards conducting competitive politics internationally. However, Waltz perceived that nation-states might be in opposition with another state, hence, allowing them to create a form of alliance.

Key points of neorealism theory lies upon the ordering principle, anarchy, by the distribution of capabilities that are measured by the number of great powers within international system. The anarchic ordering principle of international structure is decentralised, meaning there is no authoritative body that impose international law. This also means that sovereign states are equal in this international system.

The key differences between classic realism and neorealism, developed by Waltz, lies upon the encapsulation of the concept of anarchy, power and self-help into a systems-based theory. Waltz attributes the presence of a system in the international sphere. The system defines the rules and behaviours deemed necessary for own-survival. Kenneth Waltz also acknowledged and accepted that globalisation has posed new different challenge to states. Nonetheless, he still believed that his perceptions of states as the highest actor remains still, as no other non-state actors have the same capability as equal as nation-states.

B. Offensive Realism

Neorealism is subdivided into two types, namely Defensive and Offensive Realism. This thesis will embrace the theory of Offensive realism as one of theoretical approaches. Offensive realism is belonged to the one of realist school of

17 thought, John Mearsheimer. He believes that the nature of the international system holds the responsible for nation-states act aggressively in the international politics. Therefore gives the conclusion that institutions have minimal influence on the state behaviour, and hold little promise in promoting stability.

There are five central assumptions lie at the core of Offensive Realism, namely:43

1. The international system is anarchical. Great powers are the main actors within the anarchic international politics. Meaning that there is no supranational institutional to enforce the international rules and punish perpetrators. As for consequences, nation-states will decide for themselves to obtain their national objectives. Nation-states fundamentally will not be able to rely on others to guarantee their security in the self-help realm.

2. All states possess some offensive military capability. According to Mearsheimer, that even a nation-states could use their military capability for defensive purposes, doesn’t necessarily mean one cannot use for the purpose of offensive. The anarchical system of international world leaves little choices for nation-states to survive (status quo states). Albeit military capabilities of nation-states are varied, for any states it can change over time.

3. States can never be certain of the intentions of other states. No state can be absolutely hundred percent sure of other states’ intention of attacking the first state. Nevertheless, this does not mean that every nation- states will necessarily have hostile intention. However, in anarchy

43 Mearsheimer, John J. "The false promise of international institutions." International Security 19, no. 3 (1994): 5-49. Retrieved 21 Oct 2013

18

international self-help realm, uncertainty of ones’ intention is seemingly unavoidable.

4. States have survival as their primary goal. In the international system, states possess and acquire several national objectives including prosperity, human rights, etc. Nonetheless, survival seems to be the utmost concern of all nation-states. This does not mean that other national objectives are not on the list of survival, but the autonomy of the nation-states is prerequisite for a state to achieve other goals. Hence, states’ survival becomes their primary goal.

5. States are rational actors. States are capable of coming up with sound strategies that maximise their prospects for survival. States are being rational by coming up with such strategy. This is affected by the external situation where they are highly aware of. Choosing sound strategy for now and in the long run are for the basic aim of security and their own-survival in the sense of the international politics.

Less powerful nation-states acknowledge and knowing that they are operating in a self-help world, which makes them thinking the best way to survive, is to be powerful or by acquiring deterrent factors. On the other hand, great powers nation- states are also fully realise the system of self-help world therefore they have to rely on themselves ensuring ones’ survival. Potential threats are unexpectedly coming from everywhere and there is no higher authority they can turn to if ones get attacked. This doesn’t deny the fact that states might form alliances which are often useful in dealing with possible threatening adversaries. In terms of nuclear weapons, both Offensive and Defensive Realism have the agreement over its utility for offensive

19 purposes.44 Thus, the U.S. has always been suspicious over Iran’s nuclear program because they believe that the nuclear is developed for offensive purposes.

2.1.3. Grand Strategy (High Strategy)

Grand Strategy comprises a full set of all employment of all instruments that a nation-state possesses of power available to a security community.45 According to B. H. Liddell Hart, a military historian, grand strategy is the way a nation-state coordinates and directs all the resources towards the attainment of political object of the war. In the end, strategy must be understood in terms of both military as well as political dimensions. Clausewitz has best set forth the idea of political purpose dominates all strategy by stating, “War is merely the continuation of policy by other

44 Mearsheimer, John J. “Structural Realism” International Relations Theory (2006). Chapter 4. (PDF) P. 72. Retrieved 22 Oct 2013 45 Gray, Colin: War, Peace and International Relations - An Introduction to Strategic History, Abingdon and New York: Routledge 2007, p. 283

20 means.”

Figure 1.1 Comprehensiveness of Strategy

Assuming the future of international political as well as security realm will always be unpredictable, there are some premises explaining how grand strategy provides direction for both persuasive and coercive actions to achieve specified objectives. Look over Figure 1.146, there are two strategic environment that every nation-states possesses namely, international environment as the external component, and domestic environment.

The external component comprises of physical geographic environment, the international system, and other external actors—states and non-states actors— along with their cultures, beliefs and actions. Meanwhile on the other hand, domestic factors consist of internal physical realities and the internal actors, constituencies, institutions, and organizational roles. The nature of strategic environment will not

46 R. Yarger, Harry Strategic. “Theory for 21st Century: The Little Book on a Big Strategy” Strategic Studies Institute Army Military. 2006, p. 6

21 always be interactive—sometimes it chaotic and complex, therefore strategy must be coherently adaptable with its formulation and executions.

Grand strategy is the fundamental theoretical framework embracing another relevant strategy theory, Asymmetric Strategies, developed by Rear Admiral Joseph Caldwell Wylie, Jr.

A. Asymmetric Strategy

Classical warfare is symmetrical because it must be regulated.47 The end of conventional warfare has triggered many scholars to propose new models to explain the transformation as an instrument of policies. As cyberspace is believed to be the fifth domain battlefield of warfare, the execution of adversaries’ strategy will always be unpredictable. The nature of a conflict, Sun Tzu believed, is based on imbalance. In 2006, the Quadrennial Defense Review addressed the non-traditional as well as asymmetric threat, explained that they possess three dimensions 48 : (1) Irregular warfare (conflict in which enemy combatants are not regular military forces of nation-states) (2) Catastrophic terrorism employing (3) Weapon of Mass Destruction Disruptive threats to any nation-states.

Asymmetric is what can’t be grasped. The concept of asymmetry has been applied in a number of different contexts.49 First, non-traditional and non-military adversary (or network of adversaries) such as terrorist and transnational criminals. Second, conflict might involve asymmetric risks, meaning, one side may have more to lose than the opponent. Third, asymmetry may exist between two weapons technology used by two opponents. Fourth, a single nation-state or groups of states

47 Christian Bühlmann.“Asymmetric Strategies: A concept to better understand modern conflicts?”. Military Power Revue der Schweizer Armee. 2009. Accessed Oct 2013 48 Secretary of Defense Ronald Rumsfeld, Quadrennial Defense Review Report (Washington, DC: 2006) 3. 49 Lwin, Michael R. “Great Powers, Weak States and Asymmetric Strategies”. Naval Postgraduate School. 1997 (PDF). Accessed Oct 2013

22 may attempt to mix conventional and unconventional approaches to design an asymmetric strategy to defeat the opponent.

A comprehensive model of asymmetric strategy, develop by J.C. Wylie, will be used to illustrate the strategy that U.S. used in launching cyber-attack on Iran. In addition to asymmetric strategies literature reference, a report produced by RAND’s National Defense Research Institute in 1999 will also reflect the concept of asymmetric strategy. Both references sufficiently elaborate the general approach and fundamental understanding of that asymmetric strategy. Asymmetric strategy is believed to be the new concept in understanding modern warfare. The transformation of conventional war needs different models to be proposed.

The years following the attacks of 11 September in 2001, many scholars shift their attention to the thrust of asymmetric threats. Debates over the notion of asymmetric strategies also emerged to counter the threats to be believed as changing concept of terrorism. The commonly used definition is that “asymmetric warfare is violent action undertaken by the ‘have-nots’ against the ‘haves’ whereby the have- nots, be they state or sub-state actors, seek to generate profound effects . . . by employing their own specific relative advantages against the vulnerabilities of much stronger opponents.” 50 Nevertheless, such perception will not be relevant to the chosen study case. Hence the literature written by J. C. Wylie and RAND will be adopted to portray more suitable asymmetric strategies.

A.1) J. C. Wylie Asymmetric Strategy Theory

On December 1997, Michael R. Lwin from Naval Postgraduate School wrote a thesis entitled “Great Powers, Weak States and Asymmetric Strategies”. He examines some specific study cases by illustrating a model of strategy developed by J.C. Wylie Jr. Wylie, a Navy strategist, defined strategy as “a plan of actions

50 Rod Thornton, Asymmetric Warfare: Threat and Response in the 21st Century (Cambridge: Polity Press, 2007), p.1.

23 designed in order to achieve some end: a purpose together with a system of measures for its accomplishment.”51

There are two crucial and important components in Wylie’s theory of strategy, the choice of an operational pattern and the identification of enemy’s centre of gravity. He also separates the operational patterns in war into two, cumulative and sequential. The sequence of actions leads to victory where loss of one step could have critical after effects on strategy. Meanwhile, the cumulative pattern based upon “a collection of a lesser action”, none of which dependent on another.

The other critical component that Wylie’s strategy theory puts attention to is the centre of gravity. The centre of gravity, Wylie believes, is the “national jugular vein” that is ideally crucial to the enemy. Both Sun Tzu and Clausewitz also acknowledged the concept the centre of gravity as more than merely military forces or a geographic location. The enemy’s centre of gravity can be any necessary factor for the execution of the strategy as in the military force, logistic support or the political alliance to sustain the effort.

Theoretically, centre of gravity is usually defined as the “hub of all power and movement”, on which everything is depended on. Such approach is useful to plan when attempting to attack an opponent, however, this will have less value in describing and understanding the opponent’s strategic of action. Identifying the opponent’s centre of gravity is rather difficult nor will it always find the means to attack. The centre of gravity is the “defeat mechanism” by which a nation-state seeks to have successful strategy execution. This defeat mechanism can be a tangible, physical goal such as the Japanese attack on Pearl Harbour. On the other hand, that can also be done through a more abstract mechanism, such as breaking the opponent’s will to persist in the war.

51 John Hattendorf, Wayne Hughes. Military Strategy, Classics of Sea Power, eds. Annapolic: Nava Institute Press, 1967, reprinted with a new introduction and postscript, 1989. p. 14

24

Figure 1.2 Asymmetric Strategies Given the explanation that operational pattern and the centre of gravity as the key determination of a strategy, it is possible to see how asymmetric strategy could be drawn on a matrix (Figure 1.2). As shown on in Figure 2 above, a strategy is asymmetric if it occupies any quadrant separate from the opponent’s approach. In addition to that, strategies that are horizontally or vertically opposed are partially asymmetric, while strategies in diagonal quadrants are fully asymmetric; they differ both in type of centre of gravity and operational pattern. Great powers when opposed by a weaker opponent tend to choose strategies which occupy left quadrant.

Based on Wylie strategic options matrix, a nation-state could have the options to follow a cumulative or a sequential pattern. Furthermore, the choice of operational pattern can direct at a tangible or abstract centre of gravity. An opponent’s response in conventional warfare can also be defined as asymmetric if:

- The operational pattern is different from our own, and/or - If the opponent is seeking to attack a different type of centre of gravity than the one we have chosen.

25

A.2) RAND’s National Defence Research Institute

In the following years, RAND, a non-profit institution that helps improve policy and decision-making through research and analysis, produced a brief document on asymmetric strategies prepared for the Office of the Secretary of Defense of the U.S. The research comes from the perception that modern warfare demands a more advanced preparation. Points of asymmetric strategies concept defined below52:

a. Asymmetric strategies attack vulnerabilities not appreciated by the target. b. Asymmetric strategies attack vulnerabilities capitalized on limited preparation against the threat. c. Strategies rely primarily on concepts of operations (CONOPs) fundamentally different from the victim’s target or from recent history by often employing new or different weapons to attack. d. Strategies can serve political or strategic objectives that are different from those the target pursues.

The idea of targeting vulnerabilities is not unique to the concept of strategic warfare. The writing of Sun Tzu, Clausewitz, manoeuvre warfare and centres of gravity included as comparable historical concepts.53 Weapons are not necessarily the essence of asymmetry, however, some weapons are considered and consistently seen as part of asymmetric strategies. The weapons are used to undermine the opponent strength either within or without a classical conflict.54 These weapons include:

a) Ballistic missiles b) Weapons of mass destruction c) Theatre missiles d) Special forces

52 Bruce W. B, Christopher P. T, Gregory F. T. “What Are Asymmetric Strategies?” RAND, 1999. p. 11 53 Ibid. 54 William Cohen, Secretary of Defence, Quadrennial Defense Review 1997.

26

e) Terrorism f) Advanced Surface-to-Air Missiles (SAMs) g) Deep-sea mines h) Diesel Submarines, and i) International warfare

Combination of such weapons in countering threats also demands different actions. Strategic actions are practiced for the reasons of providing significant benefits, to expose weaknesses of the adversaries. These actions are expected to considerably affect international perception of what happens. Asymmetric strategy consists of different types of actions, namely55:

a) Affecting perceptions (e.g., Saddam Hussein in manipulating UN sanctions— Arab states deny U.S. access) b) Coercion (e.g., UN sanctions on Iran nuclear program) c) Disruption (e.g., Russia integrated cyber-attacks against Estonia government) d) Destruction (e.g., a Biological Weapon attack New York) e) Exhaustion (e.g., Vietnam) f) Strategic event

The threats can be posed through different operational actions such as military/economic denial, military disruption and political or economic disruption. Nonetheless, threats also can be posed with different and combined purposes with a more strategic in character that might bring long-term conflict. Specifically, many asymmetric strategies are also the result of long-term international competition of specific goals.

2.2. Previous Researches

55 Ibid. p. 16

27

Knowing the fact that the birth of cyberwarfare is considerably a new phenomenon, to date, the academic literature on the subject of cyberwarfare is fairly limited and specific information regarding it is quite difficult to come across. Much of the literature doesn’t succinctly analyse the idea of cyberwarfare correctly, they referred to different conceptual of cyberwarfare which are less relevant to the chosen topic. In addition, most of the articles and papers discussing cyberwarfare are all based on a few central facts and close to proven as possible, make it difficult to actually state much specific information. Much of the information available comes from the U.S., providing some level of insight into the dealings with cyberwarfare. Hence, the following literature reviews are best chosen to be relevant along with the theoretical approach.

2.2.1. David Paul Tuthill (University of Kent, 2012): “Reimagining Waltz in a Digital World: Neorealism in the Analysis of Cyber Security Threats and Policy”

Tuthill’s dissertation, submitted to the Brussels School of International Studies, University of Kent, reimagined the landscape of realist theory wrote by Kenneth Waltz. Tuthill, however, argued that the single used approach of neorealism doesn’t necessarily proclaim that this can accurately describe the phenomenon of digital relations between states. Tuthill focused on reimagining Waltz’s realism be in turn reimagined for the cybersecurity in 21st century. The digital realm, Tuthill believes, possess asymmetric nature of cyber threats where the expansion of digital of infrastructure has provided amplitude opportunities for adversaries. Tuthill argued that the most vital points, for those wishing to cause large amount of damage, are usually those deemed to be critical infrastructure.

Tuthill adapted the theory of neorealism to cybersecurity encompassing some concepts to be explored in a great detail. The kinetic relationship between states to studying relationship between abstract collections of servers and users are analysed

28 for further analogies. Tuthill focused on examining the assumptions that the anarchy of international system, the fundamental distrust and the power seeking behaviour, and the use of nation-state as the primary unit of analysis.

The relation of anarchic international system to cyberspace is the absence of a body regulating the dispute between state-actors which is considered to be fundamental to the power structure. As the consequences of anarchy condition, security becomes the highest priority of a state. In digital realm, the concept of power becomes more tangible. Tuthill also highlighted the fundamental distrusts within the component of cyberspace is due to the issues of attribution. The anonymous nature of the cyberspace as well as internet has limited the definition aspect of online culture. Ultimately, the utmost concern Tuthill postulated is the concept of level of abstraction as the conceptions of networking theory.

2.2.2. Gabriel Strinde (Lund University, 2011): “Cyberwarfare: Connecting Classical Security Theory to a New Security Domain”

A thesis submitted to Peace and Conflict Studies, Department of Political Science at Lund University written by Gabriel Strinde in the spring 2011. Strinde defined cyberwarfare as the actions by a nation-state to penetrate another nation’s computer or networks for the purposes of causing damage or disruption, used the same explanation provided by Richad Clarke and Robert Knake.56 Strinde argued that the possibilities of cyberwarfare from happening and its vulnerabilities are on the grounds of the connected world, trap doors, and logic bomb.

The world is more connected which has made the production spread across many companies and states. Meaning, the world is borderless and simply allows any possible adversaries to exploit one’s vulnerabilities. Trap doors, Strinde defined, is

56 Clarke, Richard A. & Knake, Robert K., Cyber war: The next threat to national security and what to do about it, HarperCollins Publishers, New York, 2010, p. 6

29 the vulnerability built into a computer so that programmers can return the way the program works more easily. This has allowed anonymous hackers to gain full access to the programs. The last one is the placement of logic bombs within programs, which can be placed unnoticed on a computer by someone using a trap door, that can erase an entire computer when it is needed.

Strinde enunciated that cyberwarfare enables a certain asymmetry in power that could change the way realism views the nation-states’ power and the way they interact. Technological sophistication is regarded as a power that plays major role in cyberspace. The correlation between offensive capabilities, defensive capabilities and dependence on cyberspace are all relied upon the technological sophistication a nation-state possesses. Likewise, Strinde believed that financial support as a power also has the potential to destabilize stock markets.

Strinde attempted to make a correlation between the idea of neorealism as well as classic realism and the term of cyberwarfare. His first correlation is between cyberwarfare and Waltz’s neorealism. The concept of power as a means for achieving survival and the way to acquire it through internal as well as external balancing are in favour of Waltz’s neorealism. States are being aware of their weaknesses in cyberspace that makes some states refrain pursuing their interest and unwilling to endanger itself.

As for offensive realism, Strinde correlate cyberwarfare in terms of its power maximization that could provide new challenges. Cyberwarfare could provide a state with a concept of asymmetric power, which is more obtainable. States’ distrust over each other intentions is also applicable to the concept of cyberwarfare where most state find cyberspace as a new battlefield of security interest. The last correlation is between cyberwarfare and defensive realism. Strinde found defensive capabilities of states are rather difficult in favour of cyberwarfare. With the logic of indistinguishable weapons within cyberspace, it provides unbalanced and unequally perceivable threat for a state to respond to.

30

2.2.3. Thomas Rid (Foreign Affairs, 2013): “Forget the Hype about Cyberwar: Hacking Makes the World More Peaceful”

“Forget the Hype about Cyberwar: Hacking Makes the World More Peaceful” was written for November/December issue of Foreign Affairs by Thomas Rid. Rid argued the hype about cyberwar are on the grounds of three basic truths, namely: cyberwar has never happened in the past, it is not occurring in the present and highly unlikely that it will disturb the future. Nonetheless, the argument was then represent important changes in the nature of political violence that is cyber-attacks inherited in cyberwarfare.

Rid elaborated the case for cyberwar by firstly mentioning three basic main criteria of a warfare offered by Clausewitz. Clausewitz identified that all acts of war are violent or potentially violent, always instrumental that has the force to compel the enemy to accept the attacker’s will, and must have political goals. Rid believed no known cyberattack has met those three criteria until Stuxnet was discovered. He believed that Stuxnet represented the first and only physically destructive cyber- attack launched by nation-states.

Rid stated the most crucial limitation of violence in cyberspace is its almost entirely destructive quality. Rid believed that cyberwarfare represent a less violent lethal form of aggression which are sabotage and espionage. Digital violence does have implications for ethics and for national security strategy.

2.2.4. Richard A. Clarke & Robert K. Knake (Harper Collins, 2010): “Cyberwar: The Next Threat to a National Security and What to Do About It”

Richard Clarke was a former of the U.S. cybersecurity official who served three presidents as an advisor on national security issues while Robert Knake is an

31 international affairs fellow at the Council on Foreign Relations. 57 The book was initiated after the U.S. Defense Secretary Leon Panetta strongly warned that a cyber- attack against utility, transport systems and financial service could be damaging as the September 11 attacks.

The focus of the book revolves around the cyberthreats coming from nation- states rather than from individual hackers, criminals or cyber-terrorist. They defined cyberwar as an “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” According to the authors’ point of view, cyberwar is real, global and capable of occurring at the speed of light. The authors also believed that the cyberwar has already begun and that nations are preparing the cyber battlefield. Albeit the existence of cyberweapons like Stuxnet was unknown until the book was published, authors predicted that the U.S. and several other countries possess cyber-attack capabilities that could devastate a modern state. Nonetheless, the authors’ concern over cyberthreats merely stressed on the U.S. national security issues than to any other nation due to the U.S. disproportionate and overwhelming dependency on cyberspace. The author also prescribed practical and theoretical prescription for national and international cybersecurity improvement. The obvious shortcoming is, it lacks of footnotes, endnotes and an index. Hence, the credibility and validity of some facts and statements are difficult to confirm.

2.2.5. Jason Andress & Steve Winterfeld (Syngress, 2011): “Cyberwarfare: Techniques, Tactics and Tools for the Security Practitioners”

The authors cover every information deemed necessary on how to use cyberspace to conduct cyberspace warfare operations. The written content showed

57 David Fanca. “Book Review: “Cyberwar: The Next Threat to National Security and What to Do About It”. Global Security Studies Review. Georgetown University. December 18 2012. From Web Accessed October 2013.

32 that how little the main concepts of cyberspace have changed in the past decade. The book illustrated some graphics out of military manuals that encapsulates all of the cyberwarfare issues mentioned within the book. The graphics overlap in terms of policy, processes, organization, technology, people and skills.

The author highlighted the definition of cyberwarfare, the look of a cyber- battle space the current doctrine’s idea about cyberwarfare from the perspective of various nations. In the middle of the book, the authors take on the task in describing Computer Network Operations (CNO) spectrum that ranges from Computer Network Defense (CND), Computer Network Exploitation (CNE), Computer Network Attack (CNA) as well as ethics in cyberwarfare as concepts that change the interpreted law.

CHAPTER III

RESEARCH METHODOLOGY

3.1. Research Purpose

3.1.1. Exploratory Research

The purpose of a research might be varied depend on matter of emphasis. The objective of an exploratory research is the development of hypothesis rather than testing. It implies that the research is intended to explain rather than simply describe of the phenomena studied. This exploratory research often relies on secondary research such as reviewing other available literature such as previous research done by scholars within the same field. Oftentimes, many secondary researches use qualitative approaches such as informal discussions as well formal ones through in- depth interviews, case studies or focus group discussions. Secondary data are gathered and collected from proper sources virtually that are available for everyone to access.

33

This research is conducted for the purpose of research is to gain familiarity with a phenomenon or acquire new perspective as new insight upon the topic. Therefore, there is a need for an exploratory research is felt to gain experience that will be helpful for a more definite investigation.58 The main objective beneath every exploratory research is to discover of new ideas and insights. Case studies, primary data and secondary data (qualitative) methods are best chosen to help exploring the strategy that the U.S. used in conducting the cyber-attack on Iran, within the period of time 2010 to 2012.

3.2. Research Method

3.2.1. Qualitative Approach

The approach being used in this research is qualitative approach as the study of the topic is intended to investigate and to comprehend the phenomenon; what was happening, why it was happened, and how it was happened. Qualitative approach is used as a method because it exploits the available facts, collected and how they are correlated. The research is also intended to apprehend the incidents, roles, interactions and any plausible factors that affect to it. It aims to gather in-depth information and understanding of the method or strategy being used by the U.S. in conducting the cyber-attack on Iran.

The qualitative method investigates the why and how of a decision making, not just what, where and when. Hence, smaller but focused samples are more often used than large samples. Qualitative methods produce case studied, and any more general conclusions are only propositions as an informed assertion. Within this research, the sample being used is the case of cyber-attack conducted by the U.S., covered under the program of Operation Olympic Games from 2010 to 2012.

58 “Business Research Methods” , Saroj Kumar & Supraiya Singh. Retrieved October 2013 34

Many key characteristic of qualitative research are explained by Christina Hughes from Department of Sociology, Warwick University.59 As the events can be understood adequately by using qualitative methods, researchers must immerse themselves in the setting. The aim of qualitative research is to understand the phenomenon studied as unified.

1.2.2. Secondary Research

Secondary research involves the summary, collation of existing research rather than primary research where data is collected from, for example, research subjects or experiments.60 Such secondary research uses the primary research of others typically in the form of research publications and reports. Oftentimes, secondary research is required in the preliminary stages of research to determine what is known already and what new data is required or to inform research design. Materials being used are varied from books, journals, international newspapers among others that had been documented by the previous researchers.

Secondary research is also known as desk research where the act of gathering data comes from the internet. This method is quite different from primary research as primary research involves working in the field to gather data that has not been collected before, hence sometimes referred as field research. That means that the research design of qualitative approach differs from that of a study that starts with an understanding to be tested, where often the hypothesis literally dictates the form,

59 Christina Hughes. "Quantitative and Qualitative Approaches." Warwick Department of Sociology. N.p., n.d. Web Accessed October 2013 60 Crouch; Sunny Crouch, Matthew Housden (2003). Marketing research for managers; The Marketing Series; Chartered Institute of Marketing. Butterworth-Heinemann. p. 22. ISBN 0750654538. Accessed October 2013

35 quantity, and scope of required data. 61 Whatever the study and whatever the method, the indications of form, quantity, and scope must be obtained from the question, from the chosen method, the selected topic and goals, and in an on-going process from the data.

1.2.3. Case Study

A case study is considered as a descriptive, exploratory and explanatory of a phenomenon studies. An explanatory case study is used to explore causation in order to find underlying principles. 62 63 Thomas offers the following definition of case study64:

"Case studies are analyses of persons, events, decisions, periods, projects, policies, institutions, or other systems that are studied holistically by one or more methods. The case that is the subject of the inquiry will be an instance of a class of phenomena that provides an analytical frame — an object — within which the study is conducted and which the case illuminates and explicates." A case selection that is based on representativeness will seldom be able to produce such kinds of insights, meaning that the researchers will be able to use information as a sampling as opposed to random sampling. Alternatively, a case might be chosen and selected as a key case because of the circumstances surrounding it. Purposes are firstly deemed to be identified (evaluative or exploratory) and then the process will proceed upon the chosen principle.

61 “Qualitative Research Design”, Chapter 4 (2006) PDF. SAGE publications. from Web http://www.sagepub.com/upm-data/13172_Chapter4.pdf. Accessed October 2013 62 Shepard, Jon; Robert W. Greene (2003). Sociology and You. Ohio: Glencoe McGraw-Hill. pp. A–22. ISBN 0-07-828576-3. 63 Robert K. Yin. Case Study Research: Design and Methods. Fourth Edition. SAGE Publications. California, 2009. ISBN 978-1-4129-6099-1 64 G. Thomas (2011) A typology for the case study in social science following a review of definition, discourse and structure. Qualitative Inquiry, 17, 6, 511-521

36

Bogdan and Biklen defines case study as a detailed examination of one setting, or a single subject, single depository of document, or one particular event. These definition taken altogether leave to suggestions that the case study is an approach of capable of examining simple or complex phenomenon, with units of analysis varying from single individuals to large corporations and business; it entails using a variety of lines action in its data-gathering segments and can meaningfully make use of and contribute to the application of theory.65

The use of qualitative method tends to be more dynamic as it offers flexibility and by time could be adapt in several condition related to the phenomenon observed. The social phenomena as qualitative object is not in mechanistic form but rather fulfilled by dynamics and could not be easily created literary depends on research will. By focusing on a single phenomenon as the case study approach to be their guide to their research, the researcher aims to manifest interaction of significant factors. Therefore, the researcher is able to capture various nuances, patterns and more latent elements than the other research approach might overlook. (Berg, 2009)

A case study also investigates real life study in real-life context. Thus, a case study is appropriate for the research as it investigates the phenomenon of cyberwarfare in the twentieth century. Specifically, the research is focused on the strategy that was used when the U.S. conducted the cyber-attack on Iran covered under the Operation Olympic Games, a campaign of sabotage by means of cyber disruption. The nuclear program developed by Iran triggered the U.S. to possess suspicious thoughts over its development.

1.2.4. Document Analysis

65 Berg, B. L. (2009). Qualitative Research Method for the Social Science-Seventh Edition. Boston: Allyin And Bacon – Pearson Education International p. 317 37

Sari Knopp Biklen and Robert C. Bogdan (2007) stated that another form of data is document. The scholars also categorised the document into three parts in which sometimes these documents are used in connection with, or in support of, the interviews and participant observation.66 These documents are:

1. Personal documents 2. Official documents, and 3. Popular culture documents

Qualitative document analysis remains one of most common, yet methodologically misunderstood, components in political science research. Building bridges between two traditions, drawing lessons from several recent studies and borrowing advices from other disciplines in the social sciences are series of guidelines in qualitative study of political documents.67

The positivist elevates two concepts as crucial elements of any legitimate study in political science, namely validity and reliability. The former term refers to the importance of ensuring that one’s finding accurately represents the concepts under examination. According to Oxford Dictionaries, validity means the quality of being logically or factually sound, officially binding or acceptable. While on the other hand, reliability refers to the consistency of a particular measurement, the extent to which a particular assessment would yield identical results if repeated under the same conditions.

In Naturalistic Inquiry written by Egon Guba and Yvonna Lincoln, there are four common norms representing the concept similar to validity and reliability. The notion of trustworthiness is borrowed from their seminal research in 1985. First, document analysis must protect the authenticity or the truth-value of their research. A

66 Bogdan, R. C., & Biklen, S. K. (2007). Qualitative Research for Education: An introduction to Theories and Methods. Boston: Pearson Education, Inc. p. 133-138 67 Jared J. Wesley, “Qualitative Document Analysis in Political Science”. University of Manitoba, Department of Political Studies. 9-10 April 2010 (PDF). T2PP Workshop, 9-10 April 2010, Vrije Universiteit Amsterdam. Accessed October 2013

38 genuine interpretation of reality or accurate readings of particular set of documents are offered by authentic analysis.

The second common norm is portability. This refers to external validity, or the generalizability of a particular analysis to a broader question about political life. Third, researchers studying their political topic must be wary of the precision of their analysis. This refers to the transparency manner by researchers while analysing set of documents. Researchers also use the term dependability to describe the precision of their research. The fourth and the last concern is the impartiality of the researchers’ observations. To remain impartial, researchers must achieve conformability in their findings, ensuring that their conclusions are drawn from the evidence at hand.

The type of document that is being used within this research are personal documents, and official document. Personal documents are collected and gathered from individual research, such as relevant thesis as well as dissertation from other researchers. The personal documents were utilised as source within the research. Official documents are the document that are readily available to the researcher, mostly provided online from internet albeit some are protected and confidential.

The official documents are divided into two parts, namely internal and external documents. While internal documents can reveal information about the official chain of command and internal rules and regulations, external communication refers to materials produced by organisation for public consumption.

Bogdan and Biklen also referred the documents as in memos, minutes of meetings, newsletters, policy documents, proposal, codes of ethic, dossiers, students’ record, statement of philosophy, news releases, brochures, pamphlets, and the like.68 Such documents are provided in different types of documents such as: (a) research from international non-governmental organization, (b) previous thesis and

68 Bogdan, R. C., & Biklen, S. K. (2007). Qualitative Research for Education: An Introduction to Theories and Methods. Boston: Pearson Education, Inc. p. 133

39 dissertation, (c) power point presentation, (d) newsletter and magazine, (e) international journal and (f) booklet. The observation of documents will provide the data about historical context and other relevant exploration.

3.3. Data Collection

In qualitative research, the quality of research depends on the quality of data completion. The procedures, tools and instruments that are used in gathering data and information come from various relevant sources yet trusted. Albeit it is time consuming, the benefit of the qualitative approach is that the information is richer and has a deeper insight into the phenomenon study.69 The most common sources data collections in qualitative research are interviews, observations, and review of documents (Creswell, 2009b; Locke, Silverman, & Spirduso, 2010; Marshall & Rossman, 1999). This research draws heavily from international journals and articles.

Fundamentally, qualitative research is a type of scientific research that consists of an investigation that seeks answers to a question, systemically used a predefined set of procedures to answer the question, collection of evidences, produce findings that were not determined in advance and produce findings that are applicable beyond the immediate boundaries of the study.70

In order to explore the knowledge of cyberwarfare conducted by the U.S., the writer attempts to comprehend any findings from reliable sources, mostly comes from secondary data as in international journals, any relevant published books, previous researches etc. Analysing documents as the method is also beneficial. The definition of document analysis is a technique used to gather requirements elicitation phase of a project. It describes the act of reviewing the existing documentation of

69 “Module 9: Introduction to Research”. Methods of Collecting Qualitative Data. From web libweb.surreu.ac.uk Accessed 10 October 2013 70 “Qualitative Research Methods: A Data Collector’s Field Guide”. Qualitative Research Methods Overview (PDF). Module 1. Accessed October 2013. http://www.ccs.neu.edu/course/

40 comparable business processes or systems in or systems in order to extract pieces of information that are relevant to the current project and therefore should be considered projects requirements.71

3.4. Research Setting

The research attempts to understand the phenomenon of cyberwarfare. Hence, the research seeks to explain the strategy or method that was used by the U.S. in conducting the cyber-attacks covered under the Operation Olympic Games campaign from 2010 to 2012. Iran’s nuclear development commenced in the 1950s, the United States expressed concern since the mid-1970s upon the matter. Iran nuclear development is under the U.S. suspicion that it is for Iran to develop nuclear weapons.

The research focuses on the method and strategy that the U.S. used in conducting the cyberwarfare. The researcher deemed it pertinent to choose the topic as a small number of researches have been made discussing the topic, hence, many still left questions mark upon the phenomenon. Therefore, this exploratory research about cyberwarfare issue is considered important to inform the readers the what, how, why, where and when of cyberwarfare.

3.5. Data Analysis

In every research, data analysis is undeniably deemed necessary as all documents ad theory will be analysed and connected with the object of the research. There are number of procedure applied by the qualitative researcher. Miles and Huberman (1994) in Berg (2009) identified three major approaches to qualitative

71 Interview qestions about document analysis. Retrieved in January 2013 from http://www.modernanalyst.com/careers/interviewQuestions

41 data analysis: interpretative approaches, social anthropological approaches and collaborative social research approach.

Apart from aforementioned approaches, there is one another well-used methods within qualitative research, namely descriptive-interpretive approaches. In the approach, it is started with the formulation of the research problem, followed by discussions of issues in qualitative data collection and sampling. It is then followed by a data analysis presentation and then summarised by the principles of research.

3.5.1 The Process of Qualitative Data Analysis

Either qualitative or quantitative research requires several steps of data analysis to make a well-structured of a research itself. The research using qualitative method is based on acquiring data from various resources. Kathy Charmaz (1983) in Bexter and Babbie (2003) stated that there are several basic steps in the process of a qualitative data analysis. However, these steps are varied and depended on the research that is chosen by the researchers. The five most relevant steps are best chosen in describing the process, as follows:

1. Determining Questions: In acquiring the background of data of a research, general question is deemed necessary to be likely raised in the beginning. The most fundamental question of every research would be, “what is going on here?”, this beginning question reflects the research’s general framework or to orient the data gathered into a set of research. Regardless of how a “start- up” question of the researcher, additional question in the surface is crucial as the attempt for researchers to make sense of them.

42

2. Unitizing Textual Data: For the purpose of analysis, all documents being gathered needs to be broken down or unitised.

3. Developing Coding Categories: The types of coding offered by John and Lyn Lofland (1995) divided into three categories, namely housekeeping coding, research-process coding and analytic coding. Research-process coding is an analysis of the reflexive journal and involves the categorization of the process employed in collecting and analysing textual data. Meanwhile, analytic coding addresses the meaning and meaning making evidence to the researcher in the textual data. 72 Hence, this research will use those two aforementioned coding.

4. Checking: In checking on the analysis of the all points of the process, Lincoln and Guba categorized three procedures employed by many qualitative researchers. (1) negative case is analysis of accounting for discrepancies in the data (2) member checks – “procedure in which you go back to participants with your analysis, seeking feedbacks of its credibility”, and (3) triangulation.

5. Data Reduction: For a qualitative research, the amount of data could be enormous and out of reach. To make it more effective and efficient on its assessment, reduction of data is required. According to Berg (2009), the qualitative data need to be reduced and transformed in order to make it more accessible, understandable and to draw various themes and patterns.73

72 Bexter, L A., & Babbie, E. (2003). The Basic of Communication Research Boston: Wadsworth- Cengage Learning 73 Berg, B. L. (2009). Qualitative Research Method for the Social Sciences-Seventh Edition. Boston: Allyn and Bacon – Pearson Education International. P. 158 43

CHAPTER IV

THE BILATERAL RELATIONS BETWEEN UNITED STATES AND IRAN

In this chapter, the historical background of the U.S. and Iran bilateral relationship will be examined. That includes the exploration of how historiography factor has immensely affected the way they build up diplomatic relations. Leading up to the analysis, detailed discover of the U.S. interest towards Iran will be provided. Then it will be continued by the exploration of the U.S. foreign policy towards Iran followed by the analysis of Iran geostrategic importance to the U.S. Note on the imposed sanctions on Iran by the U.S. has also been reviewed, noting that the two countries have deep distrust over each other leaving suspicious thoughts on every single movement they take.

4.1. A Background of the United States-Iran Relations

44

As the home to one of world’s oldest civilizations74, Islamic Republic of Iran had been through much of complex historical events from the succession of dynasties of rulers, wider range of ethnic groups to foreign infiltration that make up modern day Iran.75 Iran (Persia) before the 1979 Islamic Revolution was dealing with an enduring struggle to have its own independence. Invaded by variety of cultures from Mongols in 1902, Tamerlane (Turkic origin) in 1381, the Safavis in 1501-1722 to the Qajars in 1795-1925.76 However, in the early of nineteenth century, the Qajars began to face pressures coming from two great powers, Soviet Union and Britain and caused the Qajars to give up all claims territories. Soviet Union and Britain would soon interfere Iran’s domestic affairs and dominated Iran’s trade.

Iran declared its neutrality during World War I and World War II to prevent entanglement from great powers. Unfortunately, Iran strategic geography has brought Iran as a battleground for Soviet Union, Turkish and British troops.77 This occurrence had brought Iran closer to the Western powers. Passing through Reza Shah strong central government to Mosaddegh popularity on oil nationalization, the idea of Westernization had gone deeper to Iranian. Domestic political chaos reached a peak in 1953 led to U.S. intervention by overthrowing Mossaddegh and put back the Shah into the regime.

Taking into account historical background, the relations between the U.S. and Iran had begun during the Great Game when Iran was under the power of Britain and Soviet Union. The U.S. seemed to become a more trustworthy Western power by Iran until the U.S. intervention in deposing Mossadegh as a Prime Minister through coup d'état in 1953. This controversial coup d'état happened because of

74 Lowell Barrington (2012-01). Comparative Politics: Structures and Choices, 2nd ed.tr: Structures and Choices. Cengage Learning. p. 121. ISBN 978-1-111-34193-0. Retrieved 27 September 2013 75 Burchill, S. (2009). Liberalism. In: Burchill, S. et al. Theories of International Relations. 4th ed. Basingstoke: Palgrave Macmillian. pp.57-85 76 Federal Research Division (2008), Iran: A Country Stud, 5th ed.: Historical Setting. Liberal of Congress. p.17-22. ISBN 978–0–8444–1187–3. Retrieved 27 September 2013 77 Ibid

45

Mossaddegh’s Anglo-Iranian Oil Company (AIOC) nationalization policy which significantly would hinder the U.S. to gain control over Iran’s oil.

Mohammad Reza Pahlavi, was widely known as The Shah, governed Iran afterwards and maintained close ties with the U.S. This fact supported by the incident when the U.S. brought Reza Shah back to power after the overthrow of Mossadegh.78 Due to the close alliance, he was pursuing a more Westernization through Iran foreign and economic policy. Having experienced both incidents that were strongly involving the U.S. in Iranian domestic affairs had put their bilateral relations at stake. Many Iranian believed and argued Shah’s arbitrary rule was because of the U.S. extensive support. These past two perennial incidents had caused Iranian a deep distrust of the U.S. and led to a “deeply anti-Americanism character” of Iranian Islamic Revolution in 1979.79 Iranian Islamic Revolution was longish concomitant of Iran distrust of its government that many believed was under the U.S. great influence. The perennial dispute between Iran and the U.S. leaders entered a new different stage when Iranian Supreme Leader, Ayatullah Rohullah Khomeini, called the U.S. as the “”80. As what Ali Khamenei believes that Iran has been the home of foreign infiltration, the statement of Ali Khamenei is written on his official website as written below:

"The Iranian nation has been humiliated throughout the centuries; sometimes by the despotic kings, when there has yet been no colonialism, hegemony and foreign infiltration.”81

Taking into account the geopolitical perspective and its strategic importance, the background of the U.S. and Iran bilateral relationship can be divided into two phases, namely: before the Iranian Islamic Revolution and the aftermath of Iranian

78 Ansari, Ali M. Modern Iran since 1921. Longman. 2003 ISBN 0-582-35685-7 p.26-31 2 79 Gasiorowski, writing in Mohammad Mosaddeq and the 1953 Coup in Iran, Edited by Mark J. Gasiorowski and Malcolm Byrne, Syracuse University Press, 2004, p.261 80 Katz, Mark N. (2010). "Iran and Russia". In Wright, Robin B. The Iran Primer: Power, Politics, and U.S. Policy. United States Institute of Peace. p. 186. ISBN 978-1-60127-084-9. 81 “Leader’s Call on Islamic Revolution” The Office of the Supreme Leader Sayyid Ali Khamenei. http://www.leader.ir/langs/en/index.php?p=bayanatArchive. Retrieved 27 September 2013.

46

Islamic Revolution until to the tenure of George W. Bush presidency.82 The phase before Iranian Islamic Revolution is directly related to the case of Mohammad Reza Shah Pahlavi reign, replacing ’s through a U.S.-backed coup d'état. This was due to the close relationship that the U.S. and Iran maintained as Iran’s high desired strategic position in the Persian Gulf region. During that moment, the U.S. become the most important foreign power to support the regime of Reza Shah, whom considered to be able to help the U.S. achieving their national interest in the region. The support came from the global design of Kissinger’s doctrine where it is believed that U.S. needed a regional superpower to defend their interest in the Middle East region and particularly in the Persian Gulf against the Soviet Union within economic competition with the Western Europe as well as Japan.83

The year of 2013 is believed to have become the shifting of the U.S. and Iran relationship. A historic phone call made by President Obama to the new elected Iranian president on 27 September 2013. This is the first highest- level contact between the two countries in three decades,84 showing positive signs towards reconciliation. Barack Obama admits that he is open to direct contact with Iran while also offering other offensive options such as military strikes. The Iranian President Hassan Rouhani also expressed his interest that have reached out positive talks between those two lasted about 15 minutes. This milestone is considered to be opening door to Geneva interim agreement on Iranian nuclear program held on 24 November 2013. A pact signed between the P5+1 countries consisting of short-term freeze of portions of Iran’s nuclear program in exchange for decreased economic sanctions as the countries work toward a long-term agreement.85 The agreement will

82 Saeid Naji, Jayum Anak Jawan. “The U.S. Geopolitical Codes and Its Influences on the US-Iran Relations: The Case of George W. Bush’s Presidency. Journal of Politics and Law. Vol. 4, No. 1; March 2011. Canadian Center of Science and Education. Accessed January 11, 2014 83 Ibid 84 Jeff Mason and Louis Charbonneau. “Obama, Iran’s Rouhani hold historic phone call”. September 28, 2013. Reuters. WEB. Accessed 20 January 2014 85 Anne Gearan and Joby Warrick (23 November 2013). "World powers reach nuclear deal with Iran to freeze its nuclear program". The Washington Post. Retrieved 24 November 2013.

47 be effective on January 20, 2014 and have represented the first formal agreement between the U.S. and Iran in 34 years.86 87 The signed agreement is elaborated below:

a. Uranium enriched beyond 5% will be either diluted or converted to uranium oxide. Iran cannot add new uranium at the 3.5% enrichment to the current stock. b. Iran cannot install any new centrifuges or anything for prepared installations. c. Iran will not be using its IR-2 centrifuges for enrichment. 50% of the Natanz centrifuges facility and 75% at the Fordow enrichment facility will not be operated. d. Iran will not develop any new uranium enrichment or any nuclear reprocessing facilities. e. No fuel will be produces, transferred or tested to the Arak nuclear power plant and Iran has to share the design details of the reactor. f. The IAEA will be allowed to have managed access to Natanz and Fordow and to Iran’s uranium mines and centrifuges production facilities. g. Iran will provide required data as expected as a part of an Additional Protocol. Iran will also address IAEA with questions related to the possible military dimensions of the nuclear program.

4.2. The United States’ National Interest towards Iran

86 Blair, David (24 November 2013). "Iran nuclear deal agreed at Geneva talks". The Daily Telegraph. Retrieved 25 November 2013. 87 Parisa Hafezi and Justyna Pawlak (12 January 2014). "Iran nuclear deal to take effect on January 20". Reuters.

48

There are three most distinguished strategic interests that the U.S. possesses in the Persian Gulf, namely: maintaining the flow of oil onto world markets, preventing Iran from dominating the region as well as minimizing the possibilities of terrorist threat.88 The 34-year-old enmity between Iran and the U.S. is also influenced by the fact that Iran is emerging as the pivot of Middle East politics and is an eternal rival to Israel, which is considered to be the U.S. close ally.89 To some considerable degree, Iran has also become the dominant force in shaping events in the Middle East due to its strategic importance as well as their nuclear development program.

The U.S. has been using its military force in order to protect its interest in the world, primarily in the Middle East, safeguarding the oil sources and the sea lines they pass to the Asia continent.90 U.S. presence in the Middle East started since 1976 to 2007 in accordance with the policy that was formulated during the World War II when the U.S. battled with Japan over the oil shipping choke points in the shipping.91 The approach was adopted from the Truman and Eisenhower doctrine where the Soviet’s presence in Iran and Middle East had threatened Persian Gulf oil deliveries. Oil is vital not only to the U.S. but also its allies whose economy is heavily relied o petroleum imports. Thus, the protection of oil energy source has become one of the U.S. national security strategy. The official statement is written on the National Security Report (NSC) 136/1 No. 47 by the Executive Secretary on November 20, 1952, as seen below:

“It is of critical importance to the United States that Iran remains an independent and sovereign nation, not dominated by the USSR. Because of its key strategic position, its petroleum resources, its vulnerability to

88 Christopher Hemmer. “Responding to a Nuclear Iran”. Strategic Studies Institute. Accessed January 11, 2014 89 Gary Sick. Trite Parsi. Ray Takeyh. Barbara Slavin. “Iran’s Strategic Concerns and U.S. Interest”. Symposium: Iran’s Strategic Concerns and U.S. Interest. Middle East Policy Council Vol. XV, No. 1. (2008). Accessed January 11, 2014 90 Kevin Wang and David Kashi. “Major U.S. Military Operations/Actions to Protect Oil”. Oil Change. WEB. Mediil National Security Journalism Initiative. Accessed January 12, 214 91 Ibid. 81

49

intervention or armed attack by the USSR, and its vulnerability to the political subversion, Iran must be regarded as a continuing objective of Soviet expansion.92

The report also stated that if Iran has lost either by default or by the Soviet intervention, it would cause huge impact to the free world of access to the Iranian oil and would seriously threaten the loss of other Middle Eastern oil. Moreover, it would damage the U.S. prestige in nearby the country which therefore would seriously endanger the security interest of the U.S. The freedom of sea navigation in the Gulf has always been the U.S. national interest as an uninterrupted flow of petroleum will ensure the safe transit of petroleum as well as energy supply for the U.S. and the allies. Any acquisition of the petroleum flow of market would have strategic consequences.93

The uneasiness feeling that the U.S. Middle Eastern allies, Saudi Arabia and Israeli, have over Iran’s perceived long-standing hegemonic desire to dominate the Middle East has also become the U.S. concern. Since the fall of Iraqi’s leader, Saddam Hussein, Iran has become the most significant military power in the Middle East.94 Iran is believed to become the critical importance to the U.S. strategic interest in the region. Iran’s planned pursuance for nuclear development certainly gives security dilemma to the U.S. allies within Middle East region and to the U.S. itself. Therefore, the U.S. maintained its strong presence in the Gulf region by forming defense -contract to American-based companies.95 However, the contracts were more likely to consist of human factor, if not purely financial, as capital that help consolidating military ties with the U.S.

92 National Security Council Report. “The United States Policy Regarding the Present Situation in Iran.” NC 136/1 No. 47. November 20, 1952 93 Matthew Kroenig. Robert McNally. “Iranian Nukes and Global Oil”. The American Interest. 12 February 2013. WEB. Accessed January 13, 2013. 94 Gabriel G. Tabrani. “How Iran Plans to Fight America and Dominate the Middle East”. 22 October 2008. AuthorHouse. ISBN-13: 9781438918327 95 Ibid

50

There are two major perceived threats categories in the Middle East region namely: 1) power capabilities in terms of military strength; and 2) the threats to the domestic security and stability of the ruling elite coming from abroad.96 The balance- of-power system of politics is also supported by the need to balance the region with two regional superpowers namely Iran and Saudi Arabia. As a minority of Shiite Muslim community, Iran is fundamentally in confront with Saudi Arabia which comprise of the most populous Sunni Muslim community in the region. To some extent, the Iranian strategy to dominate encompasses larger goals. The U.S. presence in most of Sunni countries has placed Iran being surrounded by Persian Gulf countries which also become the U.S. allies. These countries are Bahrain, Kuwait, Qatar, Egypt as well as Saudi Arabia.97 The rivalry struggle between Iran and Saudi Arabia in terms of influence in the Islamic world remains policy concerns. Saudi Arabia is widely recognized as a Sunni pro-western monarchy while by virtue of Islamic Revolution, Iranian regime is defined as a Shiite anti-western as well as anti- monarchy country.98

The aftermath of 9/11 attack, the U.S. were then experiencing long suspicion to the Middle Eastern countries. Under the Bush tenure, the U.S. had formed the rubric of ‘War on Terror’ by invading and occupying Afghanistan as well as Iraq. The objective was to deepen the power of the U.S.’ control over Middle East and Central Asia, thus, the U.S. would be able to attack those who were seen as threats to its domination.99 President Bush’s speech about the “” described the governments that he accused of helping terrorism as well as seeking weapons of mass

96 Ibid., 85 97 Max Fisher. “Is Israel the Only U.S. Ally in the Middle East? An answer in Map Form”. February 12, 2013. The Washington Post. WEB. Accessed January 14, 2014 98 Ibid., 85 99 “U.S. Relations with Iran: A History of Imperialist Domination, Intrigue, and War” Revolution #88, May 13, 2007. Revolution Newspaper. http://revcom.us/a/088/iran-en.html. Accessed 14 January, 2014

51 destructions, namely Iran, Iraq and North Korea.100 This term was used to pinpoint the common enemy of the U.S. and try to persuade other countries to support the perspective. The purpose of Afghanistan and Iraq toppling was to intimidate Iran and weaken the influence of Iranian Islamic Regime in region, but in fact, it is actually had given Iran freer hand to expand their regional influence.101

4.3. The United States’ Foreign Policy vis-à-vis Iran

There has been no official diplomatic relations between Iran and the United States following the dramatic occurrences between two countries between the 1953 Iranian coup d'état and 1979 Iranian Islamic Revolution. However, despite their poor relations, the two countries have been looking after each other’s interest by maintaining Intersection Interest as a de facto diplomatic representation. The Interest Section of the Islamic Republic of Iran in the U.S. is part of the Embassy of Pakistan in Washington D.C. while the U.S. Interest Section is placed altogether as part of the Embassy of Switzerland in Tehran.102

Iran’s nuclear activity is perceived to be the U.S. greatest global concern.103 The activity of concealment that Iran has been doing has allowed the international community, especially the U.S. to grow deeper suspicions over Iranian self-declared peaceful purposes nuclear program. Under President Obama administration, multiple

100 Glenn Kessler, Peter Baker. “Bush’s ‘Axis of Evil’ Comes Back to Haunt United States”. October 10, 2006. The Washington Post. WEB. Accessed 14 January 2014. 101 Ibid., 87 102 http://www.daftar.org/far/default.asp 103 Wendy Sherman. “U.S. Policy Toward Iran”. Testimony of the Secretary for Political Affairs. May 15, 2013. U.S. Department of State. WEB. http://www.state.gov/p/us/rm/2013/202684.htm. Accessed 14 January 2014

52 challenges perceived by the U.S. such as the nuclear development program, terrorism issue in the region as well as human rights cases are countered by applying a Dual- Track Policy.104 As Wendy Sherman defined within her statement,

“I want to be clear that our policy is not aimed at regime change, but rather at changing the regime’s behavior.” 105

The U.S. implements the Dual Track Policy by working with the P5+1, the five permanent members of the UN Security Council namely United Kingdom; China; France; Russia and the U.S. The plus one country is Germany under the auspices of the European Union. The P5+1 are working in united to pursue diplomatic solutions over Iranian nuclear program. On February 26, 2013, the P5+1 member met with Iranian representatives presented an updated proposal offering opportunity to Iran for reducing tensions and comprehensive negotiations.106 Iran’s response was somewhat positive and gave possible signals for turning point. However, on the following April 5, 2013 the negotiations went floundered.107

The trade embargo and imposed sanctions that Iran has been facing have resulted in Iranian economy mismanagement. The blocking of million dollars in funds to Iran has had economic and physical impact on Iran.108 Iran exported over 1 million fewer barrels of crude oils in 2011 that has cost Iran approximately $3-$5 billion per month.109 This has crippled Iran’s access to the international financial system causing a depreciation of Iran’s currency value. European Union also has enacted on the sanctions by banning the oil import in all 27 EU member states ceasing from purchasing Iranian oil.

104 Ibid 105 Wendy Sherman. Written Statement before the Senate Foreign Relations Committee. 15 May 2013. http://www.state.gov/p/us/rm/2013/202684.htm. Accessed 14 January 2014 106 Ibid 107 Ibid 108 Siavosh Ghazi. “Iran Economy Takes First Breaths After Years of Crippling Sanctions”. 13 January 2013. Middle East Online. WEB. Accessed 14 January 2014 109 Ibid

53

Another concern that the U.S. possess over Iran is their support in Syria toppling down activities, specifically for Hezbollah. The U.S. firmly believes that Iran is the foremost states sponsor of terrorism by injecting it to their foreign policy. Iran has been accused by members of international community of funding, weapons as well as training to the terrorist since the Iranian Islamic Revolution.110 Evidence is proposed to the public by the U.S. saying that the increasing uses of effective bombs supporting insurgents in Iraq were traceable to Iran known as Explosively Formed Projectiles.111 The U.S. State Department described Iran as an active state sponsor of terrorism as stated below by the U.S. Secretary of State Condoleezza Rice112:

“Iran has been the country that has been in many ways a kind of central banker for terrorism in important regions like Lebanon through Hezbollah in the Middle East, in the Palestinian Territories, and we have deep concerns about what Iran is doing in the south of Iraq.”

4.4. The Importance of Iran Geostrategic Locations to the U.S.

Iran remains one of the most poorly understood countries and regimes in the Middle East.113 The perennial and persistent internal power struggles has built Iran’s regime complexion. The fact that Iran has the most direct link to the international petroleum market has always been its foremost strategic priority. Iran by virtue of locations, size and historiography achievement are perceived as the factors to be emerging as local hegemon. Having surrounded by the U.S. allies has caused Iran the need to possess credible deterrent capability.

110 Greg Bruno. “State Sponsors: Iran". Council of Foreign Relations. 13 October 2013. Web. Retrieved 14 January 2014 111 Interview with Michael McConnell by Eben Kaplan. “McConnell Cites ‘Overwhelming Evidnece’ of Iran’s Support for Iraqi Insurgents’” June 28, 2009. Council of Foreign Affairs. WEB. Accessed 14 January 2014 112 U.S. State Department Country Reports on Terrorism 2011 - Chapter 3: State Sponsors of Terrorism Retrieved 14 January 2014 113 Takeyh, Ray. "Iran: Assessing Geopolitical Dynamics and U.S. Policy Options." Dec 1969. Council on Foreign Relations. Jan 2014.

54

There has never been actual diplomatic relations between Iran and U.S. since April 1980. The U.S. cut off its diplomatic relations after the personnel hostages’ incident during Islamic Revolution. As of now, neither Iran nor U.S. sends their diplomatic representations to each other. However, both states still have an Interest Section located in each other’s counties namely Embassy of Pakistan in Washington D.C and Embassy of Switzerland in Tehran. 114 Interest Section is continuously maintained for both countries to protect their power through the third states that they both have diplomatic relations with. The year of 1979 was a watershed moment for Iran as the reestablishment of the new Islamic Republic and transformation of the political identity of the country. Taking into account that Iran faced enduring historical foreign infiltration, the post-1979 domestic and international has constructively defined and shaped the modern day Iran’s identity continued until today. As of twentieth century, Iran is considered as a regional power and holding an important position in international affairs.

Iran foreign relations has been controversially in dispute with external international actors as well as community that is reflected in a series of UN sanctions since 2006 due to its refusal in convincing the world over nuclear program. Comparing Iran to other disputed states with their nuclear programs, such as Afghanistan, Israel, Iraq and North Korea, Iran represents attractive complexities for several reasons115116: a) Having a significant geographical location in the Middle East, Iran possess pivotal geostrategy such as natural resources, ideology, weaponry, as well as allies that meets its geopolitical objectives.

114 Embassy of Pakistan in Washington D.C. “Interest Section of the Islamic Republic of Iran. “http://www.daftar.org/ENG/default.asp. Accessed January 11, 2014 115 Robin Wright. “The Challenge of Iran”. United States Institute of Peace the Iran Primer. From http://iranprimer.U.S.ip.org/resource/challenge-iran. Retrieved 27 September 2013 116 Robin Wright. “THE IRAN PRIMER: Power, Politics, and U.S. Policy Paperback”. United States Institute of Peace. December 2010. Accessed January 11, 2014.

55 b) Iran’s Islamic Revolution was one of most transformative events in the Middle East, such Iran actions will contribute be a critical impact to the international affairs. c) Iran has the largest proven natural gas reserves in the world117 as well as fourth proven petroleum reserves.118119 Strategically, Iran has the potential to balance the power between Western world and the Islamic countries due to its most vital chokepoints and shipping lanes for oil, Hormuz Strait. Hormuz Strait is the bridge of the Middle East to the west, Asian subcontinent to the east, and Caucuses and Central Asia to the north. d) Iran, whose political system are based on the 1979 Constitution guided by Islamist ideology, is one of most dynamic and controversial experiment in blending both Islam and democracy at once. e) Iran’s military is considered sophisticated among others Middle East countries by producing and developing its own military industry. With the total about 545.000 active troops, 350.000 reserve force and 900.000 trained troops. f) The World Bank ranks Iran as an upper-middle income economy country. Iran holds 10 percent of world’s oil reserves and second largest OPEC’s oil producer. The oil state-ownership and natural resources revenues have significantly contributed to government budget. As a result, Iran’s assets have given it power to have political leeway.

Iran bilateral relations with U.S. have never been easy especially under its different iconic leaders’ tenure, George Washington Bush and Mahmoud Ahmadinejad. During Ahmadinejad’s presidency, Iran and U.S. have had the most high-profile contact in almost 30 years without formal and direct diplomatic relations. The

117 "BP Cuts Russia, Turkmenistan Natural Gas Reserves Estimates". From http://www.WSJ.com. Retrieved 27 September 2013. 118 "OPEC Share of World Oil Reserves 2010". OPEC. 2011 Retrieved 27 September 2013 119 CIA World Factbook, 2009. "Iran". From https://www.cia.gov/library/publications/the-world- factbook/geos/ir.html Retrieved 27 September 2013

56 tensions between those two states have been elevated due to their ‘blaming game’ over different cases.

4.5. The United States’ Imposed Sanctions on Iran

Albeit troublesome bilateral diplomatic relations between the U.S. and Iran has never been resolved, the enduring issue over Iranian nuclear development and uranium enrichment seem changeless. Countless of international-supported as well as the United Nations imposed sanctions on Iran did not stop Iran from continuing the nuclear program. Since 2002, Iranian nuclear problem has become the U.S. main critical concern. Iran’s involvement with French, Germany as well as United Kingdom under various negotiations and remain actively involved in diplomatic relations in attempt to ask Iran to stop the nuclear program. The U.S. saw the negotiations process between aforementioned countries inappropriate. As stated within Obama’s speech below:120

“We offered the Iranian government a clear choice. It could fulfill its international obligations and realize greater security, deeper economic and political integration with the world, and a better future for all Iranians. Or it could continue to flout its responsibilities and face even more pressure and isolation.”

The U.S. is a non-party to the issue since it has been suffering severe diplomatic relations 1979, right after Iranian Islamic Revolution. Therefore, the U.S. engaged in suppressing Iran nuclear program by convincing the involved countries to align with their desires. Meanwhile Iran tried convincing that they are under peaceful purposes, the facts showed otherwise. Iran enriched their uranium at 20 percent while the effective kilogram, according to the agreement between Iran and the International

120 “Obama’s Remarks at the Signing of the Iran Sanctions Act”. Council on Foreign Relations. Web. July 1 2010. Accessed 16 December 2013.

57

Atomic Energy Agency (IAEA) for the application of safeguards in connection with the Treaty on the Non-proliferation of Nuclear Weapon, is at 0.5 percent.

The sanctions that the U.S. had imposed on Iran had begun since the Jimmy Carter administration in the aftermath of the Iranian Islamic Revolution. As controversial as it may, many escalation series of sanctions was chosen to be the alternative actions in response to Iran uranium enrichment. These sanctions albeit leaves vigorous debate upon the negative effects, still the sanctions had become the regular feature of the U.S. foreign policy. Focusing on Iran’s energy and financial sectors, the U.S. had issued series of political and economic sanctions with the following targeted areas121:

1. Weapons Development The Iran-Iraq Arms Nonproliferation Act was issued on October 23, 1992 called for sanctioning any person or entities group that assist Iran in weapons development or the acquisition of WMD such as chemical, biological, nuclear, or any types of advanced conventional weapons. The orders include the Iran- Syria-North Korea Non-Proliferation Act and Executive Order 13382 signed by President Bush in 2005.

2. Trade and Investment President announced a comprehensive ban on U.S. trade and investment in Iran on April 30, 1995 that was codified by Executive Order 12959. The successor President such as Barack Obama and George W. Bush renewed the executive ban order in March 2010 adding to the growing list of sanctioned dealings. The Iranian petrochemical companies and some of Iran’s automotive industries are also banned and considered as blacklist because it was believed some parts have dual uses for nuclear infrastructure equipment.

121 “The Lengthening List of Iran Sanctions”. October 14, 2013. Council on Foreign Relations. Web. Accessed Dec 2 2013

58

3. Nuclear Materials The 1996 Iran and Libya Sanctions of Act (ISA) was aimed at denying Iran access to materials by imposing sanctions on non-U.S. business investment in Iran’s energy sector. Albeit the act was seen as the blueprint for possible actions aimed at Iranian weapons development, in practice the measure has proven largely symbolic.

4. Financial Dealings Within ten years, bans on Iranian banks from accessing the U.S. financial system have increased. In November 2011, the U.S. designated the entire Iranian banking regime as potentially aiding the terrorist activities therefore President Obama issued an executive order targeting Iran’s oil revenue. This order is implemented by stopping foreign financial institutions from conduction oil transactions with Iran’s central bank. The pressure was also put on heavy importers of Iranian oil such as South Korea, India. Turkey, China and South Africa to reduce their oil trade with Iran.

5. Assets In the aftermath of 911, President Bush authorized Executive Order 13224 by freezing the assets of potential individuals or entities that supports international terrorism. This includes Iranian institutions, Revolutionary Guard Corps including four senior officers of the Army of the Guardians of the Islamic Revolution (IRGC)’s elite paramilitary Quds Force. The IRGC- Quds Force was also listed in Executive Order 13572 of April 2011 aimed at blocking properties of individuals and groups for supporting the Syrian regime’s human rights abuses and suppression of anti-government protests.

6. Refined Gasoline

59

In 2010, President Obama signed into law a measure aimed at penalizing domestic and foreign companies for selling refined gasoline to Iran for supplying equipment in Iran's bid to increase its refining capacity. In signing the measure, Obama declared the act of Human Right 2194, a powerful tool against Iran's development of nuclear weapons and support of terrorism. As it is ordered and commanded on the Presidential Determination No. 2014- 03 regarding to Iran Oil in 2013 stated below122: “There is a sufficient supply of petroleum and petroleum products from countries other than Iran to permit a significant reduction in the volume of petroleum and petroleum products purchased from Iran by or through foreign financial institutions.”

Under Bush administration, the U.S. had perhaps the most significant engagement with Iran after 1979 revolution. The Bush administration approach international community to confront Iran’s pursuit of nuclear weapons, especially its enrichment uranium at Natanz facility. Iran was demanded to suspend all its uranium enrichment-related reprocessing activities by the UN since 2006. UN had issued three resolutions starting from 2006 to 2008 containing sanctions on Iran over its nuclear activities. UN sanctioned Iran missile and nuclear-related entities and persons, imposed assets freezes and travel bans123. The administration also attempted to get major support by asking foreign banks to stop doing business with Iran because of international banking practices violations, resulted over 90 major international banks signed on.124

122 Presidential Determination No. 2014-03. “Presidential Determination Pursuant to Section 1245(d)(4)(B) and (C) of the National Defense Authorization Act for Fiscal Year 2012”. November 29, 2013. The White House. Web. Accessed 14 January 2014. 123 Hadley, Stephen J. “The George W. Bush Administration”. United States Institute of Peace: The Iran Primer. Web. Accessed 5 December 2013 124 Iran Sanctions. U.S. Department of the Treasury. Resource Center.Web. Accessed 14 January 2014. http://www.treasury.gov/resource-center/sanctions/Programs/pages/iran.aspx

60

CHAPTER V

THE UNITED STATES CYBERWARFARE: OPERATION OLYMPIC GAMES

The chapter will be discussing Operation Olympic Games (OOG) in detail providing its historical background. The historical background of the three codes covered in the OOG namely Stuxnet, Duqu and Flame, will also be provided. The timeline of OOG is followed by the discovery of the United States Offensive Cyber Effects Operations (OCEO) and other supporting documents showing the U.S. cyberwarfare doctrine. Detailed exploration of how the U.S. executes its cyberwarfare is then supported by the discovery of the U.S. cyberwarfare methods/techniques. The methods that is chosen to be explored is Computer Network Exploitation (CNO) and the Computer Network Attack (CNA), that is categorized under the methods of Computer Network Operation (CNO).

5.1. Historical Background of Operation Olympic Games

5.1.1. A George W. Bush’s Initiative

Operation Olympic Games (OOG) is a covert and still unacknowledged operation campaign of sabotage by using cyberspace to disrupt Iran nuclear facilities. OOG is a Clandestine Operation where the carried out intelligence or military

61 operation goes unnoticed by the general population. According to the U.S. Department of Defense Dictionary of Military and Associated Terms (Joint Publication JP 1-02, January 5 2007), Clandestine Operation means “an operation sponsored or conducted by governmental departments or agencies in such a way as to assure secrecy or concealment. A clandestine operation differs from a covert operation in that emphasis is placed on concealment of the operation rather than on concealment of the identity of the sponsor. In special operations, an activity may be both covert and clandestine and may focus equally on operational considerations and intelligence-related activities." It is different from Covert Operation as Clandestine means “hidden” while Covert means “deniable”.

The Operation Olympic Games (OOG) is also considered as a Covert Operation (CoveOps) done by the U.S. conjointly with Israel. According to the U.S. Department of Defense Dictionary of Military and Associated Terms, Covert Operations is “an operation that is so planned and executed as to conceal the identity of or permit plausible denial by the sponsor.” The CoveOps is intended to create political effects that might have implications in the military, intelligence as well as law enforcement. This implementation is intended to achieve the desired effect without letting any parties knowing who sponsored or carried out the operations. CIA is normally to have the authority to allegedly carry out the CoveOps.125 The authority is also comes from the National Security Act of 1947 with President Ronald Reagan issuing the Executive Order 12333 in 1984.126 The order defined the CoveOps as the “special activities”.

In June 2002, President Bush during his speech in New York told that the spread of chemical and biological and nuclear weapons along with ballistic missile

125 Executive Secrets: Coved the Presidency, William J. Daugherty, University of Kentucky Press, 2004, page 25 126 Ibid

62 technology become the U.S. and its allies’ gravest danger.127 Therefore, written in the U.S. National Security Strategy (NSS) in 2006, under the Bush administration, stated that Iran as the nation that preserve tyranny political system, pursue the WMD and become the sponsorship of terrorism has threatened the U.S. security interest as well. Leaked information told by the officials in the U.S. National Security Agency avowed that cyberweapon had been designed since 2006, during the Bush administration era. The U.S. and Israel jointly developed the sophisticated cyberattack to simply aim at slowing Iran’s ability in developing nuclear weapons. 128 The effort of this cyberweapon development involved the National Security Agency, the CIA and Israel’s military.129 One of the former U.S. high- ranking intelligence officials admitted that the cyberweapons are to prepare the battlefield for another possible covert action.130

The beginning of Operation Olympic Games (OOG) dates back from 2006 during the tenure of George W. Bush’s second term. During the Bush tenure, the U.S. seemed to acknowledge few good options in dealing with Iran. Let alone imposing another sanctions on Iran would have on their own economies for either the U.S. or the European allies. Having falsely accused on Saddam Hussein’s nuclear program reconstructions had left Bush a little credibility in discussing publicly another nation’s nuclear ambitions. Having left by few options, the Vice President Dick Cheney at that moment urged the President to consider launching military strike against Iran nuclear plantation facilities. The administration then reviewed few possible military options, concluding that the region is already at war and another military would further inflame the region and have uncertain results.

127 “Prevent Our Enemies from Threatening Us, Our Allies and Our Friends with Weapons of Mass Destrcution”. National Security Strategy of the United States of America. September 2002 (p. 12) 128 Ellen Nakashima, Greg Miller and Julie Tate. “U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say” (19 June 2012). National Security (The Washington Post). Web. Accessed 12 December 2013 129 Ibid 130 Ibid

63

Iran kept resuming uranium enrichment at Natanz, whose existence had been exposed since 2002, after the negotiations with European and American officials went floundered. Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described the grand ambitions to install upward of 50,000 centrifuges. The ambitions seemed very dubious to the U.S. and other major countries in the Europe, and more significantly, Israel. The uranium enrichment ambitions raised tremendous insecurity to the rest of the countries, leaving suspicious thoughts towards Iranian nuclear weapon development. The U.S. frustration had led the Vice President at that moment, Dick Cheney, urged the President to consider launching a military strike against Iran nuclear facilities.131

The Center Intelligence Agency had been trying to introduce faulty systems and designed into Iran’s systems but made relatively little effect. The United States Strategic Command then established a small cyberoperation, led by its General James E Cartwright who also happened to be responsible for many America’s nuclear forces, involving other intelligence officials. They then presented the idea, a far more sophisticated cyberweapon ever developed, to the President and his national security team. Operation Olympic Games is believed to be also co-written by Israel as the they consider attacking Iran nuclear plantation facilities by bombing from the air, which would be far more deadly and less effective.132

The goal was simply to gain accesses to the Natanz plant’s industrial computer control that requires small electronic devices that cut the Natanz plant off from the internet because it physically separates the facility from the outside the world. The computer code would be able to invade the computers that command and control the centrifuges.133134 The launch of cyber-attack was believed to happen when

131 Sanger, David (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". The New York Times. Retrieved 19 October 2012 132 Sanger, David (2 June, 2012). “Mutually Assured Cyberdestructions?” The New York Times, Sunday Review, The Opinion Pages. Retrieved November 27, 2013 133 Ibid.,77 134 Ibid., 76

64 the Obama administration secretly ordered increasingly sophisticated attacks on the computer that run Iran’s main nuclear enrichment facilities in during his first month in the office. The President decided accelerating the attacks even after the attack was publicly and accidentally discovered.

Olympic Games code became public due to the programming error that allowed it to escape Iran’s Natanz plant and sent it to the internet. 135 The U.S. National Security Agency and Israeli counterpart was the one whom undertook the operation. 136 The ambitious attempt to slow the progress of Iran’s nuclear development effort was delicately comprised of three different variant of codes, namely Stuxnet, Flame as well as Duqu.137138

5.1.2. Stuxnet

On January 2008, Israel sought permission from the U.S. to bomb Iran by approaching President Bush to launch air strike against Iranian enrichment centrifuges. Israel assumed that the attack on Iran uranium centrifuges would cause Iran a three-year setback but the request was turned down by the U.S.139 In the April of 2008, Iran began installing 6,000 centrifuges to enrich uranium at its main nuclear plant in Natanz.140

An International Atomic Energy Agency (IAEA) report released in September shows that about 160 centrifuges in Iran’s nuclear plant had been taken offline without giving any specific reasons for being shut down. However, Iran

135 Ibid., 76 136 Rozen, Laura (1 June, 2012). “Operation ‘Olympic Games’: Report Details U.S. Role in Cyber- weapon Targeting Iran Centrifuges”. The Back Channel. Web. Retrieved November 27, 2013 137 W32.Duqu – The precursor to the next Stuxnet (Version 1.4)". Symantec. 23 November 2011. 138 Lee, Dave (28 May 2012). "Flame: Massive Cyber-Attack Discovered, Researchers Say". BBC News. 139 Zetter, Kim (7 November, 2011). “Stuxnet Timeline Shows Correlation Among Events”. The Wired. Web. Accessed November 30, 2103 140 "Iran 'installing New Centrifuges'" BBC News. BBC, 04 Aug. 2008. Web. 29 Nov. 2013.

65 officials have always denied that Stuxnet have had anything to do with the on-going delays of the Iran’s nuclear programs.141 Iran’s chief nuclear negotiator, Saed Jalili, stated that internal investigations have revealed U.S. involvement in the cyber- attacks, showing some documents related to U.S.’s involvement.142

Security Response at Symantec reported that 60% of Stuxnet targeted are Iranian uranium high-value infrastructure namely, Bushehr Nuclear Power Plant as well as the Natanz nuclear facility.143 Iranian officials have confirmed that Stuxnet has infected about 30.000 industrial computers in Iran. 144 Iran reportedly had discussion with the experts from the Atomic Energy Organization of Iran in September 2010 discussing ways of removing Stuxnet from their systems. 145 On November 2010, Iranian president Mahmoud Ahmadinejad stated that the computer virus had caused problems with the controller handling centrifuges at Natanz facilities.146

The President Bush authorized the covert program in January 2009 to hassle the electrical and computer systems around Natanz. Due to the change of new administration, Bush had to brief President Obama on the program to gain familiarity with the administration strategy. Below is a 1.1 table showing the main affected countries with the percentages of affected computer.147

141 “Stuxnet ‘hit’ Iran Nuclear Plans” BBC. Retrieved 5 Oct 2013 142 Mark Clayton. “Stuxnet cyberattacks: Does new WikiLeaks Cable Shed Light on Who Did It?” The Christian Science Monitor. 19 January 2011. Retrieved 6 Oct 2013 143 Fildes, Jonathan. "Stuxnet Worm 'targeted High-value Iranian Assets'" BBC News. BBC, 23 Sept. 2010. Web. 05 Oct. 2013 144 Paul Woodward (22 September 2010). "Iran confirms Stuxnet found at Bushehr nuclear power plant". Warincontext.org. Retrieved 5 Oct 2013 145 "Iran's Nuclear Agency Trying to Stop Computer Worm". Tehran. . 25 September 2010. Retrieved 5 October 2013 146 "Stuxnet: Ahmadinejad admits cyberweapon hit Iran nuclear program". The Christian Science Monitor. 30 November 2010. Retrieved 5 Oct 2013 147 "W32.Stuxnet". Symantec. 17 September 2010. Retrieved 5 Oct 2013

66

Country Infected computers

Islamic Republic of Iran 58.85%

Indonesia 18.22%

India 8.31%

Azerbaijan 2.57%

United States 1.56%

Pakistan 1.28%

Others 9.2%

Table 1.1. affected countries of Stuxnet cyber-attacks until 2010.

Firstly discovered in June 2010 by security company name VirusBlokAda, Stuxnet initially spreads via Microsoft Windows targeting Siemens industrial control systems. The Department of Homeland Security had to team up with Idaho National Laboratory in the early of 2008 to study the Siemens controller known as Process Control System 7 (P.C.S.-7). Stuxnet infected 14 industrial sites in Iran after its discovery of a 500-kilobyte computer worm infecting the software over a computer network. Stuxnet firstly targeted the machines and networks by replicating itself and sought out Siemens Step7 software afterwards, which was a Windows-based program that used to operate the industrial system equipment such as centrifuges. According to Ralph Langner whom spent three years studying Stuxnet wrote that the code

67 analysis within Stuxnet was not about sending a message or proving a concept but destroying its targets with utmost determination in military style.148

Three years after its discovery, Ralph Langer has used his three years to extensively study the publicly disclosed cyberweapon, Stuxnet. Albeit the discovery have been continuously baffling many military strategist, computer security experts as well as political decision makers, Ralph discovered the already exist narrative story about the weapon is incomplete. As matter of fact, Stuxnet is two weapons consisted of magnitude of more complex routine that was literally forgotten. Another a more-publicly known Stuxnet is the smaller and simpler attack routine that was discovered one year later after the former.149

Ralph was insisted by the fact that the first lesser-known routine was far more dangerous than the publicly known cyberweapon. Albeit Stuxnet’s actual impact was still difficult to grasp, the intention of Stuxnet was clear, to digitally sabotage Iran nuclear program. In 2007, an anonymous submitted a sample of code to the computer security VirusTotal, a free service that analyzed suspicious files and quick detection of viruses, worms well as all kinds of malware, which then turned out to be the first variant of Stuxnet. The second variant of Stuxnet attack by attempting to cause centrifuges rotors at Natanz to spin too fast and at speeds that eventually cause them to break.

5.1.3. Duqu

A collection of malware that was discovered in September 2011, known as Duqu, thought to be related to the former known worm, Stuxnet. Duqu is considered

148 William J. Broad, John Markoff, David E. Sanger. “Israeli Test on Worm Called Crucial in Iran Nuclear Delay”. The New York Times. Web. Accessed 30 Nov 2013 149 Langer, Ralph (19 November 2013). “Stuxnet Secret Twin”. Foreign Policy. Web. Accessed 30 Nov 2013

68 as a Trojan horse that was written by the same parties who also created Stuxnet.150 Nevertheless, the purpose of Duqu was quite relevant to Stuxnet as Duqu tried to perform industrial sabotage by collecting intelligence regarding to the target. This collation of intelligence was including passwords, taking screenshots in order to spy on the user’s action, and stealing various kinds of documents.151

The announcement of Duqu discovery was on the Symantec website, a computer security software corporation, saying that they found similarity to Stuxnet’s original programming. The source code and keys for encryption are the same, only Duqu was more sophisticated.152 Moreover, the significant similarity between those two was after the identification that the program could not have been written without having access to the original programmers’ instructions. Duqu’s purpose was to gather intelligence from the industrial control system manufacturers, possibly for another possible future attack to be easier for its execution. This was because the executors were looking for information such as design documents that might help them mount a future attack on an industrial control facility.153 The program was designed to stay within 36 days and removed itself after infecting the system. The Duqu infection was spread with the help of an infected Microsoft Word document, therefore allowing Duqu to modify computers’ security protections.154

In November 2011, the head of Iran’s civil defense organization, Gholam Reza Jalali, had told the news agency that all detected computers at main risk was being checked and Iran had developed specialized software to combat the virus.155 In the following weeks, the International Atomic Energy Agency (IAEA) issued a

150 “Duqu: Steal Everything”. . Web. Accessed 6 December 2013 151 Ibid 152 Rapoza, Kenneth (21 October 2011). “Duqu Virus Likely Handiwork of Sophisticated Government, Kaspersky Lab Says”. Forbes. Web. Accessed 7 December 2013 153 Markoff, John (11 October 2011). “New Malicious Program by Creators of Stuxnet Is Suspected”. The New York Times. Web. Accessed 6 Desember 2013 154 “Duqu infections linked to Microsoft Word exploit”. 2 November 2011. BBC News Technology. Web. Accessed 10 December 2013. 155 Jaseb, Hossein (12 November 2011). “Iran Says Has Detected Duqu Computer Virus”. Rueters. Web. 7 December 2013

69 report containing the evidence pointing to Iran’s nuclear activities under military dimensions, caused the Western countries and the U.S. demanding for further sanctions. According to Symantec, during the report writing it had been confirmed that Duqu had infected six possible organizations in eight countries.

Figure 5.1 Geographical locations of countries showing Duqu infections

Above is the geographic distribution of Duqu infections, these infected countries are France; Netherlands; Switzerland; Ukraine; India; India; Iran; Sudan and Vietnam.156 Additionally, there are some security vendors to have reported such identical infections such as Austria, Hungary, Indonesia, as well as United Kingdom.

5.1.4. Flame

156 “W32. Duqu: The Precursor to the Next Stuxnet” (Version 1.4). Symantec. 23 November 2011. PDF. Accessed 6December 2013

70

In the following 2012, another infectious malware was found and discovered within Iranian computers that runs Microsoft Windows operating system. 157 The malicious malware was detected on the Iranian oil industry. MAHER Center of Iranian National Computer Emergency Response Team (CERT) altogether with Kaspersky Lab as well as CrySyS Lab announced the discovery, stated that Flame was certainly the most sophisticated and most complex malware to have ever encountered during their practice.158 Estimation said that Flame had initially infected around 1,000 machines with 65% of the infections happened in Iran.159

The infection was identified after the United Nations International Telecommunication Union to investigate reports of a virus that affected Iranian Oil Ministry computers. 160 Surprisingly, according to Kaspersky, Flame had been in existed and in the wild since February 2010 with the main component being observed in December 2007. Unlike its previous partner, Duqu, Flame was not designed to deactivate or remove itself after the infectious attack, instead, Flame was supported by a “kill” function that let it eliminates all traces of its files and operation from a system from its controllers.

Although Flame has zero similarities with Stuxnet and Duqu, two specific things remained similar. Like Stuxnet, Flame has the ability to spread by infecting a USB stick using the autorun. Flame also used the same print spooler vulnerability that Stuxnet used to spread to computers on local computers. Knowing the fact that it caused Stuxnet went public in July, interestingly, Flame did not replicate automatically like Stuxnet. Flame’s spreading mechanism are turned off by default.

157 "Identification of a New Targeted Cyber-Attack". Iran Computer Emergency Response Team. 28 May 2012. Archived from the original on 30 May 2012. Retrieved 10 Dec 2013. 158 "sKyWIper: A Complex Malware for Targeted Attacks". Budapest University of Technology and Economics. 28 May 2012. Archived from the original on 30 May 2012. Retrieved 10 Dec 2013. 159 Lee, Dave (4 June 2012). "Flame: Attackers 'sought confidential Iran data'". BBC News. Retrieved 4 Dec 2013. 160 Zetter, Kim (28 May 2012). "Meet 'Flame,' The Massive Spy Malware Infiltrating Iranian Computers". Wired. Archived from the original on 30 May 2012. Retrieved 10 Dec 2013.

71

To the worldwide security community, Flame was very sophisticated as it has the capability to be undetectable by all the principal antivirus software for such period of time. 161 The job of Flame was to fundamentally spy on the targeted computers, but what makes Flame different was that it had been doing the spy for about two years and had not been discovered until 2012. The malware that was discovered by Kaspersky Lab, a Russian-based antivirus firm, was also found and had been infecting other targeted system in the Middle Eastern countries such as Lebanon. Syria, Sudan and the Israeli Occupied Territories for at least two years.162

Figure 5.2 Map showing the number of geographical locations of Flame infections Although the fundamental function of Flame was generally the same as to other malware components such as recording keyboard activities. Nonetheless, according to the Kaspersky Lab, Flame was 20 times more complicated than Stuxent ever was. The size of Flame was over 20 megabytes, which was just hundreds of kilobytes of codes. The way Flame steals information was quite distinguished as it

161 “Flame: The Never Ending Story”. InfoSec Institute. Web. Accessed 5 Dec 2013. 162 Zetter, Kim. “Meet ‘Flame’, The Massive Spy Malware Infiltrating Iranian Computers”. August 5 2012. Wired. Web. Accessed 12 December 2013

72 could record audio if a microphone is attached to infected systems, could screen captures and transmit visual data. Flame, in fact, consists of a host of modules that was distinct functionally. Fortunately, the MAHER Iran’s National Computer Emergency Response told the media that the detection and clean-up tool was finished in the early May within the same year.

5.2. Operation Olympic Games Timeline

The Operation Olympic Games is traceable back to 2006 where the government was still under the Bush administration. Below is the emphasized timeline on the cyberattacks executed by the U.S. government on Iran’s nuclear program.163

No. Time of discovery Elaboration 1. May 2006 Engineers compile code for a component of Stuxnet that will allow them to attack programmable logic controllers, or PLC, manufacture by the Siemens of Germany as the Iran’s nuclear centrifuges program uses Siemens PLC to control the gas centrifuges in the uranium enrichment facilities. 2. In 2007 Duqu is deployed at targeted sites in Iran. 3. Late 2007 Engineers write the code for “digital bomb” component of Stuxnet that would damage the sensitive equipment when the cyberattack is executed.

4. January 2009 President Barack Obama authorized the government to hassle the electrical and computer systems around Natanz.

163 Jim Finkle. “Factbox: Cyberwarfare expert’s timeline for Iran attack”. Dec 2, 2011. Reuters. WEB. Accessed 14 January 2014

73

5. April 1, 2009 Attackers begin to deploy Stuxnet to Iran on the 30th anniversary of the declaration of an Islamic

6. January 2010 Operators of Stuxnet accelerate program by adding new malware components that make it spread faster and also make it more dangerous. 7. February 2010 Flame had been in existed and in the wild 8. March 2010 Stuxnet operators add additional components to the malware to make it even more powerful. 9. June 2010 Computer security firm VirusBlokAda identifies Stuxnet as a piece of malware after reviewing a sample that was found in Iran. 10. Sept 2010 Iran reportedly had discussion with the experts from the Atomic Energy Organization of Iran discussing ways of removing Stuxnet from their systems.

11. November 2010 Iran President Mahmoud Ahmadinejad discloses that a cyberweapon had damaged gas centrifuges at his nation's uranium enrichment facility. "They did a bad thing. Fortunately our experts discovered that," he said. 12. September 2011 Duqu discovery.

13. November 2011 The head of Iran’s civil defense organization, Gholam Reza Jalali, had told the news agency that all detected computers at main risk was being checked and Iran had developed specialized software to combat the virus. 14. 2012 Another infectious malware was found and discovered within Iranian computers that runs Microsoft Windows operating system

74

15. June 2013 A leaked 18-page of President Policy Directive-20 about Offensive Cyber Effect Operations is published on the internet.

5.3. The United States Cyberwarfare

5.3.1. The United States Offensive Cyber Effects Operations (OCEO)

In June 2013, a leaked top-secret Presidential Policy Directive is published on the internet showing a step up integrated plan of the U.S. towards offensive cyber capabilities, drawing up list for potential targets overseas.164 The Presidential Policy Directive is called as Offensive Cyber Effects Operations (OCEO) that is believed to be able to offer unique as well as unconventional capabilities to advance the U.S. national objectives around the world. The operations might use very little warning or no warning at all to the potential adversary with the effects ranging from subtle to severely damaging.165 The Presidential Policy Directive-20 was signed secretly after the failure of the U.S. senate to pass the cybersecurity act of 2012 in august.166 The document is also considered to be part of 2013 Mass Surveillance Disclosures, the phenomenon where ongoing news reports in the international media reveals operational details about the U.S. NSA.167

The leaked 18-page documents aim to put in place tools and to provide framework to enable government to make decisions on cyber-operations. The established principles and process of the U.S. cyber-operations framework was signed by President Barack Obama in October 2012 that supersedes the National

164 Glenn Greenwald, Ewen MacAskill. “Obama Orders U.S. to Draw Up Overseas Target List for Cyber-Attacks”. June 7, 2013.The Guardian. Web. Accessed 14 January 2014 165 Ibid 166 Rizzo, J. (2012, August 02). Cybersecurity bill fails in Senate. CNN. WEB. Accessed 16 January 2014 167 Barton Gellman (24 December 2013). "Edward Snowden, after months of NSA revelations, says his mission’s accomplished". The Washington Post. Accessed 16 January 2014 75

Security Presidential Directive NSPD-38 authorized in July 7, 2004.168 The policy directive is closely linked to the unpublished by the National Security Agency (NSA) that is classified called as NSPD-54. NSPD-54 gives the authority to the U.S. government to conduct surveillance through monitoring.169 The document was signed and authorized by George W. Bush.170

Presidential Policy Directive 20 Offensive Cyber Effects Operations (OCEO) defines as "operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks."171In the presidential directive, the criteria for offensive cyberoperations in the directive is not limited to retaliatory action but it is vaguely framed as to advance the U.S. national objectives around the world.172 The U.S. government is also acknowledged to be participating herself in one major cyberattack that is subject to controversy namely, Stuxnet.173

The full classified document repeatedly elaborates that all cyberattack should be done in accordance with the U.S. law as a complement to diplomatic and military options. The document emphasizes the U.S. national interest as written below:

“Matters of vital interest to the United States to include national security, public safety, national economic security, the safe and reliable functioning of ‘critical infrastructure’ and the availability of ‘key resources’.”174

Elaboration of the purpose and scope of the cyber operations is written on the PPD-20 as seen below:

168 EPIC. (n.d.). Presidential Directives and Cybersecurity (PPD-20). EPIC. Retrieved from http://epic.org/privacy/cybersecurity/presidential-directives/cybersecurity.html. 14 January 2014 169 Ibid., 158 170 Ibid., 158 171 Ibid., 158 172 Ibid., 156 173 Ibid., 156 174 Ibid., 156

76

“The United States has abiding interest in developing and maintaining use of cyberspace as an integral part of U.S. national capabilities to collect intelligence, to deter, deny, or defeat any adversary that seeks to harm U.S. national interest in peace, crisis, or war.”175

Under the section of OCEO guidance, it is stated that the conduct of OCEO is integrated as appropriate with other “diplomatic, informational, military, economic, financial, intelligence, counterintelligence, and law enforcement options, taking into account effectiveness, costs, risks, potential consequences, foreign policy and other policy considerations.”176 The OCEO is believed by the U.S. government to be able to offer unique with significant consequences yet the development of OCEO capabilities is deemed to take time and considerable effort if the tools do not exist.

“The United States Government shall identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power, establish and maintain OCEO capability integrated as appropriate with other U.S. offensive capabilities”177

5.3.2. The United States Cyber Warfare Doctrine

As a non-kinetic or less violent types of warfare, cyberwarfare are often used to achieve kinetic effects that has similar effect of physical damage to infrastructure but cause less number of human beings as victims. The cyber battlefield is considerably different yet one necessarily deems to possess and acquire sufficient guidelines in executing cyber-attacks, namely doctrine. Doctrine is the fundamental principle in which the military forces or elements thereof guide their actions in support of national objectives.178 Albeit doctrine is authoritative, it requires judgment

175 Ibid., 156 p. 3 176 Ibid., 156 p. 4 177 Ibid., 156 p. 9 178 Jason Andress, Steve Winterfeld. “Cyber Warfare: Techniques and Tools for Security Practitioners”. Syngress. June1, 2011. P. 37. ISBN 1597496375.

77 in the application. 179 Every nation’s military doctrine is under the influence of traditions, guidance, literature, tactics, technics as well as procedures. In a deeper understanding, a doctrine represents sets of rules embodied in the government to maintain the standards.

A comprehensive knowledge of the assets is crucial to create infrastructure that supports the cyberwarfare doctrine. The line between cyberwarfare and traditional warfare lies on the implemented policy, considering the role of information is the central element for the former and the latter. Military forces heavily rely upon the systems that provide speed of command as to achieve the information. Thus, the result of network-centric operations makes a significant strategic advantage to cyberspace as a battlefield. Moreover, the Department of Defense (DoD) have defined the importance of Information Operations (IO) on some number of paper trail.

A. On War – Carl Von Clausewitz

As an unfinished work, On War was a 10-volume collected works of Clausewitz’s theoretical writings on political-military analysis as well as strategy. Its influential perspective and thinking on how to conduct warfare has considered as a bible by most Western Military strategist. As applicable as it may, On War’s fundamental sense to conduct asymmetric and cyberwarfare comprises of various concepts and number of principles. Noting that there are number of modifications of how warfare is conducted, the foundation of warfare principles comes from the same guidance. Clausewitz’s On War relevance might have gone decreasing, yet the following statement stands out as the Clausewitz’s warfare concepts:

179 Department of Defense Dictionary of Military and Associated Terms. “Joint Publication1-02”. 8 November 2010 (As Amended Through 15 September 2013).

78

“War is not merely a political act but also a real political instrument, a continuation of political commerce, a carrying out of the same by other means”.180

Clausewitz defined war as duel intended to compel the opponent so that they would fulfill our will. He also defined war as a game both objectively and subjectively, in which the primarily element of war to be carried on is courage. Clausewitz acknowledges the importance of information as an essential part of information within war. The word of information refers to the knowledge that one possesses and acquires of the opponent as the foundations of all actions as well as ideas. Clausewitz believes that everything in war is simple, yet that doesn’t mean that the simplest thing is easy. The accumulation of a war is supposedly be done by those who has seen the war, hence, through the influence of precise calculations fatal flaw would be less likely to appear.

B. DOD Directive No. 3600.1, Information Operations. October 2013

The Department of Defense (DoD) Directive No. 3600.1 was reissued in accordance with the DoD authority. It is the regulation that implements a directive policy by assigning some responsibilities as well as delegating authority to those working with and in military. DoD Directive established and described policies under specific programs by also defining missions and assigning more responsibilities.

The DoD’s policies, under the issue of Information Operations (IO), was written as follows181:

a. Information Operations (IO) will be the principal mechanism used during military operations to integrate, synchronize, employ, and assess a wide

180 “Influence of This View on the Right Understanding of Military History, and on the Foundations of Theory.” On War, Book I, Chapter 1, 24., Carl von Clausewitz, translated by J.J. Graham, p. 18. ISBN 956-8356-20-7 181 DOD Directive No. 3600.1, Information Operations. May 2013. Accessed December 2013

79

variety of information-related capabilities (IRCs) in concert with other lines of operations to effect adversaries’ or potential adversaries’ decision-making while protecting our own.

b. IRCs constitute tools, techniques, or activities employed within a dimension of the information environment (IE) that can be used to achieve a specific end at a specific time and place. IRCs can include, but are not be limited to, a variety of technical and non-technical activities that intersect the traditional areas of electronic warfare, cyberspace operations, military information support operations (MISO), military deception (MILDEC), influence activities, operations security (OPSEC), and intelligence.

c. The development and management of individual IRCs will be the responsibility of various DoD Components and will be brought together at a specific time and in a coherent and integrated fashion for use against adversaries and potential adversaries in support of military operations.

d. DoD IO will be coordinated and, as practicable, integrated with related activities conducted by allied nations and coalition partners.

The Combatant Commanders, whose tasks are to provide command and control of the U.S. military forces, was assigned to utilize IO as the principle mechanism, as written below182:

a. Utilize IO as the principal mechanism to integrate, synchronize, employ, and adapt all IRCs in the IE to accomplish operational objectives against adversaries and potential adversaries

182 Ibid., p. 9

80

b. Develop, plan, program and assess IO as well as IRC execution in support of IO during all phases of military engagement and at all levels of war.

The questions over who controls the U.S. cyberwarfare has been hanging around and heavily contested for several years. Albeit The U.S. Air Force, Army as well as Navy have their own cyberoperations, the task of Computer Network Operation (CNO) has been assigned to the U.S. Strategic Command (USSTRATCOM) along with the National Security Agency (NSA). They both are assigned to operating the mission of defending all the U.S. military networks. The USSTRATCOM specifically has the responsibilities to coordinate space operations and cyberspace operations in support of International Operations (IO).183

C. DOD Information Operations Roadmap. October 30, 2003

The Information Operations Roadmap was published to provide the Department in order to help them in advance in achieving the goal of information operations as a core military competency. This roadmap provides a common framework for understanding the Information Operations (IO) about the policies to integrate IO. Like any other roadmap, it consolidates oversight, advocacy and analytic support for IO. The 2001 Quadrennial Defense Review acknowledges the IO as one of the six critical operation goals in transforming the DoD.184

The objective of the roadmap was to reaffirm that IO to become the core competency that dominates and transforms IO into a core of military.185 In summary, there are three identified key points of importance that was written on the roadmap, as follows186:

183 Ibid,. p.10 184 IO Roadmap Charter. Department of Defense Information Operations Roadmap. October 20, 2003. 185 Ibid., p. 4 186 Ibid., p. 6

81

a. “We Must Fight the Net”. When the roadmap was written, the DoD was building the information-centric force where the information becomes the center of gravity. Therefore, DoD believed they have to be fully and well- prepared to “fight the net”. The importance of center of gravity idea had been identified in the Chapter 2. b. “We Must Improve Psychological Operations (PSYOP)”. PSYOP is improved to support military operations in accordance with national security objectives as well as national-level themes and messages. In particular, PSYOP products would be planned in advance for aggressive behavior in the times of conflict. c. “We Must Improve Network and Electro-Magnetic Attack Capability”. DoD believes that in order to be influencing in an information-centric fight, they have to dominate the electromagnetic spectrum with attack capabilities. This means, the DoD is fully aware of they support for the implementation of CNA capability with a rapid improvement.

Full spectrum of IO that is full range of military operations during peace, crisis and war is then elaborated. The elaboration of IO functions covers the overriding importance, as follows187:

a. “Deter, discourage, dissuade and direct an adversary, thereby disrupting his unity of command and purpose while preserving our own.” b. “Protect our plans and misdirect theirs, thereby allowing our forces to mass their effects to maximum advantage while adversary expends his resources to little effect.” c. “Control adversarial communications and networks and protects ours, thereby crippling the enemy’s ability to direct and organized defense while preserving effective command and control of our forces.”

187 Ibid., p. 8

82

In the extension of the last point, it was written that to have maximum effect upon the control of adversary, Combatant Commanders ought “to control the enemy’s network and communication-dependent weapons, infrastructure, including the command and control of battlespace management functions.” The desired effects will achieve operational effects in support of a broader military deception plan.

D. Joint Publication (JP) 3-13 Information Operations. February 13, 2006.

The U.S. Forces acknowledges the importance of information environment, hence, they defined information as “strategic source, vital to national security and military operations depend on information and information system for many simultaneous and integrated activities.” 188 Information Operations (IO) is also described to be integrated with Electronic Warfare (EW), Computer Network Operations (CNO), Psychological Operations (PYSOP), Military Deception (MILDEC) as well as Operations Security (OPSEC). The purpose of the doctrine is to support the Joint Force Commanders (JFCs) in guidance to help preparing, planning as well as executing IO to achieve and maintain information superiority for the U.S. and its allies.189 JP 3-13 is designed to provide overarching guidance in the planning and the execution of IO.

JP 3-13 realize that the instruments of national power that includes Diplomatic, Informational, Military and Economic (DIME) will provide leaders with advantages in dealing with crises around the world. Being fully-aware with the significance of information-related capabilities (IRC), the Secretary of Defense characterizes IO as the integrated employment during military operations. The operation would be intended to disrupt, corrupt and influence the decision making of the adversaries. Intelligence is also a vital capability for the support of IO where the

188 Joint Publication (JP) 3-13 Information Operations. November 27, 2012 189 Ibid,. p. ix

83 utilization could facilitate an understanding of interrelationship between physical, informational, cognitive dimensions of the information environment.

An illustration of the application of information-related capabilities to the information and influence relational framework are written in the chapter 2. The given situation illustrated how diplomatic, informational, military and economic was chosen as the potential means available to achieve the desired effects in resolving the crisis. In the attempt to achieve strategic advantage, public diplomacy, strategic communication through media, military deceptions and sanctions against the adversary are some given examples to deal potential adversary.

INFORMATION OPERATIONS (IO)

Core Capabilities

 Psychological Operations  Military Deception  Operations Security  Computer Network Operations (CNO)  Computer Network Attack (CNA)  Computer Network Defense (CND)

 Computer Network Exploitation (CNO)  Electronic Warfare

 Electronic Attack  Electronic Protection  Electronic Support

Figure 5.3 Information Operations Framework

84

5.3.3. The United States Cyber Warfare Methods

Cyberwarfare consists of many different possible ways to attack an adversary. Practically for national security planners, this might include propaganda, espionage, targeting, and to some extent, warfare itself.190 The objective of every cyberwarfare offers various strategies, from eavesdropping on a sensitive and confidential communication to the delivery of powerful propaganda behind the enemy lines. Cyberwarfare requires capable research and development team to invisibly steal data and form any other information collection or manipulation strategy. Globalization and the internet have strengthened the way nation-states control the international conflict as much as they can.

Until 2013, there is an increasing data and report from government around the world that complain publicly about cyber espionage.191 Interestingly, it is possible to theoretically conduct an intelligence gathering through a cyber-attack operations on highly sensitive political and military communication from remotely everywhere in the world. Whether it is cheap, sophisticated, complex or high-costly cyber-attack, provocative cyber-attack is extremely dangerous as it affects critical national infrastructure. The instant attacks range from website to database attacks intended to disrupt the system in a millisecond time.

On the official website of National Security Agency (NSA), cyberwarfare is considered as a very real threat and could cause a widespread problem.192 As part of five core capabilities identified by Department of Defense (DOD), Computer Network Operations (CNO) includes the ability to (1) attack or disrupt the targeted adversaries’ computer networks, (2) defend military information (3) exploit the enemy computer networks.

190 Geers, Kenneth. “Cyberspace and the Changing Nature of Warfare”. SC Magazine. WEB. August 27, 2008. Accessed 26 December 2013 191 Cody, Edward.”Chinese Official Accuses Nations of Hacking”. Washington Post, September 13, 2007 192 Computer Network Operations. National Security Agency. WEB. Accessed 26 December 2013

85

Considered as a relatively new phenomenon encountered in the modern warfare, CNE comprises of three different components namely Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND). However, due to the chosen topic, the exploration will revolver around CNE and CAN which considered to be relevant.

1. Computer Network Exploitation (CNE)

The term of Computer Network Exploitation (CNE) is referred to the ability to exploit the data or information gathered on the targeted adversaries to help achieving specific and desired purpose. 193 CNE is part of Computer Network Operation (CNO), series of techniques for exploiting attacking as well as defending adversaries’ computer. It is the technique through computer networks used to infiltrate, gather intelligence data on the targeted adversaries’ computers. This might also involves collecting confidential and sensitive data that is typically hidden and protected from public knowledge. CNE involves reconnaissance and surveillance activities at place and is equivalent to the cyberspace operation. Cyber reconnaissance can be categorized into three major categories such as Open Source Intelligence (OSINT), passive reconnaissance, and Advanced Persistent Threat (APT).

The National Security Agency, as the U.S. intelligence, has infected approximately 50.000 computer networks using CNE by installing malware, malicious malware. 194 The NSA computer attacks are performed by specialized department called Tailored Access Operation (TAO) which are publicly known for its employment of thousand hackers. The NSA-TAO cyberoperations is reported to

193 “What are Information Operations”. Cyberspace and Information Operations Study Center. July 24, 2010. 194 “NSA infected 50.000 Computer Networks with Malicious Software”. 23 November.NRC.NL. WEB 2013. Accessed 26 December 2013

86 have installed an estimated 20.000 implants in 2008 considered as extensive effort.195 NSA is also reported to have carried out 231 offensive cyber-operations in 2011 where nearly three-quarters of the operations were conducted in Iran, Russia, China and North Korea whose activities involve . Most immediate effect on the attack is the disruption of the proper functioning on the adversaries’ computer network. However, Obama administration treats all the cyberoperations as clandestine and refuses to admit them. Below is the map showing targeted countries from the CNE cyber-operations in the 2012.

Figure 5.4 2012 Obama Administration Cyberoperations (See yellow bullets, using CNE methods of attacks)

195 Barton Gellman and Ellen Nakashima. ”U.S. Spy Agencies Mounted 231 Offensive Cyber- Operations in 2011,Documents Show”. The Washington Post. 31 August 2013. Web. Accessed 26 December 2013.

87

The use of disruption over intelligence gathering in the cyberwarfare is the standard of operation and such activities is far easier to carry out. Even when the activity of cyberwarfare is facing difficulties such as unavailability of sensitive information, the strategist can still imply a great deal of information by examining the systems and network remotely from the outside preparing for the future attacks. Such intelligence might help the planned execution in planning the attacks specifically on the certain vulnerabilities that can be exploited. The intelligence data gathered from the targeted adversaries’ computer network has many advantages for strategist on the tactical and operational levels.

2. Computer Network Attack (CNA)

Computer Network Attack (CNA) is understood to be one of the category of Information Operations (IO). IO comprises of the actions taken in order to affect the adversary information as well as their information system while also defending one’s own information and information system. The U.S. military defines information as the facts or data along with possible instructions in a medium or a form. While information system is defined as the “entire infrastructure, organization, personnel and components that collect, process, store, transmit, display, disseminated and act on information.196 It should be acknowledged that the term of Information Warfare (IW) is often incorrectly referred to the IO in which IW refers mere to those information operations during the crisis. That concludes that IW will not include information during peacetime.

Defined as the action taken through the use of computer networks for the purpose of disruption, deny, degradation, deception as well as destruction of information in a computer networks, Computer Network Attack (CNA) is different from the typical attack conducted by common hackers or other similar group. CNA

196 JOINT PUBLICATION. 3-13, supra note 6, at GL-7 (emphasis added). February 16, 2006

88 relies on the data stream to execute an attack that may causes the computer to experience power shortage thereby leaves the computer unusable. Successful CNA depends on the intelligence of its well-defined intention and a clear understanding about the effects from the execution.

There might some possible ways of destruction using CNA depending on the intention. The unique feature of CNA offers several implications to the practitioners and policy makers as its potential anonymous nature might cause the user of CNA technique to widely accomplish several political and economic objectives. CNA might cause on the widespread suffering to the targeted countries. The time length that the effect may cause might be for a short or long duration of infrastructure shutdown as well as affect the certain populations.

The practice of CNA is practically an act of force where the attack might cause physical destruction and harm some foreseeable results.197 To some extent, the act of such techniques of offensive computer network disruption occurs without revealing the source or even the methods of the attack itself. CAN is largely considered as a non-kinetic environment that is accessible with low cost and with an effect that can be including a strategic level. CNA is specified for the intention to destruct physical damage toward tangible property. The technique varies widely such as injecting viruses or malicious malware to the computer network so that it could destroy and gather intelligence. In February 2003, the Bush Administration announced the national-level guidance in regards to CNA. The classified guidance that is known as National Security Presidential Directive 26 is intended to clarify circumstances under which the techniques would be justified and be authorized the attack launching.

197 Michael N. Schmitt. “Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework.”. Research Publication 1 Information Series. June 1999. Accessed 28 December 2013.

89

CHAPTER VI

CONCLUSION AND RECOMMENDATIONS

6.1. CONCLUSION

The cyberwarfare strategy that was done by the U.S. on Iran covered under the Operation Olympic Games (OOG) is fundamentally another way of political means to achieve the U.S. national objective. This also can be understood as part of the U.S. diplomacy in interacting with Iran. The U.S. has been dealing with its utmost concern namely, Iranian nuclear program. Imposed sanctions on Iran’s economy as well as oil embargo do not seem to be effective to stop Iran from developing its uranium enrichment program. That way, the U.S. seek to overcome this concern through something effective yet invisible. Israel which becomes the closest U.S. ally in the Middle East region was frightened of Iran’s ability to acquire nuclear program, as the bilateral relationship between those two has been the source of mutual distrust for decades. Israel is also struggling and competing with Iran to have regional influence. Thus, preventing Israel from launching air bomb on Iran was also part of the consideration during the OOG discussion process.

Diplomacy is considered to be the fundamental key process of communication and negotiation in the international affairs. It goes hand in hand with foreign policy as a policy instrument done by the global actors. To achieve the U.S. national objective towards Iran, the U.S. implements two different yet specific ways of diplomacy namely, sanctions and cyberwarfare strategy. The effect that Iran has been experiencing from the imposed sanctions by international community and the U.S. do not put Iran to be stopping from what they have been doing. From the aforementioned chapters explaining about how the OOG was decidedly to be made, developed, and eventually to be executed, we can see that the effect that OOG had

90 was considered to be severe, damaging thousands of Iran uranium centrifuges at Natanz and Bushr.

To consider whether this cyberwarfare strategy is effective, we can look up and refer to the recent Geneva interim agreement on Iranian nuclear program in 2013. Considering how Iran and the U.S. both could compromise and made the very first high-level phone call after 34 years of no official diplomatic relations, the OOG is believed to be effective. The interim Geneva signed by the P5+1 countries and Iran on 24 November 2013 consisting on some deals in exchange for decreased economic sanctions and relief. The implications that the agreement has in the Middle East is rather positive. This is believed to be the major step for the region’s security and stability. In this regard, the alternative of diplomacy namely imposed sanctions and cyberwarfare strategy play a key role in the U.S. foreign policy towards Iran. Some analysts believe the current phase of Iran and the U.S. relationship is just “The End of The Beginning.”

Looking up to the examination, it is found that we could never be certain of other states intention, all states possess some offensive military capability, states have survival as their primary goal, and state as rational actors can be summed up as the behavior of nation-states in the international politics sphere. The grand strategy which put national interest up above anything seems to prove its relevancy. The external as well as domestic environment is influencing one another as it is dynamic and keeps adjusting to the international politics situation. It determines the national interest and the strategy a state could possess using all elements such as national security strategy and national military strategy that is implemented under the national policy. The asymmetric strategy is indeed a relevant concept to the chosen topic. Iran’s nuclear centrifuges is considered as the hub of all power and movement which Iranian depended on. It also can be considered as the center of gravity which is both crucial to the U.S. and Iran. Hence, the U.S. options in attacking Iran centrifuges using cyberwarfare strategy is seen to be in compliance with the asymmetric concept.

91

6.2. RECOMMENDATION

The Geneva interim agreement seems to have feared the U.S. allies of how it might strengthen Iran position in the region. As the way between Iran and the U.S. have moved forward, it is still believed that the agreement still far from being agreed on both parties. The peace talks that these parties have over Iran nuclear program have given major shift in the psychological perception notably about power, influence and national interest. The implication of the negotiations could be very immense to the regional stability in the region and beyond. The question now is that whether the Iranian government will move far enough to embrace the deal signed by the U.S. and the P5+1 members? Assuming that the nuclear negotiations shows what it is, in major speaking, positive developments might become possible in the Middle East for the first time in years. The wounds that Iran has due to the past experience have hardened the international community in attempt to deal with possible negotiation. However, the new reformed Iran has shown the dramatic change and shift towards positivism. This psychological perspective, however, cannot be put aside. International community should take the issue also into consideration. That means international community and especially the U.S. have to maintain the trust that Iran is building towards them. The recent diplomatic breakthrough have put so much hope that this could be the end of the beginning for all parties involved, specifically the U.S. and Iran themselves. On the other hand, Iran has to keep its promise to be in compliance with what have been signed and agreed on the agreement. These include IAEA to have managed access, Iran to be open and transparent about the design of the nuclear centrifuges, as well as the rest of the agreement. This, however, needs to be monitored as the agreement takes effective on January 20, 2014 as to maintain everything goes on the right way.

92

BIBLIOGRAPHY

Andrew M. Scott, “The Logic of International Interaction,” International Studies Quarterly

James E. Dougherty. Robert L. Pfaltzgraff, Jr. "System, Structure, Agent, and International Relations Theory." Contending Theories of International Relations: A Comprehensive Survey. 5th ed. N.p.: Longman, 2001

Andress, Jason. Winterfeld, Steve. “Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners”. Elsevier 2011.

Joint Publication 3-13 Information Operations. Department of Defense. 13 Feb 2006

Shane M. Coughlan, “Is there a common understanding of what constitutes cyber warfare?,” The University of Birmingham School of Politics and International Studies, 30 September 2003

Dilanian, Ken. "Cyber-attacks a bigger threat than Al Qaeda, officials say", Los Angeles Times, 12 March 2013

"Legal Experts: Stuxnet Attack on Iran Was Illegal ‘Act of Force’". Wired. Retrieved 5 Oct 2013.

Fildes, Jonathan. "Stuxnet Worm 'targeted High-value Iranian Assets'" BBC News. BBC, 23 Sept. 2010.

93

David E. Sanger. “Obama Order Sped Up Wave of Cyberattacks Against Iran.” The New York Times 1 June 2012

“W32.Stuxnet - Network Information." Endpoint, Cloud, Mobile & Virtual Security Solutions. N.p., n.d.

"Stuxnet Virus Targets and Spread Revealed". BBC News. 5 Oct 2013.

"Duqu: A Stuxnet-like malware found in the wild, technical report". Laboratory of Cryptography of Systems Security (CrySyS).

W32.Duqu – The precursor to the next Stuxnet (Version 1.4)". Symantec. 23 November 2011.

"About Zero Day Exploits". Netsecurity.about.com. 2010-11-11. Retrieved 1 December 2013

Lee, Dave (28 May 2012). "Flame: Massive Cyber-Attack Discovered, Researchers Say". BBC News.

McElroy, Damien; Williams, Christopher (28 May 2012). "Flame: World's Most Complex Computer Virus Exposed". The Daily Telegraph. Retrieved 6 Oct 2013

"Identification of a New Targeted Cyber-Attack". Iran Computer Emergency Response Team. 28 May 2012. Retrieved 6 Oct 2013

Gostev, Alexander (28 May 2012). "The Flame: Questions and Answers". Securelist.

94

"sKyWIper: A Complex Malware for Targeted Attacks". Budapest University of Technology and Economics. 28 May 2012.

Josh Halliday. "WikiLeaks: US Advised to Sabotage Iran Nuclear Sites by German Thinktank." The Guardian. N.p., 18 Jan. 2011

William J. Broad, John Markoff, David E. Sanger. “Israeli Test on Worm Called Crucial in Iran Nuclear Delay”. The New York Times. 15 January 2011

Ellen Nakashima, Greg Miller, Julie Tate. “U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Official Say”. The Washington Post. June 20, 2012

Presidential Policy Directive. (PDF) from Epic.org

Glenn Greenwald. Ewen MacAskill. “Obama orders US to draw up overseas target list for cyber-attacks”. The Guardian. Web. June 7, 2013

National Security Presidential Directives (NSPD): George W. Bush Administration. Federation of American Scientists. Web. Retrieved Oct 16 2013

Kothari, C. R.. “Research Methodology: Methods & Techniques” New Age International Ltd. Publishers. 2004. ISBN (13) : 978-81-224-2488-1 pp. 2-4

James E. Dougherty. Robert L. Pfaltzgraff, Jr. “System, Structure, Agent, and International Relations Theory.” Contending Theories of International

95

Relations: A Comprehensive Survey. 5th ed. N.p.: Longman, 2001. P. 105. Print

Department of Defense – Cyberspace. Dtic.mil. Retrieved 8 Oct 2013

Mearsheimer, John J. "The false promise of international institutions." International Security 19, no. 3 (1994): 5-49. Retrieved 21 Oct 2013

Mearsheimer, John J. “Structural Realism” International Relations Theory (2006). Chapter 4. (PDF) P. 72. Retrieved 22 Oct 2013

Gray, Colin: War, Peace and International Relations - An Introduction to Strategic History, Abingdon and New York: Routledge 2007, p. 283

R. Yarger, Harry Strategic. “Theory for 21st Century: The Little Book on a Big Strategy” Strategic Studies Institute Army Military. 2006, p. 6

Christian Bühlmann.“Asymmetric Strategies: A concept to better understand modern conflicts?”. Military Power Revue der Schweizer Armee. 2009. Accessed Oct 2013

Rod Thornton, Asymmetric Warfare: Threat and Response in the 21st Century (Cambridge: Polity Press, 2007), p.1.

John Hattendorf, Wayne Hughes. Military Strategy, Classics of Sea Power, eds. Annapolic: Nava Institute Press, 1967, reprinted with a new introduction and postscript, 1989. p. 14

96

Bruce W. B, Christopher P. T, Gregory F. T. “What Are Asymmetric Strategies?” RAND, 1999. p. 11

William Cohen, Secretary of Defence, Quadrennial Defense Review 1997.

Clarke, Richard A. & Knake, Robert K., Cyber war: The next threat to national security and what to do about it, HarperCollins Publishers, New York, 2010, p. 6

David Fanca. “Book Review: “Cyberwar: The Next Threat to National Security and What to Do About It”. Global Security Studies Review. Georgetown University. December 18 2012. From Web Accessed October 2013

Saroj Kumar & Supraiya Singh “Business Research Methods.” Retrieved October 2013

Crouch; Sunny Crouch, Matthew Housden (2003). Marketing research for managers; The Marketing Series; Chartered Institute of Marketing. Butterworth-Heinemann. p. 22. ISBN 0750654538. Accessed October 2013

“Qualitative Research Design”, Chapter 4 (2006) PDF. SAGE publications. from Web http://www.sagepub.com/upm-data/13172_Chapter4.pdf. Accessed October 2013

Shepard, Jon; Robert W. Greene (2003). Sociology and You. Ohio: Glencoe McGraw-Hill. pp. A–22. ISBN 0-07-828576-3.

97

Robert K. Yin. Case Study Research: Design and Methods. Fourth Edition. SAGE Publications. California, 2009. ISBN 978-1-4129-6099-1

G. Thomas (2011) A typology for the case study in social science following a review of definition, discourse and structure. Qualitative Inquiry, 17, 6, 511- 521

Berg, B. L. (2009). Qualitative Research Method for the Social Science- Seventh Edition. Boston: Allyin And Bacon – Pearson Education International p. 317

Bogdan, R. C., & Biklen, S. K. (2007). Qualitative Research for Education: An introduction to Theories and Methods. Boston: Pearson Education, Inc. p. 133-138

Jared J. Wesley, “Qualitative Document Analysis in Political Science”. University of Manitoba, Department of Political Studies. 9-10 April 2010 (PDF). T2PP Workshop, 9-10 April 2010, Vrije Universiteit Amsterdam. Accessed October 2013

Bogdan, R. C., & Biklen, S. K. (2007). Qualitative Research for Education: An Introduction to Theories and Methods. Boston: Pearson Education, Inc. p. 133

“Module 9: Introduction to Research”. Methods of Collecting Qualitative Data. From web libweb.surreu.ac.uk Accessed 10 October 2013

98

“Qualitative Research Methods: A Data Collector’s Field Guide”. Qualitative Research Methods Overview (PDF). Module 1. Accessed October 2013. http://www.ccs.neu.edu/course/

Interview qestions about document analysis. Retrieved in January 2013 from http://www.modernanalyst.com/careers/interviewQuestions Berg, B. L. (2009). Qualitative Research Method for the Social Sciences- Seventh Edition. Boston: Allyn and Bacon – Pearson Education International. P. 158

Lowell Barrington (2012-01). Comparative Politics: Structures and Choices, 2nd ed.tr: Structures and Choices. Cengage Learning. p. 121. ISBN 978-1- 111-34193-0. Retrieved 27 September 2013

Burchill, S. (2009). Liberalism. In: Burchill, S. et al. Theories of International Relations. 4th ed. Basingstoke: Palgrave Macmillian. pp.57-85

Federal Research Division (2008), Iran: A Country Stud, 5th ed.: Historical Setting. Liberal of Congress. p.17-22. ISBN 978–0–8444–1187–3. Retrieved 27 September 2013

Ansari, Ali M. Modern Iran since 1921. Longman. 2003 ISBN 0-582-35685-7 p.26-31 2

Gasiorowski, writing in Mohammad Mosaddeq and the 1953 Coup in Iran, Edited by Mark J. Gasiorowski and Malcolm Byrne, Syracuse University Press, 2004, p.261

99

Katz, Mark N. (2010). "Iran and Russia". In Wright, Robin B. The Iran Primer: Power, Politics, and U.S. Policy. United States Institute of Peace. p. 186. ISBN 978-1-60127-084-9.

“Leader’s Call on Islamic Revolution” The Office of the Supreme Leader Sayyid Ali Khamenei.

Saeid Naji, Jayum Anak Jawan. “The U.S. Geopolitical Codes and Its Influences on the US-Iran Relations: The Case of George W. Bush’s Presidency. Journal of Politics and Law. Vol. 4, No. 1; March 2011. Canadian Center of Science and Education. Accessed January 11, 2014

Christopher Hemmer. “Responding to a Nuclear Iran”. Strategic Studies Institute. Accessed January 11, 2014

Gary Sick. Trite Parsi. Ray Takeyh. Barbara Slavin. “Iran’s Strategic Concerns and U.S. Interest”. Symposium: Iran’s Strategic Concerns and U.S. Interest. Middle East Policy Council Vol. XV, No. 1. (2008). Accessed January 11, 2014

Kevin Wang and David Kashi. “Major U.S. Military Operations/Actions to Protect Oil”. Oil Change. WEB. Mediil National Security Journalism Initiative. Accessed January 12, 214

National Security Council Report. “The United States Policy Regarding the Present Situation in Iran.” NC 136/1 No. 47. November 20, 1952

Matthew Kroenig. Robert McNally. “Iranian Nukes and Global Oil”. The American Interest. 12 February 2013. WEB. Accessed January 13, 2013.

100

Gabriel G. Tabrani. “How Iran Plans to Fight America and Dominate the Middle East”. 22 October 2008. AuthorHouse. ISBN-13: 9781438918327

Max Fisher. “Is Israel the Only U.S. Ally in the Middle East? An answer in Map Form”. February 12, 2013. The Washington Post.

“U.S. Relations with Iran: A History of Imperialist Domination, Intrigue, and War” Revolution #88, May 13, 2007. Revolution Newspaper

Glenn Kessler, Peter Baker. “Bush’s ‘Axis of Evil’ Comes Back to Haunt United States”. October 10, 2006. The Washington Post.

Wendy Sherman. “U.S. Policy Toward Iran”. Testimony of the Secretary for Political Affairs. May 15, 2013. U.S. Department of State.

Siavosh Ghazi. “Iran Economy Takes First Breaths After Years of Crippling Sanctions”. 13 January 2013. Middle East Online.

Wendy Sherman. Written Statement before the Senate Foreign Relations Committee. 15 May 2013.

Greg Bruno. “State Sponsors: Iran". Council of Foreign Relations. 13 October 2013

Interview with Michael McConnell by Eben Kaplan. “McConnell Cites ‘Overwhelming Evidnece’ of Iran’s Support for Iraqi Insurgents’” June 28, 2009. Council of Foreign Affairs

101

U.S. State Department Country Reports on Terrorism 2011 - Chapter 3: State Sponsors of Terrorism Retrieved 14 January 2014

Embassy of Pakistan in Washington D.C. “Interest Section of the Islamic Republic of Iran.

Robin Wright. “The Challenge of Iran”. United States Institute of Peace the Iran Primer.

Robin Wright. “THE IRAN PRIMER: Power, Politics, and U.S. Policy Paperback”. United States Institute of Peace. December 2010

"BP Cuts Russia, Turkmenistan Natural Gas Reserves Estimates"

"OPEC Share of World Oil Reserves 2010". OPEC. 2011

Obama’s Remarks at the Signing of the Iran Sanctions Act”. Council on Foreign Relations.

The Lengthening List of Iran Sanctions”. October 14, 2013. Council on Foreign Relations

Presidential Determination No. 2014-03. “Presidential Determination Pursuant to Section 1245(d)(4)(B) and (C) of the National Defense Authorization Act for Fiscal Year 2012”. November 29, 2013. The White House

Hadley, Stephen J. “The George W. Bush Administration”. United States Institute of Peace: The Iran Primer

102

Iran Sanctions. U.S. Department of the Treasury. Resource Center.Web. Accessed 14 January 2014

Prevent Our Enemies from Threatening Us, Our Allies and Our Friends with Weapons of Mass Destrcution”. National Security Strategy of the United States of America. September 2002 (p. 12)

Ellen Nakashima, Greg Miller and Julie Tate. “U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say” (19 June 2012). National Security (The Washington Post)

Executive Secrets: Coved the Presidency, William J. Daugherty, University of Kentucky Press, 2004, page 25

Sanger, David (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". The New York Times. Retrieved 19 October 2012

Rozen, Laura (1 June, 2012). “Operation ‘Olympic Games’: Report Details U.S. Role in Cyber-weapon Targeting Iran Centrifuges”. The Back Channel

W32.Duqu – The precursor to the next Stuxnet (Version 1.4)". Symantec. 23 November 2011

Lee, Dave (28 May 2012). "Flame: Massive Cyber-Attack Discovered, Researchers Say". BBC News.

Sanger, David (2 June, 2012). “Mutually Assured Cyberdestructions?” The New York Times, Sunday Review, The Opinion Pages.

103

Duqu: Steal Everything”. Kaspersky Lab. Web. Accessed 6 December 2013

Rapoza, Kenneth (21 October 2011). “Duqu Virus Likely Handiwork of Sophisticated Government, Kaspersky Lab Says”. Forbes.

Markoff, John (11 October 2011). “New Malicious Program by Creators of Stuxnet Is Suspected”. The New York Times

Duqu infections linked to Microsoft Word exploit”. 2 November 2011. BBC News Technology

Jaseb, Hossein (12 November 2011). “Iran Says Has Detected Duqu Computer Virus”. Rueters. Web. 7 December 2013

W32. Duqu: The Precursor to the Next Stuxnet” (Version 1.4). Symantec. 23 November 2011. PDF. Accessed 6December 2013

“Identification of a New Targeted Cyber-Attack". Iran Computer Emergency Response Team. 28 May 2012. Archived from the original on 30 May 2012. Retrieved 10 Dec 2013.

“sKyWIper: A Complex Malware for Targeted Attacks". Budapest University of Technology and Economics. 28 May 2012. Archived from the original on 30 May 2012

Lee, Dave (4 June 2012). "Flame: Attackers 'sought confidential Iran data'". BBC News

104

Zetter, Kim (28 May 2012). "Meet 'Flame,' The Massive Spy Malware Infiltrating Iranian Computers". Wired. Archived from the original on 30 May 2012. Retrieved 10 Dec 2013.

“Flame: The Never Ending Story”. InfoSec Institute. Web. Accessed 5 Dec 2013.

Zetter, Kim. “Meet ‘Flame’, The Massive Spy Malware Infiltrating Iranian Computers”. August 5 2012. Wired

Jim Finkle. “Factbox: Cyberwarfare expert’s timeline for Iran attack”. Dec 2, 2011. Reuters

Glenn Greenwald, Ewen MacAskill. “Obama Orders U.S. to Draw Up Overseas Target List for Cyber-Attacks”. June 7, 2013.The Guardian

Rizzo, J. (2012, August 02). Cybersecurity bill fails in Senate. CNN

Barton Gellman (24 December 2013). "Edward Snowden, after months of NSA revelations, says his mission’s accomplished". The Washington Post.

EPIC. (n.d.). Presidential Directives and Cybersecurity (PPD-20). EPIC.

Jason Andress, Steve Winterfeld. “Cyber Warfare: Techniques and Tools for Security Practitioners”. Syngress. June1, 2011. P. 37. ISBN 1597496375.

Department of Defense Dictionary of Military and Associated Terms. “Joint Publication1-02”. 8 November 2010 (As Amended Through 15 September 2013).

105

“Influence of This View on the Right Understanding of Military History, and on the Foundations of Theory.” On War, Book I, Chapter 1, 24., Carl von Clausewitz, translated by J.J. Graham, p. 18. ISBN 956-8356-20-7

DOD Directive No. 3600.1, Information Operations. May 2013. Accessed December 2013

IO Roadmap Charter. Department of Defense Information Operations Roadmap. October 20, 2003.

Geers, Kenneth. “Cyberspace and the Changing Nature of Warfare”. SC Magazine. WEB. August 27, 2008. Accessed 26 December 2013

Cody, Edward.”Chinese Official Accuses Nations of Hacking”. Washington Post, September 13, 2007

Computer Network Operations. National Security Agency. WEB. Accessed 26 December 2013

“What are Information Operations”. Cyberspace and Information Operations Study Center. July 24,

“NSA infected 50.000 Computer Networks with Malicious Software”. 23 November.NRC.NL. WEB 2013. Accessed 26 December 2013

Barton Gellman and Ellen Nakashima. ”U.S. Spy Agencies Mounted 231 Offensive Cyber-Operations in 2011,Documents Show”. The Washington Post. 31 August 2013. Web. Accessed 26 December 2013.

106

JOINT PUBLICATION. 3-13, supra note 6, at GL-7 (emphasis added). February 16, 2006

Michael N. Schmitt. “Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework.”. Research Publication 1 Information Series. June 1999

Takeyh, Ray. "Iran: Assessing Geopolitical Dynamics and U.S. Policy Options." Dec 1969. Council on Foreign Relations. Jan 2014.

Steve Smith. “Theories of Foreign Policy: an Historical Overview”. (1986) Review of International Studies. P. 13-29. Jstor

Foreign Policy Analysis, Department of Political Science, College of Arts & Science, and the University of Missouri.

Jeff Mason and Louis Charbonneau. “Obama, Iran’s Rouhani hold historic phone call”. September 28, 2013. Reuters

Anne Gearan and Joby Warrick (23 November 2013). "World powers reach nuclear deal with Iran to freeze its nuclear program". The Washington Post

Blair, David (24 November 2013). "Iran nuclear deal agreed at Geneva talks". The Daily Telegraph. Retrieved 25 November 2013

Parisa Hafezi and Justyna Pawlak (12 January 2014). "Iran nuclear deal to take effect on January 20". Reuters.

107

Andrew M. Scott, “The Logic of International Interaction,” International Studies Quarterly, 21(3) P 438 Retrieved 4 October 2013

James E. Dougherty. Robert L. Pfaltzgraff, Jr. "System, Structure, Agent, and International Relations Theory." Contending Theories of International Relations: A Comprehensive Survey. 5th ed. N.p.: Longman, 2001. p 105. Print. Retrieved 4 Oct 2013 Andress, Jason. Winterfeld, Steve. “Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners”. Elsevier 2011. p. 2 Joint Publication 3-13 Information Operations. Department of Defense. 13 Feb 2006

Shane M. Coughlan, “Is there a common understanding of what constitutes cyber warfare?,” The University of Birmingham School of Politics and International Studies, 30 September 2003, p. 2.

Dilanian, Ken. "Cyber-attacks a bigger threat than Al Qaeda, officials say", Los Angeles Times, 12 March 2013 "Legal Experts: Stuxnet Attack on Iran Was Illegal ‘Act of Force’". Wired. Retrieved 5 Oct 2013. Fildes, Jonathan. "Stuxnet Worm 'targeted High-value Iranian Assets'" BBC News. BBC, 23 Sept. 2010. Web. 05 Oct. 2013 Ibid Ibid David E. Sanger. “Obama Order Sped Up Wave of Cyberattacks Against Iran.” The New York Times 1 June 2012. Web. 06 Oct 2013

Sanger, David (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". The New York Times. Retrieved 19 October 2012 "W32.Stuxnet - Network Information." Endpoint, Cloud, Mobile & Virtual Security Solutions. N.p., n.d. Web. 05 Oct. 2013. "Stuxnet Virus Targets and Spread Revealed". BBC News. 5 Oct 2013. Ibid "Duqu: A Stuxnet-like malware found in the wild, technical report". Laboratory of Cryptography of Systems Security (CrySyS). Retrieved Oct 16, 2013 W32.Duqu – The precursor to the next Stuxnet (Version 1.4)". Symantec. 23 November 2011.

"About Zero Day Exploits". Netsecurity.about.com. 2010-11-11. Retrieved 1 December 2013 Lee, Dave (28 May 2012). "Flame: Massive Cyber-Attack Discovered, Researchers Say". BBC News. McElroy, Damien; Williams, Christopher (28 May 2012). "Flame: World's Most Complex Computer Virus Exposed". The Daily Telegraph. Retrieved 6 Oct 2013 "Identification of a New Targeted Cyber-Attack". Iran Computer Emergency Response Team. 28 May 2012. Retrieved 6 Oct 2013 Gostev, Alexander (28 May 2012). "The Flame: Questions and Answers". Securelist. "sKyWIper: A Complex Malware for Targeted Attacks". Budapest University of Technology and Economics. 28 May 2012.

Josh Halliday. "WikiLeaks: US Advised to Sabotage Iran Nuclear Sites by German Thinktank." The Guardian. N.p., 18 Jan. 2011. Web. 05 Oct. 2013. William J. Broad, John Markoff, David E. Sanger. “Israeli Test on Worm Called Crucial in Iran Nuclear Delay”. The New York Times. 15 January 2011. Web. Retrieved 6 Oct 2013 Ellen Nakashima, Greg Miller, Julie Tate. “U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Official Say”. The Washington Post. June 20, 2012. Web. Accessed 16 December 2013. Presidential Policy Directive. (PDF) from Epic.org. Retrieved Oct 16 2013 Glenn Greenwald. Ewen MacAskill. “Obama orders US to draw up overseas target list for cyber-attacks”. The Guardian. Web. June 7, 2013. Retrieved Oct 16, 2013 Ibid National Security Presidential Directives (NSPD): George W. Bush Administration. Federation of American Scientists. Web. Retrieved Oct 16 2013

Kothari, C. R.. “Research Methodology: Methods & Techniques” New Age International Ltd. Publishers. 2004. ISBN (13) : 978-81-224-2488-1 pp. 2-4

James E. Dougherty. Robert L. Pfaltzgraff, Jr. “System, Structure, Agent, and International Relations Theory.” Contending Theories of International Relations: A Comprehensive Survey. 5th ed. N.p.: Longman, 2001. P. 105. Print. Retrieved 4 Octo 2013 Department of Defense – Cyberspace. Dtic.mil. Retrieved 8 Oct 2013

Mearsheimer, John J. "The false promise of international institutions." International Security 19, no. 3 (1994): 5-49. Retrieved 21 Oct 2013

Mearsheimer, John J. “Structural Realism” International Relations Theory (2006). Chapter 4. (PDF) P. 72. Retrieved 22 Oct 2013 Gray, Colin: War, Peace and International Relations - An Introduction to Strategic History, Abingdon and New York: Routledge 2007, p. 283

R. Yarger, Harry Strategic. “Theory for 21st Century: The Little Book on a Big Strategy” Strategic Studies Institute Army Military. 2006, p. 6 Christian Bühlmann.“Asymmetric Strategies: A concept to better understand modern conflicts?”. Military Power Revue der Schweizer Armee. 2009. Accessed Oct 2013

Rod Thornton, Asymmetric Warfare: Threat and Response in the 21st Century (Cambridge: Polity Press, 2007), p.1. John Hattendorf, Wayne Hughes. Military Strategy, Classics of Sea Power, eds. Annapolic: Nava Institute Press, 1967, reprinted with a new introduction and postscript, 1989. p. 14Bruce W. B, Christopher P. T, Gregory F. T. “What Are Asymmetric Strategies?” RAND, 1999. p. 11

Bruce W. B, Christopher P. T, Gregory F. T. “What Are Asymmetric Strategies?” RAND, 1999. p. 11 William Cohen, Secretary of Defence, Quadrennial Defense Review 1997.

Clarke, Richard A. & Knake, Robert K., Cyber war: The next threat to national security and what to do about it, HarperCollins Publishers, New York, 2010, p. 6

David Fanca. “Book Review: “Cyberwar: The Next Threat to National Security and What to Do About It”. Global Security Studies Review. Georgetown University. December 18 2012. From Web Accessed October 2013

Business Research Methods” , Saroj Kumar & Supraiya Singh. Retrieved October 2013

Crouch; Sunny Crouch, Matthew Housden (2003). Marketing research for managers; The Marketing Series; Chartered Institute of Marketing. Butterworth-Heinemann. p. 22. ISBN 0750654538. Accessed October 2013 “Qualitative Research Design”, Chapter 4 (2006) PDF. SAGE publications. from Web http://www.sagepub.com/upm-data/13172_Chapter4.pdf. Accessed October 2013 Shepard, Jon; Robert W. Greene (2003). Sociology and You. Ohio: Glencoe McGraw-Hill. pp. A–22. ISBN 0-07- 828576-3. Robert K. Yin. Case Study Research: Design and Methods. Fourth Edition. SAGE Publications. California, 2009. ISBN 978-1-4129-6099-1 G. Thomas (2011) A typology for the case study in social science following a review of definition, discourse and structure. Qualitative Inquiry, 17, 6, 511-521 Berg, B. L. (2009). Qualitative Research Method for the Social Science-Seventh Edition. Boston: Allyin And Bacon – Pearson Education International p. 317

Bogdan, R. C., & Biklen, S. K. (2007). Qualitative Research for Education: An introduction to Theories and Methods. Boston: Pearson Education, Inc. p. 133-138

Jared J. Wesley, “Qualitative Document Analysis in Political Science”. University of Manitoba, Department of Political Studies. 9-10 April 2010 (PDF). T2PP Workshop, 9-10 April 2010, Vrije Universiteit Amsterdam. Accessed October 2013

Bogdan, R. C., & Biklen, S. K. (2007). Qualitative Research for Education: An Introduction to Theories and Methods. Boston: Pearson Education, Inc. p. 133

“Module 9: Introduction to Research”. Methods of Collecting Qualitative Data. From web libweb.surreu.ac.uk Accessed 10 October 2013 “Qualitative Research Methods: A Data Collector’s Field Guide”. Qualitative Research Methods Overview (PDF). Module 1. Accessed October 2013. http://www.ccs.neu.edu/course/ Interview qestions about document analysis. Retrieved in January 2013 from http://www.modernanalyst.com/careers/interviewQuestions

Berg, B. L. (2009). Qualitative Research Method for the Social Sciences-Seventh Edition. Boston: Allyn and Bacon – Pearson Education International. P. 158

Lowell Barrington (2012-01). Comparative Politics: Structures and Choices, 2nd ed.tr: Structures and Choices. Cengage Learning. p. 121. ISBN 978-1-111-34193-0. Retrieved 27 September 2013 Burchill, S. (2009). Liberalism. In: Burchill, S. et al. Theories of International Relations. 4th ed. Basingstoke: Palgrave Macmillian. pp.57-85 Federal Research Division (2008), Iran: A Country Stud, 5th ed.: Historical Setting. Liberal of Congress. p.17-22. ISBN 978–0–8444–1187–3. Retrieved 27 September 2013

Ansari, Ali M. Modern Iran since 1921. Longman. 2003 ISBN 0-582-35685-7 p.26-31 2 Gasiorowski, writing in Mohammad Mosaddeq and the 1953 Coup in Iran, Edited by Mark J. Gasiorowski and Malcolm Byrne, Syracuse University Press, 2004, p.261 Katz, Mark N. (2010). "Iran and Russia". In Wright, Robin B. The Iran Primer: Power, Politics, and U.S. Policy. United States Institute of Peace. p. 186. ISBN 978-1-60127-084-9.

“Leader’s Call on Islamic Revolution” The Office of the Supreme Leader Sayyid Ali Khamenei. http://www.leader.ir/langs/en/index.php?p=bayanatArchive. Retrieved 27 September 2013. Saeid Naji, Jayum Anak Jawan. “The U.S. Geopolitical Codes and Its Influences on the US-Iran Relations: The Case of George W. Bush’s Presidency. Journal of Politics and Law. Vol. 4, No. 1; March 2011. Canadian Center of Science and Education. Accessed January 11, 2014

Christopher Hemmer. “Responding to a Nuclear Iran”. Strategic Studies Institute. Accessed January 11, 2014 Gary Sick. Trite Parsi. Ray Takeyh. Barbara Slavin. “Iran’s Strategic Concerns and U.S. Interest”. Symposium: Iran’s Strategic Concerns and U.S. Interest. Middle East Policy Council Vol. XV, No. 1. (2008). Accessed January 11, 2014 Kevin Wang and David Kashi. “Major U.S. Military Operations/Actions to Protect Oil”. Oil Change. WEB. Mediil National Security Journalism Initiative. Accessed January 12, 214

National Security Council Report. “The United States Policy Regarding the Present Situation in Iran.” NC 136/1 No. 47. November 20, 1952 Matthew Kroenig. Robert McNally. “Iranian Nukes and Global Oil”. The American Interest. 12 February 2013. WEB. Accessed January 13, 2013. Gabriel G. Tabrani. “How Iran Plans to Fight America and Dominate the Middle East”. 22 October 2008. AuthorHouse. ISBN-13: 9781438918327

Max Fisher. “Is Israel the Only U.S. Ally in the Middle East? An answer in Map Form”. February 12, 2013. The Washington Post. WEB. Accessed January 14, 2014 Ibid., 85 “U.S. Relations with Iran: A History of Imperialist Domination, Intrigue, and War” Revolution #88, May 13, 2007. Revolution Newspaper. http://revcom.us/a/088/iran-en.html. Accessed 14 January,

Glenn Kessler, Peter Baker. “Bush’s ‘Axis of Evil’ Comes Back to Haunt United States”. October 10, 2006. The Washington Post. WEB. Accessed 14 January 2014. Ibid., 87 http://www.daftar.org/far/default.asp Wendy Sherman. “U.S. Policy Toward Iran”. Testimony of the Secretary for Political Affairs. May 15, 2013. U.S. Department of State. WEB. http://www.state.gov/p/us/rm/2013/202684.htm. Accessed 14 January 2014

Siavosh Ghazi. “Iran Economy Takes First Breaths After Years of Crippling Sanctions”. 13 January 2013. Middle East Online. WEB. Accessed 14 January 2014

Wendy Sherman. Written Statement before the Senate Foreign Relations Committee. 15 May 2013. http://www.state.gov/p/us/rm/2013/202684.htm. Accessed 14 January 2014 Greg Bruno. “State Sponsors: Iran". Council of Foreign Relations. 13 October 2013. Web. Retrieved 14 January 2014 Interview with Michael McConnell by Eben Kaplan. “McConnell Cites ‘Overwhelming Evidnece’ of Iran’s Support for Iraqi Insurgents’” June 28, 2009. Council of Foreign Affairs. WEB. Accessed 14 January 2014 U.S. State Department Country Reports on Terrorism 2011 - Chapter 3: State Sponsors of Terrorism Retrieved 14 January 2014 Embassy of Pakistan in Washington D.C. “Interest Section of the Islamic Republic of Iran. “http://www.daftar.org/ENG/default.asp. Accessed January 11, 2014

Robin Wright. “The Challenge of Iran”. United States Institute of Peace the Iran Primer. From http://iranprimer.U.S.ip.org/resource/challenge-iran. Retrieved 27 September 2013 Robin Wright. “THE IRAN PRIMER: Power, Politics, and U.S. Policy Paperback”. United States Institute of Peace. December 2010. Accessed January 11, 2014. "BP Cuts Russia, Turkmenistan Natural Gas Reserves Estimates". From http://www.WSJ.com. Retrieved 27 September 2013. "OPEC Share of World Oil Reserves 2010". OPEC. 2011 Retrieved 27 September 2013

Obama’s Remarks at the Signing of the Iran Sanctions Act”. Council on Foreign Relations. Web. July 1 2010. Accessed 16 December 2013. The Lengthening List of Iran Sanctions”. October 14, 2013. Council on Foreign Relations. Web. Accessed Dec 2 2013

Presidential Determination No. 2014-03. “Presidential Determination Pursuant to Section 1245(d)(4)(B) and (C) of the National Defense Authorization Act for Fiscal Year 2012”. November 29, 2013. The White House. Web. Accessed 14 January 2014. Hadley, Stephen J. “The George W. Bush Administration”. United States Institute of Peace: The Iran Primer. Web. Accessed 5 December 2013 Iran Sanctions. U.S. Department of the Treasury. Resource Center.Web. Accessed 14 January 2014. http://www.treasury.gov/resource-center/sanctions/Programs/pages/iran.aspx

Prevent Our Enemies from Threatening Us, Our Allies and Our Friends with Weapons of Mass Destrcution”. National Security Strategy of the United States of America. September 2002 (p. 12) Ellen Nakashima, Greg Miller and Julie Tate. “U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say” (19 June 2012). National Security (The Washington Post). Web. Accessed 12 December 2013

Executive Secrets: Coved the Presidency, William J. Daugherty, University of Kentucky Press, 2004, page 25

Sanger, David (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". The New York Times. Retrieved 19 October 2012

Rozen, Laura (1 June, 2012). “Operation ‘Olympic Games’: Report Details U.S. Role in Cyber-weapon Targeting Iran Centrifuges”. The Back Channel. Web. Retrieved November 27, 2013 W32.Duqu – The precursor to the next Stuxnet (Version 1.4)". Symantec. 23 November 2011. Lee, Dave (28 May 2012). "Flame: Massive Cyber-Attack Discovered, Researchers Say". BBC News.

Sanger, David (2 June, 2012). “Mutually Assured Cyberdestructions?” The New York Times, Sunday Review, The Opinion Pages. Retrieved November 27, 2013

Duqu: Steal Everything”. Kaspersky Lab. Web. Accessed 6 December 2013 Rapoza, Kenneth (21 October 2011). “Duqu Virus Likely Handiwork of Sophisticated Government, Kaspersky Lab Says”. Forbes. Web. Accessed 7 December 2013 Markoff, John (11 October 2011). “New Malicious Program by Creators of Stuxnet Is Suspected”. The New York Times. Web. Accessed 6 Desember 2013

Duqu infections linked to Microsoft Word exploit”. 2 November 2011. BBC News Technology. Web. Accessed 10 December 2013. Jaseb, Hossein (12 November 2011). “Iran Says Has Detected Duqu Computer Virus”. Rueters. Web. 7 December 2013

W32. Duqu: The Precursor to the Next Stuxnet” (Version 1.4). Symantec. 23 November 2011. PDF. Accessed 6December 2013 "Identification of a New Targeted Cyber-Attack". Iran Computer Emergency Response Team. 28 May 2012. Archived from the original on 30 May 2012. Retrieved 10 Dec 2013. "sKyWIper: A Complex Malware for Targeted Attacks". Budapest University of Technology and Economics. 28 May 2012. Archived from the original on 30 May 2012. Retrieved 10 Dec 2013. Lee, Dave (4 June 2012). "Flame: Attackers 'sought confidential Iran data'". BBC News. Retrieved 4 Dec 2013. Zetter, Kim (28 May 2012). "Meet 'Flame,' The Massive Spy Malware Infiltrating Iranian Computers". Wired. Archived from the original on 30 May 2012. Retrieved 10 Dec 2013.

“Flame: The Never Ending Story”. InfoSec Institute. Web. Accessed 5 Dec 2013. Zetter, Kim. “Meet ‘Flame’, The Massive Spy Malware Infiltrating Iranian Computers”. August 5 2012. Wired. Web. Accessed 12 December 2013

Jim Finkle. “Factbox: Cyberwarfare expert’s timeline for Iran attack”. Dec 2, 2011. Reuters. WEB. Accessed 14 January 2014

Glenn Greenwald, Ewen MacAskill. “Obama Orders U.S. to Draw Up Overseas Target List for Cyber-Attacks”. June 7, 2013.The Guardian. Web. Accessed 14 January 2014 Ibid Rizzo, J. (2012, August 02). Cybersecurity bill fails in Senate. CNN. WEB. Accessed 16 January 2014 Barton Gellman (24 December 2013). "Edward Snowden, after months of NSA revelations, says his mission’s accomplished". The Washington Post. Accessed 16 January 2014 EPIC. (n.d.). Presidential Directives and Cybersecurity (PPD-20). EPIC. Retrieved from http://epic.org/privacy/cybersecurity/presidential-directives/cybersecurity.html. 14 January 2014

Jason Andress, Steve Winterfeld. “Cyber Warfare: Techniques and Tools for Security Practitioners”. Syngress. June1, 2011. P. 37. ISBN 1597496375. Department of Defense Dictionary of Military and Associated Terms. “Joint Publication1-02”. 8 November 2010 (As Amended Through 15 September 2013).

“Influence of This View on the Right Understanding of Military History, and on the Foundations of Theory.” On War, Book I, Chapter 1, 24., Carl von Clausewitz, translated by J.J. Graham, p. 18. ISBN 956- 8356-20-7

DOD Directive No. 3600.1, Information Operations. May 2013. Accessed December 2013

IO Roadmap Charter. Department of Defense Information Operations Roadmap. October 20, 2003.

Geers, Kenneth. “Cyberspace and the Changing Nature of Warfare”. SC Magazine. WEB. August 27, 2008. Accessed 26 December 2013

Cody, Edward.”Chinese Official Accuses Nations of Hacking”. Washington Post, September 13, 2007 Computer Network Operations. National Security Agency. WEB. Accessed 26 December 2013 “What are Information Operations”. Cyberspace and Information Operations Study Center. July 24,

“NSA infected 50.000 Computer Networks with Malicious Software”. 23 November.NRC.NL. WEB 2013. Accessed 26 December 2013 Barton Gellman and Ellen Nakashima. ”U.S. Spy Agencies Mounted 231 Offensive Cyber-Operations in 2011,Documents Show”. The Washington Post. 31 August 2013. Web. Accessed 26 December 2013.

JOINT PUBLICATION. 3-13, supra note 6, at GL-7 (emphasis added). February 16, 2006

Michael N. Schmitt. “Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework.”. Research Publication 1 Information Series. June 1999. Accessed 28 December 2013. Takeyh, Ray. "Iran: Assessing Geopolitical Dynamics and U.S. Policy Options." Dec 1969. Council on Foreign Relations. Jan 2014.

Steve Smith. “Theories of Foreign Policy: an Historical Overview”. (1986) Review of International Studies. P. 13-29. Jstor. Accessed 20 January 2014 Foreign Policy Analysis, Department of Political Science, College of Arts & Science, and the University of Missouri. http://foreignpolicyanalysis.org/. Accessed January 20, 2014

Top View