According to a 2013 indictment by the U.S. Department of Justice, hackers backed by a foreign power gained access to the controls of the Bowman Avenue Dam, a small dam in the New York City suburb of Rye, New York. Cyberattacks on infrastructure have long been a concern in the United States: Russia has targeted the U.S. power grid and other critical infrastructure in the past—at times successfully.1 Hackers backed by the People’s Republic of China have targeted U.S. utilities companies.2 However, neither of these strategic adversaries was behind this bold foray into U.S. suburbia: the culprit, according to the indictment, was the Islamic Republic of Iran.3
Over the past decade, Iran has emerged as an important national security challenge for the United States. A novel part of the regime’s effort—facilitated by the advent of the information age and new technology—is its development of a playbook and toolkit designed to undermine the United States at home just as, in the eyes of Tehran, Washington does in Iran. This makes the current Iranian challenge more subtle and nuanced than has been the case for most of the Islamic Republic’s existence. Iran has gradually expanded its capabilities to compete against the United States for influence within the region, and it is now also taking this competition into the United States and even Europe.
One hundred days before the 2020 U.S. elections, the Office of the Director of National Intelligence put a fine point on this threat when National Counterintelligence and Security Center Director William Evanina released a statement noting that, “at this time, we’re primarily concerned with China, Russia and Iran,” who are all looking to “use influence measures in social and traditional media in an effort to sway U.S. voters’ preferences and perspectives, to shift U.S. policies, to increase discord and to undermine confidence in our democratic process.”4 The statement characterized the Iranian threat as follows: “Iran seeks to undermine U.S. democratic institutions and divide the country in advance of the elections. Iran’s efforts center around online influence, such as spreading disinformation on social media and recirculating anti-U.S. content.”5
The Islamic Republic’s authoritarian toolkit is unlikely to become as sophisticated as that of China or Russia in the near-term. After all, Iran’s economy is in shambles, its capacity restrained, and the model of society and governance it tries to offer profoundly limited in its appeal. And even the flagship tool used by Iran to interfere in democracies, namely its online influence operations, continues to suffer from such basic shortcomings as misspelled names, the repeated use of the same tactics and techniques, and a lack of proper research into the target and familiarity with its behavior.6 However, a perceived existential threat posed by the United States, an inability to match the conventional capabilities of the United States and its allies, and a strong desire to compete with the same, have encouraged Iran to double down on efforts to develop a set of asymmetric tools allowing it to overcome its shortcomings. In this sense, Iran is not dissimilar to Russia. “Authoritarian learning” (including partnerships with both Beijing and Moscow) has likely helped Tehran to overcome challenges and to develop its toolkit quickly and effectively.
The result is that Iran is becoming a significant authoritarian actor challenging democracy in the United States and Europe. Tehran’s influence operations span traditional and digital media. The regime has built a sprawling web of traditional media outlets, as well as networks of accounts on all major social media platforms (even as it bans and limits access to these websites at home), allowing it to reach millions of users abroad. The content Iran creates, distributes, and amplifies is multilingual and seeks to adapt to democracies’ social, cultural, and political contexts—with fairly mixed results. Among the objectives of Iran’s information manipulation efforts are sowing tensions in democracies, dividing democratic nations internally and from each other, and alleging hypocrisy in democratic states’ foreign policies, undermining democratization in Iran and elsewhere. Iranian hackers routinely target U.S. persons, academic institutions, companies, non-profit organizations, and government agencies and departments. And Iran’s illicit finance schemes are considerable; although, they are currently focused on sanctions evasion and support of information operations, rather than used as a standalone vector to undermine democracies.
Some of these tools and the tactics used by Iran are similar to those employed by both Russia and China—and both Beijing and Moscow have lent Tehran a hand in developing some of its capabilities,7 particularly in the realm of information manipulation. Iranian, Russian, and Chinese state media and associated social media accounts echo and amplify each other’s messaging. But there are also some differences in how Tehran deploys these tactics. This is in part due to differences in the political culture and structure of the country, the Islamic Republic’s own ideology and worldview, and the country’s status in the international system. Another significant set of differences arises from Iran’s shortcomings vis-à-vis both its adversaries (including the United States) and its authoritarian partners in Russia and China. For example, Russia and China can leverage their vast nuclear arsenal and enormous economic weight, respectively, to compete directly with the United States. Iran is ill-equipped to compete with the United States in either of those domains and, as such, sees this set of tools and efforts to undermine democracy as a means to elevate its level of competition rather than an end in itself. Hence, Tehran’s toolkit is more limited than those of Beijing or Moscow, leading the Islamic Republic to be more deliberate and selective in the programs it develops and, perhaps, more forceful in how it deploys them. As a result, though Iran’s growing efforts to undermine democracy should not be ignored and should be addressed adequately, for now, the Islamic Republic remains a lesser threat than China and Russia.
This report tries to make sense of these activities and provide a framework for understanding Iran’s intentions and capabilities. It provides one of the first comprehensive discussions of Iran’s authoritarian toolkit, doctrine, and objectives. It must be noted that unlike other key Iranian initiatives—such as its nuclear program, missile activities, support for non-state actors, and regional interventions—Iran’s authoritarian toolkit remains scarcely studied in the academic literature. Understanding Tehran’s objectives in undermining democracy and the means it leverages to do so is important for a few reasons. First, Iranian activities over the past few years have shown that the regime is increasingly active in this space. And as Iran’s objectives and the tools it employs are different from those of other key malign actors, understanding their strengths and weaknesses and developing specific responses to them is a worthy exercise. Second, authoritarians learn from each other, and observing the Iranian case allows us to better identify the trends and comprehend the ways in which less powerful malign actors (as opposed to Russia and China, for example) may engage in similar activities designed to undermine democracy.
This report cites primary and secondary sources from the U.S. government, including unclassified and declassified U.S. intelligence reports and other publications, and uses the existing literature on the topic and news articles as sources. Moreover, this report leverages the Alliance for Securing Democracy’s (ASD) Hamilton 2.0 dashboard, which tracks Iranian, Russian, and Chinese information manipulation efforts, equipping researchers with the tools to study the three countries’ official statements, state media reporting, and social media activities.
At present, the academic literature on Iran’s efforts to undermine democracy is limited, as are primary Iranian sources on the topic. Given their often covert and sensitive nature, the regime rarely makes its white papers, memos, and other products available to the public. Much of the open source reporting and analysis is produced by journalists, think tanks, and technology companies. As such, although we consult the academic literature to make sense of broader Iranian objectives and doctrine and to situate the country’s efforts in the context of broader authoritarian learning and resilience, we rely heavily on news articles, as well as research and analysis conducted by news organizations, think tanks, and tech companies. We also use Iranian media and social media activities.
The report proceeds as follows. First, it will provide an overview of Iranian objectives to make sense of its intentions before analyzing the Iranian toolkit. Next, it assesses the strengths and weaknesses of Iran’s approach. Finally, it closes by contextualizing the findings in terms of authoritarian learning and resilience, surveying U.S. vulnerabilities, and offering recommendations for addressing the gaps in democracies’ capabilities. The appendix identifies the key actors involved in developing and implementing Iran’s strategy.
- Rebecca Smith and Rob Barry, “America’s Electric Grid Has a Vulnerable Back Door—And Russia Walked Through It,” The Wall Street Journal, January 10, 2019.
- Zak Doffman, “Chinese State Hackers Suspected Of Malicious Cyber Attack On U.S. Utilities,” Forbes, August 3, 2019.
- Joseph Berger, “A Dam, Small and Unsung, Is Caught Up in an Iranian Hacking Case,” The New York Times, March 25, 2016; David E. Sanger, “U.S. Indicts 7 Iranians in Cyberattacks on Banks and a Dam,” The New York Times, March 24, 2016.
- William Evanina, “Statement by NCSC Director William Evanina: 100 Days Until Election 2020,” ODNI, July 24, 2020.
- Lachlan Markay and Adam Ransley, “U.S. Intel Officials Eye Disinformation Campaign Targeting John Bolton’s Family,” The Daily Beast, August 8, 2019.
- Collin Anderson and Karim Sadjadpour, “Iran’s Cyber Ecosystem: Who Are the Threat Actors?” Chapter 3, Iran’s Cyber Threat: Espionage, Sabotage, and Revenge, Washington: Carnegie Endowment for International Peace, January 4, 2018.