After Iranians shot down a U.S. drone over the Gulf of Oman in June, President Trump publicly discussed his reticence to engage in a conventional retaliatory strike against Iran, citing his desire to avoid disproportionate human casualties.
Less reported was the unconventional response that the U.S. allegedly made shortly thereafter, targeting both Iranian missile launch systems and an Iranian intelligence group which the U.S. believe has helped coordinate recent attacks on tankers in the Persian Gulf. In both cases, the U.S. cyber counterstrike was intended both to degrade Iran’s capabilities and to serve as a warning for the future.
The U.S. Blames Iran For Recent Tanker Attacks in the Gulf
Source: South China Morning Post
The retaliatory cyberattacks underline a change in the U.S.’ cyberwarfare stance which has accelerated under the current administration. In 2018, the U.S.’ Cyber Command was split off into its own unit, separate from U.S. Strategic Command, where it has had its home since its creation in 2009. At the same time, U.S. cybersecurity doctrine has shifted from a narrow focus on defense and deterrence to a greater proactive engagement with malicious actors and potential threats.
This is not simple belligerence; it is part of a developing consensus that the diffuse and opaque world of cyberwarfare does not lend itself to the kind of strategic deterrence that characterizes conventional military operations. Rather than “deterrence,” disruption is becoming the watchword.
The current administration has also put new explicit policies into place to streamline approvals for conducting retaliatory or preemptive cyberattacks and covert preparations for such attacks.
Investment implications: Cybersecurity will be an enduring theme for investors for the foreseeable future — one of the pillars of the new, digital industrial revolution that is underway and in many ways, just getting started.