According to the makers of a new documentary film called Zero Days, the United States had extensive plans for a massive American cyber attack on Iran, code-named “Nitro-Zeus,” should the nuclear deal have fallen through.
The New York Times, which says it “conducted separate interviews to confirm the outlines of the program,” describes Nitro Zeus as the greatest challenge presented during the young life of the U.S. Cyber Command. “Before it was developed, the U.S. had never assembled a combined cyber and kinetic attack plan on this scale,” said one anonymous source.
The “kinetic” elements of the plan would have come into play after U.S. hackers disabled Iran’s air defense network, communications, and power grid. There was also a more specific plan to covertly sabotage computer systems at Iran’s Fordo nuclear enrichment site, along the lines of the Stuxnet virus attack that compromised the Natanz uranium enrichment facility in 2008.
The Times reports:
At its height, officials say, the planning for Nitro Zeus involved thousands of American military and intelligence personnel, spending tens of millions of dollars and placing electronic implants in Iranian computer networks to “prepare the battlefield,” in the parlance of the Pentagon.
The report goes on to compare cyber weapons to nuclear weapons in several respects, including the directives that state “only the president can authorize an offensive cyberattack, just as the president must approve the use of nuclear weapons.”
Like the H-bomb, cyber attacks on the scale of Nitro Zeus are described as “a new form of weaponry whose ultimate effects are only vaguely understood.” The planners thought collateral damage would be difficult to predict because they had little hard information about the way networks and infrastructure are connected in Iran. It was also difficult to predict how effective the cyber-strike would have been at neutralizing its intended targets.
The Zero Days documentary asserts that even Stuxnet got out of hand, infecting systems outside its original attack parameters until its existence was prematurely exposed, although Ars Technica quotes Stuxnet experts who dispute that account.
It is noted that the Nitro Zeus contingency plan might have involved, or assumed, assistance from the Israelis, who might also have prompted its deployment, if they had chosen to attack Iran’s nuclear facilities.
Zero Days director Alex Gibney seems appalled by the Nitro Zeus plan–and by Stuxnet before it.
“Gibney contends that Stuxnet opened forever the Pandora’s Box of digital warfare, and that it had been used as an instrument of warfare against a country with which the United States was not at war,” writes Reuters. “He also says the United States could well be more vulnerable than other countries, taking into account that its economy and companies are the most Internet-connected in the world.”
Gibney also declared himself “angry about the incredible amount of secrecy in the United States and how it has become a kind of obsession that is damaging our democracy,” according to Reuters, which notes the title of his film is a reference to the zero-day flaws in computer software exploited by hackers, both freelance and government-employed.
Given this attitude, Gibney would probably be enraged by the speculation of cyber-war experts at Politico that his film is, itself, an instrument of that super-secretive government.
According to these theories, the material about Nitro Zeus was leaked to him on purpose, so he would create a nominally hostile documentary that actually conveyed a message about the Obama administration’s strength–a great deal of the general public will not think of using cyber-weapons against Iran as an inherently bad idea–and also send a warning to Iran about what might happen to it should it betray the terms of the nuclear deal. That might be the only way to squeeze any value from a billion-dollar cyber weapon that will never be deployed.