Biden administration prepares for a different kind of Iranian cyberthreat

A new crop of intelligence officials will need to consider malicious cyber activity after diplomatic setbacks.
Iran, U.S., intelligence, information operations, cybersecurity
(Getty Images)

As President Joe Biden wraps up his first week in the Oval Office, his national security team is still gearing up to face a myriad of looming digital security threats from Iran.

Just over a year after the Trump administration used a drone strike to kill Qassem Soleimani, a top Iranian general, Iran is still weighing retaliatory action against the U.S., according to a recent Department of Defense assessment. That’s not the only threat the Biden administration may have to contend with — Iran carried out a number of online efforts meant to intimidate potential American voters prior to the presidential election, allegedly launched a hit list that identified U.S. election officials by name and was behind a reported effort to probe U.S. election websites.

“From a geopolitical perspective — with the maximum pressure campaign, the assassination of Soleimani … they are a caged animal and I think they are very dangerous right now,” William Evanina said during a recent Washington Post event, acknowledging Iran’s entry into the election interference space caught him off guard. At the time of his remarks, Evanina was serving as the director of the U.S. National Counterintelligence and Security Center. He resigned from his post at the close of the Trump administration.

“I think the new administration is really going to have to thread the needle on how to keep the pressure on [Iran] and at the same time probably have to provide them an avenue to acquiesce a little bit from the threat because I think they’re on the precipice of harming the nation,” Evanina said.


The path forward with Iran isn’t always clear, current and former intelligence officials said. The complexity of the threat has been on display in recent days, as Iran’s minister for foreign affairs, Javad Zarif, tweeted on Biden’s inauguration day that he hopes “new folks in DC have learned” from the prior administration’s treatment of Iran.

A Twitter account affiliated with Iranian Supreme Leader Ali Khamenei tweeted what appeared to be a threat against former President Donald Trump for the assassination of Soleimani. Although the tweet did not name Trump, the image accompanying the post depicted a drone targeting a golfer resembling the former president.

Twitter moved to permanently suspend the account last week, a Twitter spokesperson confirmed to CyberScoop. The tweet violated Twitter’s abusive behavior policy, the spokesperson said, adding that Twitter opted to boot the account because it was fake, and thus in violation of the company’s platform manipulation and spam policy.

Avril Haines, Biden’s new U.S. director of national intelligence, discussed the administration’s approach toward Iran during her confirmation hearing. Haines did not delve into cyber issues, though she noted that “Iran is a threat and a destabilizing actor” in the Middle East. She also suggested Iran is a long way away from coming into compliance with the 2015 nuclear deal, a sentiment Secretary of State Antony Blinken and Defense Secretary Lloyd Austin echoed in their confirmation hearings. (The U.S. withdrew from the treaty in 2018.)

Discussions around a possible re-entry to the nuclear pact could result in an uptick in cyber-espionage operations, if history provides any lessons. In 2015, after the Obama administration struck an agreement with Tehran to limit Iran’s development of nuclear weapons, security firms reported a surge in espionage apparently aimed at gathering intelligence about U.S. diplomatic efforts.


Iran’s recent messaging on possible retaliation and election interference campaigns should carry an important lesson for the Biden administration, according to Norm Roule, who served as the National Intelligence Manager for Iran at the Office of the Director of National Intelligence during the Obama administration.

“If an adversary undertakes hostile activities without a response, it may well believe that any claimed red lines, were, in fact, rhetorical pink lines,” said Roule, who served in the CIA for 34 years managing programs on Iran and the Middle East. “This will encourage them to undertake more, and likely more aggressive activity, until they reach an actual red line.”

If the U.S. government fails to communicate a clear, understandable diplomatic approach to Iran, unwanted conflict could be the result, Roule warned, adding that death threats from Iran should not be ignored.

“The historic absence of red lines is particularly concerning regarding the Iran issue,” Roule said. “Tehran will certainly wonder what red lines exist with the Biden administration.”

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts