IRAN 2021

AI and the Future of Disinformation Campaigns / Part 1: The RICHDATA Framework  Artificial intelligence offers enormous promise to advance progress, and powerful capabilities to disrupt it. This CSET policy brief is the first installment of a series that examines how advances in AI could be exploited to enhance operations that automate disinformation. Introducing the RICHDATA framework—a disinformation kill chain—this report describes the stages and techniques used by human operators to build disinformation campaigns.

AI and the Future of Disinformation Campaigns / Part 2: A Threat Model  Artificial intelligence offers enormous promise to advance progress and powerful capabilities to disrupt it. As deepfakes and other AI-generated content become popularized, they generate much angst about their use as tools for digital impersonation and disinformation campaigns. Yet, deepfakes provide just one example of how AI may be misused to increase polarization and undermine trust. This CSET policy brief is the second installment of a series that examines how advances in AI could enhance the operations to automate disinformation campaigns. It builds on the RICHDATA framework to demonstrate how machine learning can supercharge the building blocks of campaigns, augment human operators in a human-machine disinformation team, and increase the scale and personalization of disinformation. The report offers recommendations to mitigate this evolution’s worst effects.

Detect and Understand: Modernizing Intelligence for the Gray Zone  Discerning knowable truths amid obfuscation, misdirection, and outright lies is a fundamental mission of intelligence. Former Central Intelligence Agency (CIA) director Allen Dulles held this notion so deeply that he insisted that a biblical exhortation to pursue the truth be carved in stone in the CIA’s lobby. Unfortunately, the challenge—as Pascal mused 300 years prior to the construction of the CIA’s Original Headquarters Building—is that global politics are conducted in a world riven with multiple “truths.” This was a constant of the Cold War, when competing narratives informed an era of great power competition. And the same is true today, when interstate competition once again defines a security landscape muddled by ambiguity, confusion, and deception. There is a rich body of literature describing how the modern era of competition will be dominated by actors advancing their interests via malign activities in the so-called “gray zone” between peace and war. These studies have analyzed the specific ways that actors such as China, Russia, Iran, and others operate below the threshold of conventional war and mix political, economic, information, and military tools to increase their global legitimacy and advance their interests at the expense of the United States and its allies. Since the height of the Cold War, the fields of coercion, bargaining, and deterrence have studied why actors pursue these strategies; namely it is to achieve limited goals without incurring the risk of escalation into a costly and potentially devastating war.
This CSIS study extends the existing body of research on the gray zone further into the specific areas of intelligence collection and analysis. It offers a range of recommendations to improve the ability of U.S. intelligence services to confront the gray zone challenges of modern interstate security competition. In support of this effort, CSIS researchers undertook a six-month project that set out to answer the following three questions:

  • How do gray zone threats challenge the ability of intelligence planners, collectors, and analysts to deliver timely and accurate analysis and warning?
  • How can emerging technologies augment the detection and analysis of gray zone activity?
  • What changes across the areas of collection, analysis, and organizational structure could improve the U.S. intelligence community’s (IC) ability to identify, assess, and warn of threats in the gray zone?

Iranian President Raisi’s renewed emphasis on space is likely to create new tensions Western press reporting on the first 100 days of Iran’s new hardline president, Ebrahim Raisi, has naturally focused on his impact on Iran’s nuclear and missile programs. But in Iran, officials refer to three, not two, “power-creating” (eghtedar-saz) industries: nuclear, missiles, and space. And it is space, more so than either nuclear or missiles, where Raisi has focused his early public efforts. And it is Iran’s moves in space that will probably present President Joe Biden with the first challenge of the post-nuclear deal era. In his first 100 days, Raisi has moved to place his imprint by reinvigorating Iran’s space program, the results of which will be visible in the coming months and years. Raisi has now set in motion a process that will result in Iran launching more satellites in the coming year, unveiling new space launch vehicles, and breaking ground on a new space launch facility in southern Iran. These developments will understandably be interpreted by Western media in the context of Iran’s missile programs and the broader security situation. But it is important to understand that Iran is also deeply committed to the economic, military, and security uses of outer space.
The Biden administration will have to choose how to respond to Iran’s growing presence in space. Will the United States try to balance its legitimate concerns about proliferation with Iran’s right to access space? Or will it treat Iran as a pariah, hoping that vocal opposition to Iran’s space launches will somehow produce a different result than the same approach did with North Korea?
Raisi is very publicly attempting to reinvigorate an Iranian space program that has been struggling in recent years. His new communications minister has criticized the state of the space program left by his predecessor — he called it “sorrowful” and “backwards: and sacked the head of the Iranian Space Agency. Raisi chaired a meeting of the Supreme Space Council
 — the country’s highest-level space policymaking organization — which had not met for more than a decade. At that meeting, Raisi committed Iran to launching more satellites into low earth orbit and reaching geostationary orbit by 2026.  

                       Iranian president, Ebrahim Raisi / Image: Official website of the President of the Islamic Republic of Iran

Iran has two space programs: a state space program and a parallel program run by the Islamic Revolutionary Guard Corps. The state space program is under Iran’s president, who chairs the Supreme Space Council, and like the nuclear fuel cycle, Iran is not going to abandon its space technology cycle under pressure or trade it in its entirety for sanctions relief — the space program has already weathered two decades of foreign pressure, sanctions, and trade controls. Instead, the United States will need to recognize Iran’s space program not simply as a stalking horse for growing missile capabilities, but as an outlet for Iran’s growing scientific and technological capabilities where limits can be negotiated. More in this War on the Rocks article.

Whatever it takes to end it: Iran’s shift toward more oppressive governance Iran is becoming a more authoritarian and repressive state, which has direct implications for the future of the region and the Joint Comprehensive Plan of Action (JCPOA). The Iranian regime is intensifying its efforts to control the population and retain the ruling elite’s hold on power amid mounting domestic crises and instability. Regime leadership has always used repression to secure power, but recent trends indicate a change in the political establishment’s relationship with the Iranian people. The security services are building an increasingly adaptive and sophisticated police and surveillance state, improving their capability to violently suppress domestic dissent. US decision makers must recalibrate their policies vis-à-vis Tehran to reflect this new reality.
Restoring the JCPOA would not reverse Iran’s shift toward more repressive governance. A worsening internal security environment, which may intensify in the years ahead, is driving this transition. Popular protests and violence against the regime have swelled throughout the country in recent years, stoking the Iranian leadership’s fear of domestic instability. Civil disorder, largely driven by economic grievances, has become commonplace, testing the state’s defenses against its own people. Factors further exacerbating authorities’ concerns include the COVID-19 pandemic, the possibility that the US will someday resume a maximum-pressure policy, and political uncertainty in the lead-up to Supreme Leader Ayatollah Ali Khamenei’s passing.
The regime is optimizing its internal security apparatus for social control. Iranian authorities have adopted a three-pronged counterprotest strategy, incorporating prevention, force, and censorship. This approach relies on an expansive constellation of neighborhood patrols, paramilitary forces, and security bases—all designed, in part, to forecast when protests will occur and crush them early. The regime is increasingly involving its conventional military, named the Artesh, and possibly foreign proxy fighters in internal security missions. Advanced technologies are central to this counterprotest strategy. Iranian leadership sees the success of the Chinese Communist Party in controlling and monitoring its own population and seeks to partly emulate this model of social control. Iranian authorities have embraced the concept of internet sovereignty and are increasingly willing to disrupt the internet and telecommunications in Iran to abet their protest crackdowns. They are also investing in domestic surveillance infrastructure and artificial intelligence (AI) to suppress dissent. Iranian officials hope to harness AI’s analytical potential to synthesize a broad range of data streams collected through increasingly diverse digital means to identify and preempt internal security threats in real time. The regime’s more authoritarian mode of governance could change how it interacts with the region and the JCPOA. Iran’s rulers may come to perceive the success of their counterprotest strategy as a source of leverage and strength. The regime could believe that it can more effectively repress its citizens with little fear of consequence and that it is better prepared to survive without the economic benefits of the nuclear deal. Understanding this evolution from the Iranian leadership’s perspective can help US policymakers address the national security challenge Iran poses to the US and its allies and partners. Read AEI’s report.

This huge Chinese company is selling video surveillance systems to Iran Chinese company Tiandy is selling its surveillance technology to Iran’s Revolutionary Guard, police, and military, according to a surveillance research group. Tiandy is one of the world’s largest video surveillance companies, selling cameras and AI-enabled software, including facial recognition technology that it claims can detect someone’s race. Tiandy has signed a five-year contract in Iran, where it plans to have eight local staff members. While the exact package of surveillance capabilities Tiandy will sell to Iran is unclear, IPVM found Tiandy cameras in use by the Iranian firm Sairan—a “state-owned military electronics provider”—and at an undisclosed military base. Crucially, the report revealed that Tiandy’s networked video recorders are in use by the Iranian military and powered by chips produced by US manufacturer Intel, raising questions of whether the Intel has violated US sanctions on Iran. (Intel says it’s investigating.) The new report (“Tiandy’s Iran Business, Sells to Revolutionary Guard And Military”) is among the few pieces of hard evidence for something experts have long suspected: that Iran is trying to build a system of digital control over its citizens, following China’s model and using Chinese tools. Read MIT Technology Review’s full story here.

Source: IPVM

The Iranian-Turkish Cooperation Roadmap: A Solution to Resolving Bilateral Problems and Tensions? In recent months, Turkey and Iran seized an opportunity to try to reduce their long-running multifaceted tensions. Despite geopolitical and security-related frictions, the bilateral relationship is rosier when it comes to business and people-to-people ties. Iran is among the highest sources of tourists to Turkey every year. And the Turkish Statistics Center reported in October that 7,189 houses were purchased in Turkey by Iranians in 2020—a 25 percent increase over 2019. Moreover, over the past two months, Iranians buying houses and apartments in Turkey broke new records: while citizens of the Islamic Republic have always tended to be among top buyers of real estate in Turkey, they now collectively top the list of foreign investors in the Turkish housing market.

Source: Gulf International Forum

Due to the high economic potential between the two countries, Iran and Turkey had pledged to reach a trade turnover of $30 billion by 2015; but that level was never achieved. Last year, mutual trade amounted to only $6 billion, although that low number was caused partially by sanctions on Iran, the COVID-19 pandemic, as well as customs difficulties. Some rebound is expected this year, with estimates that Iranian-Turkish trade could amount to $10 billion by the end of 2021.
Meanwhile, about four years remain before the expiration of the 25-year contract for the export of Iranian natural gas to Turkey. Under these circumstances, Baku and Ankara recently signed a new gas contract, according to which the Republic of Azerbaijan will deliver a total of around 11 billion cubic meters more of gas to Turkey by 2024. Of course, Iran’s predicament in this sphere is not limited to the growth of foreign competitors. Iran itself faces a daily deficit of 200 million cubic meters of gas this winter. And according to the Iranian Ministry of Oil, the South Pars gas field—which accounts for 75 percent of the country’s gas extraction—will reach peak production in 2023, at which point, production will drop by 10 billion cubic meters every subsequent year. Ankara is not waiting around for Tehran to resolve its looming export troubles. More in the December 6, 2021 issue of Jamestown’s Eurasia Daily Monitor (volume 18, issue 181). 

Settlement Agreement between the U.S. Department of the Treasury’s Office of Foreign Assets Control and An Individual The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a $133,860 settlement with a natural U.S. person (“U.S. Person-1”) on December 8, 2021. U.S. Person-1, who at the time of the apparent violations was a U.S. citizen living in the United States, has agreed to settle their potential civil liability for four apparent violations of the Iranian Transactions and Sanctions Regulations, 31. C.F.R. part 560. Specifically, between approximately February 2016 and March 2016, U.S. Person-1 arranged for, and received, four payments on behalf of an Iranian company using a personal bank account in the United States. OFAC determined that U.S. person-1 did not voluntarily disclose the apparent violations, and that the apparent violations constitute an egregious case. For more information, please visit the following web notice. For more information on this specific action, please visit this page

Speech by SIS Chief Richard Moore: Human Intelligence in the Digital Age Richard Moore, Chief of the UK Secret Intelligence Service (MI6), has made his first public speech since taking up his role in October 2020. He talked about the seismic changes he sees in the world, specifically in the espionage environment. He discussed China, Russia and Iran, three of the “Big Four” priorities for the intelligence world. He also explained what the UK is doing to address the fourth priority – the amorphous, shape-shifting character of international terrorism. As part of wider government strategy outlined in the Integrated Review, MI6 is adapting to meet the new threats and challenges that the accelerating pace of technological change now poses. With the shifts in the security landscape and revolutionary advances in technology, the business of espionage has become considerably more challenging. MI6 has traditionally relied primarily on its own capabilities to develop world class technologies. But, as Richard Moore tells the International Institute for Strategic Studies, mastering human intelligence in the digital age is a national security imperative, and it cannot be done alone. That includes being more open and partnering with the private sector to find new technologies to allow continued mastery of human intelligence in the digital age. 
Critically, the workforce of MI6 needs to be as diverse as the population it serves. Richard Moore says in his speech this means the organisation must be more open and able to continue to attract the very best of British talent. See the speech, and read the speech transcript here

Hackers are turning to this simple technique to install their malware on PCs According to a new ZDNet article, nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that’s of interest to their governments. Advanced persistent threat (APT) groups are using rich text format (RTF) template injections.  While the use of RTF text file attachments in phishing emails isn’t new, the technique being used by hackers is easier to deploy and more effective because it’s harder for antivirus software to detect – and many organizations won’t block RTF files by default because they’re part of everyday business operations. The technique is RTF template injection. By altering an RTF file’s document-formatting properties, it’s possible for attackers to weaponise an RTF file to retrieve remote content from a URL controlled by the attackers, enabling them to secretly retrieve a malware payload that gets installed on the victim’s machine.
Attackers can use RTF template injections to open documents in Microsoft Word, which will use the malicious URL to retrieve the payload while also using Word to display the decoy document. This approach might require luring users into enabling editing or enabling content to begin the process of downloading the payload, but with the right form of social engineering, especially off the back of a convincing lure, a victim can be tricked into allowing this process to take place. It isn’t a complex technique, but because it is simple and reliable to use, it has become popular with several nation-state hacking operations, which can deploy RTF attacks instead of other, more complex attacks, but still get the same results. 

Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 U.S. Presidential Election An indictment was unsealed in New York on the 18th of November, 2021, charging two Iranian nationals for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election.
According to court documents, Seyyed Mohammad Hosein Musa Kazemi (سید محمد حسین موسی کاظمی), aka Mohammad Hosein Musa Kazem, aka Hosein Zamani, 24, and Sajjad Kashian (سجاد کاشیان), aka Kiarash Nabavi, 27, both of Iran, obtained confidential U.S. voter information from at least one state election website; sent threatening email messages to intimidate and interfere with voters; created and disseminated a video containing disinformation about purported election infrastructure vulnerabilities; attempted to access, without authorization, several states’ voting-related websites; and successfully gained unauthorized access to a U.S. media company’s computer network that, if not for successful FBI and victim company efforts to mitigate, would have provided the conspirators another vehicle to disseminate false claims after the election.

“This indictment details how two Iran-based actors waged a targeted, coordinated campaign to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The allegations illustrate how foreign disinformation campaigns operate and seek to influence the American public. The Department is committed to exposing and disrupting malign foreign influence efforts using all available tools, including criminal charges.”

“As alleged, Kazemi and Kashian were part of a coordinated conspiracy in which Iranian hackers sought to undermine faith and confidence in the U.S. presidential election,” said U.S. Attorney Damian Williams for the Southern District of New York. “Working with others, Kazemi and Kashian accessed voter information from at least one state’s voter database, threatened U.S. voters via email, and even disseminated a fictitious video that purported to depict actors fabricating overseas ballots. The United States will never tolerate any foreign actors’ attempts to undermine our free and democratic elections. As a result of the charges unsealed today, and the concurrent efforts of our U.S. government partners, Kazemi and Kashian will forever look over their shoulders as we strive to bring them to justice.”

“The FBI remains committed to countering malicious cyber activity targeting our democratic process,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “Working rapidly with our private sector and U.S. government partners and ahead of the election, we were able to disrupt and mitigate this malicious activity – and then to enable today’s joint, sequenced operations against the adversary. Today’s announcement shows what we can accomplish as a community and a country when we work together, and the FBI will continue to do its part to keep our democracy safe.” Department of Justice Press Release.

Evolving trends in Iranian threat actor activity Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state actor activity during a session titled “The Iranian evolution: Observed changes in Iranian malicious network operations”. This blog is intended to summarize the content of that research and the topics covered in their presentation and demonstrate MSTIC’s ongoing efforts to track these actors and protect customers from the related threats. MSTIC consistently tracks threat actor activity, including the groups discussed in this blog, and works across Microsoft Security products and services to build detections into our products that improve customer protections. We are sharing this blog today so that others in the community can also be aware of the latest techniques we have observed being used by Iranian actors. As with any observed nation-state actor activity, Microsoft has directly notified customers that have been targeted or compromised, providing them with the information they need to help secure their accounts. Microsoft uses DEV-#### designations as a temporary name given to an unknown, emerging, or a developing cluster of threat activity, allowing MSTIC to track it as a unique set of information until we reach a high confidence about the origin or identity of the actor behind the activity. Once it meets the criteria, a DEV is converted to a named actor.
Three notable trends in Iranian nation-state operators have emerged: 1) They are increasingly utilizing ransomware to either collect funds or disrupt their targets; 2) They are more patient and persistent while engaging with their targets, and 3) While Iranian operators are more patient and persistent with their social engineering campaigns, they continue to employ aggressive brute force attacks on their targets.
Since September 2020, MSTIC has observed six Iranian threat groups deploying ransomware to achieve their strategic objectives. These ransomware deployments were launched in waves every six to eight weeks on average.

                                                               Source: Microsoft

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC)  have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran.  FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.
Joint Cybersecurity Advisory AA21-321A provides observed tactics and techniques, as well as indicators of compromise that FBI, CISA, ACSC, and NCSC assess are likely associated with this Iranian government-sponsored APT activity. FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors. 

The Future of the Digital Order Nations that successfully harness the vast economic, political, and societal power of emerging information and communications technologies will shape the future of the global digital order. But this future is not set in stone. A closed, illiberal order is taking root in strategic regions around the world, as non-democratic governments exploit digital tools to grow both internal control and external influence. A comprehensive new CNAS report examines how China, Russia, and various Middle Eastern governments are cultivating this new digital order across three pillars: information control, surveillance, and technology governance. The report reveals four key trends with implications for the future:

  • Growing China-Russia alignment will generate dangerous digital synergies.
  • Countries around the world, particularly autocratic regimes and those flirting with illiberalism, will seek to regulate online communications platforms through social media, data localization laws, and instigating company self-censorship.
  • Illiberal regimes will seek out Chinese technology to help them control social movements and civil protests.
  • The practices of illiberal regimes will reduce the efficacy of U.S. mitigation practices. Russia and China’s efforts to promote an illiberal digital order complement one another and could accelerate innovation between the two nations.

The Future of the Digital Order draws on expertise and research from across CNAS’ Technology and National Security, Indo-Pacific Security, Middle Eastern Security, and Transatlantic Security programs. The U.S. must craft a policy response that considers these emerging patterns and incorporates more than its usual partners in Europe and the Indo-Pacific. Shoring up the existing coalition of democratic actors to counter these illiberal trends will likely not be sufficient. The authors offer recommendations that the United States can implement on three fronts: at home, while engaging with traditional U.S. democratic as well as nondemocratic partners, and when countering U.S. adversaries such as China, Russia, and Iran. “An open digital order is the only way to ensure the trust and integrity of technological ecosystems, inclusive growth and shared prosperity, and innovation imbued with universal rights,” the report warns. “Authoritarian uses of technology threaten the strength and resilience of democratic values and institutions.”

Microsoft’s annual Digital Defense Report Introduction: “2021 brought powerful reminders that to protect the future we must understand the threats of the present. This requires that we continually share data and insights in new ways. Certain types of attacks have escalated as cybercriminals change tactics, leveraging current events to take advantage of vulnerable targets and advance their activity through new channels. Change brings opportunity—for both attackers and defenders—and this report will focus on the threats that are most novel and relevant to the community as we look to the months ahead. Looking at the threat landscape, along with data and signals from cross-company teams, five top- level areas emerged as most critical to bring into the sharpest focus in this report: the state of cybercrime; nation state threats; supplier ecosystems, Internet of Things (IoT), and operational technology (OT) security; the hybrid workforce; and disinformation. To provide the greatest benefit, we also extract our recommendations and actionable learnings, and present them throughout the report and in our concluding chapter”.

Hostage diplomacy is back. It requires a forceful response As the release of Huawei’s Meng Wanzhou represents, hostage diplomacy is back, and it requires a forceful response, argues the author, a distinguished senior fellow in foreign and defense policy studies at the American Enterprise Institute (AEI). Right now, the Department of State warns Americans not to travel to Iran due to the risk of kidnapping and arbitrary arrest and to reconsider travel to China due to arbitrary enforcement of local laws. But those warnings are clearly insufficient. If China, Iran, and others view American citizens as pawns to be taken in exchange for policy or political concessions or for human exchanges, it’s time to deny them that option. Read more in AEI’s Op-Ed of October 5, 2021.

Hackers are stealing data today so quantum computers can crack it in a decade Hackers might pose an immediate threat, but US government officials are preparing for another, longer-term problem: attackers who are collecting sensitive, encrypted data now in the hope that they’ll be able to unlock it at some point in the future. This future threat comes from quantum computers, which work very differently from the classical computers we use today. Their complexity could allow them to break many of the encryption algorithms currently used to protect sensitive data such as personal, trade, and state secrets. Officials are trying to develop and deploy new encryption algorithms to protect secrets against this emerging threat. That includes the Department of Homeland Security, which recently released a road map for the transition towards what is known as post-quantum cryptography.

A cryostat at Google’s quantum computing lab near Santa Barbara, California designed to keep a quantum chip at temperatures close to absolute zero. Photograph: Jason Koxvold

The Treasury 2021 Sanctions Review The U.S. Department of the Treasury released the results of a broad review of the economic and financial sanctions that it administers and enforces, and issued recommendations to preserve and enhance their effectiveness in supporting national security and U.S. interests now and in the future. “Sanctions are a fundamentally important tool to advance our national security interests,” said Deputy Secretary Adeyemo. “Treasury’s sanctions review has shown that this powerful instrument continues to deliver results but also faces new challenges. We’re committed to working with partners and allies to modernize and strengthen this critical tool.” During Secretary of the Treasury Janet L. Yellen’s confirmation hearing, she committed to a comprehensive review of sanctions, which Deputy Secretary of the Treasury Wally Adeyemo led. Treasury’s review engaged hundreds of sanctions stakeholders, including former Treasury officials from both parties; key interagency partners including the Department of State, Department of Justice, and USAID; Members of Congress and their staffs; small and large commercial businesses and financial institutions; academics; non-governmental organizations; and the governments of our allies and partners abroad. Treasury’s review found that while sanctions remain an essential and effective policy tool, they also face new challenges including rising risks from new payments systems, the growing use of digital assets, and cybercriminals, as well as situations where careful calibration can help limit the impact of sanctions on the flow of legitimate humanitarian aid to those in need. Read the Treasury 2021 Sanctions Review. Key recommendations to mitigate those challenges and bolster the effectiveness of Treasury’s role in sanctions moving forward include:

Adoption of a structured policy framework that links sanctions to a clear policy objective. This framework asks whether a sanctions action: supports a clear policy objective within a broader strategy; has been assessed to be the right tool for the circumstances; incorporates economic and political implications for sanctions targets and others and has been calibrated to mitigate unintended impacts; includes a multilateral coordination and engagement strategy; and will be easily understood, enforceable, and, where possible, reversible. This policy framework is intended to cover key policy considerations in the sanctions implementation process and offer a standardized set of factors to be consistently used by sanctions professionals for both evaluating potential new actions and assessing the ongoing alignment of sanctions with evolving policy priorities. This framework also incorporates several of the recommendations which emerged from the sanctions review.
Multilateral coordination wherever possible. Sanctions are most effective when coordinated as an Administration and where possible with allies and partners who can magnify the economic and political impact. This coordination also enhances the credibility of U.S. international leadership and shared policy goals of the United States and its allies.

Calibration of sanctions to mitigate unintended economic, political, and humanitarian impact. Treasury should continue to seek ways to tailor sanctions to mitigate unintended economic, humanitarian, and political impacts on U.S. workers and businesses, allies, and non-targeted populations abroad. This will protect key constituencies and help preserve support for U.S. sanctions policy.

Ensuring sanctions are easily understood, enforceable, and, where possible, reversible. Treasury can build on existing outreach and engagement capabilities through enhanced communication with industry, financial institutions, allies, civil society, and the media, as well as new constituencies.

Investment in modernizing Treasury’s sanctions technology, workforce, and infrastructure. Treasury should invest in building its technological capabilities and deepening its institutional knowledge, especially in the evolving digital assets and services space, to support the full sanctions lifecycle of activities. Further investments in Treasury’s sanctions workforce and operational capabilities will sustain Treasury’s ability to execute a core tool of U.S. national security and foreign policy and protect the integrity of the U.S. financial system.

Justice Department IG Releases Audit of FISA Procedures On Sept. 30, 2021, the Department of Justice’s inspector general released an internal audit of the FBI’s procedures around the Foreign Intelligence Surveillance Act (FISA) application process. The FBI’s “Woods Procedures” are one element of the FISA application process in which FBI personnel must “document support for all factual assertions contained in [the applications].” Of an initial sample of 29 FISA applications, the audit found more than 400 instances of non-compliance with Woods Procedures. An additional review of more than 7,000 FISA applications authorized between January 2015 and March 2020 found at least 179 instances in which the required Woods file was missing in whole or in part. The report contains 10 recommendations to the FBI and National Security Division of the Justice Department to better execute the Woods Procedures and ensure accurate submissions of FISA applications. You can read the audit here. See also “The FBI’s FISA Mess”, an article written by the executive editor of Lawfare (and deputy general counsel of the Lawfare Institute), together with the editor in chief of Lawfare (and a Senior Fellow in Governance Studies at the Brookings Institution). 

CSET Legislation Tracker The CSET Legislation Tracker serves as a resource to identify and monitor federal legislation related to emerging technology and national security. In addition to widely covered bills, members of Congress have introduced proposals to secure the U.S. research enterprise, bolster domestic semiconductor production capacity, promote technology alliances with like-minded partners and improve STEM workforce development. This tracker catalogues legislation on topics within CSET’s key areas of inquiry and relevant to U.S. science and technology leadership. Each piece of legislation is represented as a card. Each card includes the bill’s title, sponsor, number of cosponsors and committee of jurisdiction. The panel on the right displays the CSET research topic within which the bill falls and the bill’s current status. At the top of the tracker, users will find pinned cards highlighting specific bills that we deem significant based on widespread media coverage or notable movement through the legislative process.

Full Membership in the Shanghai Cooperation Organization (SCO): A Win-Win Game? Iran’s bid to become a full member of the Shanghai Cooperation Organization (SCO) dates to one year after it received observer status in 2005. All along, however, the most important legal obstacle to its accession has been a series of United Nations Security Council resolutions that identify the Islamic Republic of Iran as a threat to world peace and security. Nevertheless, Iran’s regional neighbors recognized that the country could be an important element of the so-called “North-South” multimodal transit corridor that will more closely connect eastern and western Eurasia, and which can become a leading symbol of cooperation among all the members of the SCO. Iranian participation in both would, thus, ease, if not wholly overcome, the years of extensive effort by Western countries, led by the United States, to isolate the Islamic Republic using various means of economic, political and security pressure. More in this Publication (Eurasia Daily Monitor Volume: 18 Issue: 143).

Terrorist Assets Report (Report to the Congress on Assets in the United States Relating to Terrorist Countries and Organizations Engaged in International Terrorism) OFAC (the Office of Foreign Assets Control of the U.S. Department of the Treasury) has published its 2020 report to Congress on terrorist assets frozen under US sanctions relating to international terrorist organizations (FTOs) and state sponsors of terrorism. As of 31 December 2020, the total amount of blocked funds relating to specially designated global terrorists (SDGTs) and FTOs was $63,442,443, an increase of approximately $330,000 from 2019. Between 2018 and 2019, there was a comparably larger increase of nearly $17 million in blocked assets. In relation to the countries designated as state sponsors of terrorism (Iran, Syria and North Korea), in 2020 the US froze $140.76 million of these states’ funds and assets in total.

Fiscal Year 2022 Intelligence Authorization Act approved In July, 2021, the Senate Intelligence Committee unanimously approved its FY 2022 Intelligence Authorization Act. Timing for full Senate consideration of the bill has not yet been announced. The unclassified portions of the bill include several provisions related to AI and emerging technology:

Sec. 336 requires the Director of National Intelligence to report to Congress on trends in technologies of strategic importance to the United States and areas in which competitors are poised to match or surpass the United States. 
Sec. 340 requires the DNI to develop a plan for establishing a modern digital ecosystem for the development, testing, fielding and updating of AI systems.
Sec. 343 requires the DNI to report to Congress on the potential to strengthen all-source intelligence integration on foreign cyber threats, with a particular focus on cyber supply chain risks.
Sec. 352 requires the DNI to submit to Congress a plan to increase cooperation with the intelligence agencies of key democratic partners regarding technological competition with China. 
Sec. 601 requires the president to report to Congress annually with a technology strategy to maintain U.S. leadership in critical and emerging technologies relevant to U.S. national security.

Significant Cyber Incidents CSIS’ timeline records significant cyber incidents since 2006. The Center for Strategic and International Studies’ focus: cyber-attacks on government agencies, defense and high-tech companies, and economic crimes with losses of more than a million dollars. During the first seven months of 2021 there were 92 significant incidents; the most recent incidents are:

July 2021. A data leak impacted Northern Ireland’s COVIDCert online vaccination certification service, causing their Department of Health to temporarily suspend the portal. 
July 2021. Estonia stated a Tallinn-based hacker downloaded 286,438 ID photos from government database, exposing a vulnerability in a platform managed by their Information System Authority (RIA). 
July 2021. A widespread APT operation was discovered against users in Southeast Asia, believed to be spearheaded by Chinese entities. Researchers found a total of 100 victims in Myanmar and 1,400 in the Philippines, including many government entities. 
July 2021. The Japan 2020 Olympics was subject to data breach exposing the personal credentials of volunteers and ticket holders. The information included usernames, passwords, addresses, and bank account numbers. 
July 2021. The United States, the European Union, NATO and other world powers released joint statements condemning the Chinese government for a series of malicious cyber activities. They attributed responsibility to China for the Microsoft Exchange hack from early 2021 and the compromise of more than 100,000 servers worldwide. 
July 2021. Transnet Port Terminals (TPT), South Africa’s state-run ports operator and freight rail monopoly, had its rail services disrupted after a hack by unknown actors. Transnet reportedly declared it an act “force majeure.” 
July 2021. Several countries used Pegasus, surveillance software created by NSO Group that targets iPhone and Android operating systems, on devices belonging to activists, politicians, and journalists. 
July 2021. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a statement exposing a spearfishing campaign by Chinese state-sponsored hackers between 2011 and 2013. The campaign targeted oil and natural gas pipeline companies in the United States. 
July 2021. Iran used Facebook accounts to pose as recruiters, journalists, and NGO affiliates, targeting U.S. military personnel. The hackers sent malware-infected files or tricked targets into submitting sensitive credentials to phishing sites. 
July 2021. The Russian defense ministry claimed it was hit with a DDoS attack that caused its website to shut down, stating the attack came from outside the Russian Federation. 
July 2021. Norway attributed a March 2021 cyberattack on parliament’s e-mail system to China. 
July 2021. Iran’s transport and urbanization ministry was the victim of a cyber attack that impacted display boards at stations throughout the country. The attack caused delays and cancellations of hundreds of trains across Iran. 
July 2021. Russian hackers exploited a vulnerability in Kaseya’s virtual systems/server administrator (VSA) software allowing them to deploy a ransomware attack on the network. The hack affected around 1,500 small and midsized businesses, with attackers asking for $70 million in payment. 
July 2021. The Ukranian Ministry of Defense claimed its naval forces’ website was targeted by Russian hackers who published fake reports about the international Sea Breeze-2021 military drills. 
June 2021. Russia claimed that Vladimir Putin’s annual phone-in session was targeted by DDoS attacks. 
June 2021. A Chinese-speaking hacking group spearheaded an ongoing espionage effort against the Afghan government through phishing emails. Hackers posed as the Office of the President of Afghanistan and targeted the Afghan National Security Council. 
June 2021. The Iranian government launched a widescale disinformation campaign, targeting WhatsApp groups, Telegram channels and messaging apps used by Israeli activists. The campaign aimed to advance political unrest and distrust in Israel. 
June 2021. Chinese actors targeted organizations, including Verizon and the Metropolitan Water District of Southern California using a platform used by numerous government agencies and companies for secure remote access to their networks. 
June 2021. Hackers linked to Russia’s Foreign Intelligence Service installed malicious software on a Microsoft system that allowed hackers to gain access to accounts and contact information. The majority of the customers targeted were U.S. based, working for IT companies or the government. 
June 2021. The U.S. and British governments announced the Russian GRU attempted a series of brute force access against hundreds of government and private sector targets worldwide from 2019 to 2021, targeting organizations using Microsoft Office 365® cloud services. 
June 2021. United States Naval Institute (USNI) claimed the tracking data of two NATO ships, the U.K. Royal Navy’s HMS Defender and the Royal Netherlands Navy’s HNLMS Evertsen, was falsified off the coast of a Russian controlled naval base in the Black Sea. The faked data positioned the two warships at the entrance of a major Russian naval base. 
June 2021. A cyberattack reportedly from Russia compromised the email inboxes of more than 30 prominent Polish officials, ministers and deputies of political parties, and some journalists. 
June 2021. Sol Oriens, a small government contractor that works for the Department of Energy on nuclear weapons issues, was attacked by the Russia-linked hacking group REvil. 
June 2021. A spreadsheet was leaked containing classified personal details of the 1,182 United Kingdom’s Special Forces soldiers on WhatsApp. 
June 2021. A ransomware attack targeted iConstituent, a newsletter service used by U.S. lawmakers to contact constituents. 
June 2021. Hackers working on behalf of Russian intelligence services are believed to have hacked Netherlands police internal network in 2017. The attack occurred during the country’s investigation of the Malaysia Airlines Flight 17 (MH17) that was shot down in 2014.

Syria and the West: the Efficacy of Economic Sanctions The U.S. and European Union have constructed an expansive and complex array of sanctions against Syria’s regime over the last 30 years, and particularly in the past decade. While such measures have been punitive in nature, the West has sought to utilize them since 2011 as a source of pressure and diplomatic leverage amidst the long-standing deadlock facing negotiations over the country’s future. Despite the best intentions, sanctions have not yielded any meaningful change in Syria diplomacy and as a result, they have become a source of intense political and analytical debate – for some, they are still of value and for others, they are only a source of humanitarian suffering, even if unintentional. The Middle East Institute’s new study (A Comprehensive Review of the Effectiveness of U.S. & EU Sanctions on Syria) is here.

Digest of United States Practice in International Law 2020 The Office of the Legal Adviser publishes the Annual Digest of United States Practice in International Law to provide the public with a historical record of the views and practice of the Government of the United States in public and private international law. The complete 2020 Digest is available at the bottom of this page. The 2020 Digest provides a historical record of key legal developments in 2020. Chapter 16 discusses selected developments during 2020 relating to sanctions, export controls, and certain other restrictions relating to travel or U.S. government assistance. It does not cover developments in many of the United States’ longstanding financial sanctions regimes, which are discussed in detail. It also does not comprehensively cover developments relating to the export control programs administered by the Commerce Department or the defense trade control programs administered by the State Department. Details on the State Department’s defense trade control programs are available here. The Office of the Legal Adviser furnishes advice on all legal issues, domestic and international, arising in the course of the Department’s work. This includes assisting Department principals and policy officers in formulating and implementing the foreign policies of the United States, and promoting the development of international law and its institutions as a fundamental element of those policies. The Office is organized to provide direct legal support to the Department of State’s various bureaus, including both regional and geographic offices (those which focus on specific areas of the world) and functional offices (those which deal with specific subject matters such as economics and business, international environmental and scientific issues, or internal management).

Iran under new management: what could make or break Raisi’s presidency

Ebrahim Raisi  / Photograph: Meghdad Madadi (ATP Images/Getty Images)

Ebrahim Raisi took on multiple challenges when he became Iran’s new president on 5 August. How he copes with four of them could make or break his presidency—and determine Iran’s level of stability for the foreseeable future. The four challenges are to resuscitate Iran’s economy and relieve the severe hardship affecting all citizens, to seek pragmatic foreign policy solutions to regional tensions and instability, to respect the rights of all citizens, and to demonstrate the qualities necessary to be a credible successor to Ayatollah Ali Khamenei as supreme leader. All four challenges are interdependent. And they are ultimately dependent on the outcome of the US–Iran negotiations aimed at bringing Washington back into the Iran nuclear agreement (Joint Comprehensive Plan of Action, or JCPOA). After months of ‘progressive’ bilateral talks in Vienna this year, the negotiations have now stalled. The most compelling reason for Raisi (no doubt with Khamenei’s approval) to encourage the US to quickly rejoin the JCPOA is to relieve the nation’s extreme economic hardship through the restoration of a functional economy by obligating the US to lift all, or at least most, unilateral sanctions, especially those relating to oil exports and international financial transactions. Lifting these, and removing the related punitive measures against other countries that might breach them, would enable Iran to return to near-normal international trade, attract much-needed foreign investment, recreate related employment opportunities and, potentially, commence rebuilding public optimism in Iran’s economic, and political, future. A number of countries are keen to expand their trade and investment with Iran, including China under the terms of the bilateral comprehensive strategic partnership signed this year. More in this article in The Strategist (The Strategist is the commentary and analysis site of the Australian Strategic Policy Institute (ASPI), an independent, non-partisan think tank based in Canberra. ASPI is one of the most authoritative and widely quoted contributors to public discussion of strategic policy issues in Australia and a recognized and authoritative Australian voice in international discussion of strategic issues, especially in the Asia–Pacific).

Issuance of Iran General License M-1 The Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing Iranian Transactions and Sanctions Regulations 31 CFR Part 560 GENERAL LICENSE M-1 “Authorizing the Exportation of Certain Graduate Level Educational Services and Software”. In addition, OFAC is updating related Frequently Asked Question 853 (Iran Sanctions / “853. Can U.S. academic institutions provide online learning services to Iranian students who are not physically present in the United States because of the Coronavirus Disease 2019 (COVID-19) pandemic?  Can U.S. technology companies provide software and services to assist Iranian students in accessing online coursework?”)

The Liberty to Spy Many, if not most, international legal scholars share the ominous contention that espionage, as a legal field, is devoid of meaning. For them, any attempt to extrapolate the lex lata corpus of the International Law of Intelligence (ILI), let alone its lex scripta, would inevitably prove to be a failed attempt, as there is simply nothing to extrapolate. The notion that international law is moot as to the question of if, when, and how intelligence is to be collected, analyzed, and promulgated, has been repeated so many times that it has become the prevailing orthodoxy. This paper, written by Asaf Lubin (Associate Professor of Law, Indiana University Maurer School of Law), offers a new and innovative legal framework for articulating the law and practice of interstate peacetime espionage operations, relying on a body of moral philosophy and intelligence ethics thus far ignored by legal thinkers. This framework diagnoses the legality of covert intelligence at three distinct temporal stages: before, during, and after. In doing so it follows the traditional paradigms of international law and the use of force, which themselves are grounded in the history of Just War Theory. Adopting the Jus Ad, Jus In, Jus Post model is appropriate, given the symbiosis between espionage and fundamental U.N. Charter principles. This paper focuses on the first of these three paradigms, the Jus Ad Explorationem (“JAE”), a sovereign’s prerogative to engage in peacetime espionage and the right’s core limitations. Examining a plethora of international legal sources, the paper exemplifies the myriad ways by which peacetime intelligence gathering has been already recognized as a necessary pre-requisite for the functioning of our global legal order. The paper then discusses the nature of the JAE. It argues that the right to spy is best understood as a privilege in Hohfeldian terms. It shows how understanding interstate intelligence operations as a weaker “liberty right” that imposes no obligations on third parties to tolerate such behavior helps capture the essence of the customary norms that form part of the practice. Recognizing the liberty right to spy opens the door for the doctrine of “abuse of rights” to play a role in constraining the practice. By identifying the only two legitimate justifications for peacetime espionage—advancing the national security interests of States and promoting an increase in international stability and cooperation—we are able to delimit what may constitute abusive spying, defined as exploiting one’s right to spy not for the purposes for which the right was intended. The paper concludes by introducing four categories of unlawful espionage: (1) spying as a means to advance personal interests; (2) spying as a means to commit internationally wrongful acts; (3) spying as a means to advance corporate interests; and (4) spying as a means to exploit post-colonial relations. Keywords: China, Russia, Iran, surveillance, intelligence, espionage, national security, international trade, and international law.

Recognizing ‘geoeconomic risk’: Rethinking corporate risk management for the era of great-power competition As economic policy has become a key strategic means in great-power rivalry, states are attempting to control the economic networks that connect the world. Companies are faced with a growing threat of becoming used as pawns in the geoeconomic competition creating new business risks. The latest FIIA Briefing Paper analyses the risks that companies face in the era of great-power competition. In the paper, the authors introduce a novel concept of ‘geoeconomic risk’ stemming from three geoeconomic drivers. In the era of global supply chains, the geoeconomic disruptions in global politics and the rivalry between the United States and China are a concern for more than just the parties directly targeted. According to the authors, emerging risks call for better definition and an appropriate universal typology. “More data and a better understanding of the root causes, agents, means and implications of geoeconomic risk are required”, the authors state.      

Re-Thinking Assumptions for a 21st Century Middle East American policy in the Middle East is based on outdated assumptions. According to FPRI’s recent report, there are at least four novel elements in or impacting the Middle East that require an adjustment in strategy: 1) North American oil independence, 2) the rise of China, 3) diminishing conventional threats to Israel, and 4) the rise of sub-state actors (in addition to widely recognized terror and insurgent groups, other actors, such as financial firms, technology firms, and private military firms, interact with power that rivals that of weak states). These new factors—alone and in concert—make legacy strategies at least suboptimal, if not unsuitable. Today’s Middle East exhibits very different characteristics than that of the Middle East of the past century. An acceptable and suitable strategy must incorporate these new data points.       

Reining in China’s Technology Giants Since the launch of ASPI ICPC’s Mapping China’s Technology Giants project in April 2019, the Chinese technology companies ASPI canvassed have gone through a tumultuous period. While most were buoyed by the global Covid-19 pandemic, which stimulated demand for technology services around the world, many were buffeted by an unprecedented onslaught of sanctions from abroad, before being engulfed in a regulatory storm at home. This report describes the effects of the Covid-19 pandemic, the growing China–US strategic and technological competition, and a changing Chinese domestic regulatory environment on the 27 Chinese Technology Giants ASPI covers on their map.

Iran’s web of disinformation and anti-Semitic tropes At his mid-June summit with Vladimir Putin, President Biden raised a number of critical issues with the Russian leader, ranging from cyberwarfare to human rights. One thing that wasn’t discussed during the meeting, however, was the question of disinformation – and Russia’s ongoing role in promoting “fake news” and divisive narratives in the United States. Moscow is not alone. U.S. intelligence officials say that the Islamic Republic of Iran is stepping up its disinformation efforts directed at the American public, focusing in particular on promoting racist and anti-Semitic tropes via social media. “It’s a significant level of activity,” one official has told TIME magazine. “It’s active enough that we’re tracking it.” The assessment echoes the estimates of Jewish communal groups such as the Anti-Defamation League (ADL), which have registered an uptick of hate speech and incitement via social media in the wake of last month’s war between Israel and Hamas.
The Biden administration is taking steps to curtail Iran’s malicious online presence. In late June, the U.S. government seized dozens of websites connected to the disinformation efforts of the Iranian government or its assorted proxy groups. “Pursuant to court orders, the United States seized 33 websites used by the Iranian Islamic Radio and Television Union (IRTVU) and three websites operated by Kata’ib Hizballah (KH), in violation of U.S. sanctions,” the Justice Department announced in an official statement.

China-Iran Relations: A Limited but Enduring Strategic Partnership This new U.S.-China Economic and Security Review Commission report examines China’s deepening ties with Iran and the geopolitical constraints on the relationship. It analyzes increased Sino-Iranian economic coordination—China as Iran’s top import and export market and a critical investor in energy and transportation infrastructure—and how that coordination undermines the effectiveness of U.S. policies, like sanctions. The report also assesses China’s proliferation of technology supporting Iran’s ballistic missile program and the threat the two countries’ intelligence sharing and military partnerships pose to U.S. security.

G7, London The first in-person G7 meeting for two years took place in London and a lengthy 90-page communiqué was published on the 5th of May 2021. The Foreign and Development Ministers of the Group of Seven (G7), and the High Representative of the European Union declared:


36. We are committed to ensuring that Iran will never develop a nuclear weapon. We welcome the substantive discussions between JCPoA participants, and separately with the United States, to accomplish a mutual return to compliance with the JCPoA by the United States and Iran. The JCPoA remains the best way to ensure the exclusively peaceful nature of Iran’s nuclear programme. It is vital that Iran preserves the space for these discussions by avoiding any further escalation. The latest Iranian actions are very serious developments and a matter of deep concern. They have no credible civilian requirement and have particularly grave implications. We strongly support the International Atomic Energy Agency (IAEA) in its crucial monitoring and verification work to help ensure Iran’s compliance with the NPT-related safeguards obligations, as well as its other commitments. A restored and fully implemented JCPoA could also pave the way to further address regional and security concerns, including in support of the non-proliferation regime. We condemn Iran’s support to proxy forces and non-state armed actors, including through financing, training and the proliferation of missile technology and weapons. We call on Iran to stop all ballistic missile activities inconsistent with UNSCR 2231, refrain from destabilising actions, and play a constructive role in fostering regional stability and peace. We support efforts to ensure a thorough and credible investigation into the Ukraine International Airlines Flight 752 tragedy to hold Iran accountable. We are deeply concerned by the continued human rights violations and abuses in Iran, including those affecting the exercise of the right to freedom of peaceful assembly, freedom of association, freedom of religion or belief, and freedom of expression. Foreign and dual nationals and human rights defenders have faced arbitrary arrest, detention and lengthy prison sentences and should be released.

ODNI Releases Annual Intelligence Community Transparency Report  Consistent with the Foreign Intelligence Surveillance Act of 1978 (FISA), as amended (codified in 50 U.S.C. § 1873(b)), and the Intelligence Community’s (IC) Principles of Intelligence Transparency, released the eighth annual Statistical Transparency Report Regarding Use of National Security Surveillance Authorities.
This report provides the public not only statistics, but also contextual information, regarding the scope of the government’s use of FISA authorities, National Security Letters, and other national security authorities.  In conjunction with other publicly released material, this report adds insight into the rigorous and multi-layered oversight framework governing the IC that safeguards the privacy and civil liberties of United States (U.S.) person and non-U.S. person information acquired pursuant to these national security authorities. 

Significant Cyber Incidents This CSIS* timeline, with a focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars, records significant cyber incidents since 2003. This list is a work in progress that CSIS will update as new incidents come to light. * The Center for Strategic and International Studies (CSIS) is a bipartisan, nonprofit policy research organization dedicated to advancing practical ideas to address the world’s greatest challenges.

Iranian Nationals Charged with Conspiring to Evade U.S. Sanctions on Iran by Disguising $300 Million in Transactions Over Two Decades A federal criminal complaint, unsealed on March 19 2021, charges 10 Iranian nationals with running a nearly 20-year-long scheme to evade U.S. sanctions on the Government of Iran by disguising more than $300 million worth of transactions – including the purchase of two $25 million oil tankers – on Iran’s behalf through front companies in the San Fernando Valley, Canada, Hong Kong and the United Arab Emirates. In addition, a forfeiture complaint seeks a money laundering penalty in the amount of $157,332,367.

Jury Convicts Iranian National for Illegally Exporting Military Sensitive Items A federal jury convicted an Iranian citizen and a resident of the United Arab Emirates and Germany, for scheming to obtain military sensitive parts for Iran in violation of the Iranian Trade Embargo. These parts had dual-use military and civilian capability and could be used in systems such as nuclear weapons, missile guidance and development, secure tactical radio communications, offensive electronic warfare, military electronic countermeasures (radio jamming), and radar warning and surveillance systems. According to court documents and evidence presented at trial, the Iranian citizen, 39, attempted to transship and transshipped cargo obtained from the U.S. by co-defendants Taiwanese citizen — and Iranian citizen –, using the convicted Iranian national’s company Gulf Gate Sea Cargo LLC, located in Dubai, United Arab Emirates. From Oct. 9, 2007 to June 15, 2011, the defendants obtained or attempted to obtain from companies worldwide over 105,000 parts valued at approximately $2,630,800 involving more than 1,250 transactions. The defendants conducted 599 transactions with 63 different U.S. companies in which they obtained or attempted to obtain parts from U.S. companies without notifying the companies these parts were being shipped to Iran or getting the required U.S. government license to ship these parts to Iran.

SAP Admits to Thousands of Illegal Exports of its Software Products to Iran and Enters into Non-Prosecution Agreement with DOJ First-Ever Voluntary Self-Disclosure of Export Violations Leads to Non-Prosecution Agreement between Global Software Company and Justice Department. Software company, SAP SE, headquartered in Walldorf, Germany, has agreed to pay combined penalties of more than $8 million as part of a global resolution with the U.S. Departments of Justice (DOJ), Commerce and Treasury. In voluntary disclosures the company made to the three agencies, SAP acknowledged violations of the Export Administration Regulations and the Iranian Transactions and Sanctions Regulations. As a result of its voluntary disclosure to DOJ, extensive cooperation and strong remediation costing more than $27 million, DOJ’s National Security Division (NSD) and the U.S. Attorney’s Office for the District of Massachusetts entered into a Non-Prosecution Agreement with SAP. Pursuant to that agreement, SAP will disgorge $5.14 million of ill-gotten gain.

Note: A full copy of the non-prosecution agreement can be viewed here. To learn more about what the Justice Department is doing to deter and hold to account those who violate export controls and sanctions laws, visit A full copy of the Voluntary Self Disclosure (VSD) Policy can be found here.

Russia in the Middle East: National Security Challenges for the United States and Israel in the Biden Era As U.S.-Russian tensions continue to escalate, Russia’s role in the Middle East is of urgent concern both to Israel and the United States. Potential flashpoints include Syria and Iran, new spheres of Russian engagement from Afghanistan to North Africa, and sensitive cybersecurity issues. Russia is also moving in tandem with China to push back against U.S. dominance, including in the Middle East. Leading experts from Israel and the United States address these challenges in a new report published by the Kennan Institute (The Kennan Institute is the premier U.S. center for advanced research on Russia and Eurasia and the oldest and largest regional program at the Woodrow Wilson International Center for Scholars and the Interdisciplinary Center Herzliya (IDC Herzliya is one of Israel’s leading academic institutes).

ODNI Unseals 2020 FISC Decision Granting Government Surveillance Powers On April 26, the Office of the Director of National Intelligence (ODNI) released a redacted Nov. 18, 2020 ruling issued by the Foreign Intelligence Surveillance Court (FISC). The decision, written by Judge James E. Boasberg, grants the U.S. government’s request for approval to continue collecting information on non-U.S. persons in order to acquire foreign intelligence information. Under Section 702 of the Foreign Intelligence Surveillance Act (FISA), the government must seek reauthorization of the certifications and procedures it uses to target foreign nationals to collect intelligence each year. The FISC reviews these requests annually to ensure that the U.S. government’s collection program is in compliance with FISA and the Constitution.

The Persian Temptation – Don’t lose perspective and let Iran run the Near East The Biden Administration’s recent strike on the facilities of Iranian-backed militias in Syria raised a hullabaloo beyond expectations, especially in light of the fact that ordering an airstrike in the Near East has become almost a presidential rite of passage. Still, discussion of the strike has shown that we need to think more concretely and strategically about the administration’s regional political priorities. It is a commonplace to deride U.S. Near East policy as “lacking strategy.” Within that piece of received wisdom lies a bundle of other truisms: that the United States has no strategic goal in the Near East; that petrochemical concerns drove our engagement there in the first place; that the current U.S. posture stems from little more than institutional inertia; that its heavy-handedness alienates potential allies; that the partnership with Israel, with its alleged support for alleged Israeli expansionism, impedes the formation of other advantageous alliances; and that, in light of the foregoing, any further engagement or escalation is a definite overstretch.
These tropes typically come from the mouths of people who stand close to policy, at least the policy of one of the parties. The United States has certainly made mistakes in the Near East. It took our military too long to recognize the realities of a counterinsurgency campaign in Iraq. Bureaucratic infighting produced a mismatch between military and political objectives. And, depending on the party in power, the United States has oscillated between a 19th-century liberal moralism, complete with feckless hand wringing over religious persecution, and democratic utopianism. It is equally certain that sound strategic logic ought to drive future U.S. action in the Near East. The region is critical to any state that has global interests. The importance of the area predates the discovery of oil by around two thousand years; the first indications of its geopolitical relevance appear in the Bible. The ancient Israelites lived at the nexus of several great empires. They prospered through diplomatic maneuver and by gaining wealth from the intercontinental trade transiting the Levantine Basin. Persia’s Achaemenids also derived wealth from the region. One factor in the ascendance of the Greeks was their power over the Levantine Basin before and during Alexander’s conquest of it.
Read the full article from American Purpose, authored by a senior fellow at Hudson Institute and director of Hudson’s Center for American Seapower.

2021 Annual Threat Assessment of the U.S. Intelligence Community This annual report of worldwide threats to the national security of the United States responds to Section 617 of the FY21 Intelligence Authorization Act (P.L. 116-260). This report reflects the collective insights of the Intelligence Community (IC), which is committed every day to providing the nuanced, independent, and unvarnished intelligence that policymakers, warfighters, and domestic law enforcement personnel need to protect American lives and America’s interests anywhere in the world. This assessment focuses on the most direct, serious threats to the United States during the next year. The order of the topics presented in this assessment does not necessarily indicate their relative importance or the magnitude of the threats in the view of the IC. All require a robust intelligence response, including those where a near-term focus may help head off greater threats in the future, such as climate change and environmental degradation. As required by the law, this report will be provided to the congressional intelligence committees as well as the committees on the Armed Services of the House of Representatives and the Senate. Information available as of 9 April 2021 was used in the preparation of this assessment.

Did the US Intelligence Community Lose Iran? Claims of an American intelligence failure began even before the triumph of the Iranian Revolution. In November 1978, US president Jimmy Carter complained to his national-security team: ‘I am not satisfied with the quality of our political intelligence.’ Stansfield Turner, the director of the CIA, followed up with a confession of his own: ‘What we didn’t forecast was that … a 78-year-old cleric who had been in exile for 15 years would be the catalyst that would bring these forces together, and that we would have one huge volcano – a truly national revolution.’ The theme of intelligence mishaps gained more traction after the mullahs’ triumph, as Carter and his senior aides looked for someone to blame for the disaster in Iran. Today, it is widely accepted that the CIA missed the Islamist storm that swept away one of America’s most consequential allies in the Middle East.
What constitutes an intelligence failure is a question that has often bedeviled historians. Revolutions are a rare historical phenomenon, whose force and ferocity confound all the actors, including those leading it. Four decades after the Iranian Revolution, it is time for a more dispassionate assessment of the intelligence community’s performance. The record of the US intelligence services was hardly perfect, but they did get many things right. In the early 1970s, they noticed the rising discontent among key sectors of Iranian society and the importance of religion as an ideology of dissent. As the revolution unfolded, their assessments became sharper and their judgements shrewder.
The full article is available in the April–May issue of IISS’ Survival: Global Politics and Strategy (the International Institute for Strategic Studies is an international research institute).

Reimagining U.S. Strategy in the Middle East U.S. policy toward the Middle East has relied heavily on military instruments of power and has focused on regional threats—particularly the Iranian threat—with the goal of keeping partners on “our side.” These long-standing policies have largely fallen short of meeting core U.S. interests and adapting to new regional realities and strategic imperatives. RAND researchers offer an alternative framework, suggesting that the U.S. strategic priority must center on reducing regional conflict and the drivers of conflict. This revised strategic approach puts a greater focus on addressing conflict and socioeconomic challenges that are creating unsustainable pressures on the region’s states and immense suffering among its people. Researchers analyze how the tools of U.S. policy—political, security, economic, diplomatic, and informational instruments—would need to adjust to more effectively address such challenges in ways that are mindful of limited resources at home. Researchers also examine how the United States deals with both partners and adversaries in and outside the region and consider how to better leverage policies to the benefit of U.S. interests and the region. The researchers recommend specific actions organized into the following three pillars: (1) shifting resources from the current heavy reliance on military tools to a more balanced approach that prioritizes economic investments, governance, diplomacy, and programs focused on people; (2) favoring a long-term time horizon to reduce regional conflict and support growth and development, even at the cost of short-term risks; and (3) working multilaterally with global and regional partners to address key challenges.
The research report (this research was conducted within the RAND Center for Middle East Public Policy, a center within International Programs at the RAND Corporation) offers many recommendations.

The Militarization of Cyberspace? Cyber-Related Provisions in the National Defense Authorization Act With Congress struggling to pass stand-alone cybersecurity legislation, the National Defense Authorization Act (NDAA) is now the primary vehicle to pass all matters of cybersecurity legislation. Because the annual defense bill typically requires provisions to have a tie to national security, other cyber issues, like those pertaining to criminal justice, tend to be excluded. As a result, the authorities and resources awarded to Department of Defense (DoD) cyber mission far outpace those provided to civilian agencies responsible for partnering with state, local, private, and international partners. With ransomware and cyber incidents at an all-time high, Congress should either include a new title in future Defense bills to bolster US cyber enforcement and civilian agencies’ capabilities or pass a cyber-omnibus bill to fix policy gaps and provide commensurate funds to federal and local agencies to combat malicious cyber activity. In Third Way’s paper (Third Way is a national think tank that champions modern center-left ideas) Third Way analyzed the last five NDAAs (2017-2021) to chronicle Washington’s reliance on the NDAA to shepherd through a wide swath of cybersecurity legislation.

Global Britain in a Competitive Age, the Integrated Review of Security, Defence, Development and Foreign Policy This is a new (March 2021) U.K. Government 114-page report on British defense and foreign policy, presented to Parliament by the Prime Minister by Command of Her Majesty.

A New 25-Year Strategic Partnership Between Iran and China Iranian state media and diplomats trumpeted the signing of a new 25-year strategic partnership between Iran and China, under which Iran will supply China with crude oil in exchange for Chinese investment. Regime-linked media emphasized that this was a dire development for U.S. global power.
In January 2016, just as sanctions were eased, Chinese President Xi Jinping visited Tehran and proposed a long-term comprehensive, strategic partnership program that would involve Chinese investment in Iranian infrastructure and assured supplies of Iranian oil and gas at concessional rates. Reluctant to be tied into too close a Chinese embrace, Iran kept the negotiations going for years. The partnership, first proposed by China’s leader, Xi Jinping, during a visit to Iran in 2016, was approved by President Hassan Rouhani’s cabinet in June, Iran’s foreign minister, Mohammad Javad Zarif, said.

Securing the ICTS Supply Chain (15 CFR Part 7) On January 19, 2021, the US Department of Commerce issued a long-awaited interim final rule (“Interim Final Rule”), which would enable the Department of Commerce to prohibit or otherwise restrict transactions involving the Information and Communication Technology and Services (“ICTS”) supply chain, including both hardware and software, that have a nexus to certain designated “foreign adversaries,” including China, Russia, and Iran, for purposes of protecting national security. The Interim Final Rule is scheduled to go into effect on March 22, 2021.

Political Scientist Author Charged with Acting as an Unregistered Agent of The Iranian Government On Jan. 19, the Department of Justice unsealed a criminal complaint against Kaveh Lotfolah Afrasiabi. The Justice Department has charged Afrasiabi with acting and conspiring to act as an unregistered agent of the Iran government, in violation of 18 USC § 371, along with 22 USC §§ 612 and 618(a)(1) of the Foreign Agents Registration Act (FARA). The charges against Afrasiabi stem from his alleged failure to register as an agent of Iran. Assistant Attorney General John Demers alleged in a press conference that, “For over a decade, Kaveh Afrasiabi pitched himself to Congress, journalists, and the American public as a neutral and objective expert on Iran…all the while, Afrasiabi was actually a secret employee of the Government of Iran and the Permanent Mission of the Islamic Republic of Iran to the United Nations.” The press release is available here and the criminal complaint is below.

NSA: Cybersecurity Year in Review (2020) While not all-inclusive, this Year in Review outlines key milestones and mission outcomes achieved during NSA Cybersecurity’s first year.

Bureau of Cyberspace Security and Emerging Technologies A new office at the State Department has been approved – the Bureau of Cyberspace Security and Emerging Technologies (CSET) – which will help lead diplomatic efforts. “The need to reorganize and resource America’s cyberspace and emerging technology security diplomacy through the creation of CSET is critical, as the challenges to U.S. national security presented by China, Russia, Iran, North Korea, and other cyber and emerging technology competitors and adversaries have only increased since the Department notified Congress in June 2019 of its intent to create CSET,” a State Department spokesperson said.