IRAN 2021

Justice Department IG Releases Audit of FISA Procedures On Sept. 30, 2021, the Department of Justice’s inspector general released an internal audit of the FBI’s procedures around the Foreign Intelligence Surveillance Act (FISA) application process. The FBI’s “Woods Procedures” are one element of the FISA application process in which FBI personnel must “document support for all factual assertions contained in [the applications].” Of an initial sample of 29 FISA applications, the audit found more than 400 instances of non-compliance with Woods Procedures. An additional review of more than 7,000 FISA applications authorized between January 2015 and March 2020 found at least 179 instances in which the required Woods file was missing in whole or in part. The report contains 10 recommendations to the FBI and National Security Division of the Justice Department to better execute the Woods Procedures and ensure accurate submissions of FISA applications. You can read the audit here. See also “The FBI’s FISA Mess”, an article written by the executive editor of Lawfare (and deputy general counsel of the Lawfare Institute), together with the editor in chief of Lawfare (and a Senior Fellow in Governance Studies at the Brookings Institution). 

CSET Legislation Tracker The CSET Legislation Tracker serves as a resource to identify and monitor federal legislation related to emerging technology and national security. In addition to widely covered bills, members of Congress have introduced proposals to secure the U.S. research enterprise, bolster domestic semiconductor production capacity, promote technology alliances with like-minded partners and improve STEM workforce development. This tracker catalogues legislation on topics within CSET’s key areas of inquiry and relevant to U.S. science and technology leadership. Each piece of legislation is represented as a card. Each card includes the bill’s title, sponsor, number of cosponsors and committee of jurisdiction. The panel on the right displays the CSET research topic within which the bill falls and the bill’s current status. At the top of the tracker, users will find pinned cards highlighting specific bills that we deem significant based on widespread media coverage or notable movement through the legislative process.

Full Membership in the Shanghai Cooperation Organization (SCO): A Win-Win Game?

                                                                                                    Source: Pxfuel 

Iran’s bid to become a full member of the Shanghai Cooperation Organization (SCO) dates to one year after it received observer status in 2005. All along, however, the most important legal obstacle to its accession has been a series of United Nations Security Council resolutions that identify the Islamic Republic of Iran as a threat to world peace and security. Nevertheless, Iran’s regional neighbors recognized that the country could be an important element of the so-called “North-South” multimodal transit corridor that will more closely connect eastern and western Eurasia, and which can become a leading symbol of cooperation among all the members of the SCO. Iranian participation in both would, thus, ease, if not wholly overcome, the years of extensive effort by Western countries, led by the United States, to isolate the Islamic Republic using various means of economic, political and security pressure. More in this Publication (Eurasia Daily Monitor Volume: 18 Issue: 143).

Terrorist Assets Report (Report to the Congress on Assets in the United States Relating to Terrorist Countries and Organizations Engaged in International Terrorism) OFAC (the Office of Foreign Assets Control of the U.S. Department of the Treasury) has published its 2020 report to Congress on terrorist assets frozen under US sanctions relating to international terrorist organizations (FTOs) and state sponsors of terrorism. As of 31 December 2020, the total amount of blocked funds relating to specially designated global terrorists (SDGTs) and FTOs was $63,442,443, an increase of approximately $330,000 from 2019. Between 2018 and 2019, there was a comparably larger increase of nearly $17 million in blocked assets. In relation to the countries designated as state sponsors of terrorism (Iran, Syria and North Korea), in 2020 the US froze $140.76 million of these states’ funds and assets in total.

Fiscal Year 2022 Intelligence Authorization Act approved In July, 2021, the Senate Intelligence Committee unanimously approved its FY 2022 Intelligence Authorization Act. Timing for full Senate consideration of the bill has not yet been announced. The unclassified portions of the bill include several provisions related to AI and emerging technology:

Sec. 336 requires the Director of National Intelligence to report to Congress on trends in technologies of strategic importance to the United States and areas in which competitors are poised to match or surpass the United States. 

Sec. 340 requires the DNI to develop a plan for establishing a modern digital ecosystem for the development, testing, fielding and updating of AI systems.

Sec. 343 requires the DNI to report to Congress on the potential to strengthen all-source intelligence integration on foreign cyber threats, with a particular focus on cyber supply chain risks.

Sec. 352 requires the DNI to submit to Congress a plan to increase cooperation with the intelligence agencies of key democratic partners regarding technological competition with China. 

Sec. 601 requires the president to report to Congress annually with a technology strategy to maintain U.S. leadership in critical and emerging technologies relevant to U.S. national security.

Significant Cyber Incidents CSIS’ timeline records significant cyber incidents since 2006. The Center for Strategic and International Studies’ focus: cyber-attacks on government agencies, defense and high-tech companies, and economic crimes with losses of more than a million dollars. During the first seven months of 2021 there were 92 significant incidents; the most recent incidents are:

July 2021. A data leak impacted Northern Ireland’s COVIDCert online vaccination certification service, causing their Department of Health to temporarily suspend the portal. 

July 2021. Estonia stated a Tallinn-based hacker downloaded 286,438 ID photos from government database, exposing a vulnerability in a platform managed by their Information System Authority (RIA). 

July 2021. A widespread APT operation was discovered against users in Southeast Asia, believed to be spearheaded by Chinese entities. Researchers found a total of 100 victims in Myanmar and 1,400 in the Philippines, including many government entities. 

July 2021. The Japan 2020 Olympics was subject to data breach exposing the personal credentials of volunteers and ticket holders. The information included usernames, passwords, addresses, and bank account numbers. 

July 2021. The United States, the European Union, NATO and other world powers released joint statements condemning the Chinese government for a series of malicious cyber activities. They attributed responsibility to China for the Microsoft Exchange hack from early 2021 and the compromise of more than 100,000 servers worldwide. 

July 2021. Transnet Port Terminals (TPT), South Africa’s state-run ports operator and freight rail monopoly, had its rail services disrupted after a hack by unknown actors. Transnet reportedly declared it an act “force majeure.” 

July 2021. Several countries used Pegasus, surveillance software created by NSO Group that targets iPhone and Android operating systems, on devices belonging to activists, politicians, and journalists. 

July 2021. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a statement exposing a spearfishing campaign by Chinese state-sponsored hackers between 2011 and 2013. The campaign targeted oil and natural gas pipeline companies in the United States. 

July 2021. Iran used Facebook accounts to pose as recruiters, journalists, and NGO affiliates, targeting U.S. military personnel. The hackers sent malware-infected files or tricked targets into submitting sensitive credentials to phishing sites. 

July 2021. The Russian defense ministry claimed it was hit with a DDoS attack that caused its website to shut down, stating the attack came from outside the Russian Federation. 

July 2021. Norway attributed a March 2021 cyberattack on parliament’s e-mail system to China. 

July 2021. Iran’s transport and urbanization ministry was the victim of a cyber attack that impacted display boards at stations throughout the country. The attack caused delays and cancellations of hundreds of trains across Iran. 

July 2021. Russian hackers exploited a vulnerability in Kaseya’s virtual systems/server administrator (VSA) software allowing them to deploy a ransomware attack on the network. The hack affected around 1,500 small and midsized businesses, with attackers asking for $70 million in payment. 

July 2021. The Ukranian Ministry of Defense claimed its naval forces’ website was targeted by Russian hackers who published fake reports about the international Sea Breeze-2021 military drills. 

June 2021. Russia claimed that Vladimir Putin’s annual phone-in session was targeted by DDoS attacks. 

June 2021. A Chinese-speaking hacking group spearheaded an ongoing espionage effort against the Afghan government through phishing emails. Hackers posed as the Office of the President of Afghanistan and targeted the Afghan National Security Council. 

June 2021. The Iranian government launched a widescale disinformation campaign, targeting WhatsApp groups, Telegram channels and messaging apps used by Israeli activists. The campaign aimed to advance political unrest and distrust in Israel. 

June 2021. Chinese actors targeted organizations, including Verizon and the Metropolitan Water District of Southern California using a platform used by numerous government agencies and companies for secure remote access to their networks. 

June 2021. Hackers linked to Russia’s Foreign Intelligence Service installed malicious software on a Microsoft system that allowed hackers to gain access to accounts and contact information. The majority of the customers targeted were U.S. based, working for IT companies or the government. 

June 2021. The U.S. and British governments announced the Russian GRU attempted a series of brute force access against hundreds of government and private sector targets worldwide from 2019 to 2021, targeting organizations using Microsoft Office 365® cloud services. 

June 2021. United States Naval Institute (USNI) claimed the tracking data of two NATO ships, the U.K. Royal Navy’s HMS Defender and the Royal Netherlands Navy’s HNLMS Evertsen, was falsified off the coast of a Russian controlled naval base in the Black Sea. The faked data positioned the two warships at the entrance of a major Russian naval base. 

June 2021. A cyberattack reportedly from Russia compromised the email inboxes of more than 30 prominent Polish officials, ministers and deputies of political parties, and some journalists. 

June 2021. Sol Oriens, a small government contractor that works for the Department of Energy on nuclear weapons issues, was attacked by the Russia-linked hacking group REvil. 

June 2021. A spreadsheet was leaked containing classified personal details of the 1,182 United Kingdom’s Special Forces soldiers on WhatsApp. 

June 2021. A ransomware attack targeted iConstituent, a newsletter service used by U.S. lawmakers to contact constituents. 

June 2021. Hackers working on behalf of Russian intelligence services are believed to have hacked Netherlands police internal network in 2017. The attack occurred during the country’s investigation of the Malaysia Airlines Flight 17 (MH17) that was shot down in 2014.

Syria and the West: the Efficacy of Economic Sanctions The U.S. and European Union have constructed an expansive and complex array of sanctions against Syria’s regime over the last 30 years, and particularly in the past decade. While such measures have been punitive in nature, the West has sought to utilize them since 2011 as a source of pressure and diplomatic leverage amidst the long-standing deadlock facing negotiations over the country’s future. Despite the best intentions, sanctions have not yielded any meaningful change in Syria diplomacy and as a result, they have become a source of intense political and analytical debate – for some, they are still of value and for others, they are only a source of humanitarian suffering, even if unintentional. The Middle East Institute’s new study (A Comprehensive Review of the Effectiveness of U.S. & EU Sanctions on Syria) is here.

Digest of United States Practice in International Law 2020 The Office of the Legal Adviser publishes the Annual Digest of United States Practice in International Law to provide the public with a historical record of the views and practice of the Government of the United States in public and private international law. The complete 2020 Digest is available at the bottom of this page. The 2020 Digest provides a historical record of key legal developments in 2020. Chapter 16 discusses selected developments during 2020 relating to sanctions, export controls, and certain other restrictions relating to travel or U.S. government assistance. It does not cover developments in many of the United States’ longstanding financial sanctions regimes, which are discussed in detail. It also does not comprehensively cover developments relating to the export control programs administered by the Commerce Department or the defense trade control programs administered by the State Department. Details on the State Department’s defense trade control programs are available here. The Office of the Legal Adviser furnishes advice on all legal issues, domestic and international, arising in the course of the Department’s work. This includes assisting Department principals and policy officers in formulating and implementing the foreign policies of the United States, and promoting the development of international law and its institutions as a fundamental element of those policies. The Office is organized to provide direct legal support to the Department of State’s various bureaus, including both regional and geographic offices (those which focus on specific areas of the world) and functional offices (those which deal with specific subject matters such as economics and business, international environmental and scientific issues, or internal management).

Iran under new management: what could make or break Raisi’s presidency

                                                                                                               Image: Meghdad Madadi/ATP Images/Getty Images 

Ebrahim Raisi took on multiple challenges when he became Iran’s new president on 5 August. How he copes with four of them could make or break his presidency—and determine Iran’s level of stability for the foreseeable future. The four challenges are to resuscitate Iran’s economy and relieve the severe hardship affecting all citizens, to seek pragmatic foreign policy solutions to regional tensions and instability, to respect the rights of all citizens, and to demonstrate the qualities necessary to be a credible successor to Ayatollah Ali Khamenei as supreme leader. All four challenges are interdependent. And they are ultimately dependent on the outcome of the US–Iran negotiations aimed at bringing Washington back into the Iran nuclear agreement (Joint Comprehensive Plan of Action, or JCPOA). After months of ‘progressive’ bilateral talks in Vienna this year, the negotiations have now stalled. The most compelling reason for Raisi (no doubt with Khamenei’s approval) to encourage the US to quickly rejoin the JCPOA is to relieve the nation’s extreme economic hardship through the restoration of a functional economy by obligating the US to lift all, or at least most, unilateral sanctions, especially those relating to oil exports and international financial transactions. Lifting these, and removing the related punitive measures against other countries that might breach them, would enable Iran to return to near-normal international trade, attract much-needed foreign investment, recreate related employment opportunities and, potentially, commence rebuilding public optimism in Iran’s economic, and political, future. A number of countries are keen to expand their trade and investment with Iran, including China under the terms of the bilateral comprehensive strategic partnership signed this year. More in this article in The Strategist (The Strategist is the commentary and analysis site of the Australian Strategic Policy Institute (ASPI), an independent, non-partisan think tank based in Canberra. ASPI is one of the most authoritative and widely quoted contributors to public discussion of strategic policy issues in Australia and a recognized and authoritative Australian voice in international discussion of strategic issues, especially in the Asia–Pacific).

Issuance of Iran General License M-1 The Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing Iranian Transactions and Sanctions Regulations 31 CFR Part 560 GENERAL LICENSE M-1 “Authorizing the Exportation of Certain Graduate Level Educational Services and Software”. In addition, OFAC is updating related Frequently Asked Question 853 (Iran Sanctions / “853. Can U.S. academic institutions provide online learning services to Iranian students who are not physically present in the United States because of the Coronavirus Disease 2019 (COVID-19) pandemic?  Can U.S. technology companies provide software and services to assist Iranian students in accessing online coursework?”)

The Liberty to Spy Many, if not most, international legal scholars share the ominous contention that espionage, as a legal field, is devoid of meaning. For them, any attempt to extrapolate the lex lata corpus of the International Law of Intelligence (ILI), let alone its lex scripta, would inevitably prove to be a failed attempt, as there is simply nothing to extrapolate. The notion that international law is moot as to the question of if, when, and how intelligence is to be collected, analyzed, and promulgated, has been repeated so many times that it has become the prevailing orthodoxy. This paper, written by Asaf Lubin (Associate Professor of Law, Indiana University Maurer School of Law), offers a new and innovative legal framework for articulating the law and practice of interstate peacetime espionage operations, relying on a body of moral philosophy and intelligence ethics thus far ignored by legal thinkers. This framework diagnoses the legality of covert intelligence at three distinct temporal stages: before, during, and after. In doing so it follows the traditional paradigms of international law and the use of force, which themselves are grounded in the history of Just War Theory. Adopting the Jus Ad, Jus In, Jus Post model is appropriate, given the symbiosis between espionage and fundamental U.N. Charter principles. This paper focuses on the first of these three paradigms, the Jus Ad Explorationem (“JAE”), a sovereign’s prerogative to engage in peacetime espionage and the right’s core limitations. Examining a plethora of international legal sources, the paper exemplifies the myriad ways by which peacetime intelligence gathering has been already recognized as a necessary pre-requisite for the functioning of our global legal order. The paper then discusses the nature of the JAE. It argues that the right to spy is best understood as a privilege in Hohfeldian terms. It shows how understanding interstate intelligence operations as a weaker “liberty right” that imposes no obligations on third parties to tolerate such behavior helps capture the essence of the customary norms that form part of the practice. Recognizing the liberty right to spy opens the door for the doctrine of “abuse of rights” to play a role in constraining the practice. By identifying the only two legitimate justifications for peacetime espionage—advancing the national security interests of States and promoting an increase in international stability and cooperation—we are able to delimit what may constitute abusive spying, defined as exploiting one’s right to spy not for the purposes for which the right was intended. The paper concludes by introducing four categories of unlawful espionage: (1) spying as a means to advance personal interests; (2) spying as a means to commit internationally wrongful acts; (3) spying as a means to advance corporate interests; and (4) spying as a means to exploit post-colonial relations. Keywords: China, Russia, Iran, surveillance, intelligence, espionage, national security, international trade, and international law.

Recognizing ‘geoeconomic risk’: Rethinking corporate risk management for the era of great-power competition As economic policy has become a key strategic means in great-power rivalry, states are attempting to control the economic networks that connect the world. Companies are faced with a growing threat of becoming used as pawns in the geoeconomic competition creating new business risks. The latest FIIA Briefing Paper analyses the risks that companies face in the era of great-power competition. In the paper, the authors introduce a novel concept of ‘geoeconomic risk’ stemming from three geoeconomic drivers. In the era of global supply chains, the geoeconomic disruptions in global politics and the rivalry between the United States and China are a concern for more than just the parties directly targeted. According to the authors, emerging risks call for better definition and an appropriate universal typology. “More data and a better understanding of the root causes, agents, means and implications of geoeconomic risk are required”, the authors state.      

Re-Thinking Assumptions for a 21st Century Middle East American policy in the Middle East is based on outdated assumptions. According to FPRI’s recent report, there are at least four novel elements in or impacting the Middle East that require an adjustment in strategy: 1) North American oil independence, 2) the rise of China, 3) diminishing conventional threats to Israel, and 4) the rise of sub-state actors (in addition to widely recognized terror and insurgent groups, other actors, such as financial firms, technology firms, and private military firms, interact with power that rivals that of weak states). These new factors—alone and in concert—make legacy strategies at least suboptimal, if not unsuitable. Today’s Middle East exhibits very different characteristics than that of the Middle East of the past century. An acceptable and suitable strategy must incorporate these new data points.       

Reining in China’s Technology Giants Since the launch of ASPI ICPC’s Mapping China’s Technology Giants project in April 2019, the Chinese technology companies ASPI canvassed have gone through a tumultuous period. While most were buoyed by the global Covid-19 pandemic, which stimulated demand for technology services around the world, many were buffeted by an unprecedented onslaught of sanctions from abroad, before being engulfed in a regulatory storm at home. This report describes the effects of the Covid-19 pandemic, the growing China–US strategic and technological competition, and a changing Chinese domestic regulatory environment on the 27 Chinese Technology Giants ASPI covers on their map.

Iran’s web of disinformation and anti-Semitic tropes At his mid-June summit with Vladimir Putin, President Biden raised a number of critical issues with the Russian leader, ranging from cyberwarfare to human rights. One thing that wasn’t discussed during the meeting, however, was the question of disinformation – and Russia’s ongoing role in promoting “fake news” and divisive narratives in the United States. Moscow is not alone. U.S. intelligence officials say that the Islamic Republic of Iran is stepping up its disinformation efforts directed at the American public, focusing in particular on promoting racist and anti-Semitic tropes via social media. “It’s a significant level of activity,” one official has told TIME magazine. “It’s active enough that we’re tracking it.” The assessment echoes the estimates of Jewish communal groups such as the Anti-Defamation League (ADL), which have registered an uptick of hate speech and incitement via social media in the wake of last month’s war between Israel and Hamas.
The Biden administration is taking steps to curtail Iran’s malicious online presence. In late June, the U.S. government seized dozens of websites connected to the disinformation efforts of the Iranian government or its assorted proxy groups. “Pursuant to court orders, the United States seized 33 websites used by the Iranian Islamic Radio and Television Union (IRTVU) and three websites operated by Kata’ib Hizballah (KH), in violation of U.S. sanctions,” the Justice Department announced in an official statement.

China-Iran Relations: A Limited but Enduring Strategic Partnership This new U.S.-China Economic and Security Review Commission report examines China’s deepening ties with Iran and the geopolitical constraints on the relationship. It analyzes increased Sino-Iranian economic coordination—China as Iran’s top import and export market and a critical investor in energy and transportation infrastructure—and how that coordination undermines the effectiveness of U.S. policies, like sanctions. The report also assesses China’s proliferation of technology supporting Iran’s ballistic missile program and the threat the two countries’ intelligence sharing and military partnerships pose to U.S. security.

G7, London The first in-person G7 meeting for two years took place in London and a lengthy 90-page communiqué was published on the 5th of May 2021. The Foreign and Development Ministers of the Group of Seven (G7), and the High Representative of the European Union declared:

Iran

36. We are committed to ensuring that Iran will never develop a nuclear weapon. We welcome the substantive discussions between JCPoA participants, and separately with the United States, to accomplish a mutual return to compliance with the JCPoA by the United States and Iran. The JCPoA remains the best way to ensure the exclusively peaceful nature of Iran’s nuclear programme. It is vital that Iran preserves the space for these discussions by avoiding any further escalation. The latest Iranian actions are very serious developments and a matter of deep concern. They have no credible civilian requirement and have particularly grave implications. We strongly support the International Atomic Energy Agency (IAEA) in its crucial monitoring and verification work to help ensure Iran’s compliance with the NPT-related safeguards obligations, as well as its other commitments. A restored and fully implemented JCPoA could also pave the way to further address regional and security concerns, including in support of the non-proliferation regime. We condemn Iran’s support to proxy forces and non-state armed actors, including through financing, training and the proliferation of missile technology and weapons. We call on Iran to stop all ballistic missile activities inconsistent with UNSCR 2231, refrain from destabilising actions, and play a constructive role in fostering regional stability and peace. We support efforts to ensure a thorough and credible investigation into the Ukraine International Airlines Flight 752 tragedy to hold Iran accountable. We are deeply concerned by the continued human rights violations and abuses in Iran, including those affecting the exercise of the right to freedom of peaceful assembly, freedom of association, freedom of religion or belief, and freedom of expression. Foreign and dual nationals and human rights defenders have faced arbitrary arrest, detention and lengthy prison sentences and should be released.

ODNI Releases Annual Intelligence Community Transparency Report  Consistent with the Foreign Intelligence Surveillance Act of 1978 (FISA), as amended (codified in 50 U.S.C. § 1873(b)), and the Intelligence Community’s (IC) Principles of Intelligence Transparency, released the eighth annual Statistical Transparency Report Regarding Use of National Security Surveillance Authorities.
This report provides the public not only statistics, but also contextual information, regarding the scope of the government’s use of FISA authorities, National Security Letters, and other national security authorities.  In conjunction with other publicly released material, this report adds insight into the rigorous and multi-layered oversight framework governing the IC that safeguards the privacy and civil liberties of United States (U.S.) person and non-U.S. person information acquired pursuant to these national security authorities. 

Significant Cyber Incidents This CSIS* timeline, with a focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars, records significant cyber incidents since 2003. This list is a work in progress that CSIS will update as new incidents come to light. * The Center for Strategic and International Studies (CSIS) is a bipartisan, nonprofit policy research organization dedicated to advancing practical ideas to address the world’s greatest challenges.

Iranian Nationals Charged with Conspiring to Evade U.S. Sanctions on Iran by Disguising $300 Million in Transactions Over Two Decades A federal criminal complaint, unsealed on March 19 2021, charges 10 Iranian nationals with running a nearly 20-year-long scheme to evade U.S. sanctions on the Government of Iran by disguising more than $300 million worth of transactions – including the purchase of two $25 million oil tankers – on Iran’s behalf through front companies in the San Fernando Valley, Canada, Hong Kong and the United Arab Emirates. In addition, a forfeiture complaint seeks a money laundering penalty in the amount of $157,332,367.

Jury Convicts Iranian National for Illegally Exporting Military Sensitive Items A federal jury convicted an Iranian citizen and a resident of the United Arab Emirates and Germany, for scheming to obtain military sensitive parts for Iran in violation of the Iranian Trade Embargo. These parts had dual-use military and civilian capability and could be used in systems such as nuclear weapons, missile guidance and development, secure tactical radio communications, offensive electronic warfare, military electronic countermeasures (radio jamming), and radar warning and surveillance systems. According to court documents and evidence presented at trial, the Iranian citizen, 39, attempted to transship and transshipped cargo obtained from the U.S. by co-defendants Taiwanese citizen — and Iranian citizen –, using the convicetd Iranian national’s company Gulf Gate Sea Cargo LLC, located in Dubai, United Arab Emirates. From Oct. 9, 2007 to June 15, 2011, the defendants obtained or attempted to obtain from companies worldwide over 105,000 parts valued at approximately $2,630,800 involving more than 1,250 transactions. The defendants conducted 599 transactions with 63 different U.S. companies in which they obtained or attempted to obtain parts from U.S. companies without notifying the companies these parts were being shipped to Iran or getting the required U.S. government license to ship these parts to Iran.

SAP Admits to Thousands of Illegal Exports of its Software Products to Iran and Enters into Non-Prosecution Agreement with DOJ First-Ever Voluntary Self-Disclosure of Export Violations Leads to Non-Prosecution Agreement between Global Software Company and Justice Department. Software company, SAP SE, headquartered in Walldorf, Germany, has agreed to pay combined penalties of more than $8 million as part of a global resolution with the U.S. Departments of Justice (DOJ), Commerce and Treasury. In voluntary disclosures the company made to the three agencies, SAP acknowledged violations of the Export Administration Regulations and the Iranian Transactions and Sanctions Regulations. As a result of its voluntary disclosure to DOJ, extensive cooperation and strong remediation costing more than $27 million, DOJ’s National Security Division (NSD) and the U.S. Attorney’s Office for the District of Massachusetts entered into a Non-Prosecution Agreement with SAP. Pursuant to that agreement, SAP will disgorge $5.14 million of ill-gotten gain.

Note: A full copy of the non-prosecution agreement can be viewed here. To learn more about what the Justice Department is doing to deter and hold to account those who violate export controls and sanctions laws, visit www.justice.gov/nsd A full copy of the Voluntary Self Disclosure (VSD) Policy can be found here.

Russia in the Middle East: National Security Challenges for the United States and Israel in the Biden Era As U.S.-Russian tensions continue to escalate, Russia’s role in the Middle East is of urgent concern both to Israel and the United States. Potential flashpoints include Syria and Iran, new spheres of Russian engagement from Afghanistan to North Africa, and sensitive cybersecurity issues. Russia is also moving in tandem with China to push back against U.S. dominance, including in the Middle East. Leading experts from Israel and the United States address these challenges in a new report published by the Kennan Institute (The Kennan Institute is the premier U.S. center for advanced research on Russia and Eurasia and the oldest and largest regional program at the Woodrow Wilson International Center for Scholars and the Interdisciplinary Center Herzliya (IDC Herzliya is one of Israel’s leading academic institutes).

ODNI Unseals 2020 FISC Decision Granting Government Surveillance Powers On April 26, the Office of the Director of National Intelligence (ODNI) released a redacted Nov. 18, 2020 ruling issued by the Foreign Intelligence Surveillance Court (FISC). The decision, written by Judge James E. Boasberg, grants the U.S. government’s request for approval to continue collecting information on non-U.S. persons in order to acquire foreign intelligence information. Under Section 702 of the Foreign Intelligence Surveillance Act (FISA), the government must seek reauthorization of the certifications and procedures it uses to target foreign nationals to collect intelligence each year. The FISC reviews these requests annually to ensure that the U.S. government’s collection program is in compliance with FISA and the Constitution.

The Persian Temptation – Don’t lose perspective and let Iran run the Near East The Biden Administration’s recent strike on the facilities of Iranian-backed militias in Syria raised a hullabaloo beyond expectations, especially in light of the fact that ordering an airstrike in the Near East has become almost a presidential rite of passage. Still, discussion of the strike has shown that we need to think more concretely and strategically about the administration’s regional political priorities. It is a commonplace to deride U.S. Near East policy as “lacking strategy.” Within that piece of received wisdom lies a bundle of other truisms: that the United States has no strategic goal in the Near East; that petrochemical concerns drove our engagement there in the first place; that the current U.S. posture stems from little more than institutional inertia; that its heavy-handedness alienates potential allies; that the partnership with Israel, with its alleged support for alleged Israeli expansionism, impedes the formation of other advantageous alliances; and that, in light of the foregoing, any further engagement or escalation is a definite overstretch.
These tropes typically come from the mouths of people who stand close to policy, at least the policy of one of the parties. The United States has certainly made mistakes in the Near East. It took our military too long to recognize the realities of a counterinsurgency campaign in Iraq. Bureaucratic infighting produced a mismatch between military and political objectives. And, depending on the party in power, the United States has oscillated between a 19th-century liberal moralism, complete with feckless hand wringing over religious persecution, and democratic utopianism. It is equally certain that sound strategic logic ought to drive future U.S. action in the Near East. The region is critical to any state that has global interests. The importance of the area predates the discovery of oil by around two thousand years; the first indications of its geopolitical relevance appear in the Bible. The ancient Israelites lived at the nexus of several great empires. They prospered through diplomatic maneuver and by gaining wealth from the intercontinental trade transiting the Levantine Basin. Persia’s Achaemenids also derived wealth from the region. One factor in the ascendance of the Greeks was their power over the Levantine Basin before and during Alexander’s conquest of it.
Read the full article from American Purpose, authored by a senior fellow at Hudson Institute and director of Hudson’s Center for American Seapower.

2021 Annual Threat Assessment of the U.S. Intelligence Community This annual report of worldwide threats to the national security of the United States responds to Section 617 of the FY21 Intelligence Authorization Act (P.L. 116-260). This report reflects the collective insights of the Intelligence Community (IC), which is committed every day to providing the nuanced, independent, and unvarnished intelligence that policymakers, warfighters, and domestic law enforcement personnel need to protect American lives and America’s interests anywhere in the world. This assessment focuses on the most direct, serious threats to the United States during the next year. The order of the topics presented in this assessment does not necessarily indicate their relative importance or the magnitude of the threats in the view of the IC. All require a robust intelligence response, including those where a near-term focus may help head off greater threats in the future, such as climate change and environmental degradation. As required by the law, this report will be provided to the congressional intelligence committees as well as the committees on the Armed Services of the House of Representatives and the Senate. Information available as of 9 April 2021 was used in the preparation of this assessment.

Did the US Intelligence Community Lose Iran? Claims of an American intelligence failure began even before the triumph of the Iranian Revolution. In November 1978, US president Jimmy Carter complained to his national-security team: ‘I am not satisfied with the quality of our political intelligence.’ Stansfield Turner, the director of the CIA, followed up with a confession of his own: ‘What we didn’t forecast was that … a 78-year-old cleric who had been in exile for 15 years would be the catalyst that would bring these forces together, and that we would have one huge volcano – a truly national revolution.’ The theme of intelligence mishaps gained more traction after the mullahs’ triumph, as Carter and his senior aides looked for someone to blame for the disaster in Iran. Today, it is widely accepted that the CIA missed the Islamist storm that swept away one of America’s most consequential allies in the Middle East.
What constitutes an intelligence failure is a question that has often bedeviled historians. Revolutions are a rare historical phenomenon, whose force and ferocity confound all the actors, including those leading it. Four decades after the Iranian Revolution, it is time for a more dispassionate assessment of the intelligence community’s performance. The record of the US intelligence services was hardly perfect, but they did get many things right. In the early 1970s, they noticed the rising discontent among key sectors of Iranian society and the importance of religion as an ideology of dissent. As the revolution unfolded, their assessments became sharper and their judgements shrewder.
The full article is available in the April–May issue of IISS’ Survival: Global Politics and Strategy (the International Institute for Strategic Studies is an international research institute).

Reimagining U.S. Strategy in the Middle East U.S. policy toward the Middle East has relied heavily on military instruments of power and has focused on regional threats—particularly the Iranian threat—with the goal of keeping partners on “our side.” These long-standing policies have largely fallen short of meeting core U.S. interests and adapting to new regional realities and strategic imperatives. RAND researchers offer an alternative framework, suggesting that the U.S. strategic priority must center on reducing regional conflict and the drivers of conflict. This revised strategic approach puts a greater focus on addressing conflict and socioeconomic challenges that are creating unsustainable pressures on the region’s states and immense suffering among its people. Researchers analyze how the tools of U.S. policy—political, security, economic, diplomatic, and informational instruments—would need to adjust to more effectively address such challenges in ways that are mindful of limited resources at home. Researchers also examine how the United States deals with both partners and adversaries in and outside the region and consider how to better leverage policies to the benefit of U.S. interests and the region. The researchers recommend specific actions organized into the following three pillars: (1) shifting resources from the current heavy reliance on military tools to a more balanced approach that prioritizes economic investments, governance, diplomacy, and programs focused on people; (2) favoring a long-term time horizon to reduce regional conflict and support growth and development, even at the cost of short-term risks; and (3) working multilaterally with global and regional partners to address key challenges.
The research report (this research was conducted within the RAND Center for Middle East Public Policy, a center within International Programs at the RAND Corporation) offers many recommendations.

The Militarization of Cyberspace? Cyber-Related Provisions in the National Defense Authorization Act With Congress struggling to pass stand-alone cybersecurity legislation, the National Defense Authorization Act (NDAA) is now the primary vehicle to pass all matters of cybersecurity legislation. Because the annual defense bill typically requires provisions to have a tie to national security, other cyber issues, like those pertaining to criminal justice, tend to be excluded. As a result, the authorities and resources awarded to Department of Defense (DoD) cyber mission far outpace those provided to civilian agencies responsible for partnering with state, local, private, and international partners. With ransomware and cyber incidents at an all-time high, Congress should either include a new title in future Defense bills to bolster US cyber enforcement and civilian agencies’ capabilities or pass a cyber-omnibus bill to fix policy gaps and provide commensurate funds to federal and local agencies to combat malicious cyber activity. In Third Way’s paper (Third Way is a national think tank that champions modern center-left ideas) Third Way analyzed the last five NDAAs (2017-2021) to chronicle Washington’s reliance on the NDAA to shepherd through a wide swath of cybersecurity legislation.

Global Britain in a Competitive Age, the Integrated Review of Security, Defence, Development and Foreign Policy This is a new (March 2021) U.K. Government 114-page report on British defense and foreign policy, presented to Parliament by the Prime Minister by Command of Her Majesty.

A New 25-Year Strategic Partnership Between Iran and China Iranian state media and diplomats trumpeted the signing of a new 25-year strategic partnership between Iran and China, under which Iran will supply China with crude oil in exchange for Chinese investment. Regime-linked media emphasized that this was a dire development for U.S. global power.
In January 2016, just as sanctions were eased, Chinese President Xi Jinping visited Tehran and proposed a long-term comprehensive, strategic partnership program that would involve Chinese investment in Iranian infrastructure and assured supplies of Iranian oil and gas at concessional rates. Reluctant to be tied into too close a Chinese embrace, Iran kept the negotiations going for years. The partnership, first proposed by China’s leader, Xi Jinping, during a visit to Iran in 2016, was approved by President Hassan Rouhani’s cabinet in June, Iran’s foreign minister, Mohammad Javad Zarif, said.

Securing the ICTS Supply Chain (15 CFR Part 7) On January 19, 2021, the US Department of Commerce issued a long-awaited interim final rule (“Interim Final Rule”), which would enable the Department of Commerce to prohibit or otherwise restrict transactions involving the Information and Communication Technology and Services (“ICTS”) supply chain, including both hardware and software, that have a nexus to certain designated “foreign adversaries,” including China, Russia, and Iran, for purposes of protecting national security. The Interim Final Rule is scheduled to go into effect on March 22, 2021.

Political Scientist Author Charged with Acting as an Unregistered Agent of The Iranian Government On Jan. 19, the Department of Justice unsealed a criminal complaint against Kaveh Lotfolah Afrasiabi. The Justice Department has charged Afrasiabi with acting and conspiring to act as an unregistered agent of the Iran government, in violation of 18 USC § 371, along with 22 USC §§ 612 and 618(a)(1) of the Foreign Agents Registration Act (FARA). The charges against Afrasiabi stem from his alleged failure to register as an agent of Iran. Assistant Attorney General John Demers alleged in a press conference that, “For over a decade, Kaveh Afrasiabi pitched himself to Congress, journalists, and the American public as a neutral and objective expert on Iran…all the while, Afrasiabi was actually a secret employee of the Government of Iran and the Permanent Mission of the Islamic Republic of Iran to the United Nations.” The press release is available here and the criminal complaint is below.

NSA: Cybersecurity Year in Review (2020) While not all-inclusive, this Year in Review outlines key milestones and mission outcomes achieved during NSA Cybersecurity’s first year.

Bureau of Cyberspace Security and Emerging Technologies A new office at the State Department has been approved – the Bureau of Cyberspace Security and Emerging Technologies (CSET) – which will help lead diplomatic efforts. “The need to reorganize and resource America’s cyberspace and emerging technology security diplomacy through the creation of CSET is critical, as the challenges to U.S. national security presented by China, Russia, Iran, North Korea, and other cyber and emerging technology competitors and adversaries have only increased since the Department notified Congress in June 2019 of its intent to create CSET,” a State Department spokesperson said.