Iran can respond very easily to US regional proxy forces including Israel and Saudi Arabia. They can mine the Persian Gulf; they can target US positions in Iraq; They can fire rocket barrages on American positions in Iraq, they can attack Israel or Saudi Arabia by their proxies such as Hezbollah in Lebanon or the Houthis in Yemen.

Iran’s attacks could also include targeting diplomats or other Westerners in the Middle East, especially Iraq or Tehran. They can re-activate their international assassination complexes using Hezbollah or the Quds Force. All of this is conceivable.

They could try to reignite their international terrorist apparatuses using Hezbollah, Hamas, Iraqi Shiite assets, assets in Venezuela and Yemen, and a variety of other actors including the IRGC and Basij.

Cyber:

We will be hit by something we didn’t even think about. The Iranians are very smart, patient, and strategic; they have been learning, practicing, and executing the art of shadow battle for decades, using asymmetric methods and attacking from a place or time we do not expect, and have not foreseen. Qasim Suleimani’s death is a major hit to the psyche of Iranians. Iran’s national pride is tarnished, and people’s hearts have been broken. This is a trigger for unification. A spark for action. An alliance against the Great Satan once again. A common enemy thrust back into the forefront. This is an act that serves to bring Iranians together. More will flock to the military and to cyber capabilities. Universities will be swamped with applicants in computer science and cyber. After Stuxnet, Iran invested heavily in cyber capabilities as a national imperative and today on average 18% of college grads in Iran or CS degreed. That percentage is massive. This new action will spur new funding and new fervor to achieve in math, science, and technology. They will leverage the sympathetic globally bringing Shiite groups together while creating new proxy groups some embedded within or close to our shores. The death of Suleimani is unifying the country. The demonstrations will stop (for a while), and focus Iranians on a greater evil.

Typical has been the use of social engineering and phishing to get it.  The destructive campaigns have been based on Stuxnet i.e., Shamoon.

The likelihood of:

• Increased funding and focus for cyber proxies such as Hezbollah.
• Leveraging angry Shiite’s working in critical infrastructures in non-Iranian countries to internally release malicious payloads.
• Using access to systems and sites gained through cyber espionage yet not leveraged.
• GPS spoofing in the Persian Gulf causing drone and shipping disruption.
• Use of low flying drones at night in combination with cyber actions such as leveraging the Russian R-330Zh Zhitel automated jamming communication station is designed for the automated detection, beaming and analysis of signals from sources of radio emission in the frequency range of 100-2000 MHz, as well as for jamming of portable and mobile ground radio stations (user terminals) of INMARSAT and IRIDIUM satellite communication systems, of the navigation equipment running on the NAVSTAR (GPS) satellite radio navigation system and of GSM-900/1800 base stations.

Consequences of cyber warfare:

• Overthrow the sovereignty or the catastrophic threat of national security – not possible
• Simultaneous initiation of physical activities in the Gulf combined with cyber attacks likely on shipping, oil facilities, to drive up prices and cause international disruption
  • UAE attacks possible
  • Saudi attacks very likely
  • US attacks very likely
  • Israel attacks very likely

Past Iranian Cyber Targets (You don’t put a wooden pot on the fire twice)

• financial, government, energy, chemical, and telecommunications supply chain attacks, leveraging the trust relationship between organizations
• academic research, human rights, and media, with most victims having been located in Iran, the US, Israel, and the UK. Some try to access private email and Facebook accounts, and sometimes establishes a foothold on victim computers as a secondary objective
• telecommunications, government (IT services), and oil sectors
• telecommunication and travel industries to collect personal information that aligns with Iran’s national priorities

For years they have been stealing data from these verticals and target areas. They have been collecting and analyzing for a time they would need to leverage what they have. Now is that time. They have data in the US on people, technologies, critical infrastructures. They have millions of documents stolen from academia and research in Israel. They have access to US military software and drone code while using Russian military technical capabilities for automated jamming communication

Possible Physical Target Areas

• Destruction or catastrophic damage to the image of the country internationally
• Catastrophic destruction or damage to the country’s political and economic relations
• Human casualties or widespread danger to public health and safety (through nuclear, chemical or biological pollution)
• Anarchy and internal revolt
• Widespread disruption to the country’s affairs
• Destruction (or widespread damage) of public confidence or religious, national, and ethnic beliefs
• Severe damage to (or widespread disruption of) the national economy
• Extreme destruction or disturbance of critical or critical infrastructure (or major infrastructure at large)

We estimate their use of tactical measures both cyber and kinetic that have strategic geopolitical impacts. Blood will be shed and the targets will embarrass the US showing the world the US military capabilities cannot be trusted. The impacts will be financial and create doubt in US resolve. They will target Trump with influence operations against his re-election bid and against his businesses and family. Anything to bring shame and guilt to the American Executive branch is on the table. They will attempt to make the US seem impotent to respond and unable to defend against a much smaller foe. When fortune turns against you, even jelly breaks your teeth.