The view from Vienna: OPSEC, Iran’s cyberpower, and tech decoupling

The Middle East Institute’s (MEI) Strategic Technologies and Cyber Security Program participated in both the DeepIntel and DeepSec conferences in Austria this past week. Here are our reflections on the conferences, the conversations we had there, and the overall agenda.

DeepIntel is a one-day conference open to a specific trust group, held at TLP Amber, while DeepSec is a two-day event. Taking a holistic approach to cybersecurity, the conferences addressed crucial issues impacting the global cybersecurity community, such as current Operational Security (OPSEC) trends, human psychology as it pertains to social engineering, and efforts to improve Advanced Persistent Threat (APT) attribution.

OPSEC is a constant issue in the cybersecurity space. Even with precautions in place, every individual operating online leaves a digital trail that can be traced back to them or their institution. This trail allows malicious actors to probe and further exploit weaknesses. Constant vigilance is required to protect the information held by professional organizations, companies, and individuals. OPSEC involves protecting and reducing information posted on social media platforms, ensuring virtual private network (VPN) use on personal and work devices, and more. Revisiting and updating OPSEC practices as new information emerges is essential for the highest level of protection.

Along the same vein of online protection, humans are often the “weakest link” when it comes to online operations. Cyber actors will exploit several psychological principles, such as loneliness, a need for “belonging” or feeling accepted, financial issues, and more. In some instances actors steal personal information such as a phone number or date of birth; in more severe cases, they steal financial information and/or complete identities, leading to a years-long effort to recoup lost money and/or a completely compromised personal identity. Every individual online must be cognizant and employ digital awareness and cyber hygiene to reduce the risk of identity theft.

Notably, multiple presentations addressed the difficulty of APT attribution, and one specifically covered efforts to improve attribution using machine learning processes. The project is constantly developing and requires input from the community in the form of Indicators of Compromise (IOCs), but addresses a critical need for all analysts, managers, and anyone with an internet connection. As malicious cyber actors work to obfuscate their activities, community practitioners need assistance and tools to more quickly identify the kind of threats facing their organizations. The hope is to utilize the speed of machine learning (which is quicker than humans) to effectively combat and protect against both persistent and nascent threats.

MEI’s Steph Shample presented on the latest activities of Iran, one of the “big four” malicious cyber actors. She covered Iran’s past and present APT, cybercrime, ransomware, and cryptocurrency capabilities at both DeepIntel and DeepSec. She also addressed Iran’s future cooperation with China and Russia, as well as how they might continue to support Russia’s efforts in Ukraine in a hybrid manner, both aiding its digital operations against Ukraine and supplying ground personnel and weapons.

MEI’s Mohammed Soliman presented his research on the tech containment strategy that the United States is actively pursuing to limit China’s technological progress and innovation. He made the case that the 5G network race has defined the way the U.S. perceives China technologically. Due to the absence of a clear U.S. alternative, Washington has pursued a strategy of denial, where the U.S., through the Clean Network Initiative, has pushed allies and partners to drop Huawei and ZTE from their 5G networks, or face the risk of tarnishing their security and diplomatic cooperation with Washington. In a parallel track, the U.S. has provided geopolitical incentives for allies and partners to pursue open radio access networks (open RAN) to diversify their 5G ecosystem by bringing in more vendors and ultimately avoiding reliance on a single firm like Huawei. In Soliman’s view, the U.S. campaign against Chinese 5G has laid the groundwork for the current tech containment strategy that Washington is pursuing against Beijing. This began by prioritizing a critical technology like semiconductors, and later extended to using export controls to limit Beijing's access to AI chip designs, electronic design automation software, semiconductor manufacturing equipment, and other components and banning U.S. personnel from working on Chinese chips. In a parallel track, the U.S., through the CHIPS Act, is investing in its own domestic capabilities to build and reshore new facilities. Soliman predicted that the U.S. tech containment strategy will expand to other areas such as biotechnology and AI, and will lead to the creation of a U.S.-led geotech bloc.

MEI’s Strategic Technologies and Cyber Security Program is committed to building a common cyber and tech agenda between like-minded nations. In light of the Russian invasion of Ukraine and the centrality of tech and cyber to both the situation in Ukraine and globally, engaging with DeepIntel and DeepSec gives our analysis the transatlantic lens that we need while we address some of the growing questions surrounding emerging technologies, especially in the Middle East.

Steph Shample is a non-resident scholar with the Middle East Institute's Strategic Technologies and Cyber Security Program and Senior Analyst at Team Cymru.

Mohammed Soliman is the director of MEI's Strategic Technologies and Cyber Security Program, and a manager at McLarty Associates’ Middle East and North Africa Practice. His work focuses on the intersection of technology, geopolitics, and business in the Middle East and North Africa.

Photo by Qilai Shen/Bloomberg via Getty Images