Iran’s cyber threat is less about sophistication than intent

Iran may not match Russia or China in cyber sophistication, but experts on Cyber Focus argued that it does not need to in order to create disruption, spread fear and impose real costs.

Host Frank Cilluffo framed the issue bluntly, warning that Iran remains dangerous not because it sits at the top tier of cyber capability, but because it has shown a willingness to use destructive tools against vulnerable systems.

That danger becomes more significant in the context of broader conflict. Retired Rear Adm. Mark Montgomery, a McCrary Institute senior fellow, said cyber is increasingly being built into military planning alongside conventional operations, rather than treated as a separate or secondary domain. In that model, cyber can support physical strikes by helping track targets, disrupt communications or create confusion at key moments.

The near-term concern, however, is not only battlefield integration. It is the possibility of retaliation that reaches into civilian life. Cynthia Kaiser, a former FBI cyber leader now with Halcyon, said operational technology in sectors such as water, manufacturing, and energy remains especially exposed because many systems rely on older infrastructure that is difficult to patch and easy to disrupt. Even when an attack is not highly sophisticated, the effects can be serious if it hits a brittle system.

Iran has shown a willingness to pursue that kind of disruption before. Kaiser, also a McCrary Institute senior fellow, pointed to destructive wiping attacks and other operations aimed less at precision than at causing damage, interruption and alarm. She also stressed that cyber effects do not stop at the technical layer. Iranian-linked actors can pair relatively simple attacks – such as website defacements or denial-of-service activity – with exaggerated public claims meant to heighten fear and confusion. As Kaiser put it: “The point’s the fear. The point’s the chaos. And the point is the internal messaging for their own people – to say we did something in retaliation.”

The conversation also turned to U.S. preparedness. Montgomery argued that much of America’s critical infrastructure remains insufficiently defended, warning that “the vast majority of our critical infrastructure doesn’t have a shield.” He also raised concerns about whether federal civilian cyber agencies are resourced at the level the mission requires. While agencies such as the FBI and NSA can surge in response to a major incident, that kind of reactive posture has limits – especially if attention and resources are simultaneously pulled toward threats from Russia and China.

The broader message of the episode was that cyber defense cannot begin when a crisis is already underway. If Iran-linked retaliation escalates, the most vulnerable targets may not be the most symbolically important ones, but the ones with the weakest defenses and the least resilience. For operators of critical infrastructure, that means preparing not only for technical disruption, but also for the confusion and public anxiety that can follow even a modest attack.

Iran’s cyber threat, the guests argued, should be understood less as a question of elite technical mastery than of intent, timing and the ability to exploit soft spots in both infrastructure and public confidence.

For more on this and other important cyber topics, check out the full catalog of Cyber Focus podcasts.