One of the most significant documents leaked by the hacker group “GhyamSarnegouni” (“Rise to Overthrow”) reveals a crucial letter outlining the Islamic Republic of Iran’s upcoming cyberspace battle strategy.
Addressed to Iran’s President Ebrahim Raisi, the letter comes from Commander Mostafa Izadi of the Cyber and New Threats Base at Khatam-al Anbiya Central Headquarters. This specialized division focuses on cybersecurity, intelligence gathering, and addressing emerging digital threats. The letter urges increased involvement of armed and security forces within the Supreme Council of Cyberspace, highlighting the need to prioritize these forces in addressing the country’s cyber bottlenecks.
The letter, dated April 9, 2023, is classified as highly confidential and comes seven months after the tragic event of Jina Mahsa Amini’s killing and the subsequent street protests. Presented as an advisory letter to the presidency, its underlying purpose is asserting cyberspace control. By identifying different elements of the country’s digital domain as potential security threats, it seeks to extend state surveillance over citizens online, thereby intensifying governmental interference.
The letter is directly related to the third decree issued by Iran’s leader, Ali Khamenei, regarding enhancing the country’s online space. Its contents align with this decree and offer corresponding recommendations. This third decree appears to allude to Ali Khamenei’s appointment of Morteza Aghamiri as the new head of the Supreme Council of Cyberspace.
IRGC utilizing the Cyberspace Service Regulation System Act to militarize the Internet
The indications of the Cyberspace Service Regulation System Act can also be observed within a section of this letter.
In the second part of the letter, the seventh section states: “The matter of cyber border guarding, which aims to safeguard the independence and privacy of the Islamic Republic at entry and exit points as well as domestic high-traffic crossings, necessitates a comprehensive legal evaluation. Presently, this responsibility falls under the jurisdiction of the Ministry of Information and Communications Technology of Iran, which focuses on developing communication and information infrastructures but lacks a sound legal framework. Consequently, the crucial involvement of the armed forces and the country’s intelligence agencies in this area has been overlooked. Therefore, it would be fitting to assign this task to them.”
Put simply, IRGC seeks complete authority over the nation’s Internet gateways. This matter was a part of the Cyberspace Service Regulation System Act, which faced strong resistance from civil society and Iranian users, leading to its non-approval.
Appointment of Supreme Council of Cyberspace Members with Allegiance to the IRGC
In the beginning section, this letter outlines the criteria for selecting individuals to serve on Iran’s Supreme Council of Cyberspace, established by direct order from Ali Khamenei in 2010. The council holds the highest authority for decision-making and policy formulation related to the Internet in Iran. Some members are appointed directly by the leadership body.
The criteria for membership includes technical expertise and specialized knowledge, as well as a “practical commitment to the discourse of the Islamic Revolution and the views of the Supreme Leader.” The letter also emphasized the importance of “familiarity with cultural necessities and the production of high-quality content in alignment with the Islamic Revolution’s discourse”. Based on the mentioned criteria, Izadi presents and recommends individuals for potential membership in different domains of the Supreme Council of Cyberspace.
According to Izadi, the individuals on the list have more of a security and intelligence background than a “scientific and technological” one. These people appear to have been involved in formulating and promoting the Cyberspace Service Regulation System Act and establishing the National Information Network over the past years. This suggests that the senior commanders of the IRGC aim to increase their influence and control within the Supreme Council of Cyberspace, intending to impact the country’s cyberspace policies directly.
Among the individuals are Mohammad Reza Arab Bafrani, who leads the Basij Organization’s Seraj think tank, Abbas Asosheh, the former technical deputy of the National Center for Cyberspace specializing in National Information Network architecture, and Seyed Ali Mirrafi, the head of cyber security at the Supreme National Security Council.
The criteria and proposed composition outlined in this letter strongly indicate the unwavering determination of top policymakers to realize the National Information Network project, along with an evident intention to increase censorship and exert greater control over content generated in cyberspace by implementing a layered internet system.
Ali Khamenei’s discontent with the Supreme Council of Cyberspace
Before the release of this letter, Ali Khamenei had refrained from openly criticizing the performance of the Supreme Council of Cyberspace. However, in the speeches that followed the nationwide uprising after the death of Mahsa Amini, he repeatedly stressed the importance of countering enemy propaganda in cyberspace without providing specific details. Approximately a month after the letter’s release, Ahmad Alamolhoda, the Friday Prayer leader in Mashhad, publicly expressed dissatisfaction during the political sermon on May 19. He pointed out that ten years had passed since the Supreme Council of Cyberspace was established under the leadership’s order, yet the council had failed to control cyberspace effectively. Alamolhoda voiced his concerns about the council’s performance and noted that despite the involvement of heads from the executive, legislative, and judicial branches, along with influential executive bodies, the council had not brought about any positive changes in cyberspace. He urged the council to take a more active role in regulating social media and cyberspace in Iran, aiming to prevent “predators” from undermining the faith and thoughts of the country’s youth.
It’s important to acknowledge that the topics and approach of Friday prayer political sermons are determined by the Imams of Friday Prayer Policy Council. This institution operates under the supervision of Ali Khamenei.
The Supreme Council of Cyberspace – An Unregulated and Unsupervised Entity
The second section of the letter starts with an implicit complaint regarding the inadequate implementation of Ali Khamenei’s previous recommendations concerning cyberspace. It is noted that, at best, only 25% of the leadership’s suggestions from the two previous decrees have been implemented. Izadi urges the presidency to take the necessary steps to implement Khamenei’s third decree by advancing the proposed recommendations and orders outlined in the letter.
These orders proposed creating an independent budget and credit line and granting full authority to the Supreme Council of Cyberspace, effectively giving this institution an extralegal status. Within this capacity, the letter strongly emphasizes that the council’s decisions must hold binding power over all entities, including judicial institutions, without needing approval from the parliament or any other regulatory body.
This letter sheds light on the reasons for the abrupt amendment favoring the Supreme Council of Cyberspace in the Law on Organizations and Procedures of the Administrative Court of Justice. This law had been subject to deliberations and discussions among the Parliament, the Guardian Council, and the Expediency Discernment Council of the System. However, an amendment was recently announced by Ebrahim Raisi that grants immunity to the Supreme Council of Cyberspace from being questioned or invalidated by the Administrative Court of Justice.
In a separate decree, without providing specific criteria for cyber warfare and citing the rise in cyber attacks on Iran’s infrastructure, a suggestion was put forth that during cyber warfare, the responsibility for cyber security should be placed under the jurisdiction of the Supreme National Security Council. Moreover, the directives issued by this body would hold binding authority over the Supreme Council of Cyberspace.
The letter underscores the importance of enhancing coordination and fostering closer ties between the security forces and the military with the Supreme Council of Cyberspace. This emphasis underscores the Islamic Republic’s overarching perspective of treating every aspect of cyberspace as a security matter.
One of the most crucial sections of this letter addresses the absence of the armed forces and security institutions in the country’s cyber border guard.
This letter proposes that these forces take over from the Ministry of ICT to “safeguard the privacy of the Islamic Republic” at international internet entry and exit points and domestic high-traffic crossings.
Addressing the “abuse” of the country’s information assets by adversaries through “foreign platforms,” this letter advocates for establishing data and metadata ownership regulations in governmental and private domestic platforms. However, with the amalgamation of this security-oriented approach and the aggregation of users’ big data, questions arise concerning the impact on citizens’ “privacy” in the virtual realm.
This advisory letter discusses the IRGC’s approach to addressing the emigration of cyber security experts, which involves attracting them back to the country and formulating “regulations” to retain their services.
The emigration of skilled personnel and experts in cyber security is cited as one of the primary reasons behind the infiltration of foreign hackers and the vulnerability of Iran’s cyber defense over the past two years. A recent survey among 8,000 individuals revealed that more than 50% of skilled workers desire to migrate.
In the concluding paragraphs of this letter, the Supreme Council of Cyberspace is urged to prioritize the impact of media and advertising institutions, aligning them with “Islamic values” in the cultural policies of cyberspace.