Stuxnet, American Sanctions, and Cyberwar Are Legitimizing Iranian Internet Controls

The anxiety about cyberattacks and the perceived need for greater control in the wake of American economic sanctions has led to a loss of internet freedom in Iran.
Image: ATTA KENARE / AFP via Getty

Mahsa Alimardani is an internet researcher, focusing on technology and human rights in Iran. She's a doctoral researcher with the Oxford Internet Institute at the University of Oxford, and works with the human rights organization ARTICLE19.

The escalating conflict between Washington and Tehran has severely increased economic difficulties for ordinary Iranians as the Trump administration renewed sanctions. A related but largely ignored effect of the crisis has been the curtailment of digital freedoms in Iran as the Islamic Republic has found greater legitimacy for its efforts to tighten and centralize its controls over the internet in the country.


Since President Trump pulled out of the nuclear deal in May 2018, both Iran and the United States have feared that a conflict between the two countries would include cyber warfare. Tehran is showing growing urgency to localize the platforms and the internet infrastructure Iranians rely upon for their online lives inside national borders.

The anxiety about cyberattacks and the perceived need for greater control has led Iran to introduce two bills which aim to further tighten controls and entrench the notion of a “National Internet.” Iranian Parliament is reviewing the Draft Personal Data Protection Act, which presents “localisation” of data within Iran’s borders and under their authority as one of its key pillars. The draft act’s many vague and inconsistent provisions leaves room for the government to collect personal data in the name of national security and risks granting greater online controls to the state and increasing surveillance.

A second draft bill, the Social Media Organization bill that was introduced in the Iranian Parliament last November is even more threatening. The bill is trying to appoint the General Staff of the Armed Forces, the country’s highest military body, which oversees both the regular Iranian army and the Iranian Revolutionary Guards Corps, as the oversight body of Iran’s internet infrastructure.

One of the most troubling sections of the bill seeks to regulate the operation of foreign platforms and to protect Iran’s Internet exchange points—where Iran connects to the internet—from attack under the supervision of the General Staff of the Armed Forces.


Last week, internet connectivity in Iran was disrupted for several hours. Reports came in from various parts of the country that certain mobile carriers had no service; that foreign websites and platforms had become inaccessible without circumvention tools; that internet speeds and VPN connections had been slowed down and interrupted to create what one Iranian Twitter user described as “Turtle Internet.”

In Iran, internet disruptions of this scale are experienced either during major protests against the regime or during tense national elections. Internet measurements across the country revealed that the Iranian government was most likely the cause of the disruptions, intentional or not. Mohammad Javad Azari Jahromi, Iran’s Minister of Information, Communication and Technology, refuted these claims, referring to a disruption within the cables of an American internet company’s cables in Hungary as the reason behind the disruption. No evidence from internet measurements from the company or comments from them have been able to verify this claim.

Iran justifies these efforts toward a localized Internet as necessary to fight American sanctions and cyberwar against the country. After Tehran shot down an American surveillance drone, the United States alleged it carried out “a successful cyberattack” to disable Iranian systems that control rocket and missile launches. The ICT Minister denied the alleged cyberattack on Iran. “No successful attack has been carried out by them,” Mr. Jahromi tweeted, “although they are making a lot of effort.”


Tehran is obsessed with cyberattacks because there is a history of cyberattacks against the country. The alleged attack came around the 10th anniversary of the Stuxnet cyberattack by American and Israeli intelligence against Iran's Nantanz nuclear facilities in 2009.

Stuxnet has defined Iran’s internet policy over the last decade. It was used to push for the creation of a national Internet infrastructure separate from the world wide web to make the country less vulnerable to cyberattacks (although the Stuxnet malware reached the targeted computer systems through offline thumb drives.)

In 2012, the Islamic Republic commenced development of the National Internet Project, which would be hosted inside Iran, be secure and potentially disconnected from the international internet. The National Internet would be blocked or filtered for content according to political, cultural or religious criteria. The rights of users over their data and its monitoring and storage would be controlled by the security establishment.

While launching elements of the project, such as national infrastructure for banking and payment methods, Iranians experienced no direct impact on their access to the global internet.

However, the National Internet provided authorities with the assurance that if the time came for them to disconnect, the national infrastructure could survive. The first time authorities took advantage of this, was in December 2017, when protests broke out nationwide. The National Internet often seems benign, but, it can become a tool of control.


Iran has tried to get users on national alternatives to foreign platforms such as Telegram by offering applications such as Soroush+, developed by the national broadcaster. The authorities have demanded that internet service providers offer data subsidies and higher internet speeds to get users to choose local platforms and content over foreign ones. For instance, the Iranian Aparat video sharing site is promoted as an alternative to the censored but still accessible YouTube. These efforts have struggled, however, as many people prefer more popular foreign platforms.

In May, Jahromi announced the creation of a working group to discuss different scenarios and strategies to counter American sanctions that block Iranians from key Internet infrastructure. He referenced the policies of Apple and Google to block Iranians from their services. In March 2018, Apple made the decision to completely block access to its App Store in Iran and in March 2019 it started removing applications associated to developers in Iran. Google blocked its App Engine and other services on its Cloud Platform to users in Iran years earlier.

How these tech giants are responding to U.S. sanctions is impacting access to the internet for Iranians. That Tehran is critiquing these restrictions is not unreasonable, but it is exaggerating the effects.

“We are preparing for scenarios where the internet will be cut off,” argued the Minister of ICT suggesting an American effort to close off connectivity to Iran’s internet exchange points.

In January, Tehran announced a plan that was described as “an experiment in disconnecting the Internet.” The exercise was meant to disconnect Iranian businesses from foreign payment and financial platforms and get them to rely on local payment systems which run on national infrastructure in the wake of the disruption of Iran’s financial flows by the sanctions. The local alternatives are much more robust and faster than international options as they run on a smaller, local scale.

After widespread opposition from Iranians on social media, the experiment was called off by Jahromi, who tried to fight the outrage by claiming that it had been mistakenly framed as “internet disconnection” by certain officials. His intervention indicated that Tehran still cares about optics of its internet policy.

Iran set a dangerous precedent when it disconnected access to foreign traffic on the internet during the Dec. 2017 protests out of fear over the potential mobilisations against authorities. Jahromi confirmed that the National Security Council had ordered the shutdowns for “national security.” He confirmed that that the National Internet Project had reached a stage where the government could disconnect ordinary internet connections while maintaining key national infrastructure such as government, finance and health sectors.

The renewed confrontation between the U.S. and Iran, then, gives Iran's government more cover to legitimize its efforts to control the internet. In doing so, it might win a cyberwar against its own citizens.