



Earlier today, NBC reported, and the New York Times confirmed, that the United States conducted a covert cyber operation against an Iranian ship in the Red Sea, the MV Behshad, more than a week ago . MV Behshad is a merchant ship registered with Rahbaran Omid Darya Ship Management Company. It is believed to have been used by Iran's Islamic Revolutionary Guard Corps to provide the Houthis with real-time intelligence to guide strikes against ships transiting the Red Sea.

Unnamed U.S. officials reportedly described the operation as aimed at preventing ships from sharing intelligence with Yemen's Houthi rebels, who have primarily attacked cargo ships in the Red Sea since November and have vowed to do so until Israel ceases its military operations against Hamas in Gaza. The officials also said, however, that the U.S. operation was part of the Biden administration's response to the drone attack by Iranian-backed militias in Iraq that killed three U.S. service members in Jordan late last month and injured dozens of others. [at Tower 22].

Here are some key questions to address as more details emerge:

What was the nature of the cyberattack? Cyberattacks can mean many different things. The specific facts of any cyber operation are important, both in terms of legal and policy implications. Was it a simple jamming operation that disrupted the transmission of information? Or another type of cyber operation that would likely fall below the threshold for a use of force (perhaps deleting or modifying data, which could potentially explain last week's seemingly errant Houthi attack on a cargo ship to Iran)? If the operation did not constitute a use of force, did it violate other potentially applicable international laws (such as duties related to sovereignty and non-intervention) and, if so, is the operation considered by the United States as a legal countermeasure? an otherwise illegal action without the use of armed force and intended to incite the state in violation of international law?

If it was a use of force, was it necessary in self-defense? If the operation reached the level of a use of force (possibly permanently destroying the Iranian ship's infrastructure, although this seems unlikely given what has been reported so far), it would not be of course not a lawful act of self-defense. in response to the attack on Tower 22 in Jordan. Rather, it is clearly linked to Houthi attacks on ships in the Red Sea. U.S. officials reportedly said Iran was using the ship to provide targeting information to the Houthis so their attacks on the ships would be more effective. What is the relationship between the Iranian spy ship and Houthi attacks on ships in the Red Sea? Does the United States believe that Iran bears state responsibility for the Houthi attacks?

What is Iran's reaction? Iran has spoken openly about the MV Behshad over the past two weeks, stressing that it would retaliate if the ship was attacked. In a video posted on its Telegram channel on February 11, the Iranian military claimed that the MV Behshad was engaged in a mission to combat piracy in the Red Sea and Gulf of Aden. The video urges the United States not to attack, warning that those who engage in terrorist activities against the MV Behshad or similar vessels jeopardize international shipping routes, security and assume global responsibility for potential future international risks . Iran has a vast cyber arsenal that includes the ability to carry out sophisticated data suppression and surveillance control and data acquisition (SCADA) attacks on critical infrastructure, capabilities that could be deployed against US ships or military assets in the region.

What are the implications of a possible escalation or de-escalation of the conflict with Iran? The U.S. and Iranian red lines in cyberspace are unclear, and even non-lethal cyberattacks can have unintended consequences. Signaling in cyberspace is notoriously complex and it is difficult to predict and control the impact of malware, for example, once it has been released (the Stuxnet virus that targeted Iran's Natanz nuclear facilities, for example, has also infected computers around the world, including at US oil refineries).

It is striking that the unnamed US officials presented the operation as a response to the attack on Tower 22 in Jordan carried out by Iranian-backed militias in that region, as opposed to part of their efforts to protect against Houthi attacks on ships in the country. Red Sea. The common denominator is the level of Iranian involvement, although it is not clear exactly what level. If this operation was intended to signal to Tehran that the United States holds Iran responsible for the actions of both groups of non-state actors and will respond in kind, does it increase the likelihood of a confrontation direct between the American and Iranian armed forces? Alternatively, if the operation fell below the level of use of force (which, again, seems entirely plausible based on what has been reported so far), it signals a potential possibility of de-escalation through the use of non-kinetic and non-kinetic means? deadly levers of coercion?

