Technological advancements are enabling U.S. adversaries to cause damage disproportionate to the resources deployed in a domain without clearly defined rules of engagement. While Iran does not have the cyber capabilities of China, Russia, or North Korea, Tehran is willing to take greater risks and cause greater destruction. The Islamic Republic cannot match Washington’s capabilities on the traditional military battlefield nor in the virtual world, but its hackers can still do serious damage. If U.S. decision makers begin to initiate more robust defensive initiatives with allies and the private sector, and simultaneously prepare cyber and kinetic countermeasures, Washington may well prevent a more devastating cyber battle in the future.
Washington should have a zero tolerance policy on abuses of the humanitarian channel. SWIFT should automatically and permanently expel any Iranian bank using the humanitarian channel for illegal purposes. Any non-Iranian bank or company caught engaging in money laundering, corruption, and illicit financial transactions should face the full weight of Treasury’s sanctions and the Justice Department’s law enforcement capabilities.
The decision to designate the Bonyad Taavon Basij network represents an important step toward exerting maximum pressure on Tehran. To reach that goal, Treasury will have to investigate and sanction many more firms, since the IRGC and other malign actors control an estimated quarter to a third of the Iranian economy. Other critical steps toward maximum pressure include keeping Iran on the FATF blacklist and disconnecting Tehran from the SWIFT financial messaging system. The U.S. should give the clerical regime no breathing room.