Control, Alt, Influence: the Potential for US Cyber Operations in Iran

Over recent months, there has been much talk of US Cyber Command’s alleged role in turning the lights out over the Venezuelan capital of Caracas in the raid to capture the country’s president and his wife. The US has also acknowledged that cyber operations were integrated with its 2025 military strikes on Iran’s nuclear facilities. Elsewhere, the Trump administration has indicated the potential for private sector involvement in its offensive cyber operations. Taken together, these developments point in one direction: that cyber operations will occupy a more decisive and visible role in US national security objectives.

In Iran, US cyber operations could target a range of systems, from early warning to administrative government infrastructure, with an aim to disrupt, degrade and deny use of capabilities. But these effects have strategic impacts beyond immediate tactical outcomes. When calibrated and aligned to political objectives, they work to create conditions for operational friction within Iran’s security apparatus, increase the IRGC’s operational costs, reduce regime co-ordination and potentially influence decision making.

US cyber operations could structure these conditions in Iran, but they cannot unfold in a vacuum of foreign policy, and resources are neither infinite nor free. Offensive cyber operations are complex, might require years of preparation and some target systems will remain beyond reach. Regardless of the US’ expansive cyber capabilities, it is unrealistic to assume that it can do everything, all at once. This makes clarity of US political objectives in Iran essential, so as to shape how offensive cyber operations are prioritised and how they can work in concert with other tools of statecraft to achieve overarching aims.

Nearly eight months on from US military strikes against nuclear facilities in Natanz, Isfahan and Fordow, deteriorating Iranian economic conditions, and the IRGC’s reported action plan outlining an overtly offensive cyber retaliation to potential US military strikes, the margin for political miscalculation is thin.

Cyber is Not a Side, But a Main: at the ‘Forefront’ of US Joint-Operations

Cyber effects are no longer just the garnish to US military operations, something to be ‘sprinkled on’. Statements from a recent US Senate Subcommittee meeting make it clear that cyber will not just be integral to joint operations but will be ‘at the forefront’. General Hartman, commander of US Cyber Command and director of NSA, has indicated that offensive cyber operations are being executed in a ‘repeatable and sustainable manner’. Yet even when officials concede the importance of offensive cyber, details of these operations are obscured. Avowed operations provide some colour for speculation.

In the event of US military strikes, it is theoretically possible that offensive cyber operations against Iranian infrastructure could remotely disable and deny early warning detection systems such as Iran’s low-frequency radars, through to its integrated and ground-based air defences and thereby protect US assets. There has already been a severe degradation of Iranian air defence systems by joint Israeli and US efforts from 2024-25, with reports suggesting cyberattacks against its long-range, low-frequency Ghadir radar computer systems could have been possible. It could also be possible for the US to target vulnerabilities in command-and-control or battlespace management systems, ready to disable these systems when desired. This is perhaps not without precedent. US cyber operations were allegedly involved in disabling air defence systems in the 2025 military strikes against nuclear facilities. It is indicative of the US’ capabilities in finding ‘Achilles heel[s]’ in highly complex closed-door military systems and exploiting them for further advantage.

Additionally, from as early as 2012, Iran has signalled its shift in building indigenous air defence capabilities, notably the Bavar 373, over imported reliance on existing Russian S-300s. Iranian officials have previously referenced this being a ‘completely indigenous achievement’ with a focus placed on domestic production. This offers insight into the regime’s ongoing wish for self-sufficiency in research and development of these capabilities, led by the IRGC’s Research and Self-Sufficiency Jihad Organisation. 

If US Cyber Command could theoretically disable these systems, in support of a military strike, what continued psychological impact will this have on any current and future self-sufficiency development campaigns of the IRGC?

Fracturing Co-Ordination: Undermining Command and Control

Co-ordination between agencies begins and ends with the ability to share information effectively. Without this, confusion arises, chaos ensues, and mobilisation of any sort is impeded. How might the US use offensive cyber as a tool to target the IRGC, Law Enforcement agencies or the Basij paramilitary, to lead them to change their plans, increase their operational costs and structure conditions for operational friction? One approach would be to increasingly fracture communication links between key players – degrading not just digital systems, but the human ability to co-ordinate, and as such, eroding sense of control. 

In 2024, the remote destruction of pagers and walkie-talkies owned by Iranian proxy group, Hezbollah was an overt spectacle linked to an Israeli operation. Following this, reports from senior Iranian officials alluded to the IRGC running inspections across its communication devices, deepening questions of supply chain and communication security across the Iranian regime.

Undermining command and control could be achieved through other means of subtly degrading communication capabilities, yet leaving them functional and introducing doubt. This would be in an environment of tightly controlled state-owned infrastructure, the Iranian National Information Network (NIN) or other tactical bespoke systems disconnected from the internet. A complex undertaking, but perhaps not entirely unprecedented.

Reports in 2019 disclosed a US cyber-attack that allegedly disabled use of Iranian weapons and missile launchers by taking their computer systems offline. A highly sophisticated operation, it focussed on systems that ‘are probably accessible only physically or through third parties in their supply chains’. This would have likely required extensive reconnaissance to gain access and remain undetected. Beyond software vulnerabilities and internet-facing exploits, the US will likely need a deep understanding of Iran’s tightly controlled hardware supply chains.

When Nothing Adds Up: Subversion as Strategy

There are also other ways, more subtle and likely ones that will not be publicly commented on, where offensive cyber might be used to cause confusion, sow distrust, disrupt co-ordination and further structure conditions for US advantage.

It could be theoretically possible to reach into networks and interfere or tamper with internal messages. Offensive cyber operations could have the capability to add, delete or manipulate data in computer systems to potentially influence human behaviour. Acts of rerouting or blocking data being sent between people or systems and in turn misleading or sowing distrust between key players are assumed to be possible. Such disruption could impact mundane activities such as payroll systems, inventory registers and other regular functions. These subversive operations hark to the more clandestine character of offensive cyber and illustrate more vividly than others, its psychological effects.

Conclusion

The environment for offensive cyber operations in Iran is highly complex, requiring technically sophisticated and calibrated options. Whether conducted as standalone operations, used as contingency options or enabling a wider military operation, the US administration will need to reconcile the costs, benefits and trade-offs with its foreign policy objectives.

In any event, specifics of cyber operations will remain uncertain, but the reality from US posture is clear. If there is to be a kinetic operation against Iran, it is no longer a question of if offensive cyber might be involved, but how – and to support what objective.

© RUSI, 2026.

The views expressed in this Commentary are the authors', and do not represent those of RUSI or any other institution.

For terms of use, see Website Terms and Conditions of Use.

Have an idea for a Commentary you'd like to write for us? Send a short pitch to commentaries@rusi.org and we'll get back to you if it fits into our research interests. View full guidelines for contributors.