The increasing tempo of offensive cyber operations by Iran and its adversaries, including the U.S. and Israel, has led many commentators to label them as “tit-for-tat”: a cyclical action-reaction dynamic where each side seeks to respond appropriately to an earlier violation by the other. However, this interpretation has significant theoretical and empirical deficiencies. Why, then, does a tit-for-tat narrative dominate our understanding of Iranian cyber activity, and what are the consequences? This paper explores that question.

Events such as the leaking of hacked emails from the US Democratic National Committee before the 2016 presidential election sit between two paradigms of cybersecurity. The first paradigm focuses on intrusion (unauthorised access to networks), while the second concentrates on influence (the use of digital technologies to shift public debate). Analyses generally tackle one of these two aspects.

The difficulty of reaching global agreement on cyber norms is generally attributed to a bipolar division in cyber security governance, reflecting two opposing political systems and sets of values. On one hand, there is a group of what experts have called “likeminded” states. This group generally includes the United States and European countries, and it believes in an open and free internet driven largely by global market competition with some government regulation and civil society observation (known as multistakeholderism). The second group includes Iran, Russia, and China, and prioritizes state control over national “borders” in cyber space with strict governmental limits on content (known as cyber sovereignty.) These differences have been described as the cyber space element of a resurgent Cold War, in which neoliberal and democratic structures confront information control, authoritarianism, and rule-breaking.