Longstanding tensions between the US and Iran are at an unprecedented high as governments and businesses await an inevitable Iranian response to the 3 January US assassination of Iranian General Qassem Soleimani, in Baghdad, Iraq.
Since the attack, senior Iranian officials – including Iran’s Supreme Leader Ayatollah Ali Khamenei – have vowed revenge against the US, leaving many government and business leaders asking what’s next.
WHAT’S NEXT FOLLOWING THE DEATH OF QASSEM SOLEIMANI?
Precedent suggests Iran will respond with guerrilla-style attacks, likely through its proxies in the region, while potentially planning more direct retaliation in the longer term.
Iran will consider a wide range of US military, government, diplomatic, commercial and civilian interests as legitimate targets. While interstate war is questionable at present, Iran is likely to target US military personnel and installations in the region where Iran maintains clandestine proxy networks with considerable reach.
Iran’s capability to attack US interests in general is the highest in Iraq – where Iran-backed Shi’a militias have previously targeted US military and diplomatic assets. Yet, Iranian proxies are also present in Syria, Lebanon, Yemen and Afghanistan. Iranian leaders may also be contemplating attacks in Saudi Arabia, the UAE and Bahrain. Potential targets include US oil facilities in the region and US personnel, including kidnappings and executions, in Iraq.
Furthermore, Iran or its proxies, including the Houthis in Yemen, could attack naval and commercial vessels of the US and its allies in the Arabian Gulf, the Strait of Hormuz, the Gulf of Oman, the Gulf of Aden and the Bab Al Mandab, as well as in foreign ports. Already, in mid-2019, Iran was allegedly responsible for attacks on six commercial vessels, while its navy impounded a UK vessel, in and near the Strait of Hormuz.
Experts are also warning that Iran’s revenge may come in the form of cyberattacks aimed at disrupting western governments and private infrastructure.
Like its armed conflict strategy, Iran has utilised proxy groups to further its cyber activities. Cyber tactics known to be employed by Iran include: denial-of-service attacks, website defacement and wiper malware. Iran is also reportedly developing capabilities to target industrial control systems. Organisations that are poorly prepared for cyberattacks as well as symbolic, US-affiliated organisations could be at higher risk from Iranian sponsored attacks at this time. This can include the health sector, financial services sector and social media.
What should you do if you have business in the Middle East?
Organisations with a physical presence in the region or a profile associated with the US or its allies should consider their preparedness for likely destabilisation in the Middle East and potential targeting by Iran or its proxy actors.
The following questions should be considered:
- Does my organisation understand the current threats and how they may evolve?
- Does my organisation understand how the threat may impact business operations?
- Is my organisation effectively monitoring the situation and does it know when and how to respond to an escalating threat?
- Are our people and assets adequately protected against physical security threats and do we know what they look like?
- Does my organisation have robust and well-practiced emergency response plans in place?
- Does my organisation have adequate information security controls?
Should you require any further information on how these developments could impact you or advice on how your organisation can improve its preparedness, please contact our Crisis Management team to arrange a briefing.