Iran to shield itself from cyberattack using secure intranet

Talks up plans for anti-Internet

Iran appears to be pressing ahead with its promise to establish a "national information network" that could unhitch some of the country's most vulnerable government systems from the Internet as part of an experiment in digital isolation.

According to an unsourced report in the Daily Telegraph, the country's telecommunications minister Reza Taghipour used a conference at Amir Kabir University at the weekend to firm up plans for what amounts to huge national Intranet. But what is its purpose?

"The establishment of the national intelligence network will create a situation where the precious intelligence of the country won't be accessible to these powers," Taghipour reportedly said, making reference to attempts by the country's enemies to hack into its national systems.

For anyone familiar with Stuxnet, Duqu and the more recent Flame malware, Iran's paranoia about cyberattack is far from misplaced. It is no secret that the country is smack in the firing line of foreign intelligence agencies.

From the plans alluded to by the Iranians in the past, the system being proposed sounds like a version of China's great firewall with fewer points of ingress. That won't remotely shield protect the country's infrastructure from prying by the country's enemies; intranets are just as prone to hacking if that can be launched from within.

Not coincidentally, the creation of a sort of decoupled Intranet will also make it easier to control dissident communication within the country, forcing them to traverse infrastructure that can be monitored by the state. Some will see this as the main motivation.

Blissful isolation is a theme that Iran's technocrats touch on with notable frequency. In the past, the country has proposed creating its own PC operating system in order to escape the clutches of Western software and even its own antivirus software programme.

Much of this sounds aspirational - some of the threat to the country comes from people who dislike the regime within Iran itself - but what the country did reportedly start blocking sites that use SSL security such as Facebook and Twitter, as well as banning Gmail.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Malware Analysis System

(MAS) gives threat analysts hands-on control over powerful auto-configured test environments where they can safely execute and inspect advanced malware.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »