US planned possible cyber-attacks on Iranian critical infrastructure


The Pentagon devised a contingency plan, code-named Nitro Zeus, to dismantle Iran's military, energy and telecom infrastructures in case of military conflict, the New York Times reported.

Before brokering its historic nuclear agreement with Iran, the US developed contingency plans for launching a series of sophisticated cyber-attacks to neutralise the Middle Eastern nation, in case relations deteriorated into military conflict, the New York Times reported Tuesday.

According to the Times, as early as 2009 the Pentagon began devising a plan, code-named Nitro Zeus, designed to dismantle Iran's air defences, communications systems and parts of its power grid infrastructure. A key aspect of the strategy involved embedding electronic implants in Iranian computer networks that could monitor the country's activities and — if so ordered by President Obama — sabotage its infrastructure.

“Nitro Zeus quickly emerged as one possible response for Obama, a way to turn off critical elements of the Iranian infrastructure without firing a shot,” the Times report said. The plan would not be without risk, however, as it would require infiltrating multiple networks while minimising collateral damage.

The plan would have been difficult to pull off, but not necessarily impossible. “It would be difficult to succeed in an ambitious attack if fundamental security practices are followed [by the targeted critical infrastructure]; however it takes due diligence to ensure that you are aware of the vulnerabilities in your realm of control and have adequate measures in place to mitigate large-scale disruption,” said Merike Kaeo, CTO of cyber-security firm Farsight Security, in an interview with

Simultaneously, US agencies were separately planning to physically or remotely implement a computer worm to covertly disable Iran's Fordo nuclear enrichment site, built inside a mountain near the city of Qum, the Times report said. These plans were rendered moot upon the July 2015 signing of the Joint Comprehensive Plan of Action, which sets terms for Iran to eliminate its nuclear stockpile.

These bombshell revelations were a byproduct of the Times' reporting on the documentary film Zero Days, which premiered Wednesday at the Berlin International Film Festival. Zero Days examines the Stuxnetvirus attack—widely believed to be launched by US and Israel — that set back Iran's uranium enrichment programme in 2010.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews