EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Iran: between isolation and technological resilience

    Iran: between isolation and technological resilience

    Written by
    Emmanuel Langlois
    Journaliste
    12.03.25
    Digital transformation
    04
    MIN
    Iran: between isolation and technological resilience
    Iran: between isolation and technological resilience
    Iran: between isolation and technological resilience
    Image They want to put humans back into AI to save it from itself. Who are they?
    Cyber +
    03.05.26 Cyber +
    Next article
    They want to put humans back into AI to save it from itself. Who are they?
    Read
    06
    MIN
    Image From theory to practice: Belgium’s experience implementing the NIS2 directive
    Cybersecurity
    03.02.26 Cybersecurity
    Next article
    From theory to practice: Belgium’s experience implementing the NIS2 directive
    Read
    08
    MIN
    Image Shadow AI, the blind spot undermining cyber governance in SMEs and mid-sized companies
    Digital transformation
    02.23.26 Digital transformation
    Next article
    Shadow AI, the blind spot undermining cyber governance in SMEs and mid-sized companies
    Read
    07
    MIN
    Image Access Control for Minors on Social Media: The Global Agreement
    Cyber +
    02.19.26 Cyber +
    Next article
    Access Control for Minors on Social Media: The Global Agreement
    Read
    07
    MIN
    Despite sanctions, the Islamic Republic—archenemy of the United States and Israel—is seeking to build strength in the digital realm. It now wants to build a modern cloud future, based precisely on major American standards. An analysis of a closed ecosystem, whose secrecy is its trademark, and which is attempting—within an equation impossible to resolve—to combine sovereignty, innovation, and forced dependence.

    The announcement did not go unnoticed. Last summer, Iran launched a discreet but noteworthy call for tenders for its future sovereign cloud. The Iranian Information Technology Organization (ITOI) even set precise rules to evaluate candidates based on three different standards: ISO 27017 (cloud security controls), ISO 27018 (protection of personally identifiable information), and NIST SP 900-145, which concerns the American definition of cloud computing. “They want a comprehensive offer with its three components— IaaS, SaaS, and PaaS,” explains Louis Pétiniaud, researcher at the Center for Geopolitics of the Datasphere (GEODE). “They also want to raise the level of requirements for their service providers, since they want projects to comply with certain American standards and international security norms.”

    An independent national network

    Three winners will be selected at the end of this call for tenders. In fact, it is likely that only Russian and Chinese companies will apply. “This future cloud serves several objectives,” says Mr. Pétiniaud. “First, to build a much stronger digital infrastructure that would provide a national network theoretically independent of any external leverage or potential pressure. However, they also need external connectivity for economic reasons, and even exchanges, so as not to completely isolate their population from the rest of the world. They want to be able to block when they choose to, while also having an extremely efficient and resilient domestic internet.” The researcher also notes that Iran is seeking to be at the forefront of artificial intelligence. Between 2015 and 2019, Iran ranked 13th globally in AI according to Nature Index.

    Resilient cyber capabilities

    Although the country of the Mullahs is officially under international embargo—despite its underground nuclear facilities having recently suffered the wrath of Israel and American B2 bombers—the country is holding firm. A report by Google Cloud Security published this month even predicts a resurgence of its belligerent activities next year: “Iranian cyber capabilities will remain resilient, multifaceted, and semi-deniable,” the study states, “deliberately blurring the boundaries between espionage, disruption, hacktivism, and financially motivated activities.” This integrated approach, adds Google Cloud Security, makes it possible to use the same actors and the same accesses for different missions, complicating defense and attribution for adversaries.

    Digital authoritarianism

    “Iran began by working with countries such as China and gradually achieved a certain degree of self-sufficiency,” observes Amir Rashidi, director of digital rights and security at the NGO Miaan, specializing in human rights policy and digital rights. “Today, we even see Iran exporting these technologies to Russia, as happened with its drone program.” Iranian companies such as Douran Group have been developing censorship and surveillance software tools for years. They even have an R&D branch called Douran Academy (website in Persian), responsible for training specialists and recruiting talent. The company now exports its technologies to Moscow. It even mentioned on its LinkedIn account its cooperation with the Russian company Positive Technologies. “This means that Iran is becoming a global threat to free access to information,” concludes Mr. Rashidi, “because it is exporting its model of digital authoritarianism. This demonstrates a form of transnational repression.”

    A blackout last June

    Like China, Iranian authorities also completely shut down the country’s internet for several tens of minutes on June 18. The official explanation was a “concern” over possible cyberattacks from Israel. According to Miaan, this blackout—whose effects were felt for several days—had serious consequences on banking services and satellite navigation applications such as Google Maps. “In a country like Iran, where civil society is repressed, technological development becomes a tool of control rather than innovation,” asserts Mr. Rashidi. Like China, Iran has few ASes (autonomous systems) open to the world, which allows it to easily and quickly shut down its network.

    “Spear phishing” campaigns

    “The main objectives of Iranian state groups are espionage and disruption,” states Unit 42, a team of researchers from Palo Alto, California. “To do so, they use a wide range of Tactics, Techniques, and Procedures (TTPs), including targeted spear-phishing campaigns (a variant of phishing) and the exploitation of known vulnerabilities.” Still, all hope of a free internet for the Iranian population is not lost, Mr. Rashidi believes—provided, he says, that the international community plays a larger role: “The European Union, in particular, can provide material and moral support for technologies that circumvent censorship and promote free access to information, as well as for cybersecurity services that counter Iranian digital threats.”

    Emmanuel Langlois
    12.03.25
    Articles by the same author:
    1
    01.05.26 Cyber stability
    Cybersecurity: are the United States really on the brink of collapse?
    Read
    04
    MIN
    2
    11.13.25 Digital Sovereignty
    Cloud Sovereignty Framework: when the devil is in the details
    Read
    04
    MIN
    3
    09.08.25 Cyber +
    When China Turns Off Its Internet and Cuts Itself Off from the World
    Read
    05
    MIN
    4
    02.21.25 Cyber stability
    Challenge or Opportunity: Should Chinese Tech Be Concerned About Donald Trump’s Return?
    Read
    07
    MIN
    Image They want to put humans back into AI to save it from itself. Who are they?
    Cyber +
    03.05.26 Cyber +
    Next article
    They want to put humans back into AI to save it from itself. Who are they?
    Read
    06
    MIN
    Image From theory to practice: Belgium’s experience implementing the NIS2 directive
    Cybersecurity
    03.02.26 Cybersecurity
    Next article
    From theory to practice: Belgium’s experience implementing the NIS2 directive
    Read
    08
    MIN
    Image Shadow AI, the blind spot undermining cyber governance in SMEs and mid-sized companies
    Digital transformation
    02.23.26 Digital transformation
    Next article
    Shadow AI, the blind spot undermining cyber governance in SMEs and mid-sized companies
    Read
    07
    MIN
    Image Access Control for Minors on Social Media: The Global Agreement
    Cyber +
    02.19.26 Cyber +
    Next article
    Access Control for Minors on Social Media: The Global Agreement
    Read
    07
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.