“Make your way by unexpected routes and attack unguarded spots,” Sun Tzu, the Chinese master strategist, wrote in “The Art of War.”
President Trump — by deciding to attack Iranian Quds Force commander Qassem Soleimani at a relatively unguarded moment during the general’s trip to Iraq to plan terrorist operations against U.S. interests — successfully managed to find and exploit such an “unexpected route.” The future of U.S.-Iranian interaction is, at this point, unknown, but as Sun Tzu also noted, “Good warriors … do not overlook conditions that make an opponent prone to defeat.”
We are so often thrilled by unexpected events as they appear in television dramas that taking the “unexpected route” should be, well, expected. In reality, however, these paths can be much harder to discern, especially if consistent military moderation and diplomatic acquiescence are considered morally imperative.
When one side is expected to continually “turn the other cheek,” while an aggressor is conversely expected to escalate tensions at will, the aggressor eventually will achieve victory — unless, of course, by sheer will or by miracle, the acquiescent side transcends moderation and strikes along “unexpected routes.” For the United States, this type of transcendence is rare; but when such strikes do occur, they can happen on a grand scale.
Unexpected strategic operations are most effective in attacks on military “centers of gravity,” roughly defined as “the hub of all power and movement.” The identification of adversarial centers of gravity is very important in peer-to-peer conflict, but it’s even more crucial when warfare is waged asymmetrically.
Iran’s leadership believes their country has been at war with the United States since the 1979 Islamic Revolution. For four decades, Iranian proxies have repeatedly “poked the bear” with deadly escalatory strikes, provoking little in the way of direct substantive reaction by the United States. Over time, U.S. politicians have chosen either to ignore Iranian bellicosity or to try to win the peace with alternating attempts at diplomacy, heavy sanctions and various forms of what could be called bribery. The recent U.S. attack that left Soleimani and his entourage dead was, therefore, an unexpected reaction which understandably has left the world wondering, “What’s next?”
In the realm of adversarial expectations, we as a nation tend to succumb to “last battle syndrome” — the assumption that any new war will be fought in much the same way as the last battle of the most recent war. This lack of operational foresight has been perpetuated, perhaps encouraged, by the acceptance of a risk-management mindset within Western culture. As a consequence of using business/financial logic in the assessment of threat, there seems to have arisen a willingness to dismiss unexpected (especially “worst case”) scenarios as implausible, if not impossible. The result is muddied strategic thinking by politicians and a tendency by the largely unsuspecting populace to be lulled into a warm feeling of life as reliably consistent.
What should we expect, if not consistency? Although it’s possible that Iranian leaders will continue the “slow burn” of adversarial efforts (e.g., dealing with the U.S. as if it were a proverbial “boiling frog”), it is doubtful. That’s not to say that they will end attacks against Americans. There may be a temporary de-escalation, but I do not believe they will abandon their war against us.
In fact, Iranian strategy could quickly change from “poking the bear” to “overwhelming the opponent” — especially considering the possibility of Russian assistance. Indeed, this strategy already may have been adopted, as evidenced by a November 2019 U.S. Cyber Command warning about increasingly aggressive Iranian cyberattacks, as well as Trump administration reports of terrorist planning against four U.S. embassies in progress at the point of Soleimani’s demise.
Given the advantages of cyber operations, the availability of modern weaponry and some creative planning, a smaller force is more likely than ever to attempt decisive action against a larger opponent. An attack that can be successfully accomplished instantaneously, with long-term effects, would reduce or eliminate the victim’s response options. Furthermore, when leaders of a smaller entity are under pressure from within, as Iran is currently, they may be even more motivated to utilize this option, hitting the larger entity’s strategic center of gravity with such strength that threats internally and externally are simultaneously neutralized.
Iran is known to have extensive cyberattack capabilities, and there are a number of disruptive cyber operations that could be used, whether in a stand-alone mode or as a distraction for further kinetic operations. These include multi-sector, multi-level, ransomware attacks; cyber identification and intimidation of U.S. leaders, destructive malware attacks at all levels of government and critical infrastructure, and large-scale cyber theft from the financial sector.
The most successful strikes are those that are unexpected and, preferably, without precedent.
As our current adversaries know, the strategic center of gravity for any Western nation is arguably critical infrastructure, with an emphasis on the energy sector — in its very essence, “the hub of all power and movement.” Since hackers of several nations have shown prowess in infiltrating portions of the U.S. grid’s infrastructure, this is not exactly unexpected.
So what is unexpected with regard to Iran? Nuclear, perhaps? Whether developed in country, or purchased from others (e.g., from North Korea) it may be possible that the unexpected will appear in the form of a high-altitude nuclear attack — a capability which they actually have tested. Although this type of catastrophic event is expected in some quarters of government, it remains largely “unexpected” because of intelligence reporting that continues to deny both capability and intent.
Regardless, it is probably wise to be “good warriors” and “not overlook conditions that make [either] opponent prone to defeat.” And it is always wise — and safer — to expect the unexpected.
Cynthia E. Ayers is the deputy to the executive director of the Task Force on National and Homeland Security, and a cyber consultant to the U.S. Army War College’s Center for Strategic Leadership. Retired from the National Security Agency (NSA), her intelligence community career included a position as NSA representative to the Director of Central Intelligence’s Counterterrorism Center during the attack on the USS Cole and the 9/11 crisis. The views expressed in this article are the author’s and not necessarily reflective of the official policy or position of the Army War College, Department of Defense or U.S. government.