MA Dissertation — Center for Geopolitics and Cyber Strategy

Iran’s Cyber Capabilities and U.S. Security:

A Critical Assessment Through Realist and Constructivist Frameworks

of Divergent Threat Perceptions

Master’s Thesis

Barry Campfield

OU ID H2899448

A dissertation submitted to The Open University

for the degree of MA in International Relations

June 2025

Word Count: 12,102

Abstract

Iran’s cyber warfare strategy has emerged as a core element of its geopolitical conduct, significantly shaping global security discourse and influencing international diplomatic responses. This dissertation critically examines Iran’s cyber behavior through the dual lenses of Realist and Constructivist international relations theory, offering a comparative analysis of how these frameworks shape divergent interpretations and policy outcomes.

From a Realist standpoint, Iran’s cyber operations are viewed as rational, cost-effective strategies aimed at asserting power and challenging U.S. hegemony within an anarchic international system. These actions are interpreted as pragmatic tools to enhance deterrence and achieve strategic parity.

In contrast, the Constructivist perspective emphasizes the role of identity, ideology, and historical narratives. It views Iran’s cyber conduct as symbolic acts of resistance, deeply embedded in the revolutionary ideals of the Islamic Republic and reflective of long-standing grievances against perceived Western marginalization.

These contrasting theoretical lenses lead to starkly different policy responses ranging from hardline deterrence and retaliation under Realism to engagement, norm-building, and dialogue under Constructivism. The dissertation contends that neither framework alone fully captures the complexity of Iran’s cyber strategy. Instead, it advocates a hybrid analytical approach that synthesizes both perspectives to inform more balanced and effective policy formulation, reduce the risks of misperception and escalation, and promote greater stability in the evolving domain of cyber conflict.

Contents.

Abstract - 2

Contents - 3

List of abbreviations - 6

Table Reference - 6

Personal Statement - 7

Declaration - 7

Acknowledgments - 7

Introduction - 8

Methodology - 9

o Research Approach - 9

o Data Collection and Analysis - 10

o Reliability and Validity - 10

o Ethical Considerations - 11

o Limitations and Potential Biases - 11

o Use of AI in Research - 11

Literature Review: Iran, the U.S. and Cyberspace – Theoretical Consequences of Divergence.

o Introduce - 12

o Chosen Theoretical Frameworks - 12

o Scholarly Research and Realist Strategic Assessment - 12

o Ideological Rationales and Constructivist Engagement - 13

o The Divergent Approaches to Cybersecurity - 14

o Conclusion - 14

Chapter 1. Iran’s Cyber Strategy: Divergent Perspectives of Realism and Constructivism.

o Introduction - 15

o Realist Perspective: Power Politics, Strategic Adaptation, and Cyber Deterrence - 15

o Constructivist Perspective: Identity, Ideology, and Narrative Construction - 16

o Divergent Consequences and Policy Implications - 17

o Bridging Realism and Constructivism: Toward Integrated Strategy - 17

o Conclusion - 18

Chapter 2. Case Studies and Theoretical Perspectives: Realism vs. Constructivism as Competing Frameworks.

o Introduction - 19

o Case Study 1: Shamoon Malware Attack (2012) - A Strategic Cyber Operation - 20

o Case Study 2: Operation Ababil (2012) - Strategic Retaliation and Ideological Signaling - 21

o Case Study 3: The Bowman Avenue Dam Cyberattack (2013) - 21

o Case Study 4: Iranian Phishing Campaigns - 22

o Theoretical Conflict Resolutions and Implications - 23

o Table 1: Divergent Theoretical Dimensions – Realism vs. Constructivism in Iran’s Cyber Strategy - 24

Chapter 3: Divergent Theoretical Consequences in U.S. Responses to Iran’s Cyber Threats.

o Introduction - 26

o Realist Approaches to Iran’s Cyber Threats - 26

o Constructivist Assumptions and Policy Consequences - 28

o Constructivist Approaches to U.S. Engagement with Iran’s Cyber Posture: Identity-Aware Dialogue - 29

o Inclusion in norm-building - 29

o Confidence-building measures (CBMs) - 29

o Strategic communications - 29

o Assessing Intentions - 30

o Managing Conflict Escalation - 30

o Diplomatic Signals and Redline Credibility - 31

o Conclusion - 31

Chapter 4. Divergent Theoretical Interpretations of Global Cyber Norms and Governance.

o Introduction - 32

o Realism vs Constructivism: A Dual-Lens Analysis - 33

o United States: Strategic Deterrence and Infrastructure Defense - 33

o European Union: Normative Development and Diplomacy - 34

o NATO: Integrating Realist and Legalist Approaches - 35

o United Nations: Global Norm-Building and Legal Complexity - 36

o The Shamoon Attack: A Catalyst for Policy and Norm Change - 37

o Conclusion - 38

Chapter 5. Iran's Response to Criticism of Its Cyberspace Activities.

o Introduction - 39

o Realist Framework: National Security, Power Politics, and Cyber Sovereignty - 40

o Constructivist Framework: Identity, Norms, and Perceptions in Cyberspace - 41

Conclusion: Integrating Realist and Constructivist Frameworks for Superior Policy Solutions. - 42

References - 45

List of abbreviations

AI - Artificial Intelligence

CBM - Confidence-Building Measures

CCDCOE - Cooperative Cyber Defence Centre of Excellence

CSIS - Center for Strategic and International Studies

CISA - Cybersecurity and Infrastructure Security Agency

DDoS - Distributed Denial-of-Service

DHS - Department of Homeland Security

DOJ - Department of Justice

EU - European Union

FDD - Foundation for Defense of Democracies

GEC - Global Engagement Center

GGE - Group of Governmental Experts

ICS - Industrial Control Systems

ICT - Information and Communications Technology

INSS - Institute for National Security Studies

IR - International Relations

IRGC - Islamic Revolutionary Guard Corps

IT - Information Technology

NATO - North Atlantic Treaty Organization

NCA - National Cybersecurity Authority

NSA - National Security Agency

OEWG - Open-Ended Working Group

SCADA - Supervisory Control and Data Acquisition

UN - United Nations

Table Reference

Table 1: ‘Comparison of realist and constructivist interpretations of Iran’s cyber strategy’. Source: Author’s own compilation based on academic literature (Adler, 1997; Alperovitch, 2021; Lupovici, 2021; Mearsheimer, 2001; Waltz, 1979; Wendt, 1999).

Personal Statement

I dedicate this work to my family, whose patience, encouragement, and unwavering support sustained me through the countless hours I spent immersed in my studies.

Declaration

I hereby declare that this thesis titled, Iran’s Cyber Capabilities and U.S. Security: A Critical Assessment Through Realist and Constructivist Frameworks of Divergent Threat Perceptions, is my own work, and that, except where otherwise acknowledged, it has not been submitted for any degree or examination at any other university or institution. I confirm that the work presented is original and that all sources used in the research have been properly cited and acknowledged.

I also declare that this thesis has been composed under my own direction and that I have had full responsibility for its content, structure, and presentation.

Acknowledgments

I would like to express my sincere gratitude to The Open University and its dedicated tutors for their invaluable guidance and insight throughout this academic journey.

In particular, I extend my heartfelt thanks to Dr. Nicola Foster for her consistent support and expertise. Her guidance has been deeply appreciated and instrumental in the completion of this work.

The following guides were instrumental in enhancing my understanding of composition and grammar, which significantly supported me throughout the development of this dissertation.

Writing a Research Paper. (2020) Lisa A. Baglione.

Mastering Research Papers. (2024) Chopra Arvind.

Research Methods in Politics & International Relations. (2020) Christopher Lamont & Mieczystaw P. Boduszynski.

Academic Writing: Concepts and Connections. (2015) Teresa Thonney.

Introduction

The rapid advancement of digital technologies has transformed cyberspace into a key domain of geopolitical conflict. Offensive realism posits that states, driven by the logic of anarchy, seek power and survival through strategic advantage (Mearsheimer. 2001). Iran exemplifies this logic, having embraced cyber warfare to offset conventional military limitations. This shift accelerated following the 2010 Stuxnet attack on its Natanz nuclear facility, a covert operation attributed to U.S.-Israeli collaboration, which demonstrated the potential of cyber weapons to inflict damage at low cost and with plausible deniability (Council on Foreign Relations. 2010). Iran’s subsequent expansion of cyber capabilities reflects both strategic adaptation and ideological resolve. Its operations targeting U.S. financial systems, infrastructure, and elections exemplify the security dilemma, triggering a proliferation effect as adversaries respond to perceived threats by escalating their own cyber postures risking spirals of action and counteraction (Jensen & Valeriano. 2019).

Realism interprets Iran’s behavior as rational power projection, prompting U.S. countermeasures such as sanctions, intelligence-sharing, and deterrent postures. (Clarke. 2016) In contrast, constructivism attributes Iran’s cyber behavior to its revolutionary identity and narrative of historical marginalization, suggesting that symbolic resistance and normative contestation play key roles (Mohebali. 2017. p. 118). From this view, coercive policies may reinforce Iranian grievance rather than modify behavior (Daragahi. 2023).

These theoretical divergences have profound implications. Where realists see cyberspace as a battleground requiring coercive tools, constructivists see a discursive space where legitimacy and recognition are contested. Western advocacy for binding cyber norms often clashes with Iranian and Russian assertions of digital sovereignty (López-Rodríguez, Moreno-Lopez & Hernández-Gutiérrez. 2023. p. 125). Without international consensus, cyberspace remains fragmented, governed by shifting alliances and asymmetric retaliation (Fixler & Cilluffo. 2018). In response to the perceived Iranian threat, the U.S. has deepened alliances through NATO and Gulf partnerships to constrain Iranian influence (NSA. 2024). Yet constructivist insights urge policymakers to address root causes, such as Iran’s ideological insecurities and desire for recognition (Lupovici. 2021). A dual-theoretical approach reveals how divergent perceptions shape divergent policies. This dissertation explores these tensions, arguing that effective responses must integrate security imperatives with normative engagement.

Methodology

The study employs a qualitative approach, utilizing secondary data analysis to evaluate Iran’s cyber operations through both Realist and Constructivist frameworks. Key case studies, including the Shamoon malware attack and Operation Ababil, are examined, drawing on a wide array of sources such as intelligence reports, peer-reviewed literature, and expert commentary. By exploring how different states interpret and respond to Iran’s cyber strategy, the research reveals the varying policy outcomes driven by each theoretical perspective. Additionally, the methodology acknowledges the inherent challenges and biases in analyzing state-sponsored cyber activities, such as difficulties with attribution, transparency issues, and geopolitical influences. This approach underscores the importance of incorporating both theoretical frameworks to inform policy responses. It argues that a thorough understanding of both material power dynamics and ideational elements, such as identity and historical grievances, is crucial for crafting nuanced, well-rounded international strategies to mitigate the increasing threat of cyber warfare.

Research Approach

This study takes a qualitative approach, analyzing secondary data to understand how states interpret Iran’s cyber warfare through both Realist and Constructivist perspectives. It investigates whether Iran’s cyber capabilities are seen as an existential threat, a strategic tool, or a defensive response shaped by historical grievances. Using peer-reviewed literature, declassified intelligence reports, and policy analyses, the research examines differing perceptions of Iran’s cyber strategy, ensuring a broad range of global sources to avoid a Western-centric bias. The study draws on insights from scholars such as John Mearsheimer, Alexander Wendt, and Richard Clarke, as well as evaluations from organizations like CSIS and FDD.

Realism centers on material capabilities and power competition, advocating for state-based responses like sanctions and deterrence, often promoting direct actions to counter perceived threats.

In contrast, Constructivism focuses on identity, historical context, and ideational drivers, emphasizing how narrative, diplomacy, and soft power shape state behavior. This research compares how these two frameworks interpret the same events, showing the significant impact they have on global cybersecurity policies. By merging these theoretical lenses, the study offers a more comprehensive understanding of Iran's cyber activities, providing essential insights for crafting more well-rounded and effective strategies to address cyber threats in an increasingly interconnected world.

Data Collection and Analysis

A thematic analysis identifies recurring motifs and state narratives regarding Iran’s cyber strategy, focusing on national responses from the U.S., Israel, Russia, and China. The study analyzes key incidents like the 2012 Shamoon malware attack on Saudi Aramco and the 2013 Operation Ababil DDoS attacks on U.S. financial institutions, using them as case studies to explore Realist and Constructivist interpretations. Realists view these as power assertions and asymmetric retaliation (Clarke. 2016). Conversely, Constructivists see them as symbolic acts of defiance, reflecting Iran’s identity and revolutionary narrative. (Shadunts. 2023). This dual methodology reveals how different perceptions shape cybersecurity policy: Realists support escalation, offensive cyber capabilities, and retaliatory strategies (Libicki. 2009). Whereas Constructivists advocate for confidence-building, norm development, and diplomatic engagement (Merriweather. 2022).

Reliability and Validity

This study maintains methodological rigor by cross-verifying secondary sources, prioritizing peer-reviewed literature and declassified intelligence, and drawing from respected cybersecurity institutions. It evaluates Iran’s cyber strategy using two competing paradigms to test whether interpretations remain consistent across frameworks. Realist validity is reinforced by empirical intelligence, e.g., National Security Agency, NSA, and Department of Justice DOJ reports, and strategic assessments from authors such as John Mearsheimer (2001), Kenneth Waltz (1979), and Richard Clarke (2016).

Conversely, constructivist validity emerges through critical discourse analysis and identity-based interpretations supported by scholars like Alexander Wendt (1999), Lupovici (2021), and Emanual Adler (1997). By embedding both approaches, the study avoids the epistemological trap of single-theory bias, recognizing that divergent frameworks produce different but equally valid insights. This consequential pluralism ensures robust validity by testing hypotheses under contrasting assumptions about the nature of state behavior.

Ethical Considerations

As the study relies solely on publicly available secondary data, it involves no direct interaction with human subjects. Nonetheless, ethical integrity is preserved through careful citation, avoidance of misinformation, and scrutiny of political or ideological bias, especially in intelligence and governmental sources. The analysis remains critical of potential narrative framing in Western and Iranian sources alike.

Limitations and Potential Biases

This research acknowledges several limitations inherent to the study of state-sponsored cyber warfare:

Attribution complexity – Cyber operations often involve third-party proxies, obfuscation techniques, and false-flag strategies that make definitive attribution difficult.
Data transparency – Access to classified operations remains restricted, particularly on Iran’s internal cyber doctrine.
Geopolitical bias – U.S. sources tend to frame Iran as a destabilizing actor; to mitigate this, Iranian state narratives and responses are included when accessible.

Critically, these limitations highlight why theoretical divergence matters: realists often downplay ambiguity in favor of worst-case scenario planning, while constructivists caution against securitizing actions without contextual understanding. The methodological response is to incorporate triangulated sourcing and reflect on how theory shapes threat interpretation.

Use of AI in Research

Due to difficulties in accessing Iran’s perspective, ChatGPT was used solely to assist in researching material for Chapter 5. Iran’s Response to Criticism of Its Cyberspace Activities. (p. 38) Relevant academic and government sources identified through this process were subsequently reviewed and cited to maintain research integrity.

Literature Review: Iran, the U.S. and Cyberspace: Theoretical Consequences of Divergence.

Introduction

The literature highlights a significant gap in understanding Iran’s cyber behavior, which is often framed through either Realist or Constructivist lenses. Realists view cyber capabilities as tools for power maximization in an anarchic system, while Constructivists argue that cyber operations reflect deeper ideological and identity-based motivations. This theoretical divide has led to contrasting policy outcomes: Realists advocate for deterrence and containment, while Constructivists prioritize dialogue, norm-building, and recognition.

Chosen Theoretical Frameworks

This study integrates Realism and Constructivism due to their contrasting approaches. Realism, as articulated by scholars like Mearsheimer (2001) and Waltz (1979), emphasizes power dynamics and strategic behavior within an anarchic international system. From a Realist perspective, Iran’s cyber operations are rational responses to hegemonic pressures, aimed at survival, deterrence, and regional balance. Realists argue that cyber warfare is a low-cost, high-impact tool for balancing power, which could lead to a cyber arms race, preemptive strikes, and weakened international norms (Mearsheimer. 2001. p. 363).

In contrast, Constructivism, advanced by scholars like Wendt (1999) and Lupovici (2021), focuses on identity, historical narratives, and social structures in shaping state behavior. Constructivists interpret Iran’s cyber posture not just as strategic, but as performative, an expression of defiance, sovereignty, and resistance to systemic exclusion from the global order (Lupovici. 2021. p. 258). This theoretical framework suggests that addressing Iran’s cyber actions requires diplomatic engagement, recognition, and norm-building rather than simply deterrence, emphasizing the need to engage with Iran’s identity-driven motivations.

Scholarly Research and Realist Strategic Assessment

Realist and Constructivist theories continue to underpin academic inquiry. Realists argue that cyber capabilities offer Iran an asymmetric tool to balance power with superior adversaries, given its conventional military inferiority. Following the Stuxnet attack, Iranian cyber investments accelerated, with the Islamic Revolutionary Guard Corps (IRGC) overseeing over $1 billion in cyber development (Siboni & Kronenfeld. 2012. p. 80). Iran’s use of proxy groups like Elfin and Refined Kitten complicates the attribution of cyberattacks, making it difficult to hold the Iranian state directly accountable (Nelson & Kettani. 2020. p. 453). These groups operate with a degree of autonomy, executing cyber operations on Iran’s behalf while maintaining plausible deniability, thus obscuring the state's involvement. This strategy, leveraging obfuscation techniques and third-party infrastructure, muddies attribution and hinders effective responses. The lack of clear accountability undermines diplomatic, legal, and military actions such as sanctions or deterrence measures. Additionally, it weakens international norms on state responsibility in cyberspace, highlighting the need for improved attribution capabilities and enhanced global collaboration to address the challenges of state-sponsored cyber warfare (Nelson & Kettani. 2020. p. 453). For Realists, the ambiguity in cyberspace serves as a strategic advantage for Iran, as it operates in a domain where attribution and accountability are often elusive. This lack of transparency weakens traditional deterrence mechanisms, allowing Iran to engage in cyber operations without facing immediate or direct retaliation. As a result, Iran can leverage cyber capabilities to assert power and influence while minimizing the risks typically associated with more conventional forms of military aggression, further complicating efforts to enforce global norms on cyber conduct (Libicki. 2009. p. xvi). Hence as Eisenstadt (2016) argues, cyber warfare is Iran’s preferred tool due to its ability to achieve significant strategic outcomes with relatively low cost and risk. By utilizing cyber capabilities, Iran can inflict damage or exert influence without the need for traditional military engagement, reducing its exposure to retaliation or escalation. This approach provides Iran with a means of challenging more powerful adversaries, such as the United States, while avoiding direct confrontation and maintaining plausible deniability (Eisenstadt. 2016. p. 1).

Ideological Rationales and Constructivist Engagement

From a Constructivist perspective, cyber diplomacy is seen as a more effective alternative to traditional deterrence strategies. Merriweather Jr. (2022) argues that cyber diplomacy, fostered by organizations like the Center for Strategic and International Studies (CSIS), can shape international discourse on cybersecurity norms. He suggests that engagement policies that fail to address Iran’s ideological motivations risk reinforcing its hostility and marginalization (Merriweather. 2022). According to Constructivism, Iran’s cyber operations are not just strategic moves but symbolic acts of resistance against a Western-dominated international order. As a result, engagement with Iran through recognition and norm-building is essential for addressing the root causes of its cyber behavior (Merriweather. 2022).

The Divergent Approaches to Cybersecurity

The Realist view of Iran’s cyber activities tends to focus on maintaining a balance of power and ensuring deterrence. As Realists argue, an anarchic international system necessitates that states maximize their relative power (Mearsheimer. 2001). Cyber capabilities provide Iran with a cost-effective method to assert power in a way that challenges Western hegemony without direct military confrontation. However, this perspective often leads to a policy of containment, viewing Iran’s actions primarily as threats that must be countered through sanctions, preemptive strikes, and military alliances.

In contrast, Constructivism emphasizes the importance of addressing underlying ideational factors, such as identity and historical grievances. According to Constructivist scholars, understanding Iran’s motivations requires considering how its self-perception as a revolutionary state, shaped by historical experiences such as the 1979 Islamic Revolution and subsequent Western marginalization, informs its cyber behavior (Nia. 2011. p. 281). Constructivists argue that Iran’s cyber operations are not solely defensive or retaliatory, but also an attempt to communicate its identity and challenge the Western-led international order. Therefore, strategies focused on dialogue, norm-building, and recognition may be more effective in addressing the root causes of cyber conflicts.

Conclusion

Iran’s cyber strategy presents a blend of Realist pragmatism and Constructivist ideology. Realists view Iran’s cyber operations as strategic, focusing on power dynamics and deterrence. Constructivists interpret these actions as ideationally driven, emphasizing identity, marginalization, and symbolic resistance. These contrasting theoretical frameworks lead to different policy approaches: Realism supports deterrence, sanctions, and defensive capabilities, while Constructivism advocates for diplomatic engagement, recognition, and the building of international norms. Understanding the coexistence of these theories is crucial for forming effective policy responses to Iran’s cyber activities. Given that Iran’s strategy is both pragmatic and ideational, policy solutions must integrate both deterrence and identity-sensitive diplomacy to address the complex realities of state-sponsored cyber warfare.

Chapter 1. Iran’s Cyber Strategy: Divergent Perspectives of Realism and Constructivism.

Introduction

Iran’s cyber operations have become a focal point in discussions of international security, drawing attention due to their frequency, sophistication, and geopolitical implications. These operations include phishing campaigns, disinformation, ransomware, and infrastructure-targeted attacks, often carried out by state-linked actors within the Islamic Revolutionary Guard Corps (IRGC). By viewing Iran’s actions through both power-based and identity-based paradigms, this chapter reveals how divergent theoretical assumptions lead to contrasting strategic prescriptions. Realists emphasize the strategic importance of deterrence and containment, suggesting that Iran’s cyber activities should be countered with robust defense mechanisms, sanctions, and retaliatory operations. In contrast, Constructivists highlight the role of Iran’s historical identity and ideological motivations, proposing that effective responses require engagement, recognition of grievances, and the promotion of cyber norms that encourage cooperative behavior rather than coercive tactics. Through the dual-lens approach, this analysis underscores the complex interplay between material power and ideational factors, offering a more nuanced understanding of how to manage Iran's growing cyber threat. By integrating both perspectives, policymakers can develop multifaceted strategies that address both the immediate security concerns and the underlying ideological drivers of Iran’s cyber activities.

Realist Perspective: Power Politics, Strategic Adaptation, and Cyber Deterrence

Realism views the international system as anarchic, where states act primarily to ensure survival and gain power (Mearsheimer. 2001. p. 47). Under this framework, the Iranian approach is a rational adaptation to its constrained military position. Lacking conventional military parity with rivals like the U.S., Iran leverages cyber tools as asymmetric force multipliers. Attacks on Saudi Aramco and DigiNotar, for instance, show Iran’s ability to exploit vulnerabilities in critical systems (United Against Nuclear Iran. 2024. p. 9-10). These cyber campaigns align with offensive realism, which posits that states act aggressively to secure their position in a hostile global order (Mearsheimer. 2001. p. 112). State-sponsored units, including those embedded in the IRGC, have played a central role in developing Iran's offensive cyber infrastructure (Freilich, Cohen & Siboni. 2023. p.156). Iran’s use of digital currencies, ransomware, and anonymous transactions further demonstrates a strategy aimed at evading economic sanctions and securing strategic flexibility (Givens, Sanders & Douglas. 2022. p. 233). Realists argue that alliances like Iran’s growing partnership with Russia represent deliberate coordination aimed at undermining Western-led institutions and reshaping the balance of power (Shoori. 2011. p. 109). U.S. sanctions and condemnations, including those from the Department of Homeland Security and the Treasury, have done little to dissuade Iran’s efforts ((1) U.S. Department of the Treasury. 2024). Instead, they reinforce the realist conclusion that sanctions are insufficient deterrents in cyberspace, where attribution is ambiguous and retaliation is constrained (Alperovitch. 2021).

Constructivist Perspective: Identity, Ideology, and Narrative Construction

While realism centers on material power, constructivist theorists, most notably Alexander Wendt, argue that Iran’s cyber strategy, from this perspective, is not solely about strategic advantage but also about ideological resistance (Wendt. 1999. pg. 74). The Islamic Republic views itself as a revolutionary state resisting Western imperialism and that state interests are not given but are shaped by shared ideas and social constructs (Wendt. 1999. p.1). Iran’s assertive cyber posture reflects a historically rooted sense of marginalization and ideological defiance, particularly following incidents like the 2010 Stuxnet attack, widely believed to be orchestrated by the U.S. and Israel, which targeted Iran’s nuclear infrastructure (Daragahi. 2023). These perceived injustices fuel a desire to retaliate and project sovereignty which led to an alliance with Russia who see Iran as central to a new anti-Western model of International Relations (IR), extending beyond politics into coordinated cyber operations, a strategic tool to challenge U.S. led norms and destabilize Western influence (Smagin. 2024). Domestically, the state's control over digital infrastructure, such as its acquisition of the Telecommunications Company of Iran, reflects an internal strategy to spread religious and political narratives via cyberspace (IISS. 2021. pg.115). As Seyed Hossein Mousavian, professor at Princeton University, noted during the 2023 U.S. Command’s Deterrence Symposium, Western double standards and dismissive policies toward Iran only intensify its adversarial posture (Pincus. 2023). Constructivists argue that any sustainable response must engage Iran’s historical and identity-based motivations, not just its capabilities.

Divergent Consequences and Policy Implications

The policy implications of these two lenses diverge sharply as a realist approach advocates for bolstering cyber defenses, expanding offensive capabilities, and reinforcing sanctions to constrain Iran’s capacity to conduct cyberattacks. Iran’s alignment with Russia and similar regimes must be understood as part of a calculated geopolitical strategy requiring military, economic, and digital deterrence mechanisms (Wallar, Wishnick, Sparling & Connell. 2025. p. i).

Whereas the constructivist lens suggests that long-term solutions require engagement with Iran’s ideological perspectives. Recognizing its security concerns, historical grievances, and perceived injustices may reduce motivations for offensive cyber behavior. This could include dialogue over cyber norms, inclusion in multilateral digital governance frameworks, and adjustments to current foreign policy approaches that Iran perceives as exclusionary (Roguski. 2020). While this approach offers de-escalation potential, it must contend with verification challenges and the persistence of ideologically driven threat perceptions.

Bridging Realism and Constructivism: Toward Integrated Strategy

Iran’s cyber strategy is too complex to be fully understood through a single theoretical lens. A dual-lens approach that integrates Realism’s focus on power dynamics with Constructivism’s emphasis on identity and grievance provides a more comprehensive understanding of Iran’s actions in cyberspace. Realism highlights the importance of deterrence in countering state-sponsored cyber threats, particularly by strengthening cyber defenses and retaliatory capabilities to protect critical infrastructure. However, without addressing the deeper motivations rooted in Iran’s ideological worldview and historical grievances, these deterrence-focused strategies are unlikely to produce long-term success. As Richard Clarke notes, the deniability and reach of cyber operations make them difficult to deter effectively (Clarke. 2016).

Incorporating Constructivist insights, which stress the significance of identity, ideological narratives, and historical context, reveals that Iran’s cyber activities are not only about power projection and deterrence but also about asserting sovereignty and resisting perceived Western hegemony. Iran’s cyber operations can be seen as symbolic acts of resistance, deeply embedded in the country’s revolutionary identity, particularly in response to historical grievances against the West (Lupovici. 2021. p. 258).

To address these ideational factors, policy responses must go beyond purely material strategies. Diplomatic engagement that acknowledges Iran’s security concerns, revolutionary identity, and grievances, combined with strategic containment, offers the potential to reduce tensions and avoid escalation. The most effective path to a stable digital security environment involves combining robust cyber resilience with diplomatic efforts aimed at understanding and addressing Iran’s identity-driven motivations. A hybrid approach integrating deterrence strategies with efforts to mitigate ideological and identity-based grievances provides a more sustainable, comprehensive solution. Such a strategy balances both power dynamics and the need for nuanced diplomatic engagement, ultimately fostering long-term stability in the face of evolving cyber threats.

Conclusion

Iran’s alliance with Russia and its increasingly sophisticated cyber operations highlight the growing complexity of state behavior in cyberspace. As Guillermo López-Rodríguez, Irais Moreno-Lopez, and José Carlos Hernández-Gutiérrez in their article Cyberwarfare Against Critical Infrastructures (2023), these operations often occur in a gray zone where traditional rules of war are blurred, making them difficult to categorize. Realism interprets Iran’s cyber behavior as a rational response to systemic constraints, particularly its need to offset military inferiority and project power in a competitive international system. From this perspective, Iran’s cyber activities are strategic tools designed to assert influence, deter adversaries, and protect national interests without resorting to traditional military conflict.

In contrast, Constructivism focuses on the ideological, historical, and identity-based factors that shape Iran’s cyber strategy. For Constructivists, Iran’s cyber actions are not just pragmatic moves but also performative acts of resistance against perceived Western hegemony. These actions are deeply rooted in Iran’s revolutionary identity and national narrative of victimhood, positioning its cyber activities as a means of asserting sovereignty in a hostile international environment. Effective policy must integrate both frameworks, recognizing that Iran’s cyber threats stem from both strategic calculations and ideological motivations. Addressing both the material and ideational aspects of Iran’s cyber strategy will enable policymakers to create more balanced and effective responses. Rather than relying solely on technical defenses and deterrence, democratic nations must consider the underlying political and ideological drivers of cyber conflict. A dual-track approach that combines deterrence with diplomatic engagement can reduce the risks of escalation, foster international cooperation, and strengthen global cybersecurity frameworks. This will allow for a more comprehensive and adaptable strategy in managing the complexities of state-sponsored cyber warfare in the modern digital era.

Chapter 2. Case Studies and Theoretical Perspectives: Realism vs. Constructivism as Competing Frameworks.

Introduction

Realism and constructivism offer distinct yet complementary insights into Iran’s cyber activities. Realism emphasizes state behavior driven by power, survival, and strategic interests in an anarchic international system. Iran, constrained by military limitations and international sanctions, employs cyber capabilities as a cost-effective tool of asymmetric warfare to disrupt stronger adversaries like the United States. Dmitri Alperovitch and others note that Iran, along with China, Russia, and North Korea, engages in cyber operations to challenge U.S. hegemony and destabilize the liberal international order (Alperovitch. 2021. pg. 6). Iran’s attacks on critical sectors, such as the 2012 Shamoon and RasGas incidents, are viewed as retaliatory acts aligned with realist logic. These operations target the economic foundations of adversaries, demonstrating strategic intent while avoiding conventional military confrontation (Jones, Bermudez, Newlee, & Harrington. 2019. p. 4). U.S. led sanctions has been perilous to Iranian economy so understandable the Iranian regime turns to offensive cyber capabilities as a means to achieve its foreign policy goals (Givens, Sanders & Douglas. 2022. p. 229). Therefore U.S. cyber defense strategy should include strategic messaging that downplays Iranian cyber gains while highlighting American cyber strength and resilience, a narrative reinforced by officials citing Iranian interference in democratic institutions to justify strong deterrence (Eisenstadt. 2016. p. 12).

Constructivism, in contrast, highlights the role of identity, ideology, and norms in shaping state behavior. Iran’s cyber posture is informed by its revolutionary identity, resistance to Western dominance, and a perception of marginalization in global politics. Therefore, Iran is shaped by shared meanings and interpretations, making its cyber actions not purely strategic but also symbolic assertions of sovereignty and legitimacy (Adler. 1997. p. 324). This ideational framing explains why states like Russia and China, which share anti-Western narratives, partner with Iran in cyber cooperation. Technology transfers, cybersecurity agreements, and shared advocacy for cyber sovereignty reflect these alignments (Hardie & Fixler. 2021). Iran’s cyber campaigns, especially those targeting symbolic sectors like finance and energy, are interpreted by constructivists as political performances designed to resist hegemonic narratives and reinforce national identity.

Case Study 1: Shamoon Malware Attack (2012) - A Strategic Cyber Operation

The 2012 Shamoon malware attack on Saudi Aramco, attributed to Iranian-linked actors, disabled over 30,000 computers, marking a key moment in Iran’s cyber evolution (Council on Foreign Relations. 2012). Targeting the world's largest oil producer, responsible for nearly 10% of global oil supply, the attack revealed Iran’s capacity for asymmetric cyber warfare aimed at disrupting energy infrastructure (Middle East Monitor. 2020). Using Disttrack malware, Shamoon spread through networks via stolen administrator credentials, intentionally overwriting data and disabling systems, demonstrating Iran’s willingness to engage in economic warfare (Falcone. 2016). The attack, which led to over $6 billion in losses, forced an 11-day Information Technology (IT) shutdown, exposing Iran's intent to target economic lifelines (Bronk & Tikk-Ringas. 2013. p. 3). While oil production was unaffected, the attack raised alarms about global energy security, prompting increased cyber defense measures and public-private sector cooperation (CISA. 2024). Realists view the attack as a strategic retaliation against a U.S. ally, aiming to project power asymmetrically. In contrast, Constructivists interpret it as a symbolic act of resistance, reinforcing Iran’s ideological stance and contesting its exclusion from the global order (Eriksson & Giacomello. 2006. p. 235).

Case Study 2: Operation Ababil (2012) - Strategic Retaliation and Ideological Signaling

Operation Ababil, a series of Distributed Denial-of-Service (DDoS) attacks in 2012, targeted 46 major U.S. financial institutions, including Bank of America, JPMorgan Chase, and Wells Fargo (Council on Foreign Relations. 2012). Self-identified patriotic hackers used botnets to overwhelm the websites with traffic, causing service outages and potential economic disruption (Baezner. 2019. p. 13). While technically simple, the scale and persistence of the attacks highlighted Iran’s use of cyber tools for asymmetric warfare (Fixler & Cilluffo. 2018. p. 21). The 2016 U.S. indictment of seven Iranian nationals confirmed the operation’s state-sponsored nature (U.S. Department of Justice. 2016).

From a Realist perspective, Operation Ababil was a calculated response to perceived U.S. aggression, such as the killing of Major Qassem Soleimani, aiming to deter further coercive actions by demonstrating Iran’s ability to inflict costs (Givens, Sanders, & Douglas. 2022. p. 219). In contrast, Constructivists interpret the campaign as symbolic defiance, reinforcing Iran’s revolutionary identity and resistance to Western dominance (Jones & Newlee. 2019). Both frameworks highlight the dual nature of Iran’s cyber strategy, strategic deterrence and ideological resistance, underscoring the need for nuanced policy responses.

Case Study 3: The Bowman Avenue Dam Cyberattack (2013)

In 2013, Iranian hackers infiltrated the control systems of the Bowman Avenue Dam in New York, exposing vulnerabilities in U.S. infrastructure and signaling the expanding reach of Iran’s cyber capabilities. Although no physical damage occurred, since the sluice gate was offline, the breach had symbolic weight, demonstrating the potential to disrupt essential services (Office of Attorney General. 2016). U.S. officials, including Senator Chuck Schumer, interpreted the attack as a message of deterrence, highlighting Iran’s message as being, ‘don’t pick on us, because we can pick on you’ (Sanger. 2018. p.48). The incident led to the indictment of seven Iranian hackers linked to the Islamic Revolutionary Guard Corps (IRGC), elevating the case to the level of public diplomacy and international law enforcement (U.S. Department of Justice. 2016). It also catalyzed U.S. cybersecurity reforms, especially within the Department of Homeland Security (DHS), which began closer collaboration with utility providers and emphasized risk management for critical infrastructure (U.S Department of Homeland Security. 2018. p. 5).

Globally, the attack heightened awareness of the vulnerabilities in Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks that manage critical infrastructure. Notable malware campaigns such as BlackEnergy, Havex, and Sandworm underscored these risks, making ICS/SCADA security a focal point for cybersecurity training and policy development (Campbell. 2015. p.2).
Realists view the attack as asymmetric power projection, with Iran exploiting cyberspace vulnerabilities to deter a superior adversary. Lacking conventional parity, Iran, like other weaker states, leverages cyber tools to signal retaliatory capacity without crossing kinetic thresholds (Waltz. 1979. p.184).

Conversely, constructivists see the intrusion as ideational resistance. Rather than mere strategy, it reflected Iran’s revolutionary identity and historical antagonism toward the West. The breach of U.S. infrastructure served as a symbolic assertion of autonomy and ideological defiance (Sanger. 2018. p. 48). The incident illustrates how cyberattacks can operate both as strategic deterrents and expressive tools of state identity.

Case Study 4: Iranian Phishing Campaigns

Iranian phishing campaigns, targeting aviation, petrochemical, and energy sectors, exemplify a sophisticated use of cyber tools aimed at both strategic disruption and symbolic resistance (Office of Information Security. 2022. p. 17). Phishing, defined as the deceptive acquisition of sensitive information through impersonation, allows Iranian actors to infiltrate critical infrastructure, reflecting the strategic depth of Iran’s cyber capabilities (Phishing.org. 2025).

From a realist perspective, these operations represent a calculated form of asymmetric warfare. As offensive realist John Mearsheimer argues, in an anarchic international system, states seek to maximise power to ensure survival. Iranian phishing operations bypass conventional military constraints, instead targeting the technological and economic infrastructures of adversaries. This approach reinforces deterrence by demonstrating disruptive capabilities an essential strategy for weaker states striving to ensure survival (Mearsheimer. 2001. p.48). It aligns with the neorealist framework, which holds that states with limited conventional means adopt alternative forms of power projection to achieve equilibrium and counterbalance stronger rivals (Bloor. 2022. p.2). Former U.S. White House advisor Richard Clarke further warns that such cyberattacks may cripple essential systems such as energy grids and financial institutions without immediate attribution, enhancing plausible deniability while asserting strategic leverage (Clarke. 2016).

By contrast, constructivist theory interprets Iranian phishing not solely through a material lens but as a manifestation of identity-driven resistance. According to Alexander Wendt in his work Social Theory of International Politics (1999), state behaviour is shaped by intersubjective meanings, norms, and identities. In this light, Iran’s cyber campaigns reflect its revolutionary self-conception and opposition to Western dominance. This aligns with the view that threats are not objectively given but socially interpreted, suggesting that Iran’s phishing operations are intended to reshape its international image, from that of a perceived rogue actor to a legitimate cyber power.

These theoretical divergences yield distinct policy implications. A realist approach would support sanctions, enhanced cyber defences, and retaliatory cyber operations to contain Iranian capabilities. In contrast, a constructivist response would favour diplomatic engagement and the inclusion of Iran in international cyber norm development to reduce antagonism through recognition and dialogue. In sum, Iran’s phishing campaigns illuminate the complex interplay of power, identity, and narrative in cyber conflict. Realist interpretations underscore the logic of deterrence and asymmetry, while constructivist analysis reveals deeper ideological motives and normative struggles. An effective cybersecurity policy must therefore integrate both material and ideational dimensions to navigate the evolving challenges posed by state-led cyber operations.

Theoretical Conflict Resolutions and Implications

Realism and constructivism offer distinct yet complementary frameworks for addressing conflict and cyber threats. Realism views the international system as anarchic and inherently conflictual, advocating deterrence, capability-building, and alliance formation as essential strategies for safeguarding national interests. In this view, conflict resolution is achieved not through mutual understanding, but through balancing power, demonstrating credible threats, and reinforcing strategic superiority. As one of the major 20th-century figures in the study of international relations Han J. Morgenthau (1948) argued, ‘international politics, like all politics, is a struggle for power’, therefore peace is best preserved by deterring aggression through strength, and by aligning with other states to counter shared adversaries (Morgenthau. 1949. p. 13). In the context of cybersecurity, this translates into hardened infrastructure, offensive cyber capabilities, and multilateral coalitions such as NATO to increase deterrence against actors like Iran.

By contrast, constructivism focuses on the ideational and social dimensions of conflict, promoting diplomatic engagement, norm-building, and identity transformation as pathways to peace. Alexander Wendt (1992) contends that conflict emerges not only from material power struggles but also from socially constructed meanings, including perceptions of threat, historical narratives, and collective identities (Wendt. 1992. p. 396). The post-World War II reconciliation between France and Germany serves as a powerful constructivist case study, demonstrating how adversarial relations can be reshaped through the internalization of shared norms, identity convergence, and institutional integration (Huber. 2020. p. 2).

Each framework, however, has limitations. Realism may underestimate the role of norms, beliefs, and emotions in driving behavior, particularly in ideologically motivated states. Constructivism, on the other hand, may downplay material threats and the enduring importance of strategic deterrence. Iran’s dual-track strategy of developing both nuclear and cyber capabilities while simultaneously portraying itself as a victim of Western aggression highlights the insufficiency of applying either lens in isolation (Gallagher. 2013). Instead, this complexity calls for a hybrid model. A balanced approach to cyber conflict resolution should integrate realist and constructivist insights. Deterrence and defensive capacity remain essential to counter tangible threats, while diplomatic engagement, narrative reshaping, and norm promotion are critical for reducing escalation and fostering long-term stability. Understanding Iran’s cyber behavior through both frameworks is essential for developing an adaptive, sustainable, and multidimensional cybersecurity strategy.

Table 1: Divergent Theoretical Dimensions – Realism vs. Constructivism in Iran’s Cyber Strategy

The following table outlines the fundamental divergences between realism and constructivism in interpreting Iran’s cyber behavior. Realism views cyberspace as a strategic domain shaped by material threats and power asymmetries, where states like Iran engage in calculated cyber operations to deter adversaries and compensate for military inferiority. Constructivism, by contrast, interprets these actions through ideational lenses, framing them as expressions of identity, historical grievance, and resistance to perceived exclusion from global governance. These distinctions directly influence how actors respond to Iran’s cyber operations whether through deterrent postures and sanctions, or through normative engagement and diplomatic recalibration.

Table 1 above: ‘Comparison of realist and constructivist interpretations of Iran’s cyber strategy’. Source: Author’s own compilation based on academic literature. (Adler, 1997; Alperovitch, 2021; Lupovici, 2021; Mearsheimer, 2001; Waltz, 1979; Wendt, 1999)

Chapter 3: Divergent Theoretical Consequences in U.S. Responses to Iran’s Cyber Threats. Introduction

Between 2011 and 2013, a hacktivist group known as the Izz ad-Din al-Qassam Cyber Fighters, affiliated with Iran’s offensive cyber operations, launched Operation Ababil, a coordinated DDoS campaign that disrupted major U.S. financial institutions demonstrating Iran’s capacity to exert pressure without engaging in direct military confrontation (Morgan. 2024). U.S. policy responses vary greatly depending on the theoretical lens applied. This chapter contrasts how realism and constructivism, two dominant IR theories, shape the interpretation and handling of Iran’s cyber threats.

Realist Approaches to Iran’s Cyber Threats

Realism sees the international system as anarchic, where states act rationally to pursue power and ensure survival (Waltz. 1979. p. 91). From this view, Iran’s cyber actions are strategic efforts by a weaker power to undermine a superior adversary. Cyber tools offer Iran a low-cost means to assert influence while staying below the threshold of open warfare, as James Lewis from Center for Strategic and International studies noted, ‘these attacks were not sophisticated, but good enough to have worked’ (Sanger. 2018. p. 49).

The U.S., influenced by realist thinking, frames Iran’s cyber operations as acts of aggression requiring deterrent responses. Policy tools include:

Attribution and strategic signaling: Publicly identifying Iranian actors, such as those behind the Bowman Avenue Dam incident, sends a coercive signal and justifies countermeasures (U.S. Department of Justice. 2016).

Retaliation: Secret U.S. Cyberattacks on Iranian infrastructure align with deterrent logic and help reinforce red lines (Sanger. 2018. p. 54).

Alliance-building: NATO’s 2014 declaration that cyberattacks can invoke Article 5 reflects a realist commitment to collective defense (Wiedemar. 2023).

Capability development: The 2018 U.S. Cyber Strategy introduced persistent engagement and defend forward as proactive measures to counter adversaries like Iran (U.S. Department of Defense. 2018. p. 1).

Iran’s cyber behavior aligns with realist logic, as it leverages asymmetric tactics and continually enhances its technical capabilities to exert substantial impact despite constrained resources (Ferner. 2025). Iran’s investment in cyber warfare reflects its strategic use of ambiguity and proxy groups to obscure attribution and complicate U.S. responses. This indirect approach aligns with its broader policy tactics, with a clear record of cyberattacks underscoring the growing role of offensive capabilities in advancing national interests (Givens, Sanders & Douglas. 2022). Realists contend that attribution in cyberspace is not merely a technical determination but a calculated strategic act, influenced by the reliability of intelligence, the severity of the attack’s impact, and the political advantages of assigning blame. Joseph Nye (2011) defines cyber power as ‘the ability to obtain preferred outcomes through use of the electronically interconnected information resources of the cyber domain’, a concept that has sparked intense debate regarding its transformative effect on international relations (Nye. 2011. p. 82). While realism does not provide a formal theory of cyber power, it nonetheless offers a useful lens for analyzing how power is distributed among actors and how this distribution shapes patterns of conflict and competition in cyberspace (Craig & Valeriano. 2018. p. 3). Iran’s cyberattack on Albania came close to invoking NATO’s Article 5, which would have marked the first activation of the Alliance’s collective defense clause in response to a cyber incident. The episode reignited critical debate over the applicability of Article 5 in the digital domain and underscored ongoing uncertainty surrounding thresholds for collective action in cyberspace (Wiedemar. 2023. p. 2). Constrained by punitive sanctions and deepening diplomatic isolation, the risk of escalation in cyberspace remains ever-present forcing Iran increasingly turned to cyber capabilities as a cost-effective means of pursuing its strategic objectives. With financial restrictions undermining its economy and limiting access to conventional military assets, Iran faces mounting pressure to rely on asymmetric tools, chief among them, offensive cyber operations (Fixler and Cilluffo, 2018. p. 6). Escalation remains an enduring risk, as Iran’s increasing dependence on cyber capabilities shaped by diplomatic isolation and the weight of international sanctions may drive it toward more assertive digital operations. Faced with constrained conventional options, Iran is likely to favour cyberattacks as a primary tool of retaliation, a shift that further unsettles the strategic balance in cyberspace (Givens, Sanders & Douglas. 2022. p. 232).

Constructivist Assumptions and Policy Consequences

Constructivism views reality and knowledge as socially constructed, emphasizing that what we know is shaped by social context, an approach grounded in ontological and epistemological reflection. Central to this perspective are identities and interests, which are not fixed but formed through interaction. States develop multiple, socially constructed identities that shape how they define their interests and understand their role in the international system (Theys. 2018. p. 1). Through a constructivist lens, Iran’s cyber behaviour is not purely strategic but rooted in its revolutionary identity and enduring mission to resist Western dominance. Its foreign policy is shaped by what the regime defines as justice-oriented principles, sustaining opposition to the United States despite the heavy costs of sanctions and diplomatic isolation (Nia. 2011. p. 284). This confrontational stance reflects a broader ideological struggle against perceived structures of colonialism, despotism, absolutism, and imperialism. In this context, Iran’s cyber operations targeting Western states are not solely about advancing material interests, they are also expressions of its normative rejection of the existing international order (Nia. 2011. p. 284). Iran sees itself as the ideological leader of anti-imperialist resistance, using cyber operations to project sovereignty and affirm its role as protector of the Muslim world. Rooted in a narrative of oppressed versus oppressors, this posture positions Iran as a defender of Muslim nations against perceived global injustice (Cingoz, Ozkan, Selim & Izol. 2024. p. 6). From a constructivist perspective, the anxiety surrounding foreign interference in Western democracies reflects deeper concerns about how cyber tools shape meaning and identity through information. These tools are not merely tactical instruments but symbolic vehicles used to defend state narratives, affirm values, and influence collective perceptions of legitimacy and sovereignty (Whyte. 2020. p. 1).

Constructivist Approaches to U.S. Engagement with Iran’s Cyber Posture: Identity-Aware Dialogue
Rather than treating Iran solely as a rational actor pursuing material interests, constructivist-informed diplomacy engages with the Islamic Republic’s self-perceived identity and historical narrative. This includes acknowledging Iran’s framing of itself as a revolutionary state born in opposition to Western imperialism and its enduring sense of marginalization in the international system. Constructivist scholars argue that effective diplomacy must take into account these intersubjective understandings, enabling more meaningful engagement by addressing Iran’s ideational motivations and sense of status (Nia. 2011. p. 171).

Inclusion in norm-building
A key component of constructivist theory is the belief that norms are socially constructed through interaction. The U.S., by supporting Iran’s participation in multilateral norm-shaping platforms, such as the United Nations Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG) advances a more inclusive approach to cyber governance. Iran’s calls for legally binding international rules reflect its desire to shape the normative architecture of cyberspace and assert its sovereign digital identity. Recognising Iran’s normative contributions aligns with constructivism’s emphasis on dialogue, legitimacy, and shared rule-making processes (Azadi. 2022. p. 3).

Confidence-building measures (CBMs)
Constructivism supports the development of shared expectations and trust-building mechanisms to stabilise relationships. U.S. proposals for cyber CBMs’ such as bilateral or regional cyber hotlines, incident notification protocols, and transparency mechanisms mirror Cold War-era tools designed to prevent misperception and escalation. These measures reflect a constructivist understanding that mutual perceptions, rather than raw capabilities alone, drive conflict dynamics in cyberspace (Borghard & Lonergan. 2018. p. 11).

Strategic communications
Constructivist-informed strategies also focus on shaping narratives and contesting meaning. Through institutions such as the U.S. Global Engagement Center (GEC), Washington counters Iranian disinformation and ideological messaging by promoting alternative narratives grounded in liberal democratic values. This form of narrative engagement seeks not only to rebut specific claims but to delegitimize Iran’s self-ascribed role as the voice of the oppressed, thereby undermining the foundational narratives that guide its foreign and cyber policy (Ruppe & Walker. 2024. p. 34). These approaches aim to de-escalate conflict by reshaping narratives and engaging with Iran's identity. Critics argue they may be slow to yield results and ineffective without credible deterrence (Gallagher, 2013).

Assessing Intentions

Realists interpret Iran’s intentions as offensive and antagonistic, viewing its use of cyber tools such as sabotage, espionage, and power projection, as a means to inflict substantial harm on adversaries’ domestic infrastructure while compensating for its lack of conventional military or geostrategic superiority (Siboni, Abramski & Sapir. 2020. 79). This logic underpins punitive responses like sanctions and cyber counterattacks.

Constructivists argue that intent is shaped by self-perception and historical narrative. Iran sees its actions as resistance, not aggression (Nia. 2011. p. 281). Therefore, grasping Iran’s security outlook requires more than just accounting for material capabilities, it demands attention to nonmaterial factors such as identity coherence, legitimacy concerns, national narratives, and emotional drivers. Recognizing this identity-based logic enables more calibrated responses that engage with underlying causes rather than just surface-level symptoms (Cingoz, Ozkan, Alkan & Izol. 2024. p. 2).

Managing Conflict Escalation
Realism emphasizes deterrence through credible threats and proportionate retaliation. The 2019 U.S. cyberattack on Iran’s missile systems exemplifies this logic demonstrating escalation control through a limited, targeted response. While persistent and continuous cyber operations against Iranian networks may appear escalatory, their strategic intent is to manage conflict within a controlled framework. The objective is not to provoke full-scale confrontation, but to establish a stable environment of competitive signaling that avoids direct armed conflict (Schulze, Kerscher & Bochtler. 2020. p. 8).

Constructivism views international conflict not merely as a product of material interests, but as deeply rooted in the social structures of meaning and interpretation. Conventional constructivists emphasize the structuring power of norms, how widely accepted standards of appropriate behavior shape and constrain state actions. In contrast, critical constructivists delve deeper into how these norms are both shaped by and shape specific social contexts, making them dynamic and contested. From this perspective, escalation in international politics often arises not from deliberate aggression but from norm clashes and misperceptions. What one state views as a symbolic or defensive act may be perceived by another as hostile or provocative. As a result, misinterpretation can lead to conflict spirals. Constructivists argue that avoiding such outcomes requires dialogue, mutual understanding, and the reframing of narratives to realign interpretations and de-escalate tensions (Wiener & Puetter. 2009. p. 8). However, the theory of protracted social conflict emphasizes that conflicts rooted in identity, such as ethnic, religious, or cultural affiliations, are particularly resistant to resolution. These conflicts persist because the involved groups perceive existential threats to their identity, leading to heightened tensions even in the absence of direct provocations (Ramsbotham. 2005. p. 114).

Diplomatic Signals and Redline Credibility

In Thomas C. Schelling’s Arms and Influence, he emphasises that clear signalling is crucial for effective deterrence and escalation management and that ambiguity in communication can lead to misinterpretation by adversaries, potentially resulting in unintended escalation (Schelling. 1966. p. 56). Schelling argues that when redlines are ambiguous or poorly communicated, adversaries may misinterpret the defender’s resolve or intentions and a miscalculation as such could increase the risk of escalation, potentially leading to conflicts that could have been avoided through more effective signaling (Schelling. 1966. p. 35). Constructivists argue redlines work only if perceived as legitimate by both sides. Inconsistent enforcement can damage normative authority and trust among allies (Finnemore & Sikkink. 1998. p. 912). The failure to respond to Syria’s 2013 use of chemical weapons, despite President Obama’s 2012 warning, undermined U.S. deterrence, signaled weakened resolve to allies, and emboldened adversaries (Tuygan. 2016).

Conclusion

Realism and constructivism offer distinct but complementary lenses for understanding and responding to Iran’s cyber threats. Realism emphasizes deterrence, coercion, and alliance-building to counter material threats. Constructivism highlights the importance of identity, ideology, and perception in shaping behavior. While realism offers clarity and decisive action, it risks escalation. Constructivism promotes long-term engagement but may lack the urgency needed for deterrence. A combined strategy leveraging deterrent power while addressing ideological narratives may offer the most effective path forward for managing cyber conflict and maintaining international stability.

Chapter 4. Divergent Theoretical Interpretations of Global Cyber Norms and Governance.

Introduction

The growing influence of Iran’s cyber operations on global policy has led to distinct interpretations under the theoretical frameworks of Realism and Constructivism. Both frameworks provide valuable insights into how states perceive and respond to cyber threats, yet they lead to divergent understandings and policy outcomes. Realism emphasizes power dynamics, security, and state interests in an anarchic international system, where states act to maximize their security and ensure survival. Realist perspectives interpret Iran’s cyber activities as strategic moves to assert power, protect national sovereignty, and balance against adversarial states, particularly in the context of its geopolitical rivalry with the West. From a realist standpoint, cyber threats are primarily about maintaining strategic advantage and deterring adversaries through robust defense mechanisms and offensive capabilities.

In contrast, Constructivism focuses on the role of ideational factors, such as identity, norms, and shared meanings, in shaping state behavior. Constructivists argue that Iran’s cyber actions are not solely driven by material interests but by deeper motivations rooted in its ideological and historical narratives. Iran’s cyber strategy, from a Constructivist viewpoint, represents a symbolic assertion of sovereignty and resistance against perceived Western dominance. For Constructivists, understanding cyber behavior requires recognizing the narratives and identities that drive state actions. This includes the framing of cyberspace as a domain where states, particularly those marginalized or excluded from global governance structures, project their values, challenge hegemonic powers, and redefine their international status.

Realism vs Constructivism: A Dual-Lens Analysis

Under a realist framework, Iran’s cyber activities are seen as calculated efforts to offset its conventional military inferiority by leveraging asymmetric cyber capabilities. Realist theorists argue that Iran’s high-profile operations, such as the Shamoon malware attack, Operation Ababil, and intrusions into U.S. critical infrastructure, reflect rational strategies designed to undermine superior Western powers and safeguard national interests. These operations, aimed at economic and political disruption, align with Realist theories that view state behavior as a response to power imbalances and security concerns in an anarchic international system (Waltz. 1979. p. 109). Realists interpret these acts as a direct challenge to Western hegemony, necessitating robust countermeasures such as cyber resilience programs, preemptive offensive doctrines, economic sanctions, and enhanced alliance coordination among like-minded states to manage this growing cyber threat.

In contrast, Constructivism interprets Iran’s cyber behavior through the lens of identity, ideology, and historical experience. Rather than being purely tactical, Iran’s cyber capabilities are deeply intertwined with the regime’s ideological commitments. These operations serve as symbolic assertions of sovereignty and resistance, reflecting Iran’s revolutionary identity formed during the 1979 Islamic Revolution (Nia. 2011. p. 281). Constructivist scholars emphasize that Iran views itself as a morally justified actor, resisting perceived Western domination. From this perspective, policy responses should prioritize engagement with Iran’s historical grievances and identity-based narratives through diplomatic dialogue, norm promotion, and inclusion in multilateral cyber governance frameworks. While both Realism and Constructivism acknowledge Iran’s cyber strategy has global implications, they offer divergent interpretations and policy prescriptions, resulting in distinct approaches to managing cyber conflict and international security.

United States: Strategic Deterrence and Infrastructure Defense

The United States’ response to Iran’s cyber capabilities is firmly rooted in a realist framework that emphasizes deterrence, infrastructure resilience, and the strategic use of sanctions. This orientation reflects a perception of cyberspace as an extension of the anarchic international system where power and security dictate state behaviour. One prominent manifestation of this realist approach is the establishment of the Cybersecurity and InfrastructureSecurity Agency (CISA) in 2018. CISA was tasked with enhancing national resilience against foreign cyber threats by prioritizing the protection of critical infrastructure, supporting information-sharing initiatives, and promoting proactive defensive measures rather than engaging adversaries through normative dialogue (CISA. 2022). Moreover, the issuance of Executive Order 13694 by President Barack Obama in 2015 marked a critical policy development that further solidified this stance. The order authorised the use of targeted sanctions against individuals and entities responsible for significant malicious cyber-enabled activities that threatened U.S. national security, foreign policy, or economic stability (U.S. Department of State. 2025). This legal instrument has since served as the basis for numerous punitive measures, especially against Iranian cyber actors. For instance, in 2024, the U.S. Treasury imposed sanctions on hackers affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), citing credible evidence of cyber intrusions aimed at manipulating water supply systems and disrupting public utilities an operation designed to exploit perceived vulnerabilities and exert significant coercive and psychological pressure ((2) U.S. Department of the Treasury. 2024). These responses underscore the U.S. commitment to strategic deterrence through cyber capacity-building and coercive diplomacy. By focusing on punishment and denial strategies, rather than addressing Iran’s ideological or normative grievances, the United States reinforces a realist logic that perceives state-based cyber threats as material risks requiring decisive and securitized countermeasures (Lindsay & Gartzke. 2016. p. 22).

European Union: Normative Development and Diplomacy

The European Union’s approach to cybersecurity governance reflects a constructivist orientation, prioritizing the development of international norms, collective identity, and institutional diplomacy over unilateral coercive responses. Rather than framing cyberspace exclusively as a domain of conflict, the EU views it as a shared space where behavior can be regulated through common rules and cooperative frameworks. This perspective is evident in the creation of the EU Cybersecurity Strategy, which fosters coordination among national cyber authorities and encourages the formation of a collective European cyber identity grounded in mutual trust and legal interoperability (European Commission. 2025). The Rapid Emergency Response Blueprint, introduced in 2017, underscores the EU’s commitment to multilateral crisis coordination and preventive diplomacy in the cyber realm. Rather than focusing solely on deterrence or punitive measures, the blueprint emphasizes structured communication, public-private partnerships, and mutual assistance mechanisms, tools that align closely with constructivist assumptions about the power of norms and institutionalized behavior (European Commission. 2021). Similarly, the EU’s proposals in 2017 for Cyber Diplomacy Toolbox (CDT) promoting resilience, transparency, and cross-border cooperation as essential elements of security (Council of the European Union. 2023). In his article The EU Cyber Diplomacy Toolbox in Action for the NATO Cooperative Cyber Defence Centre of Excellence, Samuele De Tomas Colatin highlights a key shift in the EU’s cyber posture with the imposition of cyber-related sanctions in 2020. This marked a move from rhetorical condemnations to legally binding measures. The sanctions targeting actors behind major cyberattacks such as WannaCry and NotPetya were framed not merely as retaliatory responses, but as instruments for reinforcing international legal norms and encouraging responsible state behaviour in cyberspace (Colatin. 2025). The EU's actions reveal a belief that persistent engagement, norm-setting, and diplomacy, rather than military escalation, are the most effective ways to mitigate cyber threats and construct a stable international cyber order.

NATO: Integrating Realist and Legalist Approaches

NATO’s cyber strategy exemplifies a hybrid approach that integrates realist principles of deterrence with constructivist efforts to institutionalize legal norms in cyberspace. The alliance’s formal recognition of cyberattacks as potential triggers for Article 5, its collective defence clause, represents a significant shift toward the securitization of the cyber domain (NATO. 2024). By framing the cyberattack on Albania as a serious breach against a NATO member, the alliance strongly condemned Iran’s actions and underscored the prospect of a collective response. This reflects NATO’s realist stance, where deterrence and alliance credibility remain central to managing strategic threats in an anarchic international system. To reinforce coordination, leaders also announced the first NATO Cyber Defence Conference, that was scheduled in Berlin in November 2023, bringing together key political, military, and technical stakeholders (NATO. 2024). At the same time, NATO’s active sponsorship and endorsement of the Tallinn Manual on the International Law Applicable to Cyber Warfare demonstrates a complementary engagement with constructivist frameworks (NATO. 2023). The Tallinn Manual, developed under the aegis of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE), attempts to clarify how existing international law applies to cyber operations.

This reflects a belief in the power of norms, legal reasoning, and shared interpretations to shape state behavior and reduce ambiguity in a domain often characterized by attribution challenges and legal grey zones. The persistent fog of law underscores the need for continued efforts by states to clarify the rules of engagement (Schmitt. 2021). Until such norms are firmly established, states will face difficulties in defining and responding effectively to incidents like election interference.

United Nations: Global Norm-Building and Legal Complexity

The United Nations (UN) has positioned itself as a central actor in the normative regulation of cyberspace, guided by constructivist assumptions that global cyber stability is best achieved through the articulation of shared principles, mutual expectations, and cooperative dialogue. This is exemplified in the 2021 report of theUN Group of Governmental Experts (GGE), which emphasized the responsibilities of states in cyberspace and outlined voluntary, non-binding norms of responsible state behavior. The report stressed transparency, accountability, and respect for sovereignty as foundational elements for maintaining peace and security in the digital realm (UNGA. 2021). This reflects a constructivist belief that international order in cyberspace can be cultivated through the internalization of norms rather than relying solely on deterrence or coercive capacity. However, despite this normative progress, significant challenges persist particularly with regard to enforcement and attribution, both of which undermine the effectiveness of international legal mechanisms. The case of the Shamoon cyberattack against Saudi Aramco in 2012 illustrates the difficulty of attributing responsibility with sufficient certainty to trigger formal international responses. Although widely suspected to have originated from Iranian-linked actors, legal attribution remains one of the primary challenges in defending against cyber operations at the international level (Spacil. 2024. p. 151). Effective attribution requires detailed information about the attacker, the operation, and its broader context, as cyberattacks offer significantly greater anonymity than conventional kinetic actions. The lack of universally accepted technical and legal standards further complicates attribution, often obstructing punitive or diplomatic responses in multilateral forums (Spacil. 2024. p. 151). Furthermore, existing legal instruments such as the Budapest Convention on Cybercrime while serving as a key treaty for transnational cooperation face legitimacy concerns due to limited participation by major non-Western states, including Iran, China, and Russia, who often perceive it as normatively biased or exclusionary (Smalley. 2024). As a result, the UN’s efforts toward cyber norm-building remain aspirational in many respects, hampered by geopolitical fragmentation, divergent legal cultures, and the evolving nature of cyber threats that outpace institutional adaptation.

The Shamoon Attack: A Catalyst for Policy and Norm Change

The 2012 Shamoon attack on Saudi Aramco marked a significant escalation in cyber conflict. Believed to be retaliatory for the Stuxnet operation, Shamoon destroyed over 30,000 computers and temporarily crippled the world’s largest oil company. The implications of the Shamoon attack extended well beyond its immediate technical damage, generating a ripple effect in global risk assessments among critical service providers. In particular, it intensified already fragile cyber tensions between the United States and Iran causing U.S. Defense Secretary Leon Panetta to describe Shamoon as very sophisticated, expressing tremendous concern about the potential for the use of that kind of tool, and emphasized that there are only a few countries in the world that have that capability (Bronk. 2013. p. 4). His remarks underscored Washington’s growing apprehension that Iran’s cyber arsenal had reached a level capable of threatening both national and transnational infrastructure systems. The response was bestowing to realism in that the U.S adopted Executive Order 13636 in 2013, issued DHS alerts, and hardened energy sector cybersecurity (The White House Office of the Press Secretary. 2013). The constructivist implication is that discourse on international norms in cyberspace should align with those enshrined in the 2001 UN Charter. By signing the UN Charter, states commit to respecting the sovereignty of others and accepting responsibilities, including preventing harm to other states. This includes protecting critical national and international infrastructures from cyber threats and mitigating collective risks posed by malicious activities. A series of diplomatic negotiations within the UN Governmental Group of Experts (GGE), established under the UN General Assembly, has focused on these issues (Hathaway. 2017. pg. 2). Saudi Arabia responded with the creation of a National Cybersecurity Authority (NCA), which offers services including ExternalEvaluations, InformationEnrichment and RiskAssessment Management, reflecting a regional shift towards institutionalized cyber defense with other gulf states following suit with national strategies, underscoring how a single cyber event can realign national security priorities and international regulatory agendas (NCA. 2017).

Conclusion

This chapter has examined the divergent theoretical interpretations of global cyber norms and governance through the lenses of realism and constructivism, highlighting how these frameworks yield fundamentally different understandings of state behavior, institutional priorities, and normative evolution in cyberspace. From a realist perspective, global cyber governance is seen as an extension of geopolitical competition, where states seek to preserve sovereignty, maintain strategic superiority, and resist normative constraints that may limit their freedom of action. Institutions like NATO and national entities such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are emblematic of a realist emphasis on deterrence, coercive capability, and infrastructure defense. In this view, norms serve primarily as tools of strategic communication or soft power rather than as genuine mechanisms for altering state behavior.

By contrast, constructivism foregrounds the ideational and normative foundations of cyber governance, stressing the role of identity, shared understandings, and multilateral dialogue in shaping cyberspace order. The European Union, the United Nations, and the Tallinn Manual process illustrate how states and institutions actively participate in norm entrepreneurship, seeking to construct rules-based frameworks grounded in common principles and legal interpretations. For constructivists, norms are not merely instruments of power but constitutive forces that redefine interests and legitimate certain behaviors over others. The chapter reveals that global cyber governance is not a singular or static enterprise, but rather a contested and evolving arena where competing logics, material versus ideational, continuously interact. While realism explains the persistence of power struggles, attribution skepticism, and institutional fragmentation, constructivism offers insight into the slow but ongoing institutionalization of norms, values, and cooperative practices. Understanding this theoretical divergence is essential for anticipating how global cyber norms may evolve and why certain governance initiatives succeed or fail. Ultimately, the interplay between realist and constructivist paradigms underscores that cyber governance is shaped as much by the distribution of power as by the distribution of meaning. Effective analysis and policymaking must therefore account for both material constraints and normative aspirations in navigating the complexities of global cyber security.

Chapter 5. Iran's Response to Criticism of Its Cyberspace Activities.

Introduction

Iran has consistently denied accusations of involvement in cyber warfare, often portraying itself as a victim rather than an aggressor. It frames its strict controls over the internet and its cybersecurity measures as essential to national security and sovereignty. In 2015, General Yahya Rahim Safavi emphasized the urgency of enhancing Iran's technological capabilities to counter cyber threats posed by adversaries with advanced IT infrastructure stressing the importance of proactive defense, urging Iranian institutions to adopt a preemptive approach by monitoring evolving threats and developing robust cyber response strategies (IRNA. 2015). Safavi stressed that ensuring Iran's cyber resilience would require investment in domestic expertise, development of robust security frameworks, and long-term strategic planning (IRNA. 2015). During a United Nations Security Council session on cybersecurity in June 2024, Iranian representatives reiterated their position, arguing that Iran is more often a target of cyberattacks than a perpetrator (Ahmadi. 2024). Mr. Sattar Ahmadi, First Counselor and Representative of Iran, dismissed accusations of cyberattacks on Albania and Israel, attributing Albania’s cyber issues to the MKO terrorist group and accusing Israel of cyber aggression masked as victimhood. Iran characterized these allegations as politically motivated and absurd (Ahmadi. 2024). Similarly, in response to accusations of interfering in U.S. elections, Iran’s UN delegation rejected the claims calling them, unsubstantiated and devoid of any standing, adding to the Iranian’s long-standing role of victimization by foreign cyber operations (Iran International. 2024). This pattern of denial and counter-accusation characterizes Iran’s broader rhetorical strategy. The delegation cited the Stuxnet incident, widely attributed to the U.S. and Israel, as a key example of cyber aggression aimed at undermining Iran’s sovereignty (Ahmadi. 2024). Iran argues that such attacks violate international law and demonstrate the absence of effective global governance in cyberspace. Iranian officials consistently frame the country as a target of hostile action, using this narrative to justify its cyber policies as defensive measures to uphold national security and sovereignty (Swenson. 2024). Ambassador Mr. Amir Saeid Iravani, Permanent Representative of Iran to the UN Security Council on 20 June 2024 at an agenda pertaining to evolving threats in cyberspace, underscored that Iran has been a principal target and victim of repeated cyberattacks which have significantly disrupted essential public services and government functions (Iravani. 2024). He highlighted the Stuxnet and Duqu incidents against Iran’s nuclear program and noted additional attacks on key industrial sectors, including steel, petrochemicals, and fuel distribution systems (Iravani. 2024). Ambassador Iravani continued that states are primarily responsible for Information Communication and Technology (ICT) security and must lead in shaping global governance without compromising sovereignty. Binding international norms are urgently needed to address legal gaps exploited by malicious actors. ICTs must not be used coercively or to undermine other states, and platforms must be held accountable. The UN, through the OEWG, should establish enforceable rules to ensure cyberspace remains peaceful (Iravani. 2024). Understanding Iran’s cyber conduct and its responses to international criticism can be interpreted through two theoretical lenses in international relations: realism and constructivism. Each provides a distinct framework for analyzing Iran’s motives and behavior.

Realist Framework: National Security, Power Politics, and Cyber Sovereignty

Realism, as a theoretical framework, emphasizes that states must prioritize their own survival and security in an anarchic international system where no overarching authority exists. This self-interested behavior is often manifest through strategic competition, where power dynamics and the security dilemma define interactions between states. In the case of cyberspace, realist scholars such as Craig and Valeriano (2018) argue that cyberspace is an extension of traditional power politics, where the strategic use of cyber capabilities becomes an important tool for both deterrence and asserting national interests (Craig & Valeriano. 2018). Iran’s approach to cyber operations, according to this framework, is a calculated response to its historical vulnerabilities and military inferiority. Asymmetric warfare, including cyber capabilities, serves as an effective means for Iran to project power without engaging in direct conventional conflict, as it faces far stronger military adversaries like the United States. Iran’s cyber strategy has evolved in response to specific moments of perceived vulnerability, such as the 2009 election protests and the 2010 Stuxnet cyberattack (INSS. 2024. p. 29). The latter, a cyber-attack widely attributed to the U.S. and Israel, highlighted the country’s vulnerabilities in critical infrastructure and galvanized its efforts to develop robust cyber capabilities. The Institute for National Security Studies (INSS) in a 2024 report notes that Iran’s cyber posture aligns with a broader strategic culture that emphasizes ambiguity, deniability, and the use of indirect tactics to confront perceived threats (INSS. 2024. p. 29).

From a realist perspective, these actions are rational adaptations to a hostile geopolitical environment, driven by the need for self-preservation and the desire to level the playing field in the digital domain. Iran’s move from defensive to offensive cyber operations, as highlighted by the creation of new cyber units under the Islamic Revolutionary Guard Corps (IRGC), demonstrates the shift toward using cyber capabilities for retaliation and deterrence. Furthermore, Iran’s cyber efforts align with realist concepts of power projection, as cyber espionage, sabotage, and the development of cyber weapons all serve as means to safeguard its national interests. As Mark Tehrani (2024), researcher of Quantum Cybersecurity Analytics argues, these actions reflect the natural outcomes of states competing for power in the digital space (Tehrani. 2024). Scholars such as Mark Grzegorzewski, Michael Spencer, and Ken Brown (2022) argue that Iran follows a defensive realist logic, emphasizing security over territorial expansion or conquest (Grzegorzewski, Spencer & Brown. 2022). Iran’s advocacy for international norms that call for non-intervention in cyberspace further reflects its desire to limit adversaries’ ability to freely operate in cyberspace, thereby enhancing its own cyber sovereignty. This strategy, in line with realist thought, seeks to mitigate external threats while reinforcing Iran’s position in the digital age.

Constructivist Framework: Identity, Norms, and Perceptions in Cyberspace

Constructivism offers a contrasting view by emphasizing identity, norms, and subjective perceptions. Constructivists argue that state interests are socially constructed through interactions and collective meanings, not determined solely by material capabilities (Adler. 1997. p. 324). Iran’s self-image as the vanguard of the Islamic Revolution and its historical experiences of colonialism, the 1979 Revolution, and the Iran-Iraq War helped shape its strategic behavior. As noted in U.S. State Department and academic analyses, Iran’s worldview is rooted in themes of resistance, self-reliance, and suspicion of Western hegemony (U.S. Department of State. 2008). The Marine Corps University's Journal of Advanced Military Studies notes that Iranian strategic culture is built upon a long history of both imperial achievement and experiences of persecution and victimization, which have influenced its national identity and strategic behavior (Parchami. 2022. p. 10). Similarly, Michael Eisenstadt (2015) argues that Iran’s strategy blends symbolic resistance with indirect force, shaped by its revolutionary identity. Prioritizing psychological operations and proxy warfare over direct conflict, Iran uses a deterrence triad of missiles, proxies, and guerrilla naval tactics to assert influence. Its approach reflects not just strategic calculation but a constructed self-image of defiance and ideological struggle (Eisenstadt. 2015). Melinda Cohoon (2022) explains that Iran sees the open internet as a threat to its Islamic values and regime stability, a conduit for the spread of foreign ideas, culture, and influences. In response, Iran’s cyber strategy is oriented towards information control, which Cohoon calls a soft war strategy of censorship, propaganda, and selective connectivity (Cohoon. 2022. p. 1). Hence, Iran pursues a cyber strategy centered on information control, including censorship, propaganda, and attempts to build a National Information Network. Iran's domestic policies, like social media bans and surveillance infrastructure, are driven not only by regime security but also by a desire to protect cultural identity. Constructivist interpretations argue that such policies are rooted in Iran’s normative vision of a sovereign Islamic order. Internationally, Iran uses its identity narrative to deflect criticism. Rather than engaging purely on legal or technical grounds, it invokes moral arguments against perceived Western hypocrisy. Constructivists see Iran’s offensive cyber actions as norm-driven, cast as justifiable resistance in support of oppressed peoples or sovereign autonomy. Through this lens, cyber warfare is not only a tool of deterrence but also a symbol of Iran’s broader struggle to maintain its sovereignty and ideological integrity against external pressures. This approach highlights the dual nature of Iran's cyber posture, one that is both pragmatic and ideologically motivated, rooted in historical narratives and deeply ingrained political ideologies.

Conclusion: Integrating Realist and Constructivist Frameworks for Superior Policy Solutions.

This dissertation provides a critical examination of Iran’s cyber capabilities through the dual lenses of Realism and Constructivism, offering a comprehensive assessment of how threat perceptions are constructed and operationalized in the context of international cybersecurity. By analyzing Iran’s cyber activities, it becomes evident that the perception of Iran’s cyber threat is not an objective reality, but a deeply subjective phenomenon shaped by both material interests and ideational factors. Realism and Constructivism offer complementary insights that, when integrated, provide a more complete understanding of the dynamics at play and offer superior policy solutions.

Realism interprets Iran’s cyber actions as strategic responses to security pressures, where cyber operations serve as tools for power projection and deterrence against adversaries. This framework highlights the material aspects of Iran’s cyber strategy, including its low-cost, high-impact nature, and its ability to disrupt the economic and political infrastructure of stronger states like the U.S. Realist-informed policies advocate for stronger deterrence mechanisms, including enhanced cyber defenses, retaliatory operations, and international sanctions aimed at altering Iran’s cost-benefit calculations and limiting its ability to carry out further cyber-attacks.

In contrast, Constructivism underscores the importance of identity, history, and ideology in shaping Iran’s actions. By viewing cyber operations as expressions of Iran’s revolutionary identity and resistance to perceived Western marginalization, Constructivism reveals the ideological motivations driving Iran’s behavior in cyberspace. This perspective suggests that addressing Iran’s cyber activities requires more than punitive measures; it calls for diplomatic engagement, international norm-building, and recognition of Iran’s grievances, which have shaped its cyber posture. By engaging with these ideational motivations, policies can address the root causes of conflict, reducing the likelihood of escalation and fostering long-term stability.

Integrating both frameworks offers a more balanced, nuanced approach to policy formulation. While Realism emphasizes the immediate need for defensive measures and deterrence, Constructivism provides essential insights into the deeper, identity-driven factors that fuel cyber conflict. A hybrid policy approach that combines both aspects, material security measures and diplomatic identity-sensitive engagement, can address both the symptoms and root causes of Iran’s cyber aggression. This approach will be more effective in managing the evolving nature of cyber threats, which are not merely technical but also deeply rooted in social, political, and ideological contexts.

Furthermore, this dissertation illustrates the limitations of traditional deterrence models when applied to cyberspace. Cyber conflict, unlike conventional warfare, is marked by ambiguity, deniability, and asymmetry, making it resistant to purely military or punitive responses. The failure of sanctions and retaliatory measures to significantly curb Iran’s cyber activities highlights the need for a more multifaceted approach. By incorporating Constructivist insights into the policy toolkit, such as engaging with identity-based motivations and promoting multilateral norms, policymakers can foster a more comprehensive response to cyber threats.

In conclusion, Iran’s cyber strategy reflects a complex blend of strategic necessity and ideological resistance. A dual-theoretical approach that synthesizes the insights of both Realism and Constructivism is essential for crafting effective, adaptive policies that address both the material and ideational dimensions of cyber conflict. The integration of these frameworks will enhance global cybersecurity governance, reduce the risk of misperceptions, and build a more resilient international security architecture capable of managing the evolving threats posed by state-sponsored cyber operations. As the global cyber landscape continues to shift, understanding the full spectrum of motivations behind cyber behavior is not only a scholarly imperative but also a practical necessity for achieving lasting peace and stability in the digital age.

Reference:

Adler, E. (1997) ‘Seizing the Middle Ground: Constructivism in World Politics’ [online] Available: https://www.academia.edu/19495313/Seizing_the_Middle_Ground_Constructivism_in_World_Politics (Accessed: March 8, 2025)

Ahmadi, S. (2024) ‘Right of Reply to Anti-Iran Allegations During UNSC Session on Cybersecurity’ [online] Available: https://newyork.mfa.ir/portal/newsview/748245/Right-of-Reply-to-Anti-Iran-Allegations-During-UNSC-Session-on-Cybersecurity (Accessed: February 15, 2025)

Alperovitch, D. (2021) ‘The Case for Cyber-Realism, Geopolitical Problems Don’t Have Technical Solutions’ Foreign Affairs. [online] Available: https://www.foreignaffairs.com/articles/united-states/2021-12-14/case-cyber-realism (Accessed: February 3, 2025)

Anderson, C. & Sadjadpour, K. (2018) ‘Iran’s Cyber Threat: Espionage, Sabotage, and Revenge’ Carnegie Endowment for International Peace. [online] Available: https://carnegieendowment.org/research/2018/01/irans-cyber-threat-espionage-sabotage-and-revenge?lang=en (Accessed: March 6, 2025)

Azadi, N. (2022) ‘Informal Plenary Meeting of the CD On Cyber Security and International Cooperation’. Statement by Mr. Nabi Azadi Representative of the Islamic Republic of Iran

Before The Informal Plenary Meeting of the CD On Cyber Security and International Cooperation. [online] Available: https://geneva.mfa.gov.ir/portal/newsview/699158/Informal-Plenary-Meeting-of-the-CD-On-Cyber-Security-and-International-Cooperation (Accessed: April 24, 2025)

Baezner, M. (2019) ‘Hotspot Analysis: Iranian cyber-activities in the context of regional rivalries and international tensions’ Center for Security Studies. Cyber Defense Project. [online] Available: https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/20190507_MB_HS_IRN%20V1_rev.pdf (Accessed: April 12, 2025)

Bloor, K. (2022) ‘Theories of Global Politics’. E-International Relations. [online] Available: https://www.e-ir.info/2022/05/15/theories-of-global-politics/? (Accessed: May 9, 2025)

Borghard, E.D. & Lonergan, S.W. (2018) ‘Confidence Building Measures for the Cyber Domain’ Strategic Studies Quarterly. [online] Available: https://www.jstor.org/stable/pdf/26481908.pdf?refreqid=fastly-default%3A84d21e871261584c02a49d8d42422cb5&ab_segments=&initiator=&acceptTC=1 (Accessed: April 25, 2025)

Bronk, C. & Tikk-Ringas, E. (2013) ‘Hack Or Attack? Shamoon And The Evolution Of Cyber Conflict’ James A. Baker Iii Institute For Public Policy RiceUniversity. [online] Available: https://www.researchgate.net/publication/256064800_Hack_or_Attack_Shamoon_and_the_Evolution_of_Cyber_Conflict (Accessed: April 10, 2025)

Campbell, R.J. (2015) ‘Cybersecurity Issues for the Bulk Power System’ Congressional Research Service. [online] Available: https://sgp.fas.org/crs/misc/R43989.pdf (Accessed: April 15, 2025)

Cingoz, M. Ozkan, F. Alka, Y.S. & Izol, R. (2024) ‘Iran’s axis of resistance through the lens of ontological security’. Third World Quarterly. Routledge Taylor and Francis Group. [online] Available: https://www.researchgate.net/publication/384097258_Iran's_axis_of_resistance_through_the_lens_of_ontological_security (Accessed: March 5, 2025)

CISA. (2022) Cybersecurity and Infrastructure Security Agency overview. Washington, DC: U.S. Department of Homeland Security. [online] Available: https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia#:~:text=Background%20on%20CIRCIA,to%20warn%20other%20potential%20victims. (Accessed: April 21, 2025)

CISA. (2024) ‘Partnerships and Collaboration’ Cybersecurity & Infrastructure Security Agency. [online] Available: https://www.cisa.gov/topics/partnerships-and-collaboration (Accessed: April 11, 2025)

Clarke, R. (2016). 'The risk of cyber war and cyber terrorism'. Journal of International Affairs, Vol 70 Issue 1. [online] Available: https://jia.sipa.columbia.edu/news/risk-cyber-war-and-cyber-terrorism (Accessed: December 3, 2024)

Cohoon, M. (2022) ‘Information Controls in Iranian Cyberspace: A Soft War Strategy’. Arab Center for Research & Policy Studies. [online] Available: https://www.dohainstitute.org/en/PoliticalStudies/Pages/information-controls-in-iranian-cyberspace-a-soft-war-strategy.aspx#:~:text=While%20the%20Islamic%20Republic%20of,In%20addition (Accessed: April 19, 2025)

Conteh-Morgan, E. (2005) ‘Peacebuilding And Human Security: A Constructivist Perspective’. International Journal of Peace Studies. Vol 10, Number 1. [online] Available: https://www3.gmu.edu/programs/icar/ijps/vol10_1/Conteh-Morgan_101IJPS.pdf (Accessed: May 17, 2025)

Council of the European Union. (2023) ‘Rev Implementing Guidelines Of The Cyber Diplomacy Toolbox’. [online] Available: https://data.consilium.europa.eu/doc/document/ST-10289-2023-INIT/en/pdf (Accessed April 17, 2025)

Council on Foreign Relations. (2010) ‘Stuxnet’ Council on Foreign Relations. [online] Available: https://www.cfr.org/cyber-operations/stuxnet (Accessed: December 14, 2024)

(1) Council on Foreign Relations. (2012) ‘Compromise of Saudi Aramco and RasGas’ Council on Foreign Relations. [online] Available: https://www.cfr.org/cyber-operations/compromise-saudi-aramco-and-rasgas (Accessed: January 11, 2025)

(2) Council on Foreign Relations. (2012) ‘Denial of service attacks against U.S. banks in 2012–2013’ Cyber Operations. [online] Available: https://www.cfr.org/cyber-operations/denial-service-attacks-against-us-banks-2012-2013 (Accessed: April 15, 2025)

Craig, A & Valeriano, B. (2018) ‘Realism and Cyber Conflict: Security in the Digital Age’. E-International Relations. [online] Available: https://www.e-ir.info/2018/02/03/realism-and-cyber-conflict-security-in-the-digital-age/ (Accessed: April 19, 2025)

Daragahi, B. (2023) ‘Iran is using its cyber capabilities to kidnap its foes in the real world’ Atlantic Council. [online] Available: https://www.atlanticcouncil.org/blogs/iransource/iran-cyber-warfare-kidnappings/? (Accessed: February 27, 2025)

Eisenstadt, M. (2015) ‘The Strategic Culture of the Islamic Republic of Iran: Religion, Expediency, and Soft Power in an Era of Disruptive Change’ . The Washington Institute for Near East Policy. [online] Available: https://www.washingtoninstitute.org/policy-analysis/strategic-culture-islamic-republic-iran-religion-expediency-and-soft-power-era (Accessed: April 19, 2025)

Eisenstadt, M. (2016) ‘Iran’s Lengthening Cyber Shadow’ Research Notes. The Washington Institute for Near East Policy. No. 34. [online] Available: https://www.washingtoninstitute.org/sites/default/files/pdf/ResearchNote34_Eisenstadt.pdf (Accessed: January 9, 2025)

Eriksson, J & Giacomello, G. (2006) ‘The Information Revolution, Security, and International Relations: (IR)relevant Theory?’. International Political Science Review (2006), Vol 27, No. 3, 221–244. [online] Available: https://journals.sagepub.com/doi/epdf/10.1177/0192512106064462 (Accessed: May 17, 2025)

European Commission. (2021) ‘Commission Recommendation (Eu) 2021/1086 of 23 June 2021 on building a Joint Cyber Unit’. Official Journal of the European Union. [online] Available: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021H1086#:~:text=This%20existing%20architecture%20includes%2C%20on,by%20cyber%20threats%20and%20incidents. (Accessed: April 17, 2025)

European Commission. (2025) ‘Cybersecurity Policies’ [online] Available: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-policies#ecl-inpage-policy-guidance (Accessed: February 11, 2025)

Falcone, R. (2016) ‘Shamoon 2: Return of the Disttrack Wiper’ Unit 42 Global Incident Response Report. [online] Available: https://unit42.paloaltonetworks.com/unit42-shamoon-2-return-disttrack-wiper/ (Accessed: April 9, 2025)

FBI. (2024) ‘Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts’ The Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA). [online] Available: https://www.fbi.gov/news/press-releases/joint-odni-fbi-and-cisa-statement-on-iranian-election-influence-efforts (Accessed: February 20, 2025)

Ferner, J. (2025) ‘Iran’s cyber capabilities and hackers’. German Lawyer in Criminal Defense & IT Law. [online] Available: https://www.ferner-alsdorf.com/irans-cyber-capabilities-and-hackers/? (Accessed: May 19, 2025)

Finnemore, M. & Sikkink, K. (1998) ‘International Norm Dynamics and Political Change’ International Organization, Vol. 52, No. 4, International Organization at Fifty:

Exploration and Contestation in the Study of World Politicspp. 887-917Published by: The MITPress. [online] Available: https://www.jstor.org/stable/2601361?seq=1 (Accessed: February 17, 2025)

Fixler, A & Cilluffo, F. (2018) ‘Evolving Menace: Iran’s Use of Cyber-Enabled Economic Warfare’ Executive Summary [online] Available: https://www.fdd.org/analysis/2018/11/06/evolving-menace/ (Accessed: March 1, 2025)

Freilich, C.D. Cohen, M.S & Siboni, G. (2023) ‘The Iranian Cyber Threat’ Israel and the Cyber Threat: How the Startup Nation Became a Global Cyber Power. [online] Available: https://academic.oup.com/book/46512/chapter-abstract/407860773?redirectedFrom=fulltext (Accessed: March 2, 2025)

Freilich, C. (2024) ‘ The Iranian Cyber Threat’ Institute for National Security Studies. [online] Available: https://www.inss.org.il/wp-content/uploads/2024/02/Memo230_IranianCyberThreat_ENG_digital.pdf (Accessed: March 6, 2025)

Gallagher, A.E. (2013) ‘Constructing Constructivist Change in the Iranian-U.S. Relationship’ Tropics of Meta. Historiography for the Masses. [online] Available: https://tropicsofmeta.com/2013/05/28/constructing-constructivist-change-in-the-iranian-u-s-relationship/ (Accessed: February 17, 2025)

Givens, A. PhD. Sanders, N. and Douglas, C.J. (2022) ‘Forecasting Iranian Government Responses to Cyber-attacks’ Marine Corps University Press. [online] Available: https://www.usmcu.edu/Outreach/Marine-Corps-University-Press/MCU-Journal/JAMS-vol-13-no-1/Forecasting-Iranian-Government-Responses-to-Cyberattacks/ (Accessed: January 20, 2025)

Grzegorzewski, M. Spencer, M. & Brown, K. (2022) ‘In Search of Security: Understanding the Motives Behind Iran’s Cyber-Enabled Influence Campaigns’. Modern War Institute at West Point. [online] Available: https://mwi.westpoint.edu/in-search-of-security-understanding-the-motives-behind-irans-cyber-enabled-influence-campaigns/ (Accessed: April 19, 2025)

Hardie, J. & Fixler, A. (2021) ‘Russia-Iran cooperation poses challenges for US cyber strategy, global norms’ C4ISRNET [online] Available: https://www.c4isrnet.com/thought-leadership/2021/02/08/russia-iran-cooperation-poses-challenges-for-us-cyber-strategy-global-norms/ (Accessed: January 29, 2025)

Hathaway, M. (2017) ‘Getting beyond Norms: When Violating the Agreement Becomes Customary Practice’. National Security Standards. Centre for International Governance Innovation. [online] Available: https://www.cigionline.org/publications/getting-beyond-norms-when-violating-agreement-becomes-customary-practice/ (Accessed: April 17, 2025)

Huber, M.E. (2020) ‘The Franco-German Relationship: From Animosity to Affinity’ Beyond Intractability. [online] Available: https://www.beyondintractability.org/casestudy/huber-franco-german-relationship (Accessed: February 17, 2025)

IISS. (2021) ‘Cyber Capabilities and National Power: A Net Assessment’ International Institute for Strategic Studies. [online] Available: https://www.iiss.org/globalassets/media-library---content--migration/files/research-papers/cyber-power-report/cyber-capabilities-and-national-power---iran.pdf (Accessed: December 14, 2024)

INSS. (2024) ‘Part 2: Iran’s Cyber Strategy, Institutions, and Capabilities’. [online] Available: https://www.inss.org.il/wp-content/uploads/2024/02/Part-2.pdf (Accessed: April 19, 2025)

Iran International. (2024) ‘Iran denies US Intelligence report on Trump campaign hack’. Iran International. [online] Available: https://www.iranintl.com/en/202408202479 (Accessed: May 23, 2025)

Iravani, A. (2024) ‘Ambassador's Statement before UNSC Regarding Cybersecurity’. Permanent Mission of the Islamic Republic of Iran. [online] Available: https://newyork.mfa.ir/portal/newsview/748191 (Accessed: May 23, 2025)

IRNA. (2015) ‘Top Iran’s security official underlined failure of repeated cyber-attacks on Iran’

Shia New Association. [online] Available: https://en.shafaqna.com/9748/top-irans-security-official-underlined-failure-of-repeated-cyber-attacks-on-iran/ (Accessed: March 12, 2025)

Jensen, B. & Valeriano, B. (2019) ‘What Do We Know About Cyber Escalation? Observations From Simulations And Surveys’ Atlantic Council. The Scowcroft Center For Strategy and Security. [online] Available: https://www.atlanticcouncil.org/wp-content/uploads/2019/11/What_do_we_know_about_cyber_escalation_.pdf (Accessed: January 4, 2025)

Jones, S.G. & Newlee, D. (2019) ‘The United States’ Soft War with Iran’. Center for Strategic & International Studies. [online] Available: https://www.csis.org/analysis/united-states-soft-war-iran#:~:text=The%20United%20States%27%20Soft%20War,influence%20populations%20across%20the%20globe (Accessed: April 19, 2025)

Jones, S.G. Bermudez, J.S. Newlee, D. & Harrington, N. (2019) ‘Iran’s Threat to Saudi Critical Infrastructure The Implications of U.S.-Iranian Escalation’ Center For Strategic & International Studies. [online] Available: https://www.csis.org/analysis/irans-threat-saudi-critical-infrastructure-implications-us-iranian-escalation (Accessed: February 8, 2025)

Libicki, M.C. (2009) ‘Cyberdeterrence And Cyberwar’. Project Air Force. RAND Corporation Santa Monica, CA. [online] Available: https://www.rand.org/pubs/monographs/MG877.html. (Accessed: January 7, 2025)

Lindsay, J.R. (2013) ‘Stuxnet and the Limits of Cyber Warfare’. Security studies, 22(3), pp. 365–404. Available at: https://doi.org/10.1080/09636412.2013.816122. (Accessed: February 12, 2025)

Lindsay, J. & Gartzke, E. (2016) ‘Coercion through Cyberspace: The Stability-Instability Paradox Revisited’. [online] Available: https://deterrence.ucsd.edu/_files/LindsayGartzke_CoercionThroughCyberspace_DraftPublic1.pdf (Accessed: May 12, 2025)

Lopez-Rodriguez, G. Moreno-Lopez, I & Hernandez-Gutierrez, J.C. (2023) ‘Cyberwarfare against Critical Infrastructures: Russia and Iran in the Gray Zone’ Applied Cybersecurity & Internet Governance. [online] Available: https://www.acigjournal.com/pdf-184301-105059?filename=Cyberwarfare+against.pdf (Accessed: February 27, 2025)

Lupovici, A. (2021) ‘The dual-use security dilemma and the social construction of insecurity’, Contemporary Security Policy, 42(3), pp. 257–285. doi: 10.1080/13523260.2020.1866845. [online] Available: https://www.tandfonline.com/doi/full/10.1080/13523260.2020.1866845#abstract (Accessed: March 9, 2025)

Mearsheimer, J. (2001) ‘The Tragedy of Great Power politics’. [online] Available: https://books.google.com/books?hl=en&lr=&id=lDzCD_C_ipoC&oi=fnd&pg=PR7&ots=4uXX80uXCY&sig=UwXaf_YokT-VUBK5KBd3bw8M1Wc#v=onepage&q&f=false (Accessed: November 25, 2024)

Merriweather, C.A. Jr. Ph.D. (2022) ‘Cybersecurity from a Constructivist, Liberalist, and Realist Lens’ Medium. [online] Available: https://cmerriweatherjr.medium.com/cybersecurity-from-a-constructivist-liberalist-and-realist-lens-9707c08548be (Accessed: March 10, 2025)

Middle East Monitor. (2020) ‘Saudi Aramco sees increase in attempted cyber attacks’ [online] Available: https://www.middleeastmonitor.com/20200206-saudi-aramco-sees-increase-in-attempted-cyber-attacks/ (Accessed: April 8, 2025)

Mohebali. Dr. P. (2017) ‘Identity And Legitimacy: Iran’s Nuclear Ambitions From Nontraditional Perspectives’. [online] Available: https://etheses.whiterose.ac.uk/id/eprint/23715/1/Finalized%20PhD%20Thesis.pdf? (Accessed: May 13, 2025)

Morgan, E. (2024) ‘Eroding Global Stability: The Cybersecurity Strategies Of China, Russia, North Korea, And Iran’. Irregular Warfare Initiative. [online] Available: https://irregularwarfare.org/articles/eroding-global-stability-the-cybersecurity-strategies-of-china-russia-north-korea-and-iran/? (Accessed: May 18, 2025)

Morgenthau, H.J. (1949) ‘Politics Among Nations The Struggle For Power And Peace’ [online] Available: http://slantchev.ucsd.edu/courses/ps240/04%20Conflict%20with%20States%20as%20Unitary%20Actors/Morgenthau%20-%20Politics%20among%20nations%20(selected%20chapters).pdf(Accessed: March 5, 2025)

NCA. (2017) ‘About NCA’. National Cybersecurity Authority. [online] Available: https://nca.gov.sa/en/ (Accessed: April 17, 2025)

NATO. (2023) ‘NATO Centres of Excellence – Cooperative Cyber Defence (CCD COE)’. [online] Available: https://www.act.nato.int/article/nato-centres-of-excellence-cooperative-cyber-defence-ccd-coe/ (Accessed: April 17, 2025)

NATO. (2024) ‘Cyber Defence’. North Atlantic Treaty Organization. [online] Available: https://www.nato.int/cps/en/natohq/topics_78170.htm (Accessed: April 17, 2025)

Nelson, T. & Kettani, H. (2020) ‘Open Source PowerShell-Written Post Exploitation Frameworks Used by Cyber Espionage Groups’ International Conference on Information and Computer Technologies (ICICT) Available: https://ieeexplore.ieee.org/abstract/document/9092030 (Accessed: December 14, 2024)

Nia, M.M. (2011) ‘A Holistic Constructivist Approach to Iran's Foreign Policy’ International Journal of Business and Social Science Vol. 2 No. 4. [online] Available: https://ijbssnet.com/journals/Vol._2_No._4;_March_2011/31.pdf (Accessed: March 8, 2025)

NSA. (2024) ‘Iranian Cyber Actors Access Critical Infrastructure Networks’National security Agency/Central Security Service. [online] Available: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3935330/iranian-cyber-actors-access-critical-infrastructure-networks/ (Accessed: March 9, 2025)

Nye, J.S. & Goldsmith, J.L. (2011) ‘The Future of Power’. Bulletin of the American Academy of Arts and Sciences, SPRING 2011, Vol. 64, No. [online] Available: https://www.academia.edu/23946693/THE_FUTURE_OF_POWER (Accessed: May 6, 2025)

Office of Attorney General. (2016) ‘Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector’ Office of Public Affairs, U.S. Department of Justice. [online] Available: https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged (Accessed: November 26, 2024)

Office of Information Security. (2022) ‘Iranian Threat Actors & Healthcare’ Health Sector Cybersecurity Coordination Center [online] Available: https://www.hhs.gov/sites/default/files/iranian-threat-actors-and-healthcare.pdf (Accessed: December 15, 2024)

Parchami, A. (2022) ‘The Islamic Republic’s Strategic Culture’. Jams, Special Issue on Strategic Culture’Journal of Advanced Military Studies. [online] Available: https://www.usmcu.edu/Portals/218/JAMS_SpecialIssue_StrategicCulture_web.pdf?ver=59lms7WJtPVlGLLGUTO3BA%3D%3D (Accessed: April 19, 2025)

Petallides, C.J. (2012) ‘Cyber Terrorism and IR Theory: Realism, Liberalism, and Constructivism in the New Security Threat’. Inquires Journal of Social Sciences, Arts, & Humanities. [online] Available: http://www.inquiriesjournal.com/articles/627/cyber-terrorism-and-ir-theory-realism-liberalism-and-constructivism-in-the-new-security-threat (Accessed: May 17, 2025)

Pincus, W. (2023) ‘Lessons Learned from Listening to Iran’ The Cipher Brief. [online] Available: https://www.thecipherbrief.com/column_article/lessons-learned-from-listening-to-iran (Accessed: March 1, 2025)

Ramsbotham, O. (2005) ‘The analysis of protracted social conflict: a tribute to Edward Azar’. Review of International Studies. British International Studies Association. [online] Available: https://www.jstor.org/stable/pdf/40072074.pdf (Accessed: April 21, 2025)

Roguski, P. (2020) ‘Iran Joins Discussions of Sovereignty and Non-Intervention in Cyberspace’. Just Security. Digital Law & Policy. [online] Available: https://www.justsecurity.org/72181/iran-joins-discussions-of-sovereignty-and-non-intervention-in-cyberspace/ (Accessed: May 17, 2025)

Roigas, H. & Minarik, T. (2015) ‘2015 UN GGE Report: Major Players Recommending Norms of Behaviour, Highlighting Aspects of International Law’ The NATO Cooperative Cyber Defence Center of Excellence. [online] Available: https://ccdcoe.org/incyder-articles/2015-un-gge-report-major-players-recommending-norms-of-behaviour-highlighting-aspects-of-international-law/ (Accessed: February 28, 2025)

Ruppe, A.E. & Walker, V.S. (2024) ‘The Global Engagement Center: A Historical Overview 2001-2021’. A Special Report by the U.S. Advisory Commission on Public Diplomacy. [online] Available: https://www.state.gov/wp-content/uploads/2024/04/2024GEC-ACPD_DIGITAL-508_FINAL.pdf (Accessed: April 25, 2025)

Schelling, T.C. (1966) ‘The Manipulation of Risk’ Arms and Influence. [online] Available: https://heinonline-org.libezproxy.open.ac.uk/HOL/Page?handle=hein.beal%2Farminfl0001&collection=beal (Accessed: April 28, 2025)

Schmitt, M.N. (2021) ‘Foreign Cyber Interference in Elections’ International Law Studies. [online] Available: https://digital-commons.usnwc.edu/cgi/viewcontent.cgi?article=2969&context=ils (Accessed: November 26, 2024)

Schulze, M. Kerscher, J. & Bochtler, P. (2020) ‘Cyber Escalation The conflict dyad USA/Iran as a test case’. Research Division International. [online] Available: https://www.swp-berlin.org/publications/products/arbeitspapiere/WP_Schulze_December20_Cyber_Escalation_Research_01.pdf (Accessed: March 6, 2025)

Shadunts, A. (2023) ‘From Knowledge to Wisdom: Uncertainty and Ontological (In)Security in Iran’s Foreign Policy’. [online] Available: https://academic.oup.com/isagsq/article/3/3/ksad036/7223047 (Accessed: May 14, 2025)

Shoori, M. (2011) ‘Iran & Russia: From Balance of Power to Identity Analysis’ Iranian Review of Foreign Affairs, Vol. 2, No. 2, Summer 2011, pp. 105-125 [online] Available: https://ciaotest.cc.columbia.edu/journals/irfa/v2i2/f_0023338_19081.pdf (Accessed: February 27, 2025)

Siboni, Dr. G. & Kronenfeld, S. (2012) ‘Iran and Cyberspace Warfare’ Military and Strategic Affairs. Vol 4. No. 3. [online] Available: https://www.inss.org.il/wp-content/uploads/systemfiles/MASA4-3Engd_Siboni%20and%20Kronenfeld.pdf (Accessed: March 6, 2025)

Smagin, N. (2024) ‘Trump Has Few Options to Pry Apart Russia and Iran’. Carnegie Endowment Politika. [online] Available: https://carnegieendowment.org/russia-eurasia/politika/2024/11/russia-iran-trump-influence?lang=en (Accessed: May 17, 2025)

Smalley, S. (2024) ‘UN cybercrime treaty passes in unanimous vote’ The Record from Recorded Future News. [online] Available: https://therecord.media/un-cybercrime-treaty-passes-unanimous (Accessed: February 15, 2025)

Spáčil, J. (2024) ‘Attribution of Cyber Operations: Technical, Legal and Political Perspectives’. International and Comparative Law Review, 2024, vol. 24, no. 2, pp. 150–168. [online] Available: https://www.researchgate.net/publication/389594613_Attribution_of_Cyber_Operations_Technical_Legal_and_Political_Perspectives (Accessed: April 21, 2025)

Swenson, A. (2024) ‘Iran ramping up cyber activity apparently meant to influence U.S. election, Microsoft says’ Public Broadcasting Service. [online] Available: https://www.pbs.org/newshour/politics/iran-ramping-up-cyber-activity-apparently-meant-to-influence-u-s-election-microsoft-says (Accessed: February 15, 2025)

Tehrani, M. (2024) ‘Towards a Cyber Resilient Europe: The need for a theory’. Medium [online] Available: https://medium.com/@madjid.tehrani_17692/towards-a-cyber-resilient-europe-the-need-for-a-theory-0f2cc9d23621#:~:text=domain,without%20resorting%20to%20open%20conflict (Accessed: April 19, 2025)

The White House Office of the Press Secretary. (2013) ‘Cybersecurity — Executive Order 13636’. Foreign Policy. The White House of President Barack Obama. [online] Available: https://obamawhitehouse.archives.gov/node/298406 (Accessed: May 23, 2025)

Theohary, C.A. (2020) ‘Iranian Offensive Cyberattack Capabilities’ Congressional Research Service. [online] Available: https://crsreports.congress.gov/product/pdf/IF/IF11406 (Accessed: January 10, 2025)

Theys, S. (2018) ‘Introducing Constructivism in International Relations Theory’. E-International Relations. (Excerpt from International Relations Theory) [online] Available: https://www.e-ir.info/2018/02/23/introducing-constructivism-in-international-relations-theory/ (Accessed: March 5, 2025)

UNGA. (2021) ‘Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security’ United Nations General Assembly. [online] Available: https://digitallibrary.un.org/record/3934214 (Accessed: February 15, 2025)

United Against Nuclear Iran. (2024) ‘The Iranian Cyber Threat’United Against Nuclear Iran.[online] Available: https://www.unitedagainstnucleariran.com/history-of-iranian-cyber-attacks-and-incidents (Accessed: March 9, 2025)

U.S. Department of Defense (2018) Department of Defense Cyber Strategy. Washington, DC. [online] Available: https://dodcio.defense.gov/Portals/0/Documents/Library/CyberStrategy2018.pdf (Accessed: March 5)

U.S. Department of Justice. (2016) ‘Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector’ Office of Public Affairs. U.S. Department of Justice. [online] Available: https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged (Accessed: January 12, 2025)

U.S. Department of State. (2008) ‘Background Note: Iran’ U.S. Department of State, Archive. Bureau of Near Eastern Affairs. [online] Available: https://2001-2009.state.gov/r/pa/ei/bgn/5314.htm (Accessed: April 20, 2025)

U.S. Department of State. (2025) ‘Executive Order 13694: Sanctions on foreign cyber actors’. U.S. Department of State. Available at: https://www.state.gov/cyber-sanctions/ (Accessed: 11 May 2025).

(1) U.S. Department of the Treasury. (2024) ‘Treasury Sanctions Entities in Iran and Russia That Attempted to Interfere in the U.S. 2024 Election’ U.S. Department of the Treasury. [online] Available: https://home.treasury.gov/news/press-releases/jy2766 (Accessed: February 16, 2025)

(2) U.S Department of Treasury. (2024) ‘Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure’ [online] Available: https://home.treasury.gov/news/press-releases/jy2072#:~:text=WASHINGTON%20%E2%80%94%20Today%2C%20the%20Department%20of,malicious%20cyber%20activities%20against%20critical (Accessed: February 11, 2025)

Wallar, J.G. Wishnick, E. Sparling, M. & Connell, M. (2025) ‘The Evolving Russia-Iran Relationship Political, Military, and Economic Dimensions of an Improving Partnership’. Central of Navel Analysis. [online] Available: https://www.cna.org/reports/2025/01/The-Evolving-Russia-Iran-Relationship.pdf (Accessed: May 17, 2025)

Waltz, K. N. (1979). ‘Theory of International Politics’. Reading, MA: Addison-Wesley. [online] Available: https://www.researchgate.net/publication/237967730_Waltz's_Theory_of_Theory (Accessed: March 5, 2025)

Warrick, T.S. (2020) ‘Congressional hearing – “US-Iran tensions: implications for homeland security”. Atlantic Council. [online] Available: https://www.atlanticcouncil.org/commentary/testimony/congressional-hearing-u-s-iran-tensions-implications-for-homeland-security/ (Accessed: April 9, 2025)

Wendt, A. (1992) ‘Anarchy is what States Make of it: The Social Construction of Power Politics’. International Organization, 46(2), 391–425. [online] Available: http://www.jstor.org/stable/2706858 (Accessed: January 21, 2025)

Wendt, A. (1999) ‘Social Theory of International Politics’. [online] Available: https://www.guillaumenicaise.com/wp-content/uploads/2013/10/Wendt-Social-Theory-of-International-Politics.pdf (Accessed: March 3, 2025)

Wiedemar, S. (2023) ‘NATO and Article 5 in Cyberspace’ CSS Analysis in Security Policy. The Center for Security Studies. [online] Available: https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/CSSAnalyse324-EN.pdf (Accessed: February 13, 2025)

Wiener, A. & Puetter, U. (2009) ‘The Quality of Norms is What Actors Make of It Critical Constructivist Research on Norms’. Journal of International Law and International Relations. [online] Available: https://ciaotest.cc.columbia.edu/journals/jilir%20/v5i1/f_0024915_20356.pdf#:~:text=Conventional%20(or%20modern)%20constructivists%20focus%20on%20the,constituted%20by%20and%20constitutive%20of%20specific%20use. (Accessed: February 18, 2025)

Whyte, C. (2020) ‘Cyber conflict or democracy “hacked”? How cyber operations enhance information warfare’. Research Paper. Journal of Cybersecurity. [online] Available: https://academic.oup.com/cybersecurity/article/6/1/tyaa013/5905455 (Accessed: March 5, 2025)