Despite its nominal defense role, the NPDO has helped the regime repress citizens online, a function that Washington should counter with sanctions.
For the past eleven years, Supreme Leader Ali Khamenei has repeatedly labeled U.S. sanctions as an act of all-out economic war against Iran, particularly those measures that target the country’s export/import, high-tech, and financial sectors. And in response he has long called for an “economic jihad.” One of the tools the regime has used for this struggle is the National Passive Defense Organization (NPDO), a quasi-military body in charge of strengthening the resiliency of Iran’s national infrastructure. Yet time and again, the organization’s mission has crept into repressive measures against the Iranian people and other sanctionable activities.
EXPANDING BUDGET AND ROLE
The NPDO was formed in October 2003 after Operation Iraqi Freedom, perhaps out of fear that an international military coalition would soon put Iran in its crosshairs. By law, it is responsible for “policymaking, planning, directing, organizing, coordinating, monitoring, and operating the passive defense and civil defense...activities of enforcement agencies,” encompassing efforts to deal with cyber, biological, radioactive, chemical, and economic threats. These duties include designing, hardening, and providing external security for nuclear sites, as well as manning a dedicated headquarters for radiation detection, containment, and decontamination in the four provinces that house such sites. Its mission also extends into the financial, construction, industrial, telecommunications, media, energy, food security, transportation, and defense sectors. Where responsibilities and job descriptions overlap, it usually signs cooperative agreements with other civilian, military, and security entities.
In recent years, however, the NPDO has been promoted to a de facto ministry of economic warfare, moving to the forefront of Iran’s “hybrid campaign” against its enemies. Since September 2015 it has been led by Gholamreza Jalali Farahani, an outspoken brigadier-general in the Islamic Revolutionary Guard Corps. A committee oversees the organization, chaired by Maj. Gen. Mohammad Bagheri, head of the Armed Forces General Staff (AFGS). Jalali is on the committee as well, along with the ministers of defense and interior, the president’s key deputies, and the chairman of the parliament’s national security commission. Together with its Shahid Zain-ol-Din Operational Headquarters in Tehran, the NPDO has gradually become a military-operational organization mostly staffed by IRGC and Basij personnel. Jalali answers only to the Supreme Leader and Bagheri, giving him broad authority and making implementation of the NPDO’s approved regulatory decisions mandatory.
Because it was created under the AFGS, the NPDO did not have a separate budget until three years ago, and most of its projects were financed by contracting agencies or through the AFGS (in general, the armed forces saw their passive defense funding increase exponentially over the past decade). Today, however, the NPDO has its own budget, which reached $34 million in the last fiscal year and can be expected to increase going forward.
The organization’s mission also includes extending its “services to other countries within the limits of [Iran’s] national defense diplomacy,” since passive defense is seen as an integral part of the regime’s “regional resistance doctrine.” As Jalali noted in October 2017, the NPDO has been working closely with Syria, Iraq, and Lebanese Hezbollah. Likewise, in November 2016—only one year into the nuclear deal—Supreme National Security Council secretary Ali Shamkhani said that Tehran intended to press ahead with this regional doctrine at the same time that it asked the international trade system to help develop Iran’s economy. That request was thwarted with the return of sanctions.
CYBER DEFENSE—AND OFFENSE
During its formative years, the NPDO focused on improving the survivability of Iran’s critical infrastructure in traditional ways, using experience gained from the Iran-Iraq War. This meant following an established economic warfare model in which the enemy uses military force to kinetically target said infrastructure. As such, Jalali and other defense leaders were taken aback by the hybrid nature of modern warfare, the rapid growth of Internet and social media usage in Iran, and new economic warfare models that rely solely on nonmilitary or “soft” means. This realization sent them looking for alternative ways of identifying and containing emerging threats.
Today, one of the NPDO’s main roles is to use “all national cyber and non-cyber resources to deter, prevent, deny, identify, and effectively counter any cyberattack against...Iran’s national infrastructure by either hostile foreign states or [domestic] groups supported by them.” The last part of that quote is crucial: given the regime’s authoritarian nature, the NPDO’s mission now essentially encompasses any domestic discontent or demand for civil liberties expressed publicly, including online. In January, for example, Jalali blamed the popular messaging application Telegram for instigating popular protests against widespread corruption and injustice.
Iran’s passive defense officials are particularly interested in countering the “power to coerce” (P2C) concept proposed in a 2016 U.S. Army-sponsored RAND study, which covers the use of nonlethal means to force adversaries into compliance. Jalali has repeatedly used the term, warning that outside actors can use such means to steer public opinion against the regime. In doing so, he attributed all of the recent discontent to foreign influence. From his point of view, the “Islamic Revolution” faces a diverse set of threats, with external enemies using a combination of military tools, economic warfare, and domestic proxies capable of organizing student protests and velvet revolution. Last month, he argued that an increasingly effective American cyber campaign was turning Iranians against the ruling clergy, while President Hassan Rouhani warned the United States not to incite the people against “Iran’s security and interests.” By promoting perceptions that the recent unrest is a product of foreign actors—be they Mujahedin-e Khalq oppositionists, royalists, Westerners, or Zionists—the regime seeks both popular backing and an excuse to target and prosecute any form of domestic opposition.
Yet the NPDO’s role in carrying out this policy began long before the latest protests. Tehran has viewed cyberspace as an existential threat for years, following the 2010 Stuxnet attack on its nuclear infrastructure, the 2012 Flame attack on its oil industry, and the mass protests of 2009, 2011-12, and 2017-18, which were mainly organized using social media. In response to such incidents, the AFGS set up a Cyber Defense Headquarters in October 2011 for timely detection and elimination of emerging threats, placing the NPDO in charge of it.
Apart from “defense,” however, the duties of this headquarters include coordinating surveillance of citizens’ online activities and, allegedly, conducting offensive cyberattacks in cooperation with the IRGC-Basij cyber command. In February 2012, Jalali went a step further by calling for the creation of an Iranian cyber army.
Belying its nominal passive defense role, the IRGC-controlled NPDO has been increasingly involved in monitoring and suppressing Iranians under the guise of protecting them. Regime leaders fear the United States is targeting their social centers of gravity, including the Supreme Leader’s credibility, the people’s religious beliefs, and the public’s relationship with the regime and its revolutionary entities (e.g., the IRGC and Basij). This is why they have apparently directed so-called cultural and media defense organs to identify, locate, and isolate any sign of sociopolitical discontent among the increasingly outspoken populace, effectively putting the NPDO on par with other suppressive arms of the Islamic Republic.
Despite its repressive track record, however, the expansive NPDO has so far escaped U.S. Treasury Department sanctions, even though it was sanctioned by the European Union in 2010 for ties to Iran’s nuclear program. Washington should remedy this omission by adding the entire NPDO or its “Cyber Defense Headquarters” to U.S. sanctions lists. Short of that, U.S. officials could warn Iran that all such passive defense organs need to be completely demilitarized and rendered harmless or else face sanctions.
Farzin Nadimi is an associate fellow with The Washington Institute, specializing in the security and defense affairs of Iran and the Gulf region.