The country of my citizenship and the country of my birth are both “locked and loaded”, so I’m glued to the news. Between war headlines, missile counts, battlefield maps, and economic collapse, I pay close attention to anything cyber-related. Today, one announcement really stood out.
According to Ali Norouz Zadeh, Head of the Presidential Cyber Center, the Islamic Republic of Iran survived four million cyberattacks in just fifteen days. All were neutralized. None succeeded. The reason: “traffic control” he explains.
As a person who has spent decades in IT and cybersecurity, this had a comforting start. Apparently, the Islamic Republic of Iran is now safe because someone over there has learned how to count port scans.
Reading further, he explains that these “attacks” were actually scans.
Someone should tell this senior government official that in cybersecurity, scanning is not an attack. It is normal internet background noise. He should learn that every system connected to the internet is scanned constantly. Non-stop. If my math is correct, 400M scans over fifteen days works out to about three scans per second. That is not what anyone would call cyber warfare. It is not even elevated threat. It is just another quiet day on the Internet.
But maybe in Iran, definitions are flexible. Perhaps cyberattack, scan, and cyber event or incident all mean the same thing. That would certainly make it easier to produce impressive headlines.
The announcement gets more interesting when this top official explains the defense strategy and how the attacks were actually stopped. Triumphantly he says by “cutting off international internet access”.
If unplugging the country from the Internet is the main cyber defense strategy, then North Korea is the world leader in cybersecurity. Disconnecting networks, shutting down internet access, and leaving citizens in digital darkness do not show cyber strength. They show architectural weakness. This is not cyber defense. It is digital retreat.
The statement then casually admits that most recorded incidents were “due to malware already active inside critical infrastructure.” While celebrating blocked scans as robust cyber defense, they are acknowledging that “malicious software is running inside national energy and financial systems.”
The announcement goes on to say that many of the attacks came from “inside the country, carried out by individuals supposedly acting on behalf of foreign groups.” Blaming is a familiar strategy. In Islamic Republic or Iran, when anything fails, or anything happens, blame-it-on-the-enemy becomes the policy. The Islamic Republic of Iran blames all its pollical, economic and social problems on imaginary enemies.
Someone should remind this official that real cyberattacks do not require imagination. Iran already has a long track record:
- Stuxnet
- Nationwide fuel station shutdowns
- Major banking network disruptions
- Gas distribution system failures
- National broadcaster hijackings
- Railway system outages
Those are just a few examples of real cyberattacks. They disrupted daily life, critical services, and public trust. Iran’s cyber defenses have failed many times. Counting internet noise and calling it victory is not cyber defense. It is just dumb.
Reading this announcement, I cannot help it but to conclude that Iran’s cyber infrastructure is being run by people who do not clearly understand the difference between reconnaissance and intrusion, noise and threat, or numbers and meaning.
And when leadership does not understand the battlefield, it does not just misread threats - it creates a dangerous illusion of security.
