Iran (Islamic Republic of) Last Updated: June 2021

CYBERSECURITY POLICY

STRUCTURE

National Centre or Responsible Agency

Supreme Council of Cyberspace (SCC)

Supreme Leader (appointed by, reports to)

Holds all internet policy decision-making power.

Source Source 2
March 2012

Key Positions

Chairman
Supreme Council of Cyberspace (SCC)

The President of Iran is Chairman of the Supreme Council of Cyberspace (SCC).

Source
2012

Dedicated Agencies and Departments

Cyber Police of Islamic Republic of Iran (FETA)

Islamic Republic of Iran Police

Goals of Cyber Police:

Secure cyber space;

Protect national and religious identity, community values, legal liberty, national critical infrastructure against electronic attacks;
Preserve interests and national authority in cyberspace; and
Assure people in all legal affairs such as economic, social and cultural activities in order to preserve national power and sovereignty.

Source
2011

Cyber Defense Command (‫ﻗﺮارﮔﺎه دﻓﺎع ﺳﺎﯾﺒﺮی‬‎‎;)

Passive Civil Defense Organization, Joint Staff of Iranian Armed Forces
Cyber defense unit for the country
Source
November 2010

Ministry of Information and Communications Technology (Ministry of ICT)

Government of Islamic Republic of Iran

Responsible for postal services, telephones and information technology.

Source
2003 (renamed and codified)
 Iran (Islamic Republic of) Last Updated: June 2021

Iran Information Technology Organization (ITO)

Ministry of Communications and Information Technology

To manage support functions and to organize the security of the space of information exchange, hardwares and softwares; to improve electronic
capabilities; to develop internet service, to develop information technology and its applications.

Source
2011

(proposed) National Cyberspace Center

Supreme Council of Cyberspace (SCC)

Should be established under the auspices of the Supreme Council of Cyberspace (SCC);
Entire and up to date knowledge of cyberspace at the domestic and global level.

Source

National CERT or CSIRT

Iran Computer Emergency Response Team (CERTCC MAHER)

Cooperates with national security organizations in order to assure the security of cyberspace;
Governmental CERT.

Goals and Duties:

To provide a central national node for strategic coordination activities in information exchange environments incidents based on the division of
work and responsibilities as provided by the high council of cyberspace;
To build sufficient capacities in order to respond to cyber incidents in the country;
The exchange of experiences and analysis of incident responses;
Helping organizations, government centers and private companies create CSIRT groups;
Facilitate communication between groups with similar directions and related organizations in order to share knowledge in the cyber security field;
Development of secure communication mechanisms for reliable communication among groups;
To join in international groups and also the formation of international interaction centers to confront common threats;
Sharing of important analysis regarding systems’ security and important threats on a national level;
Support of continuous security evaluations in various information exchange environments;
Knowledge transfer through educational courses;
Communication and cooperation with other CERTs at national, regional and international levels;
Holding meetings, seminars and conferences related to confronting cyber-attacks;
Cooperation with related organizations with the goal of drafting and passing laws, regulations and policies that affect the capacity to deal with
cyber incidents.

Source
2008

LEGAL FRAMEWORK

Legislation

Computer Crimes Act (Law No. 71063)

Chapter 1 - Crimes against Confidentiality of Data and Computer and Telecommunication Systems
Chapter 2 - Crimes against Integrity and validity of Data and Computer and Telecommunication Systems
 Iran (Islamic Republic of) Last Updated: June 2021

Source
26 May 2009

Computer Misuse and Cybercrime Act 2003 (Act No. 22 of 2003)

Specifies as offences unauthorised access to computer data, unauthorised access to and interception of computer service, unlawful possession of devices
and data, etc.

Source
30 July 2003

Views on International Law

Declaration of General Staff of the Armed Forces of the Islamic Republic of Iran Regarding International Law Applicable to the Cyberspace
General Staff of Iran's Armed Forces

This declaration includes four articles and was released by the General Staff of Iran’s Armed Forces;
The general points include:
International law applicable to cyberspace shall be a just distributer of benefits and advantages of peaceful cyberspace and involved
“access” and “equitable sovereignty” for all states;
Emphasizes the obligation of all States to act responsibly within the cyberspace domain, stressing that States have common but different
responsibilities because of resources and technologies available for each state;
The prohibition against the use of force and act of aggression may apply to the use of cyberspace.

Source
July 2020

COOPERATION

UN Processes

Expressed views to the Annual Report of the UN Secretary-General on Developments in the Field of Information and Telecommunications
in the Context of International Security

Source
2013

Expressed Views at the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context
of International Security

Source Source 2
2019/2020/2021

Bilateral and Multilateral Cooperation

Information Security Agreement, Iran-Russia

Foreign Minister

The information security agreement coordinates efforts between Iran and Russia against cyber-related crimes.

Source Source 2
January 2021
 Iran (Islamic Republic of) Last Updated: June 2021

Discussions, Armenia-Iran
Ministry of Communications and Information Technologies

Discussions on new perspectives and opportunities of cooperation in a number of fields, including information technologies and cyber security;
Discussions on the Armenian project of establishing a regional "Data center".

Source
13 October 2017

Agreement on cooperation, Iran-South Africa

Minister of Communications and Information Technology (CIT) Mahmoud Vaezi
Investment in ICT, satellitles, e-commerce, cyber-security
Source
27 September 2017

Agreement on cooperation, Iran-Thailand

Minister of Communications and Information Technology (CIT) Mahmoud Vaezi
Collaboration in IT, software, hardware, and cybersecurity
Source
9 August 2017

Cybersecurity Alliance for Mutual Progress - CAMP Initiative, Member

Iran National CERT/CC (MAHER)
Network platform to lift up the overall level of cybersecurity of members through development experiences and trends sharing.
Source
11 July 2016

Cooperation, Uganda-Iran
Commander in Chief, Police
Cooperation between the two police institutions to increase cooperation in security, including in cybercrime and ICT.
Source
15 October 2014

Membership

International Telecommunications
Union (ITU)

Organisation of Islamic Cooperation

(OIC)

United Nations (UN)