Iran’s Internet Infrastructure Chief: “We Have One of the Most Infected Networks in the World”

At the second panel of the Internet, the Future of Iran conference, held on Tuesday, July 15, 2025 at the Ministry of ICT, senior officials and researchers raised sharp concerns over the state of Iran’s cyber infrastructure, flawed decision-making structures, and the heavy costs of widespread internet filtering.

The panel, titled Technology, Security, and the Future of Iran, featured Behzad Akbari, CEO of the Telecommunication Infrastructure Company (TIC), Mohammad Keshvari, head of the Tayf think tank, Arian Eghbal, network researcher and programmer, and Yaser Jalali, policy researcher.

A Flood of Cyberattacks

Opening the session, Akbari highlighted the scale of recent DDoS assaults:

"During the war, we were under severe DDoS attacks, peaking at 400 Gbps. Half of them were mitigated outside Iran, including in Frankfurt. Attacks are usually detected in under 30 seconds and automatically neutralized by operators."

But he admitted the scale of the problem:

“Iran’s network is among the most infected in the world. In the past 24 hours alone, there were 5,700 DDoS attempts against us. On top of that, zombie mobile devices inside the country are being hijacked to launch outbound attacks.”

Akbari pointed to deeper structural weaknesses: 70–80% of servers imported into Iran are refurbished, unlicensed and cracked software is widely used, and sanctions leave the country dependent on second-hand, unreliable equipment.

“The world is moving to cyber-physical systems, while we’re still stuck with 20-year-old technology,” he said.

Filtering: A Self-Inflicted Crisis

Keshvari was blunt in his criticism of internet policies:

“DDoS has long had technical solutions, yet we’re still trapped by it. Wrong-headed filtering policies have become part of the crisis.”

He argued that excessive censorship pushes users toward circumvention tools, creating a cat-and-mouse game that fuels even more malware traffic.

“Filtering may work in limited cases like phishing, but when overused, it backfires. Blocking platforms didn’t stop data leaks or hacking. Even if you shut down the entire internet, as long as people have smartphones, they remain hackable.”

He dismissed ideas like a “domestic Android” as distractions:

“Calls for a local OS are either naive or deliberate sabotage. Practical solutions exist—like tiered access controls—but they’re ignored.”

“Shutting Down the Internet Serves the Attacker”

Researcher Arian Eghbal went further, warning that blocking and shutdowns actually help adversaries:

“Closing the ecosystem is exactly what attackers want. During the war, the internet was cut completely, but traffic quality could have been reduced instead. DDoS should never be an excuse to shut down the internet.”

He said filtering has turned Iran’s networks into breeding grounds for malware, while VPN crackdowns are futile and counterproductive:

“Every new protocol becomes another VPN tool. Blocking them just breaks corporate communications and worsens network health.”

Eghbal called for transparency:

“We need clear, public technical reports. Current disclosures are vague and useless for analysts.”

The Need for Smarter Governance

Akbari stressed that TIC does not make filtering decisions:

“We’re not responsible for shutdowns; filtering equipment sits with operators. National security is broader than blocking access—access to the internet itself is part of security.”

He admitted the current decision-making system is broken:

“Users and digital businesses shouldn’t be blindsided by sudden restrictions. Decisions must consider multiple dimensions. Cutting the internet should be the absolute last resort—it disrupts every aspect of life and severely damages the ecosystem.”

Policy researcher Yaser Jalali echoed this, attacking the “binary” logic of Iranian internet governance:

“This cut-or-connect mentality is obsolete. We need balance—between security and economic opportunity, between sovereignty and global integration. Filtering Instagram in 2022 was a clear mistake, and users simply returned. Shutting down platforms without alternatives achieves nothing.”

Stalled Growth, Shrinking Ecosystem

Akbari warned that the 2022 restrictions halved national internet traffic, froze startup activity, and drained investment:

“Our growth slowed to a crawl. No major startup has emerged since then. Excessive focus on threats has gutted the ecosystem’s vitality.”

He also pointed to a fundamental imbalance: in Iran, 70% of traffic is on mobile networks versus 30% on fixed broadband—exactly the reverse of global norms. Without a serious push into fixed broadband, he warned, quality will keep deteriorating.