For all the criticism of the Iran nuclear deal that was signed in July 2015—that the deal didn’t go far enough, that the release of sanctions would lead to regional instability, that the United States had been duped—the cybersecurity community breathed a sigh of relief. After the deal was signed, the wrecking crew ceased. “The nuclear deal imposes a constraint on them,” Jim Lewis told me that month. But, he warned, “When the deal goes away, so goes their restraint.”
