In the past weeks, much attention has gone toward the possibility of tensions with Iran spilling over into cyberspace. But the reality is that cyber warfare with Iran is already more than a decade old. The question is not, “Could it happen?” but instead, “What will the next chapter bring?”
The origin of a cyberwar with Iran can be traced back to the 2009 Stuxnet attack on Iran’s Natanz uranium enrichment plant which disrupted its development of nuclear weapons. The attack has largely been attributed to Israel and the United States. Since that time, Iran, which presently does not have the sophisticated cyberwarfare capabilities of the United States, Russia and China, has nonetheless vastly expanded its cyberwarfare program.
In 2012 and 2013, Iranian hackers attacked large American banks such as Bank of America, JP Morgan Chase, Wells Fargo and Citigroup through a denial-of-service attack that temporarily took their computers offline. A denial-of-service attack renders a website inoperable by flooding it with excessive traffic. Seven Iranians were indicted by a New York grand jury for these attacks.
Also in 2013, Iranians hacked into the control system of a New York dam. In 2014, Iranian hackers attacked the computers of the Las Vegas Sands Corp. whose CEO, Sheldon Adelson is a vocal supporter of Israel who has advocated for a hard line against Iran.
In 2018 nine Iranians were indicted on charges related to the hacking of hundreds of universities and companies in an effort to steal data. And in 2019 Iranian hackers attacked 30,000 computers at Saudi Aramco, the world’s largest oil company, destroying data and temporarily halting half of Saudi Arabia’s oil production. According to the Defense Department’s Cyber Command, Iran has surreptitiously been probing a wide swath of American infrastructure such as the electric grid as well as government and corporate computer networks.
Following the killing of Iranian General Qassem Soleimani, cyberattacks attributed to Iran have increased dramatically. While on the surface it may appear that tensions between the United States and Iran have diminished following an Iranian missile attack response against an American military base in Iraq, the threat of a disruptive Iranian cyberattack is high, as evidenced by a recent alert issued by the Department of Homeland Security. According to the alert, “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
Industrial control system security firm Dragos recently uncovered efforts that appear to be Iranian hackers targeting computer networks of electric utility companies, gas companies and oil companies with huge numbers of passwords to try and find passwords that will enable them to infiltrate those companies. While according to Dragos, Iran presently does not have the capabilities to leverage that access to controlling the electric grid or gas and oil facilities, the day when Iran will have those capabilities is not far off.
Also, after a recent Department of Homeland Security briefing of members of Congress, Sen. Richard Blumenthal (D-Conn.) told CNN of his concern about Iranian perpetrating ransomware attacks where data is encrypted and destroyed unless a ransom is paid.
The effects of a large scale cyberattack on America could be devastating. While many governmental agencies and companies are taking steps to increase security, the efforts presently are far from what is needed to truly protect this country from major cyberattacks. The private sector in particular appears quite vulnerable. Focused and concerted efforts by the federal government with private industry to protect our country from cyberattacks must be increased to meet this substantial threat.
One factor that may serve as a disincentive to Iran to launch major cyberattacks against the United States is the fact that Iran is aware that the United States has already infiltrated the infrastructure of Iran and could respond to any Iranian attack in an overwhelming manner. Whether this modern version of the Cold War’s Mutually Assured Destruction (MAD) strategy to deter nuclear war is a prudent or effective strategy remains to be seen, but it certainly carries substantial risk.