This week’s collapse of the Iranian nuclear deal justifiably caused global consternation at the thought of Iran moving closer to becoming a nuclear power.
There is, however, a much more immediate threat. Iran is already a cyber power and has a history of launching hacking attacks against American interests.
Restoring sanctions removes an important deterrent to those cyberattacks and may have immediate adverse consequences.
The United States and Iran have quietly waged cyberwar for more than a decade. The U.S. fired the first shot in this war as early as 2007 after joining forces with Israel to use malicious software to destroy equipment at Iran’s Natanz uranium enrichment facility.
Iran fired back with a series of attacks on U.S. financial, military, and academic targets. These attacks crashed servers at financial institutions, stole intellectual property from universities, and even took command of the computer systems controlling a dam in Rye, New York.
In that case, the attackers weren’t able to actually open the floodgates, but only because the control system wasn’t functioning properly.
“Over the coming months, we’ll likely see Iranian hackers grow bolder in their targeting of U.S. government, infrastructure, and industrial targets if a new deal is not reached.”
Iranian cyberattacks burst onto the front page earlier this year when the Justice Department indicted nine Iranian nationals accused of participating in cyberattacks against American academics.The 26-page indictment laid out the case against these attackers and linked them to the Mabna Institute, an organization with ties to the Iranian government.
The indictment valued the stolen information at $3.4 billion and, while we might chalk that figure up to prosecutorial hyperbole, the point is clear. The Iranian government is already waging a sophisticated, coordinated cyberwar against U.S. interests.
These attacks took place despite the presence of the nuclear deal. It’s possible that the Iranians felt that the targets weren’t significant enough to scuttle the deal if discovered. Evidence suggests that Iranian attacks against the U.S. to date are only the tip of the iceberg and that Iranian hackers possess more advanced skills that have yet to be trained on American targets.
Security researchers at Symantec recently issued a report accusing an Iranian hacking group of conducting a series of coordinated attacks against targets in the Middle East since 2015. They concluded that “the group remains highly active, is continuing to hone its tools and tactics, and has become more audacious in its choice of targets.”
It’s reasonable to assume that the Iranians focused on Middle Eastern targets to preserve their nuclear deal with larger world powers. Now that the U.S. is preparing to reimpose sanctions, there isn’t much left to deter Iran from training its proven cyberwarfare capabilities on more significant American targets.
Iran’s attacks against its neighbors included the compromise of a major telecommunications service provider and an African airline. There’s no reason to believe they couldn’t infiltrate similar targets in the U.S.
Recent Iranian attacks
Recent Iranian attacks against their neighboring countries of Saudi Arabia, Israel, Jordan, the United Arab Emirates, and Turkey may have served a dual purpose. In addition to intelligence gathering, Iranian cyberwarfare leaders may view those attacks as training for attacks against the larger targets presented by the United States and its allies.
Of course, Iran isn’t the only country with proven cyberwarfare capabilities. We saw the formidable cyberwarfare capabilities of the United States and Israel on full display in the Natanz attack. More recently, Russian hackers stand accused of attacking the DNC and Hillary Clinton’s campaign manager, stealing emails and disrupting the American election.
Surely, the American military cyberwarfare community has also upped its game over the past decade. Iranian cyberattacks against critical American targets would likely be met with crippling, escalating counterattacks.
Countries generally fight cyberwars under a cloak of secrecy, stealthily masking their identities and covering their tracks. While the battlegrounds of cyberwarfare are often the darkened hallways of data centers and networking hubs, these attacks do have the ability to spill over into the physical world, as we saw at Natanz, Iran and Rye, New York.
It’s not difficult to imagine cyberattacks with dire real-world consequences if hackers infiltrate the power grid, compromise an oil refinery, or take over the air traffic control system.
In 2012, then-Defense Secretary Leon Panetta painted a grim picture of a future attack “that would cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability.”
Hackers will grow bolder
It’s unlikely that Iran would attempt to conduct Panetta’s “cyber Pearl Harbor” due to fear of a massive conventional retaliatory strike, but it’s easy to imagine coordinated attacks against U.S. targets. We’ve seen several in the news recently when attackers used ransomware to cripple Atlanta’s city government, steal personal information from Equifax, and take over a school’s surveillance system.
The next wave of Iranian cyberattacks would likely appear similar to these incidents that have become a routine part of every news cycle.
Over the coming months, we’ll likely see Iranian hackers grow bolder in their targeting of U.S. government, infrastructure, and industrial targets if a new deal is not reached. It would be surprising if both sides don’t already have their battle plans drawn up for extended cyberwarfare attacks. Those plans are likely the subject of conversations this week among generals in both Washington and Tehran.
When America reneged on the commitments that we made on the world stage in 2015, we not only increased the global nuclear threat, we also may have opened ourselves to a new era of cyberattacks.
Source » cbs