Iran still poses a cyber threat to the US and her allies

Iran has carried out the most sophisticated, wide-ranging, and costliest cyberattacks in the history of the Internet age, primarily targeting US interests and allies.

By NORMAN ROULE, JORDAN STECKLER
Employees, mostly veterans of military computing units, use keyboards as they work at a cyber hotline facility at Israel's Computer Emergency Response Centre (CERT) in Beersheba, southern Israel (photo credit: REUTERS/AMIR COHEN)
Employees, mostly veterans of military computing units, use keyboards as they work at a cyber hotline facility at Israel's Computer Emergency Response Centre (CERT) in Beersheba, southern Israel
(photo credit: REUTERS/AMIR COHEN)
Even as the world grapples with the COVID-19 pandemic, Iran remains determined to harm the interests of the US and its allies and exact revenge for the January 3 drone strike that killed Maj.-Gen. Qasem Soleimani.
Iran has been one of the hardest-hit nations and is the epicenter for the coronavirus in the Middle East. The Iranian regime, already suffering a crisis of legitimacy after suppressing mass protests in November and January, was caught flat-footed by the situation and took various missteps that have contributed to the rapid spread of infection within Iran and beyond.
With trust in the regime at a nadir, Iran’s government, desperate to maintain the narrative that it retains internal and external control and has not lost the ability to defy the West, is responding to its dire straits in large part by lashing out. The March 11 rocket attack by an Iran-backed Shia militia demonstrated that Iran’s ongoing commitment to attacking the US and coalition forces and retaliating for Soleimani’s killing supersedes humanitarian considerations for the Iranian regime.
But another avenue of revenge to which US policy-makers and our partners should be paying attention is cyberspace. Since the Soleimani killing, the US national security apparatus has warned that Iran is likely to pursue offensive cyberattacks targeting the US public and private sectors. In the immediate aftermath of the killing, both the Department of Homeland Security and Federal Bureau of Investigation issued advisories warning of increased Iranian cyber reconnaissance activity and cautioning that Iran may be seeking disruptive attacks against critical US infrastructure.
IN A new report, United Against Nuclear Iran (UANI) has documented the evolving nature of the Iranian cyber threat to the United States. Over the last decade, Iran has stepped up its investment in cyberwarfare capabilities, which give it a low-cost means – beyond its limited conventional capabilities – to conduct espionage on, and strike, stronger adversaries in furtherance of its foreign policy and national security objectives.
Iran has carried out the most sophisticated, wide-ranging, and costliest cyberattacks in the history of the Internet age, primarily targeting US interests and allies. According to the US Cybersecurity and Infrastructure Security Agency, Iranian cyberattacks have targeted sectors including “financial services, energy, government facilities, chemical, healthcare, critical manufacturing, communications, and the defense industrial base.”
Most worryingly, in November 2019, Microsoft detected an Iranian hacking group stepping up efforts to infiltrate industrial control systems used in electric utilities, manufacturing, oil refineries, and related critical infrastructure. Today there remain thousands of soft targets that are largely unguarded and vulnerable.
The main factor preventing Iran from launching major, disruptive cyberattacks against the US homeland is not necessarily lack of opportunity or ability, but the regime’s calculus as to whether the benefits of such an attack outweigh the costs it would likely incur.
With Iran backed into a corner, and with governments around the world increasingly vulnerable as they shift resources to tackling the coronavirus pandemic, Iran may figure the time is ripe to launch a devastating blow against the US or its partners. And as more international business is conducted online through unencrypted telecommunications, the cyber domain is a target-rich environment.
At a press conference on March 20, Secretary of State Mike Pompeo asserted that Russia, China and Iran are carrying out online disinformation campaigns to stoke fear and discord in the US.
On April 2, Reuters reported that hackers working in the interest of the Iranian government have since early March used advanced phishing techniques to try to steal the email passwords of staff members at the World Health Organization, presumably to gain access to intelligence that would aid in the fight against the coronavirus.
The incidents highlight that the Iranian cyber threat adds additional layers of insecurity at a time of international crisis.
The primary deterrent to Iran undertaking the costliest and most destructive attacks would be the knowledge that such a cyberattack would lead to a multilateral regime-destabilizing response, but the US has yet to publicly define what constitutes an act of warfare in the cyber domain.
Without clearly enumerated redlines, Iran is liable to test the waters in provocative ways, having already discovered it can carry out costly cyberattacks against American, Israeli, Gulf, and European targets without significant pushback.
The most daunting task facing the US is shoring up the cyberdefenses of the thousands of soft targets around the country, and working in concert with allies to achieve collective cyberdefense.
The public and private sectors must remain vigilant, continue to prioritize collective cybersecurity, and work collaboratively to identify vulnerable targets and harden their defenses in order to mitigate the Iranian cyber threat.
Norman Roule is a senior adviser at UANI. Jordan Steckler is a research analyst at UANI.


Related Tags
cyberwarfare