For all the noise that the Syrian Electronic Army and China’s PLA Unit 61398 have been making recently, the US is facing a much deadlier threat to its cyber interests right now. State-sponsored hackers from Iran have reportedly ramped up their cyber-espionage campaign against the US in recent weeks, infiltrating a number of the country’s industrial control systems.
According to the Wall Street Journal, Iranian hackers have been able to gain access to the servers of several energy companies in the US. The government has refused to identify exactly how many, or which companies were involved, but its believed that they include oil, gas and electricity firms. Experts warn that the hackers could have easily manipulated oil and gas pipelines, potentially causing catastrophic damage to energy infrastructure and the environment had they chosen to do so. While it’s not clear to what extent the hackers infiltrated the company’s systems before being noticed, one official told the paper that they got “far enough to worry people”.
For the moment at least, we can breathe easy. Security experts believe that the Iranians are merely attempting to learn how the control systems work. Nevertheless, the fact they’re doing so can be considered a very ominous sign, as this kind of reconnaissance would be the first step in any co-ordinated attempt to disrupt or destroy critical infrastructure.
It might be early days yet, but US defence officials are said to be far more concerned with Iran’s activities than they are with China’s state-sponsored espionage.
“This is representative of stepped up cyber activity by the Iranian regime. The more they do this, the more our concerns grow,” said one anonymous official to the WSJ. “What they have done so far has certainly been noticed, and they should be cautious.”
Iran’s Cyber-Warfare Strategy:
That Iran has expanded its cyber-warfare horizons to include US infrastructure is a worrying development. While its no stranger to attacking the US, to date the Islamic Republic has largely restricted itself to unsophisticated attacks on financial institutions, having been blamed for a number of distributed denial of service (DDoS) attacks on US banks over the last 12 months. The reason security chiefs are so concerned now is that hacking industrial control systems requires significantly more expertise, and the Iranian’s ability to do so presents a serious threat to the energy companies involved.
Listening to several US politician’s statements, you’d be forgiven for believing an attack is all but imminent. In October of last year, defence secretary Leon Panetta famously warned of a possible “Cyber Pearl harbor” against the US if nothing is done to boost its control system’s defenses, while just last week a new report from congressmen Ed Markey and Henry Waxman warned electricity firms to boost their defences after more than a dozen of them reported that their systems were under “frequent” or “constant” attack from hackers.
Somewhat ironically, the US has probably brought this threat onto itself. Some experts argue that the infamous Stuxnet and Flame malware attacks on Iran – which are widely assumed to have been developed by the US or Israel – actually inspired Iran to launch its own cyber attack and defense capabilities, after witnessing first hand the kind of damage it can cause.
Iran’s actions clearly haven’t surprised officials, but what is worrying is that no one seems to have paid much heed to these warnings – US infrastructure on the whole remains outdated and highly vulnerable to cyber infiltrations. If attackers were able to knock out the country’s electricity supply, even for a couple of days, it would be hugely damaging for the economy and society. Equally worrying is that Iran doesn’t seem to have had a cyberattack capability for long, yet in the short time it has it’s already infiltrated numerous critical systems. If nothing is done to bolster the energy industry’s defenses, who knows what kind of damage the Iranians would be able to do in the future?
The threat is a serious one, but for now the chances of Iran actually attacking the US are remote, as any offensive move would almost certainly be political suicide for its leaders. Most likely, Iran is attempting to create a kind of “cyber deterrent” that’s strong enough to make the US think twice about launching any military attacks against its nuclear program. As such, the most important question for us to answer right now is this: Just how far will Iran be pushed before it feels it has no other option but to launch an attack?