I Ran, You Ran, We all…Should Run from Iran?
Tensions between the United States and Iran have hit yet another all-time high with the recent assassination of top Iranian General Qasem Soleimani. As someone who was considered to be the second most important figure in the Iranian Government; it comes as no surprise that this would stir up some conflict between our nation and theirs. For years there has been tremendous talk regarding “Cyber Warfare” from the Iranians, which of course can have many different definitions. But no matter what we call it, it all boils down to the next major conflict being fought in a way we’ve never seen before.
That’s right— war in cyberspace instead of the conventional weaponry of history’s past.
During my briefings as an FBI Agent, I would explain that there were a number of foreign threat actors who were, and still are, targeting US Organizations, state and local governments, academic institutions and (especially) critical infrastructures. According to the Department of Homeland Security (DHS), Critical Infrastructure is comprised of 16 sectors. These assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on national economic security, national public health and safety, or any combination thereof.
The 16 sectors of critical infrastructures are:
- Chemical (Sector)
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Services
- Financial Services
- Food & Agriculture
- Government Facilities
- Healthcare & Public Health
- Information Technology
- Nuclear Reactors, Materials & Waste
- Transportation Systems
- Water & Wastewater Systems
Approximately 85% of critical infrastructures are owned and operated by the private sector and not a government agency. These infrastructures are the ones we take for granted.
So is your organization part of the critical infrastructure?
The threat from Iran has always been real, just like the threat from China and Russia. There are many documented cases of China being the number one threat for the theft of intellectual property from the US military, academia, technology, and many other areas of concern. The list is even longer for Russia. However, the difference with these countries is that they are considered “trusted trade partners” of the United States.
There is a co-dependent economic relationship, and it’s a toxic one to say the least.
To the contrary, there is no friend in Iran at all. It all fell part about forty years ago during the Iranian Hostage Crisis, and it clearly hasn’t gotten any better. In 2007, a joint US-Israeli intelligence operation deployed malware known as Stuxnet in a uranium enrichment facility in Iran. The malware was the first of its kind; but what was unprecedented was the fact that it not only digitally harmed the systems, but it physically destroyed the computers themselves. The malware destroyed centrifuges and crippled the country’s nuclear efforts. The world all felt a little safer; however, this caused Iran to ramp up its cyberwar capabilities.
Iran has invested significant resources into advancing its own hacking, though it deploys them more for espionage and serious disruptions.
Shortly after the Stuxnet incident, the FBI warned critical infrastructures to be wary of the threat from Iran to retaliate. I remember speaking to my utility partners in my area of responsibility (which was the majority of the state of Tennessee) concerning this threat.
We can’t control the threat but we can implement steps to reduce our vulnerabilities.
Many times I was told by my infrastructure partners that because they were a small company, or were located in rural Tennessee, they had nothing to worry about. They’d listen to my spiel, and respond, “Who would want our info or money anyway?” To that I’d reply, “The bad guys don’t care who you are; they want access to your stuff.” In the case of Iran, I’m sure they are targeting smaller critical infractures as much as they are big ones. This is true today, more than ever.
It’s the small victories that add up to the big ones.
It is said the Iranians have multiple cyber warfare units and proxies within their government. They’ve been operating in stealth mode for the past decade, of course always denying involvement.
We can’t control what Iran is going to do, but we must take the threat seriously.
Let’s talk about some of the incidents caused by the Iranians since Stuxnut in 2007.
- In 2012, the Iranians were accused of destroying 35,000 computers belonging to Saudi Arabia’s largest oil company, Saudi Aramco. A strain of malware very similar to the one that destroyed their nuclear facility was utilized.
- In 2014, the Iranians targeted the Las Vegas Sands casino, after their owner made Pro-Israeli comments.
- In the past couple of years neighboring countries UAE, Qatar and Kuwait, had private-sector companies hit with Iranian malware which destroyed computers and data.
- Recently Iranian hacking groups were discovered trying to gain unauthorized access to the US Department of Energy and US National Labs.
Iran has a history of launching cyber attacks on their enemies with a specific purpose, destroying computers and wiping data. Their hacking groups have been targeting US companies for decades to steal information and recently were trying to gain access to some highly sensitive US assets.
It is clear Iran is ready for cyber war. They’ve not only infiltrated computer systems, but physical buildings and structures. It’s terrifying to know what they are capable of.
Does Iran have a higher motivation to launch a cyber attack today? Absolutely. They will not stand for the assination of their second highest leader. Will they do it soon? Nobody knows. Should we panic and run out and purchase some new technology that will keep us safe? Absolutely not.
We are going to dive into this topic a little deeper in the next couple of weeks. Remain cybersafe; keep yourself protected by knowing what, and what not, to click on!