Skip to main content

Analysis | The Cybersecurity 202: Get ready for serious cyberattacks from Iran, experts say

By Joseph Marks

President Trump speaks about the situation with Iran in the Grand Foyer of the White House. (Photo by Saul Loeb/AFP/Getty Images)
The United States should expect serious cyberattacks from Iran in the next few months, according to an overwhelming majority of experts surveyed by The Cybersecurity 202.
Those digital attacks are likely to hit oil refineries, financial institutions and other U.S. targets as retaliation for the U.S. killing of a top Iranian general, a whopping 85 percent of respondents to our Network survey said.

“Iran is dangerous because they have the intent, motivation and capabilities. While their cyber capabilities are not on par with Russia and China, they are innovative and can cause both physical and psychological disruption,” warned Kiersten Todt, president of Liberty Group Ventures, and who led an Obama-era cybersecurity commission.
“We should expect attacks of all stripes from Iran over the next few months,” said Betsy Cooper, director of the Aspen Institute’s Tech Policy Hub and a former Department of Homeland Security cybersecurity official.
The Network is a panel of more than 100 leaders from government, academia and the private sector who vote in our ongoing, informal survey on cybersecurity issues. (You can see the full list of experts here. Some were granted anonymity in exchange for their participation.)
One big reason Iran is likely to ramp up cyberattacks is because it’s easier to focus them at a low enough level that they don’t prompt U.S. retaliation compared with conventional military or terrorist attacks, many experts said. The United States and Iran backed away from further military hostilities after the killing of a Maj. Gen. Qasem Soleimani promoted an Iranian missile strike on two U.S. bases in Iraq.
“Iran will be looking for ways to cause pain in the United States without provoking a severe counterattack,” Stewart Baker, a Steptoe and Johnson attorney and former NSA general counsel, said.
Dmitri Alperovitch, co-founder of the cybersecurity company CrowdStrike, described Iranian leadership as “quite risk averse” and noted that “cyber … provides Iran with response options that are below the thresholds likely to trigger a U.S. retaliation.”
Cyberattacks "seem to be the most likely route where the Iranians can cause damage without casualties and hopefully stay under the thin red line for a major U.S. response,” said Tony Cole, chief technology officer at Attivo Networks.
Iran has a long track record of hacking U.S. targets, including pummeling U.S. banks with overwhelming network traffic to force them offline in 2012 and hacking control systems at a New York dam in 2013. The nation also destroyed sensitive data during a hack at the Sands Casino in 2014 after anti-Iran comments by owner Sheldon Adelson.
“Past performance is not always a perfect predictor of future results, but it is often the best that we have, [and] Iran has a long track record of using cyber means of retaliation,” said Peter Singer, a cyberwar expert and senior fellow at the New America think tank.
“They’ve demonstrated capability and intent for destructive cyberattacks inside the U.S. and I would expect to see that,” said Suzanne Spaulding, who led DHS cybersecurity efforts during the Obama administration.
“Iran is not new to this rodeo … What I expect is simply an escalation of what they've already been doing,” said Mark Weatherford, a former Department of Homeland Security cybersecurity official who’s now a global information security strategist at Booking Holdings.
Cyberattacks are also attractive because the United States is far more reliant on information technology than Iran, which makes it far more vulnerable.
“I remain concerned that the Administration did not fully anticipate the range of possible Iranian responses prior to carrying out the strike [Soleimani], particularly given the United States’ significant reliance on information and communications technology,” said Rep. Jim Langevin (D-R.I.), co-founder of the Congressional Cybersecurity Caucus and chair of the House Armed Services Committee’s main cybersecurity panel.
Iranian cyberattacks could target “industrial control systems essential to the operation of power grids, water systems, and other critical infrastructures,” warned Melanie Teplinsky, a former White House and NSA official who’s now an adjunct professor at American University’s Washington College of Law.
“The reality is that Iran is likely in a position to cause grave damage across our energy grid, water plants, and other utilities,” said Jay Kaplan, co-founder of the cybersecurity company Synack, but he added that “I don’t believe they will play this card unless things escalate further.”
Iran could also look beyond those targets.
Lance Hoffman, director of the Cyber Security Policy and Research Institute at George Washington University, warned of “manipulation of social media to … sow distrust in U.S. government agencies.”
Or Iranian hackers may take a page from Russia and try to disrupt the 2020 election or Democratic primaries and caucuses, warned Maurice Turner, deputy director of the Internet Architecture Project at the Center for Democracy & Technology think tank.
“The 30-plus primary elections in March will be prime targets if ideological messaging becomes an attack objective,” he said.
Another danger is that Iranian hackers could miscalculate and end up damaging organizations they don’t intend to.
“Unfortunately, organizations that aren't typically targeted by the Iranian government may nevertheless experience collateral damage or be targeted by hacktivists during a conflict like this,” said Tom Cross, chief technology officer of network security provider OPAQ Networks.
Several experts also fretted that other nations might use escalating tensions between the United States and Iran to launch false flag cyberattacks against U.S. targets that look as if they’re launched by Iran but aren’t.
Camille Stewart, a former DHS cybersecurity official who works in Deloitte & Touche’s cyber risk practice, warned about “unaffiliated actors looking to capitalize off the tensions to execute a cyberattack and pass blame.”
Michael Daly, chief technology officer for cybersecurity and special missions for Raytheon Intelligence, noted that “North Korea and Russia may choose to create distractions and difficulty for the U.S. under the guise of the Iranian conflict.”
Among the 15 percent of experts who didn’t predict serious Iranian cyberattacks, most still expected Iran would punch back in cyberspace — they just didn’t think it would do much harm.
Megan Stifel, executive director for the Americas at the Global Cyber Alliance nonprofit and a former National Security Council cybersecurity official, said she expected “small-scale interruptions and nuisance activities with limited impact.”
Sam Visner, director of the National Cybersecurity Federally Funded Research and Development Center, managed by the Mitre Corporation, predicted “cyberattacks that will cause some difficulty, akin to vandalism, but Iran will move with caution and exercise some control, avoiding significant escalation.”
John Pescatore, director of emerging security trends at the SANS Institute cybersecurity training organization, meanwhile, predicted Iran couldn’t do enough damage in cyberspace to send the message it wants to.
“Pictures and stories of blood and deaths is … the goal, not stories of delays in plane takeoffs or deliveries of bicycles,” he said.
You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.
Not a regular subscriber?


— More responses to The Network survey question about cyberattacks from Iran: 
  • YES: “Iranian-linked actors are already quite active against United States targets. Given the current tension, we should expect an increase in activity. The question is whether they will be strategic and state-directed or undertaken at the initiative of their numerous proxies.” — John Carlin, former assistant attorney general for the Justice Department’s National Security Division and a partner at the Morrison & Foerster law firm
  • YES: “Although the intensity of the operations have waxed and waned and the focus of the operations has shifted between regional targets and Western targets, Iran has made steady use of this tool.” — Michael Daniel, former White House cybersecurity coordinator during the Obama administration who now leads the Cyber Threat Alliance
  • YES: “It’s safe to assume that the gloves will come off and we can expect a more aggressive posture in cyberspace from Iran.” — Vikram Phatak, founder of the cybersecurity firm NSS Labs
  • YES: “It's always better to expect serious cyberattacks and prepare accordingly than to assume they won't occur. We don't have a very clear sense of Iran's capabilities beyond espionage and sabotage, but that doesn't mean we shouldn't be preparing for and expecting more extreme attacks.” — Josephine Wolff, assistant professor of cybersecurity policy at the Fletcher School of Law and Diplomacy at Tufts University
  • YES: “With kinetic attacks already underway, coming from Iran towards American troops still stationed in Iraqi bases, it stands to reason that cyberattacks will escalate as well.” — Katie Moussouris, founder and CEO of Luta Security
  • YES: “The Iranian government and its agents have proven themselves to possess a small yet potent cadre of cyber operators…I anticipate that they will…use tactics, techniques and procedures such as obfuscation and redirection, outsourcing, and other methods to attack without solid attribution.” — Greg Touhill, president of Cyxtera Federal Group who served as the U.S. government’s first chief information security officer under President Barack Obama
  • YES: “Although Iranian leadership has called for Iran’s responses to the Soleimani killing to be overt and direct, it is hard to imagine that Iran or its proxies will not resort to hostile cyber operations, whether against U.S. military or civilian targets.” — Ashley Deeks, a former State Department official and professor at the University of Virginia Law School
  • NO: “The Iranians do not have escalation dominance in cyberspace, and they know it.”  Dave Aitel, a former NSA hacker who is president and CEO of the cybersecurity firm Immunity Inc.


Hard-line protesters chant slogans while holding up a poster of Gen. Qasem Soleimani and Supreme Leader Ayatollah Ali Khamenei. (Ebrahim Noroozi/AP)
PINGED: The United States was prepared to launch a cyberattack to disable Iran's gas and oil sector if Iran hit back too hard after a U.S. drone attack killed a top Iranian general, Peter Baker, Ronen Bergman, David D. Kirkpatrick, Julian E. Barnes and Alissa J. Rubin at the New York Times report. The revelation highlights a shift under the Trump administration to be more aggressive in cyberspace. 
The planned response also included physical strikes against a command-in-control ship. But officials backed away from the plans after Iran signaled it would go no further than its missile attacks against U.S. targets in Iran, which were designed to not cause casualties. U.S. officials also sent secret messages through Swiss intermediaries, urging Iran to not go further, the Times reports. 

An attendee wears a badge strip with the logo of Huawei and a sign for 5G at the World 5G Exhibition in Beijing in November. (Jason Lee/Reuters)
PATCHED: U.S. officials are arriving in Britain today to urge leaders there to exclude Huawei equipment from the nation’s next-generation 5G telecommunications networks, two sources told Jack Stubbs, William James, and Alexandra Alper at Reuters. The delegation comes as British security officials close in on a decision about whether to use the controversial Chinese firm that U.S. officials say can’t be trusted not to assist Beijing spying.
The U.S. delegation will include deputy national security adviser Matt Pottinger, Reuters reports. Huawei has steadfastly denied it helps China spy. 
Last week Sen. Tom Cotton (R-Ark.) introduced a bill that would cut off Great Britain and other allies from U.S. intelligence sharing if they fail to ban Huawei from their 5G networks. 
Andrew Parker, head of Britain’s MI5 domestic security agency, meanwhile, said he has “no reason to think” that the U.S. intelligence-sharing relationship would be damaged if Britain adopted Huawei technology, Lionel Barber, Helen Warrell and George Parker at the Financial Times report.

A doctor looks at an x-ray of a woman's broken wrist. (AP Photo/Luca Bruno)
PWNED: Millions of medical images that include patients’ sensitive health information are being exposed online every day in ways that make it easy for hackers to scoop them up, Zack Whittaker at TechCrunch reports
The culprit is insecure servers that hospitals are using to store X rays, ultrasounds and CT scans and that hackers can crack into with easy-to-download software. The servers are now putting about 1 billion medical images across the world at risk -- about half of which belong to patients in the United States, Zack reports. 
In one case, it took a researcher “just a few minutes” to find tens of thousands of patients' scans from one of the largest hospitals in Los Angeles.
“The amount of data exposed is still rising, even considering the amount of data taken offline due to our disclosures,” said Dirk Schrader, lead researcher  at a German security firm that unearthed more than 720 million exposed medical images in September.
The exposures, which can lead to greater risk of insurance fraud and identity theft for patients, have sparked concern from U.S. health officials and lawmakers.
“As Health and Human Services aggressively pushes to permit a wider range of parties to have access to the sensitive health information of American patients without traditional privacy protections attached to that information, HHS’s inattention to this particular incident becomes even more troubling,” Sen. Mark Warner (D-Va.) told Zack.


— Former House Intelligence Committee chairman Rep. Mike Rogers (R-Mich.) is announcing a new nonprofit group today aimed at highlighting the economic and national security importance of next-generation 5G telecommunications networks. The group will work with members of Congress “to win the 5G race against China,” according to a news release.
— More cybersecurity news from the public sector:
The U.S. government is planning to permanently halt its civilian drone program due to the devices being made at least partly in China, the Financial Times reported on Sunday.
The FBI has told U.S. companies that Iranian hackers have stepped up their probing and reconnaissance activity in the days since the U.S. military killed Iranian Maj. Gen. Qassem Soleimani.
Former New York City Mayor Mike Bloomberg on Friday released a plan to boost voting rights and election security, becoming the latest 2020 presidential candidate to address how votes are counted.
Q Cyber Technologies has been sued by Facebook and WhatsApp and is accused of helping Saudi Arabia spy on murdered journalist Jamal Khashoggi.
Texas authorities and the FBI are investigating after the Manor Independent School District lost about $2.3 million in a phishing email scam, the school system said in a news release.


— Cybersecurity news from the private sector:
The company didn't specify how many employees or customers were affected by the incident.
Travelex is restoring operations to process foreign exchange orders electronical...
SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.


— Cybersecurity news from abroad:
Huawei security chief's claims come as a proposed new bill threatens 'consequences' for U.S. allies buying Huawei.


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in