A digital attack by the Iranian government is a terrifying concern for U.S. cybersecurity experts because there is no way to secure an endless array of government and private sector entities.
Adam Levin, founder of CyberScout, a global provider of identity and data defense services, said that’s because Iran is “highly sophisticated” in its cyber capabilities. He said it has the ability to shut down the entire electric grid nationwide, which would impact how 320 million Americans access food and clean water, would shutter financial and communication systems, and would disrupt the global economy.
Concern over a potential attack erupted after the U.S. military killed Iranian Gen. Qassem Soleimani in a drone strike last week. An Iranian official responded with a threat to “attack the White House itself,” prompting concern over how else Iran might go about retaliating.
Levin said while China and Russia are best known for their cyber capabilities, Iran “is definitely one to watch” because it is home to a number of independent hackers who are able to wreak havoc if they choose to attack the United States, even if only because of personal animosity to a Western nation and not on behalf of their government.
Cyberattacks are defined as malicious incidents involving data stored digitally. They can range in size from something as small as a phishing email sent to one person to gain access to their computer to manipulating results on digital voting machines during an election. Hackers can take information, erase and replace information, or request information while pretending to be a friend or company the intended victim knows.
Attacks have evolved, and now malware planted on a computer or in a server is capable of erasing all stored data. These types of “wiper attacks” would be particularly damaging to financial and healthcare companies, Levin warned.
“It seems everyone is discussing a large scale attack, but penetrations occur almost every day through phishing attacks similar to the most successful attack against the U.S. government, which was the [Office of Personnel Management] attack in 2014/2015,” James Norton, a former senior official at the Department of Homeland Security who helped establish the department’s first cybersecurity team, wrote in an email. “Other possibilities would be a ransomware drop, which has been successful at local levels.” Ransomware attackers demand money in order to avoid having information wiped or disseminated.
The federal government is not responsible for guarding company data or information outside government databases. But the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security monitors all types of risks across the public and private sectors. It is the point agency within the government for calculating cyber risks at any given time and educating private groups with the most to lose, such as those in the critical infrastructure, financial, and healthcare industries.
Chris Duvall, senior director at the Washington-based Chertoff Group and a former senior DHS official, said he does not think the DHS is “freaking out” after last week. “I think everyone is in an increased state of wariness,” he said. “Some of our clients have already had emergency security meetings and board meetings,” Duvall said.
Serious Iranian-backed attacks on the U.S. have already occurred, Levin and Duvall said. Two Iranian men were indicted by a federal grand jury in 2018 for deploying ransomware to extort hospitals, local governments, and others in an attack that resulted in $30 million in losses. In 2016, seven Iranians working for Islamic Revolutionary Guard Corps groups were indicted in the U.S. for conducting a 176-day-long attack on 46 major American financial companies. The interference disrupted business for nearly half a year. That same year, an Iranian citizen digitally unlocked a dam in upstate New York, an attack similar in type to how a power grid could be shut down.
“It’s not necessarily government against government. It could be the Iranian government against a big company, against a smaller company, against a network, so you have issues, disruptions of communication, disruption of power, disruptions of finance, disrupting of healthcare systems,” Levin said.
The U.S. government did not report any Iranian cyberattack as of Monday evening. President Trump warned on Twitter that Iran “WILL BE HIT VERY FAST AND VERY HARD” if it retaliates against the U.S. in any manner.
[Read more: ‘Decisively react’: Iran military leader says country is not afraid of war amid tensions with US]
