Since 2015, Iran has been conducting a sophisticated online cyberattack campaign that uses custom-built malware to deliberately infect and gain access to sensitive industrial control systems and critical infrastructure in companies across the globe.
All of this activity during the last two years has been like spring training for the Iranians: mostly practice attacks designed to sharpen their skills.
Spring training is over, and with a much-improved cyberwarfare capability, Iran can now strike back.
In 2012 Iranian hackers attacked Saudi Arabia’s national oil company, Saudi Aramco. The attack nearly obliterated Aramco’s corporate IT infrastructure and brought the company close to collapse. Five years later the Iranians’ cyberskills are even more refined and harder to track.
Aramco should have been a wake-up call, but from this vantage point, it is hard to see what has changed in the way of our national cyberdefense strategy or foreign policy. This historic visit to the region by Trump is encouraging, and his posture has been very much like the entrance of a new sheriff in town.
But there have been a lot of missteps to correct in order to address the threat going forward. The Iranian Nuclear Deal, pushed by former President Barack Obama, resulted in an injection of more fuel into the Iranian cyberwarfare machinery. According to a 2016 Defense Department report, Iran has evolved its cybersecurity operations to become the primary pillar of its national security strategy and has been testing the limits of sanctions and repercussions associated with the nuclear deal as they might be applied to their activities in cyberspace. So far, no reaction from the West.
In the past few months, an Iranian wiper malware called Shamoon has been used in a series of cyberattacks against Saudi Arabia, again targeting its petrochemical sector. This obvious targeting of an important U.S. ally proves the world had better be paying attention to its cyber capabilities.
Iran’s cybersecurity skills aren’t yet quite of the same caliber as those of China or North Korea, and as a result some Israeli cybersecurity experts were able to access one of Iran’s key software platforms, discovering some advanced exploit kits and a list of almost 2,000 targets, the bulk of which were in the U.S. and Saudi Arabia and included defense officials, contractors, journalists, and politicians. These targets imply that their primary intent is disruption and deception.
But the subsequent discovery by a U.S. cybersecurity firm of “Operation Cleaver,” operated by an Iranian government-backed hacking organization, has clearly documented attacks that included hundreds of companies and sensitive institutions, military systems, oil and gas production controls, airport and airline security databases. The countries targeted were not just the conventional adversaries of Iran such as the U.S. and Israel. They included such countries as South Korea and Canada as well.
“Cleaver” clearly demonstrates that the Iranians aren’t only interested in espionage or intelligence collection. Airports and downstream oil and gas producers are targets for damage and the global nature of the intended harm should be serve as a warning to a lot of different people.
While today, Iran’s cyber capabilities remain technically inferior to those of the U.S., China, and Russia, they certainly have the ability to target Israel’s financial and banking systems, its energy infrastructure and the Israeli military and law enforcement communications. The best way to assure an inability to achieve peace in the Middle East is to launch cyberattacks on Israel with false flags planted in Palestine. I guarantee it won’t be the Palestinians launching the attacks.
As Iran’s principal foreign-policy goal is to become the dominant power in the Middle East, they will use their newly refined cyberabilities to intimidate, disrupt and destroy key components of infrastructure, business, communications, and defense systems among its regional adversaries. While they will remain cautiously concerned about jeopardizing their glorious nuclear deal with the U.S., the ability to hide behind cyber attribution problems will serve them well.
Cyberwarfare is now as important to Iran’s military strategy as its ballistic missile program used to be.
Before they were able to develop their cyberskills to the present level, Iran’s global reach was hamstrung by its primitive capabilities. Short of a nuclear weapon, the West held the upper hand with sanctions and aircraft carriers in the Strait of Hormuz.
But spring training is over, and with a much-improved cyberwarfare capability, Iran can now strike back.
Steve King is the COO and CTO of Netswitch Technology Management.