Iran has already been linked to cyber attacks on critical infrastructure in the U.S.
On January 4, the United States Department of Homeland Security released a bulletin through the National Terrorism Advisory System warning of potential Iranian terror threats. The alert was published one day after a targeted U.S. drone strike killed Iranian Maj. Gen. Qassim Suleimani.
While the bulletin advises that the DHS doesn’t currently have any information indicating a credible threat, it emphasizes that Iran has previously demonstrated the capability to launch a cyber attack against the United States and identifies the nation’s critical infrastructure as a possible target.
“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.-based targets,” the bulletin says. “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
In order to combat against a cyber attack, DHS advises the public to be prepared for cyber disruptions, suspicious emails, and network delays. It also recommends citizens implement basic cybersecurity practices such as data backups and multifactor authentication.
Prior to the U.S. drone strike, analysts were already warning of increasing threats on critical infrastructure. This latest development highlights the importance of protecting the country’s operational technology.
“Many of these OT environments make up part of our critical national infrastructure and would be prime targets of any malevolent nation during hostilities,” writes security architect Tony Rowan. “In conventional warfare, an attacking force would use missiles and air power to disable command and control infrastructure to disrupt the enemy’s ability to respond. In parallel, they would select and prioritize transport infrastructure such as railways, bridges, airfields, etc. Next, the target list would include the POL (Petrochemical, Oil and Lubricants) sites to disable the enemy’s resupply capability for its aircraft, trains, ships and vehicles. Water supplies, power generation and distribution, TV, radio and other targets would also be included, depending on the overall strategic aims of the aggressor.”
Analysts have identified several critical infrastructure sites as possible targets. These include the power grids and water systems that keep the country running.
Among the potential targets in the energy sector is the Tennessee Valley Authority, the United States’ largest government-owned power utility. TVA operates 29 power-generating dams and seven nuclear reactors and has multiple connections to nuclear weapons production.
“Cybersecurity is a hot topic these days and frequently in the national news,” Andrea Brackett, director of TVA’s Cybersecurity group, said in a statement. “In reality, it’s a challenge that we’ve seen growing for several years …The energy sector is another very popular target for cyber crime.”
The threat to critical infrastructure and it’s appeal to nation-state attackers isn’t new. Nearly five years ago the U.S. National Security Agency’s chief Adm. Michael Rogers, told Congress that government officials had already identified efforts by nation-state actors to use malicious software and online attacks to infiltrate and study critical infrastructure with the goal of crippling the United States.
“Those control systems are fundamental to how we work most of our infrastructure across this nation. They are foundational to almost every networked aspect of our life from our water to our power to our financial sector. They’re so foundational to the way we operate,” Admiral Rogers said in a 2014 House Select Intelligence Committee hearing. “There shouldn’t be any doubt in our minds that there are nation-states and groups out there that have the capability to shut down and forestall our ability to operate our basic infrastructure, whether it’s generating power across this nation, whether it’s moving water and fuel.”
Iran has already demonstrated it’s cyber capabilities and interest in attacking industrial control systems. As recently as November, Iranian hackers targeted the accounts of employees at major manufacturers and ICS operators.
Abroad, the country has launched attacks on other countries using wiper malware designed to destroy computers within networks. The first attack in 2012 resulted in the destruction of 30,000 Saudi Aramco computers and in 2014. In August, networks at several Bahraini critical infrastructure providers were infiltrated by hackers linked to Iran. And In March, Iranian hackers targeted thousands of people at more than 200 oil-and-gas and heavy machinery companies across the world.