U.S. Officials Brace for Cyber-Attack Retaliation From Iran

By Alyza Sebenius and William Turton | January 6, 2020

Iranian officials are likely considering a cyber-attack against the U.S. in the wake of an airstrike that killed one of its top military officials.

Former U.S. officials and security experts said there is precedent for such concerns amid years of tit-for-tat cyber-attacks between the two countries. As recently as June, after the U.S. sent additional troops to the Middle East and announced further sanctions on Iran, cyber-attacks targeting U.S. industries and government agencies increased, the Department of Homeland Security said at the time.

In a tweet after the airstrike on Thursday, Christopher Krebs, director of the U.S. Cybersecurity and Infrastructure Security Agency, repeated a warning from the summer about Iranian malicious cyber-attacks, and urged the public to brush up on Iranian tactics and to pay attention to critical systems, particularly industrial control infrastructure.

The airstrike in Baghdad killed Qassem Soleimani, a major general in the Iranian Islamic Revolutionary Guard, who led proxy militias that extended the country’s power across the Middle East. The strike ordered by U.S. President Donald Trump was in response to “an imminent threat,” according to Secretary of State Michael Pompeo.

By midday, shares of cybersecurity companies were mostly up, even as the broader market was down amid uncertainty created by the airstrike. Just before 1 p.m. eastern time, shares of CrowdStrike Inc. were up 3.7% and FireEye Inc., 2.7%.

John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye Inc., said Iran has largely resisted carrying out attacks in the U.S. so far. But “given the gravity of this event, we are concerned any restraint they may have demonstrated could be replaced by a resolve to strike closer to home.”

Iranian cyber-attacks have included U.S. universities and companies, operators of industrial control systems and banks. Iranian hackers tried to infiltrate the Trump campaign, and they have launched attacks against current and former U.S. government officials and journalists. The U.S., meanwhile, has employed cyberweapons to attack Iran’s nuclear capabilities and computer systems used to plot attacks against oil tankers, according to the New York Times.

James Lewis, senior vice president at the Center for Strategic & International Studies, likened the airstrike to assassinating a top U.S. official, such as the head of the Central Intelligence Agency or the Chairman of the Joint Chiefs of Staff. As such, he said Iranian retaliation may include the use of force, but the government is also likely asking hackers for a list of options.

“Cyber-attacks may be tempting if they can find the right American target,” Lewis said. “The Iranians are pretty capable and our defenses are uneven, so they could successfully attack poorly defended targets in the U.S. There are thousands, but they would want something dramatic.”

The geopolitical tension between the U.S. and Iran has ratcheted up since the U.S. withdrawal in 2018 from a nuclear deal struck under President Barack Obama. But the nations have a years-long history of cyber confrontation.

Roughly a decade ago, the U.S. and Israel reportedly used a computer worm called Stuxnet to ruin about 1,000 centrifuges at an Iranian nuclear facility. Then, starting in 2011, Iran-backed hackers launched disruptive attacks against dozens of mostly financial targets in the U.S. — costing them tens of millions of dollars.

Neither the U.S. nor Israel ever responded publicly to the Stuxnet allegations.

Robert M. Lee, chief executive officer of the industrial cybersecurity firm Dragos Inc., said companies and cyber professionals need to be on guard against an attack.

“I would advise analysts to place a particular focus on looking for the tactics, techniques, and procedures of groups that have been shown to operate in the interests of the Iranian state,” Lee said. “For companies that have yet to make proper investments into the cybersecurity of their business, there is not much that can be done quickly in situations like this.”

Was this article valuable?

Here are more articles you may enjoy.