The current conflict between the United States and Iran has created obvious reasons for concern. The news outlets and social media have been interchangeably using phrases such as “escalating,’ “de-escalating,” “conflict,” “war,” etc. However, there is a common term used in most reports- “Cyberwar.” While I am not a fan of this term, it is applicable here. Whether or not the media outlets understand what “Cyberwar” means, it provides legitimacy to the importance of the internet, networks, and computers to countries, businesses, and critical infrastructure. Let’s be honest – a disruption to these technologies and infrastructures impacts all of us. This concern has grown to the level that the Department of Homeland Security (DHS) has issued Alert AA20-006A.
All information security programs should perform some level of threat modeling to understand and defend against their most pressing threats. If you store, process, transmit credit cards, your concerns should focus on attackers from Eastern Europe (Russia), as this is where the majority of card-related financial fraud is reported to be sourced from. If your organization is a cleared contractor, designs technology, or is part of the supply chain for advanced technologies, your concern would be the Nation States such as China that look to obtain intellectual property for a competitive advantage against the United States. However, Iran does not fall into either of these categories.
Iran likely has little to no interest in payment information or intellectual property in relation to “Cyberwar” in this current conflict. My opinion is that their objectives are actually a bit more concerning. Iran likely does not have a favorable opinion of the United States after our “alleged” involvement in Stuxnet that significantly impacted their ability to enrich uranium. As the missile attacks demonstrated, they want their attacks to be obvious and noticed. They have also demonstrated their desire and expertise for large, public disruptions in the past with attacks such as Saudi Aramco in 2012, which was reported to have disabled 30,000 computers of one of the largest oil companies in the world.
Most companies need to be concerned about the current conflict with Iran from a “Cyberwar” perspective. However, there are certain attacks that I feel are more likely from Iran or others on their behalf. They include, but are not limited to:
- DDoS attacks
- Website defacements
- Espionage for political gain
- Disrupting Industrial control systems that are part of the critical infrastructure (power, water, propane, etc.)