Metro

  • Written by Bryan Cunningham, Executive Director of the Cyber Security Policy & Research Institute, University of California, Irvine

Iran and other nations have waged a stealth cyberwar against the United States for at least the past decade, largely targeting not the government itself but, rather, critical infrastructure companies. This threat to the private sector will get much worse before it gets better and businesses need to be prepared to deal with it.

As in the days of pirates and privateers[1], much of our nation’s critical infrastucture is controlled by private companies and enemy nations and their proxies are targeting them aggressively.

The U.S.-Iran cyberconflict has simmered for years, but the current crisis boiled over with Iranian attacks on U.S. interests in Iraq[2] that led to the Jan. 3 U.S. drone strike that killed a senior Iranian general and terrorist leader[3]. Iran’s supreme leader threatened “harsh revenge[4],” but said Iran would limit those efforts to military targets[5].

But even before Iranian missiles struck U.S. military bases in Iraq on Jan. 7, pro-Iranian hackers reportedly attacked[6] at least one U.S. government-related website, along with a number of private company sites. Of greater concern, a new report details significant recent efforts by Iran to compromise the U.S. electric[7], oil and gas utilities.

Iran, which has reportedly attacked Saudi Arabian energy production[8], is also capable, according to U.S. officials, of conducting “attacks against thousands of electric grids[9], water plants, and health and technology companies” in the U.S. and Western Europe. Disrupting those systems could cause significant damage to homes and businesses and, in the worst case, injuries and death.

Much of our targeted critical infrastructure is under the control of private companies. Without government protection – and in the absence of any agreed-upon rules of cyber warfare – businesses are at high risk, and strict American criminal laws prohibit many forms of cyber self-defense by private companies. But there are straightforward measures companies can take both to protect themselves and to enhance our collective national cybersecurity.

Cyberspace is the next front in Iran-US conflict – and private companies may bear the brunt Hackers with ties to the Iranian government attacked the Bowman Avenue Dam near New York City in 2016. AP Photo/Seth Wenig[10]

What will Iran do?

Though it’s impossible to predict with certainty the behavior of the Iranian regime and their many proxies, their cyberattacks likely will continue to go well beyond governmental systems, which are reasonably well defended[11]. Iran and its supporters likely will focus on easier targets operated by private companies.

A recent U.S. Department of Homeland Security alert highlights Iran’s capabity and willingness[12] to engage in multiple types of destructive cyberattacks[13] over the last decade. According to indictments filed by the U.S. Department of Justice, as cited in the DHS alert:

  • Beginning as far back as 2011, Iran has conducted numerous Distributed Denial of Service (DDoS) attacks, sending massive amounts of internet traffic to knock websites offline[14]. Iran’s DDoS attacks have targeted, among others, financial institutions, for whom the resulting downtime reportedly cost millions of dollars.

  • In 2013, one or more Iranians working for the country’s Revolutionary Guard illegally accessed the control system of a New York dam[15], although no direct damage apparently was done.

  • In 2014, Iran conducted an attack on the Sands Las Vegas Corporation[16], stealing customer credit card, Social Security and driver’s license numbers and wiping all data from Sands’ computer systems.

  • Between 2013 and 2017, hackers working on behalf of Iran’s Revolutionary Guard conducted a “massive” cyber theft operation targeting academic and intellectual property data, along with email information, from hundreds of universities, more than 45 companies, at least two federal agencies, at least two state governments and the United Nations.

It is possible that new efforts along these lines could be planned and timed to affect upcoming American elections[17]. In addition, other countries could launch attacks and try to blame them on Iran, or vice versa[18].

No clear cyber rules of engagement

For conventional and even nuclear warfare, nations have, over the centuries, agreed to rules of armed conflict. They’ve developed ways to signal their intentions to escalate or deescalate a conflict. The U.S. and Iran have, for now, deescalated their public military conflict, thanks to Iran warning of its missile attack and not killing or injuring anyone and the U.S. not taking any further military action.

But cyberspace remains the wild west, with few, if any, agreed-on rules of engagement[19] or well-understood signaling mechanisms[20]. This makes any ongoing cyberconflict between Iran and its enemies all the more dangerous, with critical infrastructure companies at risk of being caught in the crossfire.

Without government assistance, those companies are largely on their own in defending against Iranian or other foreign government attacks. Strict criminal laws severely restrict companies’ defensive options[21], prohibiting, for example, technologies to trace and destroy stolen data.

Cyberspace is the next front in Iran-US conflict – and private companies may bear the brunt Front lines in an Iran-U.S. cyberwar are spread out all over the country. Taylor Vick/Unsplash, CC BY[22][23]

Collective cyberdefense

All of that said, there are steps companies can take to protect themselves[24], not only from Iranian or other governmental attacks but against hacking by data thieves, ransomware gangs, corporate rivals, disgruntled employees or anyone else.

Vigilance and communication is key. Companies, particularly in critical infrastructure sectors such as energy, financial, telecommunications and health care, should stay in closer-than-usual touch with appropriate governmental bodies, including the Department of Homeland Security, the FBI and the appropriate cyber Information Sharing & Analysis Centers[25]. ISACs can help companies quickly get threat intelligence from the government and report attacks that may have implications beyond a single company.

Businesses also should carefully check their systems for malware previously inserted maliciously to enable future attacks. They should, of course, scan their systems on an ongoing basis for viruses and other malicious code that could let hackers have unauthorized access to systems or data. Companies should also[26] securely back up their data[27], closely monitor data traffic on their networks, require workers to use multi-factor authentication[28] when logging into IT resources, and provide cybersecuritiy training and awareness to employees.

Protecting our national and economic security from attack is in the hands of private citizens and companies in a way that hasn’t been true perhaps since British boat owners rescued their nation’s army from annihilation[29] at Dunkirk in 1940. By taking reasonable cybersecurity measures, companies, and all of us individually, can not only help protect ourselves and our nation but, perhaps, even help to prevent a war.

[ Like what you’ve read? Want more? Sign up for The Conversation’s daily newsletter[30]. ]

References

  1. ^ pirates and privateers (www.crn.com)
  2. ^ Iranian attacks on U.S. interests in Iraq (www.state.gov)
  3. ^ killed a senior Iranian general and terrorist leader (www.latimes.com)
  4. ^ harsh revenge (www.cnbc.com)
  5. ^ limit those efforts to military targets (www.globalsecurity.org)
  6. ^ pro-Iranian hackers reportedly attacked (www.dailymail.co.uk)
  7. ^ Iran to compromise the U.S. electric (www.wired.com)
  8. ^ Saudi Arabian energy production (www.reuters.com)
  9. ^ attacks against thousands of electric grids (www.nbcnews.com)
  10. ^ AP Photo/Seth Wenig (www.apimages.com)
  11. ^ reasonably well defended (www.cybercom.mil)
  12. ^ Iran’s capabity and willingness (www.us-cert.gov)
  13. ^ multiple types of destructive cyberattacks (www.nbcnews.com)
  14. ^ massive amounts of internet traffic to knock websites offline (www.justice.gov)
  15. ^ illegally accessed the control system of a New York dam (www.reuters.com)
  16. ^ conducted an attack on the Sands Las Vegas Corporation (money.cnn.com)
  17. ^ affect upcoming American elections (www.engadget.com)
  18. ^ try to blame them on Iran, or vice versa (securityaffairs.co)
  19. ^ agreed-on rules of engagement (theconversation.com)
  20. ^ well-understood signaling mechanisms (www.americansecurityproject.org)
  21. ^ severely restrict companies’ defensive options (www.lawfareblog.com)
  22. ^ Taylor Vick/Unsplash (unsplash.com)
  23. ^ CC BY (creativecommons.org)
  24. ^ protect themselves (theconversation.com)
  25. ^ Information Sharing & Analysis Centers (www.nationalisacs.org)
  26. ^ Companies should also (www.us-cert.gov)
  27. ^ securely back up their data (theconversation.com)
  28. ^ multi-factor authentication (theconversation.com)
  29. ^ British boat owners rescued their nation’s army from annihilation (www.britannica.com)
  30. ^ Sign up for The Conversation’s daily newsletter (theconversation.com)

Authors: Bryan Cunningham, Executive Director of the Cyber Security Policy & Research Institute, University of California, Irvine

Read more http://theconversation.com/cyberspace-is-the-next-front-in-iran-us-conflict-and-private-companies-may-bear-the-brunt-129487

Metropolitan republishes selected articles from The Conversation USA with permission

Visit The Conversation to see more

Entertainment News

TED CLINE ... Country Music Done Right

Country Music Done Right When Ted Cline uses the phrase “Country Music Done Right” to describe his engaging vibe, the Kansas City area-based singer/songwriter isn’t simply being crafty or clev...

News Company - avatar News Company

LAMONT DOZIER, JR. “Why Can’t We Be Lovers”/”I’m Gonna Take My Time”

When it comes to enduring musical legacies, it’s always inspiring when the melodic, grooving evergreen apples drop so close to the tree. The son and namesake of legendary singer, songwriter and re...

News Company - avatar News Company

DAWGGONEDAVIS ft. Chago G Williams (Rap Master, Producer)

“Darkest Hour” Just a little over two years since Rebecca “DawgGoneDavis” first took the world (and the World & Euro Indie charts) by storm with her quirky and infectious debut single “Mi...

News Company - avatar News Company

Stephen Wrench “Burning Bridges”

When the true colors of people you thought were nice and kind become the latest casualties of your Facebook friends list, the gloves just have to come off. As Stephen Wrench so powerfully and bl...

News Company - avatar News Company

Indulgent Fool Gasoline Tequila

Indulgent Fool,” the latest release from Gasoline Tequila, uses the emotive language of guitar to tell a story about sensuality and courtship. Any given night, in any given room, can define an arti...

News Company - avatar News Company

Chelsey Green and The Green Project release fresh new EP, ReEnvisioned

Chelsey Green and The Green Project. Their fresh new EP, ReEnvisioned, is a dynamic and empowering collection that in only four tracks showcases their passions for contemporary and traditional jazz...

News Company - avatar News Company

Fresh Prince of Bel Air's original "Aunt Viv" Janet Hubert announces new animation project

‘JG and the BC Kids’ Starts Preproduction with Toonz Media Group, Elijah Rock Productions and Ericka Nicole Malone Entertainment to Inspire Children to Embrace Themselves and Others  ...

News Company - avatar News Company

ANGELA PREDHOMME - It’s just So Good To Be Free

There’s something powerful and inspiring about an independent artist who pursues her passion and finds widespread success on her own terms, rather than following the generally accepted mainstream ...

News Company - avatar News Company

In the midst of the COVID-19 pandemic, Pure Mission Entertainment’s Willie J releases “In The Morning”

“In the Morning” To borrow from a well-known spiritual cliché, sometimes the musical muse works in mysterious ways. When Willie J joined forces in 2019 with Atlanta producer Cool Kid Diddy and...

Tom Estey - avatar Tom Estey

Metropolitan Business News

MODEL/ACTOR THORN CASTILLO IS THE “NEW FACE” OF SCHICK STYLIST

In 2019, just as his multi-faceted career was taking off, Thorn Castillo heard Robert Downey Jr. offer a sage bit of advice during an interview on photographer/director Sam Jones’ acclaimed multi-...

News Company - avatar News Company

New Research Highlights Opportunities for Sports Betting

Revenue Stream for Sports’ Post-COVID-19 Recovery Strategies New Rochelle, NY, June 1, 2020— Twenty-four states have now legalized sports betting, with more states considering legalization la...

Len Stein - avatar Len Stein

How to make overseas transfers easier?

Mainstream banks can charge as much as $20 just to process a basic international money transfer. Fortunately, today people are not doomed to handling personal finances only through mainstream gl...

News Company - avatar News Company

The flourishing international market of fragrance and perfume

There is something special and unique about the art of fragrance. This is a big world and there are quite literally a lot of smells around at any given time. In fact, as one of the five human senses i...

News Company - avatar News Company

Impact of good marketing on sales

Sales and marketing are brothers as they go hand and in hand. The job of both of these departments is to generate revenue so that an organization can make money. A company that does not generate rev...

News Company - avatar News Company

7 effective tips for increasing sales in retail

It seems that retailers have drawn a difficult lot in the 21st century: competition from online retail is growing steadily. After all, Internet retailers can sell your products at significantly lowe...

News Company - avatar News Company

Holidays

5 COOL GADGETS TO CARRY FOR A SAFE TRIP

Are you planning to go on a trip? Possibly, you do not know what things are most necessary on a trip. In this article, we will guide you through some important tips. These tips help you to...

News Company - avatar News Company

New Baggage Regulations to Help Aussie Parents Travel with Infants

Travelling around the globe has never been easy, especially when infants tag along for the trip. One of the main issues that parents often have to deal with is the need to bring extra item...

News Company - avatar News Company

Maya Beach Opens to Tourists

Despite recent reports that Southern Thailand's famous Maya Beach will close for three months this year, in fact no decision to this effect has been made by Thai authorities. Phi Phi Nati...

Maevadi Rosenfeldt - avatar Maevadi Rosenfeldt