In the wake of the hacking of Sony, all eyes are now on North Korea's disruptive online capabilities. But the cyberwarfare potential of another rogue state — Iran — is also growing, and it could soon constitute a major threat to the United States and its allies.
That's the conclusion of a new report chronicling the past two years of Iranian activity in cyberspace.
"Since at least 2012, Iranian actors have directly attacked, established persistence in, and extracted highly sensitive materials from the networks of government agencies and major critical infrastructure companies in the following countries: Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates and the United States," notes the 86-page study, issued by California-based cybersecurity firm Cylance earlier this month.
The cause for Iran's activism can be traced back to 2009-10, when the Stuxnet cyberworm temporarily wreaked havoc on its uranium enrichment capabilities. That bit of malware — commonly attributed to Israel and the U.S. — was followed by others, including the software script Stars, the cyberespionage program Duqu, and Flame, a virus reportedly designed to map Iran's nuclear network.
Multiple attacks
In all, Iran's nuclear program has been attacked no fewer than six times over the past half-decade. As a result, Iran's leaders have concluded — with considerable merit — that their regime has become the target of a sustained campaign of virtual subversion by the West. And they have responded in kind.
Over the past two years, a number of significant cyber incidents have been tied to Iran in one way or another. These include a major hacking campaign against Saudi Aramco oil company in 2012, attacks on U.S. banks and financial institutions in 2012 and 2013, repeated attacks on Israeli infrastructure targets last year, and — most recently — the penetration last year of the U.S. Navy's unclassified networks.
All of these, the Cylance study concludes, are part of a systematic campaign by Iranian hackers to target critical infrastructure around the world.
The scope of the effort mapped out by Cylance is breathtaking. It includes, among other targets, oil and gas firms in France, Kuwait, Qatar and Turkey; aviation hubs in Pakistan and South Korea; energy and utilities companies in Canada and the U.S., and government agencies in Qatar, United Arab Emirates and America.
Moreover, it might just be the tip of the iceberg. Iran's cyber capabilities, the study points out, are evolving rapidly, and what has been identified might be just a fraction of the Islamic Republic's online presence. The report concludes with a dire warning: "As Iran's cyberwarfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing."
U.S. on alert
Government authorities appear to be taking this possibility seriously. The Cylance study has reportedly been distributed widely within the Department of Homeland Security, and the FBI recently issued a confidential guidance to U.S. firms that might become targets of Iranian cyberwarfare.
The caution is undoubtedly warranted. Iran might be playing nice with the West at the moment. There has been a notable decrease in the frequency of cyber attacks on Western targets since the start of the current nuclear negotiations in November 2013. But if there is a breakdown of the talks, and a renewed imposition of sanctions against a recalcitrant Iranian regime, cyberwar could again be a distinct possibility.
The Iranians, at least, seem to think so. In February, Iran's supreme leader, Ayatollah Ali Khamenei, issued a special message to the country's university students in which he urged them specifically to prepare for such a conflict with the West. The target, according to Khamenei, would be "the Dominance Power" — a common Iranian euphemism for the U.S.
We should stand so instructed.