FBI Iranian terror threat, Prepare For the Worst From Iran Cyber Attacks.
With the risk of Iranian cyber attacks high enough for the Department of Homeland Security and the FBI to issue a warning, experts say the US government and the private sector must accept their sites will go down and be prepared to hit restart.
“I’m going to tell you a painful truth. When you have actors like this that are well trained — in the thousands — by a nation-state, if they are targeting something they will probably succeed,” says Diana Volare, whose (wonderful) title is “Chief Security Evangelist” at Saviynt. Over the past few years “Iran has been successful” in attacking a number of defense and civil aviation firms. Saviynt, based in El Segundo, helps organizations authenticate that people, software and systems accessing their networks are who and what they say they are, and not malicious actors.
Further, experts warn, Iran almost certainly has the cyber tools to inflict physical damage on US critical infrastructure. For example, Volare said, hacking the smart electrical grid could shut down power on the West Coast, or they could target military drones to crash them.
(Readers may remember that in 2011, Iran announced the capture of a Lockheed Martin RQ-170 Sentinel unmanned aerial vehicle (UAV) near the city of Kashmar in northeastern Iran — with Tehran saying it was brought down by a military cyber warfare unit. And in 2012, Iran formally established a special high-level command for cyber war, led by the Revolutionary Guards and directly overseen by Supreme Leader Ali Khamenei.)
So, since you’re system will almost get taken down should Iran attack, experts say, network backups, fail safe measures, plans for rallying recovery resources and personnel, and other methods of rapidly getting back to business are key to ensuring the attacks do not severely disrupt American society.
Piyush Pandey, CEO of Dallas-based Appsian (a company that provides services similar to Saviynet’s), said that while cyber incidents happen all the time, announcements about imminent threats from a specific country or actor “don’t come out very often.”
DHS on Jan. 4 issued a public bulletin warning of the increased potential for Iranian-backed cyber terrorism, and CNN reported this afternoon that the FBI and DHS also had issued a “joint intelligence bulletin” that predicted attacks first on overseas facilities — such as the Iranian missile attacks yesterday at two US air bases in Iraq — followed in the “medium-term” by attacks on the US homeland.
Further, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Jan. 6 issued a warning to cybersecurity experts to be on guard. As Pandey and Volare both noted, the CISA warning included specific guidance about the technical nature of possible Iranian attack attempts, based on previous hacking incidents traced back to Iranian sources.
A CISA spokesperson would not address whether the agency is seeing an increase in attempted cyber incursions in the United States. However, the governor of Texas, Governor Greg Abbott announced that state agencies under his control have seen an increase in attempted cyber attacks by Iran in the past 48 hours — as many as ten thousand per minute — and blamed Iran. None of those attempts had been successful, he added.
Pandey explained that the first step agencies and companies need to take is to increase monitoring of network activity, but he stressed that there is no way to really “rapidly gear up defense” — with the exception of simply giving up and “shutting yourself down,” which of course leads to a loss of business.
Instead, he said, US government and agencies must invest strategically in protect networks and, importantly, the data inside those networks. “Think of it like a house,” he said. “You can put really good doors and locks outside, and nowadays people have monitoring outside, but you have to have those things inside too. No matter what you do with the periphery, people will still come inside.”
Cyber Command (CYBERCOM), responsible for defending DoD information networks world wide, would not comment on whether they’ve seen an increase in cyber incidents or their activities to respond to the heightened Iranian threat.