Vigilance and expectation
6 January 2020 | 0
Entirely unsurprisingly, the US Department of Homeland Security has used its National Terrorism Advisory Unit to issue a security bulletin warning of the increased likelihood of cyber attack in the wake of the assassination of the Iranian general, Qassem Soleimani, IRGC-Quds Force commander on Iraqi soil.
The bulletin states that “Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S. based targets.”
It asserts that Iran “maintains a robust cyber programme,” and can “execute cyber attacks against the United States.”
It argues that “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
Why the word “temporary” is needed here is not quite clear.
It goes on to say that “Iran likely views terrorist activities as an option to deter or retaliate against its perceived adversaries. In many instances, Iran has targeted United States interests through its partners such as Hizballah [sic].”
Iran does indeed have a history of instigating cyber attacks, but also of using digital media to push propaganda, spread disinformation and generally play at exactly the same cyber game as many other nations, for its own self interest.
Specifically, in the wake of being a victim of the Stuxnet attack, Israel accused Iran of multiple attacks on its critical infrastructure in 2014. Major power outages in Turkey in 2015 were attributed to Iranian hackers. 2017 saw attacks against the British Parliament attributed to Iran too.
There is no doubt that, as with many nations who have been in conflict recently, there is now a cyber dimension to both intelligence gathering and defence. Iran has certainly developed a cyber capability, in the same way that the US, European nations, Russia, China and more have done too. The exact extent of Iran’s offensive capability in this arena is difficult to determine, but it is a reasonable move by US Homeland Security to issue a warning to be vigilant.
However, the issue is further clouded by more parallels with other threat actors. Iran, in common with China and Russia, tends to have a number of unofficial groups, of varying levels of capability and organisation, that can be used as proxies in cyber actions.
While the military can usually rely in tight discipline, associated groups of loyal followers cannot be relied upon for the same level of response. Furthermore, it has been seen in other theatres that such associated groups can sometimes go off on their own recognisance and be somewhat difficult to control. This solo-run outcome can often have a financial motivation as well as a political one, and so for organisations outside of the immediate sphere of the political events, is a more immediate threat than the macro backlash.
In these cases, the loyal groups will often target organisations aligned to or associated with the perceived enemy, so in this case US companies, allies or interest groups may be targeted by the looser affiliated hacking groups for monetary gain. This funding model has been observed elsewhere and is often perceived as a patriotic support to the nation state actions.
However, no hack group worth its tag would overlook the crisis/opportunity nexus, and so there are probably hacking groups and cyber criminals all over the world now examining how they can take advantage of the current fluid situation.
So, while the DHS bulletin is vague, it is nonetheless pertinent, as there should be a general level of vigilance in the coming weeks as there should be no doubt at all that whatever Iran’s direct response to the assassination, there will be a cyber element, not all of which will be under direct order — or control – of Tehran.