Experts say US should expect more Iranian cyberattacks

Experts say in new research that the United States should be prepared for Iran to target U.S. infrastructure, including economic and government assets, with destructive cyberattacks. 

In order to guard against such attacks, the U.S. government should increase the security of infrastructure and deepen cooperation with allies and nongovernmental organizations that have been targeted by Tehran’s cyber operations, they argue in a new report from the Carnegie International Endowment for Peace.

“The United States is reliant on an inadequately guarded cyberspace and should anticipate that future conflicts, online or offline, could trigger cyber attacks on U.S. infrastructure,” the report states. 

{mosads}“The first priority should be to extend efforts to protect infrastructure and the public, including increased collaboration with regional partners and nongovernmental organizations targeted by Iran.” 

The report is authored by Collin Anderson, a Washington-based cybersecurity researcher, and Karim Sadjadpour, a senior fellow at the Carnegie International Endowment for Peace who focuses on Iran and U.S. foreign policy.

The research follows President Trump’s October move to decertify the 2015 nuclear deal with Iran brokered by the Obama administration, forcing Congress to decide whether to reimpose sanctions. 

The experts write that destructive cyber operations against the United States have broadly decreased since the early negotiations of the agreement, known formally as the Joint Comprehensive Plan of Action, in 2013, though they suggest Iranian hackers are likely to target vulnerable economic and government assets in the future in the event of “renewed hostilities.”

“Renewed hostilities between Iran and the United States could be expected to involve the targeting of vulnerable economic, civilian, and governmental services with data destruction, [distributed denial of service], and other disruptive attacks,” they write.

“Under current perceptions of Iranian offensive cyber capabilities, it is unclear that it would be prepared and able to launch attacks against the power grid or industrial control systems, such as those conducted against Ukraine,” they write. 

“Instead, attacks would follow the path of least resistance — targeting state and local governments rather than federal infrastructure, or unprepared sectors that have not been previously targeted such as transportation and logistics rather than the financial services.” 

They also posit that Iran will continue offensive cyber espionage against foreign targets in the U.S. and Europe. 

Iranian hackers are widely viewed as lacking the sophistication of those from nations like China and Russia; however, many caution that Iran has been able to leverage attacks to cause damage to adversaries without significant investment.

Nevertheless, tight sanctions are expected to continue to prevent the regime from investing considerably in the advancement of its cyber operations.

Iran, like other countries, is believed to rely on proxies to carry out cyber operations, blurring the line between cyber criminals and state-sponsored actors.

The United States has, in some cases, imposed sanctions on Iranian individuals and organizations for supporting cyberattacks targeting U.S. interests.

In September, the Trump administration sanctioned several Iranian nationals and a private Iranian IT company linked to Iran’s Islamic Revolutionary Guard Corps (for conducting denial-of-service attacks against U.S. banks between 2011 and 2013.

In November U.S. officials also made a public show of charging an Iranian hacker with stealing confidential data from HBO and attempting to extort the company for millions of dollars over the summer. The hacker is said to have conducted network attacks against other countries’ infrastructure on behalf of the Iranian military, though prosecutors say he did not target HBO on behalf of the government.