Iran has laid groundwork for extensive cyberattacks on U.S., say officials

After the U.S. pulled out of the nuclear deal, known as the Joint Comprehensive Plan of Action (JCPOA), Homeland Security Secretary Kirstjen Nielsen testified before Congress that the U.S. was “anticipating it’s a possibility” that Iran would increase cyberattacks in the coming weeks and months and that the U.S. “will be prepared.” Nielsen said the U.S. has a posture called “shields up” it can institute when anticipating a possible attack.

Should the JCPOA collapse entirely, said Behnam Ben Taleblu, an Iran expert and a fellow at the Foundation for Defense of Democracies, a conservative think tank in Washington, the infrastructure of Western countries might be an attractive target to the Iranians.

“Iran has a penchant for using such tools against the West,” said Ben Taleblu. “The cyber domain permits the Islamic Republic to engage in graduated escalation, a hallmark of Iranian security policy.”

U.S. officials have alerted America’s allies in Europe and the Middle East to the potential Iranian threat and have begun preparing a menu of possible responses, according to both current and former U.S. officials. It’s unclear if the options include a preemptive cyberattack to deter Iran from launching one.

Senior U.S. officials remain divided over the use of a pre-emptive cyberattack.

Some administration officials have argued in favor of offensive cyber operations, while others, including the former White House official who was overseeing the policy, have advised against that, one former White House official said.

The issue is in part what has delayed the finalization of the Trump administration’s overall cyber policy, according to one former official.

The cyber threat comes as the Trump administration has focused more publicly on Iranian threats.

The Trump administration is poised to adopt new sanctions against Iran this summer as part of its withdrawal from the JCPOA. Trump’s decision to pull out on May 8 began a 90-day clock for the U.S. to reinstate sanctions on Iran.

The administration has also suggested recently that Iran is using its embassies to plan terrorist attacks, following the disruption of an alleged plot in the Iranian embassy in Austria to bomb a meeting of opposition leaders in Paris. Iran called the allegations “baseless” and “preposterous,” saying the plot was a “false flag” operation staged by regime opponents.

Secretary of State Mike Pompeo has led the charge against Iran, warning during a visit to the United Arab Emirates that Iran would pay “a high cost” for its aggression in the region after Tehran threatened to close the Strait of Hormuz to disrupt Middle East oil supplies.

Pompeo also said in an interview with Sky News Arabia that the Trump administration is planning “a number of things” to confront Iran, including “a series of sanctions aimed not at the Iranian people, but rather aimed at the singular mission of convincing the Iranian regime that its malign behavior is unacceptable and has a real high cost for them.”

Current and former U.S. officials noted that Iran has a history of using cyberattacks to retaliate against such actions. Its use of cyberattacks subsided after the U.S. and other world powers reached the 2015 nuclear agreement.

Image: Mike Pompeo
Secretary of State Mike Pompeo speaks during a cabinet meeting at the White House on July 18, 2018.Olivier Douliery / Pool via EPA

“Iran’s interest in offensive cyber operations is well known and America and its partners would be well advised to consider the likelihood that Iran will mount cyber operations as sanctions are imposed,” said Norman Roule, a former top CIA official on Iran.

U.S. intelligence officials recently have observed Iranian hackers probing America’s electric grid, which cyber experts say they have done in the past.

“The Iranians have been doing these types of probes for years now — mapping out the networks of critical infrastructure to find potential vulnerabilities,” said James Lewis, who worked on cyber security and intelligence as a senior State Department official.

An attack on infrastructure would be far more aggressive than previous Iranian cyberattacks, which have largely focused on American business entities and targets in Persian Gulf states and Israel, said cyber experts who advise U.S. government agencies and corporations.

“It seems like their attention has been very focused on regional adversaries,” said Adam Meyers, vice president of intelligence at CrowdStrike.

The U.S. and Iran have a history of trading cyberattacks. In 2016, U.S. prosecutors charged seven Iranian computer experts linked to the government with a series of cyberattacks on U.S. banks and a New York dam.

Image: Dan Coats speaks with Andrea Mitchell during the Aspen Security Forum
Dan Coats speaks with Andrea Mitchell during the Aspen Security Forum in Aspen, Colorado on July 19, 2018.Daniel Bayer / Aspen Security Forum

Four years earlier, Tehran was accused of unleashing a computer virus known as Shamoon that erased data on tens of thousands of computers at Saudi Aramco, the Saudi state-owned oil company.

Last year, a sophisticated assault on a petrochemical plant in Saudi Arabia nearly succeeded in sabotaging operations and triggering an explosion. Cyber security experts said Iran was almost certainly behind the attack.

In written testimony presented to Congress in March, DNI Coats wrote, “Iran’s cyberattacks against Saudi Arabia in late 2016 and early 2017 involved data deletion on dozens of networks across government and the private sector.”

In 2010 it became publicly known that the U.S. and Israel had unleashed a destructive cyber weapon against Iran’s nuclear program known as Stuxnet, a targeted, sophisticated computer virus that caused physical damage to Iran’s nuclear centrifuges.

The Trump administration’s increasingly bellicose rhetoric about Iran has raised concerns among lawmakers on Capitol Hill that this could be reminiscent of the George W. Bush administration’s push to invade Iraq in 2003, which relied in part on now-discredited intelligence. In an op-ed article in The Atlantic published July 13, Sen. Tim Kaine, D-Va., compared the language to the days leading up the war in Iraq.

“I fear the United States is on the verge of blundering into another unnecessary war with Iraq’s next-door neighbor Iran. The same warning signs are on the horizon, and I hope we will turn back from the foolish path we seem to be taking,” wrote Kaine, the former Democratic nominee for vice president. “We cannot afford another unnecessary war, and Congress and the public must be vigilant to stop it.”

U.S. intelligence had previously warned about growing cyber threats from Iran and other, sometimes more technically advanced countries.

In his March 2018 written testimony to Congress, Coats wrote that Russia, Iran, and North Korea “are testing more aggressive cyberattacks that pose growing threats to the United States and U.S. partners.”

Coats wrote that U.S. intelligence agencies assessed that “Iran will continue working to penetrate U.S. and Allied networks for espionage and to position itself for potential future cyberattacks, although its intelligence services primarily focus on Middle Eastern adversaries — especially Saudi Arabia and Israel.”

On July 13, Coats told the Hudson Institute in Washington that the warning signs about coming cyber threats are similar to the signs the U.S. saw before Sept. 11, 2001.

“The warning lights are blinking red again,” said Coats. “Today the digital infrastructure that serves the country is literally under attack.” Coats said Russia was the worst offender, but also named Iran, China and North Korea as adversaries.

This content was originally published here.