Iran Cyberattack Threat Now Critical: Experts
The risk of nation-state cyberattacks from Iran against U.S. interests remains high during a time of simmering geopolitical tensions in the Middle East, according to cybersecurity experts.
Stark warnings over potential Iranian cyberattacks from the Department of Homeland Security this week prompted discussions about nation-wide business security at a Wall Street Journal Cybersecurity Symposium in San Diego.
‘Not to be melodramatic, but every critical infrastructure sector in the United States will need to worry about [Iranian cyberattack],’ Mark Morrison, chief information security officer at Options Clearing Corp., told the publication.
Experts are concerned that Iranian retaliation over the U.S. airstrike that killed Major General Qassem Soleimani – foreign ring leader of the Iran’s Islamic Revolutionary Guard Corps – on January 3, is likely to involve a cyber component.
This is despite official statements from both countries suggesting a de-escalation in conflict that sent the Dow Jones Industrial Average up more than 200 points last week.
The tensions saw a boost in shares in cybersecurity firms, outperforming the market over the duration of the week.
Experts also said that physical attacks of retaliation, like those launched against U.S. military facilities that resulted in no fatalities, are of less concern than cyberattacks.
Iran has been implicated in cyberattacks on U.S. infrastructure in the past, including a dam in upstate New York and financial institutions.
‘Historically, the Iranians have targeted certain sectors when relations with the U.S. have reached a certain point. Everyone needs to be extra-vigilant on that,’ Morrison said.
Steven Bernard, founder and chief executive of Bernard Consulting Group Inc., and a former security chief for Sony Corp, said tensions in the Middle Easy has created a sense of confusion within U.S. companies – which are concerned about being on the frontline of a digital conflict.
He said that companies don’t know where to go, who to trust or where to put their efforts into to protect their businesses.
This week’s DHS alert suggests that Iranian capabilities range from cyberattack strategies like denial-of-service attacks to more sophisticated tactics – such as causing physical damage through cyber intrusions.
The threat of direct actions against U.S. businesses by a nation-state could provide a challenge for cyber insurers, which might invoke a hostile-acts clauses in commercial contracts, according to Tyler Gerking, a partner at law firm Farella Braun & Martell LLP.
Kiersten Todt, managing director at the non-profit Cyber Readiness Institute, said that cybersecurity needs to be ensured to protect the nation.
‘Cybersecurity is an area where what we do as individuals can make a difference in protecting the nation,’ he said