Cyberspace Is the Next Front in Iran-U.S. Conflict – and Private Companies May Bear the Brunt

A recent U.S. Department of Homeland Security alert highlights Iran’s capability and willingness to engage in multiple types of destructive cyberattacks over the last decade. According to indictments filed by the U.S. Department of Justice, as cited in the DHS alert:

·  Beginning as far back as 2011, Iran has conducted numerous Distributed Denial of Service (DDoS) attacks, sending massive amounts of internet traffic to knock websites offline. Iran’s DDoS attacks have targeted, among others, financial institutions, for whom the resulting downtime reportedly cost millions of dollars.

·  In 2013, one or more Iranians working for the country’s Revolutionary Guard illegally accessed the control system of a New York dam, although no direct damage apparently was done.

·  In 2014, Iran conducted an attack on the Sands Las Vegas Corporation, stealing customer credit card, Social Security and driver’s license numbers and wiping all data from Sands’ computer systems.

·  Between 2013 and 2017, hackers working on behalf of Iran’s Revolutionary Guard conducted a “massive” cyber theft operation targeting academic and intellectual property data, along with email information, from hundreds of universities, more than 45 companies, at least two federal agencies, at least two state governments and the United Nations.

It is possible that new efforts along these lines could be planned and timed to affect upcoming American elections. In addition, other countries could launch attacks and try to blame them on Iran, or vice versa.

No Clear Cyber Rules of Engagement
For conventional and even nuclear warfare, nations have, over the centuries, agreed to rules of armed conflict. They’ve developed ways to signal their intentions to escalate or deescalate a conflict. The U.S. and Iran have, for now, deescalated their public military conflict, thanks to Iran warning of its missile attack and not killing or injuring anyone and the U.S. not taking any further military action.

But cyberspace remains the wild west, with few, if any, agreed-on rules of engagement or well-understood signaling mechanisms. This makes any ongoing cyberconflict between Iran and its enemies all the more dangerous, with critical infrastructure companies at risk of being caught in the crossfire.

Without government assistance, those companies are largely on their own in defending against Iranian or other foreign government attacks. Strict criminal laws severely restrict companies’ defensive options, prohibiting, for example, technologies to trace and destroy stolen data.

Collective Cyberdefense
All of that said, there are steps companies can take to protect themselves, not only from Iranian or other governmental attacks but against hacking by data thieves, ransomware gangs, corporate rivals, disgruntled employees or anyone else.

Vigilance and communication is key. Companies, particularly in critical infrastructure sectors such as energy, financial, telecommunications and health care, should stay in closer-than-usual touch with appropriate governmental bodies, including the Department of Homeland Security, the FBI and the appropriate cyber Information Sharing & Analysis Centers. ISACs can help companies quickly get threat intelligence from the government and report attacks that may have implications beyond a single company.

Businesses also should carefully check their systems for malware previously inserted maliciously to enable future attacks. They should, of course, scan their systems on an ongoing basis for viruses and other malicious code that could let hackers have unauthorized access to systems or data. Companies should also securely back up their data, closely monitor data traffic on their networks, require workers to use multi-factor authentication when logging into IT resources, and provide cybersecurity training and awareness to employees.

Protecting our national and economic security from attack is in the hands of private citizens and companies in a way that hasn’t been true perhaps since British boat owners rescued their nation’s army from annihilation at Dunkirk in 1940. By taking reasonable cybersecurity measures, companies, and all of us individually, can not only help protect ourselves and our nation but, perhaps, even help to prevent a war.

Bryan Cunningham is Executive Director of the Cyber Security Policy & Research Institute, University of California, Irvine.This articleis published courtesy of The Conversation