CyberwarCyberspace Is the Next Front in Iran-U.S. Conflict – and Private Companies May Bear the Brunt
Iran and other nations have waged a stealth cyberwar against the United States for at least the past decade, largely targeting not the government itself but, rather, critical infrastructure companies. This threat to the private sector will get much worse before it gets better and businesses need to be prepared to deal with it.
Iran and other nations have waged a stealth cyberwar against the United States for at least the past decade, largely targeting not the government itself but, rather, critical infrastructure companies. This threat to the private sector will get much worse before it gets better and businesses need to be prepared to deal with it.
As in the days of pirates and privateers, much of our nation’s critical infrastructure is controlled by private companies and enemy nations and their proxies are targeting them aggressively.
The U.S.-Iran cyberconflict has simmered for years, but the current crisis boiled over with Iranian attacks on U.S. interests in Iraq that led to the Jan. 3 U.S. drone strike that killed a senior Iranian general and terrorist leader. Iran’s supreme leader threatened “harsh revenge,” but said Iran would limit those efforts to military targets.
But even before Iranian missiles struck U.S. military bases in Iraq on Jan. 7, pro-Iranian hackers reportedly attacked at least one U.S. government-related website, along with a number of private company sites. Of greater concern, a new report details significant recent efforts by Iran to compromise the U.S. electric, oil and gas utilities.
Iran, which has reportedly attacked Saudi Arabian energy production, is also capable, according to U.S. officials, of conducting “attacks against thousands of electric grids, water plants, and health and technology companies” in the U.S. and Western Europe. Disrupting those systems could cause significant damage to homes and businesses and, in the worst case, injuries and death.
Much of our targeted critical infrastructure is under the control of private companies. Without government protection – and in the absence of any agreed-upon rules of cyber warfare – businesses are at high risk, and strict American criminal laws prohibit many forms of cyber self-defense by private companies. But there are straightforward measures companies can take both to protect themselves and to enhance our collective national cybersecurity.
What Will Iran Do?
Though it’s impossible to predict with certainty the behavior of the Iranian regime and their many proxies, their cyberattacks likely will continue to go well beyond governmental systems, which are reasonably well defended. Iran and its supporters likely will focus on easier targets operated by private companies.
