As tensions build with Iran, the risk of major offensive retaliation becomes an increasingly realistic concern. Based on historical activity, it is clear that Iran is capable of both military action and coordinated cyber offensives. Our Threat Research Team put out some recommendations about Iran’s cyber capabilities, and I was fortunate to gain even more perspective on the situation in a conversation with one of Fidelis Cybersecurity’s esteemed Advisors, Rob Richer. Rob retired in November 2005 from the Central Intelligence Agency as the Associate Deputy Director for Operations (ADDO). Prior to his assignment as the ADDO in 2004, Richer was the Chief of the Near East and South Asia Division, responsible for Clandestine Service Operations throughout the Middle East and South Asia. Mr. Richer currently consults on Middle East and national security issues and is a senior partner with International Advisory Partners, and he provides some interesting perspective on the topic of Iran and increased cyber activity.
Q: Rob, first off, thank you for speaking with me. With the very public nature of their verbal and physical response thus far, where do you anticipate is the most likely attack vector from a cyber standpoint?
A: Sam, we are already seeing Iranian linked cyber-attacks and disruptions originating from known or suspect Iranian entities. Primarily they appear to be targeting social media and minor local government sites in the US. I anticipate that such attacks will continue. Iran or its proxies will focus on “soft” cyber targets. Iran will try to irritate but not do such damage as to invite serious responses, cyber or otherwise unless the situation between Iran and the United States escalates. As of today, such an escalation appears less likely than earlier this week but that could change immediately with an action by either side that “required” some type of face saving or more active response.
Q: In terms of attribution, are you fearful of imposters executing attacks that may lead to more physical retaliation?
A: I do have some concerns that other state actors or others might exploit the current situation between Iran and the United States to do damage, to support their own requirements/interests, or to exacerbate the situation. That said, such an attack would need to be significant enough to have real impact and given the USG’s present ability to follow the threads of such attacks, I feel the risk is manageable and minimal. I say that also with the hope that those making decisions to retaliate for such an attack take the time to evaluate such an attack, in both the U.S. and Iran.
Q: Would Iran have any interest, or what level of a threat should we consider Iran as far as hacking or influencing the US elections?
A: Yes, I firmly believe that Iran is going to try to influence the upcoming elections. Iran will do so to undermine the credibility of the election process and well as to try to influence the process et al. We know from our 2016 election experience that foreign State actors can impact voter trust in the process and also sway opinion and influence commentary on social media. This year’s Presidential election is most certainly on Iran’s cyber target list. Commentary in the public and private sector indicates that many of our voting entities, State or local, are still not wrestling with how to ensure voting integrity. This is going to be a most difficult election period to protect both in terms of the actual voting process and from what is circulated on social media and other outlets.
Q: Where do you see our long-term adversarial relationship with Iran heading in terms of cyber war?
A: My answer to this final question is based on the history of US/Iran relations of the last 40 plus years. We’ve been spiraling towards confrontation for most of that time with short periods of detente or status quo existence. Iran is well aware that, militarily, we are far superior. The equalizer for Iran is both its controversial Nuclear program (which Iran has used for political advantage or leverage) and its cyber capabilities. Cyber is a much lower risk offensive capability with potential deniability. Iran will continue to expand its cyber capabilities and WILL use that capability to offset its more limited conventional military capabilities and minimal political strength. I see no way for the adversarial relationship to lessen absent a balanced political dialog between the US and Iran. Such a dialog is not on the table at present nor expected for the foreseeable future absent a seismic change in the dynamics in play, on both sides of the issue.
*** This is a Security Bloggers Network syndicated blog from Blog – Fidelis Cybersecurity authored by Jimmy Gaughan. Read the original post at: https://fidelissecurity.com/threatgeek/network-security/iran-qa/