US-Iran conflict could spur on cyberattacks on industrial systems

The US and Iran conflict escalated in early January in light of a US attack that killed a top Iranian general. Iran responded with strikes of its own which, unfortunately, also involved the accidental shooting down of a Ukrainian passenger airplane. Since then, both countries appear to have stepped back away from using direct military force. 

However, this doesn’t necessarily indicate that hostilities between the two countries have waned. Experts even expect Iran to resort to other means to retaliate particularly launching cyberattacks on American targets. Cyberwarfare arguably can put smaller nations like Iran on a more level field against a superpower like the US.

In a CNN interview, Columbia University professor Steven Bellovin explains why it’s feasible for Iran to take such a route. “First, [cyberattacks are] more deniable. If there is a missile attack on a US base or a diplomat is kidnapped, that’s much more easily traceable. Second, it doesn’t risk your own personnel,” he said.

Cybersecurity solution firm odix CEO Oren Eytan said, “Effective cyberwarfare attacks doesn’t need  be directed towards military targets; it can instead target nation’s industries and businesses resulting a disruption of civilian life and commerce.” 

Capabilities exist

The US and Iran have already been engaged in cyberwarfare even prior to these recent hostilities. Arguably, the US even fired the opening salvo. Variants of the Stuxnet malware, which targets industrial control systems, were used to attack various Iranian systems that were suspected to be used in the country’s uranium enrichment project. While Stuxnet was only uncovered in 2010, it was likely that systems were infected much earlier. It was eventually confirmed that the US was behind Stuxnet’s creation. These attacks were even credited to have prompted Iran to up its cyberwarfare capabilities. 

State-sponsored Iranian hackers have already allegedly performed several successful hacks on US targets. They were said to have carried out denial-of-service attacks on several large US banks over a two-year span starting 2011. Rye Brook Dam, a small facility in New York, was also taken over by Iranian hackers in 2013. The attack demonstrated the vulnerability in critical infrastructure. Recently, state-sponsored hacking group Magnallium has been tracked to be password-spraying US energy firms. The threat group has been looking to gain access to systems by trying out commonly used credentials. 

Attackers don’t even have to be citizens of warring states as they can tap threat groups like Magnallium and Charming Kitten to carry out their attacks. These groups have the technical knowledge and resources including botnets and hack tools to be successful. These groups have already been in operation for several years and each is even specialized in specific industries such as telecommunications, media, and utilities.

Keeping defenses up 

Each potential target must be kept secure but the number and variety of the organizations involved make it difficult for countries to comprehensively defend them against attacks. 

In the US, potential industrial targets include a both public and private organizations and facilities. Last year, a US Department of Energy report cited that attackers were already able to hack into a US power grid. While hackers weren’t really able affect service, the mere fact that they breached these systems’ defenses is cause to worry.

Many of the players in the US’ energy industry are private firms meaning that each facility may have its own approach to industrial IT and cybersecurity. Industrial control systems are quite complex and securing them requires comprehensive and multi-pronged strategies that fit each organization’s situation. The increasing use of internet-dependent tools and applications has exposed systems to potential network-based attacks.

Cyberdefense firm Darktrace director Andre Tsonchev shared, “These systems have been connected up to the Wild West of the internet, and there are exponential opportunities to break in to them. This creates a vulnerability that is especially acute in the US.”

Because of this, some organizations even consider the merits of using legacy technologies that are naturally air-gapped to keep them safe from such attacks. But such measures aren’t entirely fool-proof.

“critical industries such as power companies, energy & utilities should adopt the latest cyber protection technologies to prevent any potential attack. These facilities that use air-gapped networks required to ensure no malicious code was entered to their operational network and therefore need scanning and sanitizing tools for use with the storage devices they use across machines. While our other malware defense solutions typically work for internet-enabled systems, we also provide a standalone kiosk specifically for those running air-gapped infrastructures,” Eytan continued.

Sustained vigilance

Considering that hostilities between the US and Iran aren’t likely to resolve anytime soon, everyone must play an active role in securing key infrastructure and facilities. 

Governments can intervene by requiring all potential targets to commit to cybersecurity through regulations. But as long as the vulnerabilities exist, industrial systems are likely prey for any threat group. Attacks on these systems are a matter of state-sponsors giving the go-ahead. 

As such, all industry stakeholders must be on alert and remain vigilant for any signs of threats and attacks against their systems. Adopting comprehensive cybersecurity strategies and integrating capable solutions that help monitor, mitigate, and respond to cyberattacks are a must in today’s climate.