- Iran has promised “a forceful revenge” in response to the US-ordered drone strike that killed Maj. Gen. Qassem Soleimani, the head of Iran’s elite Quds Force, late Thursday.
- Cybersecurity experts said that Iran had spent years establishing itself as an “intelligent cyber opponent” and was likely to leverage cyberattacks against the US.
- Iran has been linked to cyberattacks against Turkey, Israel, the US, and the UK.
- Cyberattacks could target internet infrastructure, online banks, or even the US power grid.
- Visit Business Insider’s homepage for more stories.
Iran’s leaders on Friday vowed to exact “a forceful revenge” against the US in response to the American drone strike that killed Maj. Gen. Qassem Soleimani, the head of Iran’s elite Quds Force, late Thursday.
Now, cybersecurity and defense experts are bracing for an Iranian cyberoffensive that could target online infrastructure across the US military and the private sector.
Experts told Business Insider that Iran had spent years building out its computer-warfare capabilities. Since 2010, when Iran faced a cyberattack on its nuclear facilities, the country has focused heavily on beefing up its defense operations.
“Iran is an intelligent cyber opponent with an army of people testing our systems every minute of every day. It is the ultimate game of cat and mouse,” Sam Curry, the chief security officer at Cybereason, told Business Insider.
However, the US has also focused heavily on building up its cyber defenses, said Kiersten Todt, a cybersecurity adviser in the Obama administration and the managing director of the Cyber Readiness Institute.
“I absolutely think that they will look to attack our critical infrastructure on the homeland,” Todt told Business Insider, adding that, however, “our capabilities and our preparedness for that type of attack is strong, and our military is extremely well prepared for this.”
US defense efforts will also be bolstered by a recent leak of Iran’s cyber operations on a dark-web server, according to Charity Wright, a former National Security Agency analyst who is now a cyber-threat analyst at IntSights.
“These types of attacks could be devastating if the target is ill-equipped with proper defense,” Wright said. “However, recent disclosures about how Iranian cyber groups operate has left them scrambling to change tactics and cover past operations. This does give Iranian opposition an advantage.”
Here’s what we know about Iran’s capacity for online warfare and what a cyberattack could look like.
Iran has focused heavily on building out its cyberwarfare capabilities since 2010, when a cyberattack affected its nuclear facilities.
- Space Imaging Middle East/Getty Images
In the years that followed, US military officials warned that Iran was emerging as a leader in cyberwarfare.
“They are going to be a force to be reckoned with, with the potential capabilities that they will develop over the years and the potential threat that will represent to the United States,” Air Force Gen. William Shelton predicted in 2013.
Since then, Iran has been linked to sophisticated cyberattacks against Israel, Turkey, the US, and the UK.
US officials accused Iranian hackers of attacking American banks in 2012. The Iranian government denied the accusations.
Iranian hackers have proved capable of cyberattacks that brought entire countries to their knees. In 2015, they caused a massive power outage in Turkey that lasted more than 12 hours.
Experts said it was reasonable to expect that a similar attack on the US power grid is possible.
“Anything they have targeted in any country could potentially be fair game in any other country,” Curry said.
Iranian cyberattacks would likely target US critical infrastructure.
- Getty Images
“The attacks could be devastating,” said William Mendez, the director of the cybersecurity firm CyZen. “Imagine if financial transactions could not be completed or if the stock exchange was not operational because of a cyberattack. The ripples could be felt globally.”
However, the impact of an attack would depend on the US’s resiliency, or how quickly agencies could recover.
“While this event is a surprise, our ability to prevent and protect has continued to grow and evolve with the threats,” Todt said.
Experts emphasized that US defenses should focus on not only preventing attacks but rehabilitating infrastructure that is attacked.
“There is often too little emphasis on facing the truth that intelligent, motivated, equipped opponents will eventually succeed, and that requires planning to both minimize damage and to return to normal operations as rapidly as possible,” Curry said. “This is far too often neglected.”
It’s difficult to predict exactly what a cyberattack from Iran would look like — but experts emphasized that Iran’s cyber capabilities were well documented.
“We’re all waiting to see what the blow will look like,” Curry said. “Because you don’t know where or when they’re going to strike, fear and uncertainty are already a weapon.”
Todt said that while the US drone strike that escalated the conflict with Iran was likely a surprise to many in the cybersecurity community, the US should nonetheless be prepared to mount a sufficient defense against Iranian cyberwarfare.
“Our capabilities and our preparedness for that type of attack is strong, and our military is extremely well prepared for this,” Todt said.