R
Robert Baer
Guest
What You Can Do During a Cyber War
If you assassinate a senior political leader in 1914, you can expect a
traditional war to follow. If you assassinate a senior political leader
in 2020, it would be foolhardy to assume that only a traditional war
will follow.
So as the U.S. prepares to deal with fallout from the killing of Iranian
General Qassem Soleimani, we must assume, anticipate, and expect that a
primary mode of retaliation from Iran will be a cyber attack. And we
must prepare for civilians to be caught in the crosshairs.
Most Americans have no idea how to protect themselves from any kind of
cyber crime, let alone an offensive, aggressive, and intentionally overt
retaliatory attack. Hereâs what you need to consider.
What Can You Expect?
âWe have been at war with Iran for more than a decade, and people just
didnât realize it,â says James Lewis, the Senior Vice President and
Director of the Technology Policy Program at the Center for Strategic
and International Studies.
The U.S. and Israel targeted Iranian nuclear facilities with the Stuxnet
attack in 2009; the attack was intended to cripple Iranian efforts to
enhance their nuclear arsenal. For a time it worked; however, as a
result, Iran has been improving its own cyber-capability. Like every new
weapon introduced in every war theatre in our recorded history, the
weapon that once helped gain an advantage can and is now being targeted
against us.
Since 2009, Iran has used cyberweapons to attack oil and gas facilities,
bank facilities, the electrical grid, and even a tiny dam in upstate New
York.
âIran has been linked to global financial attacks as well as destructive
attacks via wiper malware, and increasingly leverages social media for
disinformation and pro-regime propaganda,â says Andrea Little Limbago,
the Chief Social Scientist at Virtru.
In November 2019, reports came out that Iran was carefully and directly
targeting 2,200 facilities with a strong focus on critical
infrastructure and critical control systems that regulate our water and
electrical grids. While Iranâs capacity to attack is not considered as
sophisticated as China or Russia, Peter Singer, a strategist for the
think tank New America, emphatically counters, that âto say they have no
capability is nonsense.â
An Israeli general put it a slightly different way in 2017 when he said,
âThey are not the state of the art, they are not the strongest
superpower in the cyber dimension, but they are getting better and better.â
âCyber is the only thing that gives [Iran] the long range reach,â Lewis
says. âItâs the easiest way for them to do anything in the U.S.â
When You Can Expect It?
The rising specter of cyber attacks and ensuing public anxiety
highlights that we have very little idea about how to prepare for or
respond to an attack on the individual level. The government approach to
cybersecurity is largely dependent on where the attack occurs: domestic
versus abroad, military versus civilian targets. However, the Department
of Homeland Security will issue a statement over the threat level, like
it did this past weekend, and coordinate and alert the public.
Additionally, a cyber attack with broad public implications will see
similar emergency activation services like any other large public
threat, such as hurricanes or snowstorms. The problem? We probably wonât
know in advance, and it could take out massive aspectsâeven for short
durationsâof our critical infrastructure: power, water, television,
internet, and cell phone communication networks.
âCYBER IS THE ONLY THING THAT GIVES [IRAN] THE LONG RANGE REACH. ITâS
THE EASIEST WAY FOR THEM TO DO ANYTHING IN THE U.S.â
We should and can trust the government to respond to aggressive
overtures from a foreign nation. However, we shouldnât allow our faith
in the government to be a cover for our own ignorance about geopolitical
threats. At its best, our government is a reflection of the shared
intellect of its people. At its worst, itâs a reflection of the
ignorance of the population.
What Can You Do to Protect Yourself?
Iran has gone after commercial and enterprise related information
systems. However, these are primarily in oil and gas, SCADA, and other
critical infrastructure-related systems. If you work in those
environments, you should be particularly cautious.
Threats from China, Russia, or other nations only have the potential to
increase in the heightened state of the current environment. This is
because a nation or criminal actor wishing to sew dissent could attack
the U.S. and attempt to pin attribution on Iran. Chaos in the system
creates opportunity for malicious actors.
This means you should follow the basics of good cybersecurity protection:
1. Always use different and hard passwords for your web logins.
2. Be careful of emails that require you to click links or download
documents.
3. Confidently use multi-factor authentication wherever you can.
4.Donât use text messages; substitute encrypted messaging systems and
also consider encrypted email like Proton.
Will There Be a Global Escalation of Attacks?
âI donât want to sound alarmist, but the risk of a cyber attack from
Iran is higher now than it has ever been,â says Mike Sexton, Program
Director at the Middle East Institute. âThatâs not necessarily to say
that a cyber retaliation is likely, but that weâve been rolling dice
with Iran for a decade in cyberspace, and weâve just started using a
very dangerous new pair of dice.â
The escalation of war could take a number of different scenarios, such
as attacking our nuclear program which was recently put online,
attacking our satellite infrastructureâwhich has weak defense mechanisms
in placeâor attacking a major city. However, Iran is currently unlikely
to make an escalation of this level, according to several senior policy
leaders and officials.
Instead, we should anticipate that Iran will look for high-profile
events (like the U.S. election) to disrupt, or smaller targets that send
a message, but donât risk catastrophic retaliation. This may include
second- or third-tier American cities like Tulsa, Tucson, or Toledo.
â[Iran is] looking for vulnerable targets in places that will get
attention,â Lewis says. âItâs easier for them to target in the Middle
East, but they have probed smaller targets in the U.S.â
Specifically, experts warn against attacks on our oil and gas
infrastructure. Iran has ample knowledge of oil and gas infrastructure,
has shown a targeted effort to hack systems that support oil and gas,
and know theyâre a critical foundational resource in the American
economic system. As such, thereâs also heightened concern about the
potential targeting of those pipelines in the U.S. Disabling a pipeline
could result in a disruption of service, an explosion, or cause an oil
spill.
âWEâVE BEEN ROLLING DICE WITH IRAN FOR A DECADE IN CYBERSPACE, AND WEâVE
JUST STARTED USING A VERY DANGEROUS NEW PAIR OF DICE.â
And it doesnât need to be an actual explosion, Singer says. Sometimes
the threat of an attack is enough if rumors of the attack is then
propagated through social media. A tweet of misinformation can cause
widespread confusion and chaos. As in all things, double check your
sources. If you didnât trust them before, donât trust them now.
A Word of Hope
Hereâs the good news: Itâs unlikely that Iran will respond to the
assassination with a cyber attack that will cripple the U.S. for a long
period. The risk to Iran isnât worth the unknown escalatory and
retaliatory attack from an administration thatâs difficult to predict.
As such, we should anticipate a pointed, but smaller scale attack that
will shake us, but not destroy the foundations of our country.
That being said, if we donât learn to protect ourselves individually and
collectively, educate ourselves and elect officials who can further
protect us, or become wise to and aware of the state of the world around
us, weâll destroy the foundations of our country all on our own.
If you assassinate a senior political leader in 1914, you can expect a
traditional war to follow. If you assassinate a senior political leader
in 2020, it would be foolhardy to assume that only a traditional war
will follow.
So as the U.S. prepares to deal with fallout from the killing of Iranian
General Qassem Soleimani, we must assume, anticipate, and expect that a
primary mode of retaliation from Iran will be a cyber attack. And we
must prepare for civilians to be caught in the crosshairs.
Most Americans have no idea how to protect themselves from any kind of
cyber crime, let alone an offensive, aggressive, and intentionally overt
retaliatory attack. Hereâs what you need to consider.
What Can You Expect?
âWe have been at war with Iran for more than a decade, and people just
didnât realize it,â says James Lewis, the Senior Vice President and
Director of the Technology Policy Program at the Center for Strategic
and International Studies.
The U.S. and Israel targeted Iranian nuclear facilities with the Stuxnet
attack in 2009; the attack was intended to cripple Iranian efforts to
enhance their nuclear arsenal. For a time it worked; however, as a
result, Iran has been improving its own cyber-capability. Like every new
weapon introduced in every war theatre in our recorded history, the
weapon that once helped gain an advantage can and is now being targeted
against us.
Since 2009, Iran has used cyberweapons to attack oil and gas facilities,
bank facilities, the electrical grid, and even a tiny dam in upstate New
York.
âIran has been linked to global financial attacks as well as destructive
attacks via wiper malware, and increasingly leverages social media for
disinformation and pro-regime propaganda,â says Andrea Little Limbago,
the Chief Social Scientist at Virtru.
In November 2019, reports came out that Iran was carefully and directly
targeting 2,200 facilities with a strong focus on critical
infrastructure and critical control systems that regulate our water and
electrical grids. While Iranâs capacity to attack is not considered as
sophisticated as China or Russia, Peter Singer, a strategist for the
think tank New America, emphatically counters, that âto say they have no
capability is nonsense.â
An Israeli general put it a slightly different way in 2017 when he said,
âThey are not the state of the art, they are not the strongest
superpower in the cyber dimension, but they are getting better and better.â
âCyber is the only thing that gives [Iran] the long range reach,â Lewis
says. âItâs the easiest way for them to do anything in the U.S.â
When You Can Expect It?
The rising specter of cyber attacks and ensuing public anxiety
highlights that we have very little idea about how to prepare for or
respond to an attack on the individual level. The government approach to
cybersecurity is largely dependent on where the attack occurs: domestic
versus abroad, military versus civilian targets. However, the Department
of Homeland Security will issue a statement over the threat level, like
it did this past weekend, and coordinate and alert the public.
Additionally, a cyber attack with broad public implications will see
similar emergency activation services like any other large public
threat, such as hurricanes or snowstorms. The problem? We probably wonât
know in advance, and it could take out massive aspectsâeven for short
durationsâof our critical infrastructure: power, water, television,
internet, and cell phone communication networks.
âCYBER IS THE ONLY THING THAT GIVES [IRAN] THE LONG RANGE REACH. ITâS
THE EASIEST WAY FOR THEM TO DO ANYTHING IN THE U.S.â
We should and can trust the government to respond to aggressive
overtures from a foreign nation. However, we shouldnât allow our faith
in the government to be a cover for our own ignorance about geopolitical
threats. At its best, our government is a reflection of the shared
intellect of its people. At its worst, itâs a reflection of the
ignorance of the population.
What Can You Do to Protect Yourself?
Iran has gone after commercial and enterprise related information
systems. However, these are primarily in oil and gas, SCADA, and other
critical infrastructure-related systems. If you work in those
environments, you should be particularly cautious.
Threats from China, Russia, or other nations only have the potential to
increase in the heightened state of the current environment. This is
because a nation or criminal actor wishing to sew dissent could attack
the U.S. and attempt to pin attribution on Iran. Chaos in the system
creates opportunity for malicious actors.
This means you should follow the basics of good cybersecurity protection:
1. Always use different and hard passwords for your web logins.
2. Be careful of emails that require you to click links or download
documents.
3. Confidently use multi-factor authentication wherever you can.
4.Donât use text messages; substitute encrypted messaging systems and
also consider encrypted email like Proton.
Will There Be a Global Escalation of Attacks?
âI donât want to sound alarmist, but the risk of a cyber attack from
Iran is higher now than it has ever been,â says Mike Sexton, Program
Director at the Middle East Institute. âThatâs not necessarily to say
that a cyber retaliation is likely, but that weâve been rolling dice
with Iran for a decade in cyberspace, and weâve just started using a
very dangerous new pair of dice.â
The escalation of war could take a number of different scenarios, such
as attacking our nuclear program which was recently put online,
attacking our satellite infrastructureâwhich has weak defense mechanisms
in placeâor attacking a major city. However, Iran is currently unlikely
to make an escalation of this level, according to several senior policy
leaders and officials.
Instead, we should anticipate that Iran will look for high-profile
events (like the U.S. election) to disrupt, or smaller targets that send
a message, but donât risk catastrophic retaliation. This may include
second- or third-tier American cities like Tulsa, Tucson, or Toledo.
â[Iran is] looking for vulnerable targets in places that will get
attention,â Lewis says. âItâs easier for them to target in the Middle
East, but they have probed smaller targets in the U.S.â
Specifically, experts warn against attacks on our oil and gas
infrastructure. Iran has ample knowledge of oil and gas infrastructure,
has shown a targeted effort to hack systems that support oil and gas,
and know theyâre a critical foundational resource in the American
economic system. As such, thereâs also heightened concern about the
potential targeting of those pipelines in the U.S. Disabling a pipeline
could result in a disruption of service, an explosion, or cause an oil
spill.
âWEâVE BEEN ROLLING DICE WITH IRAN FOR A DECADE IN CYBERSPACE, AND WEâVE
JUST STARTED USING A VERY DANGEROUS NEW PAIR OF DICE.â
And it doesnât need to be an actual explosion, Singer says. Sometimes
the threat of an attack is enough if rumors of the attack is then
propagated through social media. A tweet of misinformation can cause
widespread confusion and chaos. As in all things, double check your
sources. If you didnât trust them before, donât trust them now.
A Word of Hope
Hereâs the good news: Itâs unlikely that Iran will respond to the
assassination with a cyber attack that will cripple the U.S. for a long
period. The risk to Iran isnât worth the unknown escalatory and
retaliatory attack from an administration thatâs difficult to predict.
As such, we should anticipate a pointed, but smaller scale attack that
will shake us, but not destroy the foundations of our country.
That being said, if we donât learn to protect ourselves individually and
collectively, educate ourselves and elect officials who can further
protect us, or become wise to and aware of the state of the world around
us, weâll destroy the foundations of our country all on our own.