As everyone in the western hemisphere knows at this point the United States has a conflict with Iran. The United States killed Iran’s top military commander, General Qassem Soleimani under the direction of President Trump. He was unexpectedly killed in a drone strike ordered by our highest levels of government. The civil concerns when these types of actions are taken is how will one military act beget another. As far as we know, since the attack on Soleimani Iran has officially abandoned its commitment to the 2015 Nuclear Deal. They also launched missiles into a United States airbase in Iraq as part of its retaliation strategy. The question now becomes, what is occurring in planning rooms across Teheran that could hurt a citizen in New York or Des Moines”

While many people fear continuing kinetic strikes will escalate into a traditional war, security experts suspect Iran will quietly attack critical infrastructure sectors by engaging in cyber warfare. Unlike bombs or missiles that leave evidence or visible consequences, cyber-attacks are far less noticeable and harder to detect. 

Iran’s growing cyber capabilities is real and formidable. Government agencies and large corporations have been advised to heighten their levels of readiness. This includes implementing cybersecurity measures to assure operations can be sustained. The United States should expect the unexpected. But are citizens ready to manage a power outage or loss of the internet in their town or municipality?

How Did We Get Here?

With only a few days left until the new year, a rocket attack launched by Kataib Hezbollah, an Iranian terrorist group, killed an American contractor in Iraq. Shortly after, pro-Iranian militiamen stormed the U.S. Embassy in Baghdad which further endangered American lives. Both events prompted President Trump to order an airstrike that targeted General Soleimani, a man who is a known partner to Hezbollah and who threatened “stabile conditions” in the Middle East. 

Vowing revenge, Iran launched missiles into a U.S. airbase in Iraq in retaliation to Soleimani’s death. While the attack did not cause any fatalities, the U.S. said it would continue to put sanctions on Iran. Even with the tension, both countries have claimed they do not want war. So, does this mean is it over? Could this be as simple as “I got mine and you got yours?” No, we don’t think so. Many cyber experts believe we have just woken the sleeping giant or at least made him work harder to inflict severe damage on the U.S. critical infrastructure.  

Iran’s Cyber Capabilities

Given its limited military and economic capabilities, Iran would be foolish to engage in traditional kinetic warfare with the United States. Instead, experts believe the missiles launched by Iran were a distraction to take attention and resources away from what’s really at risk – our outdated critical infrastructure and industrial control systems. Since 2009, Iran has been effectively using cyberweapons to attack American oil and gas facilities, dams, banks, and the electric grid; all of which weren’t originally designed to sustain cyber-attacks. While the effects of digital warfare may not be felt instantly, a series of cyber-attacks on poorly secured critical infrastructure systems will cause physical damage. In some cases, it could inflict heavier consequences on the U.S. population than traditional combat ever has. 

Iran knows, like other global underdogs, that they can level the playing field. By deploying advanced forms of malware, a country in the middle east can manipulate interconnected systems across oceans and without ever stepping foot on American soil. That is the power of cyber warfare. And if that doesn’t scare you, it should. Whereas proximity once inhibited wars, cyber has no borders, and attacks travel faster than any jet fighter ever produced by any nation. 

What’s Next?

The internet is a transactional hub. Each link that connects government, business and people puts each user across the spectrum at risk of having communications compromised. Worse, functions of end systems across networks and systems can be manipulated by the compromised communications. This makes it very difficult to safeguard outdated critical infrastructure systems that have been equipped with IP addresses. 

Our progress typically results in new digital vulnerabilities. For instance, the convergence of operational and information technology makes attacks that previously might have just stifled communications, now deadly. As such, cyber-attacks are no longer just limited to digital consequences. This empowers countries like Iran and other less militarily capable countries. Cyber experts can bring down countries from behind a desk. It is also the reason we need to understand the consequences of our kinetic military actions to at least be prepared for the response. Truth is the battlefield has finally come to North America. The United States should always prepare for the worst. If it’s not Iran that sends the cyber equivalent of a 10K nuclear device in the future, it’ll be someone else dropping the bomb.