World War Digital (Part 1)
“I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones” — Albert Einstein
Editor’s Note: while this article was inspired by recent global events, both the author and staff of Supplyframe Hardware hope for peace between the peoples of Iran and the United States.
The assassination of Iranian general Qassem Suleimani by the United States has once again reignited tensions in the Middle East. While there’s much to be said about President Trump’s decision to green-light the attack, the greater concern right now is how Iran will respond.
While some have responded with tongue-in-cheek memes about the onset of World War III, both countries have agreed to stand down from further escalation. While a physical war thankfully seems less and less likely, there is still the ever-looming threat of a digital one.
What Would an Iranian cyber attack on The United States Look Like?
My first exposure to digital threats came when I was young and in the form of the Y2K phenomenon at the turn of the century. As someone blessed (cursed?) with a vivid imagination, my younger self bought into the talk of planes falling from the sky and chaos erupting across numerous industries.
While the reality was far less terrifying, the collective fear of a digital dark age led me to more closely pay attention to the cyber realm and the threats that lurk within it.
In the wake of increased tensions between the U.S. and Iran, even the government is considering the very real possibility of a cyber attack on the nation’s infrastructure. The Department of Homeland Security published a bulletin to this effect on January 4, 2020.
Here’s an excerpt detailing the perceived threat:
“Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
Iran lags behind the cyber warfare programs of Russia and China, but has still shown themselves to be formidable in the digital space. While the threat is very real, keep in mind that this is nothing new. The U.S. and Iran have been locked in a cyber battle for the last decade, with both sides attacking the other.
The origins of the digital war can be traced back to the 2009 Stuxnet attack on Iran’s Natanz uranium enrichment plant, which destroyed as many as 1,000 nuclear fuel centrifuges and slowed the country’s progress on nuclear arms development. An investigation afterward placed the blame of the attack on the United States and Israel.
On a wide scale, an Iranian cyber attack could target computer networks controlling electric, gas, or oil utility companies. An attack on Saudi Arabia’s Aramco oil company in August of 2019 was attributed to Iran and damaged roughly 30,000 computers with the aim of disrupting oil production.
Given Iran’s past with cyber attacks, the more likely approach would be targeting the private sector and corporations. Over the past decade, it’s possible that smaller attacks have implanted malware on computers in banks, oil refineries, electrical utility companies, and other similar organizations.
Steven Bellovin, a computer-science professor at Columbia University in New York refers to this as “preparing the battlefield.” Once the malware is present in multiple locations, much like sleeper cells, the attack can commence.
The goal of such an attack would be to disrupt the hardware on-site. Similar to the attack on Iran’s nuclear program, the malware could cause turbines to spin too quickly or assembly lines to act erratically.
Other potential attacks include a Distributed Denial of Service (DDoS) attack, which overwhelms systems with data until they crash, or a ransomware, which renders data unusable until the attacker’s demands are met.
The latter actually happened to the city of Atlanta, Georgia in 2018. A pair of Iranian hackers brought the city’s business to its knees for multiple days in a ransomware attack that resulted in an estimated $17 million in damages.
Given their current capabilities, a mass attack of this kind is unlikely, but could be a very real possibility in the future.
Whether you’re an informed individual or a leader in a larger corporation, this is a good reminder to bolster your defenses and learn how to protect yourself from the very real threat of cyber attacks, something we’ll discuss more in part two of this series.
In the meantime, what cyber threats are currently on your mind? Does your company have an established plan for such a scenario? Let me know in the comments and check out part two of this series for more!
