The United States and allies' national cyber response may soon be tested with the latest escalating conflict in the middle east. The U.S. conducted an airstrike that killed a revered Iranian general while in Iraq. This was in retaliation to a number of attacks against U.S. personnel and most recently the U.S. embassy in Iraq that was purported to be orchestrated by Iran and specifically General Qassem Soleimani who was killed in the airstrike. Soleimani, also spelled Suleimani, was the top military official for Iran and a very powerful figure in the region. Iran has vowed to retaliate.
Iran has significant resources, both traditional kinetic weapons as well as mature cyber warfare capabilities. Direct military attacks could draw both countries into an undesired war. Political condemnation is likely to be seen as insufficient by the Iranian leadership. The other play is to go down the route of cyberattacks.
Cyber attacks, attributed to Iran, have taken place in the past but most were denied by the government and overall not too severe. Many in the cybersecurity community, including myself, believe that for years Iran has been conducting digital reconnaissance and spoiling attacks to gain footholds in western critical infrastructure that could be used at a later date as beachheads for large-scale attacks.
This may now be the moment that Iran chooses to use their nation-state supported cyber warriors to directly target the United States government, economy, and critical infrastructure. Unlike the clandestineness and denials of the past, attacks would likely be openly attributed as retaliation by Teheran and intended to cause enough harm to show strength and be a deterrent for future acts.
Here are my predictions for how Iran will respond with cyberattacks against the United States. These are the six potential attacks that Iran might choose to pursue. Most likely one of the following will occur or be attempted, in the coming weeks.
Top 6 Likely Cyber Attacks by Iran:
- Cyber attacks disrupting U.S. regional electrical power grids. The goal would be a shut-down for several hours to a few days, in a major urban center.
- Cyber attacks against North American telecommunications and Internet services, to disrupt the availability for several days across a modest region of the country.
- Damaging attacks to U.S. government servers, data, and digital services. Likely targets would be the Pentagon facilities and other Department of Defense (DoD) bases around the world. The objective would be to disrupt intelligence, logistics, communications, planning, and operations.
- Digital attacks against the U.S. Executive branch, including the White House or Embassies around the world. Also with a goal of disrupting communications, logistics, services, and operations.
- Cyber attacks against the financial sectors to temporarily impact the economy. Specific targets might include one or more of the U.S. exchanges, major banking services, and Federal Reserve. Perhaps taking down the stock markets, federal lending functions, disrupting inter-banking transfers, or interfering with financial services (ATMs, deposits, withdraws, bill-payments, etc.) in a limited way for a few days would send shockwaves throughout the public.
- Cyber attacks against U.S. oil production, refining, and distribution capabilities. This has a two-fold impact. It raises the price of global oil and it may force the U.S. to once again rely externally on other nations for petroleum, bringing relevance back to the Persian Gulf and the power that Iran has to control the Strait of Hormuz.
Most of these attacks would be designed to be temporary and given as a show-of-force as to what Iran can and is willing to do. They would want attacks to be public and potentially inconvenience U.S. citizens. There is a balance, however. Iran will want to convey strength and may also seek to convince Americans that the U.S. government cannot protect their nation's critical infrastructure so as to cause infighting among the voters. I believe Iran would not want to go so far as to cause serious harm to the citizen population as it may unify and embolden Americans and her allies to war. The U.S. has a tremendously formidable military and is willing to deploy it when the country is unified against an enemy. Not many countries want to poke that tiger.
In another scenario, the United States may not be the direct target. Instead, U.S. allies like Israel, Saudi Arabia, or pro-American leaders in Iraq, might be pursued.
Lastly, there is a chance that digital attacks might accompany kinetic strikes. Many U.S. allies are well within the range of Iranian missiles, military insurgents, and asymmetric warfare practices. This may include terrorist attacks and the kidnapping of Americans, diplomats or workers, from U.S. companies abroad. It worked as leverage against America during the Iran hostage crisis, where diplomats and citizens were held for 444 days in the besieged U.S. Embassy in Teheran (Nov 1979 – Jan 1981).
Predicting the Next Evolution of Cyberwar
I am concerned that the response to the recent regional conflicts, potentially by both sides, will include cyber-attacks. Any digital attacks by a nation-state inadvertently pushes forward the evolution of cyberwar and sets new standards for what is deemed plausible for future responses. It is an escalation that can impact people across the globe. The world of warfare is about to change again. It will not be limited by geography, distance, or brute military might like in the past. This time, it will include the emergence of the digital battlefield.