Expert on News: US On High Alert For Iran-backed Cyber Attacks

Iran has already demonstrated intent and capability to attack inside the US as well as a high tolerance for escalating risk, specifically during the 2011 plot to assassinate the Saudi Ambassador to the US inside the US. Therefore current risk of escalatory action by Iran is particularly high, given that the “red lines” are not clearly defined in cyberspace and the Iranian government will be under intense internal pressure to take strong action.

In 2011-2012, Iran went after banks for implementing sanctions and we should now anticipate actions against the contractors involved in the development and deployment of drones. The US Government needs to lean very far forward in sharing with potential targets any info it has regarding Iranian capabilities, TTPs, and plans in a coordinated effort to minimise this risk and tighten up defences.

In the meantime, critical infrastructure organizations should be particularly vigilant in monitoring their operational systems for unusual activity in their industrial operation systems. At this stage, gaining OT visibility with the ability to detect issues and react quickly is paramount to national security.

Dave Weinstein, CSO,  Claroty
January 09, 2020
From a technical perspective, companies should be sure to monitor their ICS connections.
Our position is that owners and operators should remain vigilant given the recent events. Heightened threat activity against ICS/OT networks often correlates with geopolitical volatility and it's certainly plausible that Iran would retaliate against critical infrastructure. At the same time, I'd caution against speculative reports that place high levels of confidence in a retaliatory cyber attack ....
[Read More >>]
Marc Gaffan, CEO,  Hysolate
January 07, 2020
We recommend that security teams within critical infrastructure organizations lock down access to critical controls and sensitive data.
Given recent news, critical infrastructure organizations should be prepared for an increase in attempted cyberattacks. We recommend that security teams within critical infrastructure organizations lock down access to critical controls and sensitive data. Focus on securing and monitoring access points into the most critical OT environments, often provided via privileged access. The best way to miti ....
[Read More >>]
Ilia Kolochenko, Founder and CEO,  ImmuniWeb
January 07, 2020
The western world has an immense capacity to ruin its adversaries in a cyber war.
I think in the near future we will not observe major cyber attacks triggered by the military operation in question. Enemies of the US have already silently breached what they could, stealing valuable information including intelligence data, intellectual property and trade secrets. The majority of sophisticated APTs have already happened. Regrettably, their complexity often makes them undetectable ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
January 07, 2020
This lack of familiarity can be particularly problematic.
Geopolitical concerns are nothing new for multi-national businesses, but for those who operate only within a given country or who are directly involved in creating new products, dealing with shifts in global priorities may be foreign. This lack of familiarity can be particularly problematic when you recognize that we live in a software and data driven world and that fundamentally all businesses ar ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article