China and Iran have shared a position as cyber-bogeymen over the past year, but a new report from the Wall Street Journal about Iranian infiltration of U.S. energy firms shows why their cyber-assaults could pose a greater immediate threat to U.S. national security.
While China pursues aggressive cyber-espionage campaigns against major U.S. companies and news sources, Iranian-backed hackers are more overtly hostile — targeting critical infrastructure vulnerable to sabotage or engaging in disruptive economic actions, like when Iranian-backed hackers leveraged data centers to wage a massive distributed denial of service (DDoS) attack against financial institutions.
From a strategic standpoint, the differences between the Chinese and Iranian strategies make sense. The Chinese government is interested in the long game and is a key player in the global market, while as Tom Kellerman, Vice President of cybersecurity firm Trend Micro, told the Wall Street Journal, “Iran has been successfully ostracized from global economics” so destructive cyber attacks serve “not only empower themselves but to signal to the Western world they are capable in cyberspace.” Proving that capability may be especially important to Iran because its nuclear program was the target of Stuxnet malware, reportedly jointly developed by U.S. and Israeli cyber-forces.
The more recent Iranian-backed attacks go a step further than outside disruptions like the DDoS attacks according to U.S. officials, showing that hackers penetrated the computer networks running energy companies and gained access to the software controlling oil and gas pipelines. With access to that control-system software, hackers could potentially manipulate the flow of fuel, possibly even trigger power outages — something that could have truly devastating national security implications, especially considering that about 85 percent of the energy infrastructure the Department of Defense depends on is commercially owned.
In a March worldwide threat assessment statement to the Senate Select Committee on Intelligence, the Director of National Intelligence identified cybersecurity threats as the top threat facing the United States, specifically noting while “advanced cyber actors” like Russia or China were unlikely to launch a devastating attack on our power grid, but “less advanced but highly motivated actors could access some poorly protected U.S. networks that control core functions, such as power generation, during the next two years.”
A report on the vulnerability of the electric grid released by the offices of Congressman Edward Markey (D-MA) and Henry Waxman (D-CA) last week suggests a substantial number of those networks are poorly protected, with many only implementing mandatory cybersecurity measures from the North American Electric Reliability Corporation (NERC) that are often several years behind the current cyber-threat landscape.