Risk
4/26/2012
01:59 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

Congress Raises Alarm On Iranian Cyber Threat

United States should pay attention to threat of Iranian cyber-attacks, say members of Congress and panelists.

Top 10 Open Government Websites
Top 10 Open Government Websites
(click image for larger view and for slideshow)
The Iranian cyber threat to the United States is on the rise, lawmakers and foreign policy observers warned in a House Homeland Security Committee hearing Thursday.

"There should be little doubt that a country that kills innocent people around the world, guns down its own people, and threatens Israel would not hesitate to carry out a cyber-attack against the U.S.," said counterterrorism and intelligence subcommittee chairman Patrick Meehan, R-Pa., whose subcommittee held a joint hearing with the cybersecurity, infrastructure protection, and security technologies subcommittee.

Warnings about the threat of an Iranian attack came from all angles during the hearing, but the hearing did not include participation by a single intelligence or military official. Director of National Intelligence James Clapper recently testified to Iran's improvement in the cyber arena.

[ Cybersecurity tops the list of concerns for federal IT professionals. See Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats. ]

Meehan called Iran's growing cyber capabilities a "real and genuine challenge and threat to the United States and its interests," noting the recent attack of a pro-Iranian group called the Iranian Cyber Army on the government news agency Voice Of America. A Meehan-penned op-ed titled "Iranian Cyber Threat Cannot Be Underestimated" appeared on the website of Congressional news site The Hill on Thursday.

Panelists called to attention recent media reports about Iranian diplomats involved in planned cyber-attacks against nuclear power plants and other targets. The country also recently claimed that the downing of a drone inside the country was thanks to a hack of the drone's GPS signals.

"They're taking their gloves off right now in the cyber environment," said Frank Cilluffo, associate VP and director of the Homeland Security Policy Institute and a former Bush administration homeland security official.

Panelists at the session were quick to point out that Iran does not yet pose the same level of technical threat as Russia and China, but said that Iran's intentions help make it dangerous. "As yet, Iran has not shown itself to be a similarly advanced or persistent threat" as Russia and China, Cilluffo said. "The bad news is that what they lack in capability, they make up for in intent and are not as hesitant as other countries may be."

Ilya Berman, VP of the hawkish and conservative American Foreign Policy Council, agreed with Cilluffo's assessment, adding that Iran poses a potentially significant threat in the asymmetric world of cyberspace. "Cyberspace is a field that advantages asymmetric actors," he said. "As a result, the capabilities are an issue, but intent is even more of an issue. Unlike in Russian and China, where conflicts exist but at least we have diplomatic relations with those countries, there are a number of threats on the table with Iran."

Berman recommended that the United States government create a stronger deterrence strategy against Iranian cyber-attacks. "We have had an abject lack of a deterrent strategy in facing Iran, and [the cyber world] is crying out for a deterrence strategy so that the Iranian regime recognizes that there are redlines that they can't cross," he said.

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformationWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web