01:59 PM
Connect Directly

Congress Raises Alarm On Iranian Cyber Threat

United States should pay attention to threat of Iranian cyber-attacks, say members of Congress and panelists.

Top 10 Open Government Websites
Top 10 Open Government Websites
(click image for larger view and for slideshow)
The Iranian cyber threat to the United States is on the rise, lawmakers and foreign policy observers warned in a House Homeland Security Committee hearing Thursday.

"There should be little doubt that a country that kills innocent people around the world, guns down its own people, and threatens Israel would not hesitate to carry out a cyber-attack against the U.S.," said counterterrorism and intelligence subcommittee chairman Patrick Meehan, R-Pa., whose subcommittee held a joint hearing with the cybersecurity, infrastructure protection, and security technologies subcommittee.

Warnings about the threat of an Iranian attack came from all angles during the hearing, but the hearing did not include participation by a single intelligence or military official. Director of National Intelligence James Clapper recently testified to Iran's improvement in the cyber arena.

[ Cybersecurity tops the list of concerns for federal IT professionals. See Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats. ]

Meehan called Iran's growing cyber capabilities a "real and genuine challenge and threat to the United States and its interests," noting the recent attack of a pro-Iranian group called the Iranian Cyber Army on the government news agency Voice Of America. A Meehan-penned op-ed titled "Iranian Cyber Threat Cannot Be Underestimated" appeared on the website of Congressional news site The Hill on Thursday.

Panelists called to attention recent media reports about Iranian diplomats involved in planned cyber-attacks against nuclear power plants and other targets. The country also recently claimed that the downing of a drone inside the country was thanks to a hack of the drone's GPS signals.

"They're taking their gloves off right now in the cyber environment," said Frank Cilluffo, associate VP and director of the Homeland Security Policy Institute and a former Bush administration homeland security official.

Panelists at the session were quick to point out that Iran does not yet pose the same level of technical threat as Russia and China, but said that Iran's intentions help make it dangerous. "As yet, Iran has not shown itself to be a similarly advanced or persistent threat" as Russia and China, Cilluffo said. "The bad news is that what they lack in capability, they make up for in intent and are not as hesitant as other countries may be."

Ilya Berman, VP of the hawkish and conservative American Foreign Policy Council, agreed with Cilluffo's assessment, adding that Iran poses a potentially significant threat in the asymmetric world of cyberspace. "Cyberspace is a field that advantages asymmetric actors," he said. "As a result, the capabilities are an issue, but intent is even more of an issue. Unlike in Russian and China, where conflicts exist but at least we have diplomatic relations with those countries, there are a number of threats on the table with Iran."

Berman recommended that the United States government create a stronger deterrence strategy against Iranian cyber-attacks. "We have had an abject lack of a deterrent strategy in facing Iran, and [the cyber world] is crying out for a deterrence strategy so that the Iranian regime recognizes that there are redlines that they can't cross," he said.

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformationWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio