Risk
4/26/2012
01:59 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Congress Raises Alarm On Iranian Cyber Threat

United States should pay attention to threat of Iranian cyber-attacks, say members of Congress and panelists.

Top 10 Open Government Websites
Top 10 Open Government Websites
(click image for larger view and for slideshow)
The Iranian cyber threat to the United States is on the rise, lawmakers and foreign policy observers warned in a House Homeland Security Committee hearing Thursday.

"There should be little doubt that a country that kills innocent people around the world, guns down its own people, and threatens Israel would not hesitate to carry out a cyber-attack against the U.S.," said counterterrorism and intelligence subcommittee chairman Patrick Meehan, R-Pa., whose subcommittee held a joint hearing with the cybersecurity, infrastructure protection, and security technologies subcommittee.

Warnings about the threat of an Iranian attack came from all angles during the hearing, but the hearing did not include participation by a single intelligence or military official. Director of National Intelligence James Clapper recently testified to Iran's improvement in the cyber arena.

[ Cybersecurity tops the list of concerns for federal IT professionals. See Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats. ]

Meehan called Iran's growing cyber capabilities a "real and genuine challenge and threat to the United States and its interests," noting the recent attack of a pro-Iranian group called the Iranian Cyber Army on the government news agency Voice Of America. A Meehan-penned op-ed titled "Iranian Cyber Threat Cannot Be Underestimated" appeared on the website of Congressional news site The Hill on Thursday.

Panelists called to attention recent media reports about Iranian diplomats involved in planned cyber-attacks against nuclear power plants and other targets. The country also recently claimed that the downing of a drone inside the country was thanks to a hack of the drone's GPS signals.

"They're taking their gloves off right now in the cyber environment," said Frank Cilluffo, associate VP and director of the Homeland Security Policy Institute and a former Bush administration homeland security official.

Panelists at the session were quick to point out that Iran does not yet pose the same level of technical threat as Russia and China, but said that Iran's intentions help make it dangerous. "As yet, Iran has not shown itself to be a similarly advanced or persistent threat" as Russia and China, Cilluffo said. "The bad news is that what they lack in capability, they make up for in intent and are not as hesitant as other countries may be."

Ilya Berman, VP of the hawkish and conservative American Foreign Policy Council, agreed with Cilluffo's assessment, adding that Iran poses a potentially significant threat in the asymmetric world of cyberspace. "Cyberspace is a field that advantages asymmetric actors," he said. "As a result, the capabilities are an issue, but intent is even more of an issue. Unlike in Russian and China, where conflicts exist but at least we have diplomatic relations with those countries, there are a number of threats on the table with Iran."

Berman recommended that the United States government create a stronger deterrence strategy against Iranian cyber-attacks. "We have had an abject lack of a deterrent strategy in facing Iran, and [the cyber world] is crying out for a deterrence strategy so that the Iranian regime recognizes that there are redlines that they can't cross," he said.

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformationWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.