Since the January 2, 2020 drone strikes that killed Iranian General Qasem Soleimani, cyber and national security experts have worried about retaliatory cyberattacks against US interests. Today, organizations are preparing for the worst, as the potential for a major cyber incident looms large in the minds of government and private sector leaders alike.
While current focus is rightfully on Iran, our long-term security posture requires us to take a step back and ask ourselves why we are fearful of a threat from a nation state not considered our peer. The answer partly lies in the fact that despite more than a decades’ worth of warnings, we know that critical American infrastructure in both the public and private sectors remains vulnerable to attack due to our continued failure to prioritize cybersecurity.
In this paper, entitled “The Iran Cyber Panic: How Apathy Got Us Here, and What to Do Now,” ICIT explores these themes with discussions on:
How A Failure to Prioritize Cybersecurity Created a Climate of Uncertainty
The Impact of International Law and Iran’s Understanding of U.S. Military Capabilities on Iran’s Cyber Actions
Iran’s History of Disruptive Attacks
Notable Iranian APT (including a table of profiles)
Targeted Sectors including Energy, Water, Defense Industrial Base, Finance, Healthcare, and Critical Manufacturing
The Risk of Other Adversaries Exploiting The Iran/U.S. Conflict and the Role of Attribution
Recommended Steps to Mitigate the Threat from Iran
This paper was authored by Parham Eftekhari, Executive Director, ICIT, and would not have been possible without contributions from Drew Spaniel, Lead Researcher, ICIT
ICIT would like to thank the following experts for their insights during the development of this paper:
John Agnello, ICIT Contributor & Chief, Analytic Capability Development Branch, United States Cyber Command
Jerry Davis, ICIT Fellow & Former CIO, NASA Ames Research Center
Malcolm Harkins, ICIT Fellow & Chief Security and Trust Officer, Cymatic
Itzik Kotler, Co-Founder & CTO at SafeBreach
Ernie Magnotti, ICIT Fellow & CISO Leonardo DRS
Luther Martin, ICIT Contributor & Distinguished Technologist, Micro Focus
Download this Brief Here