A panel of experts warned lawmakers on Thursday about the looming threat of a cyber attack emanating from Iran, an increasingly isolated nation that has been linked to numerous attacks against the United States in recent years including a plot last year to assassinate the Saudi Arabian ambassador to the United States in Washington, D.C.
Appearing before a joint House subcommittee hearing, the witnesses noted that Iran has been rapidly accelerating its cyber capabilities, which the nation has been deploying both directly and through proxy groups, such as Hezbollah.
They suggested that Iran, which has been resisting mounting international pressure to submit to inspections of its nuclear program, is turning toward cyber attacks as a channel to attack corporate and government entities in the United States, noting the relative ease with which those attacks can be launched against much larger adversaries.
"Cyber basically levels the playing field. It provides asymmetry that can give small groups disproportionate impact and consequence," said Frank Cilluffo, associate vice president and director of the Homeland Security Policy Institute at George Washington University. "And whereas they may not have the capability they can rent or buy that capability. There's a cyber arms bazaar on the Internet. Intent and cash can take you a long way, and that is what I think we need to be thinking about."
Cyberecurity vs. Privacy
The hearing comes as the House of Representatives is in the midst of a debate on a controversial cybersecurity bill that would create a framework for sharing information about threats to critical digital infrastructure. Several privacy and civil liberties groups have raised concerns that the bill would provide for a nearly unlimited flow of personal information to secretive military agencies with minimal oversight. The bill's authors have offered a series of changes to narrow the scope of the information-sharing system the legislation would establish, though some groups maintain their opposition.
Many of the threats that the Cyber Intelligence Sharing and Protection Act, or CISPA, is meant to address concern cyber intrusions that expropriate U.S. firms' intellectual property. But supporters of the bill also note the mounting volume and severity of cyber attacks sponsored by unfriendly foreign governments.
"The threat of cyber warfare may be relatively new, but it is not small," said Rep. Patrick Meehan (R-Penn.), the chairman of the Homeland Security Committee's Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies. "Iran has reportedly invested over $1 billion in developing its cyber capabilities."
Iranian officials have publicly blamed the West for orchestrating the attack in 2010 that saw the Stuxnet worm infiltrate one of the country's nuclear reactors. While Iran was on the receiving end of that attack, the witnesses at Thursday's hearing warned that the country's cyber experts could reverse engineer Stuxnet or other cyber weapons to deploy against critical infrastructure in the United States.
Sign up for Computerworld eNewsletters.