Distributed denial of service (DDoS) attacks against U.S. banking networks have been a mainstay of Iranian cyberattacks for nearly a year. In the pyramid of danger of cyberattacks, DDoS are the least harmful of cyberattacks - disruptive but not threatening.
According to U.S. officials and as reported May 24th in the Wall Street Journal, Iranian attacks against the U.S. have recently taken a much more dangerous turn. These latest cyber operations targeted control-system software that could allow manipulation of oil or gas pipelines. There was no confirmed indication that such control was achieved, however.
This level of attack moves Iran’s cyber threat level against the U.S. up several notches on the cyber threat pyramid. The threat is that Iran may gain access to control systems which allow them to gain control of gas and electricity production, turning systems on and off.
James Lewis, a cyber-security specialist at the Center for Strategic and International studies, remarked, “We don’t have much we can do in response, short of kinetic [physical] warfare.”
This is a dangerous threat to the United States which should set alarm bells ringing in Washington. And if alarm bells are as effective in getting government attention as chemical weapons red-line crossings were in Syria, little action other than posturing, high-level meetings, and accusations hurled at the Iranians will constitute the only result.
The result of these new attacks may be positive, however, if the Iranian actions drive the U.S. electric power sector to markedly step up its cyber defense efforts.
If such step up is not initiated, and given anticipated lack of government intervention, we may be soon accessing websites in candlelight through our computer's battery power while Iranians dance in celebration through the streets of Tehran.