Published on January 10th, 2020 📆 | 3682 Views ⚑0
Threat of Cyberattack by Iran Still Critical, Experts Say
SAN DIEGO—The risk of nation-state cyberattacks against U.S. interests remains high amid simmering geopolitical tensions in the Middle East, cybersecurity experts said.
Stark warnings over possible Iranian action through cyberattacks from the Department of Homeland Security this week prompted discussions at a WSJ Pro Cybersecurity Symposium in San Diego on Thursday about how concerned businesses should be about a specific nation-state threat.
“Not to be melodramatic, but every critical infrastructure sector in the United States will need to worry about [Iranian cyberattack],” said
chief information security officer at Options Clearing Corp., the Chicago-based central clearinghouse serving as a backstop for trades in the options market.
Experts worry that Iranian retaliation over a U.S. airstrike that killed Maj. Gen. Qassem Soleimani, leader of the foreign wing of Iran’s Islamic Revolutionary Guard Corps, on Jan. 3, is likely to include a cyber component.
Statements from both countries suggesting a de-escalation in physical conflicts sent the Dow Jones Industrial Average up more than 200 points Thursday. The tensions boosted shares in cybersecurity firms, which outperformed the market over the course of the week.
Physical attacks, like those launched against U.S. military facilities, are of less concern than cyberattacks, experts say. Iran has previously been implicated in cyberattacks on U.S. infrastructure, including a dam in upstate New York, and on financial institutions.
“Historically, the Iranians have targeted certain sectors when relations with the U.S. have reached a certain point. Everyone needs to be extra-vigilant on that,” Mr. Morrison said.
founder and chief executive of Bernard Consulting Group Inc., and a former security chief for
during the 2014 cyberattack on the company attributed to North Korea, said that tensions in the Middle East had created a sense of confusion among U.S. companies, which are wary of being on the digital front lines of a conflict.
“There’s so much going on out there right now. There’s a fear factor—where do I go? Who do I turn to? Where do I put my attention? It’s a tough one,” he said.
This week’s DHS alert suggested that Iranian capabilities range from relatively routine cyberattack strategies like denial-of-service attacks to more advanced tactics, such as causing physical damage through cyber intrusions.
Such direct actions by a nation-state against U.S. companies could provide another test for cyber insurers, which might invoke hostile-acts clauses in contracts should claims be made against an Iranian attack, said Tyler Gerking, a partner at law firm Farella Braun & Martell LLP. Others said that companies and utilities of all sizes should review their incident response plans and ensure that they have cybersecurity defenses in place.
“Cybersecurity is an area where what we do as individuals can make a difference in protecting the nation,” said
managing director at the nonprofit Cyber Readiness Institute.
Write to James Rundle at [email protected]
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8