ICS security in the spotlight due to tensions with Iran

Given the heightened tensions between the U.S. and Iran, organizations with connected industrial infrastructure should be on guard.

“The potential cyber-impact of [Irani general Qasem] Soleimani’s assassination is profound,” cautioned Eyal Elyashiv, CEO and co-founder of network security firm Cynamics.

Industry observers say that the recent issues between the two countries heighten cyber-risk as a whole. “While Trend Micro has no inside information about specific attack plans, it stands to reason that increased political tensions would drive cyberattacks,” said Bill Malik, vice president of infrastructure strategies at Trend Micro.

In the wake of the assassination, several cybersecurity experts, as well as U.S. government officials have warned of the ICS security risk Iran-affiliated adversaries pose.

Others point to the likelihood of smaller cyberattacks designed to distract rather than prompt retaliation. The prospect of an all-out cyberwar between the U.S. and Iran “should not be the default assumption,” said Andrea Little Limbago, Ph.D., chief social scientist at Virtru. Iran’s “cyber activity — from destructive attacks to disinformation — has been widespread for quite some time. That’s not new and not linked to this week’s events,” she said.

During the past decade, Iran’s cyber-capabilities have expanded considerably. Cybersecurity experts attributed a series of attacks on U.S. and other targets—from denial-of-service attacks on U.S. banks to custom malware targeting Saudi Aramco systems—to Iranian actors. Also related to ICS security, reports in 2015 claimed Iranian hackers infiltrated the U.S. power grid.

“Officials in the U.S. should be very concerned about Iran’s cyber-capabilities and reach,” Elyashiv said.

While some accounts indicate tensions between the nations have eased, a Department of Homeland Security (DHS) Jan. 4 alert cautioned that Iran could, at a minimum, launch “attacks with temporary disruptive effects against critical infrastructure in the United States.”

Similarly, the U.S. Cybersecurity and Infrastructure Security Agency warned of the potentially heightened risk of attacks and cyber-espionage against strategic targets in “finance, energy, and telecommunications organizations, and an increased interest in industrial control systems and operational technology.”

Iranian actors have a history of targeting U.S. sites. In 2016 the U.S. Justice Department unsealed an indictment accusing seven Irani contractors of Iran’s Islamic Revolutionary Guards Corps of carrying out cyberattacks on several banks and a New York dam. The U.S. also accused Iran-linked actors of “scouting and planning against infrastructure targets and cyber-enabled attacks against a range of U.S.-based targets,” according to a DHS warning.

Such targeting extends to the industrial realm. A hacker collective known as Advanced Persistent Threat 33 linked to Iran has a history of targeting the defense, transportation and energy sectors, according to Cyberscoop.

To read the full version of this article, visit IoT World Today.