“Iranian officials are likely considering a cyber-attack against the U.S. in the wake of an airstrike that killed one of its top military officials,” reports Bloomberg:
In a tweet after the airstrike on Thursday, Christopher Krebs, director of the U.S. Cybersecurity and Infrastructure Security Agency, repeated a warning from the summer about Iranian malicious cyber-attacks, and urged the public to brush up on Iranian tactics and to pay attention to critical systems, particularly industrial control infrastructure… John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye Inc., said Iran has largely resisted carrying out attacks in the U.S. so far. But “given the gravity of this event, we are concerned any restraint they may have demonstrated could be replaced by a resolve to strike closer to home.”
Iranian cyber-attacks have included U.S. universities and companies, operators of industrial control systems and banks. Iranian hackers tried to infiltrate the Trump campaign, and they have launched attacks against current and former U.S. government officials and journalists. The U.S., meanwhile, has employed cyberweapons to attack Iran’s nuclear capabilities and computer systems used to plot attacks against oil tankers, according to the New York Times….
James Lewis, senior vice president at the Center for Strategic & International Studies, said Iranian retaliation may include the use of force, but the government is also likely asking hackers for a list of options. “Cyber-attacks may be tempting if they can find the right American target,” Lewis said. “The Iranians are pretty capable and our defenses are uneven, so they could successfully attack poorly defensed targets in the U.S. There are thousands, but they would want something dramatic.”
Mother Jones shares another perspective:
There’s little reason to think that Iran could pull off a truly spectacular attack, such as disabling major electric grids or other big utilities, said Robert M. Lee, an expert in industrial control systems security and the CEO of Dragos. “People should not be worried about large scale attacks and impacts that they can largely think about in movies and books like an electric grid going down.” Instead, Iran might choose targets that are less prominent and less secure.
“The average citizen should not be concerned,” he said, “but security teams at [U.S.] companies should be on a heightened sense of awareness.”