The Washington post reports “U.S. businesses should get ready for a barrage of digital retaliation from Iran after the Trump administration launched a cyberattack against the Islamic Republic’s rocket and missile launching systems, current and former U.S. government officials said this weekend.”
I think it would be helpful to build some context around recent cyber activities and cyber-attacks in Iran. I have built a timeline with selected key events, as I think this has value.
March 4th, 2007 – Aurora Generator Test
US Dept of Energy, Idaho National Laboratory (INL) conducted the Aurora Generator Test. This was a proof of concept to show how a cyberattack could destroy physical components of the electric grid. In this demonstration INL took a 2.25 MW generator and using a cyber attack briefly opened a circuit breaker causing the generator to slip out of synchronization, and this eventually caused parts of the generator be to ripped apart and sent flying off. Some parts of the generator landed as far as 80 feet away from the generator.
This was the first time that a cyber event caused mechanical damage in the real world.
August 2010 – Stuxnet attacks Iranian Nuclear Assets
Stuxnet, a malicious computer worm compromised Iranian programmable logic controllers (PLCs) within the Iranian nuclear program. The fast-spinning centrifuges, used for enriching uranium spun at higher and higher rates until they tore them themselves apart.
This was the first time that a state sponsored cyber-attack directly destroyed strategic assets in the real world.
June 2012 – Reports that US and Israeli intelligence are responsible for Stuxnet are released
The New York Times reports that Stuxnet is part of a US and Israeli intelligence operation called “Operation Olympic Games”, started under President George W. Bush and expanded and executed under President Barack Obama
August 2010 – present – Iran Invest in cyberwarfare capabilities
Iran invests in both offensive and defensive Cyber Capability
“After the Stuxnet event, Iran really cranked up its [Cyberwarfare] capability,”
-Gary Brown, U.S. Cyber Command
March 15th 2018 DHS warns that Russian is targeting US critical Infrastructure
Department of Homeland Security and the Federal Bureau of Investigation issue an alert that Russian government actors are targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
March 22 2018 – SamSam Cripples the City of Atlanta
The City of Atlanta gets hit by a cyber-attack, and SamSam ransomware. Atlanta experiences broad scale effects which cost an estimated $9.5 million and affected up to 6 million people.
November 26 2018
Department of Justice indicted two Iranian hackers for the attack on City of Atlanta
Monday June 17 2019 multiple private U.S. cyber intelligence firms have reported attempts by Iranian hackers in recent weeks to infiltrate American organizations.
Saturday June 15 2019 – NYT reports US Incursions into the Russian Power Grid
The New York Times Reports United States is stepping up digital incursions into Russia’s electric power grid and deployment of American computer code inside the Russian (and other targets) grids as a classified campaign.
Thursday June 20th 2019
Iran shoots down a spy drone reportedly worth $100-$200 Million.
Thursday June 20th 2019
Several hours later, President Trump ordered a retaliatory strike on three targets, and then cancelled it at the last minute, because, he said in a tweet on Friday, the potential death toll was “not proportionate to shooting down an unmanned drone.”
Thursday June 20th-21st 2019
US launches cyber-attacks against Iran’s Islamic Revolutionary Guard Corps (IRGC) and rocket and missile launch facilities. Attacks are described as “Crippling”.
Saturday June 22nd 2019
Christopher Krebs, Director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued a warning of increase in malicious cyber activity coming from Iranian regime actors and proxies. In an interview with NPR Krebs specifically warns of attacks targeting Government, Energy and Utilities.
Monday June 24th 2019
The Washington post reports “U.S. businesses should get ready for a barrage of digital retaliation from Iran after the Trump administration launched a cyberattack against the Islamic Republic’s rocket and missile launching systems, current and former U.S. government officials said this weekend.”
https://www.smartgrid.gov/files/Aurora_Vulnerability_Issues_Solution_Hardware_Mitigation_De_201102.pdf
https://www.dhs.gov/cisa/news/2019/06/22/cisa-statement-iranian-cybersecurity-threats
https://www.newyorker.com/magazine/2019/07/01/what-will-follow-trumps-cancelled-strike-on-iran
https://www.foxnews.com/politics/us-military-launched-cyberattacks-against-iran-after-drone-shot-down-officials
https://news.yahoo.com/pentagon-secretly-struck-back-against-iranian-cyber-spies-targeting-us-ships-234520824.html