Over the weekend, Hassan Rowhani, a former top nuclear negotiator, was officially sworn in as Iran’s new president. Unfortunately, there are no indications that he will curtail Iran’s nuclear or cyber activities.
While most are concerned with the military implications of Tehran’s expanding nuclear program, there is little focus on the covert cyber war already underway in the region. Iran has engaged in aggressive cyber behavior, at both the international and domestic levels, which the Obama Administration has failed to deter.
Even though Iran lacks the manpower or expertise level of China and Russia, Tehran is credited with a massive cyber attack on Saudi Arabia’s ARAMCO computer system that knocked out and destroyed over 30,000 computers and was the largest, most devastating attack on the business sector to date. More recently, Israel’s prime minister accused Iran of directing a relentless cyber campaign on Israeli infrastructure, government agencies, and other vital national systems.
Additionally, Tehran has used cyber attacks to retaliate against U.S. banks for economic sanctions. In September 2012, Bank of America, JP Morgan Chase, and Wells Fargo were among the major banks whose websites were targeted for massive “distributed denial of service” attacks. According to security experts, Iran continues to expand its hacking operations with the goal of potentially launching a cyber attack on the U.S. power grid, water system, or other vital infrastructure.
The Iranian government also engages in the oppression of its own population through Internet and cyber controls. The Iranian cyber police censor the web, block certain websites, and monitor social media for dissident activity. The regime also uses cyber attacks to target journalists. In order to increase the domestic costs associated with these activities, the U.S. should work to degrade Tehran’s command of their “Halal Internet,” which often blocks access to major websites such as Gmail and Skype.
The cyber attacks emanating from Iran and others have demonstrated that the U.S. government cannot unilaterally combat all cyber attacks and breaches. To promote better security, the U.S. should develop clear rules for the private sector to defend their cyber domains while also coordinating with federal authorities. Such measures would allow the private sector to take an active role in preventing cyber attacks while also staying within reasonable legal limits.
The attacks orchestrated by Iran represent a sustained effort to undermine and destroy vital infrastructure. The U.S. should respond by taking a leading international role and actively deter malicious cyber behavior by increasing the costs associated with such actions. As the simmering nuclear conflict with Iran escalates, it is essential for the U.S. to be more cyber prepared at home and lead international efforts to counter the real threat of cyber attacks.
Elizabeth Simson is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please click here.