Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

US Scanning Cyberspace for Signs of Iranian Aggression

Friday, January 10, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

WASHINGTON - U.S. government officials are watching and waiting, with many believing it is only a matter of time before Iran lashes out in cyberspace for the U.S. drone strike that killed Quds Force commander Qassem Soleimani last week.

According to the latest advisory from the Department of Homeland Security, there are still “no specific, credible threats” to the United States. But officials say Iran’s public assurances that it is done retaliating mean little.

“Iran has been one of the most malicious actors out there,” a senior State Department official said Thursday. “We’re very concerned about Iran’s capabilities and activities.”

U.S. government officials have been hesitant to comment in any detail on what Iranian cyber actors have been up to in recent days, though they note Iran’s capabilities are on par with Russia, China and North Korea when it comes to using cyber to target industrial control systems or physical infrastructure.

“DHS [Department of Homeland Security] is operating under an enhanced posture to improve coordination and situational awareness should any specific threats emerge,” a department spokesperson told VOA.

The spokesperson added DHS is coordinating with U.S. intelligence agencies, key private sector companies and organizations, and is ready to “implement enhanced security measures, as needed.”

Bracing for a ‘significant’ attack

Intelligence officials say much of Iran’s cyber activity is driven by the Islamic Revolutionary Guard Corps (IRGC), sometimes using front companies or sometimes carrying out cyberattacks themselves.

Past Iranian cyberattacks have ranged from distributed denial of service attacks (DDoS), which block access to websites by overwhelming the server hosting the site with internet traffic, to efforts to deface websites or attempts to steal personal data.

An alert this week from the Cybersecurity and Infrastructure Security Agency (CISA) also warned Iran has “demonstrated a willingness to push the boundaries of their activities, which include destructive wiper malware and, potentially, cyber-enabled kinetic attacks.”

Some former officials fear whatever is coming, whenever it comes, will be significant.

“It’ll be a notch up,” said James Miller, a former U.S. Defense Department adviser, now with the Johns Hopkins University Applied Physics Laboratory. “We should expect pretty significant actions.”

While any major attacks, if any, have yet to be detected, private sector experts and former government officials worry about what they have been seeing from Iran.

“They are very aggressive,” said John Hultquist, director of Intelligence Analysis at the cyber security firm FireEye, speaking at a cyber symposium this week.

“What they’ve lacked in technical prowess they’ve often made up in really, really impressive, creative social engineering,” he said. “They’ve sort of developed a lot of interesting schemes.”

Ramping up disinformation campaigns

And once the U.S. airstrike took out Soleimani, the Iranian disinformation machinery went into action.

“As that news came out, we saw them ramp their program and start pushing that stuff out,” Hultquist said.

The disinformation from Iran’s proxy forces in the Middle East further increased Tuesday during Iran’s retaliatory missile strike on Iraqi bases hosting U.S. and coalition forces — “in terms of reports coming in about certain hits that happened and numbers of casualties from the Iranian response,” said Phillip Smyth, an analyst with the Washington Institute for Near East Policy who has been tracking social media activity by the Iranian-backed militias.

But Iran-linked cyber actors have also eyed more ambitious campaigns.

In October 2018, for example, Facebook and Instagram removed 82 accounts, pages and groups from their platforms.

The posts, Facebook said, focused on “politically charged topics such as race relations, opposition to the [U.S.] president and immigration.”

Analysts said while those Iranian disinformation efforts paled in comparison to the campaign run by Russia in the run-up to the 2016 U.S. presidential elections, the effort showed signs of increasing sophistication, which has continued to this day.

Some former U.S. officials and analysts also suspect Iran may be targeting news outlets.

The Kuwaiti government Wednesday said the Kuwait News Agency’s Twitter account was hacked after it posted false reports that the U.S. was withdrawing all troops based in the country.

Separately, hackers claiming to be working on behalf of Iran defaced the website of the U.S. Federal Depository Library Program.

Despite suspicions and concerns, though, officials have yet to definitely attribute either attack to Iran. And there is a risk that such attacks are actually the work of other cyber actors.

For example, former officials said there have been instances in the past where Russian cyber operatives hijacked Iranian infrastructure or malware to launch intrusions of their own.

Targeting Americans

Iran, though, has other tools it can use to strike the U.S. and the West.

“Iranian cyber actors are targeting U.S. government officials, government organizations and companies to gain intelligence and position themselves for future cyber operations,” U.S. intelligence agencies warned in their most recent threat assessment.

The U.S.-based cybersecurity firms FireEye and Symantec have said their research shows Iranian-linked cyber actors have paid particular attention to telecommunications and travel companies, mining them for personal data that could prove useful in such cyber campaigns.

Not everyone, however, is convinced Iran is positioned to launch a major cyber offensive.

“A lot of the doom and gloom headlines that are out there right now, I think, are overblowing or overhyping the immediate cyberthreat coming from Iran,” Hoover Institution Fellow Jacquelyn Schneider said.

“The reality is that Iranians have been conducting these cyberattacks over the last year, if not longer,” she said, adding that while there may well be an uptick in attacks, “they’ve been trying this entire time.”

Still, a former U.S. National Security Agency threat manager cautions even a small cyberattack can inadvertently do widespread damage.

“There’s always the potential that an attack or an intrusion, which is physically or strategically designed to only impact a certain geography or certain network, creeps to other parts of the network,” said Priscilla Moriuchi, now head of nation-state research at the cybersecurity firm Recorded Future.

 

Photo:  U.S. Department of Homeland Security election security workers monitor screens in the DHS National Cybersecurity and Communications Integration Center in Arlington, Va., Nov. 6, 2018.

 

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search