Iran is the latest country to be afraid of in the cyber realm, according to statements and testimony during an April 26 joint hearing of House Homeland Security subcommittees that focused on Iran's perceived intentions rather than aptitude.
"There should be little doubt that the country that kills innocent civilians around the world, guns down its own people and calls for the destruction of the state of Israel would not hesitate to conduct a cyber attack against the United States homeland," said Rep. Patrick Meehan (R-Pa.), chairman of the counterterrorism and intelligence subcommittee. Meehan did not mention a White House policy announced in May 2011 stating that the U.S. may respond militarily to a cyber attack.
Iran, he added, has reportedly invested "over $1 billion in developing their cyber capabilities." According to the Office of Management and Budget, federal agencies spent at least $13 billion during fiscal 2011 alone on unclassified cybersecurity efforts.
"They're taking their gloves off right now in the cyber environment," said Frank Cilluffo, director of the Homeland Security Policy Institute at George Washington University. "What they lack in capability, they make up for in intent, and are not as constrained as other countries may be from engaging in cyber attacks or computer network attack," he also said.
Cyberspace is "a field that advantages asymmetric actors," said Ilan Berman, a vice president at the American Foreign Policy Council--stating an oft-repeated, but not universally accepted maxim. (A "weaker power might be able to cause a stronger power some annoyance through cyber attack, but in seeking to compel an adversary through cyber war, it would run the very real risk of devastating retaliation," wrote Thomas Mahnken, chair of economic geography and national security at the Naval War College, in a 2011 paper.)
The one panel member with any direct cybersecurity experience spoke the least of the three panelists called before the joint subcommittees--the other of which was cybersecurity, infrastructure protection and security technologies. In his opening statement, Roger Caslow, until recently the chief of risk management and information security programs for the chief information officer of intelligence community, called for a "return to the basics of security."