The US Congress showed growing fear that the Stuxnet cyber-attack against Iran’s industrial and nuclear facilities may have spurred the Islamic Republic to defend itself in the form of reprisals.
The cyber-attack by the Stuxnet worm was considered as a US-Israeli move to harm Iran’s nuclear facilities.
This week, however, concerns were raised at the US Congress that the cyber-attack may have been the “crossing of the Rubicon” for Iran, motivating it to engage in cyber-war against US targets, including critical infrastructure.
“It would also be possible for Iran to gain some knowledge for creating a Stuxnet-like virus from analyzing its effects,” Rep. Yvette Clarke (D) of New York said at the hearing of the Counterterrorism and Intelligence Subcommittee and the Cyber-security, Infrastructure Protection and Security Technologies Subcommittee, titled “Iranian Cyber Threat to the US Homeland.”
“This leads to fear of reverse engineering, leading to a capability of the types of cyber-attacks on US critical infrastructure that could rise to the level of a national security crisis. We must be prepared for such rogue actions and be prepared on the national defense level as well as protecting our critical business operations, vital infrastructure functions and, frankly, our daily lives,” Clarke said.
Clarke’s colleague Rep. Dan Lungren (R) of California said he is “happy” the Stuxnet virus “was used by somebody who was a friendly,” but warned that “as the victim of two recent cyber-attacks on nuclear and oil infrastructure and multiple US embargoes, Iran, it would seem, would have motivation to strike out against those they think are responsible or anybody associated with those they think are responsible, or anybody who would stand on the sidelines and cheer those efforts.” He added that “Iran’s opportunity arises, as US critical infrastructure companies have been slow to harden their assets against cyber-attacks.”
Lungren reminded the committee members of the report issued in 2008 by an American security contractor which rated Iran’s cyber-capability “among the top five globally.” A more recent report, from December of 2011, indicated that Iran was investing $1 billion in new cyber-warfare technology.
“According to the Director of National Intelligence Director [James] Clapper, Iran’s intelligence operations against the US, including cyber-capabilities, have dramatically increased in recent years in depth and complexity”, Rep. Lungren said.
“Since Iran appears to have the necessary cyber-capability, we can only hope that they will fear the overwhelming US response that would surely follow such an Iranian cyber-attack against our nation.”
Frank Cilluffo, Associate Vice President and Director of the Homeland Security Policy Institute at George Washington University, argued in his testimony that the Stuxnet attack “did cross the Rubicon, and certainly serves as a harbinger of what we’re going to be looking to in the future.
I feel we have nearly unlimited vulnerabilities, limited resources, and let’s not forget we have a thinking predator and actor that bases their actions on our actions. So the best we can really do is get to the point where we’re managing risk.”
Ilan Berman, Vice President of the American Foreign Policy Council, said that Iran is angry at Washington for the Stuxnet’s attack.
“It’s very clear for Iran that the West writ large has launched an asymmetric attack on the Iranian nuclear program, and it is mobilizing as a response, mobilizing through the creation of a $1billion program to ramp up its cyber-defense and cyber-offense capabilities, the construction of a cyber-army of sympathetic hacktivists.”
He warned that attacks on Iran’s cyber space pushes Tehran “to move from defense to offense in terms of how it thinks about cyberspace”.