Hackers backed directly by the Iranian government “are targeting critical infrastructure and developing the ability to cause serious damage to the United States’ power grid,” Dana Liebelson reports at Mother Jones.
Iranian hackers haven’t just collected information. They’ve shown a willingness to damage and destroy vital information and computer systems. According to The Wall Street Journal, they’ve acquired the means to “disrupt or destroy” the operations of U.S. energy companies. Iranian hackers were blamed by U.S. officials for wiping clean hard drives owned by Saudi Aramco, the world’s biggest oil company, in summer 2012.
Experts say it would take Iranian hackers several months to locate a specific target and figure how to get access to it—such as finding the computer at a power plant in New York City that could be used to shut down the grid. But [cybersecurity specialist at the Center for Strategic and International Studies and White House adviser James] Lewis says that once that information is obtained, it would only take Iran “about 20 minutes” to hack an identified target and unleash a virus. He thinks that Iran will only deliberately cause harm if the United States interferes with its upcoming presidential elections. Clarke argues that Iranian threat isn’t as dire, because, unlike China, Iran isn’t actively stealing state secrets on a massive scale. Even if Iran is poking around US computers, Clarke notes, it hasn’t actually destroyed US infrastructure yet: “The Iranians appear to be more interested in destruction and damage, but it’s about deterrence—deterring the US from bombing them…Iran would be crazy to launch a preemptive cyberstrike. And they’re not crazy.”
US lawmakers have focused on preventing both cyberspying and cyberattacks. In February, President Obama issued an executive order on cybersecurity that requested that utility companies participate in a voluntary information-sharing program so that the government can help them stop assaults.