Iran’s foreign minister Mohammad Javad Zarif tweeted that Iran has “concluded” its “proportionate” response to the assassination of Major General Qassam Soleimani. However, the Department of Homeland Security’s (DHS) recent announcement that Iran is still capable of inflicting cyberattacks against US critical infrastructure suggests that the US’s conflict with Iran may be far from over.
Current Tensions, Historic Trends
As reported by US officials, Iranian hackers have been “probing” the American power grid and other critical infrastructure since as early as 2011, evidenced by the barrage of Denial of Service attacks on 46 American companies including AT&T and JPMorgan Chase. Since Iran may already have a clear picture of US cybersecurity vulnerabilities, the Department of Homeland Security cybersecurity experts predict Iran may focus future offensives against US critical infrastructure including financial institutions, oil refineries, voting machines, and municipalities. With this strategy, Iran could inflict damage to the US from a distance, without incurring casualties that might warrant deadly US retaliation. While some say that it’s unlikely Iran will strike with a cyberattack on the US severe enough to warrant war, attacks on municipalities could still be costly and potentially deadly, even if Iran does not intend casualties.
The Importance of Preventative Cyber Defense
As critical infrastructure faces an even riskier digital environment in the wake of recent tensions with Iran, preventative cyber defense strategies are more critical than ever. The National Institute of Standards and Technology emphasizes the importance of establishing a framework for addressing cybersecurity, data integration, and sharing for IoT-enabled smart cities, and sets forth the following preventative practices as a baseline for municipalities:
1. Be Policy Smart
Considering risks and benefits is critical to municipalities. Establish a robust IT policy with guidelines for data privacy and ensure employees adhere to the policy from the beginning.
2. Protect Individual Identities First
Each piece of an extensive infrastructure may have different rules or access standards. Synchronize access credentialing to eliminate weak points in the network and protect residents’ identities.
3. Secure Information at the Source
Before taking a system live, city managers must have an accurate understanding of how much data each connected device will collect. With the proper planning, data can be secured and encrypted from the very beginning, and fewer costly fires will need to be put out later.
4. Standardize the Need to Know
Implement protocols, so each person organization-wide has access to the information they need, and that information only. Once establishing such boundaries, teams can work openly within the connected infrastructure with complete accountability. Users are identified and authorized, promoting a culture of cybersecurity in the organization.
Municipality protection requires proper controls and implementation to ensure cyber safety in the face of growing complexity and more sophisticated attacks. In the current geopolitical climate, predicting exactly how global tensions will play out is impossible—but proper preventative measures for critical infrastructure is vital to the cyber defense of US cities and citizens. Such protection is now more important than ever.
We want to help you take preventative action to conceal your networks and protect your critical assets, because each network that is secured makes us all safer. The Vericlave team will work with you to ensure that your network is guarded from nation-state attacks. To do this, we are currently offering a discount on our Armored Cloaked Network solution to facilitate your initiatives to protect your assets immediately.
Our preventative approach hides the network from hackers and stops bad actors that are already in the network. Schedule a demo today to see how we can defend against this threat together.