Cybersecurity officials throughout the country, including in San Antonio, are on guard as military action between the U.S. and Iran continues to escalate. A cyber threat still looms, experts said, in the wake of a missile strike Tuesday that the Iranian government claimed credit for as “revenge” for the U.S. airstrike that killed its top military official.
Hours before Iran struck a U.S. military base in Iraq, Gov. Greg Abbott warned Texans about the geopolitical danger the Middle Eastern nation poses on the cyberwar front. The governor told reporters in a Tuesday press briefing that state agencies were facing an attack rate from the country of 10,000 per minute.
Iran, local cybersecurity experts said, could be plotting an additional retaliatory strike that would not require the deployment of ballistic weapons or troops on the ground – one that could target the U.S. civilian population. The possibility was also discussed at a Tuesday U.S. Senate briefing. On Monday, the U.S. Department of Homeland Security warned about the potential for a digital response to the killing of Maj. Gen. Qassim Suleimani last week.
John Dickson, principal at local cybersecurity firm the Denim Group, said he has been working “nonstop” for the past few days to keep vigil on the looming cyber threat.
“This is credible,” Dickson said. “This is not a drill.”
On Monday, the City of San Antonio’s City Manager Erik Walsh sent the San Antonio City Council an update on the escalating situation, stating the City would be on high alert as the events in the Middle East continued to unfold.
“In light of recent developments related to the current situation in the Middle East, the police department and [information technology services] department are actively monitoring any unusual activity that may jeopardize the public safety of our San Antonio residents and the critical assets and infrastructure of the City,” the memo read. Walsh added, however, the City had not identified any threats or seen a substantial increase in network activity that might portend such a threat.
Councilman Manny Pelaez, of District 8, who chairs the City’s Innovation and Technology Committee, said the City is rightly taking precaution in the tense days since Suleimani’s death.
“Political and industry leaders have been hit with a sudden flurry of warnings from cybersecurity and national security experts about the potential for an Iranian reprisal,” Pelaez said. “We have always assumed that city infrastructure like CPS [Energy], [the San Antonio Water System], or emergency services are attractive targets. After Iran’s explicit warning of retributions, that risk is escalated.”
Among the at-risk targets of an Iranian cyberattack are small- to medium-sized financial institutions, including credit unions and regional and local banks, said Bret Piatt, CEO of local cybersecurity firm Jungle Disk. In March 2016, the U.S. indicted Iranian nationals in connection with a distributed-denial-of-service attack, in which cybercriminals overwhelm networks with a flood of internet traffic and render them unusable, on U.S. banks. The attack was attributed to the Iranian government.
Large banks, however, have some of the most cyber-hardened systems and a deep talent pool to defend against such attacks. It’s the smaller institutions that remain vulnerable, Piatt said.
“If you go down to a small local credit union with, maybe, $10 million in deposits, they might have one internal IT person with some cybersecurity capabilities,” he said, adding such resources would not be enough to withstand the thrust of a foreign cyberattack.
Iran has a history in the past decade of carrying out sophisticated cyberattacks against U.S. commercial interests.
As for the governmental entities, the State of Texas has thus far fended off attacks against state agencies, but Abbott urged the state to remain “particularly vigilant” of cyber activity from Iran.
While the City of San Antonio is on high alert, it has not seen anything out of the ordinary, said Craig Hopkins, the City’s chief information officer. Hopkins said the City automatically blocks requests originating from digital ports in Iran.
Neither has Bexar County been the target of an attack, said Monica Ramos, the County’s public information officer.
When Dickson heard news of Suleimani’s killing on the radio last week, his immediate thought was of the cyber retaliation Iran would pursue. A former U.S. Air Force officer, Dickson is intimately familiar with the geopolitical history in the Middle East.
“We’ve been at low-grade war with them since 1979,” he said, referring to the beginning of the Iran hostage crisis that fractured relations between the two nations. “This is the first time we’ve had direct action between one [nation] or the other.”
Iran has strengthened its cyber capabilities since a zero-day exploit, or a cyberattack that occurs before the underlying vulnerability it exploited has been discovered, was unleashed on Iranian nuclear facilities more than 10 years ago. The exploit became known as Stuxnet and is widely reported to have been created by the U.S. and Israeli governments to damage Iran’s nuclear arsenal, though neither country has admitted involvement.
What worries Dickson the most is the potential for a foreign cyber threat to take aim at the U.S.’s power grid – a creeping possibility national security officials have wondered aloud about for years now.
“I don’t want to be alarmist … but certainly, all signs lead to that,” he said. “To put it another way, if it did happen, how could you be surprised?”