Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Why Hide Cyber Skirmishes With Iran?
Audio Blog: Need for Transparency to Build Better DefenseWere distributed denial-of-service attacks against major American banks in 2012 waged in retribution for U.S. government actions? A top-secret memo prepared in 2013 for Keith Alexander, who was then director of the National Security Agency, seems to confirm that's the case.
It's long been widely assumed that Iranians waged the DDoS attacks, and that it was retribution for earlier assaults on Iranian IT (see More U.S. Banks Report Online Woes). This memo seems to confirm that and also answers the question of why the Iranians launched those attacks.
The memo, leaked by former NSA contractor Edward Snowden and disclosed earlier this month by The Intercept and New York Times, reveals that Iranians launched the DDoS attacks against the American banks as retaliation for the U.S., working with Israel, planting the Stuxnet worm on Iranian computers to cripple its nuclear enrichment centrifuges (see Report: Obama Ordered Stuxnet Assault).
The document also discloses that the attack on the oil conglomerate Saudi Aramco in August 2012 that destroyed tens of thousands of computers was preceded four months earlier by cyber-assaults on the computer systems of Iran's oil industry. The memo does not identify who conducted the cyber-attack on Iran's oil sector.
"Iran, having been a victim of a similar cyber-attack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others," the 2013 memo says. "While NSA has no indications at this time that Iran plans to conduct such an attack against a U.S. or U.K. target, we cannot rule out the possibility of such an attack, especially in the face of increased international pressure on the regime."
Poisoning the Political Debate
Jason Healey, a former White House director for infrastructure protection, suggests in an interview with Information Security Media Group that the American public's lack of awareness of the motivation behind Iran's attacks skews the debate on how the United States should defend itself against adversaries in cyberspace.
"By only telling one side of that story, I'm afraid they [U.S. government officials] are poisoning the political debate," says Jason Healey, now director of the cyber statecraft initiative at The Atlantic Council, a defense think tank.
Click on the player above to hear Healey's perspective on how better cyberdefenses would be built if the government was more transparent on the tit-for-tat attacks of the U.S. and its adversaries.
You'll also hear my take on why the government needs to be more transparent on the back-and-forth battling taking place in cyberspace. After all, as the memo prepared for Alexander shows, the Iranians knew about the Western attacks on its key systems. It's the rest of us who were kept in the dark by the federal government.