May 8, 2018 - World

U.S. deal exit spurs fears of Iran's cyber response

President Trump at podium next to video image of himself

Photo: Chip Somodevilla/Getty Images

Experts are split over whether President Trump's move to withdraw from the Iran deal today will cause an escalation in Iranian cyber espionage, either spying or destructive activity.

The big picture: Iran's cyber-espionage program has become fairly sophisticated in recent years, increasing the stealth and efficacy of its malware. But it doesn't take much sophistication to launch many types of destructive attacks — a response Iran pursued five years ago in the wake of the Stuxnet attack on its nuclear program, which is widely credited to the U.S. and Israel.

What they're saying:

  • Robert Lee, chief executive of Dragos, which protects specialized control systems used in factories and power plants, expects "increased targeting of industrial networks," he told Axios via email: "ICS [industrial control system] cyber attacks and espionage can be highly geopolitical in nature. Every time we see increased tension between states we expect to see a rise in ICS targeting."
  • The threat intelligence firm Recorded Future believes that Iran could rush to orchestrate a response to the U.S. move, making the nation's response more chaotic.
    "[O]ur research indicates that because of the need for a quick response, the Islamic Republic may utilize contractors that are less politically and ideologically reliable (and trusted) and as a result, could be more difficult to control," wrote Priscilla Moriuchi, director of strategic threat development.

The case against: There are strategic reasons for Iran to refrain from mounting any attack.

  • The U.S. move isolates it from the world community by annulling a deal the other parties believe Iran is still respecting.
  • Chief intelligence officer Jeff Bardin of Treadstone 71, a threat intelligence firm, suggests that Trump may have redistributed the U.S.'s global influence to parties more likely to side with Iran.
  • "[Iranian president Hassan] Rouhani still has the ability to work with China, Russia, and the EU over the existing agreement. If anything, this places the U.S. further on the outside of global activities, creating another vacuum where we once stood. Any Iranian overt and targeted hacking at this time against the U.S. would be counterproductive to their aims," Bardin wrote via email.

Vigilance is always in season: Andrea Limbago, of the security firm Endgame, noted a recent indictment of Iranians for espionage and said, "Regardless of today’s news, there already was cause for increased vigilance and defense preparations against Iranian malicious digital activity.”

Go deeper