Yesterday the Justice Department indicted seven Iranian computers specialists for allegedly infiltrating the servers of a small dam in New York and close to 50 financial institutions including Bank of America and the New York Stock Exchange.
Federal investigators claim that one of the men was able to repeatedly gain access to computers controlling key systems of the dam located only 29 miles from Manhattan. At the time in 2013, the dam was disconnected to the facility’s computer, but had it been operational, the hacker would have been able to control both water level and flow rate.
Breaches of some of the largest banks and financial groups in the country are estimated to have cost millions of dollars.
Though the indictment did not specifically allege the Iranian government of directing the attacks, it indicated that the suspected attackers worked as computer contractors for the Iranian government. The charges are bringing attention to the risk of terrorist groups like ISIS targeting critical infrastructure from the power grid to oil and water pipelines.
According to Dell Security, attacks against industrial control systems more than doubled between 2013 and 2014 from about 160 thousand to 675 thousand. Given the unlikelihood that the Iranian government would allow the US to extradite the suspects to the US, the move by the Justice Department is seems as part of a symbolic plan to “name and shame” cyber-attackers. The charges come only months after a landmark deal was negotiated between the US, Iran, and several other nations over Iran’s nuclear program, which led to the removal of economic sanctions that crippled the country for decades.
What do we know about the involvement of the Iranian government in the attacks? What will the charges mean for the recent thaw in relations between the US and Iran? What kinds of infrastructure are considered critical? What kind of damage could be inflicted by breaches of these systems? Just how close are terrorists to causing what has been described as a “cyber-Pearl Harbor”? And how prepared is the US to detect and recover from these smart grid infiltrations?
Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs, and Senior Fellow at the Atlantic Council
Kim Zetter, Senior staff writer, "Wired"; Author, "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon"