Security experts nationwide warn that the United States should expect serious cyberattacks from Iran in the next few months. The anticipated attacks, retaliation for United States' killing of Major General Qasem Soleimani, are likely to include as targets oil refineries and other energy infrastructure. The specific targets, and whether the attacks will be state-sponsored and strategic or carried out by individuals or smaller groups, remain unknown.

One reason underlying the likelihood that Iran will ramp up its cyberattacks is that, unlike military or terrorist attacks, cyberattacks can be carried out in measured increments, effectively hindering normal operations, yet keeping the disruption to a level that will not provoke retaliation by the U.S. Indeed, according to a New York Times report, President Trump indicated that if Iran's response to the drone strike causing Soleimani's death had been severe enough, the U.S. would have launched a cyberattack to disable Iran's gas and oil sector. Instead, President Trump imposed additional economic sanctions.

While its cyber capabilities are not on par with those of China or Russia, Iran has a long history of promoting cyber attacks on targets here and abroad. In 2012, for example, Iran initiated a denial-of-service attack on dozens of U.S. financial institutions, flooding their websites with network traffic and forcing them off-line. In 2014, Iran successfully destroyed sensitive data when it hacked into the system at the Sands Casino, after the casino's owner made anti-Iranian comments. In perhaps its highest profile cyberattack carried out against Saudi Arabia's state-owned oil company, Saudi Aramco, Iran destroyed more than 30,000 computers with a virus, forcing the company off-line for months at a cost of hundreds of millions of dollars.

As we noted earlier this month, a bulletin released by the Department of Homeland Security just days after Soleimani's death warned against Iran's past cyberattacks and noting that, "Iran is capable, at minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States." The prediction that Iran's cyberattack could target control systems vital to the operation of power grids and other critical energy infrastructure is not far-fetched. In 2013, Iran successfully penetrated the controls of a 20 foot dam in New York, although no water was ever released, and such a release would have caused minimal damage had the attack been carried out. If, however, the dam had been larger, or located in an urban area, the results could have been catastrophic.

In the wake of these anticipated threats, experts call for:

  • heightened vigilance:
  • attention to critical systems, including third party access;
  • increased monitoring;
  • deployment of back-up systems:,
  • implementation of multi-factor authentication; and
  • a well-developed incident response plan.

Even with these enhanced measures, cyber experts worry whether the grid is prepared to defend against a serious cyberattack. While Iran's cyber efforts in the U.S. so far have risen only to the nuisance level, the bulk power and the natural gas pipeline systems remain vulnerable to serious attack from nations whose interests are adverse to the U.S.

To view Foley Hoag's Energy & Cleantech Counsel blog please click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.