- The United States' economy
is the most sophisticated
and technology-reliant on Earth probably
and that makes us very vulnerable
to adversaries who are
seeking to disrupt us.
- [Cardinale] Adversaries like China,
North Korea, Russia, and, of course, Iran.
As the Iran Nuclear
Agreement quickly unravels,
security experts say
they've seen an uptick
in Iranian cyber attacks
specifically targeting the United States.
And the questions that
experts are asking are
what new tactics do hackers
have up their sleeves?
Will they use more ransomware
to hold data hostage
or cyber-spying and espionage
to access secret information?
And, more importantly,
is the U.S. actually
prepared to defend itself?
Because the more technologically-reliant
the United States becomes,
the more vulnerable it is to disruption.
Just look at the top two industries
that experts say suffer the
most significant cyber attacks.
It's finance and high tech.
- What's so interesting about cyber
is it's a very accessible capability
and we're seeing Iran is
one of those countries
that is actually using
third parties in-country,
probably contractors, to
develop their own capabilities.
And they've been doing that
really since Stuxnet incident,
when they decided to really
ramp up their program.
- [Cardinale] Stuxnet,
the most sophisticated
infrastructure hack to date
and the most aggressive attack
attributed to the U.S. and Israel
against Iran's Natanz
Uraniaum Enrichment Facility.
Stuxnet damaged some 1,000 centrifuges,
infected 30,000 computers,
and brought the entire
operation to a grinding halt.
- There's this been fear
that more and more actors
will be able to do something similar,
which is move in through this cyber realm
and cause a kind of physical consequence.
- [Cardinale] When Iran
downed a U.S. drone
near the Strait of Hormuz in 2019,
the U.S. launched a cyber attack
that wiped an Islamic
Revolutionary Guard Corps database.
Without that data, Iran lost a major asset
that would help in
their attacks on tankers
in the Persian Gulf.
According to experts, Iran
has used cyber attacks
as an economic weapon in
response to economic sanctions,
simply because the U.S. isn't likely
to try and defend itself
through physical retribution.
- Point that our nation needs
a comprehensive strategy
to deal with all areas, all
areas, of Iran's aggression.
- Iran has absolutely been
disruptive in the past
targeting American interests.
They engaged in relatively
low-sophisticated attacks
several years ago,
targeting financial
institutions with DDoS attacks,
essentially spam traffic
being sent to their websites
in a way that intermittently
took those sites down
so consumers in the U.S. were not able
to access their bank accounts.
Even a few minutes of
those websites being down
or those services being inaccessible
can really impact the, not just national,
but global economy.
- [Cardinale] Ironically,
one of the best defenses
to these sophisticated hacks
is to have an analog backup
in case something goes haywire,
like having paper ballots
that can be counted
to give people assurances
that their democracy is
based off of real results.
- The most important thing
that businesses can do
and individuals can do is make sure
that their security posture
is as upgraded as possible.
This is the simple,
routine, and boring art
of updating your iPhone,
updating your Windows operating system.
- [Cardinale] Wall Street
Journal reporting found
that without regular cyber maintenance,
the U.S. is essentially a sitting duck
to unique attacks from hostile groups.
In 2016, a destructive
virus called Shamoon 2
was reportedly executed by the Iranians.
It hit several organizations,
mostly in Saudi Arabia.
That included Sadara, a joint
venture between Dow Chemical
and Saudi Arabian oil.
According to experts,
Shamoon 2 wiped enormous amounts of data
and even prevented computers
from turning back on.
That was evidence that the Iranians
could not only execute
sophisticated attacks,
but were also willing to
invest in custom attacks.
And what's more custom and
nearly impossible to fight
than a propaganda attack?
According to Citizen Lab,
the Iranian information
operation Endless Mayfly
created deceptive
imitations of publications,
like Bloomberg and the
Harvard Belfer Center,
as well as entirely fake personas.
The challenge here is
it's almost impossible
for the U.S. to defend against these new
and increasingly popular attacks.
For now, the government's best bet
may be to work with
social media publications
to try and take down what's
recognized as propaganda
and hope that it's caused
simply minimal damage.
- A term you'll hear a lot of experts use
when they're talking about cyber attacks
is asymmetrical warfare
and this is the concept
that countries that lack
traditional military might
make up for it through use of technology
and through the use of cyber attacks,
and Iran is certainly in that camp.
For Iran, this is the great equalizer.
This is their way of sending
a message loud and clear
that we are here and we are
upset with these sanctions,
we are upset with the U.S. foreign policy,
and we're going to make you hurt for it.
