Intelligence officials: Iran greater cyber threat to US infrastructure than China

“Iran is not a rational actor”

From Nicole Perloroth, David E. Sanger, and Michael S. Schmidt, New York Times:  American intelligence officials believe that the greater danger to the nation’s infrastructure may not even be China, but Iran , because of its avowal to retaliate for the Stuxnet virus created by the United States and Israel and unleashed on one of its nuclear sites. But for now, these officials say, that threat is limited by gaps in Iranian technical skills.

There is no doubt that attacks of all kinds are on the rise. The Department of Homeland Security has been responding to intrusions on oil pipelines and electric power organizations at “an alarming rate,” according to an agency report last December. Some 198 attacks on the nation’s critical infrastructure systems were reported to the agency last year, a 52 percent increase from the number of attacks in 2011. . . .

American intelligence experts believe that the primary reason China is deterred from conducting an attack on infrastructure in the United States is the simple economic fact that anything that hurts America’s financial markets or transportation systems would also have consequences for its own economy. It could interrupt exports to Walmart and threaten the value of China’s investments in the United States — which now include a new, big investment in oil and gas.

Iran, however, may be a different threat. While acknowledging that “China is stealing our intellectual property at a rate that qualifies as an epidemic,” Representative Mike Rogers, the Michigan Republican who chairs the House Intelligence Committee, added a caveat in an interview on Friday. “China is a rational actor,” he said. “Iran is not a rational actor.”

A new National Intelligence Estimate — a classified document that has not yet been published within the government, but copies of which are circulating for final comments — identifies Iran as one of the other actors besides China who would benefit from the ability to shut down parts of the American economy. Unlike the Chinese, the Iranians have no investments in the United States. As a senior American military official put it, “There’s nothing but upside for them to go after American infrastructure.”

While the skills of Iran’s newly created “cybercorps” are in doubt, Iranian hackers gained some respect in the technology community when they brought down 30,000 computers belonging to Saudi Aramco, the world’s largest oil producer, last August, replacing their contents with an image of a burning American flag.

The attack did not affect production facilities or refineries, but it made its point.

“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” Abdullah al-Saadan, Aramco’s vice president for corporate planning, told Al Ekhbariya television. . . .

“There are 12 countries developing offensive cyberweapons; Iran is one of them,” James Lewis, a former government official and cybersecurity expert at the Center for Strategic and International Studies in Washington, said at a security conference in San Francisco. Those countries have a long way to go, he said, but added: “Like nuclear weapons, eventually they’ll get there.”  (graphic: CBS News)

Image: cbs%203%204%2013%20Iran.jpg