Iran is a more dangerous cyber threat to U.S. than China or Russia
Wednesday's proceeding, the first hearing the cybersecurity subcommittee has held in the 113th Congress, also follows a recent flurry of high-level activity, and worrisome attacks, in the cyber realm.
The day began with word from South Korea that media outlets and banks in that country had seen their computer systems knocked offline in an outage that state officials suggested could have originated from their increasingly belligerent neighbor to the north.
In a speech earlier this month, U.S. National Security Advisor Tom Donilon spoke of "cyber intrusions emanating from China on an unprecedented scale," calling for talks between the two countries "to establish acceptable norms of behavior in cyberspace." China, for its part, said it was open to discussions about the countries' respective cyber activities.
Berman and other witnesses credit China, along with Russia, as operating as generally rational actors in the cyber arena, even if their governments are complicit in--or actively encouraging--widespread infiltration of sensitive and proprietary systems in the United States. The largely economic motivations of those countries' activities are in stark contrast to nations that stand more as outliers on the world scene.
"One of the saving graces of our China cyber problem and our Russia cyber problem is that, while we may not be comfortable with the scope, we in general understand the direction and that is missing in our calculation with regard to Iran and increasingly with regard to North Korea," Berman says.
"And the shared geopolitical driver here is that both regimes are under growing international stress as a result of their rogue behavior," Berman says." But it's also the type of international stress—economic, diplomatic, financial—that's forcing them to lash out in unpredictable ways."
Like Berman, Frank Cilluffo, director of Homeland Security Policy Institute at the George Washington University, emphasizes that Iran does not have the capacity for waging cyber attacks as sophisticated as what Russia and China could launch, but that only diminishes the threat so much.
"The bad news is what they lack in capability they more than make up for in intent," Cilluffo says. Moreover, even if Iran's capacity to launch an attack is a far cry from that of Russia or China, Cilluffo points out that the nation can fairly easily turn to proxies or rent out low-cost botnets. "The bar to entry when we talk about cyber is not very high," he says.
Cilluffo also told members of the subcommittee that many of the tools used in cyber attacks, while readily available and inexpensive, are also becoming more sophisticated. So the increasing ease with which an overseas adversary can launch of a distributed denial-of-service attack against a set of corporate targets, while not approaching the "cyber 9-11" that officials often warn about, is itself a cause for growing concern.
"You can rent a botnet for very little that can cause major disruption, Cilluffo says. "That's not the same as destruction but it can get to a point where companies that live and breathe on just-in-time inventories, that live and breathe on the ability to connect with their customers immediately--it has a huge impact."