This is not a prediction, it’s simply an assessment of one of the obvious counterattacks in Iran’s ever-widening stable of options. Anyone telling you they know what will happen next is a liar. The exact thing that makes this situation so terrifying with Iran is that assassinating Iranian General Qasem Soleimani opens up a world of possible escalations that Iranian experts cannot even foresee. Iran has been very careful to try to constrain their attacks in this proxy war against the United States to the region (ie: the war in Yemen fought between Saudi Arabian and Iranian proxies), but the United States assassinating Iran’s second-in-command literally rewrote the rules in this conflict. By definition, what we did yesterday is an act of war, and we should be ready for responses in kind, especially given how woefully unprepared we are for a new kind of warfare. Former Director of National Intelligence Dan Coats expanded on our massive digital vulnerability in a speech to the Hudson Institute in 2018.
You only need to go back less than two decades ago to put, I think, the current cyber threat into its proper context. In 2001, our vulnerability was heightened because of the stovepipe approach of our intelligence and law enforcement communities that produced what they called “silos of information.” At the time, intelligence and law enforcement communities were identifying alarming activities that suggested that an attack was potentially coming to the United States. It was in the months prior to September 2001 when, according to then CIA Director George Tenet, the system was blinking red. And here we are nearly two decades later, and I’m here to say the warning lights are blinking red again. Today, the digital infrastructure that serves this country is literally under attack.
Every day, foreign actors—the worst offenders being Russia, China, Iran and North Korea—are penetrating our digital infrastructure and conducting a range of cyber intrusions and attacks against targets in the United States. The targets range from U.S. businesses to the federal government (including our military), to state and local governments, to academic and financial institutions and elements of our critical infrastructure—just to name a few. The attacks come in different forms. Some are tailored to achieve very tactical goals while others are implemented for strategic purpose, including the possibility of a crippling cyberattack against our critical infrastructure.
In March 2018, the city of Atlanta fell victim to a massive cyberattack. Business was ground to a halt for days as no one could get into digital municipal systems thanks to ransomware that was estimated to cost the city $17 million. This attack was Iranian in nature, as the Atlanta Journal Constitution reported:
Authorities on Wednesday charged two Iranian citizens for the ransomware cyber attack that hobbled the city of Atlanta’s computer network in March, and the federal indictment outlines the pair’s massive nationwide scheme to breach computer networks of local governments, health care systems and other public entities.
We tend to think of warfare in terms of bombs and foot soldiers, but the digital age has opened up a new front to defend. Cyber attacks can be launched from anywhere at any time and their origins can be masked to sow confusion as to who is responsible. It is highly unlikely that Iran would try to strike on U.S. soil with traditional kinetic warfare, but they have already proven they have the capability to cause widespread damage here with the push of a button.
In 2012, LawFare compiled a list of all significant cyber attacks on federal systems since 2004, accounting for a total of 65 attacks (which averages out to one every 45 days). We are already in the midst of a global cyber war, and we just turned a proxy war into an actual war. Iran is sure to retaliate against U.S. targets in the region, but this escalation has opened up a world of possibilities, and it seems naïve to think they will not at least entertain their cyber options for attacking the United States here at home, given the litany of examples of how vulnerable we are to cyber warfare.
In October 2016, the internet was shut down across large swaths of the United States, as a distributed denial-of-service attack (DDoS) was launched against the Domain Name System (DNS) provider, Dyn. Malware infected a litany of Internet of Things (IoT) devices like smart home systems, printers, baby monitors, and much more—essentially giving the attackers an army of zombie robots to do their bidding. There were three separate attacks during the day that crippled American internet connectivity, causing millions in damage to the economy over the course of several hours.
In 2017, the NSA lost control of EternalBlue, a cyberweapon designed to navigate through a backdoor in Microsoft’s operating system that the NSA never told them about. In 2018, this software was used in the WannaCry attacks that infected 200,000 computers across 150 countries, crippling National Health Services hospitals in England and Scotland. Later that year, this same exploit was used in the NotPetya attacks that completely debilitated a million computers in Ukraine. For three weeks in 2019, the city of Baltimore was under siege from this same attack, with security experts discovering that “hundreds of thousands” of attacks are made daily with this protocol. Welivesecurity revealed just how dire this situation is last year:
According to data from Shodan, there are currently almost a million machines in the wild using the obsolete SMB v1 protocol, exposing the port to the public internet. Most of these devices are in the United States, followed by Japan and the Russian Federation.
Combating this threat is firstly a matter of patching obsolete systems, but the United States government is notoriously far behind the times when it comes to cybersecurity (not to mention major industries like healthcare as well, or the stock market that was mysteriously shut down for three hours in 2015). All these municipalities falling victim to malware this past decade is a giant flashing red light, and we just stirred up a hornet’s nest halfway across the world. We have a digital target painted on our backs here at home, and Iran has the capability to do untold damage to our economy, health care system and general way of life using a simple exploit devised in NSA offices and tweaked in Tehran, let alone whatever digital contingencies they have planned for this situation (and rest assured, they have been planning for an attack like this for decades).
Iran is a rational actor. They talk a big game about wiping Israel off the map and attacking “the Great Satan,” but they understand initiating a full-scale war will not work out well for them. That’s why this conflict has largely remained in the region. However, the calculus now changes when the war is brought to their doorstep. What was a regional conflict largely encapsulating Iranian, Saudi, Israeli and US-backed militias now has the potential to involve the actual militaries of all four nations, and perhaps beyond. If Iran decides that they want to strike the United States in our homeland, a cyber attack is the easiest way to cause maximum destruction with some plausible deniability built in. Shipping, energy, local municipalities, big business—these are just a few of the sectors Iran could target that would make us feel this war here at home—not to mention the more traditional kinetic warfare that could be brought to our doorstep with one of their terror cells (three men have been arrested since 2017 scouting U.S. domestic targets on behalf of Hezbollah).
This is bad. Eliminating one person does very little to neuter the systems he was controlling, and while the loss of Qassem Soleimani will be difficult for Iran to replace, his death will serve as a rallying cry for the thousands of militants under his command. There is a world that exists where the United States can quickly come together with Iran to de-escalate this situation, and Soleimani’s death winds up being a positive development—but even without Trump as commander-in-chief, the military industrial complex’s capability to come to a grand bargain like that is dubious at best. We just destabilized the most unstable region in the world even further, and at a certain point, it seems inevitable that our militaristic adventurism in foreign lands will eventually lead to serious retaliation here at home.
Jacob Weindling is a writer for Paste politics. Follow him on Twitter at @Jakeweindling.