From: CIO

Cyber threats from larger, more advanced nations that have diplomatic relations with the United States focus on cyber espionage and theft. But Iran is a more irrational actor and is building a cyber capability that is retaliatory in nature.

By Kenneth Corbin

As members of the intelligence, military and homeland security communities evaluate the emerging cyber threats emanating from hostile nation states, they must consider important distinctions in the capabilities and attack patterns of adversaries like China and Iran, cybersecurity experts told a House subcommittee on Wednesday.

Testifying before the House Committee on Homeland Security’s cybersecurity subcommittee, witnesses drew a sharp distinction between the threats from comparatively mature actors like China and Russia, with which the United States has longstanding–if strained–diplomatic and economic ties, and nations like Iran and North Korea.

The cyber threats from China and Russia are typically motivated by economic interests, according to the witnesses, who describe a pattern of intrusions in service of industrial espionage or gaining access to intellectual property. While of grave concern for U.S. businesses and the government, those activities are carried out with a far different intent than state-sponsored attacks seeking to disable critical infrastructure the witnesses warn could come from Iran–either directly or through a proxy.

Cyber Threats From Iran MOre Threatening

 

“Iran is a qualitatively different cyber actor,” says Ilan Berman, vice president at the American Foreign Policy Council. “China and Russia are both focused primarily on cyber theft and cyber espionage. Iran is not. Iran boasts today little by way of cyber-espionage capability.

Rather, what Iran is building is a cyber capability that is retaliatory in nature, and it’s built largely around Iranian perceptions of the unfolding conflict that is now ongoing between itself and the West over its acquisition of a nuclear capability.”

As a result, Berman explains, the situation with Iran and its cyber posture is “particularly volatile” compared with relations between the United States and Russia and China.

“While these other countries are pursuing a degree of diplomatic normalcy with the United States, Iran is not,” Berman says.

Wednesday’s hearing comes amid renewed efforts by lawmakers in both houses of Congress and both parties to draft cybersecurity legislation to improve the defenses of the public and private sectors without imposing burdensome compliance mandates on businesses or weakening personal privacy protections.

Rep. Patrick Meehan (R-Penn.), chairman of the cybersecurity subcommittee, said that he hopes to advance a cybersecurity bill this congress, and Michael McCaul (R-Texas), chairman of the full Homeland Security Committee, said he is eager to work toward a markup once legislation is drafted.

In considering attacks emanating from foreign actors, where attribution and the involvement of a foreign government are often murky at best, the hearing focused on one of the more challenging aspects of the cybersecurity debate.

Wednesday’s proceeding, the first hearing the cybersecurity subcommittee has held in the 113th Congress, also follows a recent flurry of high-level activity, and worrisome attacks, in the cyber realm.

The day began with word from South Korea that media outlets and banks in that country had seen their computer systems knocked offline in an outage that state officials suggested could have originated from their increasingly belligerent neighbor to the north.

In a speech earlier this month, U.S. National Security Advisor Tom Donilon spoke of “cyber intrusions emanating from China on an unprecedented scale,” calling for talks between the two countries “to establish acceptable norms of behavior in cyberspace.” China, for its part, said it was open to discussions about the countries’ respective cyber activities.

Read Complete Article