Iran announced that a blackout occurred at its uranium enrichment facility in Natanz. Iran blamed Israel for a sabotage attack on its underground Natanz nuclear facility that damaged its centrifuges. Israel has not claimed responsibility for the attack. It rarely does for operations carried out by its secret military units or its Mossad intelligence agency. However, Israeli media widely reported that the country had orchestrated a devastating cyberattack that caused a blackout at the nuclear facility. The nature of the attack and the extent of the damage at Natanz remains unclear, but a former Iranian official said the attack set off a fire while a spokesman mentioned a “possible minor explosion.”
Why Did It Happen?
The attack further strained relations between the U.S., which under President Joe Biden is now negotiating in Vienna to re-enter the nuclear accord, and Israel, whose Prime Minister Benjamin Netanyahu has vowed to stop the deal at all costs.
Natanz has been targeted by sabotage and cyberattack in the past. The Stuxnet computer virus, discovered in 2010 and widely believed to be a joint U.S.-Israeli creation, disrupted and destroyed Iranian centrifuges there during an earlier period of Western fears about Tehran’s nuclear ambitions.
In July, Natanz suffered a mysterious explosion at its advanced centrifuge assembly plant that authorities later described as sabotage. Iran now is rebuilding that facility deep inside a nearby mountain. Iran also blamed Israel for that, as well as the November killing of a scientist who began the country’s military nuclear program decades earlier.
Why Is This Important?
While Nation-State cyber attacks aren’t typically affecting small or medium-sized businesses themselves, citizens should be concerned about what’s happening considering Iran’s capabilities. In January of 2020, the Department of Homeland Security put out an alert notifying citizens of potential cyber-attacks from Iran. This followed heightened tensions between the US and Iran following a drone strike that took out a notorious Iranian military leader. Some cybersecurity experts put Iran’s cyberwarfare capabilities right behind Russia and China.
“Russia and China are Tier 1 cyber aggressors and very close behind them comes Iran, then North Korea. It is often difficult to distinguish between different countries in cyber terms as they probably use proxies in each other’s countries to mask the true originator. The U.S., U.K. and Israel are probably the West’s Tier 1 countries with sophisticated capabilities from both a defensive and offensive perspective.”
Iran has hacked numerous government websites, taken down servers of corporate targets, and broken into email accounts of people speaking out against their regime. Their actions seem to be geared toward cyber vandalism, but that doesn’t mean that they aren’t capable of something far more serious.
Experts regularly exchange ideas on Iran’s cyberwarfare capabilities. Christoper Krebs, former head of the US’s Cybersecurity and Infrastructure Security Agency, warned about various scenarios his agency thought were within Iran’s capability. He suggested Iran could take over US power grids and shut them down for days or weeks. The stock market could be hacked into, taken offline, or simply manipulated causing economic turmoil. Iran could take over water supply systems, leading to unsafe drinking water, or even hack into Tesla’s auto-drive feature to take over control of the vehicle. These may seem like exceptional hacking events, but increasingly cybersecurity researchers are showing them to be very possible. According to one DHS employee, “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
What does this mean for an SMB?
SMBs shouldn’t focus on Nation-State attacks. However, the steps they take to prevent a breach at their SMB will provide a more difficult target for nation-state attacks. SMBs ought to focus primarily on their employees taking simple measures to improve employee’s online security.
10 STEPS EVERY SMB SHOULD TAKE TO PROTECT THEMSELVES FROM CYBER ATTACKS:
- Train employees on the cybersecurity best practices.
- Phish test employees to keep them vigilant in their inboxes.
- Govern staff with policies to guide behaviors and independent decision-making.
- Adopt a Password Manager for all employees.
- Enable two-factor authentication on all critical Internet-enabled services.
- Regularly back up all your critical data using the 3-2-1 approach.
- Implement the Principle of Least Privilege. Remove administrator rights from employee local Microsoft Windows workstations.
- Implement Data Loss Prevention technologies on your email systems to spot critical and sensitive data leaving your business via email.
- Buy enough Cyber Insurance to cover a catastrophic breach event.
- Build a robust network at your firm that is properly segmented. Network segmentation is to computer networks what sealed ballasts are to Submarines. They enable damaged sections of a company or submarine to be completely isolated to prevent sinking of the whole network or submarine respectively.