Iran fired missiles at Iraqi bases housing U.S. troops after vowing to take revenge for the killing of military leader Qasem Soleimani. What are the implications for cyberwar?
After the U.S. killed top Iranian military commander Qassem Suleimani in a drone strike on Jan. 2, Iran’s leaders vowed to take revenge.
Retaliation arrived last night. In the early hours of morning local time, the Iranian military fired more than a dozen missiles at two Iraqi bases housing U.S. troops, chief Pentagon spokesperson Jonathan Hoffman confirmed in a statement. No troops were harmed in last night’s attack, President Donald Trump said at a Wednesday morning press conference, while announcing additional economic sanctions on Iran.
Until last night, speculation had run rampant about what form Iran’s potential retaliation might take. Among the most frequently cited possibilities were cyberattacks. (See all the coverage.)
Iran was in a tricky situation. It was expected to display a show of force, but not so strong that it would provoke an outsized response. Iran’s Supreme Leader Ayatollah Ali Khamenei had stipulated that retaliation must be “direct and proportional” to the U.S.’s attack, according to the New York Times. An airstrike might fall within those parameters.
“Iran took & concluded proportionate measures in self-defense,” said Iranian foreign minister Mohammad Javad Zarif in a tweet. “We do not seek escalation or war, but will defend ourselves against any aggression.” (Iranian state media reported, without presenting evidence, that 80 soldiers were killed and 200 more wounded in the strike.)
The thing about cyberattacks: They’re less showy than missiles, and they require ample preparation. “Cyber is not a magic button. It takes a lot of planning, particularly for it to be something proportional to the killing of a top leader in your country,” says Oren Falkowitz, a National Security Agency alumnus who runs the cybersecurity startup Area 1 Security. “Most of the things you can do quickly are ankle-biting or uninspiring.” (See, for instance, the recent defacement of an obscure U.S. government website.)
If Iran had hooks in critical infrastructure in the U.S. that could be turned toward destructive (or, in the worst case, lethal) ends, its hackers still might wish to hold their fire. That’s because when attackers exploit network vulnerabilities to cause damage, they are effectively burning their assets, says Jake Williams, another ex-NSA hacker who leads the cybersecurity firm Rendition Infosec. “They’re gonna want to save bullets to fire later,” he says, especially if physical warfare remains a possibility.
This isn’t to say that cyberattacks can be dismissed. The U.S. Department of Homeland Security has warned businesses to be on the lookout for Iranian cyber threats. Iranian disinformation and digital intrusions have been ramping up for months since tensions began flaring with the U.S., according to Sandra Joyce, head of global intelligence at cybersecurity firm FireEye. Some previous examples of Iranian cyber might: Its hackers are believed to have used malware to destroy tens of thousands of computers at Saudi Aramco in 2012, to have pummeled companies like Bank of America and JPMorgan Chase with so-called distributed denial of service attacks around the same time, and to have infiltrated a dam north of New York City soon after.
Iran is likely to continue trying to penetrate U.S. and other foreign businesses. Every precaution should be taken to secure networks against intrusion.
Robert Hackett
Twitter: @rhhackett
Email: robert.hackett@fortune.com