Get started on your Homeland Security Degree at American Military University.
Although not proven and almost certain to be denied, Iranian hackers are considered the most likely culprits in a campaign of cyberattacks against the critical infrastructure sites and government departments in Bahrain. The small Gulf state is strategically located and seen by Teheran as part of the axis led by the U.S. and Saudi Arabia. It is also the regional home of the U.S. Navy’s Fifth Fleet and Navy Central Command.
According to a Wednesday (August 7) report in the Wall Street Journal, the suspected Iranian cyber offensives have raised fears in the region “that Tehran is stepping up its cyberattacks amid growing tensions.” As ever in the cyber domain, there is always some level of activity, but the WSJ reports that regional analysts believe such activity has now risen “above the normal level of Iranian cyber activity.” Recent attacks have targeted Bahrain’s National Security Agency, the Ministry of Interior and the first deputy prime minister’s office.
Of more concern, though, have been attacks against actual critical infrastructure services. Late last month, hackers shut down several systems within the Electricity and Water Authority—this is thought to have been a mix of message and rehearsal. A demonstration of the vulnerability of heavily secure command and control systems that would have a quick and significant impact on the country. And that message is not for Bahran alone. Other Gulf states will be taking note.
As usual, direct attribution is hard to pin down and there is no certainty that the attacks were executed by or on behalf of Teheran. There is also the challenge with cyberattacks that there is no physical evidence to examine, just reports to analyse. According to the WSJ, U.S. intelligence has suggested Teheran is the likely culprit, with a Bahrain Ministry of Interior spokesperson assuring that “robust safeguards are in place,” adding that “in the first half of 2019, the authorities had successfully intercepted over 6 million attacks and over 830,000 malicious emails.”
While these attacks have reportedly been against targets in Bahrain, the message will have been received by other states in the region as well as by the U.S. and its allies more broadly. The cyber situation in the Gulf mixes military offensive and defensive capabilities with state-sponsored attacks on civilian targets. And critical infrastructure is the most prized hunting ground for offensive cyber activity after military and intelligence agencies themselves.
As I’ve written before, Iran understands that attacks on the U.S. military in the cyber domain remain a challenge, and so its efforts have focused on the under-protected U.S. corporate sector (including critical infrastructure) and U.S. allies. Two weeks after U.S. Cyber Command hit Iran’s command and control structure in the aftermath of the downing of a U.S. surveillance drone, came a warning that an Iranian-led hack was targeting the millions of unpatched Microsoft Outlook systems. And since then we have seen attacks on LinkedIn as well. An attack in one domain led to retaliation in another. This is a major hybrid warfare development we have seen this year.
The WSJ cites U.S. officials “familiar with the matter,” who confirmed the cyber breaches in Bahrain—saying that at least three entities had suffered intrusions.” Obvious parallels were drawn with the Shaman attacks from 2012, which targeted state oil and gas companies in Qatar and Saudi Arabia.
In June, the U.S. Department of Homeland Security warned of a”recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies.” The National Security Agency has also warned of malicious Iranian cyber actions, telling AP “in these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defenses are in place.”
Iran finds itself in an interesting position right now. It has warm relationships with both Moscow and Beijing, and while there is no chance of open book cyber partnerships with either, there will certainly be elements of support and assistance. Such collaboration is much harder to identify than in the physical military domain, which makes Teheran an interesting candidate as a deniable proxy as all major powers flex their cyber muscles and experiment with offensive and defensive capabilities.
When U.S. Cyber Command hit Irans systems, it sent a message that “we can reach into your most secure networks when needed.” The consistent message back from Iran has been that the U.S. and its allies are not as well defended as they should be and attacks can be mounted in multiple domains, many of which carry serious risk.