Retaliation from Iran likely to include cyber attacks, expert says
On Monday, Iran responded to the U.S. strikes on its nuclear facilities by attacking a U.S. base in Qatar. A local and national cybersecurity expert told KDKA-TV that they'll likely have a combined approach, which includes a cyber attack.
The Department of Homeland Security issued a bulletin warning Sunday of the possibility of cyber attacks against the U.S. following the strikes on Iran. It's a key tool frequently used by Iran, which is one of our four main adversaries for cyber hacking.
The potential for it to happen is very real, according to David Hickton. The founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security said we need to be concerned.
"Cyber attacking is probably, almost certainly part of their response portfolio," Hickton said. "When something like this happens, what you really watch for is the asymmetrical attack, the attack that doesn't really match up tit for tat with the attack that they received."
In particular, Iran focuses on critical infrastructure, so our banks, the government itself, hospital systems, our transportation networks, including air traffic control, and our water supply, which the Municipal Water Authority of Aliquippa experienced back in the fall of 2023, from an anti-Israel Iranian group.
Hickton also said we need to be watching for what's called a DDoS attack, which floods the market and makes everything inoperable.
"You wouldn't be able to get to use your ATM, you wouldn't be able to use your credit card, you might not be able to get groceries," Hickton said.
Thirdly, he's worried about ransomware and credential harvesting, which are used to steal money from bank accounts.
"For people who live here, it would be a good idea to be at a heightened level of alert to take cybersecurity steps to protect themselves," Hickton said.
Hickton said now is the time to ensure you have strong passwords and two-factor authentication, with a second check on security through a phone call. Also, don't click an attachment in an email without calling the sender to check that they sent you that email.
Afterwards, Hickton said we'll need to see what happens and possibly worry about a type of attack that's hard to detect.
"A latent attack, where we let our guard down because someone is parked in our system, and now they're ready to go," Hickton said.
One positive for residents in western Pennsylvania is that Hickton said some of the best cybersecurity work to protect us is being conducted in our region.
