Iranian Cyber Reconnaissance – Potential Maritime Impacts

Tuesday, July 27 Sky News broke a story that should be of interest to maritime security professionals and the maritime community in general – as well as potentially other critical infrastructure sectors.  Sky News claims to be in possession of “very confidential” leaked Iranian cyber intelligence documents demonstrating Iran’s intent and desire to compromise critical infrastructure using cyber, including cargo vessels, fuel facilities and satellite communications. See the article here:  Iran's alleged secret cyber files revealed - YouTube

FireEye, a cybersecurity company, suggests that the documents, "discuss the possible physical impacts of cyber operations targeting civilian critical infrastructure and the feasibility of conducting such attacks, while examining the percentage of internet-accessible devices that could be potential targets."  FireEye stated further that, “these are the initial steps a state would take if they wanted to develop a specific cyber-attack capability.”

Iran has been engaged in cyber operations for some time (NY financial institutions, UK Parliament, Saudi Aramco, etc.)  Although this type of reconnaissance may not seem new, it appears to be another piece of the puzzle as Iran seeks to prepare for, and potentially execute cyber-attacks against the US and others.

These recent discoveries emphasize things our FSOs should be doing to mitigate risk: 

  • As new requirements for a cyber annex in facility security plans come into play, have you connected your physical and cyber security thinking, and more importantly the teams you have doing both?  
  • Have you established relationships with partners in your port and/or sector to exchange information?  
  • Do you have a connection to the Maritime Transportation System Information Sharing and Analysis Center?  
  • Is there a regular dialogue with the Captain of the Port in your area and others related to cyber as well as physical threats?

All of these are important to your cyber preparation – “if you are ready, you do not have get ready!”