*New help for strengthening computer-network defenses for allies propelled by high-profile attacks in the past year, including one was against Saudi Aramco, Saudi Arabia’s largest, state-run oil producer, which according to American officials was carried out by Iran*
The New York Times, A1, by Thom Shanker and David E. Sanger (Washington, DC, June 9, 2013)— The Obama administration has begun helping Middle Eastern allies build up their defenses against Iran’s growing arsenal of cyberweapons, and will be doing the same in Asia to contain computer-network attacks from North Korea, according to senior American officials.
The American officials would not say which countries in the Persian Gulf have signed up for help in countering Iran’s computer abilities. But the list, some officials say, includes the nations that have been the most active in tracking Iranian arms shipments, intercepting them in ports and providing intelligence to the United States about Iranian actions. The three most active in that arena are Saudi Arabia, the United Arab Emirates and Bahrain.
In Asia, the countries most worried about being struck by North Korean computer attacks are South Korea and Japan.
The Defense Department’s assertive new effort in the gulf and Asia is the latest example of how the Obama administration is increasingly tailoring its national security efforts for a new era of digital conflict, in this case assuring the defense of computer networks and, if necessary, striking back against assaults.
A directive signed by the president that surfaced Friday — the third in a series of leaked documents published by the newspapers The Guardian and The Washington Post — underscored how the Obama administration is trying to prepare itself and its allies. The leaks also revealed how the Obama administration has put in place a large Internet surveillance operation to identify terrorism threats.
The presidential directive included the declaration that the United States reserved the right to take “anticipatory action” against “imminent threats,” a reference, it seemed, to the kind of crippling infrastructure attacks that Iran appears to be working on against American and allied targets.
The new help for strengthening computer-network defenses for allies, which has not been publicly announced, closely parallels earlier efforts by the Obama administration in two volatile parts of the world. In recent years it has helped install advanced missile-defense systems and early-warning radars in Persian Gulf nations to counter Iran’s missile ability, and it has done something similar in Asia in response to North Korea’s nuclear weapons program.
But deterring cyberattacks is a far more complex problem, and American officials concede that this effort, which will include providing computer hardware and software and training to allies, is an experiment. It has been propelled by two high-profile attacks in the past year. One was against Saudi Aramco, Saudi Arabia’s largest, state-run oil producer, and according to American officials it was carried out by Iran. That attack crippled 30,000 computers but did not succeed in halting production. The other, an attack on South Korea’s banking and media companies this spring, was later attributed to North Korea. It froze the ability of several banks to operate for days.
“The Iranian attack on the Saudis was a real wake-up call in the region,” said one senior administration official, who would not speak on the record about the American efforts to counter Iran. “It made everyone realize that while the Iranians might think twice about launching a missile attack in the region, they see cyber as a potent way to lash out in response to sanctions.”
The administration is capitalizing on the fear created by those attacks to build on the de facto alliance against Iran that it has constructed in the region. The Pentagon is drawing up proposals for providing advanced hardware and software for computer-network defense that could be sold throughout the Persian Gulf, much as American aircraft and missiles are sold to Arab allies. Training programs are being put together to teach computer security to military and law enforcement in the region, and to collaborate with private companies.
And, just as the Pentagon conducts naval exercises in the Persian Gulf to practice ways of keeping the Strait of Hormuz open, officials say future joint war games would include simulated cyberattacks, similar to the one Iran conducted against Saudi Aramco.
The idea is to give American and allied forces practice carrying out their missions with their networks under duress, officials said.
The new interagency effort in Washington comes at a time when Israeli and American intelligence officials have been concerned by Iran’s swift advances in its computer weaponry, particularly its ability to disrupt existing infrastructure. As one former senior American military commander said recently, “They have startled everyone with the speed at which their capabilities have increased.”
But one continuing point of dispute is whether Iran and North Korea are working together on the development of cyberweapons, the way they have worked together for years on the development of missile technology.
A senior Israeli military official said Israel had evidence that Iran and North Korea were beginning to collaborate on developing cyberweapons. He declined to cite the specific evidence.
Although there is concern in Washington that cooperation between Iran and North Korea could spread to computer tools, American officials say there is no proof of such collaboration.
A senior Defense Department official said the program to develop computer skills among allies would focus solely on defending against disruptive and destructive attacks on networks for the military and critical infrastructure. The United States will not share its growing arsenal of offensive cyberweapons, which, like nuclear arms, can be deployed only on presidential order.
Those have been used in only one major case: the American and Israeli attack on Iran’s nuclear enrichment system, part of a covert program called Olympic Games that delayed, but ultimately failed to destroy, Iran’s nuclear ability.
Officials pledge that computer hardware and software eventually provided to allied nations will be evaluated to avoid providing the type of defensive systems that also can be used for domestic surveillance or to punish political opponents.
This new focus on adding computer-warfare skills to a global effort the Pentagon calls “building partner capacity” — and usually refers to more traditional training of conventional forces — is another indication of the high level of concern in Washington about the growing danger of computer-network attacks from Iran or North Korea.
After the attacks on energy firms in the Persian Gulf, “we recognized that we really need to bolster our working relationships with key allies in the region,” said one senior Defense Department official. “We made a very conscious strategy decision to make that a priority, both in the gulf and also in Asia.”
Iran, in particular, is viewed as having greatly accelerated its computer efforts. The advancements appear to be the result of carefully focusing the work of a domestic computer sciences and hacking community.
The emerging Iranian program is far more disciplined and mature than Tehran’s previous efforts, which had focused on social media to coax American military personnel based in the Middle East and Persian Gulf region to sign up for dating and travel services, or chat rooms. The goal was to obtain the online information from American military personnel to find back doors into military computer systems.
In addition, American officials say Iran now is believed to be hiring foreign computer programmers associated with Internet criminal activity, some from Russia.
And, perhaps most worrisome, Iran and other nations now are able to purchase powerful malware that, while costly, is available on the black and gray markets — and can quickly advance the potency of a nation’s destructive ability across computer networks.
In the rankings of computer powers, Iran and North Korea are far lower in ability than the United States, Israel, Britain, Russia and China.
China and Russia, however, have strong incentives to limit the destructiveness of their attacks; they are so tied into the global economy that anything truly disruptive to financial or energy markets would backfire. But North Korea and Iran, especially in times of rising tensions, would be less prone to show restraint, American officials say.