Reported cyber attack on Iran's oil industry doesn't bear hallmarks of past assaults
For now, the sanctions on Iranian oil and its banking system are the main lever of pressure on the regime going in to the Baghdad talks in a month.
Monday's announcement by the Iranian Oil Ministry that it had detected a cyber attack on its computers and those of the central oil export companies and installations immediately bring to mind the now almost mythological Stuxnet attack on the computers controlling the uranium enrichment centrifuges almost two years ago. But I don't think that if indeed, as seems almost certain, Stuxnet was a highly-advanced computer worm designed to disrupt the centrifuges operation, manufactured and inserted into the system by an enemy of Iran with sufficient technological resources (only two countries come to mind), this latest attack on Iranian computers come from the same source.
For a start, a team of programmers good enough to make Stuxnet would probably have succeeded in producing a new cyber strike that would not have been detected at an early stage, as this one has been. But the more compelling reason to doubt that the computer corps of Israel or the United States are behind this attack is that it makes little sense for them to try and sabotage Iran's oil exporting infrastructure at this point. For now, the sanctions on Iranian oil and its banking system are the main lever of pressure on the regime going in to the Baghdad talks in a month. Relieving these sanctions will be the prize on offer to the Iranians if they agree to a deal on ending their enrichment program – a simultaneous cyber attack may up the pressure, but it would also stoke the already suspicious minds in Tehran, making them believe that the U.S. is out to get them no matter what they agree to. Let's not forget either that the western intelligence services would probably not be interested in disrupting Iran's oil exports in a sudden way that could drastically push up the price of oil.
It is unclear from the reports what kind of a cyber attack actually occurred, whether what is being called "Wiper" was a virus or a worm, which are technically very different, but it does seem almost certain that whatever it was, it was a disruptive program, meant to be found out relatively quickly, once the targeted computers began going haywire. Since the Iranian ports are involved both in exporting oil and the secret commerce in arms going out to Syria, Hezbollah and Islamic Jihad, and the components for the nuclear industry surreptitiously purchased and brought into Iran, it would have made more sense for Israel or the U.S. to penetrate its computers with spyware. In other words, while sabotage may be an appealing notion, having a quiet and undetected presence within the Iranian computer network, monitoring efforts to evade the sanctions.
My friend Dr. Thomas Rid, who is a reader at the Department of War Studies in London's King College, has been researching cyber-warfare and recently wrote a well-argued critique of the currently in-vogue hype on cyber attacks. While I don't agree with all his conclusions, I also think that the potential damage of cyber-warfare has much more of a psychological impact than the doomsday scenarios which are being tossed out by defense chiefs in the west.
Naturally, he has been following this latest development closely but he admits to being frustrated at the lack of detail. "None of the major tech blogs, usually first-out with detailed information, has anything of note to say about the 'Wiper' attack" he says. "It seems that the attack is only affecting the oil ministry, not the industrial control systems used in the oil production and terminals. Iranian sources indicate that the attack has been going on for a long time, since March, that it is ongoing, and that it is intensifying. Given that Iranian authorities don't have an interest in appearing vulnerable, I would assume that something more serious than they expected is going on."
He doesn't believe that Wiper and Stuxnet come from the same source. "We don't know very much right now about it but I would assume that whoever made Stuxnet was capable of doing significant harm, this was the most sophisticated cyber attack we have ever seen after all." But at the same time he believes that – "no potential state-attacker has an interested in pushing up oil prices in such fragile markets."
While we can only speculate for now what led to the Iranian announcement on Monday and what seems like deliberate leaks to western media, I think that they are trying frantically to reassure the computer users within Iran that they are not over-vulnerable. As I said, cyber-warfare's main threat for now is psychological – the damage to a country where businesspeople, officials and scientists are afraid to switch on their computers is comparable to thousands of centrifuges going on the fritz.