Shane Harris of The Daily Beast on how Iran’s cyber army has been overhyped as part of standard Washington politics:
A report on Iran’s possible plans to launch devastating cyber attacks in the United States raised eyebrows last month, both for its alarming claims and its unusual combination of authors: a Silicon Valley cybersecuirty company and a famously influential neoconservative Washington think tank that’s has been a prominent opponent to a nuclear deal with Iran. The report warned that if the U.S. lifted sanctions on Iran, the country would pour new money into its burgeoning cyber warfare program.
But before the report—co-authored with the American Enterprise Institute—was ever made public, the security company shared a set of preliminary findings on Iran’s cyber warfare operations with officials in the U.S. military and the intelligence community. There, according to current and former officials, the information was greeted by some with a mixture of puzzlement and outright hostility. Government and outside experts have wondered whether the preliminary findings, as well as the subsequent public report with AEI, was relying on dubious intelligence to stir up fears about pending Iranian cyber attacks, just as U.S. officials were trying to iron out the nuclear deal.
The Daily Beast reviewed a copy of the preliminary report, which was written by the cyber security company Norse in January of this year and shared with officials at the National Security Agency and in the military. Described as a “cyber intelligence bulletin” on “malicious cyber activity originating from the Islamic Republic of Iran,” it states that Norse has data on “more than 500,000 attacks on Industrial Control systems over the last 24 months,” referring to the computers that help to run power grids, hydroelectric facilities, and other so-called critical infrastructure in the U.S.
Norse’s claim of half a million “attacks” is an astonishingly large number. But nowhere in the document does Norse offer specific data to back up the claim, noting that more details are forthcoming in a report that the company will publish “later this year.” The bulletin also alleges that Iran is targeting computer systems and Web sites inside the United States, without offering many technical particulars.
Cyber attack attribution remains one of the most difficult aspects of cyber security. However, to make a claim like what Norse has made, it needs to backup its assertions with data; transparency is key to believability.