On Tuesday, a cyberattack successfully crippled gas stations across Iran. While no group immediately claimed responsibility for the attack, it rendered useless the government-issued electronic cards that many in the Islamic Republic use to buy subsidized fuel at the pump. The Associated Press reported that the attacks were similar to another attack earlier this year that hit the Middle Eastern nation, and directly challenged Iran’s Supreme Leader Ayatollah Ali Khamenei.
Iran’s economy is in shambles as the country remains under U.S. sanctions.
Gas stations across the country faced short supplies and long lines, leaving the nation’s citizens desperate for fuel. State TV showed the desperate situation, as Iran’s National Security Council acknowledged the cyberattack.
Several experts weighed in with me via email to describe the situation.
“It’s unusual for an oil-exporting country to not be able to provide its citizens with gasoline, but that’s exactly what is happening in Iran today,” said Saryu Nayyar, CEO of cyber security company Gurucul. “A cyberattack against gas station infrastructure has rendered gasoline ration cards inoperable, with the pumps displaying the odd message ‘cyberattack 64411. “It’s not yet clear who might be behind the attack.”
Critical Infrastructure and Supply Chain Dangers
Iran, which has been known to conduct state-sponsored cyber attacks now seems to be hit by one that highlights how such an attack can be devastating on a national level.
“It is always interesting to read when a country that is known as a nation-state threat actor is now the victim of cyberattacks. The irony,” noted Nasser Fattah, North America steering committee chair at cyber researchers Shared Assessments.
“From a supply chain perspective, it shows that attacking common consumer goods, like gas, can quickly have an immediate impact on the economy,” warned Fattah. “Think of delivery trucks, due to shortage of gas, now cannot deliver goods to the market. Such cyberattacks can also have a ripple effect in society that can lead to riots and mayhem.”
The choice of target was notable as well.
“What is clear is that there is a lot of critical infrastructure around the world that is just as vulnerable, if not more so, than enterprise networks,” added Nayyar. “Just as traditional organizations have taken steps to protect themselves against hackers, infrastructure providers such as pipeline operators and critical service providers have to take similar actions.”
The fact that this attack occurred in an oil-exporting nation is also notable as it further highlights how supply chains can be easily disrupted digitally.
“Our economies are becoming increasingly reliant on digital protocols. Supply Chain attacks such as this are some of the most impactful cyber threats,” explained Doug Britton, CEO of Haystack Solutions.
“Regardless of the hacker or the intention, one message is clear; we need to invest in the next generation of cyber professionals,” suggested Britton. “Even in a tight labor market, we have the technology to find talent regardless of background and current occupation. These folks with a ‘mind for cyber’ are critical to securing systems from bad actors and ensuring economic infrastructure remains operational.”
Who Targeted Iran?
So far no group or organization has claimed responsibility for the attacks—but there are numerous theories making the rounds online.
“It would be interesting to see who claims responsibility for this attack,” said Steve Daniels, security risk management consultant and vCISO (virtual chief information security officer) at Cyvatar.
“It appears to be politically motivated and for me highlights the need to effectively manage the security of critical national infrastructure,” Daniels added. “There have been a lot of press around climate change organizations in recent months blockading transport routes and targeting government infrastructure. These groups are intent on disrupting industries and targeting anyone that appears to be at odds with current climate change messaging and policy. It’s only a matter of time that they realize how effective a well-timed and targeted cyberattack can be.”
Peter Suciu is a Michigan-based writer who has contributed to more than four dozen magazines, newspapers and websites. He regularly writes about military small arms, and is the author of several books on military headgear including A Gallery of Military Headdress, which is available on Amazon.com.