Security Council Warned Iran Nuclear Stalemate Is Creating Oversight Vacuum
Michigan might be more than 6,000 miles away from the war in Iran, but, virtually speaking, it’s well within striking distance. An Iran-linked group calling itself Handala claimed responsibility for a March 11 cyberattack on Portage, Mich.-based medical device maker Stryker Corp. Handala said the attack was in retaliation for events related to the conflict in Iran. The cyberattack affected Stryker’s internal Microsoft software system, disrupting the company’s order processing, manufacturing and shipping. As a scholar who researches cyber conflict, I’ve found, in periods of geopolitical tension such as the current U.S./Israel-Iran war, cyber operations often sit right next to missiles and airstrikes as a tool that states and state-linked groups use to inflict damage, probe weaknesses and signal resolve to their enemies. The Stryker case is notable because it shows how quickly a regional conflict can translate into disruption for organizations far from the battlefield. It also illustrates the vulnerabilities of U.S. organizations, including those involved in critical infrastructure. Modern critical infrastructure does not only involve the obvious big targets such as power plants or water utilities. It also relies on suppliers and service providers sitting one or two links upstream that keep everything from hospitals to transit systems running. When people imagine cyber warfare, many often picture dramatic outcomes. The lights go out. The water turns toxic. The trains stop. Those scenarios are real risks. But they are not the only objective, and often not the main one. The real strategic value is access. Cyber access is like a set of keys. If you can get into a network quietly, stay there and learn how it works, you create options for later. You can steal information, map dependencies and position yourself to cause disruption. You can keep the option to strike in your pocket so, in a crisis, you can cause or credibly threaten to cause harm. The U.S. has a growing defense ecosystem, but it is not a single shield you can switch on. The Cybersecurity and Infrastructure Security Agency encourages organizations to heighten their cybersecurity vigilance during periods of elevated geopolitical risk. The agency, along with the FBI, the National Security Agency and international partners, also publishes advisories with indicators and recommended mitigations when they see active campaigns. Because critical infrastructure is mostly privately owned, federal defense also depends on partnership. For instance, the Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative is designed to support coordinated public-private planning and information sharing around major cyber risks. Congress has also pushed the private sector toward reporting incidents more quickly. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 sets reporting timelines that include reporting cyber incidents within 72 hours and ransomware payments within 24 hours after payment. The Cybersecurity and Infrastructure Security Agency has been implementing these requirements through ongoing rulemaking. These are meaningful steps, but they do not erase the basic constraints: uneven resources, uneven incentives and the reality that many targets sit outside direct federal control.
Michigan might be more than 6,000 miles away from the war in Iran, but, virtually speaking, it’s well within striking distance. An Iran-linked group calling itself Handala claimed responsibility for a March 11 cyberattack on Portage, Mich.-based medical device maker Stryker Corp.…
See this event through different lenses
Compare how Western, Iranian, Israeli, Global South, and Pro-Peace perspectives frame this event.
Compare PerspectivesLoading notes...
Security Council Warned Iran Nuclear Stalemate Is Creating Oversight Vacuum
Security Council Press Statement on Death of Serbian Peacekeeper from United Nations Interim Force in Lebanon
Secretary-General Welcomes United States-Iran Peace Deal
Read the transcript of the US draft of the memorandum of understanding over Iran war