Signals & Space Monthly Briefing - July 2019

Prepared by the CyberWire (Monday, July 1, 2019)

US-Iranian conflict in the Gulf
Attacks on shipping in the Arabian Gulf during May has been blamed on Iran. Four tankers registered to the United Arab Emirates, Saudi Arabia, and Norway were damaged. When the United Arab Emirates took the matter to the United Nations Security Council during the first week in June, the Emiratis described the weapons used as limpet mines delivered by small boats. They blamed a nation-state without naming Iran (BBC).

The US was not shy about calling out Tehran, with mixed but generally positive support from allies (Foreign Policy, Times). Iran responded to US diplomatic pressure by shooting down a US Navy RQ-4A Global Hawk drone on June 19th. Tehran says the RQ-4A was flying over southern Iran, but the US insists, with evidence, that the drone was in international airspace over the Straits of Hormuz.

The Global Hawk is a big, capable, expensive platform, coming in at $131.4 million a copy, exclusive of research and development costs. Iran says it took down the RQ-4A with its Khordad missile defense system. Iranian spokesmen added that the Khordad can detect targets at ranges of one-hundred-fifty kilometers, track them at one-hundred-twenty kilometers, and engage them at eighty-five kilometers. The interceptor the system uses is a Sayyad 3 missile, developed from US SM-1 (RIM-66) Standard Missiles with which Iran was armed during the days of the Shah.

The US response was in cyberspace. US Cyber Command is said to have conducted offensive operations against Iranian targets in reprisal for both Tehran's attacks on commercial shipping and for the RQ-4A shootdown. Yahoo broke the story, saying the attacks were directed against an Iranian intelligence unit responsible for supporting operations against shipping by tracking tanker traffic.

The Washington Post added details, reporting that US Cyber Command had disabled Iranian missile command and control systems in the region, which would be a direct riposte to the Global Hawk shootdown. US Central Command and the US Navy have referred inquiries to Cyber Command, which declines to comment for reasons of operational security. Fox News says Iran has promised a "firm" response to any American "aggression."

The US Cybersecurity and Infrastructure Security Agency (CISA) warned that Iran has increased the tempo of its cyberattacks against US targets, and that destructive wiper attacks could be expected. These typically gain access to target networks through familiar criminal methods, particularly phishing, password spraying, and credential stuffing, but their goal is destruction of data, not data theft. CISA's advice for defense is here; companies are advised to look to their security.

The US imposed fresh sanctions on Iranian leaders (Wall Street Journal), but beyond that the situation remains where it was: Iranian kinetic action was met with a US cyber response. President Trump warned American patience and restraint shouldn't be overestimated, and Iran's leaders say they could knock down another American drone whenever they decided to do so, and that "the enemy knows it" (Washington Post).

Sponsored by Cosmic AES