Continued from page 1

The congressional testimony will be presented as the world waits for the next round of talks about Iran’s nuclear program – which Tehran insists is for peaceful purposes – next month in Iraq.

The United States and other members of the U.N. Security Council are pushing Iran to end its program of uranium enrichment. In exchange, trusted third-party countries would provide fuel for its civilian nuclear program. Enriched uranium can be used as fuel, but it can also be further enriched quickly and used in a nuclear weapon.

“Tensions between the West and Iran are increasing over Iran’s illicit nuclear program, making the potential for an Iranian cyberattack against the homeland a real possibility,” said Rep. Patrick Meehan, Pennsylvania Republican and chairman of the counterterrorism and intelligence subcommittee, the other panel at Thursday’s hearing.

As negotiators prepare for the next round of talks, the tightening screw of international sanctions and the looming threat of an Israeli military strike against Iran’s nuclear sites have provoked threats from leading figures in the Revolutionary Guards.

Mr. Cilluffo notes that “Iran is not monolithic: command and control there is murky, even within the [Revolutionary Guards], let alone what is outsourced.”

He notes that the Lebanese-based militant Hezbollah movement — which Iran has frequently used as a terrorist proxy — has begun recruiting its own cybermilitia of skilled hackers.

Iran has a long history of demonstrated readiness to employ proxies for terrorist purposes,” Mr. Cilluffo’s testimony states.

“There is little, if any, reason to think that Iran would hesitate to engage proxies to conduct cyberstrikes against perceived adversaries.”

Those proxies could make it hard to prove that Iran was behind the attacks.

Mr. Berman’s testimony notes that an extremist newspaper affiliated with the Revolutionary Guards last year warned the United States to “worry about ‘an unknown player somewhere in the world’ attacking a section of [U.S.] critical infrastructure.”

In 2009 and 2010, a hacker group calling itself the Iranian Cyber Army attacked Twitter and the Chinese search engine Baidu, as well as Iranian websites belonging to the opposition Green Movement.

“In the event of a conflict in the Persian Gulf,” attacks like that on Twitter “could provide Iran an avenue for psychological operations directed against the U.S. public,” states Mr. Cilluffo.

Such operations would aim at sowing fear and confusion by attacking systems Americans use in their daily lives.

In a Persian Gulf military standoff, Iran also might combine computer-network attacks against U.S. military information and communications systems with more conventional jamming techniques “to degrade U.S. and allied radar systems, complicating both offensive and defensive operations,” Mr. Cilluffo adds.

Some parts of the federal government, such as U.S. Strategic Command and the State Department’s Nonproliferation Bureau, have begun to pay attention to the Iranian threat of a cyberattack, but no one in the administration is “tasked with comprehensively addressing the Iranian cyberwarfare threat,” Mr. Berman warns.

Story Continues →