U.S. Needs To Upgrade Critical Infrastructure To Counter Iranian Hackers

U.S. officials suspect Iranian hackers are behind the breach of gas station pump displays in several states. The hacks are part of a long-term Iranian campaign targeting U.S. critical infrastructure, including water and transportation systems. 

Iran’s cyber activity against U.S. targets has only increased since Washington and Jerusalem went to war against the Tehran regime, targeting systems enabling essential services that are all too often unprotected.

Iran Targeting a Broad Swath of U.S. Critical Infrastructure

The hackers breached tank gauge systems at gas stations in multiple U.S. states. The systems, used to monitor fuel levels, were exposed online with either default passwords or no password protection at all. While the attackers did not affect the actual fuel levels, they interfered with display information, potentially blinding the station owners and operators to gas leaks or empty tanks. 

The hacks are yet another example of attempts by Iran-aligned hacking groups to compromise U.S. critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) has warned that Iran-linked hackers are actively exploiting vulnerabilities in industrial control systems across critical infrastructure in the United States. The hackers were able to cause disruptions and information manipulation through malicious activity with system files, resulting in operational delays and financial losses. 

Iran Often Overstates Its Cyber Strength

Iran often oversells the impact of its attacks. In April, for example, the suspected Iranian hacking group known as Ababil of Minab claimed responsibility for an attack on the Los Angeles transit authority. The group claimed to be holding internal systems at risk. While the transit authority confirmed that hackers gained partial access to its systems, the hack did not disrupt bus or light rail service.

The latest attack resembles previous efforts by hacking group APTIRAN to compromise gas stations in Pennsylvania. APTIRAN, likely affiliated with the Tehran regime’s Islamic Revolutionary Guard Corps (IRGC), claimed to have compromised the same tank gauge systems, posting screenshots alleging its successful data collection. Ultimately, neither the companies nor law enforcement publicly confirmed that anything had occurred. 

Iranian threat actors, unable to pull off sophisticated operations like their Chinese or Russian counterparts, often fuse their cyber operations with influence operations for maximum societal impact. This approach is persistent across Iran’s military and intelligence agencies, such as the IRGC and the Ministry of Intelligence and Security, both of which run operations via hacktivist front groups. While Iran likely aims to stoke fear, Iranian threat actors can get lucky and hit large or high-profile targets, as demonstrated by their targeting of FBI Director Kash Patel and the attack against medical technology firm Stryker.

Washington Can Help Better Secure Critical Systems

The systems that Iran is exploiting either have default passwords or none at all. Critical infrastructure owners and operators must install their products with better cybersecurity in mind. The U.S. government should work with critical infrastructure vendors through its Secure by Design initiative to ensure that technology is manufactured with security in mind, such as requiring the user to change the factory password before proceeding with installation. Amid Iran’s increasing cyber aggression against the United States, essential service providers must make themselves much harder targets. 

Johanna “Jo” Yang is a policy analyst at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD), where she works on issues related to nation-state cyber threats, critical infrastructure protection, and U.S. cybersecurity policy. Ari Ben Am is an adjunct fellow at CCTI, where he focuses on emerging threats, influence and information operations, cyber operations, and hybrid warfare. For more analysis from the authors and CCTI, please subscribe HERE. Follow Jo on X @JohannaYang_. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.