By Joseph Gedeon

— With help from Maggie Miller 

— If Iran enters the Israel-Hamas conflict, experts say that could mean escalating (but limited) covert cyberattacks.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! The New York (but really, New Jersey) Jets were 0-12 in their history against the Philadelphia Eagles, but knocked off the undefeated team without their franchise quarterback and starting cornerback. I’m sorry for your parlay.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email me at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in.

JOIN 10/25 FOR A TALK ON THE FUTURE OF GRID RELIABILITY: The EPA’s proposed standards for coal and new natural gas fired power plants have implications for the future of the electric grid. These rules may lead to changes in the power generation mix—shifting to more renewable sources in favor of fossil-fuel plants. Join POLITICO on Oct. 25 for a deep-dive conversation on what it will take to ensure a reliable electric grid for the future. REGISTER NOW.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

IRAN WATCH — Tehran has made clear that if Israel doesn’t back off from Gaza, it will enter the fray, more than a week into the unsettling humanitarian crisis and rocket barrage on the Gaza Strip following Hamas’ brutal attack on Israel.

Here’s what that could mean for the cyber frontier of the conflict.

— Cyberattacks over missiles: Despite Tehran's posturing, experts like the Middle East Institute's Iran program director Alex Vatanka say the regime is not at all interested or ready to go to war with Israel. But one way in could be spraying Israel with offensive cyber ops, which would give Iran room to maneuver and deny involvement to avoid regional escalation.

“I don't think they would throw everything they have in terms of cyber capabilities,” Vatanka tells MC. “While they may have the capacity to bring damage, that would bring escalation … and Iran is not looking to go to war with Israel.”

Those cyberattacks could already be underway, with security experts linking at least one anti-Israeli disinformation operation to Iran.

— Iran’s capabilities may be confined: Tehran has grown adept at exploiting vulnerabilities, using proxies to carry out ransom operations and compromising networks through crypto miners and credential harvesters. But Iran’s intimidating cyber prowess is built more for regime control — to punish external and internal dissent — rather than attacking foreign critical infrastructure.

“It’ll be limited,” said Mark Montgomery, senior director at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation of potential cyberattacks by Iran. “They will try to do it under a false flag, where it looks like it’s being done by a non-state actor, so they can have some plausible deniability.”

While there are instances of Iran targeting critical infrastructure in the past, it is not likely ready to risk getting dragged into a war just yet — not until more geopolitical concerns are at stake, Montgomery and Vatanka both said.

— Long history of tit for tat: That’s not to say that Iran and Israel aren’t already partaking in ongoing cyber war games. Both have taken turns swinging cyber swords at each other for more than a decade, including Israeli intel sources taking credit for a blackout-then-explosion at Iran’s Natanz uranium enrichment site in 2021 and an Iranian move attempting to deploy malware that would erase data in the same year.

The attacks go all the way back to 2010, after a joint project by Israel and the United States is said to have created the Stuxnet computer worm — targeting thousands of Iranian computers involved in Tehran’s nuclear program.

— Where Israel could use some help: Despite both Iran and Israel being known for exceptional cyber capabilities, Israel’s offensive and defensive strengths give it the clear upper hand. But that doesn’t mean there aren’t risks.

“What I think they may need help with is analysis,” Montgomery said. “They have lots of different kinds of threat signals coming in, so that’s a place where [the U.S.] can provide some capacity.”

STYLE CHANGE — Despite claims from hacktivist groups, a new report says a surge of cyber activity did not set the stage for conflict between Israel and Hamas — bucking the trend regularly seen in contemporary wars over the years. And while attacks have been relatively unsuccessful, researchers warn that attacks targeting Israeli industrial control systems have the potential for serious consequences.

That’s according to new research from SecurityScorecard’s threat research, intelligence, knowledge and engagement team, which adds that DDoS attacks and website defacements have dominated the landscape and are typically orchestrated by diverse groups sympathizing with either side.

ICS devices, which control critical infrastructure such as power grid substantive and manufacturing lines, are becoming increasingly complex and interconnected — making them more vulnerable to attack.

— Ukraine-Russia: Severe disruptions took shape at the start of the war between Ukraine and Russia, with hackers targeting the KA-SAT satellite network hours before Russian tanks crossed the border, causing major comms disruptions. Hacktivist groups have since continued to attack and disrupt services.

— Putting the pieces together: The low internet-connectivity is a tell-tale sign that the attacks are coming from outside the region and giving clues on where Hamas is finding support — including Iran. But some former officials say the Iranian regime is likely to have steered clear so far.

That’s along the lines of how former U.S. national cyber director Chris Inglis sees it, telling Maggie that he believes Iran has “worked hard not to have their fingerprints on this,” adding that “I don’t think there will be any main effort of trying to actually apply their resources as a co-combatant alongside that.”

THE AI IS NYE — The Biden administration is working on releasing a massive, agency-oriented executive order on AI in a matter of weeks, and it’ll be “aligned with the G7 pact,” America’s top cyber diplomat Nate Fick tells POLITICO Tech’s Steven Overly.

“The executive order is certainly the longest, densest, most content rich executive order that I’ve been involved in, in my time in government,” Fick said. “And it gets quite practical, with very concrete, specific tasks to individual agencies and elements of the U.S. government, with timelines attached for things that they must do.”

— What to expect: The detail-rich pact made by leaders of the G7 in Kyoto last week is based on three principles: safety, security and trust. Fick said the executive order will provide more precise language on how to implement these principles in the context of AI development and deployment, and is also expected to hold the U.S. as the “moral authority” on AI governance.

An outline of the 11 goals was presented at the U.N. Internet Governance Forum. They include pushing AI companies to take measures to limit misuse, identifying vulnerabilities (including through external tests known as red-teaming) and investing in cybersecurity.

— Setting the stage: Fick indicated the executive order was just the start of what could come out of Washington, which has so far piqued serious interest among lawmakers and officials.

“There will be more executive action, there may be more legislative action, there’ll certainly be much more multilateral action across all different fora, from the G7 to the G20 and the OECD,” Fick said.

Listen to the full conversation on today’s POLITICO Tech Podcast.

Rob Joyce has been coming up with hit post after hit post. Why are we only limited to cybersecurity awareness month for his meme-ability?

ISRAEL-HAMAS HACKS — Hackers sympathetic to Hamas are working to make the Israel-Gaza conflict the next front of cyberwarfare, reports POLITICO’s Antoaneta Roussi and Maggie.

WAS IT RANSOMWARE? — Kwik Trip, a convenience store with more than 800 stores across the U.S., experienced a “network incident” that caused outages to its app, rewards system and phone service. The company is unclear if it’s a ransomware attack, writes Jonathan Greig for The Record.

ICYMI — A data breach at French cloud gaming provider Shadow may be worse than the company initially suggested, with a hacker claiming to have accessed the data of more than 530,000 customers through social engineering. Carly Page reports for TechCrunch.

Chat soon. 

Stay in touch with the whole team: Joseph Gedeon ([email protected]); John Sakellariadis ([email protected]; Maggie Miller ([email protected]); and Heidi Vogt ([email protected]).

JOIN 10/24 FOR AN UPDATE ON CHIPS: America is rapidly restructuring its semiconductor supply chain and manufacturing base, thanks in part to billion-dollar initiatives like the CHIPS and Science Act. But who is winning the reward? Join POLITICO Oct. 24 to get an update on CHIPS what other challenges have emerged now that the new era is underway? REGISTER NOW.

Follow us on Twitter

Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to [email protected] by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.