When American experts talk about cyber threats from other countries, they often cite elite hackers in China and Russia.
On Thursday, some warned against overlooking another country: Iran.
Over the past three years, the Iranian regime has invested heavily in building up its cyber muscle and has expressed an increasing desire to use it, Ilan Berman, vice president of the American Foreign Policy Council, said in testimony before a House panel.
"It is not out of the question that the Iranian regime could attempt an unprovoked cyberattack on the United States," Berman said.
The Iranian government has reportedly invested $1 billion to develop and build out its own cyberwar capabilities. Iran's authorities "welcome the presence of those hackers who are willing to work for the goals of the Islamic Republic with good will and revolutionary activities," an official with Iran's Revolutionary Guard said in an interview with an Iranian website last March.
Iran has been on the receiving end of cyberattacks several times. Most recently, the country's authorities said this week that they were investigating a suspected cyberattack against several of the country's oil facilities. In 2010, a sophisticated computer worm called Stuxnet destroyed Iranian nuclear centrifuges, causing a setback to the country's nuclear program.
Experts have speculated that Stuxnet was designed by Israel and the United States, but no one has claimed credit for the attack.
That may not matter to the Iranian government, according to Frank J. Cilluffo, director of the Homeland Security Policy Institute at George Washington University.
"The possibility that Iran may feel aggrieved and seek to retaliate, even in the absence of proof of attribution, is not to be dismissed," Cilluffo told lawmakers at the hearing.
A spokesman for Iran's mission to the United Nations in New York did not return a call seeking comment.
The testimony at Thursday's hearing echoed previous warnings about Iran's growing cyber strength. Iran’s intelligence operations against the United States, including cyber capabilities, "have dramatically increased in recent years in depth and complexity," James Clapper, director of National Intelligence, told a Senate committee earlier this year.
Last summer, a hacker believed to be working with the Iranian government broke into a Dutch web security firm and created fake certificates that are used to authenticate a web browser's security. As a result of the hack, as many as 300,000 Iranians may have had their web communications monitored.
That event forced many security experts to take notice of Iran's hacking skills, said Stewart Baker, a former assistant secretary at the Department of Homeland Security.
"Their sophistication in that effort was surprising to a lot of people," Baker said in a phone interview. "If they have 50 people as talented as the guy who pulled that off, they are a cyber force to be reckoned with."
But James Lewis, a senior fellow with the Center for Strategic and International Studies, said Iran's cyber capabilities "appear to be primitive." He said that he is skeptical of the Iranian government's claims about its cyber prowess, and that the regime has a history of announcing military breakthroughs that turn out to be overblown.
Lewis, who did not testify Thursday, said Iran may have the desire to launch a cyberattack on American soil, but "they're not there yet."
SUBSCRIBE AND FOLLOW
Get top stories and blog posts emailed to me each day. Newsletters may offer personalized content or advertisements.Learn more