Observations on the likely response from the US to any Iranian cyberattack from the NY Times…:
[…] Even Iran’s most successful cyberattack — the Shamoon attack on Saudi Aramco, the world’s largest oil company, which erased information from thousands of the company’s computers and cost millions — had limited impact on oil prices or global oil supply.
These attacks destroyed data. And sometimes the corruption of data or loss of control over it can cause physical repercussions — as when the Stuxnet computer worm, a program run by the United States and Israel, caused great damage to Iran’s nuclear centrifuges.
Yet because digital vulnerabilities are so diffuse and networks so complex, very few cyberattacks could ever cause immediate physical harm to a large portion of the American population. It is much more difficult for cyberattacks to destroy people.That matters. Recent research suggests that the effects of cyberattacks must be extensive in order to sway American public opinion: Americans are significantly less likely to support retaliation against cyberattacks than against airstrikes, even if both caused the same damage.
In a 2017 war game, conducted with leaders from 14 critical infrastructure sectors, the Naval War College found that only the most destructive cyberattacks led to requests for retaliation. These findings strongly suggest that Iranian cyberattacks must overcome a high bar to significantly affect American willingness to use force in the region.