Cybersecurity

DHS issues bulletin warning of potential Iranian cyberattack

The Department of Homeland Security (DHS) released a bulletin this week through its National Terrorism Advisory System warning of Iran’s ability to carry out cyberattacks with “disruptive effects” against critical U.S. infrastructure.

In the bulletin, sent in the wake of the U.S. airstrike that killed Iranian Quds Force commander Gen. Qassem Soleimani, DHS noted that while there is currently “no information indicating a specific, credible threat to the Homeland,” Iran does have the ability to attack the U.S. in cyberspace. 

“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.- based targets,” DHS wrote in the bulletin.

The agency noted that “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

Acting DHS Secretary Chad Wolf tweeted Saturday that the bulletin was intended to “inform & reassure the American public, state/local governments & private partners that DHS is actively monitoring & preparing for any specific, credible threat, should one arise.”

The bulletin, which also warned of the potential for Iran to attempt to carry out terrorist attacks on the U.S., recommended that Americans implement basic measures to defend against cyberattacks, such as backing up data and using two-factor authentication on sensitive accounts. 

DHS wrote that while an “attack in the homeland may come with little or no warning,” DHS is working with state and local officials to “detect and defend” against any threats to the U.S. 

The Intelligence Community has made note of Iran’s increasing abilities to carry out cyberattacks against the U.S. for most of the past decade, with Iran considered one of the top nation-state threats to the U.S. in cyberspace alongside Russia, China and North Korea. 

In the most recent Worldwide Threat Assessment, published in early 2019, former Director of National Intelligence Dan Coats wrote that “Iran has been preparing for cyber attacks against the United States and our allies,” noting that the country “is capable of causing localized, temporary disruptive effects—such as disrupting a large company’s corporate networks for days to weeks.”

Cybersecurity group CrowdStrike, which sounded the alarm on increasing Iranian cyberattacks on the U.S. earlier this year, put out a statement on Monday warning that American industries such as oil and gas and electricity could be likely targets of a retaliatory Iranian cyberattack.

“CrowdStrike Intelligence believes that Iranian adversaries are likely to leverage a broad range of means, including cyber operations, against U.S. and allied interests,” the company said. “Our current assessment is that organizations in the financial, defense, government, and oil and gas sectors are the most likely targets for retaliation activity.”

CrowdStrike also noted that it was “monitoring for Distributed Denial of Service (DDoS) activity, as Iran has employed DDoS attacks in the past, as well as other tactics, such as ransomware activity.”

DDoS attacks involve taking down a system by flooding it with internet traffic requests, while ransomware attacks involve an individual locking a system and demanding money to give the user access again. 

The DHS bulletin was issued on the heels of multiple U.S. officials, including Secretary of State Mike Pompeo and several members of Congress, warning that Iran may deploy cyberattacks against the U.S. as retaliation for the killing of Soleimani in Baghdad last week. 

Pompeo said during an appearance on Fox News on Friday that “the Iranians have a deep and complex cyber capability, to be sure. Know that we have certainly considered that risk.”