U.S. officials hold their breath for Iranian cyberattacks
Critical infrastructure owners and operators are stepping up security, as the U.S. government keeps a close eye on evolving threats from Tehran in cyberspace.
The U.S. government is prepping for a potential onslaught of Iranian cyberattacks in retaliation for support for Israel in its conflict with Hamas.
It’s far from just Israel at risk of cyberattacks from the Hamas-aligned regime’s cyber operatives, U.S. officials say. They also see the U.S. and other nations that support the Israeli government as likely targets.
Such attacks could take the form of attempting to damage critical systems like water or electricity, would likely involve widespread disinformation efforts and could also involve proxies to keep Iran’s fingerprints off the incidents.
“The cyber targeting of American interests and critical infrastructure that we already see conducted by Iran and non-state actors alike we can expect to get worse if the conflict expands, as will the threat of kinetic attacks,” FBI Director Christopher Wray testified to the Senate Homeland Security and Governmental Affairs Committee on Tuesday.
Multiple U.S. federal agencies have stressed that they have yet to see any intelligence suggesting that Iran is planning an imminent attack on U.S. critical infrastructure. But they’re on heightened alert and hoping that new defenses they created after Russia invaded Ukraine — which brought worries about cyberattacks in the U.S. to the fore — will be able to adapt and grow to accommodate threats on multiple fronts.
Iran backs a network of sophisticated cyber operators, akin to those that work with Russia and China, who have the capacity to tunnel into government systems and or disable companies’ entire computer networks. Tehran has launched attacks in the U.S. in the past, but the risk is far higher and more serious in light of the conflict in Gaza.
Tehran has long funded Hamas and other Pro-Palestinian groups. And since the Oct. 7 attacks by Hamas on Israel, Iran-backed armed groups in the Middle East have launched drone attacks against U.S. forces in Iraq and Syria.
“I could envision the possibility — we have to be prepared for this — of an effort to attack our critical infrastructure or our electric grid, our, for example, air traffic system, water,” said Michael Chertoff, the former secretary of Homeland Security under the Bush administration.
A DHS official, speaking anonymously to reporters as a condition of a briefing last month, said that in the days following the Oct. 7 attack by Hamas militants on Israel, DHS held a call with the FBI and other agencies with “almost 4,000 law enforcement officials” throughout the country to discuss any potential physical or cyber threats stemming from the conflict.
The official declined to provide details on those dangers, but said the agency is “actively monitoring” the situation in Israel for threats to the U.S. homeland.
DHS’s Cybersecurity and Infrastructure Security Agency — which would take the lead in any response — said it has stepped up its efforts to monitor for a new wave of cyberattacks against U.S. critical infrastructure following the Oct. 7 strike. Eric Goldstein, executive director for Cybersecurity at CISA, said in a statement that the agency has been in “continuous coordination with our Israeli partners since the horrific terrorist attacks.”
A spokesperson for CISA said that the agency is updating a warning system created in the wake of Russia’s invasion of Ukraine to bolster defenses against Iranian cyberattacks. That program — called Shields Up — provides cybersecurity recommendations and guidance manuals to critical infrastructure operators about how to protect their networks against potentially destructive cyberattacks.
The CISA spokesperson said that the agency is working to update its Shields Up website to reflect new threats from Iran amid the conflict in Israel and Gaza, including “updating the guidance” on the website as needed. The individual was granted anonymity to provide details that had not been released to the public.
Senate Intelligence Chair Mark Warner (D-Va.) said he wants to see CISA doing more. Warner said he is “always concerned about Iran’s misintentions,” and said he is looking for “answers” on whether CISA is “reinvigorating” the Shields Up program to address the conflict. Rachel Cohen, a spokesperson for Warner, said that the senator was referring to a proposal put forward by CISA’s Cybersecurity Advisory Committee in September recommending that the agency create a 24/7 national cyber alert system.
CISA’s Goldstein stressed that Shields Up is a key part of the strategy: “We remain on heightened alert and will urgently share relevant information, to include by leveraging our nationwide Shields Up campaign as necessary.”
A spokesperson for the Office of the National Cyber Director declined to comment on what steps are being taken to defend against Iranian attacks, while a spokesperson for the White House National Security Council did not respond to repeated requests for comment.
The DHS official said it is also sharing threat information with a range of outside groups that could be targeted by Iranian cyberattacks, including religious organizations. Specifically, the official said DHS is providing information to the Faith-Based Information Sharing and Analysis Organization, which monitors threats to a range of U.S. religious groups.
The FB-ISAO raised its cyber threat level to “elevated” last week. The group wrote in a blog post that it had received reports of the websites of U.S. religious organizations being defaced in connection to the conflict and that hackers taking over online meetings or social media accounts was more likely.
Iran has demonstrated its hacking capabilities against U.S. organizations before. Iranian nationals were indicted last year for an attempted cyberattack on Boston Children’s Hospital, and Iran was also linked to efforts to interfere in the 2020 U.S. presidential election through stealing sensitive U.S. voting data and using it to spread disinformation.
Tehran has also been particularly quick to hit back against cyberattacks on Iranian organizations. That could mean that if Israel or its allies decide to strike on Iran’s networks as part of the offensive against Hamas, Iran could quickly move to counterstrike in a similar way.
In testimony to a House Homeland Security Committee hearing last week, Atlantic Council fellow and Middle East expert Thomas Warrick warned lawmakers to beware of Iran’s “peculiar sense of symmetry” in responding to cyberattacks by the United States.
He noted that when U.S. linked malware deleted data computers at Iranian oil and natural gas ministries in 2012, Iranian-linked groups responded with a massive cyberattack on Saudi Arabia’s Saudi Aramco oil company.
“Cyber-threats from Iran are certain and ongoing,” Warrick noted in his written testimony. “This is an area where Iran could pull off a strategic surprise.”
At that hearing, members on both sides of the aisle highlighted Iranian cyberthreats as a particular worry for the United States amid the Israel-Hamas conflict.
“The Iranian regime is becoming more determined and more adept at its malicious activities,” Committee Chair Mark Green (R-Tenn.) said during the hearing.
And officials and lawmakers alike warn that preparations need to be happening now.
“There may not be specific information or intelligence about an attack yet, but you don't necessarily wait until that happens,” Chertoff said.