Skip to main content
close search
site logo
Dive Brief

DHS warns of retaliation from Iran, potential cyberattacks

Published Jan. 7, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty Images

Dive Brief:

  • The Department of Homeland Security (DHS) is advising companies of "potential retaliatory aggression against the U.S." amid increased geopolitical tensions with Iran, according to guidance from the Cybersecurity and Infrastructure Security Agency (CISA). The warnings come after the U.S. killed a top Iranian General in an airstrike. 
  • CISA is encouraging companies to "assess and strengthen" basic cyber and physical defenses by reviewing security emergency plans, collecting "relevant threat intelligence," and closing gaps in "personnel availability," according to the advisory.​
  • The DHS is also warning U.S. organizations of the potential for physical attacks, such as "improvised explosive devices" and "unmanned aircraft system attacks," according to the advisory. CISA wants organizations to ensure the stability of an offline backup and business continuity. Incident report processes should be well outlined and personnel should be able to "identify anomalous behavior."

Dive Insight:

U.S. agencies are urging proactive measures without knowing when or if an attack will occur.

If companies have sufficient security protocols, "admins aren't in a state of emergency right now," said Rosa Smothers, senior VP of Cyber Operations at KnowBe4 and former CIA technical intelligence officer, in an emailed statement to CIO Dive. ​

However, Iranian threat actors could already be "lying dormant" in U.S. computer networks. Cybersecurity experts believe a domestic cyberattack is the most likely retaliation from Iran, reports CIO Dive's sister publication Utility Dive.​ 

CISA expects Iranian "proxies and sympathizers" to carry out: 

  • Disruptive and destructive cyber operations, including finance, energy and telecommunications organizations.

  • Espionage and intellectual property theft obtained using cyber measures to understand "strategic direction and policy making," according to the advisory. 

  • Disinformation campaigns

"Critical infrastructure must remain vigilant and utilize security solutions such as air gaping," said Smothers. 

Iran has increased its cyber capabilities over the years, in an effort to centralize attacks while targeting sectors. However, Iran is likely to execute a cautionary response because its cyber abilities have yet met those of the U.S. or Russia, according to Utility Dive.

"We know [advanced persistent threat groups] 33 and 34 are associated with Iranian state sponsored hackers," said Smothers. APT33 and APT34 are known Iranian hacking groups with a penchant for wiper-style cyberattacks. 

"Every company in the [supervisory control and data acquisition​]​ and [integrated system control​] space should already be proactive in safeguarding against these," she said.  

Iranian cyberattacks have occurred globally. In 2012, Iran launched a major cyberattack on oil and gas company Saudi Aramaco. The attacks moved stateside, when in 2014 a Las Vegas Sands casino was hit by an Iranian cyberattack. A dam in New York was targeted in 2016. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell