- The Department of Homeland Security (DHS) is advising companies of "potential retaliatory aggression against the U.S." amid increased geopolitical tensions with Iran, according to guidance from the Cybersecurity and Infrastructure Security Agency (CISA). The warnings come after the U.S. killed a top Iranian General in an airstrike.
- CISA is encouraging companies to "assess and strengthen" basic cyber and physical defenses by reviewing security emergency plans, collecting "relevant threat intelligence," and closing gaps in "personnel availability," according to the advisory.
- The DHS is also warning U.S. organizations of the potential for physical attacks, such as "improvised explosive devices" and "unmanned aircraft system attacks," according to the advisory. CISA wants organizations to ensure the stability of an offline backup and business continuity. Incident report processes should be well outlined and personnel should be able to "identify anomalous behavior."
U.S. agencies are urging proactive measures without knowing when or if an attack will occur.
If companies have sufficient security protocols, "admins aren't in a state of emergency right now," said Rosa Smothers, senior VP of Cyber Operations at KnowBe4 and former CIA technical intelligence officer, in an emailed statement to CIO Dive.
However, Iranian threat actors could already be "lying dormant" in U.S. computer networks. Cybersecurity experts believe a domestic cyberattack is the most likely retaliation from Iran, reports CIO Dive's sister publication Utility Dive.
CISA expects Iranian "proxies and sympathizers" to carry out:
Disruptive and destructive cyber operations, including finance, energy and telecommunications organizations.
Espionage and intellectual property theft obtained using cyber measures to understand "strategic direction and policy making," according to the advisory.
"Critical infrastructure must remain vigilant and utilize security solutions such as air gaping," said Smothers.
Iran has increased its cyber capabilities over the years, in an effort to centralize attacks while targeting sectors. However, Iran is likely to execute a cautionary response because its cyber abilities have yet met those of the U.S. or Russia, according to Utility Dive.
"We know [advanced persistent threat groups] 33 and 34 are associated with Iranian state sponsored hackers," said Smothers. APT33 and APT34 are known Iranian hacking groups with a penchant for wiper-style cyberattacks.
"Every company in the [supervisory control and data acquisition] and [integrated system control] space should already be proactive in safeguarding against these," she said.
Iranian cyberattacks have occurred globally. In 2012, Iran launched a major cyberattack on oil and gas company Saudi Aramaco. The attacks moved stateside, when in 2014 a Las Vegas Sands casino was hit by an Iranian cyberattack. A dam in New York was targeted in 2016.