CISA cautions on Iran threats

by Aleksandar Malivuk shutterstock ID 721814395 

Network and infrastructure operators need to be alert to growing cybersecurity risks in the wake of the targeted killing of Iranian military leader Gen. Qassim Soleimani in a drone strike last week. That's the message from the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security in a Jan. 6 publication aimed at both government and private sector officials.

U.S. officials and cybersecurity experts are concerned that Iranian reprisals for the killing of Soleimani could take the form of attacks on U.S. networks or critical infrastructure.

Hossein Salami, the head of the Revolutionary Guards forces in Iran, threatened a "tough, strong, decisive and finishing" revenge in a speech on Jan. 7. "We say again that we have strong determination and take revenge and if they continue, we will set fire at the place they like and they know where it is," Salami said in remarks translated by Iran's Fars News Service.

The CISA document points out that tensions between U.S. and Iran "have the potential for retaliatory aggression against the U.S. and its global interests." CISA warns that retaliation could take the form of disruptions to networks and cyberattacks that destroy critical infrastructure or interfere with the delivery of energy and communications as well as attacks on financial networks. Other possibilities include kinetic attacks such as bombs or drone attacks.

The document urges officials to "flag any known Iranian indicators of compromise and tactics, techniques, and procedures for immediate response." CISA is also urging network operators to test incident response and contingency plans to make sure employees are familiar with processes and to make sure cybersecurity precautions include basics on account monitoring, identity verification, scanning and patching.

The CISA warning follows a Jan. 4 bulletin from the National Terrorism Advisory System at DHS, which cautioned that "Iran maintains a robust cyber program and can execute cyberattacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States."

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected