CISA cautions on Iran threats

Network and infrastructure operators need to be alert to growing cybersecurity risks in the wake of the targeted killing of Iranian military leader Gen. Qassim Soleimani in a drone strike last week. That's the message from the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security in a Jan. 6 publication aimed at both government and private sector officials.

U.S. officials and cybersecurity experts are concerned that Iranian reprisals for the killing of Soleimani could take the form of attacks on U.S. networks or critical infrastructure.

Hossein Salami, the head of the Revolutionary Guards forces in Iran, threatened a "tough, strong, decisive and finishing" revenge in a speech on Jan. 7. "We say again that we have strong determination and take revenge and if they continue, we will set fire at the place they like and they know where it is," Salami said in remarks translated by Iran's Fars News Service.

The CISA document points out that tensions between U.S. and Iran "have the potential for retaliatory aggression against the U.S. and its global interests." CISA warns that retaliation could take the form of disruptions to networks and cyberattacks that destroy critical infrastructure or interfere with the delivery of energy and communications as well as attacks on financial networks. Other possibilities include kinetic attacks such as bombs or drone attacks.

The document urges officials to "flag any known Iranian indicators of compromise and tactics, techniques, and procedures for immediate response." CISA is also urging network operators to test incident response and contingency plans to make sure employees are familiar with processes and to make sure cybersecurity precautions include basics on account monitoring, identity verification, scanning and patching.

The CISA warning follows a Jan. 4 bulletin from the National Terrorism Advisory System at DHS, which cautioned that "Iran maintains a robust cyber program and can execute cyberattacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States."