CyberwarsU.S. Monitoring Cyberspace for Signs of Iranian Aggression

By Jeff Seldin

Published 10 January 2020

U.S. government officials are watching and waiting, with many believing it is only a matter of time before Iran lashes out in cyberspace for the U.S. drone strike that killed Quds Force commander Qassem Soleimani last week. According to the latest advisory from the Department of Homeland Security, there are still “no specific, credible threats” to the United States. But officials say Iran’s public assurances that it is done retaliating mean little.

U.S. government officials are watching and waiting, with many believing it is only a matter of time before Iran lashes out in cyberspace for the U.S. drone strike that killed Quds Force commander Qassem Soleimani last week.

According to the latest advisory from the Department of Homeland Security, there are still “no specific, credible threats” to the United States. But officials say Iran’s public assurances that it is done retaliating mean little.

“Iran has been one of the most malicious actors out there,” a senior State Department official said Thursday. “We’re very concerned about Iran’s capabilities and activities.”

U.S. government officials have been hesitant to comment in any detail on what Iranian cyber actors have been up to in recent days, though they note Iran’s capabilities are on par with Russia, China and North Korea when it comes to using cyber to target industrial control systems or physical infrastructure.

DHS [Department of Homeland Security] is operating under an enhanced posture to improve coordination and situational awareness should any specific threats emerge,” a department spokesperson told VOA.

The spokesperson added DHS is coordinating with U.S. intelligence agencies, key private sector companies and organizations, and is ready to “implement enhanced security measures, as needed.”

Bracing for a “Significant” Attack
Intelligence officials say much of Iran’s cyber activity is driven by the Islamic Revolutionary Guard Corps (IRGC), sometimes using front companies or sometimes carrying out cyberattacks themselves.

Past Iranian cyberattacks have ranged from distributed denial of service attacks (DDoS), which block access to websites by overwhelming the server hosting the site with internet traffic, to efforts to deface websites or attempts to steal personal data.

An alert this week from the Cybersecurity and Infrastructure Security Agency (CISA) also warned Iran has “demonstrated a willingness to push the boundaries of their activities, which include destructive wiper malware and, potentially, cyber-enabled kinetic attacks.”

Some former officials fear whatever is coming, whenever it comes, will be significant.

“It’ll be a notch up,” said James Miller, a former U.S. Defense Department adviser, now with the Johns Hopkins University Applied Physics Laboratory. “We should expect pretty significant actions.”

While any major attacks, if any, have yet to be detected, private sector experts and former government officials worry about what they have been seeing from Iran.

“They are very aggressive,” said John Hultquist, director of Intelligence Analysis at the cyber security firm FireEye, speaking at a cyber symposium this week.