Senators set for briefing on cyber threats from Iran

Senators set for briefing on cyber threats from Iran
© Greg Nash

Senators on the Homeland Security and Governmental Affairs Committee were set to receive a classified briefing Tuesday on threats from Iran, including the possibility of a retaliatory cyberattack in response to the killing of Iranian Gen. Qassem Soleimani.

Committee members were to be briefed by officials from the Department of Homeland Security (DHS).

“I will confirm we are holding it,” Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonGOP seeks up to 0 billion to maximize financial help to airlines, other impacted industries Dr. Rand Paul's prescription for combating the coronavirus crisis Senate passes House's coronavirus aid bill, sending it to Trump MORE (R-Wis.) told The Hill. He said it would “run the full spectrum of what they are preparing themselves for,” including potential cyberattacks.

ADVERTISEMENT

Sen. Gary PetersGary Charles PetersPoll: Biden has small lead over Trump in Michigan Some Democrats growing antsy as Senate talks drag on Hillicon Valley: Twitter targets coronavirus misinformation | Facebook bans sanitizer, virus test ads to prevent price gouging | DHS defines critical jobs during outbreak | Remote working apps surge MORE (D-Mich.), the top Democrat on the committee, also confirmed the briefing was taking place, and added that cyberattacks on the U.S. are “certainly a very probable option [Iran] will exercise.”

“It’s about making sure we are working with private industry throughout the country as well, particularly critical infrastructure, to make sure they are engaged,” Peters said. 

Both DHS and the Cybersecurity and Infrastructure Security Agency (CISA) have issued bulletins this week warning of the heightened potential for Iran to attack the U.S. through both cyber and physical means. They have emphasized that they have “no information indicating a specific, credible threat to the Homeland.”

“Iran and its proxies and sympathizers have a history of leveraging cyber and physical tactics to pursue national interests, both regionally and here in the United States,” CISA wrote in a memo on Monday night. 

“CISA strongly urges you to assess and strengthen your basic cyber and physical defenses to protect against this potential threat,” the agency wrote.

ADVERTISEMENT

A wider briefing is due to take place on Wednesday, when the full Senate will be briefed in a classified setting by government officials on Iranian threats.

Iran has long been counted by members of Congress and the U.S. government as one of the main nation states posing a cyber threat to the U.S., alongside Russia, China and North Korea.

The 2019 Worldwide Threat Assessment, compiled by former Director of National Intelligence Daniel Coats and presented to the Senate Intelligence Committee last year, found that Iran had attempted to deploy cyberattack capabilities that would allow it to attack “critical infrastructure in the United States and allied countries.”

The assessment noted that Iran has the capability to launch cyberattacks that cause “localized, temporary disruptive effects—such as disrupting a large company’s corporate networks for days to weeks.”

Sen. Ron WydenRonald (Ron) Lee WydenHillicon Valley: Apple rolls out coronavirus screening app, website | Pompeo urged to crack down on coronavirus misinformation from China | Senators push FTC on price gouging | Instacart workers threaten strike Senate Democrats vow to keep pushing for more funds for mail-in voting Hillicon Valley: Coronavirus deal includes funds for mail-in voting | Twitter pulled into fight over virus disinformation | State AGs target price gouging | Apple to donate 10M masks MORE (D-Ore.), a member of the Senate Intelligence Committee, told reporters on Tuesday that Iran’s unpredictability made it a threat.

“I’m not going to get into specifics because I am on the Intelligence Committee, but what I will tell you is the history of Iran is they are unpredictable, they use militias, they use proxies, they are unpredictable,” Wyden said.

Earlier this week, the first signs of potential Iranian cyberattack appeared when the homepage of the Federal Depository Library Program was briefly defaced with a picture of President TrumpDonald John TrumpTrump orders US troops back to active duty for coronavirus response Trump asserts power to decide info inspector general for stimulus gives Congress Fighting a virus with the wrong tools MORE being punched in the face by a person wearing an Islamic Revolutionary Guard Corps symbol. Text under the picture read “Hacked by Iran Cyber Security Group Hackers. This is only a small part of Iran's cyber ability! We're always ready.”

During an appearance at the Council on Foreign Relations on Tuesday, Sen. Angus KingAngus KingSenators offer bill to extend tax filing deadline Russia using coronavirus fears to spread misinformation in Western countries Hillicon Valley: House passes key surveillance bill | Paul, Lee urge Trump to kill FISA deal | White House seeks help from tech in coronavirus fight | Dem urges Pence to counter virus misinformation MORE (I-Maine), the co-chairman of the Cyberspace Solarium Commission, called for the government to bring in cyber experts to try to hack U.S. systems to find vulnerabilities.

“I want the most bloodthirsty, vicious, brilliant hackers in the world working for us, trying to hack our own network so they can tell our network people, whether they are at the Department of Defense, the CIA, the White House, or Congress where the problems are,” King said. “I think that’s a principle that we ought to be pushing both within the federal government and in the private sector.”

Top officials and experts have warned in recent days that Iran may seek to target the U.S. through attacking critical infrastructure, such as the oil and gas and electricity sectors, along with industrial control systems.

Cybersecurity group Crowdstrike said in a statement on Monday that it has been monitoring potential Iranian cyberattacks, and “believes that Iranian adversaries are likely to leverage a broad range of means, including cyber operations, against U.S. and allied interests.” 

The company added that “our current assessment is that organizations in the financial, defense, government, and oil and gas sectors are the most likely targets for retaliation activity.”

Steve Grobman, the senior vice president and CTO of cybersecurity company McAfee, warned Monday that “organizations in the United States and allied countries need to be prepared for potential cyber-attacks given the current tensions with Iran.”

“Attackers can launch cyber warfare campaigns to inflict significant damage or disruption and do so without geographic proximity to their target,” Grobman warned in a statement. “The United States is a target-rich environment for potential cyber-attacks, both in critical infrastructure and across a wide range of business interests.”