SPONSORED:

Senators set for briefing on cyber threats from Iran

Senators set for briefing on cyber threats from Iran
© Greg Nash

Senators on the Homeland Security and Governmental Affairs Committee were set to receive a classified briefing Tuesday on threats from Iran, including the possibility of a retaliatory cyberattack in response to the killing of Iranian Gen. Qassem Soleimani.

Committee members were to be briefed by officials from the Department of Homeland Security (DHS).

“I will confirm we are holding it,” Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonGOP senators call for commission to investigate Capitol attack Wisconsin Democrats make ad buy calling on Johnson to resign Efforts to secure elections likely to gain ground in Democrat-controlled Congress MORE (R-Wis.) told The Hill. He said it would “run the full spectrum of what they are preparing themselves for,” including potential cyberattacks.

ADVERTISEMENT

Sen. Gary PetersGary PetersTwo Senate committees vow probe of security failure during Capitol riots US government caught blindsided over sophisticated cyber hack, experts say Krebs emphasizes security of election as senators butt heads MORE (D-Mich.), the top Democrat on the committee, also confirmed the briefing was taking place, and added that cyberattacks on the U.S. are “certainly a very probable option [Iran] will exercise.”

“It’s about making sure we are working with private industry throughout the country as well, particularly critical infrastructure, to make sure they are engaged,” Peters said. 

Both DHS and the Cybersecurity and Infrastructure Security Agency (CISA) have issued bulletins this week warning of the heightened potential for Iran to attack the U.S. through both cyber and physical means. They have emphasized that they have “no information indicating a specific, credible threat to the Homeland.”

“Iran and its proxies and sympathizers have a history of leveraging cyber and physical tactics to pursue national interests, both regionally and here in the United States,” CISA wrote in a memo on Monday night. 

“CISA strongly urges you to assess and strengthen your basic cyber and physical defenses to protect against this potential threat,” the agency wrote.

ADVERTISEMENT

A wider briefing is due to take place on Wednesday, when the full Senate will be briefed in a classified setting by government officials on Iranian threats.

Iran has long been counted by members of Congress and the U.S. government as one of the main nation states posing a cyber threat to the U.S., alongside Russia, China and North Korea.

The 2019 Worldwide Threat Assessment, compiled by former Director of National Intelligence Daniel Coats and presented to the Senate Intelligence Committee last year, found that Iran had attempted to deploy cyberattack capabilities that would allow it to attack “critical infrastructure in the United States and allied countries.”

The assessment noted that Iran has the capability to launch cyberattacks that cause “localized, temporary disruptive effects—such as disrupting a large company’s corporate networks for days to weeks.”

Sen. Ron WydenRonald (Ron) Lee WydenSenate Democrats call on Biden to immediately invoke Defense Production Act Yellen champions big spending at confirmation hearing Biden pick for Intel chief vows to release report on Khashoggi killing MORE (D-Ore.), a member of the Senate Intelligence Committee, told reporters on Tuesday that Iran’s unpredictability made it a threat.

ADVERTISEMENT

“I’m not going to get into specifics because I am on the Intelligence Committee, but what I will tell you is the history of Iran is they are unpredictable, they use militias, they use proxies, they are unpredictable,” Wyden said.

Earlier this week, the first signs of potential Iranian cyberattack appeared when the homepage of the Federal Depository Library Program was briefly defaced with a picture of President TrumpDonald TrumpLil Wayne gets 11th hour Trump pardon Trump grants clemency to more than 100 people, including Bannon Trump expected to pardon Bannon: reports MORE being punched in the face by a person wearing an Islamic Revolutionary Guard Corps symbol. Text under the picture read “Hacked by Iran Cyber Security Group Hackers. This is only a small part of Iran's cyber ability! We're always ready.”

During an appearance at the Council on Foreign Relations on Tuesday, Sen. Angus KingAngus KingAngus King warns of 'grave danger' of Trump revealing classified information Senate Democrats leery of nixing filibuster 'Almost Heaven, West Virginia' — Joe Manchin and a 50-50 Senate MORE (I-Maine), the co-chairman of the Cyberspace Solarium Commission, called for the government to bring in cyber experts to try to hack U.S. systems to find vulnerabilities.

“I want the most bloodthirsty, vicious, brilliant hackers in the world working for us, trying to hack our own network so they can tell our network people, whether they are at the Department of Defense, the CIA, the White House, or Congress where the problems are,” King said. “I think that’s a principle that we ought to be pushing both within the federal government and in the private sector.”

Top officials and experts have warned in recent days that Iran may seek to target the U.S. through attacking critical infrastructure, such as the oil and gas and electricity sectors, along with industrial control systems.

Cybersecurity group Crowdstrike said in a statement on Monday that it has been monitoring potential Iranian cyberattacks, and “believes that Iranian adversaries are likely to leverage a broad range of means, including cyber operations, against U.S. and allied interests.” 

The company added that “our current assessment is that organizations in the financial, defense, government, and oil and gas sectors are the most likely targets for retaliation activity.”

Steve Grobman, the senior vice president and CTO of cybersecurity company McAfee, warned Monday that “organizations in the United States and allied countries need to be prepared for potential cyber-attacks given the current tensions with Iran.”

“Attackers can launch cyber warfare campaigns to inflict significant damage or disruption and do so without geographic proximity to their target,” Grobman warned in a statement. “The United States is a target-rich environment for potential cyber-attacks, both in critical infrastructure and across a wide range of business interests.”