Senators set for briefing on cyber threats from Iran

Senators set for briefing on cyber threats from Iran
© Greg Nash

Senators on the Homeland Security and Governmental Affairs Committee were set to receive a classified briefing Tuesday on threats from Iran, including the possibility of a retaliatory cyberattack in response to the killing of Iranian Gen. Qassem Soleimani.

Committee members were to be briefed by officials from the Department of Homeland Security (DHS).

“I will confirm we are holding it,” Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonHillicon Valley: Barr asks Apple to unlock Pensacola shooter's phone | Tech industry rallies behind Google in Supreme Court fight | Congress struggles to set rules for cyber warfare with Iran | Blog site Boing Boing hacked Congress struggles on rules for cyber warfare with Iran Senators set for briefing on cyber threats from Iran MORE (R-Wis.) told The Hill. He said it would “run the full spectrum of what they are preparing themselves for,” including potential cyberattacks.

ADVERTISEMENT

Sen. Gary PetersGary Charles PetersHillicon Valley: Biden calls for revoking tech legal shield | DHS chief 'fully expects' Russia to try to interfere in 2020 | Smaller companies testify against Big Tech 'monopoly power' Bipartisan group of senators introduces legislation to boost state cybersecurity leadership The Hill's Morning Report — President Trump on trial MORE (D-Mich.), the top Democrat on the committee, also confirmed the briefing was taking place, and added that cyberattacks on the U.S. are “certainly a very probable option [Iran] will exercise.”

“It’s about making sure we are working with private industry throughout the country as well, particularly critical infrastructure, to make sure they are engaged,” Peters said. 

Both DHS and the Cybersecurity and Infrastructure Security Agency (CISA) have issued bulletins this week warning of the heightened potential for Iran to attack the U.S. through both cyber and physical means. They have emphasized that they have “no information indicating a specific, credible threat to the Homeland.”

“Iran and its proxies and sympathizers have a history of leveraging cyber and physical tactics to pursue national interests, both regionally and here in the United States,” CISA wrote in a memo on Monday night. 

“CISA strongly urges you to assess and strengthen your basic cyber and physical defenses to protect against this potential threat,” the agency wrote.

ADVERTISEMENT

A wider briefing is due to take place on Wednesday, when the full Senate will be briefed in a classified setting by government officials on Iranian threats.

Iran has long been counted by members of Congress and the U.S. government as one of the main nation states posing a cyber threat to the U.S., alongside Russia, China and North Korea.

The 2019 Worldwide Threat Assessment, compiled by former Director of National Intelligence Daniel Coats and presented to the Senate Intelligence Committee last year, found that Iran had attempted to deploy cyberattack capabilities that would allow it to attack “critical infrastructure in the United States and allied countries.”

The assessment noted that Iran has the capability to launch cyberattacks that cause “localized, temporary disruptive effects—such as disrupting a large company’s corporate networks for days to weeks.”

Sen. Ron WydenRonald (Ron) Lee WydenHillicon Valley: Biden calls for revoking tech legal shield | DHS chief 'fully expects' Russia to try to interfere in 2020 | Smaller companies testify against Big Tech 'monopoly power' Lawmakers call for FTC probe into top financial data aggregator Overnight Health Care: Progressives raise red flags over health insurer donations | Republican FTC commish backs Medicare negotiating drug prices | Trump moves to protect money for religious groups MORE (D-Ore.), a member of the Senate Intelligence Committee, told reporters on Tuesday that Iran’s unpredictability made it a threat.

“I’m not going to get into specifics because I am on the Intelligence Committee, but what I will tell you is the history of Iran is they are unpredictable, they use militias, they use proxies, they are unpredictable,” Wyden said.

Earlier this week, the first signs of potential Iranian cyberattack appeared when the homepage of the Federal Depository Library Program was briefly defaced with a picture of President TrumpDonald John TrumpNational Archives says it altered Trump signs, other messages in Women's March photo Dems plan marathon prep for Senate trial, wary of Trump trying to 'game' the process Democratic lawmaker dismisses GOP lawsuit threat: 'Take your letter and shove it' MORE being punched in the face by a person wearing an Islamic Revolutionary Guard Corps symbol. Text under the picture read “Hacked by Iran Cyber Security Group Hackers. This is only a small part of Iran's cyber ability! We're always ready.”

During an appearance at the Council on Foreign Relations on Tuesday, Sen. Angus KingAngus KingCongress struggles on rules for cyber warfare with Iran Democrats brace for round two of impeachment witness fight The Hill's Morning Report - Deescalation: US-Iran conflict eases MORE (I-Maine), the co-chairman of the Cyberspace Solarium Commission, called for the government to bring in cyber experts to try to hack U.S. systems to find vulnerabilities.

“I want the most bloodthirsty, vicious, brilliant hackers in the world working for us, trying to hack our own network so they can tell our network people, whether they are at the Department of Defense, the CIA, the White House, or Congress where the problems are,” King said. “I think that’s a principle that we ought to be pushing both within the federal government and in the private sector.”

Top officials and experts have warned in recent days that Iran may seek to target the U.S. through attacking critical infrastructure, such as the oil and gas and electricity sectors, along with industrial control systems.

Cybersecurity group Crowdstrike said in a statement on Monday that it has been monitoring potential Iranian cyberattacks, and “believes that Iranian adversaries are likely to leverage a broad range of means, including cyber operations, against U.S. and allied interests.” 

The company added that “our current assessment is that organizations in the financial, defense, government, and oil and gas sectors are the most likely targets for retaliation activity.”

Steve Grobman, the senior vice president and CTO of cybersecurity company McAfee, warned Monday that “organizations in the United States and allied countries need to be prepared for potential cyber-attacks given the current tensions with Iran.”

“Attackers can launch cyber warfare campaigns to inflict significant damage or disruption and do so without geographic proximity to their target,” Grobman warned in a statement. “The United States is a target-rich environment for potential cyber-attacks, both in critical infrastructure and across a wide range of business interests.”