Senators set for briefing on cyber threats from Iran

Senators set for briefing on cyber threats from Iran
© Greg Nash

Senators on the Homeland Security and Governmental Affairs Committee were set to receive a classified briefing Tuesday on threats from Iran, including the possibility of a retaliatory cyberattack in response to the killing of Iranian Gen. Qassem Soleimani.

Committee members were to be briefed by officials from the Department of Homeland Security (DHS).

“I will confirm we are holding it,” Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonSenate GOP hedges on attending Trump's convention amid coronavirus uptick Koch-backed group urges Senate to oppose 'bailouts' of states in new ads Romney, Collins, Murkowski won't attend GOP convention MORE (R-Wis.) told The Hill. He said it would “run the full spectrum of what they are preparing themselves for,” including potential cyberattacks.


Sen. Gary PetersGary Charles PetersConservative group launches ad campaign for Rep. Roger Marshall in Kansas Senate race Health care group launches M ad campaign hitting Trump in battleground states The Hill's Morning Report - Presented by Facebook - Trump wants schools to reopen, challenged on 'harmless' COVID-19 remark MORE (D-Mich.), the top Democrat on the committee, also confirmed the briefing was taking place, and added that cyberattacks on the U.S. are “certainly a very probable option [Iran] will exercise.”

“It’s about making sure we are working with private industry throughout the country as well, particularly critical infrastructure, to make sure they are engaged,” Peters said. 

Both DHS and the Cybersecurity and Infrastructure Security Agency (CISA) have issued bulletins this week warning of the heightened potential for Iran to attack the U.S. through both cyber and physical means. They have emphasized that they have “no information indicating a specific, credible threat to the Homeland.”

“Iran and its proxies and sympathizers have a history of leveraging cyber and physical tactics to pursue national interests, both regionally and here in the United States,” CISA wrote in a memo on Monday night. 

“CISA strongly urges you to assess and strengthen your basic cyber and physical defenses to protect against this potential threat,” the agency wrote.


A wider briefing is due to take place on Wednesday, when the full Senate will be briefed in a classified setting by government officials on Iranian threats.

Iran has long been counted by members of Congress and the U.S. government as one of the main nation states posing a cyber threat to the U.S., alongside Russia, China and North Korea.

The 2019 Worldwide Threat Assessment, compiled by former Director of National Intelligence Daniel Coats and presented to the Senate Intelligence Committee last year, found that Iran had attempted to deploy cyberattack capabilities that would allow it to attack “critical infrastructure in the United States and allied countries.”

The assessment noted that Iran has the capability to launch cyberattacks that cause “localized, temporary disruptive effects—such as disrupting a large company’s corporate networks for days to weeks.”

Sen. Ron WydenRonald (Ron) Lee WydenTrump administration to impose tariffs on French products in response to digital tax Mnuchin: Next stimulus bill must cap jobless benefits at 100 percent of previous income Congress must act now to fix a Social Security COVID-19 glitch and expand, not cut, benefits MORE (D-Ore.), a member of the Senate Intelligence Committee, told reporters on Tuesday that Iran’s unpredictability made it a threat.


“I’m not going to get into specifics because I am on the Intelligence Committee, but what I will tell you is the history of Iran is they are unpredictable, they use militias, they use proxies, they are unpredictable,” Wyden said.

Earlier this week, the first signs of potential Iranian cyberattack appeared when the homepage of the Federal Depository Library Program was briefly defaced with a picture of President TrumpDonald John TrumpWayfair refutes QAnon-like conspiracy theory that it's trafficking children Stone rails against US justice system in first TV interview since Trump commuted his sentence Federal appeals court rules Trump admin can't withhold federal grants from California sanctuary cities MORE being punched in the face by a person wearing an Islamic Revolutionary Guard Corps symbol. Text under the picture read “Hacked by Iran Cyber Security Group Hackers. This is only a small part of Iran's cyber ability! We're always ready.”

During an appearance at the Council on Foreign Relations on Tuesday, Sen. Angus KingAngus KingKoch-backed group urges Senate to oppose 'bailouts' of states in new ads Data shows seven Senate Democrats have majority non-white staffs The Hill's Coronavirus Report: The Hill's Reid Wilson says political winners are governors who listened to scientists and public health experts; 12 states record new highs for seven-day case averages MORE (I-Maine), the co-chairman of the Cyberspace Solarium Commission, called for the government to bring in cyber experts to try to hack U.S. systems to find vulnerabilities.

“I want the most bloodthirsty, vicious, brilliant hackers in the world working for us, trying to hack our own network so they can tell our network people, whether they are at the Department of Defense, the CIA, the White House, or Congress where the problems are,” King said. “I think that’s a principle that we ought to be pushing both within the federal government and in the private sector.”

Top officials and experts have warned in recent days that Iran may seek to target the U.S. through attacking critical infrastructure, such as the oil and gas and electricity sectors, along with industrial control systems.

Cybersecurity group Crowdstrike said in a statement on Monday that it has been monitoring potential Iranian cyberattacks, and “believes that Iranian adversaries are likely to leverage a broad range of means, including cyber operations, against U.S. and allied interests.” 

The company added that “our current assessment is that organizations in the financial, defense, government, and oil and gas sectors are the most likely targets for retaliation activity.”

Steve Grobman, the senior vice president and CTO of cybersecurity company McAfee, warned Monday that “organizations in the United States and allied countries need to be prepared for potential cyber-attacks given the current tensions with Iran.”

“Attackers can launch cyber warfare campaigns to inflict significant damage or disruption and do so without geographic proximity to their target,” Grobman warned in a statement. “The United States is a target-rich environment for potential cyber-attacks, both in critical infrastructure and across a wide range of business interests.”