The Department of Homeland Security today renewed the National Terrorism Advisory System bulletin on the threat of terrorism from Iran or its proxies, stating that Iran “likely views terrorism as an option to deter or retaliate against its perceived adversaries” and expanding on threats posed by homegrown violent extremists.
The first NTAS bulletin issued during the height of Iran tensions on Jan. 4, after the U.S. targeted killing of IRGC Quds Force commander Qassem Soleimani, expired at 1 p.m. today. The new bulletin runs through March 18.
The renewal comes as it was revealed 11 American soldiers were wounded in Iran’s Jan. 8 retaliatory strike on Iraq’s al-Asad air base, suffering concussion symptoms after the blasts and traveling to Kuwait and Landstuhl, Germany, for treatment.
NTAS replaced in 2011 the post-9/11 color-coded terror alert system, issuing advisories in the forms of bulletins, elevated alerts or imminent alerts. Acting Homeland Security Secretary Chad Wolf told the Homeland Security Experts Group in D.C. on Friday that issuing the Jan. 4 bulletin, driven by a specific event for the first time in DHS history, “was the right decision… to both inform and reassure the American public, state and local governments, and private sector stakeholders that DHS is actively monitoring and preparing for any specific, credible threat, should one arise.”
Wolf stressed that “there is no credible, specific threat to the homeland from Iran.”
Today’s bulletin said, “At this time, we have no information indicating a specific, credible threat to the Homeland; however, we remain concerned about Iran’s potential to carry out cyber attacks. Additionally, Iran and its partners, such as Hizballah, have demonstrated their capability to conduct various operations in the U.S.”
“In the near term, we remain concerned that violent extremist organizations tied to the regime, including their various partner organizations, may continue to pose a general threat against American citizens and interests both overseas and in the homeland,” the bulletin continued, noting the retaliatory “limited ballistic missile assault” from Iran. “Previous Homeland-based plots have included, among other things, scouting against infrastructure targets, assassination attempt against the Ambassador to Saudi Arabia in 2011, and cyber enabled attacks against a range of U.S.-based targets.”
DHS’ Cybersecurity and Infrastructure Security Agency warned in a Jan. 6 alert of “Iran’s historic use of cyber offensive activities to retaliate against perceived harm,” and urged entities to adopt a state of heightened awareness, increase organizational vigilance, confirm reporting processes and exercise organizational incident response plans.
The new NTAS bulletin also highlights the cyber threat, underscoring that Iran “maintains a robust cyber program and is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
“Based on Iran’s historic homeland and global targeting patterns, the financial services and energy sectors, maritime assets, as well as U.S. Government and symbolic targets represent consistent priorities for Tehran’s malicious operational planning.”
The new bulletin also expands upon the homegrown violent extremist threat; the original bulletin simply said inspired individuals “could capitalize on the heightened tensions to launch individual attacks.” Today’s bulletin says HVEs “sympathetic to Iran could capitalize on the heightened tensions to launch individual attacks, with little or no warning, against U.S.-based Iranian dissidents, Jewish, Israeli, and Saudi individuals as well as against the U.S. Government infrastructure and personnel.”
“The FBI, DHS, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism, cyber, and law enforcement officials, and private sector partners, to remain vigilant in the event of a potential Iran-directed or violent extremist Iran supporter threat to US-based individuals, facilities, and networks consistent with previously observed covert surveillance and possible pre-operational activity,” the bulletin adds.