With Iran vowing to retaliate for the targeted killing of Qassem Soleimani, and with any retaliation possibly materializing in the form of cyber attacks or hits at soft targets, the Cybersecurity and Infrastructure Security Agency released guidance to stakeholders on what they can expect and how they can prepare.
“Increased geopolitical tensions and threats of aggression may result in cyber and physical attacks against the Homeland and also destructive hybrid attacks by proxies against U.S. targets and interests abroad,” says the CISA Insights document. “Knowing how you, your organization, and your personnel may be exposed or targeted during increased tensions can help you better prepare.”
Entities are encouraged to take a hard look within and ask, “Are you attractive to Iran and its proxies because of your business model, who your customers and competitors are, or what you stand for?”
CISA noted that Iran “has exercised increasingly sophisticated capabilities to suppress social and political perspectives deemed dangerous to its regime and to target regional and international adversaries,” and the Islamic Republic along with its proxies and sympathizers “have a history of leveraging cyber and physical tactics to pursue national interests, both regionally and here in the United States.”
Attacks can take the form of “disruptive and destructive cyber operations against strategic targets” including critical infrastructure and industrial control systems, “cyber-enabled espionage and intellectual property theft” with the goal of gaining “a better understanding of our strategic direction and policy-making,” and “disinformation campaigns promoting pro-Iranian narratives while pushing anti-U.S. sentiments.”
In the physical realm, CISA warned against the possibility of improvised explosive devices — “a staple tactic of the Islamic Revolutionary Guard Corps” and Soleimani’s Quds Force, as well as Hezbollah — and drone attacks against well-defended or soft targets. Attacks against U.S. citizens or American interests could happen abroad or on home soil.
“CISA strongly urges you to assess and strengthen your basic cyber and physical defenses to protect against this potential threat,” the document continues, encouraging organizations to get in rapid-response mode, review emergency preparedness plans, increase vigilance and harden defenses including access control, and “flag any known Iranian indicators of compromise and tactics, techniques, and procedures for immediate response.”
Employees should know how to report suspicious activities and response plans should be practiced. Organizations should make sure they have offline backups of critical information in case hackers strike, and should also prepare for physical attacks with plans for active shooters or bomb incidents.
CISA encouraged feedback on the tips for infrastructure resilience, stressing that “collective defense works best when we share what works, communicate, and coordinate.”