By Gregory Hale
In the wake of the U.S.-led airstrike in Iraq last week that killed Qaseem Soleimani, the head of the Iranian Revolutionary Guard Corps-Quds Force, a National Terrorism Advisory System (NTAS) bulletin released regarding the terror threat against the United States.
Acting Secretary of Homeland Security Chad F. Wolf issued the NTAS Bulletin regarding the changing threat landscape.
“At this time there is no specific, credible threat against the homeland. The Department issued this bulletin to inform, share protective measures, and reassure the American public, state and local governments, and private sector partners that the Department of Homeland Security is actively monitoring and preparing for any specific, credible threat, should one arise” Wolf said.
“The Department is operating with an enhanced posture and various operational components are taking protective measures where prudent and necessary,” he said. “We have been in constant communication with Congress and interagency partners. The American people should feel assured the entire Department is working for them to keep them safe.”
Security providers understand the level of importance, but at the same time, they feel those working in critical infrastructure should be on alert at all times, but instead they should be able to protect against more imminent attacks.
“The Iranian rhetoric is definitely spicing up industrial operators in America,” said Dewan Chowdhury, chief executive and founder of security provider, malcrawler. “I’ve been getting emails and calls from various industries on how to prepare. Irony is I tell them you’re more likely to get hit by ransomware than a direct nation state attack on your industrial control system, and I guarantee you that you have no preparation on that. And they shamefully answer yes. That has been my week.”
Knowing who and what is on a system remains a top priority.
“I would imagine if the Iranians are looking to cause trouble it would be on a U.S. site they already captured,” said Eric Byres, chief executive at software security validation provider, aDolus. “I would imagine it would be business as usual for the critical infrastructure. If Iran was going to launch an attack against critical infrastructure I don’t think they are just warming up today, they will already be in place.”
There are others that are taking this warning seriously, knowing an attack may not happen right away, but could happen after attackers gain intelligence.
“Given recent news, critical infrastructure organizations should be prepared for an increase in attempted cyberattacks,” said Marc Gaffan, chief executive of Hysolate. “We recommend that security teams within critical infrastructure organizations lock down access to critical controls and sensitive data. Focus on securing and monitoring access points into the most critical OT environments, often provided via privileged access. The best way to mitigate the risk of a successful cyberattack is to isolate access to critical controls and keep it separate from any day-to-day usage or Internet access.”
The following is a summary of terrorism threat:
• The United States designated Iran a “State Sponsor of Terrorism” in 1984 and since then, Iran has actively engaged in or directed an array of violent and deadly acts against the United States and its citizens globally. The United States designated Iran’s Islamic Revolutionary Guard Corps (IRGC) a Foreign Terrorist Organization on April 15, 2019 for its direct involvement in terrorist plotting.
• On January 2, 2020, the United States carried out a lethal strike in Iraq killing Iranian IRGC-Quds Force commander Qassem Soleimani while Soleimani was in Iraq.
• Iranian leadership and several affiliated violent extremist organizations publicly stated they intend to retaliate against the United States.
• At this time we have no information indicating a specific, credible threat to the Homeland. Iran and its partners, such as Hizballah, have demonstrated the intent and capability to conduct operations in the United States.
• Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.- based targets.
• Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.
• Iran likely views terrorist activities as an option to deter or retaliate against its perceived adversaries. In many instances, Iran has targeted United States interests through its partners such as Hizballah.
• Homegrown Violent Extremists could capitalize on the heightened tensions to launch individual attacks.
• An attack in the homeland may come with little or no warning.
• The Department of Homeland Security is working closely with our federal, state, local, and private sector partners to detect and defend against threats to the Homeland, and will enhance security measures as necessary.
Click here to read the NTAS bulletin.