February 18, 2020

February 18, 2020

Subscribe to Latest Legal News and Analysis

February 17, 2020

Subscribe to Latest Legal News and Analysis

Escalated Tension with Iran Heightens Cybersecurity Threat Despite Military De-Escalation

The recent conflict between the United States and Iran has heightened America’s long-time concern of an imminent, potentially lethal Iranian cyber-attack on critical infrastructure in America.   Below, is the latest information including the United States Government’s analysis on the current standing of these threats as of January 8, 2020. 

CISA Alert

The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued Alert (AA20-006A) in light of “Iran’s historic use of cyber offensive activities to retaliate against perceived harm.”  In general, CISA’s Alert recommends two courses of action in the face of potential threats from Iranian actors: vulnerability mitigation and incident preparation.  The Alert specifically instructs organizations to increase awareness and vigilance, confirm reporting processes and exercise organizational response plans to prepare for a potential cyber incident.  CISA also suggests ensuring facilities are appropriately staffed with well-trained security personnel who are privy to the tactics of Iranian cyber-attacks.  Lastly, CISA recommends disabling unnecessary computer ports, monitoring network and email traffic, patching externally facing equipment, and ensuring that backups are up to date.  

Iranian Threat Profile

CISA asserts that Iranian cyber actors continually improve their offensive cyber capabilities. These actors are also increasingly willing to engage in destructive, kinetic, and even lethal cyber-attacks.  In the recent past, such threats have included disruptive cyber operations against strategic targets, including energy and telecommunications organizations. There has also been an increased interest in industrial control systems (such as SCADA) and operational technology (OT).  Refer to CISA’s Alert and the Agency’s “Increased Geopolitical Tensions and Threats” publication for specific Iranian advanced persistent threats to the nation’s cybersecurity.

Imminence of an Iranian Cyber-attack

While CISA urges vigilance and heightened prudence as it pertains to cybersecurity, DHS has been clear that there is “no information indicating a specific, credible threat to the Homeland.”  Nevertheless, the same National Terrorism Advisory System Bulletin publication (dated January 4, 2020) warns that Iran maintains a robust cyber program. This program can carry out attacks with varying degrees of disruption against U.S. critical infrastructure. The bulletin further states that “an attack in the homeland may come with little to no warning.”  There is also a concern that homegrown violent extremists could capitalize on the heightened tensions to launch individual attacks.  With the ongoing tension, it is unlikely that the imminence of an Iranian cyber-attack will dissipate in the near term.

Implications

It is vital for businesses, especially those deemed critical infrastructure, to stay apprised of new advances on these matters.  Given that the Alert calls for organizations to take heightened preventative measures, it is imperative that critical infrastructure entities revisit their cybersecurity protocols and practices and adjust them accordingly.  A deeper understanding of the organizational vulnerabilities in relation to this particular threat will be imperative.  

© 2020 Van Ness Feldman LLP

TRENDING LEGAL ANALYSIS


About this Author

Gwen Fleming, Van Ness Feldman Law Firm, Washington DC, White Collar and Environmental Law Litigation Attorney
Partner

Gwen Keyes Fleming has more than twenty years of public sector experience, having served as both an elected and appointed official at the state and local levels, as well as in various branches of the federal government.  Most recently, she served as the Principal Legal Advisor (General Counsel) for Immigration & Customs Enforcement (ICE) in the U.S. Department of Homeland Security (DHS), and as Chief of Staff to the Environmental Protection Agency (EPA) during the Obama Administration.  In addition to her time at the DHS and EPA, Gwen served as the EPA Region 4 (...

202-298-1928
Lilly Scott Public Policy Professional Van Ness Feldman
Director, Governmental Issues

Lilly is an experienced public policy professional providing strategic advice and representation for a variety of federal legislative and regulatory matters. Her portfolio includes clean energy, environmental, natural resources, and energy sector cybersecurity matters. She also monitors actions and emerging issues on Capitol Hill.

Before joining the firm, Lilly worked for the American Continental Group, where she helped represent high profile clients including 7-Eleven, Goldman Sachs, CVS Pharmacy, Comcast, the U.S. Anti-Doping Agency, and various coalitions and associations. She also was a legal fellow on the Senate Health, Education, Labor, and Pensions Committee, where she set the foundation for staff contacts on Capitol Hill.

202-298-1881
Darshana Singh, Van Ness Feldman Law Firm, Washington DC, Cybersecurity and Energy Law Attorney
Associate

Darsh Singh assists clients and firm professionals in the energy regulatory arena. Prior to joining Van Ness Feldman, Darsh served as a law clerk in the Office of Administrative Litigation at the Federal Energy Regulatory Commission (FERC) and interned at the Federal Trade Commission (FTC).   While at FERC, Darsh assisted Trial Staff in natural gas and oil pipeline rate proceedings and conducted research on market-based rates.   During her time at the FTC, Darsh focused on complex antitrust and consumer protection issues. 

While at The George...

202-298-3726
Terese Richmond, Van Ness Feldman Law Firm, Seattle, Cybersecurity, Environmental and Energy Law Attorney
Partner

Terese (T.C.) Richmond has over 30 years' experience representing state and local governmental agencies in Washington and Arizona. Her practice focuses on environmental law, land use, water law, and climate change. Most recently, she has served as the Vice Chair for the federal advisory committee that authored the Third U.S. National Climate Assessment, rolled out by the White House on May 6, 2014 as part of President Obama's Climate Action Plan. She was a lead author of the Assessment's chapter on water resources.

She has broad experience in natural resource policy, laws and...

206-623-9372
Tracy A. Nagelbush, Van Ness Feldman Law Firm, Washington DC, Energy and Cybersecurity Law Attorney
Principal

Tracy is a forceful advocate for clients in need of effective communications with the federal government on public policy matters in the climate change, clean technology, transportation, alternative energy deployment, energy efficiency, native American affairs, and natural resources development areas.  She understands the needs and language of both business people and decision-makers inside the beltway and is experienced at finding creative solutions and for building lasting relationships across party lines. As a seasoned veteran of Capitol Hill, she brings clients the...

202-298-1937