Is an Iran cyber attack imminent — and who is at risk? Here’s how to prepare yourself

Hayley Fowler

Experts and government officials have warned of possible cyber attacks as tensions escalate between the U.S. and Iran.

In a bulletin released Jan. 4, the National Terrorism Advisory System cautioned Iran has a “robust cyber program” and is capable of disrupting “critical infrastructure in the United States.”

The Cybersecurity and Infrastructure Security Agency characterized potential threats from Iran as “disruptive and destructive cyber operations” and “cyber-enabled espionage.”

“Iran and its proxies and sympathizers have a history of leveraging cyber and physical attacks to pursue national interests, both regionally and here in the United States,” the agency said.

How inevitable is a cyber attack on the United States?

Former CIA executive Marcus Fowler is the director of strategic threat at the artificial intelligence firm Darktrace, which helps organizations combat sophisticated cyber threats, according to its website.

He said cyber attacks are happening in the background on a near-constant basis, to individuals, businesses and government entities.

In the city of Fort Worth alone, the director of information technology told the Fort Worth Star-Telegram in 2018 they were defending about 15,000 threats every day.

It’s difficult to put a number on that kind of activity on a national scale, Fowler said. Many attacks are unsuccessful, and a lot of companies don’t acknowledge when they’ve been hacked.

They just “pay their ransom and move on,” he said.

But as far as any looming threats from Iran?

“I don’t think the move toward cyber attacks on critical infrastructure is imminent,” he said.

Prior to Iran’s missile attack on Iraqi bases housing U.S. military Tuesday night, Fowler said retaliations in the cyber sphere weren’t “adequate enough.”

“Blood for blood — not bytes for blood,” he said.

But with both sides appearing to seek deescalation, he questioned whether U.S. officials would engage in cyber warfare, where Fowler said there’s less chance of a loss of life.

If there were a war in cyberspace, who is at risk?

Some state government systems are already on Iran’s radar.

Texas was being pummeled with roughly 10,000 cyber attacks from Iran per minute on Tuesday, the Star-Telegram reported.

Around the same time, a group of self-described Iranian hackers put pictures of Maj. Gen. Qassem Soleimani — Iran’s top military commander killed in a U.S. drone strike last week — on the state Department of Agriculture’s website.

Fowler said cyber attacks have gone beyond the obvious high-dollar, critical industry targets.

Iran isn’t coming for your laptop, he clarified, and its first point of relation likely wouldn’t be a local municipality.

But that doesn’t mean they aren’t vulnerable, he said.

Fowler pointed to the risk smaller companies and municipalities face — particularly those that believe they aren’t big enough to be targeted and maintain low-level defense protocols.

He called that “flawed thinking.”

Cyber attacks shut down all government computers in New Orleans last month, CBS reported, and a similar attack crippled the city of Pascagoula, Mississippi just days before, according to Government Technology.

“It’s no longer how important your company is,” Fowler said. “It’s all about how big your vulnerability is.”

What are best practices for protecting your data?

Individuals should be careful what they log into, what links they’re clicking and who they’re receiving emails from, Fowler said. He also encouraged companies to stay up to date on their internal systems.

“Not focusing on the threat actor but focusing on what you care about most in the company,” he said.

According to CISA, organizations should be prepared for a “rapid response” to any Iranian retaliation “by adopting a heightened state of awareness.” In part, that means key internal security measures should be closely watched, access control privileges should be assessed and any “known Iranian indicators” should be reported.

All personnel should also know how and when to report an incident and what to do if one occurs, CISA says.

Organizations can mitigate the chance of a cyber attack by backing up critical information offline, using multi-factor authentication and scanning and patching vulnerabilities, according to the agency.

A complete list of preventative actions can be found on CISA’s website.