The U.S. Department of Homeland Security (DHS) has issued a National Terrorism Advisory bulletin warning of a potential cyberattack by Iran in the wake of a U.S. drone attack that killed a senior Iranian military commander.
The advisory notes that there is currently no information about a specific, credible threat to the U.S., however, the DHS warns that Iran maintains a robust cyber program and “is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
The DHS Advisory urges proactive preparations including “basic cyber hygiene”.
We couldn’t agree more. Based on many years of helping critical infrastructure increase its cyber resiliency, we know that a few simple steps can make all the difference in protecting an organization against operational disruptions.
We discussed the potential threat today with Nozomi Networks Advisor and former Under Secretary for the National Protection and Programs Directorate (NPPD) at the U.S. Department of Homeland Security (DHS), Suzanne Spaulding.
“Iran has already demonstrated intent and capability to attack inside the U.S. as well as a high tolerance for escalating risk, specifically during the 2011 plot to assassinate the Saudi Ambassador to the U.S. Therefore, current risk of escalatory action by Iran is particularly high, given that ‘red lines’ are not clearly defined in cyberspace and the Iranian government will be under intense internal pressure to take strong action.”
Suzanne Spaulding, Nozomi Networks Advisor
At this time, critical infrastructure organizations including energy, transportation, water, manufacturing, communications, and other services that support everyday life, should be particularly vigilant with respect to their standard cyber security practices for operational assets.
This includes leveraging security tools that provide broad operational visibility, continual network monitoring, and detection of system anomalies. The current situation demands renewed scrutiny around unusual activity, and immediate investigation of possible incidents.
Nozomi Networks Labs: Defending Critical Infrastructure Against Cyber Risks
The Nozomi Networks Labs team works with a broad range of security experts and leading institutions to find new and better ways to improve industrial cyber security.
Similar to our recommendations for all critical infrastructure organizations, Nozomi Networks Labs is continually monitoring for emerging threats. For example, our OT ThreatFeed service, which is produced and curated by the Labs team, delivers up-to-date threat intelligence to the Nozomi Networks Guardian solution, making it easy to detect threats and vulnerabilities within OT and IoT environments.
“A critical part of neutralizing threats before they can migrate to operational systems, or between IT and OT networks, involves early warning. We can’t stress enough the importance of continuous monitoring, not just when these kinds of advisories are raised. Otherwise it may be too late to contain the enemy already in your network.”
Moreno Carullo, Co-founder and Chief Technical Officer
Nozomi Networks is committed to keeping our customers informed should new information on the potential cyberattack become available. The Nozomi Networks Labs team and field support staff are also on standby should clients need assistance.