Escalated Tension with Iran Heightens Cybersecurity Threat Despite Military De-Escalation

January 8, 2020

CISA Alert

The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued Alert (AA20-006A) in light of “Iran’s historic use of cyber offensive activities to retaliate against perceived harm.”  In general, CISA’s Alert recommends two courses of action in the face of potential threats from Iranian actors: vulnerability mitigation and incident preparation.  The Alert specifically instructs organizations to increase awareness and vigilance, confirm reporting processes and exercise organizational response plans to prepare for a potential cyber incident.  CISA also suggests ensuring facilities are appropriately staffed with well-trained security personnel who are privy to the tactics of Iranian cyber-attacks.  Lastly, CISA recommends disabling unnecessary computer ports, monitoring network and email traffic, patching externally facing equipment, and ensuring that backups are up to date.  

Iranian Threat Profile

CISA asserts that Iranian cyber actors continually improve their offensive cyber capabilities. These actors are also increasingly willing to engage in destructive, kinetic, and even lethal cyber-attacks.  In the recent past, such threats have included disruptive cyber operations against strategic targets, including energy and telecommunications organizations. There has also been an increased interest in industrial control systems (such as SCADA) and operational technology (OT).  Refer to CISA’s Alert and the Agency’s “Increased Geopolitical Tensions and Threats” publication for specific Iranian advanced persistent threats to the nation’s cybersecurity.

Imminence of an Iranian Cyber-attack

While CISA urges vigilance and heightened prudence as it pertains to cybersecurity, DHS has been clear that there is “no information indicating a specific, credible threat to the Homeland.”  Nevertheless, the same National Terrorism Advisory System Bulletin publication (dated January 4, 2020) warns that Iran maintains a robust cyber program. This program can carry out attacks with varying degrees of disruption against U.S. critical infrastructure. The bulletin further states that “an attack in the homeland may come with little to no warning.”  There is also a concern that homegrown violent extremists could capitalize on the heightened tensions to launch individual attacks.  With the ongoing tension, it is unlikely that the imminence of an Iranian cyber-attack will dissipate in the near term.


It is vital for businesses, especially those deemed critical infrastructure, to stay apprised of new advances on these matters.  Given that the Alert calls for organizations to take heightened preventative measures, it is imperative that critical infrastructure entities revisit their cybersecurity protocols and practices and adjust them accordingly.  A deeper understanding of the organizational vulnerabilities in relation to this particular threat will be imperative.  VNF’s cybersecurity team is prepared to advise clients on the impact of CISA’s Alert on their business practices and help clients navigate the implementation of heightened protocols.  With the status of this threat changing at a rapid pace, we are closely monitoring developments related to cybersecurity and geopolitical activity to help protect our clients’ interests.


For more information or to learn how VNF can help you bolster your cybersecurity, please contact any member of our cybersecurity team in Seattle (206) 623-9372 or Washington, D.C.  (202) 298-1800.

  • Cybersecurity & Emerging Technologies

    Our cybersecurity and emerging technologies team represents clients with a diverse range of counsel on a multitude of cyber-related vulnerabilities that threaten critical infrastructure—including oil and gas pipelines; LNG facilities; offshore oil and gas rigs/platforms; electricity generation, transmission, and distribution assets; hydropower and municipal water facilities; nuclear reactors and chemical plants; and medical, research and academic institutions. With an increased prevalence of threats to physical, natural, and cyber systems, both public and private sector entities must strengthen their defense and resilience against at-risk systems—particularly given an increased reliance on networks necessary to operate these systems, and the severe health, safety, environmental, and regulatory consequences from cyber-attacks to these types of assets.

    Our team combines decades of experience providing regulatory compliance, risk mitigation, incident response, and advocacy representation to the energy and environmental sectors and is highly-regarded for assisting clients with their efforts to keep critical infrastructure secure.

Related Services