Congress Hears Warnings of Iranian CyberthreatsExperts Tell House Committee Federal Agencies Must Shore Up Defenses
Iranian-led disinformation campaigns and other cyberthreats against the U.S. are likely to surge in the aftermath of Iranian Major General Qasem Soleimani's death, security and political experts told the House Homeland Security Committee Wednesday. That's why the experts warned that federal agencies should not only shore up their defenses, but also create efficient ways to inform the public about looming threats.
The death of Soleimani in a U.S. drone strike on Jan. 3 escalated tensions between Washington and Tehran, and now lawmakers want to know more about Iran's offensive cyber capabilities (see: Congressmen Call for Enhanced Financial Sector Security)
See Also: Third-Party Risk to the Nth Degree
The House Energy and Commerce Committee, for example, is asking for more information from the Department of Homeland Security and the Federal Communication Commission about cyberthreats from Iran, according to The Hill.
Rep. Bennie Thompson, D-Miss., the chairman of the Homeland Security Committee, noted during his opening remarks that this geopolitical tension could have "dire consequences" for U.S. homeland security and asked the experts testifying to help lawmakers better understand the potential cyberthreats from Iran and its proxies.
"I am particularly interested in understanding how Iran could use its relatively sophisticated cyber capabilities against state and local governments and critical infrastructure to exact revenge for the death of Soleimani," Thompson said. "We need to understand whether potential targets are prepared to defend against Iranian cyberthreats and what the federal government can do to help them if they are not."
Rep. John Katko, R-N.Y., the ranking Republican on the Homeland Security Committee, said cyberattacks are the biggest threat to the U.S. "We didn't do enough on 9/11 to stop what happened on 9/11, and to me the biggest concern I have is the vulnerability of this country to cyberattacks," he said.
To understand the threats better, the committee heard testimony from Barbara Leaf, who specializes in Arab politics at The Washington Institute think tank; retired Lt. Gen. Vincent Stewart, a special advisor and chairman of Middle East Media Research Institute, which advises on issues of terrorism and national security; Tom Warrick, a non-resident senior fellow at the Atlantic Council; and retired Brig. Gen. Anthony Tata, the CEO and president of the Tata Leadership Group.
Disinformation and Cyberthreats
The panel of experts noted that while Iran-led cyber intrusions against the U.S. are likely to surge, disinformation campaigns are currently the biggest threat against the U.S.
In the past, social media firms, including Facebook, Google and Twitter, have removed a number of fake accounts with ties to the Iranian government in an attempt to combat online misinformation as well as phishing attacks targeting certain groups, according to media reports.
"A cyberattack is a certainty; equally certain is [an] information campaign to create the division," Warrick testified. "The first thing to remember is that cyberattackers are looking for an open door. ... In an open society like the U.S., in effect, those who have a computer or home network are on the frontline to potential attack from a country like Iran."
Stewart, the former director of the U.S. Defense Intelligence Agency, observed that Iran will use these platforms to divide voters ahead of the 2020 U.S. presidential election.
"That includes building upon the divide between Democrats and Republicans and convincing the American people that we have no interest in the region, that the only thing we can expect from the region is enduring warfare and therefore we should withdraw," Stewart testified.
Some other significant potential threats, Stewart added, are Iran-led cyber espionage, intellectual property theft as well as attacks against the U.S. financial sector and critical infrastructure.
During the hearing, the experts also raised a number of concerns about the federal government's deficiencies when it comes to countering cyberthreats. They said now is the time to shore up defenses before an attack happens.
Noting that U.S. civilians who are likely to be victims of Iranian cyberattacks, Warrick requested the Congress devise an effective notification mechanism to alert the public about potential cyberthreats.
"Normally, when U.S. policymakers consider kinetic strikes, they activate plans to notify and protect military and civilian personnel and facilities. The same logic should apply for cyberattacks," Warrick said.
Federal agencies should work toward an enhanced public-private partnership to strengthen cyber defenses, Stewart added.
"What makes this foreign threat so unique is that it is the one area where the U.S. government is essentially telling the U.S. private sector to 'fend for yourselves'," Steward testified. "We need a national-level strategy on protection of U.S. companies from foreign cyberthreats touching on everything from information sharing to insurance."