Flag
of
Iran
on
a
computer
binary
codes
falling
from
the
top
and
fading
away.
(Getty
images)
WASHINGTON
—
With
a
tenuous
ceasefire
holding
in
the
wake
of
US
and
Israel
airstrikes
on
Iran,
the
Departments
of
Defense
and
Homeland
Security
have
both
issued
stern
reminders
of
the
Iranian
cyber
threat,
especially
to
US
defense
contractors.
Homeland
Security’s
Cybersecurity
&
Infrastructure
Security
Agency
(CISA),
in
conjunction
with
the
NSA
and
the
Department
of
Defense
Cyber
Crime
Center
(DC3),
today
specifically
warned
US
defense
contractors
working
in
Israel
that
they
may
find
themselves
the
target
of
Iranian
cyber
attacks.
“This
joint
fact
sheet
details
the
need
for
increased
vigilance
for
potential
cyber
activity
against
U.S.
critical
infrastructure
by
Iranian
state-sponsored
or
affiliated
threat
actors,”
the
DHS-NSA-DC3
statement
said.
“Defense
Industrial
Base
companies,
particularly
those
possessing
holdings
or
relationships
with
Israeli
research
and
defense
firms,
are
at
increased
risk.”
The
DHS
statement
did
not
give
further
detail
to
defense
contractors
about
the
threat,
but
in
a
statement
to
Breaking
Defense,
Katie
Arrington,
a
tech
industry
veteran
currently
performing
the
duties
of
Pentagon
CIO,
in
a
statement
to
Breaking
Defense,
expanded
on
the
topic.
RELATED:
Nearly
one
in
10
‘Tier
1’
subcontractors
to
defense
primes
are
Chinese
firms:
Report
“We
recognize
this
is
a
time
of
heightened
risk
to
the
Department
and
our
critical
partners
in
the
Defense
Industrial
Base,”
said
Arrington.
“We
don’t
fight
alone
and
our
adversaries
know
it.
DoD
encourages
the
DIB
to
raise
their
cybersecurity
posture
to
ensure
uninterrupted
operations
and
the
security
of
critical
data,”
Arrington
said,
referring
to
a
recent
Pentagon
LinkedIn
post
for
detailed
guidance.
While
Iranian
hackers
are
less
infamously
skillful
than
Russian
or
Chinese
ones,
they
have
a
long
history
of
politically
motivated
digital
vandalism
against
businesses,
governments,
and
even
Boston
Children’s
Hospital.
Neither
Arrington
nor
the
DHS
statement
cited
specific
intelligence
or
warned
of
an
imminent
attack,
and
experts
say
that
Tehran
has
kept
things
quiet
on
the
digital
front,
at
least
so
far.
The
fact
both
DoD
and
DHS
felt
it
timely
to
nudge
corporate
America
to
keep
its
digital
guard
up
is
still
notable,
albeit
unsurprising.
Asked
last
week
whether
Iran
could
look
to
launch
cyber
attacks
against
US
firms,
Luke
McNamara,
deputy
chief
analysts
with
the
Google
Threat
Intelligence
Group,
said,
“The
defense
and
aerospace
sector
has
been
a
consistent
target
for
Iranian
cyber
espionage
actors.
Cessation
of
hostilities
is
unlikely
to
diminish
the
espionage
threat
that
western
defense
companies
—including
the
European
DIB
—
face.”
Added
McNamara,
“Beyond
espionage,
cyber
is
of
course
a
tool
that
can
be
leveraged
across
a
continuum
of
escalation,
depending
on
the
nature
of
the
targets
and
the
level
of
any
disruption
…
We
also
should
be
prepared
for
messaging
by
actors
in
an
attempt
to
inflate
their
successes.
The
cyber
impact
may
be
minimal,
but
stoking
fear
can
also
be
an
objective.”
Carley
Welch
contributed
to
this
report.