The U.S. Department of Homeland Security has issued a bulletin through its National Terrorism Advisory System, related to potential cyberattacks by Iran on U.S. infrastructure, after Iranian IRGC-Quds Force commander Qassem Soleimani was killed during an air strike by the U.S.
A bulletin is intended to “describe[s] current developments or general trends regarding threats of terrorism.” It is a lower level of advisory compared with an elevated alert (credible terrorism threat) or an imminent alert (credible, specific and impending terrorism threat).
The strike was carried out Jan. 2. The U.S. designated Iran a “state sponsor of terrorism” in 1984 and designated Iran’s Islamic Revolutionary Guard Corps a “foreign terrorist organization” in April 2019. After Soleimani was killed, Iranian leadership and several affiliated violent extremist organizations publicly stated they intend to retaliate against the U.S.
“At this time there is no specific, credible threat against the homeland,” said DHS Acting Secretary of Homeland Security Chad F. Wolf. “The Department issued this bulletin to inform, share protective measures, and reassure the American public, state and local governments, and private sector partners that the Department of Homeland Security is actively monitoring and preparing for any specific, credible threat, should one arise.”
Although DHS says it has no information indicating a specific credible threat, Iran and its partners have demonstrated the intent and capability to conduct operations in the U.S., with previous plots including scouting and planning against infrastructure targets and cyber-enabled attacks against a range of U.S.-based targets. DHS says Iran “maintains a robust cyber program and can execute cyberattacks” against the U.S. At a minimum, Iran is capable of carrying out attacks with temporary disruptive effects against critical infrastructure, DHS says.
DHS says it “is working closely with our federal, state, local and private sector partners to detect and defend against threats and will enhance security measures as necessary.”
What does this situation mean for owners of energy infrastructure, such as hydroelectric projects and dams? We asked Protect Our Power, a company whose mission is “to make the nation’s electric grid more resilient and more resistant to all external threats.
“It is imperative that everyone involved in power delivery — from field technicians to operations center personnel to C-suite executives — be on heightened alert at this time,” said Richard Mroz, senior advisor for state and government relations.
“The reality is that our nation’s electric sector is bombarded with cyberattacks every day. It is vital that we rise to the challenge and meet this threat head-on. We also must incentivize cybersecurity investments, particularly among public power authorities, electric cooperatives and smaller utilities. We also must put in place reforms to facilitate confidential information sharing between electric utilities and state regulators, and urgently implement best practices that exceed minimum cybersecurity compliance standards.”
Cybersecurity will be an important topic of discussion at the upcoming DISTRIBUTECH International event. Protect Our Power is presenting a full-day conference, Best Practices – Utility Cybersecurity, Jan. 27, with an extensive list of speakers. In addition, a summit track will cover Cybersecurity and Incident Response. Finally, the Digitalizing the Grid knowledge hub, in the exhibit hall, features presentations on cybersecurity.
Click here to access conference content being presented Jan. 28-30 in San Antonio, Texas, U.S.