Worried about a cyberattack from Iran? Here’s how feds prepare

Worried about a cyberattack from Iran? Here’s how feds prepare

When a U.S. drone strike killed Iranian Gen. Qasem Soleimani in early January, the United States opened the door for retaliation from a nation with well-known cyber capabilities. While military officials had to be ready for a kinetic response from Iran, civilian government leaders also had to ensure that their networks were ready to withstand any attack from Iran’s cyber actors.

But, behind closed doors, how do government leaders prepare for such an event?

A half-dozen former federal chief information officers, department CIOs and CISOs described to Fifth Domain how a military strike on an advanced cyber actor, such as Iran, would change their day-to-day routines as the top cybersecurity and IT officials in government. Several of those interviewed coordinated the response to the breach of the Office of Personnel Management, disclosed in 2015, which ultimately resulted in more than 21 million stolen records.

These officials described several ways government officials prepared: increasing information sharing, more frequently communicating with the Department of Homeland Security and the intelligence community, stepping up communication within agencies’ cybersecurity components and reviewing disaster response and business continuity plans.

“You are on a sense of heightened alert,” said former acting Federal CIO Lisa Schlosser, who was detailed to OPM in the aftermath of its data breach. She also served as CIO at the Department of Housing and Urban Development and CISO of the Department of Transportation before becoming federal deputy CIO.

The Cybersecurity and Infrastructure Security Agency, a DHS entity charged with protecting federal networks and critical infrastructure from cyberattacks, was on elevated alert in response to the strike. And that level upped again after the NSA outed a significant vulnerability in Microsoft Windows 10 this week, a CISA official told Fifth Domain.

“In response to some of the Iran activity, we did a lot of messaging out to our partners — sharing indicators of compromise, particularly some vulnerability information, and then we talked about it on our weekly [security operations center] call,” said a CISA official, who requested anonymity to discuss communications between the agency and its partners. “Around some of the other vulnerability information that’s been going on, we sent out some personalized messages checking in to see what mitigation measures agencies have been put in place.”

CISA, which holds weekly calls with agencies’ security operations centers and monthly calls with agency leaders across government, held calls with all of the organization’s partners and managed “more frequent” email traffic, including conversations about website defacements that showed pro-Iranian messages, the official said.

Follow 3-www.NET

Category Latest Posts