DHS has issued a bulletin calling Iran’s cyber program “robust” and saying it is at least capable of “carrying out attacks with temporary disruptive effects against critical infrastructure” in the US.
Acting DHS secretary Chad Wolf noted on January 4th that while there is no specific, credible threat, that the department remains vigilant due to the “changing threat landscape” following a recent US drone strike in Iraq that killed Qaseem Soleimani, the head of the Iranian Revolutionary Guard Corps-Quds Force, and Iran’s stated intention to retaliate.
“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.- based targets,” said the bulletin.
DHS says it is “operating with an enhanced posture and various operational components are taking protective measures where prudent and necessary,” and that it is communicating with Congress and interagency partners.
Attacks could come from the Iranian state, lone actors, proxies, sympathizers or anywhere really, but low level targets that are lightly or conventionally defended seem likely to draw an initial wave of attacks, such as a recent defacement of the website of the Federal Depository Library Program, or any potentially headline-grabbing targets.
The CIO Council recently issued a white paper calling on agencies to collaborate on network security. Emerging technologies “will fundamentally change” the networks crucial for federal agency operations and services but keeping the network secure while incorporating those technologies “will require close collaboration between and within agencies,” the paper said. Recommendations for agencies include that they survey the technology landscape “to ensure broad awareness of new networking trends and technologies”; incorporate pilots and knowledge sharing into existing strategies; support upskilling and continuous learning for network managers; and collaborate with GSA on acquisition milestones and best practices.
The DHS inspector general also recently concluded the department is “not well positioned to carry out its critical cybersecurity functions in the face of ever-expanding cybersecurity threats,” citing the need to better assess its cybersecurity workforce and future needs.
DHS has some 14,000 employees in cybersecurity functions in at least 18 components—with the heaviest concentration in three, the Cybersecurity and Infrastructure Security Agency, ICE and the Secret Service—and 96 programs. However, the average age is 46, with 61 percent older than 40 and only 2 percent who are 30 or younger, and the vacancy rate increased from 9 to 12 percent over 2017-2018, it said.
The White House issued an order last May that included a provision to create a rotational program to boost those skills in the federal workforce, the latest of many such initiatives. The order instructs OPM and OMB to establish within three months a “rotational assignment program, which will serve as a mechanism for knowledge transfer and a development program for cybersecurity practitioners,” with provisions for training and mentoring.