US And Israel Should Prepare For Destructive Iranian Cyberattacks, Ex-Intel Officer Says
A former intelligence operative in Israel’s military warned of Iran’s cyber capabilities. But the U.S.’s cyber agency may struggle to respond.
In the aftermath of American strikes against multiple Iranian nuclear sites on Saturday, the country retaliated with strikes on Israel and on a U.S. base in Qatar, where no casualties were reported. This morning, a ceasefire was confirmed by all sides, though Israel quickly accused Iran of breaking it. But longer term, in lieu of a nuclear bomb or significant firepower in the face of U.S. and Israeli military might, Iran may turn to cyberattacks.
The country has a “robust cyber apparatus,” according to Sanaz Yashar, a former intelligence officer in Israel who fled Iran as a teenager and now runs a cybersecurity startup. Its cyber program is spread across three different agencies: the Islamic Revolutionary Guard Corps (IRGC), the Ministry of Intelligence and the Ministry of Defense. Yashar expects Iran’s cyber offensive units to respond soon with “quick and dirty” operations, which will be disruptive but not catastrophic. In the longer-term, “there will be investment in destructive cyber capabilities” because they’re “impactful and deniable,” Yashar added. On Sunday, the DHS warned of an increased risk of cyberattacks either from Iran-friendly hacktivist groups or from the Iranian regime itself.
“Any new work is going to cause more strain on CISA.”
U.S. cyber infrastructure, however, may not be adequately prepared because of staff losses at the DHS Cybersecurity and Infrastructure Agency (CISA), which currently lacks a permanent director. The agency has been bleeding talent since many of its leadership, including former director Jen Easterly, have departed or were fired. Trump’s nominated director, Sean Plankey, is yet to be confirmed.
One CISA insider told Forbes that if there was to be an increase in Iranian cyber activity, the agency would be stretched to respond to the mass of threats currently facing America in cyberspace. “Any new work is going to cause more strain on CISA because we aren’t even being given the resources needed for our current workload,” they said.
Concerns swirled online about if the problems at CISA could hobble a U.S. response. “Start scheduling backups and don’t be surprised by cyber attacks from Iran or their supporters. Right after dismantling CISA, perfect timing,” wrote Jeff Moss, founder of the DEF CON cyber conference and a former member of the CISA Cyber Security Advisory Council, on BlueSky.
Though manifold reports have pointed to a CISA with low morale and overworked staff, the agency’s public affairs director Marci McCarthy told Forbes that CISA had been “lost and unfocused under Joe Biden,” with a “ballooning budget.” Now, President Trump and secretary for homeland security Kristi Noem are refocusing CISA, said McCarthy.
“The agency was focused on censorship, branding and electioneering instead of defending America’s critical infrastructure,” McCarthy said. “That era is over. Today CISA is focused squarely on executing its statutory mission: serving as the national coordinator for securing and protecting the nation’s critical infrastructure.”
She added that there are currently “no specific credible threats against the homeland,” but critical infrastructure organizations should remain vigilant.
Iranian hackers have in recent years been accused of some significant cyberattacks. In late 2023, a number of American water plants were breached, which led to the 2024 sanctions of six officials at the IRGC. Earlier this year, the U.S. offered a $10 million reward for information on the identities and whereabouts of members of CyberAv3ngers, a group linked to various attacks on global critical infrastructure, with a focus on targeting Israeli-made equipment.
Yashar said Iran’s hackers will want to use attacks as a type of influence operation that will “show off and enhance regime stability internally.” “The biggest concern would be they go after databases of naval, aviation and shipping information for further targeting,” she said.
But it’s disputed just how much of a digital threat Iran poses. The CISA insider said Iran was not considered a serious cyber threat on the level of China or Russia. Other experts agree. John Hultquist, chief analyst at Google’s Threat Intelligence Group, wrote on LinkedIn over the weekend that Iran’s main focus for its cyber warfare is psychological. “There is a real, practical risk to enterprises, but it’s important that we don’t overhype the threat here and give them the win they’re after.”
Israel began bombing Iran in mid-June, targeting its nuclear facilities. The U.S. launched air strikes over the weekend in support of Israel’s effort to prevent Iran from building a nuclear weapon. How many years the American attack has put Tehran back is unclear, despite Trump’s claims it had “totally obliterated” three of Iran’s nuclear sites. Iran’s leader Ayatollah Ali Khamenei has not yet spoken publicly about the strikes.
Israel, which has built a major cyber intelligence operation across the IDF’s Unit 8200, Mossad and other agencies, has not yet been credited with any significant cyberattacks since it launched airstrikes on Iran. Last week, a pro-Israel hacking crew known as Predatory Sparrow claimed responsibility for a breach of Iran’s largest crypto exchange Nobitex, with as much as $90 million stolen. It’s unclear what links, if any, Predatory Sparrow has to the Israel government. Iran, meanwhile, reportedly closed off its internet to protect from potential cyberattacks.
One reason for the physical attacks on Iran’s nuclear capabilities could be that cyber offensive operations are no longer effective enough. The Stuxnet cyberattacks on the Natanz nuclear facility back in 2009 were reportedly part of a joint U.S.-Israel effort that were estimated to have set Iran’s nuclear program back by years. Now the same countries have taken to bombs rather than malware.
More from Forbes