States, Election Officials On Guard Over Iranian Cybersecurity Threat

In this Sept. 12, 2019, photo, monitors check their screens in the Governor's Office of Information Technology in Denver.

In this Sept. 12, 2019, photo, monitors check their screens in the Governor's Office of Information Technology in Denver. AP Photo/David Zalubowski


Connecting state and local government leaders

Amid tension between the United States and Iran, state and local government officials are taking precautions to protect themselves from cyber warfare.

Cybersecurity and election officials in state and local governments are on alert for Iranian-backed cyberattacks as tensions between the United States and the Islamic Republic have come to a head with the killing of an Iranian general and retaliatory missile strikes.

The Department of Homeland Security issued guidance to local governments and private companies this week about the cybersecurity threat posed by Iranian hackers. Meanwhile, elected officials in several states said they have directed cybersecurity personnel to fortify computer networks and urged local leaders to take additional precautions.  

DHS’s Cybersecurity and Infrastructure Security Agency issued an advisory that offered suggestions on securing computer networks and increasing vigilance, as well as insight on tactics frequently used by Iran. 

Late last year, cybersecurity researchers at Microsoft raised concern over the extent to which Iranian hackers may have shifted focus from standard information technology networks to the physical controls of infrastructure like utility companies and oil refineries. While Iran’s capabilities are not believed to be as advanced as hackers in Russia, China or the United States, cybersecurity experts told Vice that Iran has “shown a desire and willingness to be aggressive and disruptive.” During the last week, for example, Iranian hackers claimed responsibility for defacing the websites for the Texas Department of Agriculture and an Alabama veterans group.

U.S. law enforcement have blamed Iranian hackers of orchestrating a series of attacks on U.S. banks and a New York dam and more recently charged two Iranian men with activities related to ransomware attacks that disrupted operations in Atlanta, the Colorado Department of Transportation and business entities in other states. 

Not all of the attacks are believed to have been directed by the Iranian government. 

But the CISA advisory cautioned that Iran has targeted cyberattacks against “finance, energy, and telecommunications organizations” and has shown increased interest in “industrial control systems and operational technology.”

CISA also conducted a briefing with election officials the day after an American drone strike killed the high-profile head of Iran’s Quds Force, Gen. Qassem Soleimani.

West Virginia Secretary of State Mac Warner sent an advisory to local election leaders describing the briefing. He said DHS did not identify any specific, credible threat to local election leaders or infrastructure but said the fact the federal government was willing to share information about the situation and possible threats marked tremendous progress. Elections officials have been critical in the past of the lack of information shared in the wake of Russia’s meddling in the 2016 presidential election.

“The fact that the federal government was on top of the situation, was identifying potential threat vectors (that Iranian hackers may already be inside systems and to be watching for something to "be activated") and was talking openly to all facets of our society, shows remarkable progress toward threat deterrence and detection,” said the advisory issued by the West Virginia Secretary of State’s Office.

Other states have also begun taking additional precautions in the wake of the U.S. airstrike and Iran’s retaliatory missile strike on an Iraqi military base that housed American troops.

South Carolina Governor Henry McMaster said Tuesday that he had directed the state’s information technology leaders to “redouble efforts to aggressively search out, identify and repel any potential cyberattacks or malicious technological intrusions into our state agencies.”

In Texas, cybersecurity officials said the state had seen an increased network activity originating  from outside the United States. Gov. Greg Abbott said Tuesday that the state had faced more than 10,000 attempted attacks from Iran over the past two days.

"These attacks from Iran-based entities, as well as other entities across the globe, are going to continue," Abbott told one local news station. "I think it's very important that everyone be particularly vigilant right now about what may happen out of Iran."

Andrea Noble is a staff correspondent with Route Fifty.

NEXT STORY: How Slowing Down Helps the Washington State CIO Move Faster