Iran threat puts pressure on already crippled U.S. cyber agency
Iraqi Shiites protesting the US and Israeli attacks on Iran on the bridge leading to the Green Zone, where the US embassy is located, in Baghdad on February 28, 2026, carry the portrait of Iran’s Supreme Leader Ayatollah Ali Khamenei, chant slogans and wave Iranian flags. AFP journalists said that on February 28, US-Israeli protesters protested US-Israeli attacks on Iran near the US embassy in Baghdad.
Ahmed Al-rubaye | Afp | Getty Images
As conflicts in the Middle East continue to rage, cyber experts are increasingly warning about Iranian online attacks on U.S. businesses and infrastructure.
“From a timing perspective, it’s now or never,” said Pavel Gurvich, founder and CEO of the cybersecurity startup tenzai. “In that sense, the danger is significantly higher.”
Iran may have stored capabilities and is waiting for a high-risk moment to launch, Gurvich said.
Following US and Israeli attacks on the region over the weekend, Iran has stepped up retaliatory attacks, hitting US bases, embassies and major centers including Tel Aviv, Doha and Dubai.
The looming threat of an Iran-linked cyberattack poses a critical risk to the United States at a time when its lead preparedness agency, the Cybersecurity and Infrastructure Security Agency, is grappling with a partial government shutdown, furloughs and a change of administration that could hamper its ability to counter an attack.
CISA turmoil
U.S. Secretary of Homeland Security Kristi Noem testifies at a Senate Judiciary Committee hearing on “Oversight of the Department of Homeland Security” on Capitol Hill in Washington, DC, USA, March 3, 2026.
Kevin Lamarque | Reuters
US Secretary of Homeland Security Kristi Noem said this week that DHS is working with federal intelligence and law enforcement partners to “closely monitor and disrupt” potential U.S. threats.
There is an agency reported missing Since Trump took office, about a third of his staff and his interim director, Madhu Gottumukkala, were reassigned to another division of DHS last week.
During Gottumukkala’s tenure, he clashed with staff and terminated major contracts. Politico reported. He also came under scrutiny for uploading sensitive documents to ChatGPT and failed a lie detector test administered by CISA staff when he attempted to access the records.
Chief Information Officer Bob Costello announced this week: LinkedIn He said he was “walking away from federal service.” Previously Politico reported Costello was asked to resign or accept a different position at DHS.
As of Tuesday afternoon, CISA website It was last updated on Feb. 17 and is not actively managed due to a “cut in federal funding,” he said.
DHS On Feb. 17, he said the agency would cancel cybersecurity assessments, as well as other training and engagement.
“As this failure continues, CISA’s failure to intervene in these key areas will result in a future threat or increased vulnerability,” the website states.
Lawmakers also expressed concern about U.S. preparedness as the shutdown drags on.
Chairman of the Parliamentary Appropriations Committee Tom Cole He wrote last month that CISA staffing was already “stretched” and that the shutdown would hinder the country’s ability to protect critical infrastructures and hospitals.
Increasing cyber threat
Even while in the country As internet shutdowns continue, cybersecurity experts said groups will continue to operate through proxies and VPNs.
CrowdStrikeAdam Meyers, counter-adversary operations leader, said Monday that the Austin-based firm has seen an increase in allegations of network and server outages from Iran-linked groups that could target financial sectors and critical infrastructure.
John Hultquist, chief analyst GoogleIran has a history of exaggerated attacks and the allegations should be addressed “without hesitation,” but they could seriously impact businesses, the Threat Intelligence Group told CNBC on Tuesday.
JPMorgan Chase CEO Jamie Dimon told CNBC’s Leslie Picker on Monday that banks could be targets and said he expects an increase in cyber or terrorist attacks around the world.
“We’re always trying to prepare for this,” he said, adding that he sees cyber as “one of the highest risks that banks carry.”
Iran has proven it can defeat US targets and in 2024 claimed responsibility for hacking the emails of several staff members affiliated with President Donald Trump. offer.
The country was behind a massive denial-of-service attack on major banks in 2012 and 2013 that crashed their websites, CNBC previously reported.
The cyber threat from Iran follows a “familiar pattern,” Hultquist said Tuesday.
“We expect Iran to target the United States, Israel and the Gulf Cooperation Council (GCC) countries with devastating cyber attacks, focusing on targets of opportunity and critical infrastructure,” he said.
