Iran threat puts pressure on already crippled U.S. cyber agency

As the fighting in the Middle East roars on, cyber experts are increasingly warning of online attacks from Iran on U.S. businesses and infrastructure.

“From a timing perspective, it’s now or never,” said Pavel Gurvich, founder and CEO of cybersecurity startup Tenzai. “In that sense, the danger is meaningfully higher.”

Gurvich said Iran may have stored capabilities and is waiting for a high-risk moment to launch.

Following U.S. and Israeli strikes on the region over the weekend, Iran has stepped up retaliatory strikes, hitting U.S. bases, embassies and major hubs, including Tel Aviv, Doha, and Dubai.

The looming threat of an Iran-linked cyberattack poses a critical risk to the U.S. at a time when the Cybersecurity and Infrastructure Security Agency, the leading readiness body, is grappling with a partial government shutdown, furloughs, and a management reshuffle that could hinder its ability to counteract an attack.

U.S. Secretary of Homeland Security Kristi Noem said in a statement this week that DHS is working with federal intelligence and law enforcement partners to “closely monitor and thwart” any potential U.S. threats.

The agency has reportedly lost about a third of its employees since Trump took office, and Madhu Gottumukkala, its temporary director, was reassigned to another division of DHS last week.

During Gottumukkala’s tenure, he clashed with staff and ended major contracts, Politico reported. He also came under scrutiny for uploading sensitive documents to ChatGPT and failed a polygraph test administered by CISA staff when he sought access to records.

As of Tuesday afternoon, the agency’s website said it was last updated on Feb. 17 due to a “lapse in federal funding” and is not being actively managed.

DHS said Feb. 17 that the agency would cancel cybersecurity assessments, among other trainings and engagements.

“As the lapse goes on, CISA’s lack of involvement in these key areas will lead to a future threat or an increased area of weakness,” she wrote in a release.

Lawmakers have also flagged concerns about the U.S. preparedness as the shutdown drags on.

House Appropriations Committee Chairman Tom Cole wrote last month that CISA’s personnel are already “stretched thin” and that a shutdown would hinder the country’s ability to protect critical infrastructure and hospitals.

Even during the country’s ongoing Internet shutdown, cybersecurity experts said groups will continue to operate through proxies and VPNs.

CrowdStrike‘s counter-adversary operations lead, Adam Meyers, said Monday that the Austin-based firm had seen a surge in claims of network and server disruptions from Iran-linked groups that could target financial sectors and critical infrastructure.

John Hultquist, chief analyst of Google‘s Threat Intelligence Group, told CNBC in a statement Tuesday that while Iran has a history of exaggerating attacks, and claims should be taken with a “grain of salt,” they could seriously impact businesses.

JPMorgan Chase CEO Jamie Dimon told CNBC’s Leslie Picker on Monday that banks may be targets and said he expects a rise in cyber or terrorist attacks globally.

“We always try to prepare for that,” he said, adding that he considers cyber “one of the highest risks banks bear.”

Iran has proved it can break through against U.S. targets and in 2024 claimed responsibility for hacking the emails of several staffers tied to President Donald Trump’s campaign.

In 2012 and 2013, the country was behind a massive denial of service attack on major banks that crashed websites, CNBC previously reported.

Hultquist said Tuesday that the cyber threat from Iran follows a “familiar pattern.”

“We expect Iran to target the U.S., Israel, and Gulf Cooperation Council (GCC) countries with disruptive cyberattacks, focusing on targets of opportunity and critical infrastructure,” he said.