In a Jan. 14 letter to the State Department, Virginia Sen. Mark Warner pressed Secretary of State Mike Pompeo to protect the agency’s networks from Iranian cyberattacks.
The letter comes less than two weeks after a drone strike killed Iranian Gen. Qassem Soleimani. Warner said the death of Soleimani makes it more likely for Iran to carry out cyberattacks with “disruptive effects” in the United States and its embassies.
Warner, the top Democrat on the Senate Select Committee on Intelligence, expressed “deep concern” about the State Department’s ability to protect and defend its information security. He pointed to past system breaches, including a 2014 “massive and prolonged” attack involving the National Security Agency and a 2018 breach of unclassified systems.
“The Iranian government’s state-sponsored cyber security capabilities have grown in sophistication and intensity in recent years, and they have developed a number of advanced persistent threats (APT) groups that conduct various offensive operations,” Warner wrote.
A State Department spokesperson declined to comment. During a background briefing on cybersecurity earlier this month, however, a State Department official said Iran "has been the most malicious actors out there. We are very concerned about Iran’s capabilities and activities.”
Warner urged Pompeo to respond by the end of the month to questions on how the State Department plans to defend its information security systems in the future and create new employee training techniques to protect them from future information breaches.
Warner referenced a State Department’s Office of the Inspector General report from August 2019. That document found that a 2017-18 hiring freeze that left senior cyber security positions vacant delayed the implementation of risk management programs that “hampered [the State Department’s] ability to develop tools and procedures to react and respond to malicious cyber activity targeting Department personnel and information assets.”
Last week, the Department of Homeland Security issued a warning to public and private sector organizations of the increased risk of Iranian disruptive and destructive cyber operations, including information theft, disinformation campaigns and drone attacks.