“Iran maintains a robust cyber program and can execute cyberattacks against the United States,” reads the bulletin, dated January 4.
The United States is bracing for possible retaliatory measures from Tehran following the January 3 attack on an Iran-backed militia convoy in Iraq that killed Qasem Soleiman, who was commander of Iran’s Quds Force, the foreign arm of the Islamic Revolutionary Guards Corps (IRGC).
The Quds Force has been designated a foreign terrorist organization by the United States.
The DHS bulletin noted that U.S. forces had “carried out a lethal strike in Iraq killing Iranian IRGC-Quds Force commander Qasem Soleimani while Soleimani was in Iraq.”
“Iranian leadership and several affiliated violent extremist organizations publicly stated they intend to retaliate against the United States,” it added, saying that it had no information indicating a “specific, credible threat.”
But it said that “previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber-enabled attacks against a range of U.S.- based targets.”
It added that Tehran maintains a “robust cyber program and can execute cyberattacks against the United States.”
“Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.
“Iran likely views terrorist activities as an option to deter or retaliate against its perceived adversaries,” the bulletin said.
Separately, a leading cybersecurity expert said his firm is warning businesses and government agencies to intensify protection measures following the threats by Iran to seek revenge for the U.S. attack.
“There are opportunities for them to cause real disruption and destruction,” John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye, told AP.
Iranian state-backed hackers reportedly carried out a series of disruptive denial-of-service attacks that knocked offline the websites of major U.S. banks and the New York Stock Exchange in 2012-13.
Robert M. Lee, chief executive of Dragos Inc., a firm that focuses on industrial control system security, said Iranian hackers have been aggressive in trying to gain access to utilities, factories, and oil and gas facilities, although it is not clear if they have ever succeeded.
“My worst-case scenario is a municipality or a cooperative-type attack where power is lost to a city or a couple of neighborhoods,” Lee told AP.