Washington, D.C., officials said Thursday that the city has not detected any increase in network activity from Iran, one week after one of the Islamic Republic’s top generals was killed in a U.S. airstrike, setting off a round of alarms about Iranian cyber capabilities.
At a press conference Thursday, Mayor Muriel Bowser and several of D.C.’s law enforcement, homeland security and technology leaders said that while there are no credible physical or cybersecurity threats against the city from Iranian actors, officials have coordinated closely with federal authorities, other cities and states and local utilities and transit agencies to share the latest information in the wake of the death on Jan. 3 of Qassem Soleimani, the commander of Iran’s elite Quds Force.
But the District’s monitoring for potentially malicious activity from Iran has not changed in recent days, Chief Technology Officer Lindsey Parker told StateScoop. On average, Parker said, the city’s network receives about 120,000 pings per day from Iranian IP addresses, a figure that has not moved, despite reports of spikes in other places, like Texas and Utah. (The Utah Department of Technology Services told StateScoop that it briefly experienced an “increase in surveillance traffic” from Iran on Sunday, but that it quickly implemented countermeasures without any damage to the state’s IT systems.)
Still, the D.C. officials wanted to sound notes of caution.
“The District is doing everything it can to detect, defend, respond to and, if need be, recover from a cyber incident,” said Chris Rodriguez, the director of the city’s Homeland Security and Emergency Management Agency.
Rodriguez also told reporters that one of the first things that he and other officials did after news of Soleimani’s death broke was to brief Bowser on Iran’s potential to retaliate against the United States online, repeating several warnings about Iran’s tactics, techniques and procedures that have been shared in recent days by the federal government, like distributed-denial-of-service attacks, phishing emails and “wiper” attacks that damage files and networks past the point of recovery.
While Rodriguez described D.C.’s information security employees as “laser-focused” toward Iran, the city is also communicating with other local and state governments around the country. Rodriguez said his agency’s fusion center was expanded last year to include cybersecurity information sharing, and can now swap alerts and tips about potential malicious activity with more than 80 other fusion centers nationwide.
Much intergovernmental coordination is facilitated by the Multi-State Information Sharing and Analysis Center, which on Monday issued an advisory to its members. The Department of Homeland Security has also sent out notices to the public and private sectors, warning about Iran-based cyberattacks.
Parker, the District CTO, said the city’s network has about 40,000 end users, and receives “billions” of connections per day. She also said the city’s cybersecurity team, led by Chief Information Security Officer Suneel Cherukuri, has doubled in size since to more than 20 staff members since he was hired in November 2018.