Iran Conflict Raises Cybersecurity Concerns as DHS Shutdown, CISA Turmoil Continue
The conflict in Iran is putting additional focus on federal cyber defenses at a time when the Department of Homeland Security (DHS) is shut down due to a funding lapse, and there is leadership turmoil within the Cybersecurity and Infrastructure Security Agency (CISA).
Iran has been known to respond to overseas threats with cyber attacks and experts warn that American companies and infrastructure could see a “barrage” of low-level attacks like website defacements and distributed denial-of-service attacks.
“This is a bad time for Washington’s cyber agency to be operating with limited staff,” said Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, a national security think tank. “Iran might also see some limited success against targets that do not have proper cyber hygiene — exposed edge devices with default passwords, for example.”
That position was echoed by other cyber experts.
“Threat hunters should be working overtime right now. By combining disruptive attacks with psychological operations, Iran will seek to erode public trust in government institutions and project domestic strength during periods of heightened conflict,” said former CISA official Brian Harrell.
Turmoil at CISA
CISA lost about one-third of its workforce since President Trump took office. The agency is also dealing with leadership turmoil.
Madhu Gottumukkala was recently removed as acting director to become director of strategic implementation at DHS. He was replaced by Nick Andersen on an acting basis. Andersen was serving as CISA’s executive director for cybersecurity.
Gottumukkala– who worked with DHS Secretary Kristi Noem as Chief Information Officer for the state of South Dakota— had a rocky tenure. He faced increased scrutiny after reports that he failed a polygraph test and uploaded sensitive documents to a public version of ChatGPT.
Also leaving the agency is CISA Chief Information Officer (CIO) Robert Costello, who was in the position for five years.
Costello had reportedly clashed with Gottumukkala, who tried to force him out and transfer him to a different DHS position. Costello is instead leaving federal service.
President Trump’s choice for a permanent CISA Director– Sean Plankey– has yet to receive a Senate vote.
Plankey recently left his position with the U.S. Coast Guard but is expected to remain the CISA Director nominee.
“[CISA] needs Senate-confirmed leadership immediately,” said Foundation for Defense of Democracies senior fellow Mark Montgomery. “Whether he’s the perfect guy for every administration, I don’t know. He’s the perfect guy for this administration.”