Strikes on Iran will test US cyber strategy abroad, and defenses at home

The recent coordinated strikes on Iranian targets by the United States and Israel have brought renewed attention to the country's cyber warfare capabilities. As the US integrates its offensive cyber capabilities into the battlespace, federal agencies must prepare for potential retaliatory attacks from Iran. In this article, we'll delve into the implications of these strikes and how they might impact the US cyber strategy.

The Cybersecurity and Infrastructure Security Agency (CISA), which tracks such actions and alerts the US government and public, has been operating with sharply reduced staffing due to a funding lapse for its parent agency, the Department of Homeland Security. This limitation poses a significant challenge for CISA as it tries to provide timely cyber threat information to the private sector.

Experts warn that American companies may see a "barrage" of low-level attacks like website defacements and distributed denial-of-service (DDoS) campaigns in the wake of the strikes. These attacks could be a response from Iran, which has shown a tendency to retaliate with cyber means after being targeted overseas. The US should prepare for a mix of DDoS campaigns, ransomware, and hack-and-leak operations aimed at sending a message.

Iran-linked groups have carried out disruptive attacks against US financial institutions, infrastructure providers, and private sector companies in the past. These attacks are likely to increase in frequency and sophistication as Iran seeks to erode public trust in government institutions and project domestic strength during periods of heightened conflict.

The US has deployed a powerful toolset of cyber and electronic operations against Iranian targets. The US and Israel are also intercepting communications to aid in their operations, making use of signals intelligence gathering capabilities that the United States is very adept at. However, this increased activity may not necessarily translate to improved security outcomes if not executed effectively.

Influence operations have played a role in the efforts, with Israel notably hacking a major Iranian prayer app to fuel uprising against the regime. However, its effectiveness may be limited due to the complexity of Iranian society and the lack of understanding among foreign actors about how these tactics impact local populations.

The attack on US water treatment equipment by Iranian-linked hackers in late 2023 highlights the potential risks posed by Iran's cyber capabilities. Tehran is known for turning minor intrusions into information operations, making it difficult for outsiders to gauge the true extent of its retaliatory efforts.

Industry research has documented these theatrics, with Iranian cyber units activated and retooling before the kinetic trigger. "Geography provides no protection against a cyber-enabled adversary," said Tatyana Bolton, principal and head of Monument Advocacy's cybersecurity practice.

As experts warn, Iran possesses some of the most creative and dangerous cyber operators in the world, making it an increasingly significant threat to US national security. The US must recognize that in 2026, the front line isn't just in the Middle East — it's in our own backyard.