The Department of Homeland Security (DHS) recently issued a bulletin on the National Terrorism Advisory System warning of potential cyberattacks on U.S.-based targets from Iran following recent conflicts in the region. NRTC Managed Services already has helped some members against Iranian attacks and has cybersecurity solutions available to help both members and their customers.
We recommend that members take the steps necessary to monitor and analyze the traffic on their network. Our network flow analysis solution powered by Kentik, combined with our DDoS mitigation solutions, have proven especially valuable in the effort to identify and mitigate malicious traffic on member networks. Attacks against valued targets within member networks such as utilities, governments and colleges/universities are often in small volumes (bits, not kbps, Mbps or Gbps). The small nature of this traffic makes identifying suspicious activity extremely difficult without the right tools.
Iranian leadership and many affiliated extremist organizations have stated intent to retaliate against the U.S. for the airstrike that killed Iranian Quds Force commander Qasem Soleimani, according to the DHS bulletin. There are, however, no current specific, credible cyber threats. DHS noted that “Iran maintains a robust cyber program and can execute cyberattacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.” The DHS bulletin recommends that Americans implement basic cybersecurity measures such as data backups and multi-factor authentication, as well as be prepared for cyber disruptions, suspicious emails, and network delays.
Within the Kentik network flow analysis platform, NRTC can create custom dashboard views that help members visualize traffic flows to and from their transit providers, from OTT services and flows related to malicious traffic traversing the member network. We have assisted several members by creating threat dashboards illustrating whether suspected Iranian traffic was active on their networks. For one member, the dashboard views were able to clearly show that suspected Iranian IP addresses were in regular contact with high value targets within their network, including the regional power utility, airport and a college. With that information in hand, the member was able to quickly disable the ability for the malicious IP addresses to make further contact with their network via the firewall. The ability for our members to easily visualize this traffic provides them with the opportunity to proactively take the steps required to protect their networks.
To learn more about how NRTC can help members protect against Iranian and other forms of cyberattack, please leave a not on our Contact page.
- Member Impact