With tensions rising in the Persian Gulf after a summer of kinetic and cyberattacks, the director of the federal government’s Cybersecurity and Infrastructure Security Agency said that the cyberthreat from Iran remains “very active.”

However, Chris Krebs, who leads the organization that provides cybersecurity services for federal agencies, said that the cyberthreats now aren’t has concerning as earlier this summer, after Iran shot down a U.S. drone.

“Do we see activity continuing out of Iran? Yes. But is it as alarming as it was in June? I’m not sure I’m prepared to say that,” Krebs said Sept. 19 at the CISA Cybersecurity Summit in National Harbor, Md. “But it remains a very active space.”

Krebs’ comments come just hours after Iranian foreign minister Mohammad Zarif told CNN that any attack on Iranian facilities will result in “all-out war.”

Tensions in the Middle East rose in recent days after a drone attack on Saudi Aramco’s oil facilities knocked out a significant chunk of the Saudi oil production. Iran has denied involvement in the strike. A handful of Republican lawmakers called for military strikes on Iran, specifically Sen. Lindsey Graham, R-S.C., and Rep. Liz Cheney, R-Wyo.

Graham chastised Trump recently for over his response to Iran’s shooting down of a U.S. drone in the Persian Gulf in June, writing on Twitter that Trump’s response “was clearly seen by the Iranian regime as a sign of weakness.” Instead of a kinetic attack, the United States ultimately chose to respond with a cyberattack against Iranian military systems.

In June, CISA issued an advisory that warned of an uptick in Iranian cyberoperations against U.S. industries. That advisory came after CISA conversations with the intelligence community and the private threat intelligence industry found that there was “universally” an increase in spearphishing, password spraying and credential stuffing from Iran, Krebs said.

Though there may not be a spike in Iranian cyberattacks recently, Krebs still warned that all organizations must be prepared.

“The key takeaway here, and this is a message I think that’s increasingly shared by the private sector, is treat every breach as your last. Don’t just way for a data breach or exfiltration before you take it seriously,” Krebs said.

Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.

More In