To borrow a phrase from the former Directors of CISA, where I worked, it is time for the homeland and cybersecurity communities to go “Shields Up.” With the Trump Administration and our Israeli allies seriously discussing a potential escalation of conflict with Iran—framed as stopping weapons development and atrocities against the Iranian people and building a more secure region over the long term—one can imagine a sustained conflict between Iran and the United States. Most of that conflict would likely be fought in and around Iran, but the potential spillover effects must be factored into domestic security planning and operations.
“Shields Up” is a call to action for network defenders and other security professionals to strengthen their posture in the face of potential overseas conflict and the risk of spillover effects in the United States, as well as against U.S. personnel and businesses operating abroad. We know that escalation in armed conflict can translate into attacks on American interests outside the traditional warfighting domain. Corporate and community security leaders, along with law enforcement professionals, must be prepared to address sudden threats and emerging attack vectors. Business continuity plans should be reviewed and tightened accordingly.
In planning for potential conflict with Iran, it is important to recognize that Iran remains active in offensive cyber operations, has long been a state sponsor of terrorism, and has shown a willingness to create supply chain chokepoints to impose economic pain. More novel tactics are also possible, ranging from supply chain integrity exploitation to disinformation campaigns and even targeted assassination attempts or use of autonomous weapons. Any U.S. and Israeli military action could push the Iranian government into a corner, increasing its incentive to try to alter the dynamics through asymmetric means.
Complicating matters, the Department of Homeland Security is not currently operating at full strength due to a funding impasse that Congress must resolve. Information-sharing mechanisms are also strained, as the structure for critical infrastructure coordination between the public and private sectors is undergoing transformation without a clearly defined end state. At the same time, trust between federal, state, and local officials has been eroded by disputes over immigration enforcement. The result is stress within some information-sharing channels at precisely the wrong moment.
As a country, however, we cannot afford to wait for policy disputes to resolve before addressing the threat environment in front of us. Any military action involving Iran will increase the risk of homeland impacts, and it becomes the responsibility of the broader security and preparedness community to elevate operational security measures accordingly.
That entails several concrete steps. At the corporate level, companies should ensure their information security leaders have access to relevant threat intelligence, that appropriate protections are in place for high-value assets, and that cyber resilience measures allow operations to continue under degraded conditions. Supply chain leaders should illuminate critical dependencies, particularly in multi-tier supply chains connected to the Middle East, and evaluate alternatives in the event of disruptions to shipping patterns or key commodities. Physical security and key personnel protection protocols should also be exercised under elevated conditions in case Tehran returns to elements of its historical terrorism playbook.
Communities, meanwhile, should confirm that special event security plans are current and scalable. Now is also an appropriate time to exercise contingency plans across a range of plausible threat scenarios.
In the coming weeks, clear communication from U.S. government officials will be essential—both regarding actions overseas and potential implications for domestic security. Adversaries may attempt to sow confusion in the information environment, and officials must be prepared to counter disinformation with timely, accurate updates. Regardless of developments abroad, there will be a degree of fog and public debate over the merits and outcomes of military operations.
Those debates, however, cannot distract from the imperative to protect the American people and our economy from foreign attacks. As the security community once again goes Shields Up, accurate risk assessments, a willingness to share information, and strong public-private cooperation are more critical than ever. We are a frayed country, and we cannot allow that reality to undermine our security and resilience in the face of escalating foreign conflict. Time will tell how the current rhetoric evolves, but preparation cannot wait.
link