Agency Weakened as Iran Escalates Retaliatory Cyber Campaign
As fighting in the Middle East intensifies, cyber experts warn of an imminent wave of retaliatory attacks from Iran targeting U.S. businesses and critical infrastructure. This surge in hostile activity coincides with a severe degradation of the United States' primary cyber defense apparatus: the Cybersecurity and Infrastructure Security Agency (CISA) is currently operating under a partial government shutdown with a lapse in federal funding since Feb. 17, 2026.
The timing presents a critical vulnerability. Pavel Gurvich, founder and CEO of cybersecurity startup Tenzai, stated, "From a timing perspective, it's now or never," noting that the danger is "meaningfully higher" as Iran may have stored capabilities waiting for a high-risk moment. Following recent U.S. and Israeli strikes, Tehran has escalated physical and digital retaliation, hitting U.S. bases, embassies, and major hubs including Tel Aviv, Doha, and Dubai.
Leadership Vacuum and Operational Paralysis
The threat landscape is exacerbated by a leadership crisis within the Department of Homeland Security (DHS). CISA has reportedly lost about a third of its employees since Donald Trump took office. Compounding the staffing shortage, temporary director Madhu Gottumukkala was reassigned last week after failing a polygraph test and uploading sensitive documents to ChatGPT. During his brief tenure, he clashed with staff and ended major contracts.
As of Tuesday afternoon, the agency's website indicated it was last updated on Feb. 17 due to a "lapse in federal funding" and is not being actively managed. On that same date, DHS announced it would cancel cybersecurity assessments and other trainings. Homeland Security Secretary Kristi Noem stated that the department is working with federal intelligence partners to "closely monitor and thwart" threats, yet House Appropriations Committee Chairman Tom Cole warned that CISA's personnel are already "stretched thin" and that a shutdown would hinder the country's ability to protect critical infrastructure and hospitals.
Noem acknowledged the severity of the situation in a release, writing that as the lapse continues, "CISA's lack of involvement in these key areas will lead to a future threat or an increased area of weakness."
Financial Sector Braces for Disruption
The financial sector is preparing for a heightened state of alert. Adam Meyers, CrowdStrike's counter-adversary operations lead, reported a surge in claims of network and server disruptions from Iran-linked groups targeting financial sectors and critical infrastructure. While John Hultquist, chief analyst of Google's Threat Intelligence Group, noted that Iran has a history of exaggerating attacks, he cautioned that claims should be taken with a "grain of salt" as they could seriously impact businesses. Hultquist stated, "We expect Iran to target the U.S., Israel, and Gulf Cooperation Council (GCC) countries with disruptive cyberattacks, focusing on targets of opportunity and critical infrastructure."
Banking executives are acutely aware of the exposure. JPMorgan Chase CEO Jamie Dimon told CNBC's Leslie Picker that banks may be targets and expects a rise in cyber or terrorist attacks globally, calling cyber "one of the highest risks banks bear." Historical precedents suggest the threat is tangible: Iran claimed responsibility in 2024 for hacking emails of staffers tied to President Donald Trump's campaign. Furthermore, the country was behind massive denial of service attacks on major banks in 2012 and 2013 that crashed websites.
Even during the ongoing internet shutdown in Iran, experts note that groups will continue to operate through proxies and VPNs. With the S&P 500 down 0.9% and the Nasdaq falling 1.0% amid the broader market volatility, the convergence of geopolitical conflict and domestic administrative paralysis creates a precarious environment for U.S. digital resilience.
Source: CNBC | Analysis by Rumour Team