Iran has already demonstrated intent and capability to attack inside the US as well as a high tolerance for escalating risk, specifically during the 2011 plot to assassinate the Saudi Ambassador to the US inside the US. Therefore current risk of escalatory action by Iran is particularly high, given that the “red lines” are not clearly defined in cyberspace and the Iranian government will be under intense internal pressure to take strong action.
In 2011-2012, Iran went after banks for implementing sanctions and we should now anticipate actions against the contractors involved in the development and deployment of drones. The US Government needs to lean very far forward in sharing with potential targets any info it has regarding Iranian capabilities, TTPs, and plans in a coordinated effort to minimise this risk and tighten up defences.
In the meantime, critical infrastructure organizations should be particularly vigilant in monitoring their operational systems for unusual activity in their industrial operation systems. At this stage, gaining OT visibility with the ability to detect issues and react quickly is paramount to national security.