Senators to Trump administration: Protect small businesses from Iranian hacking threat

“We are concerned that small businesses may not have necessary” to implement good security practices, Sens. Rubio and Cardin said.
iran cybersecurity
Sen. Marco Rubio, R-Fla., was one of two senators who issued a letter to the Small Business Administration on Wednesday. (Getty)

The federal agency charged with supporting small U.S. businesses should take “immediate action” to ensure that such firms are adequately protected from cyberthreats emanating from Iran, a bipartisan pair of senators said Wednesday.

“We are concerned that small businesses may not have the information and tools necessary” to implement cybersecurity practices recommended by the Department of Homeland Security in the wake of the U.S. killing of Iran’s top general, Sens. Marco Rubio, R-Fla., and Ben Cardin, D-Md., wrote in a letter to the Small Business Administration.

The advisory from DHS’s Cybersecurity and Infrastructure Security Agency warned of Iran’s history of “disruptive and destructive cyber operations against strategic targets” and advised U.S. organizations to consider whether they make an attractive target for the Iranians. According to the FBI, those potential private-sector targets include cleared defense contractors.

Security experts have also advised organizations not to overreact to potential cyberthreats from Iran. Ned Moran, a researcher at Microsoft who tracks Iran-linked hackers, said that basic security practices will go a long way in guarding against the threat.


In that vein, CISA recommended that organizations implement sound security practices like backing up their data, having an incident response plan in place, and “whitelisting,” or approving, trusted applications on their network.

But Rubio and Cardin, the chairman and ranking member of the Senate Committee on Small Business and Entrepreneurship, are worried that resource-strapped companies might not be able to follow through with some of those recommendations.

“As you know, limited resources and technical expertise leaves many small businesses vulnerable to cyberattacks,” wrote Rubio and Cardin, the chairman and ranking member of the Senate Committee on Small Business and Entrepreneurship.

There is evidence that Tehran has previously used cyberspace to retaliate against American companies for U.S. government actions. In 2012 and 2013, Iranian hackers conducted a series of distributed denial-of-service attacks on U.S. banks’ websites, reportedly in response to U.S. sanctions. Many of those attacks were on big banks that have since invested heavily in fortifying their networks, but smaller businesses have nowhere near the same resources.


The senators told SBA Administrator Jovita Carranza, who was only sworn in earlier this week, that her agency should use “increased outreach efforts, practical guidance, and accessible resources” to help companies secure their systems.

The SBA offers free cybersecurity training courses and other resources for small businesses. The senators asked for a briefing from the SBA for further information on its cybersecurity efforts.

The SBA declined when CyberScoop asked whether the agency plans to dedicate more resources to cybersecurity in light of U.S.-Iran tensions.

You can read the full letter from Rubio and Cardin to Carranza below.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts