Key Takeaways:

• U.S. officials and private sector groups are warning of increased risk to critical infrastructure as cyber tensions rise in parallel with the Iran–Israel conflict.
• Sector-specific ISACs and federal agencies are advising companies to elevate monitoring, review incident response plans, and remain alert to geopolitical cyber spillover.
• Cybersecurity leaders across industries are reviewing vendor readiness, resuming tabletop exercises, and coordinating closely with partners and regulators.

As geopolitical tensions escalate between Iran and Israel, U.S. critical infrastructure operators are facing heightened cyber risk. While there has been no confirmed direct targeting of U.S. systems to date, government and industry groups are warning that organizations should prepare for potential spillover effects.

Sadly, this is nothing new. In 2015, we warned about Iranian hacking after they hacked a dam in Rye, New York. In 2019,  we warned about Iranian hacking, specifically, password spraying, credential stuffing and, spear-phishing. Later that year, we warned about Iranian APT33 hackers.

In 2020, we explained how to prepare, after Head of the CIA, Mike Pompeo warned about the Iranian hacking threat. We went on to warn about the Iranian APT34 spear phishing threat. We followed up with a post titled Texas gets 10,000 Potential Cybersecurity Threats a Minute from Iran. How many do you get? Next up was a post on how to choose an MSP to protect you from Iranian hackers. Then we followed with a post regarding Iranians hacking Israeli water and sewage facilities. Finally, around a year ago, we wrote Why Iran May Be the Most Likely to Launch a Destructive Cyberattack on the US which outlined in detail how and why Iran was a tremendous threat to the US.

The above is just a taste of the warnings we have been highlighting from US government officials and others. Most recently, according to security researchers and intelligence analysts, Iranian-linked cyber actors—including both state-sponsored groups and ideologically aligned collectives—are increasingly active. These actors are known for targeting sectors such as energy, telecommunications, water, logistics, and public safety, and they often seek out vulnerable systems in the supply chains of larger targets.

A recent wave of attacks targeting Israeli systems has raised concern that similar tactics could be directed at U.S. companies—either intentionally or as collateral damage. The Food and Agriculture ISAC, along with the IT ISAC, has encouraged sector members to ensure that basic cybersecurity hygiene is in place and that escalation protocols are well-understood.

Federal agencies have also raised their posture. The Cybersecurity and Infrastructure Security Agency (CISA) has issued updated threat advisories and emphasized the importance of “Shields Up” best practices, which focus on continuous monitoring, rapid incident response, and enhanced inter-agency information sharing.

Industry-specific alerts are advising companies to:

• Increase visibility into third-party systems and supply chain exposure
• Confirm endpoint detection and response systems are active and up to date
• Simulate threat scenarios involving disruption, extortion, or misinformation
• Engage with sector ISACs and federal partners for intelligence sharing

One concern is that ransomware tactics or denial-of-service attacks could be used to cause disruption in critical services, either to sow uncertainty or to retaliate for U.S. support of Israeli operations. These attacks may not always be traceable or direct, but they can have operational and reputational consequences if not detected early.

Security leaders are responding by reviewing contingency plans, increasing staff availability for monitoring functions, and ensuring that escalation channels between IT, legal, and executive leadership are in place.

While the risk remains largely precautionary, the elevated cyber posture reflects how modern conflict can extend into digital infrastructure—affecting organizations far removed from the immediate theater of conflict. The current moment is less about panic and more about preparedness: being ready to detect, contain, and respond quickly should cyber operations expand beyond their current scope.

As always, our goal at Apex is to keep you secure - reach out to us to discuss how we have helped hundreds of other organizations stay safe. We work with organizations as small as ten workstations and also work with the Fortune 200 for over ten years and counting.