As expected by the Pentagon, US President Trump has backed off from his promise to hit Iranian cultural sites should Iran attack the US in response to the battlefield death of General Soleimani, the Washington Post reports. In a late morning press conference, he had harsh words for General Soleimani, whom the President denounced as a terror master responsible for widespread suffering, and he promised that the US could, and would, deal with other terror masters in the same fashion. He also urged alliance solidarity in confronting Iran in the Middle East, but extended Tehran an offer of negotiation and an invitation to rejoin "the civilized world" in friendship. Iran, for its part, after a limited volley of missile strikes against two US air bases in Iraq last night, also seemed disinclined, Foreign Policy reports, to pursue further retaliation, and Washington seems to be of a like mind.
Senators received a classified briefing today on the Iranian threat, particularly the Iranian cyber threat, the Hill says. But in any case, cyberspace has remained quieter than expected, with the only reported incidents so far being confined to low-grade website vandalism of state government sites in Texas and Alabama, Vice reports, but these, like the weekend incident involving a Government Printing Office site, are generally regarded as low-grade operations by sympathizers as opposed to attacks organized and controlled from Tehran. And as CNBC puts it, this sort of vandalism is “meaningless.” The US remains on alert for major Iranian attacks, especially against industrial control systems, but so far none have materialized.
The Cyber Solarium Commission offered a preview of the recommendations it's expected to make for US cyber strategy when it reports this March or April. FCW reports that the Commission intends to back formalizing CISA's role as the lead civilian cybersecurity agency. It will also recommend that the military be given the means and authority to recruit more cybersecurity specialists for both offensive and defensive operational capabilities, says Fifth Domain. And CyberScoop reports that among the Solarium's recommendations will be not only enhanced reporting guidelines for the private sector, but also a more prominent role for the insurance industry in setting standards and best practices for civilian cybersecurity. The commissioners also would like to see the recreation of a role for a White House cyber czar to ride herd on Federal efforts in the field.
The US Department of State will be required, by a rider attached to its appropriations, to report its criteria for approving the sale of US cybersecurity tools and services to foreign countries, MSSP Alert notes.