"Cyber conflict is 'definitely part of warfare that keeps going,'" one of the U.S. officials told Nextgov/FCW, capturing the pragmatic skepticism that many U.S. observers brought to a weekend diplomatic breakthrough between Washington and Tehran.
What the preliminary memorandum covers — and what it does not
The preliminary U.S.-Iran memorandum reached Sunday aims to halt nearly four months of fighting and sets up a formal signing in Geneva later this week, but it leaves major disputes unresolved, including regional flashpoints involving Israel and Hezbollah, and it "appears to leave out mentions of cyber," according to reporting in Nextgov/FCW. The deal remains fragile on its central nuclear terms, and the CIA director and others have raised concerns about Iran’s willingness to make the nuclear concessions Washington wants, Axios reported.
U.S. officials’ view: cyber activity likely to continue
Five current and two former U.S. officials told Nextgov/FCW that the preliminary agreement likely will not stop cyber operations launched by Tehran and Iran-aligned hacking groups against American systems. Most of those officials spoke on background because they were not authorized to discuss forward-looking perspectives publicly.
One official said cyber activity may decelerate but "definitely won’t stop." A second official was even blunter: there is "no chance" Iran and any affiliated parties would cease or slow down in cyberspace, the official opined. A former official noted that hacking activity could decrease temporarily, but warned that pro-Iran collectives that do not accept a finalized resolution may conduct cyberattacks to express their displeasure, since Iran’s central government does not always have firm control over those groups.
Recent Iran-linked incidents cited by officials
U.S. cyber teams have remained on alert as Washington pursued diplomacy, and reporting catalogues several apparent Iran-linked intrusions since "the war broke out Feb. 28." Incidents named by Nextgov/FCW include an attack on medical technology firm Stryker and the targeting of FBI Director Kash Patel’s personal email account, along with "various warnings from federal agencies about cyber intrusions on U.S. critical infrastructure."
- On June 11, California Water Service said it was investigating claims that Iranian hackers breached its systems. An assessment from Dataminr concluded the group may have reached a customer billing database belonging to the utility, and Nextgov/FCW obtained a screenshot that appeared to show a customer billing account receipt accessed by the hackers.
- A California Water Service spokesperson told reporters on Tuesday that there are "no known operational disruptions" to water, wastewater and billing systems and that the utility was working with state and federal government officials in its investigation.
Tehran’s cyber posture: organization, AI, and enduring intent
U.S. intelligence assessments this year, cited by Nextgov/FCW, conclude that Iran and affiliated proxy groups remain a persistent cyber threat to American networks and critical infrastructure and that they intend to target the U.S. and its allies. Israel’s top cyberdefense official told Nextgov/FCW last month that Tehran’s hackers have grown more organized, more coordinated and more willing to use artificial intelligence for influence operations in recent months — changes that have been visible since the war began.
Meredith Burkart, the FBI’s former chief of cyber policy, summarized the baseline: "The Iranians have targeted U.S. assets with malicious cyber activity for the last 15 years with espionage and some prepositioning for disruptive attacks," and "unless there has been a material change in their cyber workforce, or a cyber specific component of the deal was reached, I would expect such targeting to continue."
How technologists, policymakers, and utilities are likely to respond
Technologists and security teams: Continue heightened monitoring and defensive posture. The reporting notes U.S. cyber teams have stayed on alert, and private-sector targets such as medical suppliers and utilities have already been implicated.
Policymakers and regulators: Watch the Geneva signing and any formal text that follows. The preliminary memorandum "appears to leave out mentions of cyber," and officials told Nextgov/FCW they doubt a diplomatic pause will remove cyber risk absent explicit, enforceable cyber provisions.
Public utilities and critical infrastructure operators: Expect greater scrutiny and incident-readiness. The California Water Service investigation — including a Dataminr assessment that customer billing data "may" have been accessed and a utility statement of "no known operational disruptions" — illustrates the narrow line between data exposure and operational impact.
Conclusion: The preliminary deal creates a diplomatic opening, but U.S. and former U.S. officials interviewed by Nextgov/FCW uniformly warn that cyberspace is likely to remain a contested domain. Whether the Geneva signing later this week will include cyber-specific commitments — and whether Tehran, affiliated collectives or unaffiliated hacktivists will recognize them — remains the central, unanswered question for defenders watching their networks today.
