Iran Will Retaliate in the U.S. We May Not See It in Time.

On the first day of the U.S.-Israeli airstrikes in Iran, a strange short-wave radio signal began broadcasting a message in Farsi. A man’s voice repeatedly announced, “Tavajjoh! Txavajjoh!” (Attention! Attention!), followed by a string of numbers. As of late last week, the voice has broadcast the seemingly random numbers nearly ten times.

The mysterious broadcast immediately sparked concern. Some have suggested it is  someone outside Iran trying to reach inside the country. The federal government appears concerned that it may be a person or agency inside Iran communicating a message “intended to activate or provide instructions to prepositioned sleeper assets operating outside of Iran.” 

Given Iran’s history of malicious operations outside of its soil, that concern is unsurprising. Long before this current conflict, Iran has engaged in terrorist attacks, targeted assassinations, cyberattacks, and information operations—and it uses a network of proxies and spies to amplify its reach, including within the United States.

This time, however, there is one crucial difference. In previous administrations, hundreds of national security professionals across agencies relentlessly pursued answers and took action to thwart attacks during international conflict, respond, and hold the perpetrators accountable. But the Trump administration has gutted this capacity through firings, forced resignations, and slashed budgets at agencies such as the FBI, the Justice Department, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and more. The public servants who remain are already stretched thin, and many have been assigned to other White House priorities like immigration enforcement and Epstein document review. 

Reducing our capacity to monitor, prevent, and respond to Iranian attacks at home at a time of heightened risk—brought on by U.S. international conflict with a foreign state sponsor of terror—poses a serious national security concern. The recent history of Iranian operations on U.S. soil shows how our agencies and procedures can effectively thwart such attempts when they are at full capacity. In contrast, a survey of how this administration has dramatically weakened those agencies and procedures shows how vulnerable the U.S. and its citizens may be to Iranian attacks now.

Terror Attacks and Assassination Plots

When asked whether Americans should be worried about retaliatory attacks on United States soil after the U.S. launched strikes on Iran, Trump recently responded, “I guess.” 

“We expect some things,” he continued, “some people will die.”

The president’s prediction, it seems, has already come to pass. It only took 26 hours after the first U.S. bombs fell in Iran for an individual in Austin, Texas—wearing a t-shirt with the colors of the Iran flag and the words “Property of Allah”—to use a handgun and rifle to shoot and kill patrons outside of a bar. On March 11, Iran-linked hackers with the “Handala Hack Team” appear to have successfully launched a major cyber attack against Stryker, a U.S. medical equipment and technology company, gaining access to and wiping thousands of the company’s electronic devices. And just one day later, Ayman Mohamad Ghazali used his truck to ram through the door of a synagogue in Michigan, exchanging gunfire with authorities before dying on scene. According to Israel, the attacker’s brother was a member of Iran-backed Hezbollah, who died in an Israeli strike a week earlier.

The history of U.S.-Iranian confrontations may shed light on what more is to come. Since the onset of the Islamic Republic of Iran in 1979, Iran has engaged in a long history of targeted attacks around the world. For over 40 years, the state sponsor of terror has cultivated a network of terrorist and militia proxies in the Middle East often referred to as the “Axis of Resistance,” including the Houthis (or Ansarallah) based in Yemen, Hezbollah based in Lebanon, Hamas based in the Gaza Strip, and others. Further extending its reach, Iran has relied on local and organized criminal groups to harm others around the world.

That conduct spiked during the recent period following a different dramatic escalation in U.S.-Iran tensions: the January 2020 U.S. strike that killed General Qasem Soleimani, with Iran promising retaliation as a consequence of the attack. The country’s 116 operations over the last five years account for more than half of its forty years’ worth of publicly-documented external operations around the world, many of which were focused on the United States. 

A sampling of the Iranian external operations in the United States since General Soleimani’s death in January 2020 illustrates Iran’s recent reach into the country.

In January 2020, a Lebanese individual tied to Iran-backed Hezbollah began requesting information from Mariam Thompson, a contract linguist with the Department of Defense with whom he had developed a remote relationship. The individual asked Thompson to provide the true names, photographs, and other detailed information about the human assets that helped the United States target Soleimani. Thompson obliged and repeatedly provided detailed classified national defense information, including information it could use to target and kill Americans and their allies. The FBI arrested Thomspon in February 2020.

Then, from December 2020 to March 2021, Naji Sharifi Zindashti, based in Iran, used an encrypted messaging application to recruit criminal organizations willing to travel to specific American locations, surveil American targets, and murder them for pay. Zindashti ultimately agreed to pay two Canadian Hells Angels members $370,000 to murder both an Iranian dissident and former IRGC officer who fled Iran and lived in Maryland and the dissident’s spouse. The FBI arrested multiple defendants before anyone was harmed.

And in July 2021, Alireza Farahani, Mahmoud Khazein, Kiya Sadeghi, and Omid Noori allegedly formed part of an Iranian intelligence network that plotted from Iran to kidnap a United States citizen and human rights advocate of Iranian origin living in Brooklyn, New York. The intelligence network procured the services of private investigators to surveil, photograph, and install live, high-definition video feeds depicting the victim and the victim’s family and associates. The FBI ultimately foiled the kidnapping plot.

Almost a year later, Ruhollah Bazghandi (a Brigadier General in the IRGC and former IRGC Counterintelligence Chief), Haj Taher, Hossein Sedighi, and Seyed Mohammad Forouzan all allegedly operated from Iran and contracted members of an Azerbaijani faction of the Russian mob in New York City to murder a U.S. citizen of Iranian origin. Law enforcement arrested one Russian mob proxy near the victim’s residence with an AK-47 assault rifle and ammunition.

Around the same time, Shahram Poursafi, an Iranian national and member of Iran’s Islamic Revolutionary Guard Corps-Quds Force, allegedly attempted to pay individuals in the United States $300,000 via cryptocurrency to murder then-National Security Advisor John Bolton by the anniversary of Soleimani’s death. Poursafi provided Bolton’s known addresses and publicly-available travel plans. Poursafi also attempted to arrange a second hit for $1,000,000 on then-Secretary of State Michael Pompeo. Law enforcement disrupted both assassination plots. Then, in July 2024, U.S. Intelligence agencies and the Secret Service monitored a surge of threats, online Iran messaging, and Iranian state media remarks regarding Iranian plots to kill then-candidate Trump.

Attempts to assassinate U.S. officials have only continued. Asif Merchant was a trained operative of the IRGC sent to the United States to arrange assassinations of U.S. government officials, including President Trump. By 2024, Merchant had attempted to recruit U.S. assets to work for the IRGC and met with who he believed to be New York “Mafia” hitmen to steal documents from government locations, stage a protest, and arrange the murder of U.S. government officials and politicians. These “hitmen” were in fact undercover law enforcement officers, and the government arrested Merchant before he could return to Iran.

Most recently, Farhad Shakeri—who immigrated to the United States and served 14 years in prison for a robbery conviction before being deported to Iran in around 2008—developed a network of criminal associates. Shakeri supplied this network to the IRGC. On Oct. 7, 2024, the IRGC allegedly tasked Shakeri with providing a plan to his network of associates to kill President Trump. Law enforcement disrupted the plot before anyone was harmed.

If these examples seem repetitive, it’s because they are. Iran has proven itself relentless in its efforts to carry out attacks on U.S. soil—and the U.S., for its part, has demonstrated that it is capable of countering those efforts. The above examples show how robustly the U.S. national security apparatus was able to respond, largely through the FBI and the Justice Department. The analysts, agents, and prosecutors at these institutions were jointly able to stop these attacks and out Iranian military and intelligence officials to the world.

That is, potentially, until now. The current administration has decimated the national security elements of both agencies through firings and forced resignations. People with decades of experience in building inter-agency and critical source relationships around the world, handling high-pressure, complicated investigations straddling classified and unclassified spaces, and acting in time to prevent violence and preserve evidence have been pushed out the door. Those who remain not only have to stretch to make up for the personnel deficit, but are also being pulled away by White House priorities not tied to the increasing threat of an Iranian response.

Nowhere is this deficit more apparent than at the FBI. Nearly 300 agents who worked mostly on national security matters have departed the Bureau since President Trump began his second term. 50 of those individuals were in leadership roles. 45 of them were fired. A number of the ousted individuals led offices covering large cities across the country and held vital roles in combatting threats like those Iran presents.

Justice Department leadership began hollowing out the Bureau in January 2025, forcing out at least five executive assistant directors of the FBI who covered the National Security Branch (Robert Wells); the Intelligence Branch (Ryan Young); the Criminal, Cyber, Response, and Services Branch (Robert Nordwall); the Information Technology Branch (Arlene Gaylord); and the Science and Technology Branch (Jackie Maguire). Each of them had decades of experience at nearly every level of the Bureau.

That same month, Justice Department leadership also fired several other valuable individuals running major offices across the country: David Sundberg, the assistant director in charge of the Washington Field Office in Washington, D.C; Jeffrey Veltri, the special agent in charge of the Miami Field Office who had previously worked terrorism cases and was deployed to Iraq to support the prosecution of Saddam Hussein; and Spencer Evans, the special agent in charge of the Las Vegas Field Office, where he had experience investigating international terrorism with the San Diego Field Office, was a crisis negotiator for the FBI and San Diego Police Department, and had previously  supervised cyber, intelligence, counterterrorism, counterintelligence, and crisis response programs in Oklahoma.

This firing trend has continued throughout Trump’s tenure. Experience across the Bureau is gone, including James Dennehy, Assistant Director in Charge of the New York Field Office, who had served as the Unit Chief of the Counterproliferation Center at FBI Headquarters, the Chief of Staff to the Executive Assistant Director of the National Security Branch, and the Special Agent in Charge of the Counterintelligence and Cyber Division of the New York Field Office; Tonya Ugoretz, Assistant Director of the Directorate of Intelligence, who had served as the Unit and Section Chief in the Directorate of Intelligence, the FBI’s Chief Intelligence Officer, and the first Director of the Office of the Director of National Intelligence’s (ODNI) Cyber Threat Intelligence Integration Center; Steven Jensen, Assistant Director in Charge of the Washington Field Office, who had been a section chief at the Counterterrorism Division at FBI Headquarters; Brian Driscoll, Acting Director of the FBI, who had served as the assistant special agent in charge of the New York Joint Terrorism Task Force Extraterritorial Terrorism Branch, the head of the elite Hostage Rescue Team, and a tactical section chief for the Critical Incident Response Group; and Mehtab Syed, Special Agent in Charge of the Salt Lake City Field Office who had served as the head of cyberterrorism and counterterrorism in the Los Angeles Field Office, section chief in the counterintelligence section at FBI Headquarters, assistant legal attache in Islamabad, Pakistan, and a member of the New York Field Office’s counterterrorism unit.

Most recently, the administration dismissed a dozen agents and analysts working as part of a counterintelligence unit in the Washington Field Office and tasked with monitoring threats from Iran, its proxies, and other Middle East countries. They tracked foreign intelligence operatives on United States soil and disseminated that information to counterterrorism officials. Just days before the United States began Operation Epic Fury in Iran, FBI Director Kash Patel fired them all without notice and without time to bring others up to speed on the current threat landscape.

The workforce that remains at the FBI includes skilled agents, analysts, and professional staff still serving around the country, but they are left to shoulder the responsibility of preserving the nation’s security in the wake of this drain. Worse, throughout 2025, the administration consistently pulled them toward other priorities.

The administration’s immigration focus, for example, reached the Bureau’s specialized Joint Terrorism Task Forces (JTTF) across the country. Despite the FBI’s website describing JTTFs as the “nation’s front line of defense against terrorism, both international and domestic,” a January 2025 Justice Department memo directed JTTFs to “coordinate with DHS, as well as state and local members, to assist in the execution of President Trump’s immigration-related initiatives.” According to reporting, some FBI agents were told by supervisors not to document the movement of resources away from high-priority cases toward immigration-related work.

In an apparent concession that this resource shift left the country vulnerable to Iranian attacks, FBI leadership reassigned counterterrorism, counterintelligence, and cyber agents back to their normal duties in June 2025, after the United States engaged in military strikes against Iranian nuclear sites in Operation Midnight Hammer. But it is not clear if this course correction lasted. By October 2025, for example, Virginia Senator Mark Warner revealed that Director Patel had moved at least 23 percent of the FBI’s over 13,000 special agents, and 45 percent of those in the country’s 25 largest field offices, away from areas like counterterrorism, counterintelligence, and counterespionage and to deployments with ICE and DHS to supplement immigration efforts. And, apart from immigration, as recently as March 6—over a week into Operation Epic Fury—FBI leadership was still dispatching “100 Washington Field Office agents and analysts” into Washington, D.C. alongside the National Guard to “serve the D.C. Safe and Beautiful Task Force daily.”

As if the dismantling of FBI national security operations isn’t troubling enough, the Justice Department has likewise been hollowed out. Across the Department, the number of experienced prosecutors handling national security matters has plummeted.

Early in her tenure, Attorney General Bondi demoted at least one acting head of the National Security Division (NSD) after reportedly seeing portraits of former President Biden, Vice President Harris, and Attorney General Garland hanging in the NSD front office SCIF. Through removals and resignations, the principal deputy assistant attorney general, the deputy assistant attorney general for counterespionage and counterterrorism, and the deputy assistant attorney general for national asset protection have also all left.

The Division’s Counterintelligence and Export Control Section (CES) is in part responsible for supporting investigations and prosecutions of agents of foreign powers monitoring Americans on U.S. soil. Fully staffed, CES boasted about fifty attorneys and a roster of leaders with decades of experience. It now stands at less than half its capacity,having lost nearly every supervisor after firings and resignations. At one point last year, CES’s leadership rotated three times in three weeks, reportedly landing temporarily on someone who could not sit in the SCIF because he lacked the required security clearance.

The Counterterrorism Section (CTS) is the Division’s counterpart litigating section responsible for preventing and prosecuting international terrorism. The chief of the Section is a career national security official and Air Force veteran who has been deployed in Washington, D.C. as part of Trump’s National Guard surge since August 2025. And CTS, like CES, has lost nearly half of its trial attorneys, including the former Justice Department-Defense Department liaison responsible for navigating terrorism threats stemming from international military operations.

The Division’s Law and Policy Section is in part responsible for supporting DOJ’s participation in the National Security Council and overseeing the development, coordination, and implementation of Justice Department-wide policies regarding intelligence, counterintelligence, and counterterrorism. As of last year, its staff had dropped by over two-thirds.

Equally problematic is the Civil Rights Division’s (CRT) collapse. Responsible for investigating hate crimes, including those targeting Jewish communities and synagogues, the Division has lost over 300 of its 400 attorneys since the start of the administration, including over 76 percent of the Division’s career supervisors. And the current administration has canceled millions of dollars in grant programs designed to prevent and respond to hate crimes.

U.S. Attorney’s Offices face the same problems, experiencing a historical 14 percent drop in total employees in 2025 via firings and resignations coupled with an inability to replace these employees. In Washington, D.C., national security supervisors have departed, and many of the line prosecutors who handled the office’s major national security trials in recent years are gone. The Eastern District of Virginia has lost its U.S attorney, first assistant, national security chief, and national security deputy chief (the last is one of the authors of this piece) to firings and resignations. None of them have been replaced to-date, in part because Deputy Attorney General Todd Blanche fired the person appointed to lead the office days before Operation Epic Fury began.

The administration’s destruction of U.S. Attorney leadership and national security sections extends across the country, including in New York, Chicago, Eastern California, Central California, Miami, West Virginia, Minnesota, and more. The people that fill these gaps may now come in with no legal experience. And, in some offices, the national security section has been removed all together and merged into other sections like major crimes.

As with the FBI, there are excellent public servants that remain in the Justice Department to carry the mission forward. Because of the administration, however, they must do so with fewer people and while balancing White House policies prioritized by current leadership over national security matters. Throughout December 2025 and January 2026, for example, over 200 attorneys from NSD and more from U.S. Attorney’s Offices spent weeks reviewing, redacting, and preparing documents related to the administration’s disclosure of Jeffrey Epstein materials. This came after FBI Director Patel had already tasked 1,000 special agents—including those focused on counterintelligence and international operations—with redacting related materials earlier in 2025.

Digital Attacks

Iran’s asymmetric toolkit extends far beyond physical attacks. The country has repeatedly demonstrated the ability and willingness to conduct cyber operations against the United States. These operations can take the form of Cyber Network Exploits (CNE), covert intrusions designed to steal sensitive information or conduct surveillance, or Cyber Network Attacks (CNA), intended to disrupt, degrade, or manipulate critical systems. 

Like its recent attempts to cause physical harm in the United States in the last five years, Iran’s recent cyberattacks illustrate a consistent pattern of targeting U.S. systems that demonstrates the range of techniques and objectives it could employ in retaliation for Operation Epic Fury.

In September 2020, IRGC-affiliated hackers conducted a cyber campaign targeting U.S. aerospace and satellite companies and multiple industries, resulting in data theft and Justice Department indictments. A little over a year later, the Iranian-linked group “DEV-0343” attempted network infiltration of U.S. and Israeli maritime and technology companies using password-spraying attacks.

Then, in November of 2021, IRGC-affiliated advanced persistent threat (APT) groups targeted critical infrastructure in the United States, United Kingdom, and Australia, including transportation and healthcare sectors. A string of U.S.-based attacks followed in September of 2022. IRGC-linked actors launched ransomware attacks against U.S. municipalities, an electric utility, and a public housing authority, leading to indictments for three Iranian nationals. The IRGC-linked group APT24 also conducted credential-harvesting and surveillance operations targeting U.S. government officials, Iranian diaspora members, journalists, and academics.

A year later, Iranian APT group Peach Sandstorm infiltrated networks in the U.S. satellite, defense, and pharmaceutical sectors. Shortly thereafter, IRGC-linked group “CyberAv3ngers” breached approximately twelve U.S. water and wastewater utilities, accessing control systems and defacing operator screens. And most recently, in August 2024, IRGC-connected group Pioneer Kitten conducted cyber intrusions against U.S. civilian networks including schools, municipal governments, financial institutions, and healthcare facilities.

These incidents demonstrate that U.S. government networks and critical infrastructure systems have historically faced a barrage of Iranian intrusion attempts and successes aimed at penetrating networks, stealing sensitive data, or establishing persistent access for future operations—many of which have been prevented or prosecuted as a consequence of the government agencies in charge of countering these attacks. The primary government bodies tasked with detecting and preventing such cyber intrusions include the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and U.S. Cyber Command. Each of these, however, has experienced leadership vacancies, personnel reductions, and other structural and budget disruptions that weaken their ability to monitor threats, coordinate responses, and deter future cyber operations.

Normally, CISA coordinates the government’s response to major cyber incidents targeting critical infrastructure and provides services and information that help organizations shore up their security before an attack. Its mandate covers federal networks and the U.S.’s broader ecosystem of critical infrastructure, including the energy, finance, health, telecommunications, transportation, and election sectors. When there is an incident, CISA serves as a hub for detection, analysis, and coordination. And, day to day, it supports rapid technical response, information sharing, and mitigation across government agencies, relevant private entities, and cash-strapped organizations such as utilities providers and rural hospitals. 

But since early 2025, a series of administrative and budgetary decisions have reduced CISA’s operational capacity significantly. In January 2025, the Department of Homeland Security removed members of several advisory committees, including the Cyber Safety Review Board (CSRB), which had been responsible for analyzing major cyber incidents and producing systemic lessons learned. In mid-February, CISA eliminated more than 130 positions as part of cost-reduction efforts. In March, the Department of Homeland Security terminated the Critical Infrastructure Partnership Advisory Council (CIPAC), a key forum for information sharing and coordination between the government and private-sector infrastructure operators, and ended approximately $10 million in annual funding for major cyber information-sharing programs supporting state and local entities.

These reductions were followed by the FY2026 budget proposal, which called for a substantial decrease in CISA’s funding and workforce from $3.0 billion and 4,021 positions to $2.4 billion and 2,649 positions. In October 2025, the Department of Homeland Security reportedly targeted CISA employees for reassignment to support the administration's immigration priorities. As of March 2026, the agency is reportedly operating with only 38 percent of its staff due to the ongoing Homeland Security shutdown, witnessing departures of senior officials responsible for capacity building and threat hunting.

Current and former U.S. officials and industry executives have highlighted that the CISA personnel and resources cuts have led to a sharp drop in information-sharing with critical infrastructure firms on potential Iranian hacking threats. As the war continues to expand, diminished institutional capacity at CISA may translate directly into weaker national resilience and a slower, less coordinated response to future attacks from Iran targeting U.S. infrastructure.

CISA is not the only agency that responds to such threats. The National Security Agency (NSA) and Cyber Command operate primarily in the foreign intelligence and military cyber operations domains. The NSA conducts global signals intelligence collection and cyber threat analysis, while Cyber Command directs offensive and defensive military cyber operations through the Cyber Mission Force. When the U.S. faces major cyber threats from foreign states, such as Iran, the NSA and Cyber Command are responsible for foreign intelligence collection, attribution, and response.

The leadership of the National Security Agency and U.S. Cyber Command has similarly been unsettled. In April 2025 the administration dismissed the dual-hat commander leading both organizations, leaving the position under acting leadership for months while the White House considered nominees. In light of the classified nature of NSA and Cyber Command operations, the public has a less granular view of the operational degradation caused by the administration’s firings. But the lengthy absence of a confirmed head affects both the U.S. signals intelligence enterprise and the military’s primary cyber warfare command simultaneously. Extended vacancies or acting leadership can affect strategic prioritization across intelligence and military cyber missions, coordination between intelligence collection and operational cyber campaigns, congressional oversight and budget negotiations, and long-term planning for cyber operations against foreign adversaries like Iran.

Only recently did a new confirmed NSA and Cyber Command leader, General Joshua Rudd, fill the hole. And the administration has recently struggled to refill leadership gaps at CISA. These recent efforts may signal that the administration recognizes the need to stabilize leadership across key cyber institutions following months of personnel losses and organizational disruption, particularly in light of Operation Epic Fury and the heightened risk of Iranian retaliation. While certainly a positive step, leadership changes alone are unlikely to quickly restore the institutional capacity lost in the past year. Rebuilding the operational capabilities and interagency coordination required for effective cyber defense will likely take longer, particularly during an active war in Iran involving cyber operations. 

Elections

Recent history also demonstrates that part of Iran’s cyber toolkit involves election interference. As the United States approaches the 2026 midterms in the midst of confrontation with Iran, the networks Tehran has previously used in attempts to influence American elections remain in place—while many of the U.S. institutions created to monitor and counter them no longer do.

Iran's recent track record of meddling in U.S. elections is extensive and well-documented. In October 2020,  Iranian hackers compromised U.S. state election websites and conducted a voter-intimidation campaign using stolen voter data before the 2020 presidential election. Dubbed “Cotton Sandstorm,” the cyber group conducted reconnaissance on, and attempted to compromise, approximately 11 state voter websites, including state voter registration websites and state voter information websites. They ultimately misconfigured one U.S. state’s computer system and downloaded information concerning more than 100,000 of that U.S. state’s voters.

Using that information, the hackers posed as the right-wing Proud Boys and sent emails to American voters, threatening them with physical injury if they did not change their party affiliation and vote for President Trump. The FBI and the Justice Department investigated and prosecuted the case. That same election cycle, the Treasury Department sanctioned the IRGC, International Union of Virtual Media, and other Iranian entities for foreign interference attempts.

Iran’s efforts continued in the 2024 election cycle, when Iranian state-backed actors hacked networks associated with the Trump presidential campaign and stole internal campaign documents before the 2024 presidential election. The Iranian cyber group, “Mint Sandstorm,” sent a spear-phishing email to a senior official on a presidential campaign, a hack the Trump campaign publicly confirmed. Then, three IRGC cyber actors were indicted for the “hack-and-leak” operation that followed, in which the Iranians sent unsolicited emails to individuals associated with then-President Biden’s campaign that contained an excerpt taken from the stolen, non-public material from Trump’s campaign.

Around the same time, Cotton Sandstorm was “actively scouting election-related websites and media outlets” for vulnerabilities, while another Iranian front encouraged Americans to boycott the election over U.S. support for Israel. Meanwhile, an IRGC-linked Iranian influence network launched a network of fake news sites that published AI-generated polarizing content, including a cartoon calling Trump an “opioid-pilled elephant in the MAGA china shop,” as well as fake op-eds attributed to Trump officials.

Iranian state actors have also recently targeted local elections, with IRGC-linked media seizing on Zohran Mamdani's victory in New York's mayoral race to construct a narrative of American political realignment favorable to Tehran’s interests.

These election interference examples illustrate the same theme as the examples of Iranian physical and digital attacks: The federal government built a set of interlocking institutions to counter exactly this kind of threat, and, over the past year, the administration has dismantled them.

At the FBI, Attorney General Pam Bondi, on her first day in office, issued a directive disbanding the FBI’s Foreign Influence Task Force (FITF), a move that Former FBI counterintelligence chief Frank Figliuzzi called “a free-for-all for foreign intel services.” The same memo curtailed criminal enforcement of the Foreign Agents Registration Act, limiting prosecutions to cases resembling "traditional espionage," narrowing the statute the Justice Department used in January 2021 to charge an Iranian agent who was paid by Iran to lobby Congress and publish op-eds in Western media.

The ODNI's Foreign Malign Influence Center (FMIC), which issued regular election security updates documenting Iranian influence operations targeting U.S. voters, including Iran's hacking of presidential campaigns, dissolved completely on August 20, 2025. The Department of Homeland Security laid off employees tasked with combating foreign disinformation within CISA’s election division and defunded CISA’s Election Infrastructure Information Sharing and Analysis Center. Meanwhile, U.S. federally funded international broadcasters that countered Iranian, Russian, and Chinese propaganda have faced major cuts, a move celebrated by America’s rivals and condemned even by Republican lawmakers.

The result is that no federal entity now holds the mandate that ODNI’s FMIC, the FBI’s FITF, and CISA's election division once shared—which was to monitor, counter, and publicly flag foreign influence operations targeting American voters in election cycles.

The potential consequences of this are already apparent. Since the Feb. 28 airstrikes, Iranian state media and IRGC-affiliated sources have mounted a significant disinformation offensive aimed at inflating U.S. casualties, exaggerating the success of strikes, and portraying the American military as weak. The infrastructure running these wartime information operations is not separate from the infrastructure that has targeted American elections—and there is little reason to think it will sit idle when the midterm elections arrive later this year. As the ODNI said itself in its 2025 worldwide threat assessment: “Iran’s growing expertise and willingness to conduct aggressive cyber operations also make it a major threat to the security of U.S. and allied and partner networks and data.”

*      *      *

Recently, ABC news correspondent Jonathan Karl asked President Trump, “What happens next?”

President Trump answered, “Forget about next.”

But if Iran successfully retaliates on American soil—as it has proven eager to do—the administration, and the American people, may not have that luxury.