- Iran poses a credible and near-term homeland threat to the United States, based on clear indicators of intent, capability, and opportunity. TheIslamic Revolutionary Guard Corps and its Qods Force are specifically designed to conduct asymmetric operations abroad, making them highly relevant in the current conflict environment.
- This threat is grounded in a documented pattern of both physical and cyber operations on U.S. soil. Plots targeting individuals such asMasih Alinejad, John Bolton, and Donald Trump, alongside cyberattacks on banks, hospitals, and water systems, demonstrate a willingness to disrupt civilian life and critical infrastructure.
- At the same time, U.S. preparedness may be weakening due to the diversion of national security resources and the loss of specialized expertise. This creates potential gaps in detection and response at a moment when threat indicators are increasing and require heightened focus.
As the world’s attention is fixed on the fast-moving conflict in Iran, my first instinct as a homeland security practitioner was to look here at home. In moments of major geopolitical upheaval, the question is never just what happens there; it is how adversaries may move to create effects here. And in light of the Iran war, the operative question is whether Iran poses an imminent threat to the United States. If we evaluate intent, capability, and opportunity the way practitioners must, the answer is yes.
Iran’s Islamic Revolutionary Guard Corps (IRGC) and its external operations arm, the Qods Force (QF), have already demonstrated activity inside the United States (U.S.) across the two vectors that matter most: physical operations and cyber intrusions. Conflict shortens decision cycles, compresses restraint, and raises risk tolerance, increasing the likelihood of near-term activity against U.S. civilians and essential services. These concerns are grounded in public indictments, federal statements, and documented behavior.
IRGC‑QF, in Plain Terms
The Qods Force is the IRGC’s external operations unit responsible for covert action abroad, including intelligence support, targeted violence, and missions designed to advance Iran’s strategic objectives. U.S. government designations tie Qods Force elements to assassinations, sabotage, paramilitary guidance, and lethal plotting. This is a unit built for extraterritorial action. In the current conflict, it is the component most relevant to U.S. homeland risk because it is designed to conduct asymmetric operations beyond Iran’s borders.
Physical: the civilian fallout is not hypothetical
Iran’s willingness to commission violence on U.S. soil is well established. In 2011, federal prosecutors charged conspirators tied to the Qods Force for plotting to assassinate the Saudi ambassador in Washington, D.C., and envisioning a mass casualty attack in a crowded Georgetown restaurant. What was equally alarming about this plot is that the Qods Force was attempting to work with a Mexican drug cartel to help carry out the brazen assassination. It was a stark demonstration of state‑directed intent, and a reminder that everyday American spaces, not fortified targets, are the most vulnerable.
More recently, between 2021 and 2022, federal indictments and convictions exposed IRGC‑directed operations targeting U.S.‑based dissident Masih Alinejad. First, actors attempted to kidnap her for rendition. When that plan failed, they progressed to a murder‑for‑hire scheme using criminal proxies. These operations unfolded in residential neighborhoods, the kind of spaces where neighbors walk dogs, children ride scooters, and ordinary life happens. These are plots that endanger not just a single individual, but the entire ecosystem of bystanders and responders around them.
In 2022, the Department of Justice charged an IRGC member with attempting to orchestrate the killing of former National Security Adviser John Bolton, explicitly citing retaliation for the strike that killed Qods Force commander Qassem Soleimani. Federal authorities also charged an IRGC-directed asset and two U.S. accomplices in a murder-for-hire plot targeting then President-elect Donald Trump. With Trump now the sitting President, this constitutes an attempted plot against a current head of state. We must treat that as an operational signal, not rhetorical noise.
Cyber: the fastest path to civilian disruption and fear
Iran’s cyber operations have already imposed real-world consequences. In 2012 and 2013, IRGC-linked actors executed sustained DDoS attacks on major U.S. banks, resulting in significant disruption and a federal indictment of seven individuals. In 2013, Iranian actors infiltrated the control system of New York’s Bowman Avenue Dam, a symbolic test of U.S. critical infrastructure access. In 2021, the FBI publicly disclosed it had thwarted an Iran-backed attempt to hack Boston Children’s Hospital, an attack Director Christopher Wray described as one of the most despicable he had seen. This was not a theoretical cyber conflict; it was an attempt to harm a children’s hospital.
By late 2023 and early 2024, IRGC-affiliated CyberAv3ngers actors were compromising internet-exposed Unitronics devices across the U.S. water and wastewater sectors. The incident in Aliquippa, Pennsylvania, turned abstract fears into immediate operational disruption. The message is unmistakable: Iran is willing to touch the systems that deliver drinking water, manage wastewater, and support basic community functions.
Capacity at the wrong place and time
At the precise moment when Iran-focused analysis, disruption, and counterintelligence work should be surging, national security personnel across agencies have been diverted into other enforcement missions through broad reassignments of already overstretched investigative resources. These shifts thin the expertise, national security investigative bandwidth, and analytic continuity needed to stay ahead of a fast-moving threat landscape. The recent resignation of the NCTC director amid the Iran war and the firing of FBI personnel with Iran-related expertise compound the problem. When institutional memory and subject matter depth walk out the door, gaps emerge. And adversaries look for gaps.
Recent signals: a warning pattern, not panic
Signals always precede attacks. The United States has recently seen a cluster of them: charges against IRGC-linked actors targeting U.S. officials; public reporting on retaliatory rhetoric tied to the Iran war; media coverage of bounty offers; and FBI testimony outlining how Iran’s Axis of Resistance posture elevates homeland risk during conflict spikes abroad. This pattern does not indicate inevitability, but it does indicate intent and a willingness to test opportunities.
Bottom line
The Qods Force record, from physical plots in ordinary places to cyber intrusions into essential services, is clear. These activities map onto the spaces where Americans live, work, receive care, and expect normalcy. In a compressed conflict environment, homeland risk is not hypothetical. It is present, immediate, and evolving. The United States must refocus and surge analytic, operational, and counterintelligence resources back toward the Iran problem set before intent becomes impact in both the physical world and the digital domain.
