Recent intelligence from June 2025 confirms a sharp uptick in Iranian cyber activity directed at U.S. critical infrastructure, particularly the electrical grid. As Iran ramps up its offensive cyber operations,  utilities and cybersecurity officials have observed increased phishing attempts, credential harvesting, and infrastructure scanning.

These intrusions remain largely within the IT domain, but their timing and intensity suggest Tehran is employing cyber operations as a deniable yet strategic tool of retaliation. Rather than risk overt military confrontation, Iran appears to be leveraging digital asymmetry to test U.S. resilience, probe for vulnerabilities, and signal resolve amidst intensifying geopolitical friction.

Ted Koppel’s Strategic Warning

Ted Koppel has long flagged the grid as a national vulnerability. In his 2017 Boston lecture, he stated: “The largest threat … is the electrical grid,” not terrorism in isolation. Lights Out pushes this further, warning that a focused cyber strike on one of the U.S.’s three power interconnections could trigger a collapse of much broader infrastructure. Koppel argues that, unlike nuclear threats, there exists no deterrent like mutual assured destruction in cyberspace, making the grid uniquely exposed.

Iranian cyber units—such as APT33 and OilRig—have demonstrated the ability to infiltrate utility IT systems through credential-spraying and phishing. While current operations remain focused on reconnaissance and IT infiltration, the shift in posture suggests a calibration phase: mapping defenses, identifying ICS/SCADA weaknesses, and building access. As conflict with Israel unfolds, the risk evolves from espionage to disruption.

The U.S. Grid’s Structural & Defensive Hardening

The U.S. grid is unusually resilient: decentralized across Eastern, Western, and Texas interconnections; regulated by over 3,200 utilities. Post-Colonial Pipeline and Texas freeze, the Department of Energy, NERC CIP standards, and regular exercises like GridEx have fortified both cyber and physical defenses. Moreover, improvements in detection, incident response, and public–private intelligence collaboration help counter emergent threats.

The Absence of Cyber “Mutually Assured Destruction”

Koppel draws on Cold War lessons; unlike nuclear arsenals, cyber platforms lack clear, visible retaliation mechanisms. The U.S. cannot credibly threaten proportional digital retaliation against Tehran. This imbalance of asymmetric risk may embolden Iran to deploy cyber tactics as a strategic lever, particularly if its kinetic options head south.

Implications & Strategic Tasks

Key Points:

• Iranian cybersecurity activity is on the rise, closely tied to U.S.-Israel dynamics.
• Koppel’s insights underscore the existential stakes: grid disruptions could cascade into systemic collapse.
• The U.S. has improved defenses, but cyber escalation remains plausible absent stronger deterrence and attribution capabilities.

Implications:

• Cyber-to-physical escalation may occur: IT breaches morphing into ICS attacks during flashpoints.
• Investment in active defense, public attribution campaigns, and legal/policy frameworks for cyber deterrence is essential.
• Timing is critical: If a major conflict with Iran erupts, let’s hope we have shored up our vulnerabilities, improved real-time detection, and have a credible response wrapped and packed.

Iran’s evolving cyber posture, when combined with geopolitical friction over Israel, mirrors exactly the grid-threat scenario Koppel warned against. The U.S. must no longer treat cyber as a secondary battlefield—it is now the frontline of national resilience.

We have no confidence that the current Administration has thought this through.  It must be the 5D chess.