The Iran Cyber Threat Is Real

This story originally was published by Real Clear Wire.

By Terry Thompson
Real Clear Wire

The Iran Cyber Threat Is Real—And Our Phones Are Making It Worse

U.S. intelligence agencies are on high alert after CNN reported that Iran is actively preparing cyberattacks aimed at critical government and military infrastructure. But the real threat may already be inside the wire — not from foreign hackers at a keyboard, but from mobile phones unknowingly or deliberately carried into the nation’s most sensitive facilities. The devices we carry every day are now among our greatest national security vulnerabilities.

Despite years of post-9/11 investments in hardened infrastructure, the federal government has been remiss in investing in a sensor network to keep pace with the risks of wireless technology now embedded in daily life.

When the first iPhone was introduced in 2007, it ushered in a new era of hyper-connected mobility. Since then, innovation has continued to explode, bringing countless benefits but also exposing serious vulnerabilities.

However, our most secure government facilities are wide open to wireless threats.

Today, up to 90% of secure government facilities rely on little more than the honor system and self-reporting to keep unauthorized wireless devices — mobile phones, smartwatches, rogue transmitters — out of Sensitive Compartmented Information Facilities (SCIFs), Special Access Program Facilities (SAPFs), and other high-security zones. In an age of Pegasus spyware and remote malware, this should be interpreted as national security malpractice.

The modern smartphone is a traitor’s dream — portable, powerful, and everywhere. It records audio and video, transmits data instantaneously via WiFi, Bluetooth, and cellular networks, and it connects to everything — from commercial clouds to encrypted chat apps. And yet, these devices are routinely brought into facilities housing classified intelligence data, most often undetected and without consequence post-exfiltration.

Take the case of Asif W. Rahman, a former CIA analyst who held a top-secret security clearance and was recently sentenced to three years in federal prison for photographing classified information and transmitting it to unauthorized recipients, who then posted the material to social media. Snapping and sharing photos of classified government documents using a smartphone is stunningly simple, with no high-tech espionage or daring break-ins.

Every week brings new examples like this. Individuals inside the Department of Defense and State Department have been caught photographing screens, copying documents, and walking classified data right out the door. These are crimes of opportunity enabled by lax enforcement and outdated security.

If a wireless intrusion detection system (WIDS) were in place, the device would have triggered an alert and stopped these breaches before they became major national security failures.

Now, with Iran probing for cyber vulnerabilities, the risk of insiders being exploited or coerced into facilitating digital breaches through personal devices has never been higher. And it can happen without a trace if the right wireless defenses aren’t in place.

In 2023, the Secretary of Defense issued a memo directing all DOD components to install WIDS to monitor for unauthorized devices. The technology works. It detects any device that emits a wireless signal, such as phones, smartwatches, or even printers with WiFi, inside a restricted area. Yet the directive remains largely unfunded and unenforced.

Make no mistake: near-peer adversaries, terrorist groups, and criminal syndicates are exploiting wireless threats to their advantage. They don’t need sophisticated tradecraft and specialized technologies. They simply need to compromise and leverage someone with access and a phone. And with thousands of secure facilities across the country, that opportunity presents itself every day.

In light of the latest intelligence warnings, we need to fund wireless intrusion detection across all SCIFs and SAPFs and educate agency leaders on the vulnerabilities posed by modern smartphones.

We need to hold bad actors accountable — not retrospectively or as part of a congressional committee hearing but by making sure they never have the opportunity to compromise the integrity of national security in the first place.

The U.S. government has spent billions building concrete walls, locked doors, and network-specific defenses around our secrets. But in 2025, secrets aren’t stolen with a crowbar; they’re stolen with an app. Until we treat the wireless threat with the same seriousness, those secrets will remain just one text message or compromised phone away from unauthorized disclosure of Classified National Security Information.

You can’t protect your most sensitive state secrets if you are blind to the threat. Without action, these vulnerabilities will only grow more dangerous — and more missions and lives may come at risk.

Col. Terry Thompson (U.S. Air Force, ret.), was a war planner at the Pentagon and a wing commander at Dyess Air Force Base, Texas.

This article was originally published by RealClearDefense and made available via RealClearWire.