Tom Warrick, a former DHS Deputy Assistant Secretary for Counterterrorism Policy and current nonresident senior fellow at the Atlantic Council, issued a stark warning on February 28, 2026, as US and Israeli forces launched Operation Epic Fury against Iran: “This war will have a home front in the United States.” The warning came hours after strikes that President Trump called “a massive and ongoing” campaign, strikes that confirmed the death of Ayatollah Ali Khamenei and effectively destroyed Iran’s conventional military capabilities. With those conventional options gone, Warrick and other national security experts say Iran’s remaining tools of retaliation — cyberattacks, assassination attempts, terror operations, and sabotage — will be aimed squarely at American soil. The concern is not hypothetical.
Warrick specifically warned that “The Secret Service, the Federal Bureau of Investigation, and the US Capitol Police will all be tested in the coming weeks and can afford zero failures.” He added that “Iran will try every cyber trick it can mount, testing the Department of Homeland Security, the private sector, and U.S. cyber defenses.” What makes this moment particularly dangerous is timing: CISA, the federal agency responsible for defending American infrastructure from cyberattacks, has been operating with sharply reduced staffing due to a DHS funding lapse and government shutdown. This article examines the full scope of the domestic threat, what Iran’s retaliation could look like, why cybersecurity experts are especially alarmed, and what ordinary Americans should understand about the risks ahead.
Table of Contents
- Why Is a Former DHS Official Warning That This War Will Have a Home Front in the United States?
- What Does Iran’s Retaliation Capability Actually Look Like?
- Why the CISA Staffing Crisis Makes This Moment Uniquely Dangerous
- What Federal Law Enforcement Faces in the Coming Weeks
- The Cyber Threat Beyond Government — What Civilian Infrastructure Faces
- The “Death Ground” Doctrine and What It Means for Escalation
- What Comes Next and Why the Coming Weeks Are Critical
- Conclusion
- Frequently Asked Questions
Why Is a Former DHS Official Warning That This War Will Have a Home Front in the United States?
Warrick’s warning is grounded in a straightforward military reality. operation Epic Fury destroyed iran‘s conventional military options. When a nation loses its ability to fight back with tanks, missiles, and aircraft, it does not simply surrender — it shifts to asymmetric warfare. Iran has spent decades building capabilities in exactly this space: cyber operations, proxy networks, intelligence operations abroad, and the willingness to target political leaders and civilian infrastructure. The death of Khamenei adds an existential dimension. A former NATO commander quoted by Fortune warned that Iran is now on “death ground,” a military term for a position where a force faces annihilation and therefore fights with nothing held back. The distinction between a foreign war and a domestic threat has collapsed in the cyber age. Iran does not need to send soldiers to American shores.
Cybersecurity experts warned that Iran could “hold our power grids, water systems, and hospitals hostage from halfway around the world” to force negotiations or simply to inflict pain. This is not speculative capability — Iran has previously targeted US water utilities, financial institutions, and government networks. The difference now is motive. Before February 28, Iran had reasons to exercise restraint. After losing its supreme leader and its military in a single day, restraint is no longer part of the calculus. Warrick’s credentials give the warning particular weight. As a former Deputy Assistant Secretary for Counterterrorism Policy at DHS, he helped design the very frameworks the government uses to assess and respond to domestic threats from foreign adversaries. His assessment was published through the Atlantic Council alongside reactions from dozens of other national security experts, and the consensus was clear: the battlefield now includes American cities, networks, and infrastructure.
What Does Iran’s Retaliation Capability Actually Look Like?
Iran’s menu of asymmetric retaliation options is broader than most Americans realize. According to national security analysts, the threat categories include attempted assassinations of senior US officials (particularly President trump and top military leaders), terror attacks against soft targets, cyberattacks on critical infrastructure, kidnappings of American citizens abroad, and sabotage against both civilian and military targets. Iran has pursued several of these before — the Department of Justice has previously charged Iranian operatives with plots to assassinate former officials on US soil, and Iran’s Islamic Revolutionary Guard Corps has a documented history of hostage-taking. However, capability and execution are not the same thing. Iran’s intelligence networks in the United States are believed to be limited compared to those of Russia or China. Its cyber capabilities, while real, are considered a tier below the most sophisticated nation-state actors. The critical variable is desperation.
A former NATO commander’s “death ground” assessment suggests Iran may attempt operations it would previously have considered too risky or too likely to provoke further escalation. When a regime believes it faces extinction, the risk calculus changes entirely. The question is not whether Iran wants to retaliate on American soil — it is whether its diminished apparatus can successfully execute such operations. The wildcard is Iran’s proxy network. Hezbollah, which has historically maintained operatives and fundraising networks in multiple countries including the United States, could serve as an extension of Iranian retaliation. While Hezbollah’s capabilities have been significantly degraded in recent years, the organization retains some international reach. Federal law enforcement agencies will need to monitor not just direct Iranian operations but the full network of aligned groups that might act independently or under Tehran’s direction.
Why the CISA Staffing Crisis Makes This Moment Uniquely Dangerous
The timing of Operation Epic Fury could hardly be worse from a domestic cybersecurity perspective. CISA — the Cybersecurity and Infrastructure Security Agency, the primary federal body responsible for defending American infrastructure from cyberattacks — has been operating with sharply reduced staffing due to a DHS funding lapse coinciding with a government shutdown. this means the agency tasked with detecting and responding to Iranian cyber intrusions is running at diminished capacity at precisely the moment the threat has spiked to its highest level. This is not an abstract bureaucratic problem. CISA coordinates with power utilities, water systems, hospitals, financial institutions, and state and local governments to identify and respond to cyber threats. When staffing drops, monitoring gaps appear. Threat intelligence sharing slows down.
Response times increase. Iran’s cyber operators — who Warrick warned “will try every cyber trick” available — would be probing for exactly these kinds of gaps. A successful attack on a regional power grid or hospital system during a period of reduced federal oversight would not only cause immediate harm but would demonstrate to the American public that the war’s consequences are not confined to the Middle East. The private sector bears an outsized burden in this scenario. Even at full capacity, CISA serves primarily as a coordinator and advisor — the actual cybersecurity defenses of most critical infrastructure are maintained by private companies. Many of these companies, particularly smaller utilities and rural hospital systems, operate with limited cybersecurity budgets and staff. If Iran targets the weakest links in American infrastructure, federal agencies at reduced capacity may not be able to provide adequate support. This is the specific vulnerability that makes Warrick’s warning more than routine caution.
What Federal Law Enforcement Faces in the Coming Weeks
Warrick’s warning singled out three agencies by name: the Secret Service, the FBI, and the US Capitol Police. Each faces a distinct set of challenges. The Secret Service must operate under the assumption that Iran will attempt to target President Trump and other senior officials — a threat that existed before Operation Epic Fury but has now intensified dramatically. The agency’s protective mission requires perfection; a single failure could be catastrophic. Iran has previously been linked to assassination plots against former US officials, and the killing of Khamenei will be treated as a personal affront that demands a proportional response. The FBI faces the broader counterterrorism challenge of identifying and disrupting potential Iranian operatives or sympathizers within the United States before they can act. This requires human intelligence, signals intelligence, and coordination with international partners — all of which take time and resources.
The tradeoff is between speed and thoroughness. Moving too aggressively risks civil liberties violations and false positives that waste resources. Moving too cautiously risks missing a genuine plot. The Capitol Police, meanwhile, must secure the physical safety of Congress at a moment when political tensions over the Iran strikes are already high and the building represents one of the most symbolically significant targets in the country. The fundamental challenge across all three agencies is that defensive operations must succeed every time, while an attacker only needs to succeed once. Warrick’s phrasing — “can afford zero failures” — reflects this asymmetry. It is the defining problem of counterterrorism, and it becomes exponentially harder when the adversary is a nation-state with nothing left to lose.
The Cyber Threat Beyond Government — What Civilian Infrastructure Faces
The most likely form of Iranian retaliation that would directly affect ordinary Americans is a cyberattack on civilian infrastructure. The targets cybersecurity experts have flagged include power grids, water treatment systems, hospitals, financial networks, and transportation systems. Iran’s cyber capabilities have been demonstrated in previous incidents — notably the 2021 attack on a Florida water treatment facility (attributed to a different actor but illustrative of the vulnerability) and various intrusions into US critical infrastructure that federal agencies have linked to Iranian state actors. The limitation worth understanding is that truly catastrophic cyberattacks — the kind that take down a regional power grid for weeks — are extremely difficult to execute. Most cybersecurity experts distinguish between disruptive attacks (which cause temporary outages and confusion) and destructive attacks (which cause physical damage to equipment). Iran is more likely capable of the former than the latter.
However, even temporary disruptions to hospital systems or water treatment facilities can endanger lives, and the psychological impact of any successful attack would be significant. The goal of such operations may not be to cause maximum physical damage but to demonstrate reach and create public pressure on the administration to negotiate. A critical warning for state and local governments: do not assume that federal agencies will handle this. With CISA operating at reduced capacity, municipal water systems, county hospitals, and state power authorities need to be reviewing their own cybersecurity postures immediately. This means ensuring that systems are patched, that multi-factor authentication is enforced, that backup systems are tested, and that incident response plans are current. The window between the strikes and potential retaliation may be measured in days, not weeks.
The “Death Ground” Doctrine and What It Means for Escalation
The former NATO commander’s warning that Iran is on “death ground” draws from Sun Tzu’s ancient military concept: when an army is trapped with no route of escape, it will fight with desperate ferocity. The destruction of Iran’s conventional military and the death of its supreme leader have, in this analysis, placed the entire regime in that position. The implication is that Iran may “go big” — pursuing retaliatory operations of a scale and boldness it would never have considered under normal strategic calculations.
This matters for the home front because desperate actors are unpredictable actors. Standard threat models assume rational adversaries who weigh costs and benefits. A regime on death ground may pursue operations that are strategically irrational but emotionally or symbolically satisfying — a mass-casualty terror attack, for instance, that would guarantee further US military action but would be seen by the regime’s remaining leadership as a final act of defiance. This is the scenario that keeps national security professionals up at night, and it is the scenario that Warrick’s warning implicitly addresses.
What Comes Next and Why the Coming Weeks Are Critical
The consensus among national security experts is that the highest-risk window is the next several weeks. Iran’s cyber operations can be mobilized relatively quickly, and any pre-positioned operatives or sleeper networks would be activated now if they are going to be activated at all. As time passes without a major retaliatory event, the probability of one decreases — but it does not reach zero. Iran’s remaining leadership, whoever emerges from the power vacuum left by Khamenei’s death, will face immense internal and external pressure to respond. The form that response takes will depend on factors that are inherently unpredictable: internal power dynamics, the survival of command-and-control networks, and whether any remaining military or intelligence leaders counsel restraint.
For the American public, the practical takeaway is awareness without panic. The federal government, despite its current staffing challenges, retains enormous intelligence and law enforcement capabilities. But Warrick’s warning is a reminder that modern warfare does not respect geographic boundaries. The strikes on Iran were conducted thousands of miles away, but their consequences — in the form of cyber threats, potential terror plots, and the strain on domestic security agencies — are arriving at American doorsteps. The coming weeks will test whether the nation’s defenses are adequate to a threat that was, until February 28, largely theoretical.
Conclusion
Tom Warrick’s warning that “this war will have a home front in the United States” is not alarmism — it is a professional assessment from someone who spent years building the frameworks DHS uses to counter exactly these threats. The destruction of Iran’s conventional military through Operation Epic Fury has not ended the conflict; it has shifted it to domains where the United States is vulnerable in ways that aircraft carriers and fighter jets cannot address.
Cyberattacks on critical infrastructure, potential assassination plots, and the strain on already under-resourced federal agencies represent a genuine and immediate domestic security challenge. The key factors to watch in the coming weeks are whether CISA receives emergency funding and staffing to address the cyber threat, whether federal law enforcement agencies can maintain the “zero failures” standard Warrick described, and whether Iran’s remaining leadership opts for dramatic retaliation or a longer-term strategy of asymmetric pressure. For ordinary Americans, particularly those working in critical infrastructure sectors, the most important step is to take cybersecurity seriously right now — not as an abstract concern, but as a direct consequence of a war that has, as Warrick warned, come home.
Frequently Asked Questions
Who is Tom Warrick and why does his warning matter?
Tom Warrick is a former DHS Deputy Assistant Secretary for Counterterrorism Policy and a nonresident senior fellow at the Atlantic Council. His warning carries weight because he helped design the government’s counterterrorism frameworks and has direct expertise in the intersection of foreign threats and domestic security.
What is Operation Epic Fury?
Operation Epic Fury is the name for the US and Israeli military strikes launched against Iran on February 28, 2026. President Trump described it as “a massive and ongoing” campaign. The strikes destroyed Iran’s conventional military capabilities and resulted in the confirmed death of Ayatollah Ali Khamenei.
What kind of cyberattacks could Iran launch against the United States?
Cybersecurity experts warn Iran could target power grids, water systems, hospitals, and financial networks. While truly catastrophic attacks are difficult to execute, disruptive attacks causing temporary outages are well within Iran’s demonstrated capabilities and could endanger lives and create public pressure.
Why is the CISA staffing reduction a problem right now?
CISA is the primary federal agency responsible for coordinating cybersecurity defenses across government and private sector infrastructure. A DHS funding lapse and government shutdown left the agency operating with reduced staff at the exact moment the Iranian cyber threat escalated dramatically, creating potential gaps in monitoring and response.
What does “death ground” mean in this context?
“Death ground” is a military concept from Sun Tzu describing a position where a force faces annihilation and therefore fights with desperate, uninhibited ferocity. A former NATO commander applied this term to Iran’s situation after losing its supreme leader and conventional military, suggesting the regime may pursue unusually bold or reckless retaliation.
Should ordinary Americans be worried about their personal safety?
The direct physical threat to most individuals remains low. The more likely impacts would be indirect — disruptions to power, water, or hospital systems from cyberattacks, or increased security measures affecting daily life. Awareness is appropriate; panic is not.