Today's briefing:
Iran's escalating threats to US interests
Russian cyber assault on Poland's power infrastructure
Minneapolis shooting triggers national shutdown
Good morning.
Three stories this week share a common thread: the gap between how things are supposed to work and how they're actually playing out.
Tehran's foreign minister issued the most direct threat to American interests we've seen in years. Poland discovered its renewable energy grid has vulnerabilities no one planned for. And the recent shooting in Minneapolis has exposed fractures in federal law enforcement that go beyond standard jurisdictional disputes.
Each of these creates specific operational considerations worth understanding.
TOP STORY
Iran Goes Direct
Iran's Foreign Minister Abbas Araghchi delivered the most explicit threat to American interests in recent memory on January 20. Speaking to state media, he warned that Tehran would strike US targets "on the ground" if Washington continued supporting what he called external threats to Iranian security.
The statement represents a significant shift in Iranian communication. Previous threats maintained ambiguity about attribution and timing. Araghchi removed both buffers.
The threat comes as Iran deploys thousands of Iraqi militiamen to suppress domestic protests that have been building since late 2025. According to intelligence reports, these Shiite fighters from Kata'ib Hezbollah and Asa'ib Ahl al-Haq crossed into Iran specifically to reinforce regime security forces facing sustained civil unrest in multiple provinces.
Any Western company with personnel in Iraq, the Gulf states, or even Jordan should reassess exposure. Iranian proxy forces have demonstrated both capability and willingness to target American and allied interests when Tehran gives the order.
The proxy equation
Here's what changed. Iran's security apparatus is stretched thin managing domestic dissent. By importing Iraqi militia fighters, the regime frees up IRGC and regular forces for external operations. That means more bandwidth for strikes against US contractors, diplomatic facilities, and commercial shipping in the region.
The targeting calculus has also shifted. Previous Iranian operations against US interests maintained plausible deniability. Araghchi's statement removes that buffer. He's signaling that direct attribution won't deter action.
If you're managing Middle East operations, this demands immediate review of:
Embassy and consulate proximity for personnel
Evacuation route redundancy
Local force protection contracts (many use Iraqi security personnel with potential militia ties)
Maritime transit through the Strait of Hormuz
Regional communication security
What's driving this
Iran's economic situation continues deteriorating despite sanctions relief negotiations. Youth unemployment remains above 25 percent. The regime's legitimacy crisis predates current protests but has accelerated dramatically.
Tehran is making a calculated bet: external aggression can unify internal support while deterring Western backing of opposition movements. It's a playbook we've seen before, but rarely with this level of explicit messaging.
Our take:
The shift from covert proxy operations to overt ministerial threats represents a fundamental change in risk exposure for Western interests across the Middle East. Companies that maintained regional presence through previous escalation cycles should not assume historical precedent applies.
Most concerning is the timing. This escalation coincides with reduced US military presence in Iraq and Syria, creating what Tehran likely perceives as an opportunity window. For executive protection teams and corporate security directors, the next 90 days represent peak vulnerability. Consider temporary reduction of non-essential personnel in Iraq, Kuwait, and Bahrain. Enhance vetting of local security contractors. And establish secondary communication channels that don't rely on regional infrastructure.
READER POLL
How should Western companies read Iran's threat of direct strikes on US targets?
MARK YOUR CALENDARS
ISC West – Las Vegas
ISC West delivers the technologies, insights, and partnerships that drive a unified approach to protection. Discover a more converged way to securing digital and physical assets.
INDUSTRY ROUND-UP
Grid Warfare
Russia's GRU-linked Sandworm group targeted over 30 wind and solar farms across Poland in December, marking the first large-scale cyber-physical attack on distributed renewable energy infrastructure. Polish CERT analysis revealed the attackers specifically exploited vulnerabilities in decentralized energy management systems.
The tactical innovation here matters. Traditional grid attacks focused on centralized generation and transmission hubs. By targeting distributed energy resources, Sandworm demonstrated how the clean energy transition creates new attack surfaces. The renewable installations lacked the hardened security protocols of conventional power plants.
Poland's rapid detection prevented actual disruption, but the reconnaissance was complete. The attackers now possess detailed knowledge of how to destabilize Polish power during peak demand. Anyone operating critical facilities in Eastern Europe should reassess backup power assumptions.
Domestic Breakdown
The shooting of Alex Pretti by Border Patrol agents in Minneapolis on January 24 has triggered what organizers call the "National Shutdown," paralyzing operations in multiple major cities. The incident, captured on video showing agents shooting Pretti while he was pinned to the ground, contradicts federal officials' initial characterization of him as a violent threat.
The challenge goes beyond the protests themselves. Minnesota state authorities have been frozen out of the federal investigation. The DOJ's decision to assign the civil rights probe to the FBI rather than Homeland Security Investigations signals internal federal distrust. For anyone coordinating with law enforcement during civil unrest, this creates a coordination nightmare: local agencies won't work with federal partners, and federal agencies are investigating each other.
Sound even smarter:
The Iraqi militias now operating in Iran include fighters with direct experience targeting US forces during the Iraq War. Kata'ib Hezbollah was responsible for multiple attacks on American bases between 2019 and 2021. Their deployment inside Iran isn't just crowd control, it's capability positioning.
Sandworm's targeting of Poland's renewable infrastructure follows their 2015 and 2016 attacks on Ukraine's power grid. The group has consistently used Eastern European nations as testing grounds for techniques later deployed more broadly. Critical infrastructure operators in Germany, France, and the UK should assume similar reconnaissance is already complete.
SNAPSHOTS
🇨🇳 CHINA – Luxshare Precision, a major Apple manufacturing partner, suffered a significant data breach exposing unreleased product designs and technical specifications. The incident demonstrates that trade secrets entering globalized supply chains face persistent exfiltration risk regardless of security protocols at Western headquarters. Companies relying on Asian manufacturing should assume design data has limited shelf life for competitive advantage.
🇪🇺 GERMANY – Dresden's State Art Collections confirmed a ransomware attack disrupted operations at multiple museums, including the Green Vault that houses €1 billion in historical treasures. The attackers targeted administrative systems rather than physical security infrastructure, but the incident forced temporary closures. Cultural institutions are increasingly attractive targets as they digitize collections while maintaining limited cybersecurity budgets.
EXTRA INSIGHT
HEALTHCARE SECURITY – NHS data shows patient violence against medical staff averaging 285 incidents daily. The Joint Commission's new 2026 workplace violence standards require healthcare facilities to implement comprehensive threat assessment protocols. The regulatory shift means documentation and intervention procedures now carry accreditation risk, not just liability exposure.
FINANCIAL MARKETS – Gold hit $5,100 per ounce on January 26, driven by both tariff uncertainty and "National Shutdown" fears. The spike reflects institutional investors pricing in extended domestic instability. Treasury departments are increasingly treating precious metals as a stability hedge rather than just an inflation play, with implications for how companies approach cash reserves during periods of civil unrest.
RECOMMENDED WATCHING
Four Scenarios for 2026
This expert panel from the recently held Executive Security and CP Technology Forum breaks down high-probability threats for 2026, including evolved kidnap-and-ransom tactics and the necessity of "analog" backup skills in tech-denied zones.
PREVIOUS POLL - RESULTS
Q: If federal agents operate without local coordination in your city, who's responsible for the security vacuum?
🟨🟨🟨⬜️⬜️ A. Federal leadership (should coordinate with locals) (30%)
🟨🟨⬜️⬜️⬜️ B. Local officials (should assert jurisdiction) (20%)
🟩🟩🟩🟩🟩 C. Both (systemic failure of governance) (40%)
🟧⬜️⬜️⬜️⬜️ D. Other. Share your take → (10%)
Your Comments:
JT: "Your piece leaves out a critical question... why are federal officers there in the first place? Zooming out allows for critical thinking."
TJR: "It seems there is no Communication or Co-ordination between local and federal authorities. It very much looked like these ICE AGENTS ARE VERY POORLY TRAINED”
***
When foreign ministers start naming targets, you listen. When attack patterns evolve, you adapt. When coordination breaks down, you plan accordingly.
See you next week.
– On The Circuit
If you found this useful, forward it to someone who needs to read it. If someone forwarded this to you, subscribe at https://archives.circuit-magazine.com/ . To give or receive feedback, hit reply.
