The Four-Party Ecosystem
China, Russia, Iran, and North Korea are not four separate threats โ they are a cooperative ecosystem, each contributing their strongest capability to a coordinated attack framework targeting American critical infrastructure. This collaborative partnership is not the only threat to the United States’ infrastructure, but is the most ready and capable one. FIR focusses on this combined threat as a plausible worst case scenario.
Video: The 4PE Explained
Click here for video
The Threat Actors
๐จ๐ณ China (Volt Typhoon / Voltzite)
Strategic architect. Confirmed pre-positioned inside U.S. electric utility, oil pipeline, and water system OT networks (2023โ2025). Progressing inside operational control loops. Capable of simultaneous multi-sector disruption. Strategic objective: fix U.S. military within CONUS during Taiwan contingency.
๐ท๐บ Russia (Sandworm / GRU Unit 74455)
Only nation to conduct confirmed cyberattacks against national power grids (Ukraine 2015/2016). Demonstrated ability to cause physical equipment damage via cyber (Industroyer2). Doctrine treats infrastructure attack as routine military operations.
๐ฎ๐ท Iran (IRGC / Unit 910 / Unit 840)
Physical proxy capability via Hezbollah Unit 910 distributed cell model, Unit 840 cartel outsourcing, and ~18,000+ KSTs. Demonstrated CI attack capability (Saudi Aramco, Jordan fuel, Aliquippa PA water utility). Lowest barrier to kinetic attack on U.S. soil.
๐ฐ๐ต North Korea (Lazarus Group / RGB)
Nuclear EMP capability (demonstrated ICBM 2017). Cyber financial theft ($1.5B+). Escalation wildcard โ may act independently or as force multiplier during PRC/Russia operations. Unpredictability is itself a strategic asset.
The Combined Arms Attack Sequence
Each phase degrades the capacity to respond to the next. By the time Phase 3 begins, Phase 1 has already made the grid unrecoverable.
Phase 1: CYBER (T-0)
Volt Typhoon activates pre-positioned SCADA access. Grid operators blinded to actual state. Protection systems disabled.
Phase 2: PHYSICAL (T+minutes)
Coordinated attacks on Large Power Transformers. Custom-built, 12โ18 month replacement. Active shooters at CI sites.
Phase 3: INSTITUTIONAL (T+hours)
Attribution confusion. Disinformation amplifies panic. Government paralysis prevents coordinated response.
Phase 4: EMP/ESCALATION (T+days)
Nuclear EMP at altitude eliminates remaining grid and electronics at continental scale. No mutual aid possible.
Watch: Infrastructure Threat Briefings
Senior government and military officials explain the threat in their own words.
Former NSA Director Gen. Tim Haugh: Chinese Infrastructure Hacking
FBI Director Wray: Chinese Infiltration of Our Infrastructure
60 Minutes: Nine Substations Can Trigger a Black Sky Event
FIR Threat Analysis โ Download
The Foundation for Infrastructure Resilience has published detailed analysis of the Four-Party Ecosystem threat model.
The Strategic Objective
Fix the U.S. military within CONUS โ unable to deploy โ by paralyzing the domestic infrastructure upon which military logistics and force generation depend. Every self-sustaining community defeats this strategy.