The Four-Party Ecosystem
China, Russia, Iran, and North Korea are not four separate threats โ they are a cooperative ecosystem, each contributing their strongest capability to a coordinated attack framework targeting American critical infrastructure.
Listen: The 4PE Explained
๐ง Podcast episode coming soon โ who wants to take down the grid, what capabilities they bring, and how the Combined Arms attack sequence works.
The Threat Actors
๐จ๐ณ China (Volt Typhoon / Voltzite)
Strategic architect. Confirmed pre-positioned inside U.S. electric utility, oil pipeline, and water system OT networks (2023โ2025). Progressing inside operational control loops. Capable of simultaneous multi-sector disruption. Strategic objective: fix U.S. military within CONUS during Taiwan contingency.
๐ท๐บ Russia (Sandworm / GRU Unit 74455)
Only nation to conduct confirmed cyberattacks against national power grids (Ukraine 2015/2016). Demonstrated ability to cause physical equipment damage via cyber (Industroyer2). Doctrine treats infrastructure attack as routine military operations.
๐ฎ๐ท Iran (IRGC / Unit 910 / Unit 840)
Physical proxy capability via Hezbollah Unit 910 distributed cell model, Unit 840 cartel outsourcing, and ~18,000+ KSTs. Demonstrated CI attack capability (Saudi Aramco, Jordan fuel, Aliquippa PA water utility). Lowest barrier to kinetic attack on U.S. soil.
๐ฐ๐ต North Korea (Lazarus Group / RGB)
Nuclear EMP capability (demonstrated ICBM 2017). Cyber financial theft ($1.5B+). Escalation wildcard โ may act independently or as force multiplier during PRC/Russia operations. Unpredictability is itself a strategic asset.
The Combined Arms Attack Sequence
Each phase degrades the capacity to respond to the next. By the time Phase 3 begins, Phase 1 has already made the grid unrecoverable.
Phase 1: CYBER (T-0)
Volt Typhoon activates pre-positioned SCADA access. Grid operators blinded to actual state. Protection systems disabled.
Phase 2: PHYSICAL (T+minutes)
Coordinated attacks on Large Power Transformers. Custom-built, 12โ18 month replacement. Active shooters at CI sites.
Phase 3: INSTITUTIONAL (T+hours)
Attribution confusion. Disinformation amplifies panic. Government paralysis prevents coordinated response.
Phase 4: EMP/ESCALATION (T+days)
Nuclear EMP at altitude eliminates remaining grid and electronics at continental scale. No mutual aid possible.
Watch: Infrastructure Threat Briefings
Senior government and military officials explain the threat in their own words.
Former NSA Director Gen. Tim Haugh: Chinese Infrastructure Hacking
FBI Director Wray: Chinese Infiltration of Our Infrastructure
60 Minutes: Nine Substations Can Trigger a Black Sky Event
FIR Threat Analysis โ Download
The Foundation for Infrastructure Resilience has published detailed analysis of the Four-Party Ecosystem threat model.
The Strategic Objective
Fix the U.S. military within CONUS โ unable to deploy โ by paralyzing the domestic infrastructure upon which military logistics and force generation depend. Every self-sustaining community defeats this strategy.