FAA Contractor's Iran Ties Expose Critical Weakness in US National Security Vetting

Abouzar Rahmati, a naturalized U.S. citizen, lived a double life. By day, he worked as a contractor for the Federal Aviation Administration, entrusted with sensitive data about America’s skies. By night, he conspired with Iranian intelligence, funneling classified information to a regime hell-bent on undermining our security. His guilty plea on April 16, 2025, for acting as an unregistered foreign agent lays bare a chilling reality: our critical infrastructure is a sitting duck for foreign spies.

This isn’t just one bad actor. Rahmati’s case exposes a gaping hole in our national security framework. For years, he exploited his access, downloading 172 gigabytes of FAA files, including radar systems and air traffic control data, and handed them to Iran. The betrayal didn’t come out of nowhere; it was meticulously planned, starting with his outreach to Iranian officials in 2017. The question isn’t how this happened, but why we let it go on for so long.

The stakes couldn’t be higher. Aviation is the backbone of our economy and defense, and Iran’s operatives know it. Rahmati’s actions weren’t a one-off; they’re part of a broader pattern of state-sponsored espionage targeting our critical sectors. From China’s cyberattacks to Russia’s disinformation, foreign adversaries are playing a long game, and we’re still catching up.

Rahmati’s case is a textbook example of an insider threat, the kind that keeps cybersecurity experts awake at night. In 2024, 83% of companies reported insider attacks, with costs averaging $4.99 million per breach. These aren’t just disgruntled employees; they’re often calculated operatives, like Rahmati, who blend in while exploiting trust. His access to FAA contractor systems gave him a golden ticket to sensitive data, which he smuggled to Iran on removable drives.

What’s worse, detection took years. Insider breaches can linger for 292 days before containment, and Rahmati operated undetected from 2017 to 2024. This isn’t just a failure of technology; it’s a failure of vetting and oversight. How does a man with ties to Iran’s Ministry of Intelligence waltz into a role with access to our National Aerospace System? The answer lies in lax security protocols and a naive trust in background checks.

Advocates for open borders and relaxed immigration policies argue that cases like Rahmati’s are rare. They’re wrong. The 2025 National Counterintelligence Strategy warns of growing cooperation among Iran, China, and Russia, who exploit our openness to embed agents. Rahmati’s university ties to a senior Iranian official should’ve raised red flags, but our system failed to connect the dots.

Iran’s espionage isn’t new, but its audacity is escalating. In 2025, Iranian hackers targeted UAE aviation entities, using phishing and ransomware to gather intelligence. Rahmati’s case shows they’re not just hacking from afar; they’re recruiting insiders to do their dirty work. His trips to Iran, where he met intelligence operatives, reveal a sophisticated operation that blends human intelligence with cyber tactics.

The aviation sector is a prime target. Recent breaches at the International Civil Aviation Organization exposed data on 11,900 safety specialists, showing how state actors prioritize intelligence over disruption. Iran’s interest in FAA data, from radar to air traffic control, suggests a strategic aim: weaken our defenses, map our systems, and prepare for future conflicts. This isn’t hypothetical; it’s happening now.

Those who downplay Iran’s threat, often citing diplomatic overtures, miss the point. Tehran’s regime has no interest in playing nice. Its cyberattacks, influence campaigns, and now insider espionage are designed to exploit our vulnerabilities. Rahmati’s betrayal proves that diplomacy alone won’t deter a regime that thrives on deception.

The Rahmati case demands accountability. Our counterintelligence must evolve, starting with stricter vetting for anyone accessing critical infrastructure. The FBI’s Joint Terrorism Task Force and Fusion Centers are steps in the right direction, but they’re underfunded and overstretched. Recent moves to downsize intelligence operations, including pausing election security, signal a dangerous complacency.

Private industry, which owns much of our infrastructure, must step up too. FAA contractors like Rahmati’s employer failed to monitor his data downloads. Privileged Access Management and continuous behavioral monitoring could’ve caught him sooner. The solar industry, another target of Rahmati’s espionage, lost $1.12 billion to IP theft in 2024. If we can’t protect our innovations, we’re handing adversaries the keys to our future.

International cooperation is critical, but it’s not enough. The Five Eyes and Quad alliances are vital for sharing intelligence, but allies like Japan and Australia lag in vetting reforms. We can’t rely on others to secure our systems. America must lead, with policies that prioritize national security over bureaucratic inertia or political correctness.

Rahmati’s sentencing in August 2025, with a maximum of 15 years, is a start, but it’s not justice. The damage is done, and Iran’s got the blueprints to our skies. We need a wake-up call, not a slap on the wrist. Policymakers must overhaul contractor oversight, mandate real-time monitoring, and impose harsher penalties for espionage. Anything less is an invitation for the next Rahmati.

The American people deserve better. Our aviation, energy, and tech sectors are under siege, and foreign agents are exploiting our trust. We can’t afford to wait for another breach to act. Strengthening our defenses, from vetting to cybersecurity, is the only way to reclaim our security and send a message to Tehran: your spies have no place here.