The Cipher Brief

DEEP DIVE — On the night of June 20, 2025, the Nigerien village of Manda became the stage for one of the deadliest massacres in the Sahel in recent memory. As dozens of worshippers gathered at a mosque for evening prayers, militants from the Islamic State’s Sahel Province encircled the village and opened fire without pause. Bullets tore through the congregation, killing at least 71 men, women, and children and wounding dozens more.

Survivors later recalled the horror of lying motionless beneath the bodies of neighbors and relatives to avoid being shot, while houses were torched and families scattered in the chaos. The bloodshed was not only an assault on a remote community in Tillabéri, but a stark signal of how deeply jihadist violence has penetrated this once quiet borderland.

In the span of a few hours, Manda joined the growing list of towns and villages reduced to symbols of terror, underscoring the reality that groups like Islamic State in the Sahel now operate less as rogue insurgents than as entrenched power brokers whose reach stretches across Niger, Mali, and Burkina Faso. For the United States, the massacre is more than a humanitarian catastrophe — it is a sobering reminder that the doctrine of forward defense faces its most formidable test yet in Africa’s most fragile frontier.

“The threat from Sahelian jihadists is really two-fold,” Caleb Weiss, editor of FDD’s Long War Journal, tells The Cipher Brief. “They are destabilizing wider West Africa, particularly the Gulf of Guinea states, which have been firm U.S. and Western allies. And secondly, there is worry about European security if jihadis in the Sahel are allowed to operate freely. The Sahel can become a base of operations from which to launch or even sponsor attacks into continental Europe.”

Hans-Jakob Schindler, Senior Director of the Counter Extremism Project, frames the problem in similarly stark terms.

“There are two primary terrorist threats that can be identified,” he tells The Cipher Brief. “First of all, the rapid expansion of the al-Qaeda affiliate JNIM as well as the ISIS affiliates ISSP and ISWAP in the Sahel region has destabilized several countries, in particular Burkina Faso, Mali and to a growing extent also Niger, with continuing serious security problems in the North of Nigeria.”

From Margins to Mainstream: The Rise of Sahelian Jihadism

The massacre in Manda reflects a decade-long unraveling of state control. The collapse of Libya in 2011 unleashed vast armories and fighters into the desert, reigniting dormant rebellions and enabling extremist groups to entrench themselves in northern Mali. The Malian state itself fragmented in 2012 following a coup, allowing jihadist coalitions to seize major northern cities.

Over time, groups splintered and reformed. Jama’at Nusrat al-Islam wal Muslimeen (JNIM), an al-Qaeda affiliate, emerged in 2017, while the Islamic State in the Greater Sahara (ISGS) evolved into the Islamic State’s Sahel Province. These factions began imposing taxes, adjudicating disputes, and governing their respective territories. According to Vision of Humanity, the Sahel accounted for 51 percent of global terrorism deaths in 2024, with nearly 25,000 conflict-related fatalities — a near tenfold increase since 2019.

Liam Carnes-Douglas of the Terrorism Research & Analysis Consortium (TRAC) says the rise reflects more than battlefield victories.

“Some of the most urgent threats posed by Sahel-based jihadist groups stem from the destabilization of key regional partners,” he tells The Cipher Brief. “Once among the strongest U.S. allies in counterterrorism, these governments have shifted rapidly from fragile democracies to military juntas, fueled in part by the failures of Western-backed security initiatives. That has sidelined the United States as anti-Western sentiment grows.”

Andrew Lewis, president of the operational intelligence firm Ulysses Group, agrees that the power vacuum extends beyond the battlefield.

“In the truest sense, the U.S. has limited national security interests in the region. But we do have resource and energy interests that underpin our national security strategy — particularly in Niger, Mali, and Burkina Faso,” he tells The Cipher Brief. “The control of trade routes, ports, and export conduits of critical minerals is a strategic concern. We would like to see JNIM, ISIS, and their affiliates contained before they threaten those supply chains.”

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Tactical Adaptation and Regional Spillover

Over the last eighteen months, jihadist groups in the Sahel have evolved their tactics in ways that suggest a larger ambition. Motorcycles enable lightning raids across ungoverned stretches. Drone warfare — once limited to surveillance — has evolved into an offensive capability. JNIM has carried out more than 30 confirmed drone strikes since late 2023.

“Both al-Qaeda’s JNIM and the Islamic State’s Sahel Province have deployed suicide drones,” Weiss noted. “They’re also utilizing Starlink to stay connected in remote areas. Helping counter drones, exploiting Starlink’s vulnerabilities, and shutting off externally sourced financing would help the region tremendously.”

Carnes-Douglas also warns that “rapid technological advancements are increasingly shaping warfare.”

“Drones and Starlink-enabled communications stand out as particularly transformative, yet both regional security forces and U.S. capabilities lag significantly behind,” he continued, pointing out that lessons from Ukraine “demonstrate how these technologies are quickly adapted for combat,” and their proliferation “signals that warfare in the Sahel is entering a transitional, high-tech phase.”

Schindler underscores a connected, transnational risk.

“The Sahel region is also a key network hub for the international drug transportation pipeline of Hezbollah-linked drugs that are transported from South America via West Africa to Europe for sale there,” he explained. “This pipeline directly funds Hezbollah’s activities in Lebanon. Given the central role that the U.S. is playing in the current negotiations between Hezbollah and Israel, this income stream for Hezbollah will continue to ensure that this terror group will be able to continue to fund its activities both within Lebanon and beyond.”

Across Niger, Mali, and Burkina Faso, militants are consolidating control.

“Islamic State in the Greater Sahara has long used the tri-border area to evade interdiction,” Carnes-Douglas explained. “That makes coordinated regional responses not just useful but necessary.”

The violence, however, is also spilling outward.

“Sahelian jihadis are now inching closer to Senegal,” Weiss said. “They’re creating a jihadist land bridge between the Sahel, littoral West Africa, and Nigeria — effectively one large area of jihadist operations encompassing a significant chunk of the continent.”

This expansion also has a sectarian dimension. Lewis surmised that more than 50,000 Christians have been murdered in Nigeria since 2009, “with more than 7,000 killed in 2025 alone.”

“It’s difficult to assess the true scale of persecution Islamist militant groups are carrying out,” he underscored. “But it’s happening.”

Schindler also highlights an alarming operational trend: “Currently they are not only able to conduct multi-layered attacks against single targets (such as a military camp) but also to conduct simultaneous and coordinated attacks on multiple targets across relatively large geographic areas.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

U.S. Policy Today: A Detachment Problem?

For years, the U.S. viewed the Sahel as a key front in counterterrorism, maintaining drone bases and training missions in Niger. But the 2023 coup upended that equation. Washington froze over $500 million in aid and limited cooperation even as the junta expanded ties with Russia’s Wagner Group. The result is a fragile balance between limited engagement and strategic erosion.

“Outside of JSOC, U.S. efforts in the region have been marginal at best. That’s evident in the surge in violence and the formation of the Alliance of Sahel States, which pivoted away from the West to Russia,” Lewis said. “None of our 333 programs in the region has dented terror operations. We rely heavily on intelligence-led frameworks but have very little real-time intelligence since withdrawing key assets from Niger.”

Carnes-Douglas echoes that concern. “American counterterrorism efforts have achieved tactical successes but strategic failures,” he observed. “Short-term gains from drone strikes or training are constantly undermined by state fragility, coups, and shifting alliances.”

Moreover, while France’s drawdown from Operation Barkhane — the 2014–2022 French-led counterterrorism campaign across the Sahel that deployed more than 5,000 troops to combat Islamist insurgencies in Mali, Niger, and Chad — created a vacuum, “the U.S. has not yet developed a sustainable replacement strategy,” Weiss stressed. “There are some indications the U.S. has resumed limited intel support to Sahelian juntas, but nothing that matches previous levels of engagement,” he continued.

Schindler argues that the disengagement itself has worsened the crisis.

“Although a lot of criticism has been levied against the UN, EU and US counter terrorism operations in West Africa and the Sahel in the past, the current situation, in which the UN, the EU and the US have largely disengaged from the region clearly demonstrates that overall, the counterterrorism efforts had been successful in stemming the tide of terrorist expansion in the region,” he said.

A Strategic Imperative: What Must Washington Do Next

Analysts emphasize that the path forward requires reimagining engagement. Weiss argues that U.S. support should focus on technology denial and intelligence integration, not just kinetic strikes.

“Helping counter drones, exploiting the use of Starlink and the data vulnerabilities therein, and helping to shut off externally sourced financing would help the region tremendously,” he said.

Washington, Lewis highlighted, must also think pragmatically about force posture.

“If we want to contain JNIM and ISIS, the focus should be on protecting the coastal regions with ISR and targeted strikes where success is measured by territory denied, not by how many host forces we train,” he said. “But that requires basing rights, logistics, and political will, and China and Russia hold significant leverage over potential host countries.”

Indeed, Beijing’s influence looms large.

“China has financed major ports, railways, and industrial projects across Ghana, Côte d’Ivoire, Nigeria, and Senegal,” Lewis explained, noting that this gives it immense leverage to counter U.S. influence and deny access to infrastructure critical for forward operations.

Carnes-Douglas, meanwhile, advocates for a recalibrated diplomacy that acknowledges political realities.

“Although U.S. foreign policy appears to be shifting away from involvement in these conflicts, Washington should recommit pragmatically to directly limit jihadist groups’ ability to threaten American interests,” he asserted. “This, in turn, would form stronger relationships with the newly formed governments and in turn could be an industrial and economic boon, as well benefiting all partners.”

Schindler proposes a containment-first approach, prioritizing direct engagement with the littoral Gulf of Guinea states.

“One primary goal should be containment, ensuring that the expansion of terrorist activities and control in the region does not affect additional countries, in particular the littoral states of the Gulf of Guinea,” he said.

The slaughter at Manda, the border ambushes, the drone blitzes — all are signs of a metastasizing threat.

“Through the increasing influence and power of these terrorist affiliates in the Sahel region, the threat to US interests in the region, as well as potentially to the US homeland, is increasing in parallel,” he added.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Putin’s Strategic Failure: How the Ukraine War Is Eroding Russia From Within

And there is one sure thing about the fall of gods: they do not fall a little; they crash and shatter or sink deeply into green muck.

- John Steinbeck, East of Eden

Evil people don’t have songs. How is it, then, that the Russians have songs?

- Friedrich Nietzsche, Twilight of the Idols

OPINION -- The war that Russian President Vladimir Putin started in Ukraine may finally be turning in a direction that will result in Russia’s defeat as the strategic tide seems to be turning against Putin.

Russian casualties in Ukraine continue to mount as the Ukrainians are now effectively taking the war to the Russian Federation. Russia’s wartime economy is starting to show signs of strain, and evidence may be emerging that discontent with Putin leadership is starting to grow in some of Moscow’s elite circles.

One hopes that when he returns from his Asia trip, President Trump will turn his focus to the actions of his erstwhile friend Putin. This is a good time to soberly assess Russia and Putin’s current situation and the prospect that Russia might be on a path to losing the war they started.

In recent weeks, there have been a number of reported incidents of Russian drone and aircraft incursions over neighboring states, including the airspace of NATO members. In an escalation of nuclear saber rattling, Putin has tested a Burevestnik cruise missile, a Poseidon nuclear capable “super-torpedo” and conducted large-scale nuclear drills.

These are signs of weakness not strength and are certainly designed to intimidate leaders in the West—including President Trump—to reduce military and economic support to Ukraine. Putin’s strategy with regard to Trump again seems to have backfired with Trump announcing that the U.S. will resume nuclear testing after a pause of more than thirty years.

President Trump also made public the fact that the U.S. has nuclear capable submarines stationed off Russia’s coast. This is not the revelation of a strategic or military secret — just a reminder to Putin (and Russia’s elites) that the U.S. is a strategic nuclear power and Putin’s use of a nuclear weapon would result in the destruction of the Russian Federation and his kleptocracy.

Some Ukrainian leaders believe that there is a number of Russian casualties they can inflict that would bring about the collapse in the fighting effectiveness of the Russian army in Ukraine. While hard data on Russian casualties is difficult to gather, credible estimates put Russian combat deaths at over 200,000 and total casualties at over 1.1 million - many of those killed in 2025 as a result of Russia’s strategy of fighting a war of attrition using outmoded tactics to gain territory that can be measured in tens of kilometers.

Ukrainian leaders also believe that taking the war to the Russian people will have an impact on Moscow’s ability to sustain the invasion. Ukraine has done this effectively in recent months, even without Tomahawks.

Ukraine has used targeting data and weapons supplied by the West (Storm Shadow/SCALP cruise missiles and ATACMs) to strike targets deep inside of Russia. These weapons combined with Ukrainian long-range drone capabilities (and ingenious operations such as SPIDER WEB) are taking the fight to the Russian Federation and making the war visible to the average Russian, despite efforts by Russian state-controlled media to push the false narrative that Russia is winning the war.

The economic impact of strikes against Russian energy infrastructure is beginning to be felt outside of Moscow as Russia diverts available energy from the regions to keep Moscow supplied. There are shortages and energy price hikes that the Kremlin can no longer conceal.

Russia’s economy is also suffering the impact of more effective and comprehensive sanctions on Russian energy production and sales. European purchases of Russian hydrocarbons are diminishing and the U.S. has levied new sanctions on Rosneft and Lukoil and a number of their subsidiaries. This will have an impact on the network of oligarchs that support Putin. Inflation is also rising at an 8 percent increase year on year. There is scarcity of critical parts affecting the production of things like automobiles, aircraft and consumer appliances. It is only technology provided by China that keeps Russia’s defense industrial base functioning.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Even this may be less sustainable in the long run if there is any truth to reports that Trump and Chinese President Xi Jinping had productive conversations on ending the war. (I’m personally skeptical that Xi will do much to disappoint his partner and friend, Putin.)

There are also unconfirmed reports of growing discontent among Russian elites. A number of media sources now suggest that Mikhail Khordokovsky may be trying to organize a coup to remove Putin from power. It was only about 18 months ago that Yevgeniy Prigozhin launched a rebellion that saw his forces moving with surprising speed and success toward Moscow. Apparently in some circles in Russia, Putin is derisively referred to as the “moth.” And since Putin invaded Ukraine in 2022, an estimated one million Russians, mostly youth, have emigrated, creating a brain drain and, together with military casualties, exacerbating a labor shortage.

The situation is increasingly bleak. Finland and Sweden have joined NATO - turning the Baltic into a NATO lake. Ukrainian strikes have driven Russia’s Black Sea fleet from the eastern reaches of the Black Sea undermining Russian naval power. Europe is rearming and defense spending in NATO states is moving toward compliance with Treaty requirements or beyond. The alliance itself has been given new purpose.

Putin has destroyed any possibility of peaceful accommodation with Ukraine and in the process, has created a nation that will move inexorably toward a Western political and economic model. This is a strategic failure of Putin’s that cannot be undone.

Subscriber+Members have exclusive access to the Open Source Collection Daily Brief, keeping you up to date on global events impacting national security. It pays to be a Subscriber+Member.

In other areas of the former Soviet Union, Russian influence continues to wane.

Azerbaijan and Armenia have agreed to a U.S.-brokered peace agreement. Kazakhstan is showing new political and economic independence. Putin’s ally Iran has suffered significant setbacks at the hands of U.S. ally Israel. Putin’s friend and supporter Bashar al Assad lost his hold on power in Syria and is in hiding in Moscow. The U.S. has led peace efforts in the Middle East as Moscow has been sidelined.

Now is the time for decisive action to end the conflict in Ukraine.

The action needs to take place on three levels: political, economic and military.

As discussed at the recent Cipher Brief Threat Conference in Sea Island, Georgia, the West has yet to meaningfully coalesce international political support behind Ukraine beyond gatherings of European and or NATO leaders. The U.S. should sponsor a global meeting of heads of states from around the world to decisively declare support for Ukraine, brand Russia and Putin as the aggressor in the conflict, and call for Russian withdrawal, payment of reparations for war damage and remand war criminals to justice. The simple message should be, “Mr. Putin, end this war!”

Secondly, the U.S. and the West need to increase further pressure on Russia’s economy to weaken Russia’s ability to prosecute the war.

And thirdly, military support to Ukraine needs to be increased, particularly in air defense technology and the delivery of systems that allow Ukraine to continue to take the war to the Russian Federation and make Russians feel the pain of the conflict. A concerted effort on these fronts will almost certainly lead to Putin’s demise and the end of the war.

Putin and his Foreign Minister Sergey Lavrov constantly talk about the need to address the ”root causes” of the conflict. Quite simply, Putin is the root cause of the conflict and addressing his delusions of empire is the surest way to end it. That can’t come soon enough for the brave people of Ukraine and the world.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Inside Xi Jinping’s Military Purge: Loyalty, Power, and Taiwan

OPINION — Last week’s Fourth Plenum of the Chinese Communist Party witnessed a purge of China’s senior military leaders, culminating in over two years of the removal of senior military officials once loyal to President Xi Jinping.

The last two defense ministers – Wei Feng he and Li Shangfu – were removed in October 2023 and June 2024. And now, He Wei Dong, Vice Chairman of the Central Military Commission (CMC) was expelled from the Party and Military for “serious violations of Party discipline.” Admiral Miao Hua, Director of the CMC’s Political Work Department (responsible for the political/ideological work in the military) was removed from the CMC in June 2025 and later officially expelled.

The list goes on and on: Lin Xiangyang, Former Commander of the Eastern Theatre Command; Wang Houbin, Former Commander of the PLA Rocket Force; Wang Chunning, Former Commander of the People’s Armed Police. These are just three of eight or nine senior military officers purged in October 2025.

Purges of senior officials are not new to China. On July 1, 1989, Zhao Ziyang was removed as the Party’s General Secretary -- and Vice Chairman of the CMC -- for supporting the students during the June 1989 Tiananmen Square demonstrations, and on July 1, 1987, Hu Yaobang was removed as the Party’s General Secretary for supporting the students who were demanding more democracy. Deng Xiaoping accused Mr. Hu, a former protégé of his, of “bourgeoise liberalization.”

And in 1971, Lin Biao, Vice Chairman of the Chinese Communist Party and his wife, Ye Qun, planned the assassination of Chairman Mao Zedong, to replace Mao as the supreme leader. The plot was discovered and Lin Biao died in an airplane crash as he was fleeing for his life.

Many of the recently purged generals, including He Weidong and Admiral Miao Hua, worked in the 31st Group Army stationed in Fujian Province during the 1970s and 80s. This region is the front line for any potential military operation against Taiwan. In fact, He Weidong later served as commander of the Eastern Theatre Command from 2019 to 2022, the unit responsible for operations concerning Taiwan.

General He was a member of the Communist Party’s Politburo and Vice Chairman of the CMC, the third highest-ranking military official in China. His professional prominence was also due to his association with Xi Jinping, but in October 2025, General He and eight others senior military officers were expelled from the Communist Party and the military. They in fact were referred for criminal prosecution on charges of corruption and “serious violations of discipline and law.”

General He and the other purged generals all had connections to Fujian and the former Eastern Theatre Command commander Lin Xiangyang and Navy Admiral Miao Hua. It would be fair to assume that these senior military officers disagreed with some of Mr. Xi’s policies toward Taiwan.

Given the importance of Taiwan for Mr. Xi and the Communist Party, a disagreement with seniors in the military over Taiwan could develop into an issue that affects the inner workings of the Party. Mr. Xi has consistently refused to renounce the use of force to bring Taiwan under its control and continues to conduct military exercises near Taiwan. Mr. Xi maintains, however, that “peaceful reunification” is preferable but reserves the option of using force, particularly in response to “external forces” or “separatist activities” in Taiwan.

Hopefully, Mr. Xi will pursue a policy of peaceful reunification with Taiwan and immediately halt military exercises and related activities to intimidate Taiwan.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

From the Caribbean to Jalisco, Trump Takes Aim at Cartels — But Will He Strike the Kingpins?

DEEP DIVE — Eight weeks ago, Secretary of State Marco Rubio went to Mexico City, the epicenter of the global illegal drug trade, and declared, “The president of the United States is going to wage war on narco-terrorist organizations.”

Since then, the administration’s military counter-drug offensive in Latin America and the Caribbean has destroyed at least 15 small boats and killed at least 61 people – but none of them were drug kingpins or senior, irreplaceable figures in the transnational organized crime cartels that make and move fentanyl and other lethal opioids that have killed hundreds of thousands of Americans.

“Targeting fast boat operators will not stop major drug trafficking kingpins from sending multi-ton quantities of drugs to our country and around the world,” Michael Chavarria, a former DEA supervisor who spent 26 years investigating drug cartels in Mexico, the Caribbean and the Southwest border, told The Cipher Brief. “The drug trade is the most profitable business in the world, without equal. The minions currently targeted on the high seas will continue risking their lives because kingpins pay them more than they could ever earn pursuing legal options. Now, on the high seas, they’re being extrajudicially murdered, in a campaign that will have no impact on the global drug trade.”

Like other veterans of the DEA, Chavarria suspects that if the boats blown up so far contained contraband, it was likely marijuana or cocaine, a stimulant manufactured in Colombia from coca plants grown in Colombia, Peru and Bolivia. Many of the small boats plying the Caribbean are believed to be supplying the European market, where cocaine brings double or triple U.S. prices. While hardly benign, cocaine is not considered a major overdose danger, and it has fallen out of fashion among many American drug users, who have increasingly turned to far riskier substances — particularly fentanyl, a synthetic opioid painkiller much stronger than heroin, and the synthetic stimulant methamphetamine. Both are manufactured mostly in Mexico, in cartel “superlabs,” with precursor chemicals imported from China and India.

“I doubt these decisions [to attack small boats] involve input from DEA leadership, who I believe serve the American public as best as resources allow,” Chavarria said. “Instead, let’s focus on the Chinese fentanyl sources responsible for threatening our citizens’ lives. The new deadly triangle is China-Mexico-United States.”

Despite objections from Congress, legal scholars and foreign governments, President Trump has announced he may soon authorize strikes inside Venezuela. Many experts believe his agenda in that country is about forcing President Nicolas Maduro out of office, rather than stopping drugs, because Venezuela is not known for producing massive quantities of illegal drugs. The U.S. government's most authoritative annual intelligence assessments – the Drug Enforcement Administration’s National Drug Threat Assessment and the State Department’s International Narcotics Control Strategy Report – characterize Venezuela as a transshipment hub. Maduro himself and a number current and former Venezuelan officials were indicted in 2020 for conspiring with Colombia’s leftist FARC insurgents to transport cocaine produced in the guerillas’ jungle labs in Colombia.

The problem is in Mexico

The world’s richest, most powerful drug lords are Mexican citizens, with well-armed private armies, dynasties and bases of operations nestled deep in the Mexican countryside. Mexican president Claudia Sheinbaum has absolutely ruled out the idea of American boots on Mexican soil. Will the U.S. defy her wishes by ordering American armed drones or special operations teams into Mexico to conduct unilateral commando raids? So far, Trump and his senior advisors have not signaled that such incursions are imminent – but they’ve never said never. In Ecuador two months ago, Rubio said the administration would continue to target and kill suspected traffickers without their homelands’ consent, if those countries didn’t participate in Trump’s new war on drugs by mounting their own attacks on cartels. “For cooperative governments, there’s no need because those governments are going to help us,” he said. “They’re going to help us find these people and blow them up, if that’s what it takes.”

Mexican security forces have repeatedly tried and failed to arrest El Mencho, real name Nemesio Rubén Oseguera Cervantes, Mexico’s kingpin of kingpins. Oseguera is the 59-year-old founder and leader of the Cartel de Jalisco Nueva Generación (CJNG), Mexico’s, and the world's most successful and feared organized crime enterprise. The CJNG, which emerged from the western state of Michoacán, famed for its avocados, is now a multinational billion-dollar business with a presence in nearly every state in the U.S.and at least 40 countries, according to DEA’s National Drug Threat Assessment. The U.S. has put a $15 million bounty on Oseguera’s head.

“The CJNG is probably the wealthiest criminal group in the world, maybe even more than the IRGC [Islamic Revolutionary Guard Corps] in Iran,” Paul Craine, formerly DEA’s regional director for Mexico, Central America, and Canada, told The Cipher Brief. “It’s the biggest terrorist organization in the Western hemisphere. The CJNG is now right on the border, which no one ever expected. Plus, they have the U.S. infiltrated with their elements for smuggling guns, drugs and other businesses.”

Reward poster for information leading to the arrest and/or conviction of “El Mencho”. (State Department)

In second place is the older, fragmented but still powerful Sinaloa cartel. Sinaloa cartel leaders Ivan Archivaldo Guzmán Salazar and Jesus Alfredo Guzmán Salazar, known as the Chapitos, are sons of the infamous cartel founder Joaquín "El Chapo" Guzmán, now serving time in a U.S. prison. They are credited with creating the fentanyl craze by promoting it in their distribution systems, alongside cocaine, meth and marijuana. The U.S. is offering rewards of $10 million apiece for them.

In an interview with The Cipher Brief, Rep. Dan Crenshaw, R-Tex., who recently led the Congressional task force on cartels to Mexico to confer with Sheinbaum’s senior security officials, said he would not advise Trump to try a unilateral incursion on Mexican soil without that nation’s full agreement and active participation. Such an act would explicitly violate the two nations’ joint agreement signed last month pledging “respect of sovereignty and territorial integrity.” Both nations promised to fight drug trafficking and other crimes “each in our own territory,” Mexican foreign secretary foreign secretary Juan Ramon de la Fuente emphasized.

To dismantle the cartels and destroy their sanctuaries in Mexico, Crenshaw, a former lieutenant commander in the Navy SEALs, and other members of Congress are pushing for a massive joint U.S.-Mexico initiative modeled on the U.S.-Colombian military-intelligence relationship in the 1990s and early 2000s. In those operations, Colombian commandos were the point of the spear, with advisors and trainers from U.S. special operations, the Central Intelligence Agency, National Security Agency and the U.S. Drug Enforcement Administration working behind the scenes, providing training, communications intercepts, human intelligence, tracking technology, financial analyses and other technical assistance. As a result, in 1993, the joint effort tracked signals from a radio phone wielded by legendary Medellin cartel founder Pablo Escobar to the roof of a dingy building in downtown Medellin. A Colombian military marksman shot him dead. The rest of the Medellin cartel crumbled. By 1995, the Cali cartel had fallen. FARC guerillas soon stepped into the breach by setting up jungle labs and taking over the cocaine manufacturing business. The CIA covertly supplied U.S.-made precision-guided munitions that the Colombians used in a series of air strikes that decimated the FARC leadership. In 2016, surviving FARC guerillas made a peace accord with Bogotá and agreed to demobilize.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

What the fight would look like

Any commando team that tries to take on Mexico’s drug bosses and their large, well-armed paramilitary forces can expect ferocious resistance financed by very deep pockets. CJNG territory covers thousands of square miles in the western Mexican state of Michoacán, where Oseguera was born, and in neighboring Jalisco state. His domain is rugged countryside, dotted with ranches and laced with hidden trails, caves and mines. Oseguera has even built his own hospital, according to DEA intelligence, so he can undergo treatment for chronic kidney disease.

The Chapitos are similarly well-protected in Sinaloa state. Experts warn that a joint Mexican-U.S. special operations assault would raise the specter of possible “blue-on-blue”or “green-on-green” firefights a with corrupt elements of Mexico’s security forces defending the narco leaders. “They travel in hordes of security,” says a senior DEA agent who has investigated them for many years. “And not just hordes of security, but you're talking about a paid-off military that's protecting them, paid-off police protecting them. The corruption is just so rampant, and this is why a lot of these people can't get caught.”

“Whether you call it counterterrorism or counterinsurgency, that is what we're dealing with in Mexico,” Crenshaw told the Cipher Brief. “They use terroristic tactics. They terrorize their own people. They are an insurgency, in the sense that they're integrated into every level of society, from government to their own military, to security, to pop culture… The Mexican military has some very, very elite units that I think would be respected anywhere in the world. But there's not many of them. They need more, and additional training, additional pipelines into those elite units. Basic aircraft, ISR [intelligence surveillance reconnaissance], close air support, things that are largely lacking. When they do go into these very dangerous areas and try to go after some of these dangerous kingpins, they're doing so without the kind of support that U.S. special operations would be used to.”

Violence on the Mexico-United States border continues to rise. Just 10 days into the month, nearly 21 homicides are recorded. On Monday, March 10, seven people are shot and killed in separate incidents. (Photo by David Peinado/NurPhoto via Getty Images)

The CJNG’s defenses are considered particularly militarized and formidable. According to current and former U.S. officials who have investigated the cartel, Mencho roams about his domain via four-wheel-drive convoys or small aircraft, always surrounded by large numbers of heavily-armed paramilitary fighters who wear insignia identifying them as FEM, Fuerzas Especiales Mencho or Grupo X, which specializes in fighting rival cartels. Like Osama Bin Laden, he avoids using phones and instead uses messengers.

For a commando team, armed drone or precision-guided munition to find Mencho and his party, precise GPS coordinates would be needed, and they’ll be hard to come by.

“He moves pretty often,” a U.S. expert who has recently assessed the kingpin’s vulnerabilities told The Cipher Brief. “So the intelligence on his location would have to be extremely good. Which it’s not.”

Whether surveillance drones could obtain reliable coordinates on Mencho’s position in real time is questionable. “Where Mencho is hiding they can hear drones coming,” the U.S. expert said. “It’s so quiet out there there’s no noise pollution. They’ve been successfully avoiding SEMAR’s drones for years.” SEMAR is U.S. military shorthand for a Mexican navy/marines special operations unit that has trained with the U.S. Navy SEALs and worked closely with the U.S.

The cartel has its own drone unit, called the Operadores Droneros, complete with badges. Cartel operatives also set up security cameras, like hunting cameras, to detect the presence of outsiders.

“They have a lot of early warning capability,” said Chavarria, who used to run the DEA’s office in Guadalajara, the capital of Jalisco, then ran investigations of the Gulf cartel out of Houston. “I don't think that we have the type of precise intelligence that would allow us to effect an operation. And even if it's available, it's time-sensitive, it's perishable. If you're not there on top of your objective, you're going to miss. And then there's going to be gunfights and a lot of innocent people are going to get killed. Mencho hangs out in cities, he bounces around because he's untouchable. He's got police escorts, he's got state cops and municipal cops protecting him. His men have ringed perimeters of security, where they're communicating with one another on various frequencies that are digitally encrypted. So it's very difficult for the U.S. to crack those encryptions, and obviously for the Mexican security forces as well.”

According to Chavarria and other current and former officials, the CJNG has extensive counter-surveillance capabilities. Cartel security officers, known as sicarios, literally, assassins, issue mobile phones with heavily encrypted voice-over-internet and radio-over-internet apps to hundreds of human lookouts, called halcones, meaning hawks, spies, who are under orders to report any strangers showing up in cartel territory.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Mexican security forces have been driven back every time they’ve tried to get close to Mencho. Notoriously, on May 1, 2015, a Mexican military helicopter that flew over his convoy in Jalisco state was shot down by the cartel paramilitary force with an Iranian-made rocket-propelled grenade and .50 caliber belt-fed machine gun. Nine Mexican soldiers and federal police died, and others were severely wounded. Rubén Oseguera González, AKA Menchito, Mencho’s California-born son and second-in-command, then 25, was accused of ordering the attack on the helicopter. The Mexican military and police mounted a massive operation to track him to a wealthy suburb of Guadalajara. Menchito was extradited to Los Angeles, prosecuted for violating U.S. drug laws, convicted last September and on March 7, sentenced to life plus 30 years in a U.S. prison.

The U.S. victory was short-lived. Mencho’s stepson Juan Carlos Valencia González, a California-born U.S. citizen who is the son of Oseguera’s wife, Rosalinda González Valencia and has emerged as Mencho’s heir-apparent. A leader in the cartel’s elite commando force, he’s known as R-3. The U.S. is offering a $5 million reward for him. ( His mother Rosalinda, AKA La Jefa, comes from a powerful cartel dynasty, the Valencias. Her uncle is Armando Valencia, AKA El Maradona, founder of the Milenio Cartel, the predecessor of the CJNG. A major player in her own right, Rosalinda spent time in a Mexican prison for money laundering but was released last February, according to news reports in Mexico.)

Sheinbaum has convinced many in Washington that she is sincere in her determination to break the power of the cartels, especially the CJNG, which has menaced her administration unceasingly.

In 2020, Sheinbaum’s trusted advisor Omar García Harfuch, then Mexico City’s chief of police, narrowly survived a CJNG assasination attempt. Sheinbaum was Mexico City’s mayor at the time. When Sheinbaum became president in October 2024, she named Harfuch national security minister and accelerated military raids on CJNG labs and other sites.

But so far, the cartel has proved stronger. Last March, Mexican soldiers and national guardsmen driving in a convoy near CJNG territory on the border between Jalisco and Michoacán states were ambushed, and six security force officers and three CJNG hitmen were killed. Three days later, security forces in the area were again ambushed, two of their number killed and the rest forced to retreat.

On May 1, exactly 10 years to the day after the helicopter downing, Oseguera staged a flamboyant retribution for the incarceration of his son Menchito. Iván Morales Corrales, a Mexican policeman who survived the crash, badly burned, was decorated as a national hero and testified against Menchito in the U.S. trial in Los Angeles, was gunned down with his wife while driving on a quiet street in a town far from the CJNG’s turf. This was an unmistakable statement that the cartel could reach anyone, anywhere, anytime.

David Cristobal Barraza Sainz, known as Commander "Nitro" within the Sinaloa State Police, was shot and killed after an attack that took place on Pedro Infante Boulevard at around 1:00 p.m in Sinaloa, Mexico on July 15, 2025. (Photo by Stringer/Anadolu via Getty Images)

Derek Maltz, who served as DEA administrator until June and before that ran the agency’s elite Special Operations Division for a decade, believes that if the Mexican army fails to mount more operations against the CJNG and other cartel strongholds, the Trump team will seriously consider unilateral operations, despite Sheinbaum’s vocal objections. “If the U.S. government doesn't perceive that Mexico has the will or capabilities to literally take them off the playing field, I wouldn't be surprised that the administration is looking at targeted strikes on the [cartel] leadership,” Maltz told The Cipher Brief. “ I would personally encourage it. The president has made it clear that he's going to place American families first, trying to keep everyone safe and secure. So if it means taking out some kingpins in the narco-terrorist world, I would fully support that.”

As a practical matter, a raid or two wouldn’t solve the problem. Mexico’s cartels, like major corporations, could survive the loss of a few key executives. “Killing Mencho would be significant, but it's not going to take out the organization,” Craine said. “You're going to have to have sustained operations against the whole network.”

A global syndicate of evil

The CJNG has built out a complicated and durable executive structure in recent years as it has gone global and diversified.

“Mencho is expanding around the world,” Maltz told The Cipher Brief. He and his allies “have recognized the threat to their business enterprise with the increased attention by the Trump administration. So they're adjusting strategies, realigning, identifying new partnerships, being strategic in some of their global routes and capitalizing on the market in different areas of the world.” Maltz and other DEA veterans say Mencho has cemented international alliances with organized crime syndicates, from motorcycle gangs in the U.S to the Japanese Yakuza. When the profits to be made from human trafficking dwindled due to the Trump administration’s crackdown on the border, the CJNG developed other robust cash streams, including stealing fuel from the Mexican oil company PEMEX and other energy outlets, extorting avocado farmers, and even smuggling mercury, a pricey, poisonous by-product of gold-mining, according to the DEA and news reports.

“The CJNG is the first international criminal conglomerate,” Craine said. “It’s the first ICC to operate worldwide and to have criminal control of legal commodities and services as well, such as oil, gasoline, minerals, chemicals, timber, government funding, infrastructure and resources, armed forces, weapons, politics, police services, judicial systems, international financial services, and so forth.”

What’s most alarming is the significant CJNG and Sinaloa cartel presence in the U.S.

“What we face today in Southern California is a full-scale infiltration by foreign criminal empires, the Sinaloa cartel and the Jalisco New Generation cartel – paramilitary organizations with global supply chains, corporate level logistics, and battlefield tactics,” Matthew Allen, DEA’s chief of operations, told the Senate Judiciary committee last June.

Allen testified that a few weeks earlier, a DEA team had raided an old warehouse in downtown Los Angeles, a few blocks from the agency’s big Southern California office. Hidden inside, the agents discovered, was a luxurious CJNG safe house with places for cartel operatives to lounge, a pool table, polished floors and, presiding over it all, a floor-to-ceiling mural of El Mencho, depicted in a bulletproof vest emblazoned with the CJNG insignia and Mencho’s personal symbol, a bloody cockfight.

It was, Allen said, “a shrine, not hidden in the jungle or some remote compound but right in the heart of the heart of America’s second-largest city. The message was clear: ‘We are here. We are among you’.”

Image of Cartel de Jalisco Nueva Generación safe house in Los Angeles.(DEA Official)

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

A Fragile Truce at the Durand Line: Will the Afghanistan–Pakistan Ceasefire Last?

OPINION — One of the most enduring security issues in South Asia has been rekindled by the recent border conflicts between the Taliban-led Afghanistan and Pakistan military regimes. Diplomatic efforts by Qatar and Turkey have resulted in a tenuous ceasefire after days of fierce fighting that claimed scores of lives on both sides, offering a little respite from the rising violence. However, talks for a lasting peace have since collapsed. The crisis reveals long-standing structural tensions along one of the most volatile frontiers in the world that have their roots in militant activity, historical enmity, and disputed sovereignty.

Escalation and Triggers of Conflict

Intense fighting broke out along several stretches of the 2,600-kilometer Afghanistan-Pakistan Durand line in early October 2025, especially close to Spin Boldak–Chaman and the Kurram tribal areas. Each side accused the other of starting the conflict. The Taliban-led government denounced Pakistan's retaliatory bombings as a violation of national sovereignty, while Pakistan asserted that militants connected to the Tehrik-i-Taliban Pakistan (TTP) were conducting cross-Durand line attacks from Afghan territory. According to reports, Pakistani air raids in the provinces of Kandahar and Paktika killed dozens of civilians. Taliban members retaliated by attacking a number of Pakistani military installations, with the opposing side suffering heavy losses. Afghan traders are losing millions of dollars every day as a result of the conflict's rapid disruption of humanitarian and commercial routes, which led to the closure of important Durand line crossings.

This breakdown was not the first. Pakistan has long accused the Afghan Taliban of harbouring the TTP, a group committed to destroying Pakistan's government but philosophically linked with Kabul's leadership. The Taliban have refuted these claims, stating that Afghanistan forbids the use of its territory against other countries. However, the Durand Line, from the colonial era, continues to function as a political and geographic fault line, trapping both sides in a never-ending blame game.

The Doha-Istanbul Ceasefire Agreement

An emergency ceasefire agreement was reached on October 19, 2025, following nearly a week of fighting, thanks to intensive mediation by Qatar and Turkey. Both parties committed to immediately stopping offensive operations, prohibiting cross-Durand line attacks, and setting up systems for ensuring compliance under the agreement. To address implementation and verification procedures, a follow-up meeting was planned for October 25 in Istanbul. The deal was heralded as a diplomatic victory, particularly since Turkey and Qatar, who both have comparatively open lines of communication with the Taliban leadership, were instrumental in facilitating communication between two regimes which do not trust one another.

Khawaja Muhammad Asif, the defence minister for the Pakistani military dictatorship, underlined that Islamabad would evaluate the truce based on the Taliban's capacity to control the TTP. "This agreement will be broken by anything coming from Afghanistan," he cautioned. The Taliban's stated position that Afghanistan "will not allow its soil to be used against any country" was reaffirmed by Zabihullah Mujahid, the regime's spokesperson. Although these declarations show official dedication, they conceal more profound disparities in ability and perspective. The Taliban government sees the threat as a matter of border integrity and sovereignty, whereas Pakistan primarily sees it through the prism of counterterrorism. It will take more than diplomatic words to bridge different viewpoints.

Istanbul Talks

The follow-up talks in Istanbul — intended to turn the Doha truce into an enforceable framework—ended without a resolution after four days of negotiations. Reporting from multiple outlets indicates that mediators could not bridge the gap over concrete action against TTP networks allegedly operating from Taliban controlled soil and over how to verify any commitments. Pakistani regime’s officials briefed that Kabul was unwilling to accept binding steps to rein in or relocate the TTP; Afghan sources countered that the Taliban does not command or control the TTP and rejects responsibility for cross-Durand line attacks.

On the eve of, and during, the Istanbul round, Pakistan’s defence minister publicly warned that failure would risk “open war,” underscoring how narrow the window is for diplomacy if violence resumes along the frontier. While he acknowledged the ceasefire had broadly held for several days, he framed the talks’ success as contingent on Kabul’s verifiable curbs on the TTP. Reports say talks in Istanbul have restarted in another attempt for a deal.

Key unresolved issues

First, TTP-focused measures: Islamabad sought explicit commitments (dismantling safe havens, detentions/relocations, or handovers of wanted militants), while Kabul insists it won’t allow Afghan territory to be used against neighbours but resists operations that might trigger internal backlash or fracture ties with sympathetic factions. No binding text on TTP was agreed.

Second, a verification and incident-prevention mechanism: negotiators discussed joint hotlines, third-party monitoring, or liaison teams stationed in cross-Durand line hubs to investigate incidents in real time. Talks stalled over scope, authority, and who would adjudicate disputes.

Third, the Durand Line: Pakistan has fenced large stretches and wants coordinated patrols and recognized crossing protocols; the Taliban does not formally recognize the Durand Line as an international boundary, making technical fixes politically sensitive. This gap persisted in Istanbul.

Fourth, trade and crossings: business lobbies on both sides pushed for a timetable to reopen Spin Boldak–Chaman and other checkpoints for normal commerce and humanitarian flows, but negotiators did not finalize sequencing (security steps first vs. parallel reopening).

Fifth, refugees and returns: Islamabad raised concerns around undocumented Afghans and cross-Durand line facilitation; Kabul pressed for humanitarian safeguards. No durable arrangement was announced.

Obstacles to Durable Peace

The structural issues threatening Afghanistan-Pakistan ties are still mostly unaddressed in spite of the truce. First, the ceasefire does not include militant organisations like the TTP. Their independence severely restricts the enforceability of the agreement. According to analysts, the Taliban are reluctant to use force to fight the TTP because of ethnic and ideological ties that make internal Afghan politics more difficult.

Second, monitoring is quite challenging because of the porous nature of the Durand-line. Pakistan has unilaterally fenced off significant portions of the Durand Line, whereas Afghanistan does not formally recognise it as an international border. Recurrent conflicts are exacerbated by this lack of mutual recognition, especially when it comes to security patrols and cross-Durand line trading.

Third, there is still an imbalance of interests. Attacks by militants coming from Afghanistan are the problem for Pakistan. Pakistan's repeated airstrikes and backing of anti-Taliban groups are the source of Kabul's resentment. Joint security coordination is hampered by these conflicting narratives.

Fourth, pressure from within both governments is increasing. While the Taliban in Afghanistan must strike a compromise between meeting external demands and preserving their credibility among nationalist and tribal factions, public annoyance in Pakistan has increased due to an increase in attacks on security forces. Internal resentment could result from any impression of giving in.

Last but not least, the economic aspect introduces another level of complication. Afghanistan relies significantly on cross-border trade through Pakistan for imports and transit to global markets. Significant financial losses and humanitarian difficulties have resulted from the bridge closures. Unless trade flows restart fully, the truce will have limited practical effects.

The Strategic and Regional Implications

There are wider ramifications for South and Central Asia from the crisis and the resulting truce.

Stability and militancy in the region: Should the truce fail, transnational militant networks, such as IS-K and al-Qaida elements, may gain more confidence. Resuming hostilities might destabilise the entire region, as these organisations flourish in uncontrolled border areas.

Taliban governance: The truce also serves as a litmus test for the Taliban's ability to govern. Global opinions of its legitimacy as a ruling power will be influenced by its capacity to maintain territorial control, interact diplomatically, and quell militant groups.

Realignments in diplomacy: The participation of Qatar and Turkey demonstrates how regional diplomacy is changing. Both nations have established themselves as go-betweens that can interact with the Taliban government without granting official recognition. Their mediation highlights a changing power dynamic in South Asia, where non-Western actors are having a greater impact on resolving disputes.

Economic and humanitarian impact: The conflict's humanitarian effects go beyond its security implications. Food and medical supplies have been disrupted by the closing of the Cross-Durand line, and the situation for displaced people on both sides of the frontier is getting worse. Maintaining peace will depend on reopening trade channels and making sure help is delivered.

The Road Ahead

The establishment of cooperative verification systems, a quantifiable decline in militant attacks, and the resumption of trade are important markers to keep an eye on. If any party breaks the agreement, the area can quickly revert to hostilities. It will be a careful balancing act for Pakistan to keep pressure on the Taliban without inciting escalation. The ability of the Taliban to control militant organisations while maintaining internal unity and sovereignty will be put to the test in Afghanistan. Supporting monitoring, communication, and de-escalation procedures is essential for regional partners, especially Qatar and Turkey, to continue their mediation efforts beyond symbolic diplomacy. As of October 28, the Istanbul process has adjourned without a deal, leaving these markers unmet and the ceasefire’s durability uncertain until verifiable steps are negotiated.

In the end, the ceasefire between Afghanistan and Pakistan serves as an example of the potential and vulnerability of regional diplomacy in a post-Western security context. In addition to bilateral discussions, broad regional collaboration tackling the interconnected problems of militancy, Durand-line governance, and economic interdependence will be necessary for a lasting peace. The willingness of both regimes to turn promises into tangible, verifiable action will determine whether this armistice develops into long-lasting stability or just serves as another brief break in a lengthy history of antagonism.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The War You Can’t See: Gray Zone Operations Are Reshaping Global Security

EXPERT PERSPECTIVE -- In the middle of the night, with no witnesses, a single ship flagged out of Hong Kong drags its anchor across the Baltic Sea. In silence, it severs a vital gas pipeline and the digital cables that link northern capitals. By morning, millions lose connectivity, financial transactions stall, and energy grids flicker on the edge.

The culprit vanishes behind flags of convenience, leaving blame circulating in diplomatic circles while Moscow and others look on, exploiting maritime ambiguity and the vulnerabilities of Europe's lifelines.

Meanwhile, in Warsaw and Vilnius, shoppers flee as flames engulf two of the largest city malls. Investigators soon discover the arsonists are teenagers recruited online, guided by encrypted messages, and paid by actors connected to hostile state agencies. The chaos sows fear, erodes social trust, and sends shockwaves through European communities—proxy sabotage that destabilizes societies while providing plausible deniability to those orchestrating the acts.

Thousands of kilometers away, Chinese dredgers and coast guard vessels silently transform disputed reefs into fortified islands in the South China Sea. With no declaration of war and no pitched battles, new airstrips and bases appear, steadily shifting maritime boundaries and economic interests. Each construction project redraws the strategic realities of an entire region, forcing neighbors and distant powers alike to reckon with incremental, shadowy coercion and efforts to change the status quo.

In early 2024, Chinese state-sponsored hackers, known as "Volt Typhoon," penetrated U.S data repositories and embedded themselves deep within the control systems of U.S. critical infrastructure, including communication networks, energy grids, and water treatment facilities.

Then-FBI Director Christopher Wray described it as a pre-positioning of capabilities by China that can be turned on whenever Beijing wanted - wreaking havoc and causing real-world harm to American citizens and communities. China has denied any connection to these attacks on U.S. sovereignty.

And just weeks ago, around 20 Russian drones violated Poland’s airspace. Russia’s denials were predictable and since then, Russian drones and jets have violated airspace in Romania, Estonia, and over the Baltic Sea.

Were these threats, tests of capability and resolve, provocations, or demonstrations—or maybe all of the above? Just as NATO will develop a set of lessons-learned for future incursions, it’s also likely that Russia learned from these episodes and will recalibrate future incursions.

Threaded almost invisibly through all of these gray zone activities, and countless others like them, is cognitive warfare—a persistent tool of our adversaries. It is an assault on cognition. The information and decision spaces are flooded with weaponized narratives, AI-powered disinformation, synthetic realities, and the coercive use of redlines and intimidation.

The goal is clear—deceive, change how we see the world, fracture societies, destroy faith in institutions and partnerships, erode trust, challenge and replace knowledge and belief, coerce and intimidate; and perhaps most importantly; undermine decision autonomy. It is here, in the crowded intersection of AI; cyber; traditional tools such as narratives and storytelling; and cognition; that today’s most urgent battles are fought.

These are all operations in the gray zone. We all use somewhat different terms for this, but let me share the definition of the gray zone that I think works well.

The gray zone is the geopolitical space between peace and war where adversaries work to advance their own national interests while attacking and undermining the interests of their adversaries and setting the conditions for a future war without triggering a military response.

We might refer to attacks in the gray zone as gray warfare. It is the domain of ambiguity, deniability, and incremental aggression calculated to limit deterrence and discourage persuasive response.

The 2026 Cipher Brief HONORS Awards are open for nominations. Find out more at www.cipherbriefhonors.com

Today, it is the space where global competition, particularly great power competition, is playing out.

Why are we seeing more gray zone activity today?

First, great power competition is intensifying. This includes great powers, middle powers, and impacts almost every other nation. Almost every nation has a role to play, even if involuntary: competitor, ally and supporter, enabler, spoiler, surrogate, or innocent bystander and victim. Like the African proverb says, “When elephants fight, it is the grass that suffers.”

But great powers will go to great lengths to avoid 21^st Century superpower conflict, primarily because of the fear of unintended losses and damage to national power that could take decades to recover. The catastrophic damage to nations and militaries from WWII are distant—but still vivid—reminders of the impact of a war of great powers.

Today, just look at the unprecedented loss of national power by Russia in indirect superpower conflict. Superpower conflict has consequences. Given these strategic considerations, the gray zone and gray warfare provide an effective strategic alternative to conventional war. Our adversaries have calculated that there are more gains than risks in the gray zone, and that any risks they do face are acceptable.

Second, technology levels the playing field, creating new opportunities for gray zone attacks. Cyberattacks, even those that are disrupted, lead to more effective cyber capabilities by our adversaries. AI-driven cognitive warfare now delivers persuasive content with unprecedented global access and immediacy. Small kinetic drones can be wielded by state and non-state actors to pose both kinetic and cognitive threats. Technology also enables adversaries to conceal their operations and increase non-attribution. Even simple technologies have the potential to generate strategic effects in the gray zone.

Third, surrogates and proxies offer expanded reach, ambiguity, and impact

Little Green Men, hired criminals, ghost ships, unknown assassins and saboteurs, and shadowy companies that help evade sanctions blur attribution, providing bad actors with a veneer of deniability while increasing their reach, impact, and lethality. On a broader scale, Houthi attacks on global shipping and North Korean soldiers fighting Ukraine elevate the effects of this ambiguous warfare to a higher level. This trend is likely to intensify in the future.

Fourth, it is important to address the direct impacts of Russia’s war on Ukraine on an increase in gray zone attacks. Russia’s significant loss of national power and limited battlefield gains have created pressure on the Kremlin to reassert relevance, project power, and potentially punish antagonists. This dynamic almost certainly means a continued escalation of gray zone activities targeting Europe and aimed at destabilizing the continent. Many experts believe the Baltics and the Balkans may be particularly vulnerable.

That Russian gray bullseye is crowded—the U.S. is also a traditional target, and more Russia activity to undermine and weaken the U.S. is coming, despite Putin’s offers of renewed diplomatic and economic cooperation.

Finally, there are more gray zone attacks because real deterrence and persuasive responses to gray attacks are challenging, and our adversaries know it. In other words, gray zone attacks in most cases are relatively low cost, often effective, provide a level of deniability, and frustrate efforts at deterrence and response.

Our adversaries have calculated that they can hide behind ambiguity and deniability to violate sovereignty, ignore national laws and international norms, and engage in activities such as political coercion, sabotage, and even assassinations without triggering an armed response.

This “no limits” approach exploits the openness, legal norms, and ethical standards of democratic societies, making coordinated, timely, and effective response more difficult.

So, what can we do?

The most important outcome of our actions is to change the risk calculation of our adversaries. Gray zone attacks that go unanswered reward our adversaries and reinforce the idea that there are more gains than risk in the gray zone and encourage more attacks. Further, our adversaries calculate, often accurately, that our reasonable concerns for avoiding escalation will lead to indecision, weak responses, or the acceptance of false choices.

We need improved and shared gray zone intelligence to see through the fog of disinformation, synthetic realities, false risks and threats, and an overload of information by our adversaries to understand what is taking place in the gray zone. This not only strengthens our operations to counter gray zone attacks but it helps our citizens, communities, and countries to understand, recognize, reject, and remain resilient in the face of gray zone attacks.

We have to employ “strategic daylighting” to expose and put into context the gray zone activity by our adversaries—stripping away deniability and laying bare nefarious and illegal actions—knowing that our adversaries will go to great lengths to conceal, defend, and attack our efforts to expose their activities.

We have to speak frankly and convincingly to our adversaries and of course, we have to back up our words with persuasive action. Empty warnings and rhetoric will fall short. Changing the risk calculation of our adversaries means real consequences across a broad spectrum—public, diplomatic, economic, legal, informational, or even kinetic. It means a strategy on how to respond - not just a series of hasty responses. Real deterrence will result from planning and strategy; not decisions in the moment based on immediate circumstances.

Finally, we need to think of deterrence and response as a team sport - an “Article 5 mindset.” Our adversaries will seek to divide and isolate. Collective, unified action and resolve can form a powerful deterrent.

Of course, none of this is new. All of us need a solid understanding of the problems and the likely best solutions and implementation remains the greatest challenge.

We can go a long way with a good strategy, good partners, and resolve which seems like a reasonable place to start.

This Cipher Brief expert perspective by Dave Pitts is adapted from a speech he recently delivered in Sarajevo. Comments have been lightly edited for clarity. All statements of fact, opinion, or analysis expressed are my own and do not reflect the official positions or views of the US Government. Nothing in my remarks should be construed as asserting or implying US Government authentication of information or endorsement.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Former CIA Station Chief on the Trump Administration’s Caribbean Strategy

EXPERT INTERVIEW — Secretary of War Pete Hegseth announced today that the U.S. has carried out three additional strikes on four sea vessels, bringing the total number of attacks on boats to 13, resulting in more than 57 deaths. The Secretary said 14 people were killed and one person survived yesterday’s attacks targeting drug traffickers.

The Secretary posted on X that, “The Department has spent over TWO DECADES defending other homelands. Now, we’re defending our own. These narco-terrorists have killed more Americans than al-Qaeda, and they will be treated the same,” warning of more strikes to come. “We will track them, we will network them, and then, we will hunt and kill them.”

The strikes come amid a major U.S. military buildup in the region, most recently bolstered by Secretary of War Pete Hegseth’s order last week for the USS Gerald Ford aircraft carrier and its escorts to deploy from the Mediterranean to Latin America. President Trump says he is also considering military action against land targets in Venezuela, a sentiment echoed recently by Republican Senator Lindsey Graham.

Experts on the region believe part of the counternarcotics campaign is aimed at pressuring Venezuelan President Nicolas Maduro to step down. The U.S. has recently suspended diplomatic efforts with Maduro’s government and the Venezuelan president has been directly accused by the U.S. of involvement in drug trafficking. And in a highly unusual move, President Trump publicly announced recently that he has authorized the CIA to conduct covert action in Venezuela.

Maduro has condemned the U.S. military activity, accusing Washington of “fabricating a new war” while vowing to defend national sovereignty.

The Cipher Brief spoke with former CIA station chief David Fitzgerald, who served in Latin America, at the 2025 Cipher Brief Threat Conference about the implications of the strikes and other forms of pressure on both the cartels and Maduro. Fitzgerald joined the conference live from Panama. Our interview has been lightly edited for length and clarity.

THE INTERVIEW

Kelly: Dave, you have deep expertise in the region and in understanding the drug cartels. With everything going on in the region right now, what's top of mind for you?

Fitzgerald: Regarding Venezuela specifically, it's an interesting situation and I think President Maduro feels like the pincer movement is coming in on him right now. He's feeling the pressure, no doubt, from the military actions in the Caribbean, and also from some of the declarations by President Trump. He doesn't have the support of his neighboring Latin countries that he would like, specifically Brazil - if you remember back when he was elected during the last time, his main ally in Latin America, President Lula, never recognized the election. So theoretically, none of his counterparts other than the ones from the countries everybody suspected would - Nicaragua, Cuba, and, at the time, Bolivia - had recognized the election and President Maduro as the president elect and now the president.

So he understands very well that if push comes to shove, if there's some type of military action vis-a-vis Venezuela, Russia, China, Cuba, even Iran is not going to come to his assistance. He's going to be out on his own and he's going to be very outgunned and outmatched by the U.S. military. [He has a] decrepit air force and a decrepit army. He also claims to have rallied 4 million militia members that are undergoing training to help defend Venezuela.

Kelly: President Trump has openly said that he has authorized covert activity in Venezuela. What does this mean? If you're Maduro, what is that message that you're taking from that? How does it change the situation?

Fitzgerald: I think we're all a little surprised by that announcement, which is very out of character for the IC to have a covert action finding actually being announced by the president of the United States. I guess on one hand he's just circumventing what would eventually happen, and that's having it leaked, which I think has happened to all of the other covert programs. On the other hand, I think it's part of that pressure campaign that Trump is putting on Maduro and I think he's really feeling squeezed. There have been recent media reports that Maduro has offered to provide natural resources to the United States to try to find a way out of the situation by accommodating President Trump by providing oil and some of the other rich resources that Venezuela has. But I think he [Maduro] understands that his plan B is going to get on a plane and go to Cuba, much as President Chavez was back in 2002 when he had a short-lived coup d'état attempt in Caracas. There are not many options for him at this time.

Kelly: This administration has made clear that part of the policy towards Venezuela is applying pressure which includes the targeting of suspected drug boats off the coast of Venezuela. With your decades of experience understanding what motivates the drug cartels and what doesn't, how do you think these attacks might shift their thinking, if at all? And I also want you to explain to us how the cartels are technology, reportedly, better than most other groups in the world. Is this true?

Fitzgerald: They're very sophisticated and vis-a-vis Venezuela, you actually have kind of a, I hate to use the word state-sponsored, but I will say state-approved cartels working in Venezuela. I don't know if we remember the days of Cartel de los Soles, which in English means the cartel of the generals, and that was so true back in the 90’s. The then head of the National Guard was under indictment [for involvement.] He's still under indictment. He has never left Venezuela since then.

Hugo Carvajal, who was General Carvajal, the head of military intelligence, fled to Spain around 2020-2021 because he had a falling out with Maduro. He was extradited to the U.S. back in ‘23. He pled guilty [to involvement in narcoterrorism and drug trafficking] in June of this year and is going to be sentenced at the end of this month. I know the guy personally, and I remember having these conversations with him and telling him, Hugo, one day this house of cards is going to come crumbling down and there's going to be a price to pay, right? He says, ah, no, no, no, no. And I think it's kind of that same atmosphere in Venezuela right now with the senior military officers. Maduro has done a good job of handling the military in the sense of the stick and the carrot, and they all understand that as long as they're true and loyal to Maduro, they're going to benefit from it, from their illegal activities, either allowing trafficking or corruption to take place or participating in it. So there's going to be more indictments, I think. There's no doubt Carvajal is making a plea with the U.S. attorney right now in order to lower his sentence.

You have that combined with what you see now in Colombia. Trump had called President Petro a narco trafficker and said he's cutting all narcotics assistance to Colombia. That's a blow to him, but it's also a blow to our efforts in the region because Colombia, as everybody knows, has been our strongest ally in this fight, both in the Counter-terrorism fight in the region and also in the counter-narcotics fight. So we're going to watch how this plays out.

Elections in Colombia are in May of next year. All polls indicate Petro really doesn't have a chance. I'm not sure whether this announcement will help him or not. Colombia's not doing well right now. The United Nations just last month announced that they have record cultivation of coca now in Colombia. They're producing more than they ever did even before we started our Plan Colombia back in the 90’s. So it's a worrisome situation.

Kelly: I'm glad you brought up Colombia because I was going to ask you about that.

I’ve also heard recently that the epicenter of the drug problem is in Mexico. Talk to us a little bit about that and about what you have seen work or not work, against drug cartels in Mexico.

Fitzgerald: The question has always been how do you declare victory? Okay, narcotics traffic is going to exist for the rest of time. It always has, right? So the question is how do you define victory over that target? Years back, I had a conversation with [former Colombian] President [Alvaro] Uribe and I said, “we’ve made great strides, a lot of great things have happened. How do you define victory over these trafficking and terrorist groups?” Back then it was the FARC and the ELN where they were a two for one, or both trafficking and terrorist groups.

He looked at me and said victory is when these problems stop being a national security problem, a threat to our national security, and just basically turn into a regular criminal problem. I think he nailed it on the head. In countries like Colombia, Venezuela, Mexico, all through Central America, these are national security problems. The corruption that it entails, the penetrations that the traffickers have made through all society. It is a threat to the region and a threat to national security of all of those countries, and indirectly a threat to our national security, especially along the border and especially with some of the violence that comes with it.

In Mexico, I think President [Claudia] Sheinbaum has done a fairly good job. You've seen all the newspaper articles about the ICS (Integrated Country Strategy) participation in Mexico. It has been a successful program, but again, flying under the radar, you really can't broadcast this. Colombia was very effective at taking out the heads of the cartels. Extradition was key. We have extradition with Mexico, but again, you have pockets of immunity within Mexico. The corruption is rampant. How to get past the corruption? Venezuela is that kind of dark hole where you really can't do much. But there has been some success, and I can't take that away from the Mexican services, to a lesser extent, the Colombian services and all through Central America, but we're not where we need to be right now.

Question from NBC Reporter Dan DeLuce (in the audience): Let's say Maduro does get on a plane and fly to Cuba. What does he leave behind? What are the scenarios you see unfolding? I know it's highly speculative, but I'd like to hear your thoughts.

Fitzgerald: First of all, he wouldn't be the only one on the plane. He would be joined by his wife, probably half of the general staff and anybody else who could get on that plane. They will all understand that if he goes, they go and that they're going to be left to the hoards to try and figure out their survival. So I think right now that is option B, because militarily, he understands the Russians are not going to come to his assistance. The Chinese look at this as a transactional relationship with Venezuela. They are making money off Venezuela’s oil and the loans they provide. They just want to be paid back. Maduro is pretty weakened right now. Nobody is likely to come to his aid. So I think for him right now, it's a very serious consideration as far as plan B, how to get out of Venezuela and how to get out of Venezuela fast.

Kelly: How do you measure the impact of these strikes against these boats?

Fitzgerald: In two ways. The first impact is the psychological impact, and the second is the actual counter-narcotics effort impact. I think the impact of stopping the drugs from reaching [destinations], whether they're going to San Domingo or Dominican Republic or some other Caribbean island as a transit, that's minimal. The Coast Guard has been doing that for decades. It helps, but in many ways it's a drop in the bucket. The psychological impact, however, is far greater. I doubt there's very few volunteers or crewmen, both from Venezuela and from Colombia, who are happy about getting on some of these fastboats or the submersibles to crew them out to the Caribbean. I think what you're going to see, it's probably already started, is a shift to the Pacific side. This situation is kind of a pendulum and it’s been like this for decades. The US and our allies would focus on the Caribbean. They'd switch to the Pacific. We'd focus on the Pacific. They go back to the Caribbean. They would just change their routes, change their modus operandi of how they traffic drugs.

Kelly: Thank you so much, Dave. I really appreciate you taking the time. I know you don't do a lot of interviews like this.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Ukraine’s Winter War Is the World’s Test — and America Can’t Afford to Blink

OPINION — Two weeks ago, my colleagues and I stood in Dnipro while warning sirens cut across the city and Shahed drones screamed overhead. We had come as a medical-humanitarian delegation to inspect trauma centers that receive the worst of the front’s casualties; instead, we found ourselves in a strike zone, sifting through a debris field that included drone fragments and watching medics pull the wounded from an improvised triage line. A United Nations car park across from the drone strike had been shattered; buildings for two city blocks were heavily damaged; more than thirty civilian casualties were reported.

We traveled with a security team of veteran U.S. special operations personnel made up of Green Berets, former SEALs, and allied SOF veterans who have been fighting and advising in Ukraine since 2019 and earlier. Their presence allowed us safe, rapid access to hospitals, strike sites, and frontline briefings, and their frontline experience provided critical context to what we observed. I mention them not to publicize operations but to make a point: American veterans who have been embedded here for years see the same patterns we do — a war accelerating in tempo and technological reach, but one that could still be won both for Ukraine and the free world.

What we saw that day in Dnipro was not a local catastrophe. It was a live demonstration of how modern, networked war is metastasizing beyond the battlefield and how quickly it could remap the global order unless the West acts now.

The tactical picture in Donbas is of immediate strategic urgency. Russian forces are mounting coordinated pincer operations, advancing from Pokrovsk through Kramatorsk to Slovyansk, designed to encircle and absorb the Donbas region, then push west to take Zaporizhzhia and threaten Dnipro. The fall or isolation of Dnipro would sever east–west logistical and medical corridors, producing a catastrophic collapse in Ukrainian operational tempo and resilience. That outcome would not merely alter front lines; it would force a recalibration of Europe’s entire defense posture. Moreover, Moscow’s likely playbook is predictable: secure territorial gains, press for an immediate ceasefire on favorable terms, and use the pause to move seasoned forces into Belarus to stage further aggression against NATO’s vulnerable Suwałki corridor and the Baltic states.

Holding the frontline in Donbas against those pincer movements requires urgent, concrete material and logistics support. The immediate tactical needs are specific and time-sensitive: Lancet-equivalent loitering munitions in quantities sufficient to strike armor and artillery beyond FPV range; thousands of FPV frames and spares for tactical units; higher-payload fixed-wing drones with enhanced electronic-warfare modules; long-range fiber-optic drones for secure, EW-resistant target acquisition; ISR quadcopters such as DJI Mavic models; heavy-bomber quadcopter drones and Shark and RAM-X systems; additional M119 105 mm howitzers and tens of thousands of rounds (including laser-designated munitions); tons of C4 or Cemtex explosives and initiators; smoke grenades; Starlink terminals and hardened communications kits to keep command-and-control functioning under jamming; unmanned ground vehicles for casualty evacuation under fire; thermal winter clothing for tens of thousands of soldiers; and precision munitions and laser target designators to convert targeting into effect. Rapid delivery of these items before winter is not an optional improvement. It is the single most important determinant of whether Ukrainian units can blunt the pincers and maintain cohesive defense lines.

The operational challenge is only part of the problem. The more profound danger is industrial and doctrinal: the battlefield is being remade by a global axis of authoritarian actors and by grassroots innovation that together change the tempo of war.

On the state side, China, Iran, North Korea, Venezuela and shadow networks tied to Wagner, the GRU, the FSB, proxy forces and criminal cartels are not acting independently; they are converging. China supplies much of the critical electronics powering the drone systems we see on the front. Iran provided the Shahed design architecture. North Korea supplies ammunition and manpower. Venezuela and other nodes proliferate systems and tactics across regions. Wagner remnants, clandestine elements and proxy contractors conduct psychological operations, sabotage, and hybrid warfare to stoke fear, hesitation, and distraction to destabilize the West and blunt coordinated timely response. The result is a horizontally linked industrial and doctrinal ecosystem that accelerates lethal innovation on a timeline far faster than Western procurement cycles can match.

Compounding the danger, Ukraine’s defenders have taught us something brutal and clear: the frontline is now a maker space. Volunteer workshops and unit-level innovation labs crank out field-adapted FPV and fixed-wing drones assembled from 3-D-printed parts. Fighters become engineers, iterating designs in days rather than years. Low-cost airframes, priced in the hundreds to low thousands of dollars, are proving operationally decisive. Within two years many of those platforms will be semi- or fully autonomous and capable of swarm behaviors. That combination of authoritarian mass production on one side and decentralized battlefield innovation on the other yields a force-multiplying effect that threatens to swamp Western advantage in both kinetic and non-kinetic domains.

There is also a human reality behind the hardware. While much popular discussion focuses on Ukrainian mobilization shortfalls, the manpower problem may, in fact, be deeper and more structurally damaging for Russia. Moscow’s mobilization has produced a manpower pool that is larger on paper but qualitatively hollow: many conscripts recruited under debt and inducements, reports of chronically ill or terminally ill soldiers sent to the front, widespread morale collapse, and systematic reclassification of killed personnel as missing to avoid payouts. Russia may be hemorrhaging men while failing to sustain unit cohesion and effective rotations. That weakness creates opportunities for Ukraine, if the West supplies the means to exploit it.

Casualty numbers for the Russians are sobering. From January through August 2025 battlefield data indicate more than a quarter million personnel losses and a cumulative toll since 2022 that exceeds one million killed, wounded or missing. Reported kill ratios in some sectors range from three-to-one to fifteen-to-one in favor of Ukrainian forces. Those ratios, while indicative of tactical success, mask the strain: Ukraine’s advantage is sustained only by speed of thinking, of logistics and of resupply. Medical systems are stretched, evacuation chains fray, and field hospitals operate at or beyond capacity. Yet Ukrainian medical practice preserves far more wounded who can return to the fight or to wartime industry than the Russians, whose KIA:WIA ratio is reported abysmally as 1:1.3. Ukrainians value life. Russians do not.

All of this yields a stark policy imperative: there is a two- to three-month window this winter in which Western action, or inaction, will disproportionately shape outcomes. If the West moves decisively now, Ukraine can stabilize the Donbas, increase pressure on Kremlin command and possibly force fissures within the Moscow-Beijing axis. If the West hesitates, Russia could consolidate gains, demand a favorable ceasefire and use the lull to redeploy and reconstitute forces for broader escalation.

What should America and its allies do?

First, address the immediate tactical needs to hold Donbas through the winter and spring. Prioritize delivery of the specific items listed above and ensure Dnipro’s bridges and trauma centers remain operational. These are the lifelines that keep supplies, casualties, and command flowing to and from the front.

Second, treat this tactical issue in Donbas, Zaporizhzhia and Dnipro as a strategic emergency for Europe and allied forces. Otherwise, Russia will push its advantage to secure a bad faith ceasefire and shift its aggression towards Europe and beyond.

Third, institutionalize the agility we see on the ground. Create micro-procurement authorities, rapid-fielding channels, vetted modular kits and secure surge logistics so that front-line innovation can be turned into operational capability within days, not months.

Fourth, mount a coordinated counter-industrial campaign to choke the supply chains and machine tools that fuel authoritarian drone production. That means targeted sanctions, export controls on critical components and GNSS substitutes, and diplomatic pressure on transshipment nodes. It means using financial and law enforcement tools to disrupt proxy financing and criminal exploitation of battlefield lessons.

Fifth, broaden our conception of the battlefield. Hybrid operations are global — from psychological operations in Europe to proxy sabotage across the globe and the potential adaptation of FPV tactics by criminal/extremist networks in the West. Defense planning must be whole-of-government and whole-of-hemisphere, integrating intelligence, law enforcement, financial mechanisms and coalition logistics.

Finally, make the moral case plainly: this fight is not simply about Ukrainian territory. It is a contest over whether the global commons — maritime lanes, satellite-enabled logistics and cyberspace — will be sustainably weaponized by authoritarian states and their proxies. If we cede initiative in the technology of war, we will forfeit the strategic initiative in peace. Stated plainly: this is a war for the preservation of the free world.

From a shattered car park in Dnipro to a makeshift techlab where a combat drone takes shape, two realities are obvious: the war is changing, and it is changing fast. We cannot afford to be outpaced. The choice this winter is stark: enable Ukraine to hold the frontline against the pincer offensives in Donbas, support Ukrainian strategic efforts against the Russian war machine on its home soil, and stymie the global strategic battle against the axis of authoritarians. Or watch the battlefield’s innovations be converted into instruments of wider, harder-to-control global conflict.

This is not easy. It is, however, solvable, if we treat it with the urgency, specificity and imagination it requires. The future of war is now. The time to prepare was yesterday. The clock is running fast."

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump’s National Guard Plan Faces Legal Pushback and Constitutional Questions

OPINION — “I'm not going to answer particulars on something that may be in the planning process, but we definitely do have multiple layers of National Guard response forces, whether it's in each state, whether it's regionally, whether it's Title 10 active duty, whether it's Washington D.C. We've got a lot of different ways that constitutionally and legally we can employ Title 10 and Title 32 forces, and we will do so when necessary.”

That was Defense Secretary Pete Hegseth in the Oval Office this past Friday, after a meeting of the Trump administration’s Homeland Security Task Force, responding to a reporter’s question about whether the establishment of multi-state National Guard rapid response forces “that's going to be trained in crowd control and civil unrest and deployed in all 50 states by April of 2026” is underway.

It’s worth remembering that buried as part of “Operational Actions” called for under an August 25, Trump Executive Order (EO) entitled, “Additional Measures To Address the Crime Emergency in the District of Columbia,” there is a section that reads: “The Secretary of Defense shall immediately begin ensuring that each State’s Army National Guard and Air National Guard are resourced, trained, organized, and available to assist Federal, State, and local law enforcement in quelling civil disturbances and ensuring the public safety and order whenever the circumstances necessitate, as appropriate under law.”

That EO section goes on to say. “In coordination with the respective adjutants general, the Secretary of Defense shall designate an appropriate number of each State’s trained National Guard members to be reasonably available for rapid mobilization for such purposes. In addition, the Secretary of Defense shall ensure the availability of a standing National Guard quick reaction force that shall be resourced, trained, and available for rapid nationwide deployment.”

Before Trump signed the August 25 EO, his assistant Will Scharf described it as “an executive order that contains a number of additional measures relating to crime and law enforcement in Washington, D.C. It charges, for example, your Secretary of Defense with establishing specialized units in both the D.C. National Guard and the National Guard units around the country specifically trained and equipped to deal with public order issues.”

Hegseth added about the response teams, “And at your direction as well, sir, [meaning Trump] it's just common sense to make sure they're armed as well.”

Under Title 10, the President can federalize any state’s National Guard if the country “is invaded or is in danger of invasion by a foreign nation,” if there’s “a rebellion or danger of a rebellion” against the federal government’s authority, or if the president “is unable with the regular forces to execute the laws of the United States.” Such an order “shall be issued through the governors of the States,” Title 10 says.

Under Title 32, state National Guard units can be deployed for federal purposes, but they remain under state control. Since the troops are under state control, they are not subject to the Posse Comitatus Act’s restriction against engaging in civilian law enforcement.

On August 26, retired-National Guard Maj. Gen. Randy Manner said on PBS: “I think this is unneeded and also very dangerous. It's setting a new precedent.”

He went on, “When I was the acting vice chief of the National Guard Bureau, we absolutely already put into place the ability of having quick reaction forces in every state, depending on the size…They were at the time, of course, targeting the ability to respond to emergencies in the state such as floods, hurricanes, forest fires, earthquakes, and so on to be able to save lives. The difference here is that it's focused on ‘public order.’ That's very disturbing.”

Manner added, “Also, the idea of creating a unit whose primary mission is to deploy anywhere in the country to deal with potentially demonstrations or civil disorder, as the President sees fit…that is not in keeping with the mission of the National Guard as a strategic reserve for our military and for our nation.”

Manner then made an important point, relative to what has happened since: “This is something where the President is imposing the armed military to go into American cities. That is the most significant difference. And it's very important to remember that civil disturbance deployments by governors is actually the smallest amount of missions that have ever been done by the National Guard. It is a rarity, whereas now the President is elevating it to be a significant capability for the National Guard.”

Over the objections of the Governors of California, Oregon and Illinois, President Trump has ordered Title 10, federalized Guard units deployed – deployments which are all undergoing judicial tests.

In Illinois, U.S. District Judge April Perry on October 9, issued a temporary order that barred the Trump administration “from ordering the federalization and deployment of the National Guard of the United States within Illinois.”

Perry said in her opinion that there was “insufficient evidence of rebellion or a danger of a rebellion,” as required by Title 10, nor was there “sufficient evidence that the President was unable with the regular forces to execute the laws of the United States.” The Trump administration immediately appealed and moved for a stay of the order pending appeal.

On October 16, the U.S. Court of Appeals for the Seventh Circuit agreed with Judge Perry, writing that in their opinion “the facts do not justify the President’s actions in Illinois under [Title 10], even giving substantial deference to his assertions. The Circuit Court did, however, allow Presidential federalization of a National Guard unit, while prohibiting its deployment.

In its opinion, the Circuit Court made points about the “rebellion or danger of rebellion,” that are worth reviewing since it’s clear the Trump administration sees Title 10 allowing them to use military troops freely.

The Circuit Court wrote: “Political opposition is not rebellion. A protest does not become a rebellion merely because the protestors advocate for myriad legal or policy changes, are well organized, call for significant changes to the structure of the U.S. government, use civil disobedience as a form of protest, or exercise their Second Amendment right to carry firearms as the law currently allows.”

The Court added, “Nor does a protest become a rebellion merely because of sporadic and isolated incidents of unlawful activity or even violence committed by rogue participants in the protest. Such conduct exceeds the scope of the First Amendment, of course, and law enforcement has apprehended the perpetrators accordingly. But because rebellions at least use deliberate, organized violence to resist governmental authority, the problematic incidents in this record clearly fall within the considerable daylight between protected speech and rebellion.”

I quote the Circuit Court opinion because the Trump administration from the start has claimed in this case before the District and Circuit Courts and elsewhere, that the President’s federalization of the Guard under Title 10 “is not judicially reviewable at all. Alternatively, it contends that the factual predicates of [Title 10] are satisfied in light of the deference due the President’s decision to federalize the Guard.”

On October 17, the day after the Circuit Court opinion, Trump’s Solicitor General D. John Sauer filed an emergency motion with the Supreme Court seeking to block the Perry order that prevents deployment of the federalized Illinois National Guard units.

In seeking that order, which would also overrule the Seventh Circuit Court opinion, Sauer argued, as he had done unsuccessfully in District Court, “As a threshold matter, both the statutory language and historical tradition make clear that the President’s decision whether to federalize the Guard is not subject to second-guessing by the State of Illinois or a federal district court.” He then quoted Title 10 with respect to “rebellion or danger of rebellion.”

Sauer also wrote, to support the argument for deployment, that “The President has express statutory authority to ‘call into Federal service’ the National Guard, after which the Guardsmen serve under the command and control of federal military officials and ultimately the President as Commander in Chief.”

The Supreme Court has not yet acted on this emergency motion.

But as writers in Just Security said last Friday, “The government’s interpretation suggests that a President may deploy military forces anywhere in the United States for any reason, and that courts would have no authority to determine its legality. This assertion runs counter to U.S. history, the structure of powers related to the military in the U.S. Constitution, and the theory of checks and balances.”

Or as New York Attorney James D. Zirin wrote yesterday in The Washington Monthly, “If the Court grants Trump relief in Chicago, what will stop Trump from deploying National Guardsmen nationwide to supplement the ICE program in enforcing immigration laws? And then, based on some pretext that there is a rebellion, posting troops at select polling places nationwide to intimidate voters during the midterm elections?”

It is Zirin’s second fear, for the 2026 midterm congressional elections, that first drew my concern over Trump’s August proposal for all 50 states to have National Guard rapid reaction forces prepared to ensure “the public safety and order whenever the circumstances necessitate, as appropriate under law.”

There has been no public report I know of from the National Guard Bureau or Defense Department as to how many such units have been formed so far under the Trump administration, despite the April 2026 deadline. It is one of many things to watch for.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Winning the Innovation Race: Why America’s Allies Are the Key to Beating Beijing

OPINION — Precision U.S. airstrikes against Iran’s nuclear program last June demonstrate American technological prowess built on decades of 20th Century Cold War Era investment and innovation. Today, the U.S. continues to originate new technology, yet it finds itself in a race with rivals such as China and Russia to dominate AI, quantum computing, robotics, semiconductors, cyber, and other frontier technologies poised to define global leadership in the 21st Century.

To prevail and prosper in this new geopolitical struggle, the U.S. must build and maintain networks of investors, customers, and collaborators among allies with common values and interests. By forging such networks, the U.S. can accelerate the technology innovation and implementation velocity crucial to outpacing its rivals and their formidable manufacturing capacity, human talent base, and financial resources.

Opportunities (and Risks) of Buyer Alliances

Much of Washington’s bipartisan consensus on the necessity of American technology leadership has rightly focused on the nation’s capacity to “build the future” at home, safely beyond China’s sphere of predation in East Asia, creating American jobs and national wealth, and on terms that ensure these technologies reflect American values.

National innovation initiatives, such as the CHIPS Act, support domestic production of advanced semiconductors, and the Trump and Biden Administrations have rightly advocated robust domestic AI innovation initiatives within our own borders.

But the other side of the 21st Century innovation race is a sprint to forge strong alliances abroad, with buyers who will accelerate domestic efforts by investing in, buying, deploying, and fine tuning U.S. innovations at a greater scale and profit than would ever be possible were U.S. builders limited to merely selling to U.S. government agencies and corporations at home.

Numerous U.S. allies and potential allies in Europe, Asia, the Middle East, and beyond share security concerns about aggressive states such as China, Russia, Iran, and North Korea, and many share U.S. concerns related to the economic, intelligence, and security implications of future dependence on technologies developed in China.

While Chinese-based technology builders such as Huawei and DeepSeek have potential to outpace U.S. competitors in the coming years, the Western innovation ecosystem continues to produce the finest and greatest variety of technology solutions. By leveraging allied investments in new digital infrastructure and national security, U.S.-based technology builders can assert their industrial advantages over Chinese competitors in quality, variety of options, and open standards to enable these states to implement the technologies they require to modernize, while protecting themselves from aggression and maintaining their digital sovereignty.

Should the U.S. fail to forge these essential partnerships, Chinese rivals will outflank America’s technology builders, penetrate and gain permanent footholds in foreign markets, and establish global technology hegemony over the world’s frontier technologies, and the future.

A Common Defense of Buyer Alliances Strengthens US National Security

These technology buyer partnerships are not merely about hardware and software sales, market penetration, technology jobs, and reinvestment of newly created wealth at home. By deploying U.S. national security technologies across a wide range of allies abroad, the cost of building, maintaining, and enhancing them at home will decline as their efficacy, lethality, and capacity to deter aggression will surge.

It was the open markets of globalization that enabled Chinese firms to build up tremendous commercial manufacturing capacity in everything from electric cars to computing and telecommunications systems, robotics, ships, pharmaceuticals, and drones. The CCP has leveraged this manufacturing capacity and technical expertise to build new military technology capabilities to threaten the U.S. and its allies. China’s dual-use manufacturing capacity is on vivid display in Ukraine, where the country’s warfighters favor inexpensive, highly-functional drones built with components manufactured in China.

U.S. cybersecurity, AI, and defense tech software technologies are only as impactful as their feedback loops—their capacity to ingest massive amounts of threat and performance data in order to learn and improve their defensive capabilities moving forward.

In the same way U.S. drone technologists are observing and learning how drones are performing (and under-performing) in contested Russia-Ukraine battlefield environments, deploying American security technologies along all fronts of geopolitical conflict will make U.S. defenses at home smarter, faster, more creative, more autonomous, and more lethal based on their ability to learn how our adversaries are operating and understanding the weapons and tactics they are likely to use against America’s military and homeland.

Finally, establishing U.S. technologies’ dominance in more countries ensures the U.S. will define technology standards as they are adopted more broadly. As they are adopted, the U.S. and its allies are in a better position to collaborate, surge resources as needed, and execute to resolve threats faster in times of tremendous crises.

The Race Ahead

We applaud the Trump Administration’s efforts to build on existing domestic “technology builder” initiatives by opening new markets for buyers of American frontier technologies. This “technology buyer” diplomacy was on display in April when President Trump, accompanied by leading technology executives from OpenAI, Nvidia, and others, visited members of the Gulf Cooperation Council (GCC) to establish substantial technology partnership deals. We strongly support the Administration’s efforts to negotiate sector-specific partnerships in AI, semiconductors, cybersecurity, and rare earths supply chains with NATO, the EU, Japan, South Korea, India, Taiwan, Ukraine, Australia, and others.

Winning the 21st Century innovation race will ensure America's long-term national security, economic prosperity, and freedom to determine its own destiny. Policymakers have achieved a rare consensus that existential geopolitical rivalries demand the US maximize the unique strengths of its private sector with public sector advocacy and investment at home. But because the geopolitical struggle with China and others is global and the stakes of the competition so high, America must forge partnerships that accelerate its investments and efforts at home to effectively meet the challenges confronting her abroad.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

America’s Drug Crisis: Why the U.S. Must Fight Traffickers Abroad—and Addiction at Home

OPINION — It is the responsibility of the U.S. Government to ensure that illicit drugs do not enter the U.S. and to ensure that those countries and narcotraffickers involved in the illicit drug business are prevented from bringing these illicit drugs into the U.S., for the sole purpose of inflicting harm on our people and enriching themselves.

In 2024, about 73 million Americans aged 12 and above reported using an illicit drug, with 28.2 million Americans having a drug use disorder. In 2023, over 587,000 Americans in this age group had a heroin use disorder and by 2024, about 1.3 million Americans had a cocaine use disorder. Clearly, the U.S. has a drug problem that’s principally affecting our younger generation.

Heroin, Fentanyl (using precursor chemicals and equipment largely from companies in China) and Methamphetamine comes principally from Mexico, with Colombia producing most of the cocaine, smuggled into the U.S. via maritime routes or overland through Central America and Mexico into the U.S.

Venezuela does not produce large quantities of cocaine, but it is in key air and sea routes (to the Caribbean or Atlantic coast) used by the Colombian trafficking organizations, like the FARC (Revolutionary Armed Forces of Colombia, a Marxist-Leninist guerrilla group) and other dissident groups and independent drug cartels. This has made Venezuela a significant hub for drug trafficking, principally for Colombian cocaine destined for the U.S., Europe or West Africa.

In 2005, then President Hugo Chavez expelled the Drug Enforcement Agency (DEA) from Venezuela, claiming DEA was using counter-narcotics for intelligence collection purposes. This allegation was obviously false, but it then permitted Venezuela to traffic in drugs with literally no U.S. oversight.

The U.S. Government has indicted several Venezuelan generals and other high-ranking military officials deeply involved in international drug trafficking, primarily facilitating cocaine shipments from Colombia through Venezuela. The U.S. Government has named these military affiliated groups the “Cartel of the Suns” and designated it a terrorist organization in 2025.

As of October 24, a tenth vessel was attacked by the Trump administration. The vessel allegedly was carrying illicit narcotics and drug smugglers from the Venezuelan gang Tren de Aragua, a terrorist organization.

The U.S. works with Mexico and Columbia – and others -- on several counternarcotics programs, to include monitoring and eliminating the organized criminal groups (narcotraffickers) that deal with these drugs and (coca) plant eradication efforts, to name just a few counternarcotic joint efforts with partner countries. The DEA is the principal U.S. agency responsible for these programs, aided by the State Department, the military and the Intelligence Community, working closely with host country law enforcement and military entities.

The U.S. works closely with Mexico, Columbia, Peru and Bolivia, and the Central American countries that these illicit drugs transit as they find their way to the U.S. These countries – and others -- have an obligation to ensure that these drugs are not moved to the U.S. via air or sea routes.

Indeed, that is what we are witnessing with the Venezuelan vessels the U.S. has destroyed. It was Venezuela that expelled the DEA in 2005 to ensure there was no cooperation with the U.S. on counternarcotics programs; and it should now be clear that a number of Venezuelan generals – Cartel of the Suns – were and are complicit with these drug shipments to the U.S. Their apparent goal is to enrich themselves and weaken our society.

The U.S. must do more to ensure that these drug cartels are defeated. The Trump Administration’s emphasis on counternarcotics operations is commendable. Hopefully, we will continue to make counternarcotics a high priority for the U.S.

This column by Cipher Brief Expert Joseph Detrani was first published in The Washington Times.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Inside Zelensky’s “Mega-Drone Deal” with the U.S.

DEEP DIVE – Often lost in the Trump administration's on-again, off-again offer to deliver Tomahawk missiles to Ukraine is the proposed deal that would see Kyiv supply military technology to Washington, rather than the other way around. It’s a potential military and political boon to Ukraine, and a reflection of the remarkable speed and quality of Ukraine’s defense-sector innovation.

“Ukraine now has technologies that have been proven to be effective against a peer adversary – namely Russia,” Samuel Bendett, a Russia expert at the Center for Naval Analyses Russia Studies Program, told The Cipher Brief. “These are not just concepts. These are not just prototypes. These are actual proven, battlefield-tested technologies. And they are in demand.”

President Volodymyr Zelensky first proposed what he called the “mega-drone deal” with the U.S. in July, calling it a “win-win” arrangement under which the U.S. would gain Ukraine’s battlefield‑tested drones and technology, and his country would get a new stream of American military aid. The Tomahawks were to have been part of the deal, but while the Oct. 17 Trump-Zelensky White House meeting appeared to close the door on that possibility, Zelensky said he had held talks on the broader deal with U.S. officials and leaders of Raytheon and Lockheed Martin.

Back in Kyiv, Zelensky said he had made the case that the war has provided an unparalleled testing ground for Ukraine’s arsenal of new drone weapons. “The U.S. has a large industry,” he said, “yet the industry itself says: ‘We don’t have your practice today, and undoubtedly your drones are the best today’.”

Defense tech and security experts have raved for years about the scope and speed of Ukraine's defense innovation. At last week’s Cipher Brief 2025 Threat Conference, former CIA Director Gen. David Petraeus spoke of the “staggering” scale of Ukraine’s drone production, and a gap between Ukraine’s pace of innovation and U.S. defense preparedness.

“We're not responding rapidly enough to that in the United States,” Gen. Petraeus said. “Keep in mind we're manufacturing maybe 300,000-400,000 drones in the United States. The Ukrainians alone are manufacturing 3.5 million.”

Zelensky’s challenge now is to leverage that success to get his “mega-drone deal” done – and to turn his country from a recipient of U.S. military aid to a defense industry trading partner of Washington’s.

The Ukrainian Edge

In the three and a half years since Russia’s full-scale invasion, Ukraine has vaulted to the top tiers of global defense technology innovation – a warp-speed evolution from what Ukrainian member of parliament Oleksiy Goncharenko called “garage-scale” to “battlefield-scale” production of sophisticated, cutting-edge weaponry. An October Jamestown Foundation report says Ukraine now has "the world's most innovative defense sector."

The country’s greatest successes have come with drone weaponry. In the immediate aftermath of Russia’s February 2022 invasion, Ukraine welcomed deliveries of Turkish Bayraktar drones – what some called the saviour of Ukraine’s initial resistance – but from the start, the country’s tech and defense sectors went to work to boost their own UAV production.

“Drone factories cropped up in every garage across Ukraine once people started realizing the utility of drones and how important they would be,” Retired Chief Warrant Officer Joey Gagnard told The Cipher Brief conference.

Today the made-in-Ukraine arsenal features the FPV (“first person view”) attack drones, long-range strike UAVs, and an array of interceptor and underwater drones. On Oct. 22, Ukraine’s Security Service unveiled a new generation of “Sea Baby” naval drones that can travel nearly 1,000 miles and carry 4,000 pounds of cargo.

Goncharenko believes it was the underwater drones that first captured broad attention in the West, following sea-drone attacks that damaged or destroyed nearly a dozen Russian ships.

“It was an absolutely new chapter in maritime warfare and there was a lot of interest,” Goncharenko told The Cipher Brief. “It was clear that no other nation has this, and when you have something new and really effective, others will be interested.”

Certainly the U.S. is interested. In June, the White House issued an Executive Order aimed at boosting the American drone sector, and Secretary of the Army Dan Driscoll has spoken often of the need for the U.S. to learn from the Ukrainian experience.

“When you look at Ukraine and how the battle is being fought, it is no longer sufficient to have a long procurement process that takes two and a half years to get the first prototype, two more years to get it at scale, and then four years to get it in the hands of soldiers,” Driscoll told The War On the Rocks podcast. “Those eight years, contrasted with the two weeks right now that drones are being updated in Ukraine, have made it an imperative that either we do this now or we do it in the first six months of a conflict when American soldiers are losing their lives.”

Driscoll and others have highlighted Ukraine’s June “Spider Web” operation in which 117 FPV drones damaged more than 40 fighter jets at five Russian bases. “At a cost of a mere tens of thousands of dollars,” Driscoll said, “Ukraine inflicted billions in damage, potentially setting back Russia’s bomber capabilities for years.”

Beyond the weapons themselves, Western defense officials have taken note of Ukraine’s “Brave1,” a platform that encourages innovation and includes a digital procurement system under which frontline commanders can offer feedback on weaponry, and order drones directly from manufacturers, with delivery in as little as a week. That would be a stunningly fast rate of response for any military.

“Ukraine has created a very fast innovation cycle and one which I think is different from the typical approach both in the U.S. and other NATO countries” Andrew Radin, a Senior Political Analyst at RAND, told The Cipher Brief. “That quick-turn, decentralized approach is quite different and one that I think U.S. leaders are learning from. There's clearly an idea to draw inspiration from Ukrainian practices.”

According to several reports, senior U.S. military officers in Europe have studied the Brave1 system, which lists hundreds of Ukrainian drone weapons for sale. Ukrainian repair shops also provide rapid emergency help, keeping battlefield systems operational — another capability U.S. officials are hoping to replicate.

“We’re going to have to be more agile,” Randy George, the Army Chief of Staff, said in June. “Drones are going to constantly change…We’re going to need a lot more agility in how we buy things.”

Anatomy of a deal

The essence of the proposed “mega-drone deal” is simple – an exchange that brings high-demand weapons and technology to both sides.

The U.S. would acquire a range of Ukrainian drone weaponry — low‑cost “attritable” systems (i.e. drones that are expendable without great financial loss); cutting-edge counter-drone technologies; and above all, systems that have been tested and proven in ways that cannot possibly be replicated in the U.S.

“Ukraine has resources and education that the U.S. and other partners have not had,” Radin said. “And Ukraine, because of its wartime incentives, is pursuing products for the immediate current technology and challenges that they're facing, whereas Western industry and Western MODs [ministries of defense] have been trying to think forward and predict how we operate.”

“All the technology and weaponry that Ukraine brings to the table is combat proven, and that’s not something that can be said for a lot of American systems,” Bendett said. “The U.S. defense sector is very adaptable, but we don’t have that sense of urgency. Our back is not against the wall.”

Among the benefits for Ukraine are help in scaling its drone production, greater profits for its growing defense industries, and a more reliable supply of American air-defense and long-range weaponry. And – perhaps as important as anything — the less tangible benefit of a long-term defense partnership with the U.S.

“This deal is not just military, it’s political, because Ukraine needs U.S. support,” Bendett said. “You’re not just buying a weapon or a system. You’re buying political will, you’re buying alliances.”

“Every piece of our cooperation with the United States is valuable because for us, cooperation with the United States means building a relationship,” Goncharenko said. “We need this cooperation. So for us it's absolutely win-win.”

Zelensky and other Ukrainian officials have put the potential value of the U.S.-Ukraine defense trade in the tens of billions of dollars. In early October, a delegation led by Ukraine’s Deputy Defense Minister Serhii Boyev traveled to the U.S. to work out “technical” implementation details, and by the time of Zelensky’s visit, the two sides were said to be “finalizing a framework.” But officials on both sides have said it may take several months to bring a deal across the finish line.

Among details and questions to settle: Whether the U.S. would buy existing weapons or license Ukrainian designs — and if the latter, would the drones be manufactured in a joint partnership with Ukrainians? There is precedent for such partnerships; on Oct. 20, AIRO and the Ukrainian defense company Bullet announced a joint venture for the production of high-speed interceptor drones. Any U.S. purchase of existing Ukrainian drones would require vetting for any Chinese‑origin components, to satisfy U.S. export‑control protocols.

Meanwhile, the overall relationship – and President Trump’s own vagaries – hang over any potential arrangement. In the last month alone, the administration has swung repeatedly from seemingly pro-Ukraine views (i.e., the proposed Tomahawk delivery) to greater sympathy for Moscow (the proposed Budapest summit between Trump and Vladimir Putin) and back again. Among the Ukrainian hopes is that the drone-tech-for weapons deal would offer some insulation, the next time the pendulum of U.S. policy swings back towards Moscow.

“The drones are one of the ‘cards’ we do have,” Goncharenko said, a reference to the disastrous Feb. 28 Oval Office meeting at which Trump castigated Zelensky and told him, “You don’t have any cards.” He added that while he never doubted the skill levels in his country’s high-tech sector, he also could never have fathomed that Ukraine might one day produce weaponry that the U.S. would wish to buy.

“I couldn't imagine that Ukrainian defense technologies will be one of the most prominent on the planet. All of this was quite unimaginable,” Goncharenko said. And then he added, with a smile, “I think now Trump would not say you don't have any cards. We don't have many cards, but we do have some.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Tehran’s Espionage Network in the U.S. Is Bigger and Bolder Than You Think

DEEP DIVE — Front companies, campus networks, diaspora recruits — Tehran’s espionage push on U.S. soil is bigger, bolder, and harder to track than many realize.

On July 31, a coalition of Western governments led by the United States publicly warned of a wave of Iranian intelligence activity they said was aimed at “killing, kidnapping, and harassing” dissidents, journalists and officials across Europe and North America. The unusually blunt joint statement, signed by Washington, London, Paris, Berlin and more, said Iranian services were increasingly collaborating with criminal networks and called for coordinated defenses.

That diplomatic alarm was echoed in criminal courts and federal filings in recent months. In Oslo over the summer, prosecutors put a former security guard at the U.S. Embassy on trial after accusing him of offering building floor plans and security routines to both Russian and Iranian operatives in return for euros and cryptocurrency; an example of how even low-level hostile services can monetize perimeter jobs.

In the United States, a more concrete case played out in federal court this spring when a former Federal Aviation Administration contractor, Abouzar Rahmati, pleaded guilty in April to acting as an unregistered agent of the Iranian government after allegedly seeking aviation and solar-energy technology and passing non-public data to Iran. Prosecutors said the activity combined procurement, intelligence collection, and network building — classic gray-zone tradecraft that can be lethal in aggregate even if individual acts appear isolated.

Moreover, the FBI has publicly sought information on an Iranian intelligence officer it says recruited intermediaries for surveillance and for plots intended as retaliation for the 2020 killing of Qassem Soleimani — showing Tehran remains willing to task operatives to target current or former U.S. officials.

Together, these cases illustrate a pattern more than a single conspiratorial plan.

“Iran’s espionage efforts in the U.S. and allied countries are perhaps increasing, in both frequency and sophistication,” Colin Clarke, a senior research fellow at The Soufan Center, tells The Cipher Brief. “But it goes beyond mere espionage and extends to surveillance and active terror plots.”

Three recurrent patterns

Recent public cases and multiple intelligence assessments indicate three recurring lines of operation.

First: access and mapping. Low-level staff, contractors and service providers have proximity to sensitive facilities. The U.S. embassy case underscores how seemingly peripheral access can be valuable to foreign services. Even information that is not classified—floor plans, guard rotations, contractor lists—can be stitched together into operational value.

Second: procurement and sanctions evasion. Tehran has long sought aviation, dual-use and energy components through front companies and covert procurement channels. The Rahmati plea demonstrates how U.S. contractor credibility can be leveraged to facilitate the movement of goods, knowledge, or lists of potential collaborators. “Sanctions evasion and procurement are treated more as a ‘legitimate’ business opportunity in their eyes,” Matthew Levitt of The Washington Institute noted, distinguishing those networks from strictly human intelligence operations.

Third: transnational repression and violent plotting. The FBI’s public notice about Majid Dastjani Farahani made clear that some taskings included surveillance of religious sites and recruitment for attacks framed as revenge for Soleimani’s killing. That is the line where intelligence collection and terrorism blur—a mixing of objectives that, several experts warned, raises the stakes.

How they recruit — the blunt and the subtle

Recruitment, the experts said, follows both old and new playbooks.

“Recruitment inducements are the same as always: family pressure, financial, ego, gradual approaches, honey traps,” a former senior U.S. intelligence official tells The Cipher Brief on the condition of anonymity. “Tehran has enjoyed the cyber world like everyone else.”

The explicit lever — threats to family back home — is a recurring thread in dozens of post-incident reviews. Historical cases such as the 2013 Manssor Arbabsiar plot are helpful reminders of old patterns; Arbabsiar’s prosecution remains a touchstone for the limits and dangers of outsourced plots.

Clarke also noted that Iran’s services have broadened their toolkit in recent years to “outsource activities to a range of criminal entities, including gangs,” reflecting a hybrid strategy that mixes ideological operatives with transactional cut-outs.

Beth Sanner, the former deputy director of national intelligence for mission integration, stressed the diaspora angle: Iran has stepped up harassment and plotting against exiles and communities abroad in countries like Australia and across Europe, since the Soleimani strike and increasingly relies on local criminal networks to carry out deniable tasks, making the work of drawing connections incredibly difficult for investigators.

“We have not seen Iran be as successful with this in the U.S., that we know of,” Sanner tells The Cipher Brief, “but I think it is only a matter of time.”

Matthew Levitt, senior fellow and director of counterterrorism and intelligence at The Washington Institute for Near East Policy, described the human-cyber fusion that makes modern tradecraft effective. Once operators can access email or scheduling systems, they can combine that intrusion with social engineering to track or manipulate targets.

“Once they had an interest in people like Ambassador Bolton or Secretary Pompeo, they’d want to know where Bolton would be next Tuesday,” he tells The Cipher Brief.

Levitt recounted being spoofed in a recent European operation — emails and ProtonMail contacts posed as him, and an operator even used an American-accented voice on WhatsApp to reinforce the ruse.

The tactic is simple, low-cost and scalable.

The murky middle — law, attribution and the limits of remedies

Part of the problem is structural: Western legal systems punish the actors who are caught, but they often struggle to hold accountable the shadowy operators who task them.

“We punish those involved in operations, not those behind operations,” the anonymous official said. “We handle Iran’s work as a legal issue, not as a state warfare issue.”

That legal framing shapes the available responses — criminal prosecutions, sanctions, diplomatic expulsions — while stopping short of kinetic or overt state-level countermeasures.

That framework, such experts caution, often leaves gaps in deterrence, creating space for Iran to continue experimenting with plots that may appear clumsy but still carry real risk.

Clarke warned that Tehran may have been “amateurish” in some plots. Still, it learns from failure and retains motive: revenge for Soleimani, pressure over nuclear setbacks, and the strategic aim of deterring dissidents.

“It would be a mistake to dismiss the severity of their intent,” he said.

What’s being done — and what should change

Governments are moving earlier in the threat lifecycle. In late June and July, U.S. authorities announced targeted immigration and enforcement actions against Iranian nationals in operations that officials said were designed to disrupt suspected networks and procurement channels. Those arrests, often filed as immigration or export-control violations, signal a preference for prevention over public prosecutions alone.

Experts recommended layered, practical reforms: universities and research centers should bolster insider-risk training and clear reporting pathways; contracting agencies need tighter vetting and monitoring of supply-chain access; allied services must share watchlists and technical indicators more rapidly; and communities vulnerable to transnational repression deserve coordinated consular and protective measures.

Clarke urged more realistic briefings for students and visiting scholars about the risks of coercion and family leverage, while Levitt emphasized the importance of basic cyber hygiene and multi-factor authentication checks that can mitigate social-engineering campaigns.

The longer arc

Iranian intelligence, however, is not a mirror of Russia or China: its budgets, technological reach and bureaucratic sophistication differ.

“The Iranians aren’t as advanced as the Chinese or the Russians,” Clarke noted. “Tehran’s plots have been a bit more amateurish and cumbersome.”

But intent matters. Levitt put it starkly: “Just because some of their operations look like Keystone Cops doesn’t mean they won’t succeed eventually. We have to get it right every time; they only need to succeed once.”

And Sanner warned that a shift toward criminal proxies makes attribution harder and response slower — fueling a permissive environment.

Historically, Tehran has combined state actors and proxies — most infamously through Hezbollah in the 1990s in Latin America — and the pattern of outsourcing persists. The task for U.S. policy is not only to prosecute and sanction when possible, but to harden the soft targets: campuses, contracting pipelines, and diaspora communities that Iran can pressure or co-opt.

Bottom line

Iran’s external operations are diverse and adaptive. They mix old tools — family coercion, diasporic leverage — with modern techniques, including cyber intrusion, online social engineering, and the purchase of deniable cut-outs.

The July 31 allied statement signaled an unusual diplomatic consensus; the public cases in Oslo, Washington and beyond show why that consensus has teeth. However, experts caution that the work to blunt Tehran’s pressure must be sustained, technical and community-level as much as legal and diplomatic.

As the one former U.S. intelligence official put it: Iran’s intelligence activity remains “the only threat that is simultaneously urgent, lethal, and strategic.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

‘Show Us the Video’: Lawmakers Seek Transparency in Anti-Drug Boat Strikes

OPINION / FINE PRINT — “We have asked the Mexican government to also step up their involvement in stopping these cartels and stopping the huge amount of drugs that are coming across. If the Mexican navy saw a group of American fishermen that they thought were suspicious of potentially moving drugs and they moved in to kill the 15 American citizens without contacting you, without going through any normal procedures, would you be okay with that?...What we do in combat there is reciprocity, and we are concerned about what other militaries will do to us because we have opened the door on this.”

The was Sen. Elissa Slotkin (D-Mich.) speaking back on September 18, during a Senate Armed Services Committee confirmation hearing for Derrick M. Anderson to be Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict and Platte B. Moring III to be the Defense Department Inspector General.

Three days earlier, the U.S. had carried out the second of its attacks on speedboats it said were trafficking drugs in the Caribbean that were destined for the U.S. killing three individuals. The first such attack, on September 1, killed 11 occupants.

Because the jobs both Anderson and Moring were up for would involve them dealing with the Trump administration’s new policy of attacking alleged narco-trafficking boats in international waters, Sen. Slotkin and other Senators raised questions at this hearing that are highly relevant today as these deadly Trump administration attacks have continued in the Caribbean and since Tuesday began in the eastern Pacific.

So far, Defense Secretary Pete Hegseth has reported nine such attacks resulting in the deaths of 37 individuals.

As I will explore below, last month, Armed Services Committee Chairman Sen. Roger Wicker (R-Miss.) at the close of this hearing made a pledge that remains unfulfilled – in effect to hold oversight hearings on the attacks.

Before that happened, Sen. Slotkin made clear, “I have no problem with these groups being designated foreign terrorist organizations. Fentanyl is killing just as many people, if not more, as any terrorist group we have ever seen. But I do have a problem with the lack of transparency and potential violations of international law.”

The Senator then pointed out, “The U.S. government has a way of interdicting ships. You know this. The U.S. Coast Guard uses patrol boats and helicopters. They are able to shoot out a motor and disable the vehicle, board it, and then indict all those people, grab all those people. Show everyone all the drugs that they have secured.”

As I wrote in my column three days ago, the U.S. Coast Guard announced October 14 that it has seized more than 100,000 pounds of cocaine in the eastern Pacific Ocean since launching Operation Pacific Viper in early August, averaging over 1,600 pounds interdicted daily. These drug seizures, and the apprehension of 86 individuals suspected of narco-trafficking, were the result of 34 interdictions since early August.

I also pointed out in that column, that on the day after the Coast Guard release of the success of Operation Pacific Viper, during an Oval Office press conference President Trump said that Coast Guard interdiction “had been ineffective” for 30 years because “they have faster boats.”

As Sen. Slotkin noted above, and I mentioned in my column, the Coast Guard has helicopter-mounted special long-range rifles that can hit and disable the engines mounted at the rear of narco-trafficker speedboats.

While Trump and Hegseth have publicized videos each time a boat has been blown up, I agree with Sen. Slotkin who at the September 18 hearing said, “I would love it if the Trump administration showed us the full video from that encounter, showed us that these men did not have their hands up, that they were not waving a white flag, that they were not turning around and getting out of there, and then show us the drugs. The President said that there were all kinds of drugs that were in that ship. Show it. Show us the video that he is apparently alluding to.”

Hegseth did show what he said were packages of drugs floating on the water after yesterday’s eastern Pacific action, but then the drugs appeared to have been blown up.

Sen. Tim Kaine (D-Va.) followed Slotkin and brought up a series of questions he and 24 other Democratic or Independent Senators had sent to the White House on September 10, and had not received answers. In fact, they have not yet received an answer.

The questions are worth reviewing: “Give us the evidence that these boats were carrying drugs. Tell us who was on the boats. Tell us what your legal authority was to take a military strike that had not been authorized by Congress? The question that I really want to know is why did you decide to attack rather than interdict? If you interdict a drug boat you get evidence. You seize the drugs but you also get evidence by having access to people and often it is that evidence that leads you to be able to go after the kingpins and the real, you know, muscle behind these operators.”

Kaine added, “If you attack a boat and destroy it makes an impact, but you do not get the evidence. It may actually be counter-productive in fighting narco trafficking.”

As I noted above, when Chairman Wicker closed the September 18 hearing, he said, “The questions about what happened in the Caribbean [and now eastern Pacific] are going to have to be answered. This committee has congressional oversight responsibility.”

Earlier, Sens. Wicker and Slotkin had an exchange about what might occur at any future oversight hearing.

Chairman Wicker reminded Slotkin that “each witness has answered in the affirmative to this question, ‘do you agree to provide records, documents, electronic communications in a timely manner when requested by this committee, et cetera.’ So that is on the record.”

Sen. Slotkin asked, “Do you understand that as video? Just to clarify for me, Chairman.”

Chairman Wicker responded, “Documents, records. I think each witness has answered in the affirmative there…and they will be obligated to follow that.”

“Great,” Sen. Slotkin said at one point, “I look forward to the video.”

I think we all do.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

AI-Powered Adversaries Require AI-Driven Defenses

OPINION — The use of artificial intelligence by adversaries has been the subject of exhaustive speculation. No one doubts that the technology will be abused by criminals and state actors, but it can be difficult to separate the hype from reality. Leveraging our unique visibility, Google Threat Intelligence Group (GTIG) has been able to track the use of AI by threat actors, but the pace of change has made it challenging to even forecast the near future. However, we are now seeing signs of new evolutions in adversary use, and hints at what may lie ahead in the near future. Most importantly though, there are opportunities for defensive AI to help us manage these future threats.

Evolution Thus Far

Over the course of the last eight years, GTIG has observed AI-enabled activity evolve from a novel party trick to a staple tool in threat actors’ toolbelts. In the early days, we detected malicious actors embracing the nascent technology to enhance their social engineering capabilities and uplift information operations campaigns. The ability to fabricate fake text, audio, and video was quickly abused by threat actors. For instance, several adversaries use GAN images of people that don’t exist to create fake personas online for social engineering or information operations campaigns (this negates the use of real photos in these operations, which could often be foiled when the photo was researched). A poor deepfake of Volodymyr Zelensky was created in an effort to convince Ukrainians that he had capitulated in the early hours of the full scale Russian invasion in 2022. Additionally, deepfakes have been reportedly used in state and criminal activity.

By investigating adversary use of Gemini we have some additional insight into how AI is being leveraged. We have observed threat actors using Gemini to help them with a variety of tasks like conducting research and writing code. Iranian actors have used it for help with error messages and creating python code for website scraping. They have also used it to research vulnerabilities as well as the military and government organizations they are targeting. North Korean actors have also tried to use Gemini for help with scripting, payload development, and evading defenses. Additionally, DPRK IT workers use AI to create resumes and fake identities.

One of the most interesting uses of Gemini by threat actors has been enabling deeper access during intrusions. In these cases, China-nexus cyber espionage actors appear to reach a certain juncture in an intrusion where they need technical advice on how best to execute the next step. To that end, they have sought guidance on problems like how to record passwords on the VMware vCenter or how to sign a plugin for Microsoft Outlook and silently deploy it from their position inside a network.

Gemini is not an ideal tool for threat actors, however, since guardrails are in place to prevent its abuse, foiling many of their use cases. Unfortunately, the criminal marketplace now offers their own models and related tools that are unhindered by guardrails and purpose-built for malicious activity. There are now several mature tools that offer help with tasks like malware development, phishing, and vulnerability exploitation. A common theme in these tools is the ability to boost the efforts of less technically skilled actors.

While some of these AI use cases are novel (like deepfakes) most were previously available through other means or could be obtained with sufficient resources. Pictures could be edited, social engineering emails could be translated, and skills could be learned the old fashioned way. Until recently, we had not seen many potentially game changing use cases.

While we had previously seen some experimental samples, AI-enhanced malware has only just begun to be adopted by threat actors, and there is some evidence it may be a useful means of avoiding detection. Nevertheless, there is also reason to be optimistic about the prospects of using AI to prevent this type of activity. This August, malware that leverages an LLM was used in Ukraine by the Russian cyber espionage actor APT28. It called out to an open source LLM through API to create commands on the fly and evade static detection. We saw a variation on this theme recently by another actor as part of the NPM supply chain incidents. That malware used LLM command line interfaces on the victims machine to stay beneath the radar. In the latter case, no security vendors flagged the malware as malicious in VirusTotal, but interestingly it was flagged as a “severe security threat” by VirusTotal’s Code Insight feature, an LLM capability itself. As AI-enhanced malware becomes more commonplace we will get a better understanding of what it takes to stop it and how relevant AI will be to addressing it.

Imminent Capabilities

In addition to AI-enhanced malware there are two additional AI use cases that we expect threat actors to adopt imminently: novel vulnerability discovery and automated intrusion activity. While there are still scant signs of adversary use of these capabilities, there are corresponding capabilities in use and under development by defenders that prove they are possible. Furthermore, we do not expect the use of these capabilities to be wholly transparent. Due to constraints, adversaries are unlikely to use mainstream public models for these purposes, denying us a means of observing their adoption.

AI’s ability to discover previously unknown vulnerabilities in software has now been well-established by several defensive efforts designed to identify these flaws before adversaries. Google’s own BigSleep, an AI agent purpose-built for this task, has uncovered over 20 vulnerabilities leading to pre-emptive patching. In two cases Big Sleep was used in conjunction with intelligence to uncover zero-day vulnerabilities as adversaries staged them for attacks.

Unfortunately BigSleep and similar efforts offer tangible proof of a capability that can and will almost certainly be abused by adversaries to discover and exploit zero-day vulnerabilities. Zero-days are a boon for threat actors who will target researchers, infiltrate tech companies, and spend lavishly to uncover them. The clear opportunity to use LLMs will not have been lost on state actors who have the resources to carry out research and development in this area.

Another prospective use of agentic AI is the automation of intrusion activity. This capability was presaged by the aforementioned China-nexus cyber espionage operators who asked Gemini during active intrusions for help. The application of agentic technology to this use case is somewhat obvious: an agent that can leverage this help automatically to transit targeted networks and accomplish the intrusion’s objectives without the operator’s direct intervention. There are already numerous efforts to build these capabilities for defense and at least one related open source effort has been the subject of discussion in the criminal underground.

These developments could radically change the challenge facing defenders. Without compensating with proactive use of AI to find vulnerabilities, we can expect the scale of the zero-day problem to grow significantly as adversaries adopt the technology for this purpose. Automated intrusion activity will likely affect the scale of activity defenders are facing as well, as humans are replaced by multiple agents. This activity will be faster as well. Agents will be able to react more quickly to zero-days or discover short-term weaknesses in defenses.

In both cases, AI offers the clearest solution for defenders. BigSleep and similar solutions will be necessary to uncover vulnerabilities faster than adversaries, seizing the initiative. In the same vein, Google has just released details of an agent called CodeMender that can automatically fix vulnerabilities and improve code security. Agentic solutions may also be the best solution to automated intrusion activity: without this technology we will struggle to move as quickly or handle the deluge of attacks.

Implications

The pace of AI adoption by adversaries will be determined by resources at their disposal and the opportunity the technology enables. The most sophisticated actors will not dawdle in adopting these capabilities, but their activity, as always, will be the most difficult to observe. To prepare wisely we will have to anticipate their activity and begin taking action now. Cyberdefenders will have to reach the same conclusion that has already been reached in other fields of conflict: the solution to an AI-powered offense is an AI-powered defense.

Who’s Reading this? More than 500K of the most influential national security experts in the world. Need full access to what the Experts are reading?

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

because National Security is Everyone’s Business.

The U.S. Coast Guard’s Quiet Drug War Wins Amid Trump’s Caribbean Strikes

OPINION / FINE PRINT — “The U.S. Coast Guard announced [last] Tuesday it has seized more than 100,000 pounds of cocaine in the eastern Pacific Ocean since launching Operation Pacific Viper in early August, averaging over 1,600 pounds interdicted daily. These drug seizures, and the apprehension of 86 individuals suspected of narco-trafficking, were the result of 34 interdictions since early August. Through Operation Pacific Viper, the Coast Guard is accelerating counter-drug operations in the eastern Pacific Ocean, where significant transport of illicit narcotics continues from Central and South America. In coordination with international and interagency partners, the Coast Guard is surging additional assets — cutters, aircraft and tactical teams — to interdict, seize and disrupt transshipments of cocaine and other bulk illicit drugs.”

That’s the beginning of a U.S. Coast Guard press statement released last Tuesday, which has gotten little national publicity.

I publish it, and more about Operation Pacific Viper, because until last week I had no knowledge of this successful Coast Guard operation. It’s important, because one day later, in the Oval Office last Wednesday, President Trump was asked by a reporter why he had not used the Coast Guard to stop alleged Venezuelan narco-boats rather than having – at that time -- at least five of them blown up causing the deaths of 27 individuals. A sixth narco-vessel was destroyed last Friday killing three more individuals.

Last Wednesday, Trump replied, “We've been doing that [using Coast Guard interdiction] for 30 years and it has been totally ineffective.” Trump went on: “They [the Venezuelan narco-traffickers] have faster boats. Some of these boats are seriously, I mean they're world-class speedboats, but they're not faster than missiles.”

Apparently, the “world-class speedboats” have not affected the Coast Guard interdiction activities in the eastern Pacific. Below is a Coast Guard-released photo of Coast Guard Cutter USS Hamilton with its two boarding teams out interdicting two go-fast speedboats suspected of drug smuggling. It was taken June 26, 2025, southeast of the Galapagos Islands, Ecuador.

As last Tuesday’s Coast Guard press release explained, “Detecting and interdicting narco-terrorism on the high seas involves significant interagency and international coordination. U.S. Southern Command’s (SOUTHCOM’s) Joint Interagency Task Force-South (JIATFS), based in Key West, Florida, detects and monitors both aerial and maritime transit of illegal drugs. Once interdiction becomes imminent, the law enforcement phase of the operation begins, and control of the operation shifts to the U.S. Coast Guard throughout the interdiction and apprehension.”

I should point out that SOUTHCOM’s JIATFS is a Defense Department (DoD) command that uses the capabilities of U.S. intelligence and law enforcement agencies, allies and partner nations to detect, monitor, and support interdiction of illicit narcotics movements in the air and maritime throughout the Western Hemisphere – meaning both the Pacific and Caribbean areas.

Let me emphasize, SOUTHCOM directs what takes place both in the eastern Pacific and the Caribbean areas.

In the case of last June’s narco-trafficker speedboat in the above photo, the boat was initially detected by a U.S. Navy maritime patrol aircraft. Then the Hamilton’s own Helicopter Interdiction Tactical Squadron aircrew took over and provided airborne tactical support. Among their special weapons are helicopter-mounted, long-range rifles that can hit and disable the engines mounted at the rear of narco-trafficker speedboats. The result is the speedboats in the eastern Pacific are being halted, the crews arrested, and seizure of more than 4,475 pounds of cocaine, according to the Coast Guard.

In the Caribbean, the U.S. has Coast Guard cutters similar to the Hamilton, but also other U.S. Navy vessels that I believe would have permitted seizure of the five speedboats that instead were blown up. While the first Caribbean-located speedboat destroyed September 1, was moving, perhaps heading back to where it came from, videos of the next four that were destroyed showed they were not moving in the water before they were struck and exploded.

Why had those four stopped?

Last Thursday, Defense Secretary Hegseth announced a sixth strike, this time against a slow-moving semi-submersible submarine-type boat used by narco-traffickers in both the Caribbean and eastern Pacific.

On Friday, in an Oval Office press availability, President Trump said, “We attacked a submarine, and that was a drug-carrying submarine built specifically for the transportation of massive amounts of drugs.” The semi-submersible was destroyed, but while two crew members were killed, two survived.

Here I should note that under Operation Pacific Viper, the Coast Guard has also released recent video showing its personnel capturing a semi-submersible narco-trafficking vessel in the eastern Pacific, arresting its crew and seizing its drugs.

On Friday, President Trump tried to rationalize the Caribbean policy of blowing up narco-trafficking vessels, with no mention that in the eastern Pacific under Operation Pacific Viper similar narco-traffickers are stopped, boarded, crews arrested and drugs seized.

Trump on Friday defended the Caribbean destruction/killing policy saying, “We had tremendous amounts coming in by boats, by very expensive boats. You know, they have a lot of money, very fast, very expensive boats that were pretty big. And the way you look at it is every boat that we knock out, we save 25,000 American lives. So every time you see a boat [destroyed] and you feel badly, you say, ‘Wow, that's rough.’ It is rough. But if you lose three people and save 25,000 people -- these are people that are killing our population. Every boat is saving 25,000 lives.”

On the other hand, Rear Adm. Jeffrey Novak, deputy commander of the Coast Guard Pacific Area, whose Operation Pacific Viper since August has carried out 34 interdictions and arrested 86 suspected narco-traffickers, said last Tuesday, “Our maritime fighting force is scouring drug smuggling routes in the eastern Pacific and dismantling narco-terrorist networks. We are complementing the Coast Guard’s unique law enforcement authorities with cutting-edge capabilities to stop the flow of deadly drugs that threaten U.S. communities.”

Why a killing policy in the Caribbean and an interdiction policy in the eastern Pacific?

On Thursday, the same day that Secretary Hegseth announced the striking of the semi-submersible, Adm. Alvin Holsey, commander of SOUTHCOM, unexpectedly announced he was retiring after less than a year into what normally is a three-to-four year assignment. Holsey gave no reason.

However, The New York Times reported last Thursday that one current and one former U.S. official said Adm. Holsey “had raised concerns about the mission and the attacks on the alleged drug boats.”

The Trump administration has argued that drug cartels are Foreign Terrorist Organizations and Transnational Criminal Organizations and it is the policy of the U.S. “to ensure the total elimination of these organizations’ presence in the United States and their ability to threaten the territory, safety, and security of the United States,” according to an Executive Order signed by President Trump on January 20, 2025.

This has led to the Trump administration’s legal justification for using military force against narco-traffickers in the Caribbean, classifying them as "unlawful combatants." This policy shift has been highly controversial and has triggered debate among lawmakers and legal experts.

Sen. Mark Kelly (D-Ariz.), appearing Sunday on CBS’ Face the Nation, said, “This [Caribbean] operation, which is clearly, traditionally a law enforcement operation, now escalating to something maybe, as the President talks about, regime change. I think this is the wrong move for this President. The Coast Guard has the resources to do this.”

A Navy pilot for more than 20 years who flew 39 combat missions during Desert Storm, and later three space flights as a NASA astronaut, Kelly added, “I do worry about the legal authorities or lack thereof that the United States military has to conduct these kinds of strikes… Those admirals and generals, they need to speak truth to power. I have had conversations with the most senior members of our military about this specific thing. They cannot be breaking the law.”

Kelly went on, “[It] doesn't matter if the President or the Secretary of Defense tells them to do something. If it's against the law, they have to say no. They're not required to follow an unlawful order. So we expect that from them.”

When it came to Adm. Holsey’s surprise retirement, Kelly said, “I don't know the exact circumstances, why the admiral quit. He hasn't said publicly yet. I expect, in time, we're going to find out more.”

Let us hope so, from Adm. Holsey or some other military personnel involved in the Caribbean killing operations.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Caribbean Emerges as a Test of U.S. Power

DEEP DIVE — U.S. military forces this week carried out yet another strike on a vessel in Caribbean waters off Venezuela, marking the sixth such lethal operation since September. For the first time, two survivors were rescued and taken into U.S. custody aboard a navy ship.

President Trump also confirmed that he has authorized covert CIA operations inside Venezuela, dramatically broadening the theater of confrontation. Meanwhile, Venezuelan President Nicolás Maduro appealed to the U.N. Security Council, demanding the body denounce the strikes as violations of sovereign rights — a motion the U.S. is poised to veto.

These actions are the latest installments in a mounting campaign the U.S. launched in early September, signaling a shift from isolated interdictions into sustained military pressure.

On September 2, U.S. forces struck a vessel in international waters, killing 11 people, and claimed that it belonged to the Tren de Aragua gang and was laden with narcotics. Just over a week later, Washington unveiled an extensive naval deployment comprised of eight warships, a submarine and thousands of troops and launched a second attack against another alleged smuggling vessel, sending a clear message that the operation is systematic rather than episodic.

Then, in early October, the administration formally alerted Congress that the United States was in “armed conflict” with regional drug cartels, and promptly followed with another strike off Venezuela’s coast, killing four.

What began as maritime interdictions has evolved into a strategic escalation — combining naval power, aerial presence, covert action, and legal redefinition of cartels — in what appears to be an intensifying, long-term confrontation.

Ryan Berg, director of the Americas Program at the Center for Strategic and International Studies, tells The Cipher Brief the strikes “represent a paradigm shift in how the United States conducts counternarcotics.”

“Previously, the United States would board and search vessels and make arrests. Driving much of this paradigm shift is the foreign terrorist designations on more than a dozen organizations,” he continued. “The administration wants to send the message that this is not just a rhetorical shift, but that this is a shift with meaning. We deal with terrorists differently than we deal with criminals.”

From Quiet Waters to Strategic Theater

For decades, the Caribbean was viewed in Washington as a quiet, if troubled, backyard, important for migration and commerce, but hardly central to global competition. That calculation has changed. Today, the region is framed as a frontline of American power, where the U.S. confronts a convergence of transnational threats — from drug trafficking and irregular migration to external influence from China, Russia, and Iran — that unfold just off its own shores.

Michael Shifter, adjunct professor at Georgetown University and former president of the Inter-American Dialogue, tells The Cipher Brief that the strikes “will have a critical impact on the Caribbean security situation.”

“For the first time since the Panama invasion in 1989, the U.S. has carried out combat operations against assets allegedly connected to a Latin American government,” he noted. “That the strikes were conducted without regard to international law has unnerved other regional governments and made them wonder if they might be the next target.”

For much of the post-Cold War era, the Caribbean was not a primary theater for U.S. grand strategy. Policymakers often focused on the Middle East, Asia, and Europe, leaving the islands and waterways between Florida and South America to languish in relative neglect. The U.S. presence was episodic and reactive — providing disaster relief after hurricanes, conducting occasional counternarcotics patrols, and offering modest development aid.

But adversaries were not idle. China deepened infrastructure investments, secured port access, and trained regional military officers in its academies. Russia provided defense diplomacy, intelligence cooperation, and symbolic shows of force. Iran, though less prominent, found opportunity through Venezuela and proxy networks. These activities chipped away at U.S. primacy, testing whether Washington’s absence created a strategic vacuum.

“The presence of the expanded array of U.S. surveillance assets, cruisers, destroyers, amphibious ships, F-35 fighters, and other forces, in conjunction with the demonstrated use of force and reported planning for strikes inside Venezuela, are visibly driving panicked reactions by the Maduro regime,” Evan Ellis, research professor of Latin American studies at the U.S. Army War College Strategic Studies Institute, tells The Cipher Brief. “This demonstrates that the U.S. is willing to go beyond traditional law enforcement interception protocols to use lethal force against suspected drug boats.”

A Renewed U.S. Deterrent Strategy

The Trump administration has reframed narcotics networks as “narco terrorists,” a label that blurs the line between law enforcement and national defense. This allows for military strikes against what once would have been considered criminal targets. The Venezuelan boat destroyed on September 2 is the most vivid example yet, and it sparked immediate backlash from governments in Caracas, Bogotá, and across the Caribbean.

Venezuela condemned the strike as a violation of sovereignty, with Nicolás Maduro mobilizing civilian militias and promising to defend territorial waters. Colombia’s President Gustavo Petro went further, calling for international investigations into U.S. officials for what he termed unlawful killings. Fishermen in Trinidad and Tobago expressed concern about being caught in the crossfire, as expanded naval patrols threatened their livelihoods and heightened the risks to civilian vessels.

From Washington’s perspective, these costs are tolerable compared to the benefits of deterrence. Deploying advanced assets — such as F-35 fighters to Puerto Rico — signals that the U.S. views the region as strategically vital. The administration is also seeking to highlight the deterrent value of its strikes, suggesting they could disrupt smuggling operations and complicate adversaries’ strategic planning.

Still, questions loom about legality and proportionality.

“Unilateral U.S. military operations in Latin America have a long and often unhappy history,” Shifter said. “They remain extremely sensitive and touch a nerve in the region.”

The Policy Evolution: From Reactive to Strategic

The idea of a sustained U.S. Caribbean policy, however, is not new. The 2020 U.S. Strategy for Engagement in the Caribbean outlined plans for expanded diplomacy, development, and security cooperation. Yet progress was limited by competing priorities and budget shortfalls.

What has changed in 2025 is the scale and framing of U.S. involvement. Rather than treating the Caribbean as an ancillary focus of counternarcotics or disaster relief, the Trump administration now casts it as a frontline of national defense. The deployment of warships and high-tech aircraft, the aggressive legal redefinition of cartels, and the diplomatic outreach led by Secretary of State Marco Rubio all point to an institutional pivot.

Congress is also being drawn into the mix. The reintroduced Caribbean Basin Security Initiative Authorization Act would allocate $88 million annually through 2029 for security cooperation. The measure reflects recognition that sustained resources, not episodic funding, are necessary to compete with external powers.

Risks, Imperatives, and What Comes Next

The road ahead carries both promise and peril. On the opportunity side, elevating the Caribbean to a strategic priority acknowledges geographic fact: the region sits on America’s doorstep, with busy sea lanes and chokepoints that have often been overlooked in U.S. defense planning. A credible deterrent posture, paired with investments in governance and development, could help steady fragile environments and blunt the appeal of rival powers.

Yet the risks of escalation are considerable. Misidentifying a civilian vessel, overreaching in the use of force, or neglecting consultation with regional partners could provoke backlash that undermines U.S. legitimacy.

“It is doubtful that the U.S. strikes will be effective in stopping the flow of narcotics,” Shifter cautioned. “Traffickers will adapt, alter their routes and try to minimize risks. Retaliation by criminal groups cannot be ruled out.”

Ellis warned of another danger: the aftermath of regime change in Venezuela.

“The biggest risks of such an operation would be whether Maduro could be captured alive. The other risk is that, in the absence of a more enduring U.S. force, the legitimate government of Edmundo González would not be able to establish order and control over the military,” he pointed out. “A post-Maduro Venezuela could degenerate into a free-for-all between criminal factions, guerrilla groups, sindicatos, and pranes — with Cuban and Russian elements fueling instability.”

Berg, by contrast, argued that regional cooperation has been robust.

“What has been great to see is the regional support for the United States’ deployment. Jamaica, Trinidad and Tobago, and Guyana have been vocally supportive,” he said. “The Dominican Republic, Ecuador, Peru, Paraguay, and Argentina have all declared the Tren de Aragua to be a foreign terrorist organization in the last month. Countries in the region appear open to a different approach, and some are even synchronizing their approaches with the United States on counternarcotics.”

The strike that killed 11 people was both a tactical hit on a trafficking network and a symbolic declaration of intent. What follows will decide whether this marks the start of a durable doctrine — or an overreach that produces more instability than it resolves.

“More consistent presence in the region will be key to ensuring that the United States can secure its interests,” Berg added.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

because National Security is Everyone’s Business.

Trump’s Next Test: Kim Jong Un’s Bid for Legitimacy and a Nuclear Normalization Deal

EXPERT OPINION — North Korean leader Kim Jong Un is ready to do business with President Donald Trump. Over the past few years, Mr. Kim has burnished his credentials as a world leader, well-prepared for a fourth substantive meeting with Mr. Trump.

Mr. Kim’s recent meetings with Russian President Vladimir Putin and the new mutual defense treaty with the Russian Federation have developed into an alliance of unexpected consequences. The 15,000 North Korean troops assisting Russian forces in the Kursk region and the massive amount of artillery shells, drones and ballistic missiles provided to Russia for its war of aggression in Ukraine was a significant development that surprised many of the pundits who viewed North Korea as a distraction, confined to the Korean Peninsula.

Indeed, Mr. Kim’s presence in Beijing for the 80th anniversary of World War II Victory Day celebrations, standing next to Chinese President Xi Jinping and Mr. Putin was testimony to China’s decision that North Korea cannot be ignored and a close alliance with North Korea is in China’s interest.

And certainly, last Friday’s parade and gala in Pyongyang on the 80th anniversary of the founding of the ruling Korean Workers’ Party was an emboldened Mr. Kim announcing to the world that North Korea has arrived and can not be ignored. In the presence of Chinese Premier Li Qiang, former Russian President Dmitry Medvedev and Vietnam’s Communist Party Chief To Lam and others, Kim made it clear when he said North Korea “was a faithful member of Socialist forces… and a bulwark for independence… against the West’s global hegemony.”

Doubling down, North Korea at the military parade introduced their new Intercontinental Ballistic Missile, the Hwasong-20, a solid fuel massive missile capable of carrying multiple nuclear warheads and capable of targeting the whole of the U.S. Other weaponry, to include hypersonic and cruise missiles also were on display, making it clear that Mr. Kim was serious when he said North Korea would enhance its nuclear capabilities.

At a recent Workers’ Party Plenary session, Mr. Kim said he was prepared to meet with Mr. Trump, on the condition that the U.S. would accept North Korea as a nuclear weapons state. Mr. Kim spoke of fond memories of his previous encounters with Mr. Trump. And at the United Nations on September 29, after seven years of no-show, North Korea’s Vice Foreign Minister Kim Son-Gyong said North Korea would never give-up its nuclear weapons; to do so would be tantamount to giving up its sovereignty.

Indeed, North Korea succeeded in getting Russia to accept its nuclear weapons status. Russia was a member of the Six Party Talks with North Korea and actively assisted the U.S., South Korea, Japan and China in demanding that North Korea denuclearize completely and verifiably. Russia is now saying North Korea should retain and enhance its nuclear weapons and is probably assisting North Korea with its nuclear weapons program.

Hopefully, China will not relent and continue to demand that North Korea denuclearize. Some say that China is now less committed to North Korean denuclearization than in the past. It’s likely this was discussed when North Korea’s Foreign Minister, Choe Son Hui, met with her counterpart in China, Foreign Minister Wang Yi. Interestingly, both participated in the Six Party Talks with North Korea, when Mr. Wang was the chairman of the Talks in Beijing and Ms. Choe was an adviser to Vice Foreign Minister Kim Kye Kwan, head of the North Korean delegation to the Talks.

North Korea’s goal is to have a normal relationship with the U.S. This is something Mr. Kim’s father, Kim Jong il, and grandfather, Kim il Sung, pursued since 1994. A relationship with the U.S. would give North Korea international credibility and access to international financial institutions for economic development purposes. It will also untether North Korea to China. It is no secret that historically, and even after Mr. Xi assumed power in China in 2013, the bilateral relationship between North Korea and China has been tense.

And indeed, given North Korea’s experience in dealing with the former Soviet Union in 1991, at the end of the Cold War, when Moscow downgraded relations with North Korea and in 1995, when Russia officially renounced the mutual assistance treaty with North Korea. It, therefore, should be obvious to North Korea that once the war in Ukraine is over, Russia’s need for continued North Korean assistance will end and the relationship will likely be downgraded.

This is the time for Mr. Trump to meet with Mr. Kim to talk about security assurances and a path to normal bilateral relations. The issue of North Korea’s nuclear status need not be the focal point for future discussions. It should, however, continue to be our goal, but at an appropriate time.

This column by Cipher Brief Expert Joseph Detrani was first published in The Washington Times.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Hidden National Security Risk in Smart Cities

OPINION — It is worryingly easy to get hold of personal and sensitive data on American military and intelligence personnel. Earlier this year investigative journalists reported that a Florida-based data broker had marketed 3.6 billion location coordinates from devices belonging to U.S. military and intelligence staff stationed in Germany, with the data allegedly sourced through a Lithuanian advertising technology company. The dataset reportedly tracked movements in and around U.S. military installations and even recorded alleged visits by military personnel to German brothels. Academic research, including a 2023 study funded by the U.S. Military Academy, has documented how advertising supply chains can expose sensitive information, such as financial and health records of the military and intelligence communities.

The vast amounts of data collected from phones and other internet-connected devices—and traded globally through the multi-billion-dollar data brokerage industry—have rightly drawn growing concern from national security professionals. Yet the parallel surge in data collection through smart-city technologies has received far less attention. Around the world, cities are deploying advanced information and communications systems to optimize everything from energy use and traffic management to policing and environmental performance. The data emerging from these systems is qualitatively different: continuous, infrastructure-linked, and often directly tied to identifiable individuals and critical sites. Even without commercial resale, such data can easily flow—intentionally or inadvertently—into the hands of U.S. competitors and adversaries, posing a distinct national security risk.

While phone apps and advertising data are gathered at certain moments and often with delays, smart-city sensors capture information in real time, around the clock. This gives the data greater spatial precision, accurately mapping activity to specific roads, entrances, and choke points, whereas device-centric GPS or Wi-Fi signals from typical data-broker sources are noisier and less reliable. Moreover, smart-city data is tightly bound to real-world identities, linking information such as license plates, transit cards, vehicle identifiers, facial imagery, or utility meters directly to people and places. In contrast, data brokers typically rely on trackers and identifiers that require additional “enrichment” to infer who someone is. This makes smart-city data inherently more identifiable—and therefore more sensitive—from the moment it is collected.

Smart-city operations inherently generate vast datasets that reflect the rhythms of daily life. On a typical morning commute through a connected metropolis, an individual leaves behind a dense trail of digital traces detailed enough to reconstruct their routine. License plate readers track vehicle movements; traffic cameras and transit cards log each stop and transfer. Smart parking meters, toll sensors, and even networked streetlights record times and locations. By the time the commuter arrives at the office, building access systems, facial-recognition cameras, and smart elevators have verified and stored their presence—all producing data that may be processed, shared, and sold far beyond city borders.

What begins as an ordinary commute can pose risks. The same streams of data that keep cities running efficiently can compromise covert or clandestine urban infrastructure—such as safe houses. Even when an individual’s identity remains unknown, long-term data retention allows for after-action attribution. With sufficient archives, authorities—or anyone who gains access to the data—can retrospectively reconstruct vehicle routes, recurring digital patterns, and anomalies in utility use, effectively linking an individual to a dwelling that was invisible in real time. For the intelligence and special operations communities, this means that the longer a safe house remains active, the greater the chance that archived urban data will eventually reveal its connection to past activity.

In most smart cities, local governments team up with private tech companies to run the networks of sensors, cameras, and apps that keep the city smart. While municipal authorities collect data to improve services—like managing parking space—vendors often handle the technical side, storing and analyzing that information on their own systems. Along the way, some of this data is shared with third-party partners for analytics, advertising, or “service optimization”—a catch-all term for improving device performance and adjusting how services are delivered. From there, data can flow into the vast ecosystem of data brokers, who combine it with information from other sources and resell it on the open market. The result: data that began as part of a city service can eventually be bought across countries and jurisdictions with little trace of its public origins.

Even without commercial resale, smart-city data can find its way into the hands of U.S. competitors and adversaries. Take Chinese vendors, for example. Huawei and other companies have aggressively marketed smart-city technologies worldwide. According to a 2022 report by the Center for Strategic and International Studies, China’s Digital Silk Road has served as a major channel for exporting smart-city systems. The U.S.–China Economic and Security Review Commission has documented hundreds of such exports by Chinese firms across 106 countries. More recently, researchers have noted that through these projects, Beijing gains intimate knowledge of urban operations. This is because under China’s 2017 National Intelligence Law, Chinese companies are legally obligated to cooperate with state intelligence services. As a result, Beijing does not even need to purchase the information through data brokers. Ultimately, smart-city data can provide Chinese intelligence networks with tools to influence—or pressure—municipal authorities.

For an adversary, access to extensive smart-city data archives offers at least four key advantages: the ability to reconstruct patterns of life for U.S. intelligence and military personnel, map their organizational networks, trace and attribute past events, and shape narratives in information warfare. Consider the last one, for example. Extended retention periods of smart-city datasets act as a generally overlooked force multiplier for information operations. For example, the same repositories that enable urban planning can be weaponized to construct convincing deepfakes: By fusing authentic time and location data with fabricated content, an adversary can produce false narratives that appear highly credible.An adversary could depict military personnel or public officials at sensitive sites, discrediting leadership or triggering diplomatic crises.

Addressing the challenges of smart-city data may benefit from structured “red team” exercises. Such exercises could involve legally acquiring commercially available datasets that encompass embassies, military bases, or other national security installations, followed by analysis of what information can be inferred across different time windows. Where appropriate, host ministries and municipal authorities could be engaged to adopt protective measures. Supplementary agreements—such as annexes to the Status of Forces Agreement or local memoranda of understanding—might establish short retention periods for data collected in designated military-adjacent zones. Such agreements could also mandate signed deletion attestations and prohibit vendors from exporting copies without explicit government approval.

Smart-city data—and the duration for which it is retained—deserves strategic scrutiny, not just technical management. These municipal datasets are living maps of how nations decide, adapt, and function. They mark another intelligence frontier—one we have yet to secure.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why the U.S. Is Losing the Cognitive Competition

EXPERT OPINION — In order for the U.S. to successfully compete for global influence against its adversaries and to avoid a kinetic fight, we must excel at cognitive warfare; that is military activities designed to affect attitudes and behaviors. This type of warfare is a subset of irregular warfare (IW) and combines sensitive activities to include information operations, cyber, and psychological operations to meet a goal. To develop these kinds of operations, the U.S. needs intelligence professionals who are creative and experts in their field. Additionally, the U.S. intelligence and operations sectors need to be comfortable working together. Finally, the U.S. needs decision makers who are willing to take risks and employ these methods. Without these components, the U.S. is doomed to fail in competing against its adversaries who practice cognitive warfare against us on a regular basis.

U.S. focus on IW and its subset, cognitive warfare, has been erratic. The U.S. struggles with adapting its plans to the use of cognitive warfare while our leaders have consistently called for more expertise for this type of warfare. In 1962, President Kennedy challenged West Point graduates to understand: "another type of war, new in its intensity, ancient in its origin, that would require a whole new kind of strategy, a wholly different kind of force, forces which are too unconventional to be called conventional forces…" Over twenty years later, in 1987, Congress passed the Nunn-Cohen Amendment that established Special Operations Command (SOCOM) and the Defense Department’s Special Operations and Low-Intensity Conflict (SO/LIC) office. Another twenty years later, then Secretary of Defense Robert Gates said that DoD needed “to display a mastery of irregular warfare comparable to that which we possess in conventional combat.”

After twenty years of best practices of IW in the counter terrorism area, the 2020 Irregular Warfare Annex to the National Defense Strategy emphasized the need to institutionalize irregular warfare “as a core competency with sufficient, enduring capabilities to advance national security objectives across the spectrum of competition and conflict.” In December 2022, a RAND commentary pointed out that the U.S. military failed to master IW above the tactical level. I submit, we have failed because we have focused on technology at the expense of expertise and creativity, and that we need to balance technology with developing a workforce that thinks in a way that is different from the engineers and scientists that create our weapons and collection systems.

Adversaries Ahead of Us

IW and especially cognitive warfare is high risk and by definition uses manipulative practices to obtain results. Some policy leaders are hesitant to use this approach to develop influence strategies which has resulted in the slow development of tools and strategies to counter our adversaries. U.S. adversaries are experts at IW and do not have many of the political, legal, or oversight hurdles that U.S. IW specialists have.

Chinese military writings highlight the PRC’s use of what we would call IW in the three warfares. This involves using public opinion, legal warfare, and psychological operations to spread positive views of China and influence foreign governments in ways favorable to China. General Wang Haijiang, commander of the People's Liberation Army's (PLA) Western Theatre Command, wrote in an official People’s Republic of China (PRC) newspaper that the Ukraine war has produced a new era of hybrid warfare, intertwining “political warfare, financial warfare, technological warfare, cyber warfare, and cognitive warfare.” The PRC’s Belt and Road Initiative and Digital Silk Road are prime examples of using economic coercion as irregular warfare. Their Confucius Centers underscore how they are trying to influence foreign populations through language and cultural training.

Russia uses IW to attempt to ensure the battle is won before military operations begin and to enhance its conventional forces. Russia calls this hybrid war and we saw this with the use of “little green men” going into Crimea in 2014 and the use of the paramilitary Wagner forces around the world. Russia also has waged a disinformation campaign against the U.S. on digital platforms and even conducted assassinations and sabotage on foreign soil as ways to mold the battle space toward their goals.

What Is Needed

U.S. architects of IW seem to primarily focus on oversight structures and budget, and less on how to develop an enduring capability.

Through the counterterrorism fight, the U.S. learned how to use on-the-ground specialists, develop relationships at tribal levels, and understand cultures to influence the population. The U.S. has the tools and the lessons learned that would enable a more level playing field against its adversaries, but it is not putting enough emphasis on cognitive warfare. A key to the way forward is to develop SOF personnel and commensurate intelligence professionals to support the SOF community who understand the people, the geography, and the societies they are trying to influence and affect. We then must go further and reward creativity and cunning in developing cognitive warfare strategies.

The Department of Defense and the intelligence community have flirted with the need for expertise in the human domain or social cultural sphere for years. The Department of Defense put millions of dollars into socio cultural work in the 2015-time frame. This focus went away as we started concentrating more on near peer competition. Instead, we focused on technology, better weapons and more complex collection platforms as a way to compete with these adversaries. We even looked to cut Human Intelligence (HUMINT) to move toward what some call a lower risk approach to collection—using technology instead of humans.

SOF personnel are considered the military’s most creative members. They are chosen for their ability to adapt, blend in, and think outside the box. This ingenuity needs to be encouraged. We need a mindful balancing of oversight without stifling that uniqueness that makes IW so successful. While some of this creativity may come naturally, we need to ensure that we put in place training that speaks to inventiveness, that pulls out these members’ ability to think through the impossible. Focused military classes across the services must build on latest practices for underscoring creativity and out of the box thinking. This entrepreneurial approach is not typically rewarded in a military that is focused on planning, rehearsals, and more planning.

Focusing on Intelligence and Irregular Warfare

An important part of the equation for irregular warfare is intelligence. This foundation for irregular warfare work is often left out in the examination of what is needed for the U.S. to move IW forward. In the SOF world, operators and intelligence professionals overlap more than in any other military space. Intelligence officers who support IW need to have the same creative mindset as the operators. They also need to be experts in their regional areas—just like the SOF personnel.

The intelligence community’s approach to personnel over the past twenty or so years works against support for IW. Since the fall of the Soviet Union, the intelligence community has moved from an expertise-based system to one that is more focused on processes. We used to have deep experts on all aspects of the adversary—analysts or collectors who had spent years focused on knowing everything about one foreign leader or one aspect of a country’s industry and with a deep knowledge of the language and culture of that country. With many more adversaries and with collection platforms that are much more expensive than those developed in the early days of the intelligence community, we cannot afford the detailed expert of yore anymore. The current premise is that if you know the processes for writing a good analytical piece or for being a good case officer, the community can plug and play you in any context. This means, we have put a premium on process while neglecting expertise. As with all things—we need to balance these two important aspects of intelligence work.

To truly understand and use IW, we need to develop expert regional analysts and human intelligence personnel. Those individuals who understand the human domain that they are studying. We need to understand how the enemy thinks to be able to provide that precision to the operator. This insight comes only after years of studying the adversary. We need to reward those experts and celebrate them just as much as we do the adaptable plug and play analyst or human intelligence personnel. Individuals who speak and understand the nuances of the languages of our adversaries, who understand the cultures and patterns of life are the SOF member’s best tool for advancing competition in IW. Developing this workforce must be a first thought, not an afterthought in the development of our irregular warfare doctrine.

CIA Director William Casey testified before Congress in 1981:

“The wrong picture is not worth a thousand words. No photo, no electronic impulse can substitute for direct on the scene knowledge of the key factors in a given country or region. No matter how spectacular a photo may be it cannot reveal enough about plans, intentions, internal political dynamics, economics, etc. Technical collection is of little help in the most difficult problem of all—political intentions. This is where clandestine human intelligence can make a difference.”

Not only are analytical experts important in support of IW but so are HUMINT experts. We have focused on technology to fill intelligence gaps to the detriment of human intelligence. The Defense Intelligence enterprise has looked for ways to cut its HUMINT capability when we should be increasing our use of HUMINT collection and HUMINT enabled intelligence activities. In 2020, Defense One reported on a Defense Intelligence Agency (DIA) plan to cut U.S. defense attaches in several West African countries and downgrade the ranks of others in eight countries. Many advocate for taking humans out of the loop as much as possible. The theory is that this lowers the risk for human capture or leaks. As any regional expert will tell you, while satellites and drones can provide an incredible amount of intelligence from pictures to bits of conversation, what they cannot provide is the context for those pictures or snippets of conversation. As Director Casey inferred, it is only the expert who has lived on the ground, among the people he/she is reporting on who can truly grasp nuances, understanding local contexts, allegiances, and sentiments.

While it is important to continue to upgrade technology and have specialists who fly drones and perform other data functions, those functions must be fused with human understanding of the adversary and the terrain. While algorithms can sift through vast amounts of data, human operatives and analysts ensure the contextual relevance of this data. Technologies cannot report on the nuances of feelings and emotions. The regional experts equip SOF operators with the nuanced understanding required to navigate the complexities that make up the “prior to bang” playing field. This expertise married with cunning and creativity will give us the tools we need to combat our adversary in the cognitive warfare domain.

Conclusion

The need for contextual, human-centric understanding for being able to develop plans and operations for cognitive warfare that can compete with our adversaries and keep us from a kinetic fight is paramount. Those who try to make warfare or intelligence into a science miss the truth, that to be proficient in either, art is a must. We need expertise to be able to decipher the stories, motives, and aspirations that make cognitive warfare unique. Regional intelligence experts discern the patterns, motives and vulnerabilities of adversaries; key needs for developing IW campaigns and for influencing individuals and societies. We need seasoned human intelligence personnel, targeters, and analysts who are experts on the adversary to be able to do this. We also need to develop and reward creativity, which is a must for this world.

We also have to be upfront and acknowledge the need to manipulate our adversaries. U.S. decision makers must concede that to win the next war, cognitive warfare is a must and it is essential for these leaders to take calculated risks to mount those campaigns to influence and manipulate.

The cost of cognitive warfare is but a rounding error when compared to the development of new technical intelligence collection platforms and the platforms’ massive infrastructures. This rounding error is a key lynchpin for irregular warfare and irregular warfare is our most likely avenue for avoiding a kinetic war. Human operatives, out of the box thinking, and expert analysts and human intelligence personnel are the needed bridges that connect data into actionable insights to allow our SOF community to practice the type of irregular warfare we have proven historically that the U.S..S. can provide and must provide to counter our adversaries and win the cognitive war we are currently experiencing.

Who’s Reading this? More than 500K of the most influential national security experts in the world. Need full access to what the Experts are reading?

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Afghanistan Is Becoming India and Pakistan’s Proxy Battlefield—Again

OPINION — On Oct. 15, 2025, Islamabad and Kabul announced a 48-hour ceasefire after days of shelling and cross-border clashes around Spin Boldak/Chaman and in Kurram. That same week New Delhi hosted Taliban Foreign Minister Amir Khan Muttaqi, the highest-profile Taliban visit to India since 2021. These two parallel events are not accidental. They are the visible symptoms of a strategic pattern that has, for decades, made Afghanistan an arena for India–Pakistan competition. If left unchecked, that competition will once again turn Afghan territory, institutions, and people into collateral damage.

The recent clashes underscore a simple truth: kinetic escalation along a porous frontier is a multiplier. Airstrikes, artillery duels, and intermittent border closures do not remain local nuisances. They force displacement, interrupt trade and humanitarian access, and create openings for transnational violent actors to regroup and expand. At the same time, high-level diplomatic gestures, like India’s reception of a Taliban foreign minister—help normalize engagement without demanding verifiable commitments from Kabul on terrorism, human rights, or governance. The result is a dangerous two-track dynamic: escalation on the ground and normalization in the capitals.

A brief history of the rivalry on Afghan soil

Pakistan’s footprint in Afghanistan is old and deep. From the anti-Soviet jihad to the 1990s civil war, Pakistan’s Inter-Services Intelligence (ISI) cultivated proxies, trained fighters in madrassas and camps, and hosted Taliban decision-making bodies in Quetta, Peshawar, and Miramshah. By the time I led Signals Intelligence at NDS, the material flows, explosives, trainers, and fighters—were a familiar pattern. As U.S. forces drew down after 2014, Islamabad’s public posture shifted; in private and in some diplomatic forums, Pakistan presented the Taliban as a political reality to be accommodated. That accommodation was always transactional, however, and it produced deep leverage inside Afghanistan—from provincial commanders to elements inside Kabul.

India’s engagement followed a different logic but with equally transactional ends. Delhi invested heavily in infrastructure, education and development—roads, power projects, scholarships that sent Afghans to Indian universities. Those investments built goodwill and administrative capacity. But India also positioned itself as a counterweight to Pakistan. New Delhi’s network of consulates, including two on Pakistan’s border, provided both soft-power reach and strategic insight. My colleagues and I at NDS were aware that New Delhi’s intelligence service (RAW) cultivated contacts in border provinces and maintained links that could be used against Pakistan. At the time the Afghan republic rationalized these partnerships: the enemy of our enemy was a useful ally. That pragmatic logic blinded us to a harsher reality—India’s support for Afghan institutions was, ultimately, calibrated to New Delhi’s competitive needs, not an unconditional commitment to the Republic’s survival.

Two anecdotes illustrate the corrosive effect of external rivalry on Afghan sovereignty. First, while intercepting communications as head of Signals Intelligence I once heard General Dostum pleading on the phone with Pakistan’s ambassador—an exchange that revealed how quickly even vocal opponents could seek patronage. Second, a private meeting with the RAW station chief in Kabul—held months before the Republic collapsed—left me with a hollow certainty: Indian intelligence was preparing contingency plans for the Republic’s fall rather than mobilizing to prevent it. Those were not betrayals born of malice but of strategic realism: both Delhi and Islamabad were optimizing for their own survival and leverage.

Why this rivalry matters now

Three features make the current moment particularly risky.

First, even when attacks originate with state-adjacent actors inside Afghanistan, their effects are interstate: whether Islamabad acknowledges strikes in Kandahar or Taliban-aligned groups carry out violence, the result is cross-border harm — civilians killed, infrastructure damaged, and humanitarian access disrupted.

Second, diplomatic gestures without conditionality distort incentives. India’s public reset—receiving a Taliban foreign minister—grants political space to a movement whose internal policies remain deeply repressive. If major regional powers normalize ties without demanding verifiable changes, they risk entrenching a governance model that enables radicalization and denies basic rights, particularly for women and minorities.

Third, Afghans pay the price. External competition saps Afghan agency. Political elites are incentivized to cultivate foreign patrons rather than build domestic coalitions. Former security personnel, civil servants and vulnerable communities are either abandoned or become leverage for outside actors. The human cost—displacement, loss of livelihoods, shrinking civic space—is the clearest metric of failure.

A three-part policy approach: sovereignty, de-escalation, and conditional engagement

If Washington and its partners are serious about stability in South and Central Asia, they should adopt a compact focused on three priorities.

Prevent Afghanistan from becoming the battlefield. The U.S. should lead a regional security initiative—narrow in scope but backed by monitoring and consequence mechanisms—bringing together India, Pakistan, Iran, China, and key Central Asian states. The initiative would pledge non-use of Afghan territory for hostile proxy activity, create impartial border monitoring mechanisms, and establish rapid-response channels to defuse incidents before they spiral.

Push India and Pakistan back to bilateral dialogue. The most durable way to remove Afghan soil from the rivalry is to reduce the rivalry itself. Washington should use calibrated incentives and diplomatic leverage to get Delhi and Islamabad into issue-specific talks—starting with confidence-building measures on border management, refugee handling, counter-narcotics cooperation, and a hotline for counterterrorism incidents. These are pragmatic, tradeable commitments that build reciprocity without demanding grand concessions.

Condition engagement with Kabul on verifiable benchmarks. Engagement with the de facto authorities will continue for humanitarian and security reasons—but it must not reward predation. Bilateral ties should be tied to transparent, public benchmarks: demonstrable counter-terrorism cooperation, protections for civilian populations (especially women and minorities), and steps to prevent Afghan soil from being used by transnational violent actors. Parallel support must be scaled for civil society, independent media, and the Afghan diaspora—networks that preserve the political capital needed for a future inclusive order.

Realism with consequences

Some will argue that Delhi’s and Islamabad’s actions are driven by existential fears and that external pressure has limited purchase. That is true. But realism also recognizes that incentives, reputational costs, and monitoring can alter strategic calculations. The goal is not to force idealism but to make proxy strategies less profitable—politically, economically and reputationally—than cooperation.

Conclusion

The recent ceasefire and high-profile diplomatic activity are warnings more than signals of resolution. Afghanistan’s sovereignty must not be treated as negotiable currency in a broader regional rivalry. If the international community fails to act, Afghans will continue to suffer as their country becomes the chessboard for others’ strategies. The path forward is straightforward, if politically difficult: prevent kinetic escalation, push India and Pakistan toward practical dialogue, and condition engagement with Kabul on measurable protections for Afghan people. For the sake of Afghanistan—and for regional security—that is the responsible, pragmatic choice.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Viktor Orban’s Russia Problem Is Becoming Hungary’s Disaster

OPINION — Hungary’s prime minister does not seem to grasp the gravity of the moment. His ally, Russia, is bleeding by a thousand cuts from Ukrainian drones, while Vladimir Putin’s former pal, Donald Trump, is now calling Russia a “paper tiger” and providing Kyiv with intelligence for long-range strikes.

For months, the U.S. president tried to play peacemaker, but Viktor Orban’s friend in Moscow ignored him – escalating missile strikes on Ukrainian cities and expanding hybrid warfare across Europe. Putin’s resolve to escalate only makes Trump look weak, and Trump does not tolerate looking weak. Now he appears to be bringing a stick to the negotiations. If Ukraine is indeed receiving Tomahawk missiles, things will only get worse for Putin. And for his friend in Budapest.

Orban appears to be sleepwalking into a crisis of his own making. His love affair with Putin has isolated him in Europe. His reliance on Russian oil threatens to result in an economic catastrophe if and when the oil stops flowing through Ukraine. His revanchist claims on Ukraine’s Zakarpattia Province has angered Kyiv, without winning Ukraine’s Hungarians to his side. And if he continues to provoke the drone superpower in Kyiv by violating Ukrainian airspace with Hungarian drones, he may one day find himself on the receiving end of a heavy stick.

How different things were in 1989, when more than 200,000 Hungarians gathered in Budapest’s Heroes’ Square for the reburial of Imre Nagy, the executed leader of the 1956 Revolution. The ceremony culminated in a bold seven-minute speech by a young Viktor Orban, who called for free elections and the withdrawal of Soviet troops still stationed in Hungary. It was that same Orban who during Russia’s invasion of Georgia in 2008, condemned it as an “imperialistic action of pure power politics.” But by 2022, he was captured by Russian money.

Whether Orban harbors imperial ambitions or simply covets the totalitarian control exerted by a corrupt Kremlin, Hungary has become a bastion of Chinese and Russian influence in the heart of Europe and has actively supported Putin’s war and provoked Kyiv.

In May 2025, Ukraine’s Security Service exposed a suspected Hungarian military intelligence network, marking the first time an EU state had been caught spying against Kyiv.

Then in September 2025, Ukrainian President Volodymyr Zelensky stated that reconnaissance drones likely belonging to Hungary had violated Ukraine’s airspace, the first such reported breach. Kyiv accused the aircraft of scouting Ukraine’s industrial capacity along the border.

Orban even shrugged off the violation while speaking on a talk show, saying that Hungarian drones “either crossed or not” into Ukraine’s skies, before adding that “Ukraine is not a sovereign country” and Hungary was not its enemy, so there was no problem. This reckless attitude is reflected within his own government. In a leaked 2023 recording, Defense Minister Kristóf Szalay-Bobrovniczky spoke of “breaking with the peace mentality” and entering “phase zero of the path to war.” This was the kind of language you’d expect from Moscow, not from the capital of a NATO ally.

That arrogance carries risks. In August 2025, Ukraine struck the Druzhba oil pipeline, cutting flows of Russian crude to Hungary and Slovakia – the only EU states still addicted to Moscow’s energy. Kyiv had little reason to spare countries that blocked aid in Brussels, and the strike showed that Hungary’s dependence on Russian pipelines is a vulnerability Ukraine can easily exploit. That Hungary signed a deal with France’s Engie to buy liquefied natural gas changes nothing, since Orban says he has no plans to stop importing gas and oil from Russia.

What’s the point of Orban’s provocations? Does he really believe that Russia is winning a war that’s cost it over 1 million casualties? Does he truly believe that Hungary can reestablish the borders it had during the Habsburg Empire and help Russia dismantle Ukraine? Does he not see that he’s compelling the EU and NATO to adopt measures that will ultimately isolate Hungary and negate its baneful influence?

A rational politician in a small, landlocked country that’s benefited inordinately from its neighbors’ largesse would certainly sing a different tune. Instead, Orban is, like Putin, driving his country toward disaster.

It’s possible that the erstwhile Hungarian patriot has become a Hungarian imperialist who models himself on Moscow’s dictator. More likely, Orban and his legitimacy are trapped in the revisionist ideology that helped him consolidate power. According to him and his propaganda apparatus, Hungary was victimized in both world wars, whereas the reality is that it happened to ally with the wrong side, thereby bringing its troubles upon itself.

That narrative, and Orban’s dictatorial pretensions, appear to have outlived their purpose. His opponent, Peter Magyar, leads Orban by around 10 percentage points and is likely to win the parliamentary elections in April 2026. Investors are already betting that a change of government would unlock as much as €18 billion in frozen EU aid, roughly a tenth of Hungary’s GDP, fueling a rally in the Hungarian forint.

Orban would be wise to change course and return to being the man who inspired thousands in 1989. He should stop pushing the Ukrainians, if only because that makes him look ridiculous. As Szabolcs Panyi, a Hungarian investigative journalist, has said, “Hungary’s army is wholly unprepared for any type of conflict with anyone. Ukraine’s army is so superior that it’s completely unrealistic that Orban would engage in direct fighting.”

Orban also declared that Hungary was “not afraid” to shoot down Russian drones if they violated his country’s airspace. Perhaps what he truly fears is cutting off the payments from Moscow that keep him loyal. In any case, Budapest would be the weak link in any European “drone wall,” should it soon be built. Still, the Russians seem to have been launching drones from ships, which would weaken any future drone wall.

As to the EU and NATO, Orban should realize that it makes no sense to bite, again and again, the hand that feeds you. Alas, Orban still has a long way to go. On October 1, German Chancellor Friedrich Merz reportedly clashed with Orban at an EU summit in Copenhagen after the Hungarian leader disrupted talks on the bloc’s security strategy and aid for Ukraine.

His hostility has only sharpened since. On October 6, Orban accused Zelensky of using “moral blackmail” to push Ukraine’s EU bid, claiming Hungary had “no moral obligation” to support it.

Unless a miracle happens, Orban will lose and be thrown out of office. Hungary could then become what it was in 1956 and 1989: a beacon of hope for democracy and human rights.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Inside the Secret War: Senate Concern Over U.S. Military Strikes in the Caribbean

OPINION — “Currently, the administration is waging a secret war against a secret list of unnamed groups that they will not tell us about. There have been four lethal strikes against [alleged Venezuelan narco-trafficking] boats in the Caribbean. The administration wrote us [the U.S. Senate] a letter…about what they were doing in September. They said they considered themselves to be in a ‘non-international armed conflict’ -- that means a war -- against a secret list of ‘designated terrorist organizations.’ I received a briefing last week on the administration’s strikes in the Caribbean. During that briefing, Members of the Senate Armed Services Committee, from both sides of the aisle, asked a Senate-confirmed official whether the Department of Defense could produce a list of the organizations that are now considered terrorists by the United States. They said they could not provide that list.”

That was Sen. Elissa Slotkin (D-Mich.), speaking on the Senate floor last Wednesday during the debate on a War Powers resolution that would have blocked U.S. military strikes in the Caribbean. It lost 48-to-51.

Slotkin, a former CIA analyst who also served as Assistant Secretary of Defense for International Security Affairs, gave a clear analysis of the several steps the Trump administration has taken that could eventually lead this country to a situation which, as Slotkin put it, “creates an excuse [for President Trump] to unilaterally use the military inside our cities, similar to the way he used them in the Caribbean.”

Other Senators provided additional information about today’s current extraordinary situation, which I will discuss below, but it was Sen. Slotkin who put it in the clearest context.

First, she established her own credentials, saying, “I am a CIA officer. I am a former Pentagon official. I did three tours in Iraq – armed -- alongside the military. I participated in the targeting of terrorist groups. I actually have no real problem going against [drug] cartels, given what they have done in their inserting drugs in our community and with the death of so many Americans. But as a nation, I think we should have as a basic principle that you can’t have a secret list of terrorist organizations that the American public and, certainly, the U.S. Congress don’t get to even know the names of.”

She referred back to the 2001 Global War on Terror saying it was, “kind of my era,” and spoke about how new foreign terrorist organizations were declared to Congress and then “our intelligence community, the military, and law enforcement would spin up to go after information about that group and prosecute -- you know, target against that group.”

Slotkin went on to explain how the Trump administration had late last month expanded the terrorist threat to include individuals and groups in this country.

Speaking about Trump’s September 22, Executive Order, “Designating Antifa As A Domestic Terrorist Organization,” Slotkin said the administration was “going to, again, make secret lists of ‘terrorist groups’ inside the United States and send the full force of the U.S. Government against those terrorist organizations. They are not telling anyone the name of these organizations, but they are authorizing law enforcement and the intelligence community to double down and come up with that list.”

This is a problem, Sen. Slotkin said, “because the Trump administration in that document [the Executive Order] defined ‘terrorist organization’ or ‘domestic terrorism’ incredibly broadly. It suggests that any group that talks about anti-Christian values, views they don’t like on migration or race, differing views on the role of the family, religion, or morality could all be grounds for labeling an organization ‘domestic terrorists.’’’

In fact, the reference to anti-Christian values appeared in a little-publicized follow-up to the September 22 Executive Order -- a September 25, National Security Presidential Memorandum/NSPM-7. An NSPM is a presidential directive that specifies and communicates national security policy to executive departments and agencies.

Citing “the authority vested in me as President by the Constitution and the laws of the United States of America,” and signed by Donald J. Trump, NSPM-7 gives directions to the Secretaries of State, Treasury, and Homeland Security as well as the Attorney General on “Countering Domestic Terrorism and Organized Political Violence.”

Building on the assassination of Charlie Kirk and attempts against Trump and others, NSPM-7 unites “this pattern of violent and terroristic activities under the umbrella of self-described ‘anti-fascism,’” or Antifa. NSPM-7 goes on to say, “Common threads animating this violent conduct include anti-Americanism, anti-capitalism, and anti-Christianity; support for the overthrow of the United States Government; extremism on migration, race, and gender; and hostility towards those who hold traditional American views on family, religion, and morality.”

NSPM-7 gives responsibility to the National Joint Terrorism Task Force and its local offices (JTTFs) to “coordinate and supervise a comprehensive national strategy to investigate, prosecute, and disrupt entities and individuals engaged in acts of political violence and intimidation designed to suppress lawful political activity or obstruct the rule of law.” In addition, JTTFs are to investigate “institutional and individual funders, and officers and employees of organizations, that are responsible for, sponsor, or otherwise aid and abet the principal actors engaging in” the above criminal conduct.

In addition, NSPM-7 says that the Attorney General “may recommend that any group or entity whose members are engaged in activities meeting the definition of ‘domestic terrorism’…merits designation as a ‘domestic terrorist organization.’ The Attorney General shall submit a list of any such groups or entities to the President through the Assistant to the President and Homeland Security Advisor [Stephen Miller].”

In her Senate speech, Sen. Slotkin continued, “If this administration is not telling us who is on their secret designated terrorist list for groups in the Caribbean, they are definitely not going to tell us who is on their list of domestic terrorist organizations.”

Finally, Sen. Slotkin spoke out about her future fear -- that President Trump may claim in some American city “if the violence has gotten to a level of an insurrection, it means that the U.S. military can now be used [under the Insurrection Act] as law enforcement in our cities. It means the U.S. military can raid; they can arrest; they can detain. You can easily see a world where the President of the United States labels protest groups ‘terrorists,’ doesn’t tell anyone, and creates an excuse to unilaterally use the military inside our cities, similar to the way he used them in the Caribbean.”

I agree Trump is headed in that direction, and past and present members of the military must also be aware of what’s going on.

Meanwhile other Senators during last Wednesday’s debate raised other issues needing public consideration.

For example, Sen. Adam Schiff (D-Calif.) said, “There is no question that drug traffickers, criminal gangs, and other criminal enterprises engage in horrific and violent acts. Murder is murder, whether committed by a human trafficker, a drug trafficker, or a member of al Qaeda. But there are fundamental differences in their motivation, which legally distinguishes a drug trafficker from a terrorist. It is common knowledge that a drug trafficker’s purpose is financial enrichment, while the definition of a ‘terrorist’ is a person who uses violence or the threat of violence to instill widespread fear to achieve a political or ideological goal.’’

Schiff raised another point related to the current situation. He said, “Other governments are using the label ‘terrorist’ to defame and criminalize social activists, political opponents, and journalists who engage in peaceful dissent. This is common practice in Iran, Russia, Egypt, and Saudi Arabia, where dissidents are imprisoned and even executed for being so-called ‘terrorists.’’’

In a challenge to Republicans, Sen. Tim Kaine (D-Va.) said, “If my [GOP] colleagues, as they have stated, believe we should be at war in the Caribbean or at war with nations in the Americas or with the narco-traffickers, they have had the ability the entire time to bring a resolution before us and have that debate in front of the American public. I have a feeling that debate would produce some positive votes if it were limited enough, but to allow a President to do it by secret, without Congress having the guts to have the debate and vote about whether the war is worthwhile, is contrary to everything this country stands for.”

Sen. Jack Reed (D-R.I.) raised a broader issue. “The notion that we can bomb our way out of a drug trafficking crisis is not a strategy,” Reed said, “it is wishful thinking. Using the U.S. military to conduct unchecked strikes in the Caribbean risks destabilizing the region, provoking confrontation with neighboring governments, and drawing our forces into yet another open-ended conflict without a clear mission or exit strategy.”

Reed continued, “Conflict in the Caribbean or with Venezuela is entirely avoidable, but the risk that we stumble into war because of one man’s impulsive decision-making has never been higher. Our troops deserve better—much better.”

President Trump has been after Venezuelan President Nicolas Maduro since 2018, including a failed, White House-driven, 2019 regime-change attempt to restore democracy in that country by replacing Maduro with opposition leader Juan Guaidó. John Bolton, National Security Advisor at the time, said in his book, The Room Where It Happened, that Trump assured Guaidó that he (Trump) would, in Bolton’s words, “pull off Maduro’s overthrow.”

Who knows what Trump is saying privately today about Maduro and planning for Venezuela?

But the Caribbean activities are but a sideshow to what the Trump administration has quietly underway in this country.

Again I refer to Sen. Slotkin’s words on the Senate floor last Wednesday: “The President is looking for an excuse to send the U.S. military into our streets, to deploy the U.S. military against his own people, to prompt confrontation, and to hope that confrontation justifies even more military force and military control. This is a well-worn authoritarian playbook. It is one that quite literally the United States of America was founded on rejecting -- the idea that British soldiers, when they occupied American cities, abused American citizens to the point where Americans turned against them.”

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

High-Stakes Talks in D.C.: Frozen Assets, Air Defense, and Tomahawks

DEEP DIVE – A senior Ukrainian delegation will travel to Washington D.C. this week for talks that are expected to include the use of frozen Russian assets to aid Ukraine, air defense challenges and increased sanctions on Moscow. The decision on whether or not the U.S. will provide Ukraine with Tomahawk missiles is also expected to be front and center.

Ukrainian President Volodymyr Zelensky says he believes that the Israeli-Gaza ceasefire announced late last week, is proof that a resolution to his country’s fight against Russia is also possible.

In a congratulatory phone call from Zelensky to Trump on Saturday, Ukrainian officials said the two leaders talked about Russia’s latest strikes targeting Ukraine’s energy infrastructure, as well as the possibility of Kyiv obtaining U.S. made Tomahawk missiles. In a post on X, Zelensky said “If a war can be stopped in one region, then surely other wars can be stopped as well - including the Russian war”.

The missile request is the latest in a long-running series of high-profile requests by Ukrainian officials for more powerful and sophisticated western support.

President Trump says he has “sort of made a decision” about giving Tomahawks to NATO for supply to Ukraine, but says he wants to know Ukrainian plans for them before sending them.

Moscow is pushing back against the possibility of providing U.S. Tomahawks to Ukraine, which could provide the capability for even deeper strikes inside Russia, something that wouldn’t play well for the Russian President at home.

President Vladimir Putin said recently that sending Tomahawks to Ukraine would significantly damage U.S.-Russia relations, and that the weapons would "mean a completely new, qualitatively new stage of escalation, including in relations between Russia and the United States".

Ukraine has already shown impressive tenacity in striking targets on Russian soil. Kyiv’s domestic drone campaign against Russian oil and gas facilities, aimed at cutting Russia’s energy export revenues that fund its war machine, has been remarkably successful. Moscow has publicly acknowledged that it is facing domestic fuel shortages, but has not publicly attributed the Ukrainian strikes as the cause. In June, Ukraine smuggled over 100 drones into Russia and launched Operation Spider Web, a drone attack that resulted in the loss of a third of Moscow’s fleet of strategic bomber aircraft.

And, Ukraine has already successfully employed advanced western supplied missiles like the US-made Army Tactical Missile System (ATACMS) and the European-made Storm Shadow. The ATACM has a range of around 300 KM, while the Storm Shadow has a range of 250KM. Kyiv is also producing and testing its own long-range missile, the FP-5 Flamingo that has a stated range of 3000KM. Recent media reports indicate that Kyiv may have started using the Flamingo in an operational capacity, but details on the operations remain scarce.

^{An infographic titled "Range of ATACMS missiles" created in Ankara, Turkiye on November 19, 2024. (Photo by Murat Usubali/Anadolu via Getty Images)}

The Tomahawk would be a significant improvement in long-range strike capability for Ukraine’s military. The missiles, capable of being launched from ships, submarines and ground launchers, have a range of 1,500-2,000KM, and are capable of hitting targets accurately even in heavily defended airspace. The Tomahawk would give Ukraine the ability to hit most of European Russia, west of the Ural Mountains. That puts key political and military hubs like Moscow and St. Petersburg in range, as well as significant military assets and energy infrastructure.

_{A Tomahawk cruise missile flies toward Iraq after being launched from the AEGIS guided missile cruiser USS San Jacinto March 25, 2003 in the Red Sea. (Photo by Mark Wilson/Getty Images)}

THE CONTEXT

President Trump says he “sort” of has made a decision on supplying Ukraine with Tomahawks
Foreign Minister of Estonia told Trump that Tomahawks could help Ukraine “push Russia back”
The Tomahawk missile is made by Raytheon and has a range of 1,500-2,000kms (around 930-1,550 miles)
It is approximately 750 Kilometers from Kyiv to Moscow

Tomahawks are primarily launched from maritime platforms and are currently deployed on all U.S. ships and submarines equipped with vertical launch systems (VLSs).

Ground-launched Tomahawks are launched from the Typhon, a new vertical launch system developed by Lockheed Martin to enable the U.S. military to launch Tomahawks from the ground. This system would likely be required by Ukraine.

Since the 1990s, the U.S. Navy has purchased about 9,000 Tomahawk units at an average price of $1.3 million each. It is unclear where the U.S. stockpile stands currently. U.S. allies armed with Tomahawks include the Netherlands, Australia, the UK, and Japan.

The Trump administration in late August approved the sale of 3,350 Extended Range Attack Munition (ERAM) missiles to Ukraine. They have a range of 250 miles. The purchase is being funded by Denmark, the Netherlands, Norway and U.S. Foreign Military Financing.

Experts and analysts are watching closely for developments coming out of Washington this week. Some notable questions remain regarding the potential use of Tomahawks by Ukraine such as:
- If approved, will they represent a significant increase in capability for Ukraine?
- What quantities and how quickly would Tomahawks be supplied to Ukraine?
- How is Russian President Vladimir Putin likely to respond?

We spoke with two Cipher Brief Experts to get their take on these questions:

Rear Adm. (Ret.) Mark Montgomery

Rear Adm. (Ret.) Mark Montgomery is a senior director at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies. He directs CSC 2.0, which works to implement the recommendations of the Cyberspace Solarium Commission. Montgomery is a principal member of the Cyber Initiatives Group.

Glenn Corn

Glenn Corn is a former Senior Executive in the Central Intelligence Agency (CIA) who worked for 34 years in the U.S. Intelligence, Defense, and Foreign Affairs communities. He spent over 17 years serving overseas and served as the U.S. President’s Senior Representative on Intelligence and Security issues. He is an Adjunct Professor at the Institute of World Politics.

The Cipher Brief: Is sending Tomahawk missiles going to enable Ukraine to do a lot more than it's already capable of doing now? Would it make a difference?

Rear Admiral (Ret) Montgomery: I'm going to caveat this. I'm not opposed to Tomahawks. But I think it's “Tomahawks and.” And then how many Tomahawks? Ten Tomahawks won't make a difference. 100 Tomahawks won't make a difference. But 400 or 500 would. Is the U.S. willing to part with 400 or 500? Can Europe take a deep breath and pay for 400 or 500? And what are the Tomahawks going to look like? Are we going to strip them of certain capabilities and capacity? Then it becomes a slow land attack cruise missile. So I'm not sure.

Tomahawks would be helpful. What I'm sure would be much more, I think, operationally game-changing is the provision of the ERAM (Extended Range Attack Munition). And I'm thrilled with what the U.S. Air Force and the U.S. Department of Defense writ large have done with the ERAM, which is effectively a small cruise missile with extended ranges well beyond ATACMS, but less than the Tomahawk. There's multiple variants of it. And when it begins to deliver, it'll be 10 here, 20 there, but eventually it should get up to about 100 a month for 20 months. And you can fire it from MiG-29s or Sukaloys or F-16s. This weapon is going to stretch the battlefield for the Russians and will force logistics and command and control and troop aggregation sites farther and farther from the front line.

And I don't think the Russians have demonstrated the ability to properly control and support forces at long range and distances. So, if the Russians are stretched out like that, combined with the operational and strategic pressure from the long range unmanned Ukrainian UASs strikes, and maybe the addition of Tomahawks, particularly to target the refineries, I think all of this can really cause Putin to readjust his thinking.

So from my perspective, things could get better. It's not “Tomahawks alone” or “Tomahawks or.” It's “Tomahawks and”, and the “and” is the big thing. And that “and” to me is the ERAM.

Corn: I think that what Ukrainians are doing is great. The Tomahawks would just increase their ability and increase, I'd say, the volume of the attacks and deep strikes that they could conduct inside of Russia.

And of course there's a symbolic and kind of political message here too. If the United States agrees to provide these weapons systems, it just shows that we're not backing down and we're not going to be intimidated by Moscow, which I'm sure the Ukrainians want to see because that's a sign of political support. That's important for them.

The Cipher Brief: Moscow is obviously rattling the sabers over the potential US Tomahawk decision. How do you assess Russia's escalation threats to the U.S.?

Corn: I find it ironic when the Russians say they're going to retaliate. They're already launching attacks. They're already targeting Ukraine and now also NATO countries, and I would say even U.S. interests. They've been doing it for years. So my own belief is it's a lot of saber rattling. It's a full court press right now in Moscow to try and deter Washington and Brussels from taking certain steps that will be extremely painful and costly for Moscow.

I'm sure that [talk of Tomahawks] increases Moscow’s level of concern. They definitely do not want the Ukrainians to have these weapon systems, and they're making all kinds of threats. They're looking for potential sore points with the U.S., for example, suggesting they will deploy new weapons systems to Nicaragua or Cuba. They're going back to the Cold War playbook that led to the Cuba missile crisis.

So I’m not surprised. Experience has shown that the Russians make a lot of threats, but those threats tend to be empty. Let's go back to all the threats they made over the F-16s, over the ATACMS, over Finland and Sweden joining NATO. I don't think that they followed through on a lot of those threats, not in the near term, not on an immediate basis or not in an obvious way. They may, of course, respond in the future, but so far they have not followed through on threats to use nuclear weapons, which they’ve previously implied as a potential scenario. So, they haven't followed through on previous threats. It doesn't mean they won’t do it in the future, but my assessment is they will not. .

Rear Admiral (Ret) Montgomery: Russia and China practice a similar provocation principle. We democracies bend and capitulate to the fear that an authoritarian regime might do something because they announce that they've got a red line or they've got an issue. And they provoke us. They tell us that the provocation will cause them to overreact and therefore we should stand down. At no point ever do they have the same sense of decorum or restraint, right? But apparently we're supposed to practice that restraint. Enough of that. We need to do what we think is right. If it's Tomahawks, fine. If it's Tomahawks and ERAM, which is what I think it is, great. If it was E-RAM alone, I think it’d be great.

What I say is, I would not back off. One reason I support sending Tomahawks now is because the Russians oppose them so much and I feel compelled to support the decision, if it's made, to send them. But the Russians are going to learn that they were complaining about the wrong thing. And by the time they learn that lesson, I think they're going to be in a lot of pain.

In Summary:

The coming decision on Tomahawk cruise missiles is a true inflection point for both Ukraine and the U.S.: it could materially expand Kyiv’s ability to conduct deep-strike operations, but only if supplied in sufficient quantities and paired with the right launch and logistical support. US and Western leaders must weigh that operational upside against difficult questions - platform and delivery constraints, the need for complementary systems like ERAM, funding and NATO cooperation, and the very real risk of Moscow escalating its response. Whatever Washington decides will test U.S. resolve, reshape NATO burden-sharing conversations, and have consequences that reverberate across the battlefield in Ukraine and Russia.

Follow The Cipher Brief for more timely analysis and updates as this critical story develops.

Ethan Masucol, Ian Coleman and Connor Cowman contributed research for this report

The Future of U.S. Intelligence: Leaner, Smarter, and Tech-Focused

EXPERT OPINION — It is time to reimagine the US intelligence community (IC). The 1947 National Security Act established the CIA which arguably had the biggest impact on the modern age of U.S. intelligence. Subsequent changes to the National Security Act and the Intelligence Community (IC) were mere tweaks in comparison:

In 2003, the Department of Defense established the Under Secretary for Intelligence (amended in 2020 to the Under Secretary for Intelligence and Security); the office acts as a chapeau for Defense Intelligence. Its role in oversight of the Military Intelligence Program arguably could give it influence over the defense intelligence agencies and services, if the office leaned into its leadership role.
In 2004, Congress amended the 1947 National Security Act and created the Director of National Intelligence (DNI), taking the role of manager for community intelligence from the Director of the CIA. This move did not reengineer how the IC is organized.

For nearly eighty years, we have been tinkering and adding to the IC but we have not fundamentally redrawn or refocused it. Now is the time to do that. Three critical junctures make it imperative that we rethink how the IC is organized and functions. Important technological advancements need to be the heart beat of how the IC does its work. Global conditions are emphasizing the need for gray zone work/cognitive warfare which currently is a side hustle of the IC and needs to become a focus. Finally, the IC has become too unwieldy and dispersed to have the impact it should.

Congress is proposing changes to the DNI, legislating procurement, and legislating definitions of covert warfare versus irregular warfare, but that remains piecemeal and not far reaching enough. As a whole, the IC has been directed to downsize. This is sorely needed as the overlap and bloated bureaucracies help to develop the go it alone mindset. A leaner IC will force integration.

Now is the time to go back to the drawing board and reimagine what our intelligence community should look like:

Technology forward.
More emphasis on publicly available information.
More integrated and driven by USG foreign policy strategies that have clear goals.
Closer ties between the Department of Defense and the rest of the intelligence community.
Focus on irregular warfare, cognitive warfare, and gray zone activities.

A Technology-Driven IC

The heart of the new IC should be embodied in two new organizations that are retooled from existing structures: one that is an Open Source Center that curates all Open-source data; and one that is a technology hub that oversees and develops technology for the entire IC—a one stop shop.

The Open Source Center would be the heart of analysis for the new IC. It would be loosely modeled after the old Foreign Broadcasting Information Service (FBIS) that procured important open source articles and books and provided translations for the entire government during the Cold War era. Individuals working in this new agency would range from those without clearance to those with high clearance levels but the data would be all unclassified—until merged into a comprehensive story board. The data and tools would be accessible to the entire IC. The center would include the latest AI technology to help highlight anomalies. It would include data analysts from government, tech companies, and companies that are already working commercial data open source analysis.

The Open Source Center currently housed at the CIA and DIA’s Open Source organization would be the nucleus of the personnel for this work. Analysts and technology specialists would work together to gather the latest trends to feed the rest of the government. The center would work with partners and allies to bring in their data and share patterns. Eventually, the patterns and anomalies procured in this center would be merged with U.S. exquisite intelligence, but more routinely, this publicly available or procured unclassified data would be used to provide warning at the strategic, operational, and tactical levels across government agencies, to partners, and when appropriate, to the American people. This data would feed the U.S. IC and military watch centers across the world as a first notice of concerning anomalies.

In order to speed up technology procurement and ensure that leading-edge technology is being used by the IC, we need an IC technology center or hub. Much like the parts and pieces of IARPA, DARPA, and IN-Q-TEL that compete, this unit should bring in all the technology experiments and investments so that the successes can be shared across the IC more quickly. This would allow government and industry to focus on the IC’s technology priorities, make pricing of new technologies more competitive, and cut down on boutique answers to requirements that cannot be scaled IC wide. It would also speed up technology acquisition by bringing in some of the authorities for quick procurement that the above agencies have. This Center would support both Defense and civilian intelligence organizations and be manned by personnel from across the entire IC.

DNI for All

Turn the DNI into the organization that it was made to be—the leader focused on oversight, guidance, and integration of the entire IC. This does not need to happen with a lot of bureaucracy. The right leaders and experts can do this work.

The DNI has never been given the powers that it needs to fulfill its mandate. To do this, the DNI must have say over the entire National Intelligence Program budgeting. Currently, the DNI’s oversight is watered down by having little budget decision making authority. If they do not like the direction that the DNI is providing, the other intelligence agency Directors go directly to Congress who will earmark specific funds and the DNI, who answers directly to the President, is thwarted. This needs to change.

Defense intelligence makes up the largest part of the intelligence community with each service having its own intelligence unit, each COCOM having its own, and the collection support agencies technically being under the Secretary of Defense. To oversee this enterprise, the Office of the Secretary of Defense created the Undersecretary for Intelligence and Security (OUSDI&S) in 2003. This office continues to struggle to find its footing in the IC. As stated previously, it has some power that the DNI does not in that it has sway over the Military Intelligence Program (MIP) budget. However, the CSA Directors have their own avenues of communication to the Secretary of Defense, the DNI, and Congress. To fix this issue, the I&S Under Secretary simultaneously should act as the DNI Deputy. The Director for Military Affairs at the DNI should be the Department’s and I&S’ in-house consultant on a day-to-day basis and act as conduit between DNI and OUSDI&S. This arrangement would streamline the multiple meetings that CSA Directors are invited to attend separately with I&S and DNI—they could be held at the same time. It would also make it clear that OUSD I&S brings the rest of the defense intelligence agencies to the table and sets joint IC priorities.

A key issue in the IC is that there is no comprehensive strategy for countering our adversaries. While the NSC sometimes tries to play the role of the strategy developer, most NSC Directors do not thoroughly understand the capabilities of each of the intelligence agencies and IC agencies are not compelled to follow the direction of such strategies, especially when the NSC provides competing priorities. Either the IC is left out or there are multiple IC entities who compete with each other to try to develop the strategy. It makes most sense to have the DNI embrace its integration role and represent the entire IC to the NSC to develop the IC portion of strategic competition strategies. The DNI, with its National Intelligence Managers, would lead IC strategic competition teams so that these teams could be prioritized by resources and personnel.

By retasking and focusing the DNI workforce, the above work can be accomplished without growing the workforce and with more streamlined personnel numbers. The IC also needs to entice the best and brightest to work at the DNI. The IC needs those individuals who truly are experts both in their functional area and as intelligence professionals. Agency directors must recognize the importance of interagency work and reward that work. Over time, the real IC experts and leaders no longer go to DNI on rotation because they have seen their home agencies shut them out upon return.

All Source Agencies Should Double Down on Core Competencies

CIA and DIA have spread into each other’s lanes so that there is now a duplication of analysis and, in some cases, collection. CIA should focus on nonmilitary issues such as political stability and economics, and DIA should focus its workforce on military and military technology issues. Of course, there will be a gray area but that should be worked out between the Directors of the two agencies. Some would say that we should have only one all-source analytical organization. The issue with that is that the needs of the Department of Defense for niche military analysis would overwhelm the economic, medical, and political stability issues that CIA focuses on. Both need to be done and both have their customers.

During my time as a young analyst at CIA, my focus was on political stability and when I had to brief or write on a specific military issue that required anything more than basic knowledge, I would call my DIA counterpart to provide his/her expertise. That individual would be able to discuss all aspects of a weapon system, military personalities, and readiness, etc. When DIA analysts were asked to discuss stability issues, they would bring me with them and together we could paint a holistic story.

Single Source Agencies

The National Geospatial Agency and the National Security Agency are both U.S. treasures. We need to keep them focused on their core competencies by feeding them commercially available data—do not make them go out and develop analytics, buy data sets, etc. We also need to keep them focused on their genre. They should not be doing all source analytics.

Emphasizing Irregular and Cognitive Warfare

Irregular warfare must be a focus of U.S. national security policy going forward. This concept needs to include cognitive warfare as a regular tool for national security leaders. Instead of the steel-eyed focus on dominating an opponent’s military, with the covert and clandestine arts as a small subset of our national security, we must focus on positively influencing governments and populations as much as we focus on overcoming an adversary’s weapon system. We must excel at denial and deception and information operations that give our adversaries pause during peacetime and make them think hard about any offensive engagement with the U.S.

We also must use all the gray zone tactics to be prepared in case the worst happens and we are in a kinetic fight. This gets accomplished through the use of irregular warfare and well thought out strategic campaigns. This requires a "whole-of-government" approach. No single government entity can win an irregular war on its own. With a DNI that is truly leading the IC and partnering with the Department of Defense, the DNI’s, National Intelligence Managers would work with COCOMs to help develop these irregular warfare or competition strategies and bring in intelligence units from all the agencies to include state, treasury, energy, military services, etc.

To further support a whole of government effort in this area, we need to develop an OSS-like agency that has oversight of CIA HUMINT and covert capabilities with DoD HUMINT and clandestine capabilities. This small but mighty organization would focus on deconfliction and training. It would respond to gaps and requirements using the best athletes from the appropriate agency or department. The current office of Community HUMINT could be the nucleus for this new entity but it must move from CIA to DNI so that DNI can play its leadership/integrator role.

Defense Intelligence

DIA began as an all-source agency to support the warfighter. It has developed into a large bureaucracy. DIA headquarters needs to be refocused and slimmed down to a staff that provides support to the Pentagon (OSD and Joint Staff) and to the COCOMs. Headquarters should only provide those supporting functions such as training, resources, personnel, infrastructure, and data. They should also deconflict and integrate the work of the individuals in the field and at the COCOMs. COCOMs, OSD, and Joint Staff should be plussed up with analysts and collectors currently at DIA headquarters. They would work on the issues that the operators and military decisionmakers need to be worked on.

Conclusion

This new IC would have a clear leader and be refocused on technology, publicly available information, and developing strategies for gray zone competition. The other proposed changes clean up ongoing issues that add to some dysfunction and distraction in the IC. This focus on technology and publicly available information leaves the most sensitive activities that any global power must perform to a smaller, more focused group of individuals who would be experts in the field of covert and clandestine activities. The plan also stops some of the redundancies across the three important areas of analysis, technology, and sensitive activities. It clarifies leadership roles and allows enough overlap to encourage some internal IC competition while providing for better oversight.

Who’s Reading this? More than 500K of the most influential national security experts in the world. Need full access to what the Experts are reading?

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Forget Guerrillas and IEDs - The Next Asymmetric War Will Be Engineered

OPINION — For most of modern history, asymmetric conflict conjured a familiar image: guerrillas in the hills, insurgents planting roadside bombs, or terrorists striking with crude weapons. The weak have traditionally offset the strong with mobility, surprise, and a willingness to take punishment.

That world is vanishing. A new age of synthetic asymmetry is emerging, one defined not by geography or ingenuity but by the convergence of technologies that enable small actors to wreak large-scale disruption. Unlike past asymmetry, which grew organically out of circumstance, this new form is engineered. It is synthetic, built from code, data, algorithms, satellites, and biotech labs. Here, “synthetic” carries a double meaning: it is both man-made and the product of synthesis, where disparate technologies combine to produce effects greater than the sum of their parts.

The implications for global security are profound. Power isn’t just about the size of an army or the depth of a treasury. It’s increasingly about who can combine technologies faster and more effectively.

A Brief History of Asymmetry

The weak finding ways to resist the strong is as old as conflict itself, but each era has defined asymmetry differently – shaped by the tools available and the political conditions of the time.

Nineteenth and 20th century resistance fighters, from Spain’s guerrilleros against Napoleon to Mao’s partisans in China, pioneered strategies that leveraged terrain, mobility, and popular support to frustrate superior armies. These methods set the template for Vietnam, where North Vietnamese and Viet Cong forces offset American firepower by blending into the population and stretching the war into a contest of political will.

The late 20th century brought new asymmetric forms. In Afghanistan, the mujahideen used Stinger missiles to neutralize Soviet air power. In Iraq, improvised explosive devices (IEDs) became the great equalizer, allowing insurgents to impose costs on heavily armored U.S. forces. Al-Qaeda and later ISIS demonstrated how transnational terrorist networks could project power globally with minimal resources, using ideology and spectacular violence to substitute for armies.

By the early 2000s, the cyber domain opened an entirely new front. The 2007 attacks on Estonia, widely attributed to Russian actors, showed that digital disruption could cripple a modern state without conventional force. Just three years later, the Stuxnet worm revealed how code could achieve effects once reserved for kinetic strikes, sabotaging Iranian nuclear centrifuges. These incidents marked the beginning of cyber as a core tool of asymmetric power.

The Arab Spring of 2011 revealed another evolution. Social media allowed activists to outmaneuver state censorship, coordinate mass mobilizations, and project their struggles globally. Authoritarian regimes learned just as quickly, harnessing the same tools for surveillance, propaganda, and repression. Asymmetric power was no longer only about insurgents with rifles; it could be exercised through smartphones and hashtags.

What began as the playbook of the weak has now been eagerly adapted by the strong. Russia weaponized social media to influence elections and deployed “little green men” in Crimea, deniable forces designed to blur the line between war and peace. Its use of mercenary groups like Wagner added a layer of plausible deniability, allowing Moscow to project power in Africa and the Middle East without formal commitments. China has fused state and private industry to pursue “civil-military fusion” in cyberspace, using intellectual property theft and digital influence campaigns to achieve strategic goals without firing a shot. Even the United States, though historically the target of asymmetric tactics, has employed them, using cyber operations like Stuxnet and financial sanctions as tools of coercion.

This adaptation by great powers underscores the shift: asymmetry is no longer just the recourse of the weak. It has become a strategic option for all actors, strong and weak alike. These episodes trace an arc: from guerrilla tactics shaped by terrain to a world where asymmetry is engineered by design.

Convergence as a Weapon

Synthetic asymmetry is not the product of a single breakthrough. It’s a result of technologies intertwining, with emergent results exceeding the sum of the parts.

● Artificial intelligence and autonomy turn cheap drones into swarming strike platforms and enable generative AI-fueled propaganda that is instantly localized, highly scalable, and adapts in real time.

● Biotechnology, leveraged by the democratization of tools like CRISPR and gene synthesis, opens doors to agricultural sabotage, engineered pathogens, or personalized biotargeting once confined to elite labs.

● Cyber and quantum computing erode modern infrastructure–today through leaked state tools in criminal hands, tomorrow through quantum’s threat to encryption.

● Commercial space assets put reconnaissance and global communications in reach of militias and small states.

● Cryptocurrencies and decentralized finance fund rogue actors and blunt the power of sanctions.

● Undersea infrastructure opens a highly asymmetric chokepoint, where low-cost submersibles or sabotage can sever global fiber-optic cables and energy pipelines, inflicting massive economic damage.

This is less about any one killer app than about convergence itself becoming a weapon.

Asymmetric warfare has always been about imbalance, but the shift to synthetic asymmetry is an exponential leap. A single phishing email can cripple a city’s infrastructure. Off-the-shelf drones can threaten billion-dollar ships. AI-powered disinformation efforts can destabilize national elections. This new ratio of effort to impact is more disproportionate than anything we’ve seen before.

Where Synthetic Asymmetry Is Already Here

Ukraine's defense shows what convergence looks like in practice. Commercial drones retrofitted for combat, AI-assisted targeting, crypto-based crowdfunding, and open-source satellite intelligence have allowed a middle-sized country to hold its own against one of the world’s largest militaries. The drone is to the 21st century what the AK-47 was to the 20th: cheap, accessible, and transformative.

In Gaza, reports suggest AI-driven targeting systems have accelerated lethal decision-making. Proponents say they improved efficiency; critics warn they lowered thresholds for force and reduced accountability. Either way, the software changed the calculus of war. When algorithms operate at machine speed, traditional political checks on violence weaken.

Iran has demonstrated how low-cost drone technology can harass U.S. naval forces and regional shipping. These platforms cost a fraction of the vessels and missile defenses required to counter them. Combined with cyber probes against Gulf energy infrastructure, Iran illustrates how synthetic asymmetry allows a mid-tier state to impose global strategic costs.

China’s campaigns against Taiwan go beyond military intimidation. They include AI-generated disinformation, synthetic social media accounts, and coordinated influence operations designed to erode trust in democratic institutions. This is synthetic asymmetry in the cognitive domain, an attempt to shift political outcomes before shots are ever fired.

In parts of Africa, mercenary groups operate with funding streams routed through cryptocurrency wallets, supported by commercial satellite communications. These mercenaries operate in gray zones, blurring the line between private enterprise and state proxy. Accountability vanishes in a haze of digital anonymity. Ransomware gangs, meanwhile, already display near-peer disruptive power. They freeze hospitals and pipelines, extract ransoms, and launder funds through crypto markets. Add generative AI for phishing and deepfake voices for fraud, and these groups begin to resemble stateless proto-powers in the digital realm.

The Private Sector as a Geopolitical Actor

Synthetic asymmetry also elevates the role of private companies. Commercial satellite firms provided Ukraine with near-real-time battlefield imagery. SpaceX’s Starlink network became essential to Kyiv’s communications, until its corporate leadership balked at enabling certain military uses. Crypto exchanges, meanwhile, have been both conduits for sanctions evasion and partners in enforcement.

These examples reveal a new reality: private entities now hold levers of power once reserved for states. But their interests are not always aligned with national strategies. A tech CEO may prioritize shareholder value or brand reputation over geopolitical objectives. This creates a new layer of vulnerability—governments dependent on private infrastructure must negotiate, persuade, or regulate their own corporate champions to ensure strategic alignment. The private sector is becoming a semi-independent actor in world politics.

The Cognitive and Economic Fronts

Perhaps the most destabilizing form of synthetic asymmetry lies in the cognitive domain. Deepfakes that impersonate leaders, AI-generated news outlets, and precision microtargeting of narratives can shape perceptions at scale. The cost of attack is negligible; the cost of defense is nothing less than the integrity of public discourse. For democracies, the danger is acute because open debate is their lifeblood.

Synthetic asymmetry also reshapes geopolitics through finance. North Korea has bankrolled its weapons programs through crypto theft. Russian oligarchs have sheltered assets in opaque digital networks. Decentralized finance platforms move billions across borders beyond the reach of traditional oversight. This financial shadow world undermines sanctions, once a cornerstone of Western statecraft, and allows actors to sustain pressure that would once have been crippling.

Why Democracies are Both Vulnerable and Strong

Herein lies the paradox: democracies are more exposed to synthetic asymmetry precisely because of their openness. Their media, economies, and political systems are target-rich. Legal and ethical constraints also slow the adoption of equivalent offensive tools.

Yet democracies hold underappreciated strengths: decentralized command cultures that empower rapid adaptation, innovation ecosystems that thrive on openness and collaboration, and alliances that allow for collective defense. The task is to recognize culture itself as a strategic asset and to organize defense not around any single domain, but across all of them.

Ethical and Legal Frameworks in Flux

The rise of synthetic asymmetry is colliding with international law and norms written for an earlier era. The legal status of cyber operations remains contested: is a crippling ransomware attack on a hospital an act of war, or a crime? The Tallinn Manual, NATO’s best attempt at clarifying how international law applies in cyberspace, remains largely aspirational.

AI-driven weapons systems pose even sharper dilemmas. Who is accountable when an algorithm selects a target in error? Should lethal decision-making be delegated to machines at all? The pace of technological change is outstripping the slow processes of treaty-making, leaving a widening gap between capability and governance, a gap where much of the risk resides.

Beyond Cold War Deterrence

Traditional deterrence, threatening massive retaliation, works poorly in a world of synthetic asymmetry. Many attackers are diffuse, deniable, or stateless. They thrive in gray zones where attribution is murky and escalation is uncertain.

What’s required is not just more technology, but a new doctrine for resilience: one that integrates cyber, cognitive, biological, economic, and space defenses as a single system. That doctrine has not yet been written, but its absence is already being exploited. At ISRS, we see this convergence daily, working with governments and institutions to adapt strategies for engineered asymmetric disruption.

We are at a hinge moment in strategic affairs. Just as the machine gun upended 19th-century doctrine and nuclear weapons reordered 20th-century geopolitics, the convergence of today’s technologies is reshaping the distribution of power. The future won’t be decided by who fields the biggest army. It will be decided by who can synthesize technologies into a disruptive force faster. That is the coming age of synthetic asymmetry. The question is whether democracies will recognize it and prepare before it fully arrives.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

A Deniable Attack with Strategic Precision: Why the Red Hat Breach Looks More Like Statecraft Than Mere Crime

EXPERT PERSPECTIVE — The timing was no coincidence.

As the U.S. federal government ground to a halt at 12:01 a.m. EDT on October 1, 2025, a cybercriminal group calling itself the Crimson Collective chose that precise moment to publicly disclose one of the most significant supply chain compromises in recent memory. The breach of Red Hat's consulting division, affecting approximately 800 organizations, including critical defense contractors and government agencies, represents more than just another data breach; it demonstrates a sophisticated understanding of how to weaponize American politics for maximum strategic impact.

The stolen data from Red Hat’s repositories reads like a VIP list, including the Naval Surface Warfare Centers, SOCOM, DISA, Raytheon, NASA’s Jet Propulsion Laboratory, and even the House of Representatives. But what’s most concerning isn’t just who was targeted; it’s the precision of when the breach occurred.

With large portions of the federal workforce furloughed and key cybersecurity teams across the government operating with sharply reduced staffing, America’s cyber defense apparatus is running at a fraction of its normal capacity. The normal channels for incident response, DIBNet reporting, cross-agency coordination, and threat intelligence fusion have been significantly slowed.

According to the attackers, the breach itself occurred in mid-September. Yet they waited. They established their Telegram channel on September 24th, tested their capabilities with attacks on Nintendo and Claro Colombia, then synchronized their disclosure with the exact moment of maximum U.S. Government incapacity.

Customer Engagement Reports (CERs) are the crown jewels of consulting, providing detailed blueprints that contain network architectures, authentication tokens, API keys, and infrastructure configurations. Red Hat's consultants held the keys to the kingdom for hundreds of organizations. Now those keys are for sale, with an October 10 deadline that arrives while the government may remain partially paralyzed.

The Belgian Centre for Cybersecurity has already issued warnings about the "high risk" to organizations, but the real concern extends far beyond Belgium. The exposed data includes projects with cryptic references that represent not only a compromised project but also a potential entry point into critical defense systems.

What makes this particularly concerning is the nature of consulting engagements. Unlike product vulnerabilities that can be universally patched, consulting deliverables are custom configurations with unique implementations and specific architectural decisions. There's no single patch to fix this. Each affected organization must carry out its own forensic investigation and reestablish the integrity of its security architecture.

The involvement of ShinyHunters, operating their extortion-as-a-service platform, adds another dimension, making this a confederation of cybercriminal groups that share infrastructure, capabilities, and stolen data. The business model is evolving from ransomware-as-a-service to something more insidious: ecosystem exploitation-as-a-service.

ShinyHunters is simultaneously extorting companies and now joining forces with Crimson Collective to monetize the Red Hat breach. They're not attacking individual companies. They're targeting entire supply chains, betting that the interconnected nature of modern IT infrastructure expands their leverage.

For adversarial nation-states watching from Beijing, Moscow, Tehran, and Pyongyang, this incident provides a masterclass in asymmetric warfare. The shutdown didn't cause the breach, but it created the perfect conditions for maximum impact.

The timing also suggests potential nation-state involvement or direction, even if it is indirect through cutouts. The targets selected, from defense contractors, government agencies, and critical infrastructure, align too perfectly with strategic intelligence collection priorities. Whether Crimson Collective is a pure criminal enterprise or a deniable asset, the effect is the same: America's defense industrial base is exposed at a moment of maximum vulnerability.

The Red Hat breach isn’t a new kind of threat; it’s a familiar playbook executed through new modalities. Our adversaries have long understood how to exploit U.S. vulnerabilities. What’s changed is their precision and timing. They’ve learned to weaponize not only our technical gaps but also our political divisions, striking not when they’re strongest, but when we’re distracted, and increasingly, we’re signaling exactly when that will be.

The October 10 deadline isn't just about ransom payments. It’s about whether America can safeguard its critical infrastructure when government operations themselves are constrained. The answer to that question will extend well beyond Red Hat’s customer base, sending signals to allies and competitors alike about the resilience of America’s digital ecosystem.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and an

National Cyber Defenses at Risk as Key Programs Expire Amid Government Shutdown

OPINION — Ransomware attacks conducted by criminals are persistently hitting airports, schools, and 911 dispatch centers, while foreign adversaries probe our critical infrastructure every day. Yet, two programs designed to build national cyber readiness to combat these threats — one that underpins public-private threat sharing, the other that builds local cyber defenses — have now expired. Congress’s inaction amid the government shutdown has left a widening gap in America’s cyber defenses.

Nearly a decade ago, Congress passed the Cybersecurity Information Sharing Act of 2015 (CISA 2015) to encourage private companies and government agencies to voluntarily share cyber threat indicators, which officially expired on September 30. It was a bipartisan response to rising state-sponsored hacking campaigns, and it provided a legal framework — and protections — that still govern how threat data flows across public and private networks today.

This legal framework supports everything from classified alerts and incident reports to real-time information exchange across sectors like energy, transportation, and healthcare. Without it, experts warn that information sharing between companies and the federal government could drop by as much as 80 percent, severely degrading national cyber situational awareness.

Before the shutdown, steps toward a full reauthorization were underway, with bipartisan support in both chambers – but the process has now stalled entirely. One proposal, however, threatened to undermine the goals of the law. Senate Homeland Security Committee Chair Rand Paul’s (R-KY) version of CISA 2015 renewal would gut key legal protections — including liability and FOIA safeguards — and inject surveillance-related restrictions that have no place in cybersecurity law. His version would kill the trusted framework that enables timely, voluntary sharing of threat intelligence data, not improve it.

A more responsible path is already on the table. In early September, the House Homeland Security Committee Chair, Representative Andrew Garbarino (R-NY), introduced the Widespread Information Management for the Welfare of Infrastructure and Government Act, which would reauthorize CISA 2015 for ten years. It also includes a new outreach mandate to ensure that small and rural critical infrastructure owners and operators understand how to participate in information sharing efforts.

Meanwhile, the second program that expired is the State and Local Cybersecurity Grant Program (SLCGP) created through the 2021 bipartisan infrastructure law. Unlike CISA 2015, which supports federal-private coordination, this program was designed to build basic cyber capacity at the state and local level. It pushed state and local governments to create cybersecurity plans, conduct assessments, and adopt best practices – and provided the funding to put those plans into action. For many jurisdictions, this was their first real investment in cyber defense.

So far, the program has backed over 800 projects across 33 states and territories, totaling $838 million. In Utah, grant-funded tools helped stop a ransomware attack on a major airport and a 911 emergency dispatch center. In Maryland, it funded coordinated efforts across 40 counties. The program is not perfect — uneven cost-sharing requirements and bureaucratic restrictions limit its reach to smaller communities. But the results are clear: state officials say these projects “would not have been possible” without the SLCGP funding. This focus on state and local leadership on cybersecurity readiness is exactly what President Trump called for in his May 2025 Executive Order.

With the SLCGP expired as of August 31, that momentum is now in jeopardy. Without new funding, states and municipalities — especially those without dedicated cybersecurity teams — will be forced to pause cybersecurity initiatives. The result is not just slower progress, but a direct weakening of our national cyber posture. Alongside Rep. Garbarino’s bill, Representative Andy Ogles (R-TN) introduced the Protecting Information by Local Leaders for Agency Resilience Act, which would reauthorize SLCGP for ten years. But the bill lacks a dedicated funding amount.

A robust reauthorization of the SLCGP must do more than simply extend the program on paper. It must ensure sufficient, stable funding over the next decade, remove restrictions that prevent states from using funds for widely relied-upon cybersecurity services, and lower cost-share requirements for small and rural jurisdictions. The “whole-of-state” model — in which state agencies coordinate shared services for local governments — must be preserved and expanded.

The House had done its part, passing both ten-year reauthorizations with bipartisan support and including temporary extensions in the continuing resolution. But the Senate failed to act, leading to an immediate lapse. Unless both measures are included in the National Defense Authorization Act for a full, long-term extension — progress will stall. Anything less is a failure to defend the American people where the threat is already inside the wire — and would amount to more collateral damage from the shutdown.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Despite the Shutdown, Pentagon Has Billions from the 'One Big Beautiful Bill Act'

OPINION — “The [Defense] Department [DoD] will continue to defend the nation and conduct ongoing military operations. It will continue activities funded with any available budgetary resources that have not lapsed (e.g., funds made available in Pub. L. 119-21), as well as excepted activities such as those necessary for the safety of human life and the protection of property. Significant activities that will continue during a lapse are summarized in this planning guidance document. Activities that are determined not to be excepted, and which cannot be performed by utilizing military personnel in place of furloughed civilian personnel, will be suspended when appropriated funds are no longer available. The Secretary of War may, at any time, determine that additional activities shall be treated as excepted.”

That is a quote from the DoD’s September 2025 Contingency Plan Guidance For Continuation Of Operations In The Absence Of Available Appropriations, issued “For Planning Purposes Only - Do Not Implement Until Direction from the Deputy Secretary of War or his Designee.”

This document, it states, “provides guidance for identifying those missions and functions of the Department of War (DoW) that may continue to be carried out in the absence of available appropriations.”

I must point out, because it’s the reason I’m writing this column, that the Public Law referred to above, Pub. L. 119-21, is none other than the so-called One Big Beautiful Bill Act (OBBBA), passed by Congress July 3, and signed by President Trump into law on July 4.

A bit of history: The OBBBA was designed by the Republicans to enact all of Trump’s second-term tax and spending policies in a giant, 1,100-page piece of legislation. The Congressional Budget Office said the measure would result in a decrease in direct spending of $1.1 trillion, but also a decrease in revenues of $4.5 trillion, increasing the U.S. deficit by $3.4 trillion over the 2025-to-2034 period.

To get the OBBBA passed, the Trump White House and Republicans in Congress used the fiscal 2025 budget reconciliation process, which allowed them to avoid the 60-vote Senate filibuster. With universal Democratic opposition, it passed the House by a 218-to-214 vote, and the Senate by a 51-to-50 margin, with Vice President J.D. Vance casting the tiebreaking vote.

As I wrote last June, the OBBBA was “extending Trump’s 2017 tax cuts and reducing Medicaid spending – [and] also contains authorization and appropriation for an additional $150 billion for fiscal 2025 defense spending.”

That additional $150 billion for defense spending, because it was considered part of 2025 appropriations, is available to be spent during the current shutdown and through 2029, according to the terms of the OBBBA.

Credit for anticipating the need to put that $150 billion in the 2025 reconciliation measure, and not in the fiscal 2026 budget request, must be shared by Director of the Office of Management and Budget Russell Vought, White House Deputy Chief of Staff Stephen Miller, and Republican members of the House and Senate Armed Services Committees. Late last April, without much publicity, the Hill Republicans added the $150 billion to the OBBBA reconciliation bill with White House support.

They also added another $170 billion for the Department of Homeland Security and other agencies that I will discuss below.

Back in June, I wrote that the Congress in the reconciliation bill called for the Defense Secretary “to deliver to the House and Senate Armed Services Committees within 60 days of the bill passing Congress” a plan detailing how the added $150 billion appropriated to DoD would be spent. Whether Defense Secretary Pete Hegseth did or not is unclear.

However, DoD’s September 2025 Contingency Plan Guidance said, “As of September 2025, the [Defense] Department considers efforts to the support the following among its highest priorities: Operations to secure the U.S. Southern Border; Middle East operations; Golden Dome for America; Depot Maintenance; Shipbuilding; Critical Munitions.”

No surprise, that section adds, “As in every case, efforts supporting these activities may occur during a lapse when resourced with funds that remain available -- to include those provided in Pub. L. 119-21,” the OBBBA.

It turns out, the OBBBA had a section entitled, “Improving Department of Defense Border Support and Counter-Drug Missions.” That section provided an additional $1 billion for fiscal 2025 to be used “for the deployment of military personnel in support of border operations, operations and maintenance activities in support of border operations, counter-narcotics and counter-transnational criminal organization mission support.”

The need for U.S. southern border money for DoD was obvious. But back in July, who publicly was thinking of using DoD assets for “counter-narcotics and counter-transnational criminal organization mission support?” It was not until late August that the public learned of a U.S. Navy buildup in the southern Caribbean to combat drug trafficking, and the first so-called Venezuelan narco-boat was destroyed September 2.

Yet back in early June, it appears, the Trump administration sought and got Congress to approve fiscal 2025 funds to finance what have become these current Caribbean counter-narcotics military operations in the OBBBA. And the same words, “counter-narcotic and counter-transnational criminal organization” were used to describe the targets in justification letters sent the Congress after narco-boat destructions.

Three other of the “highest priority” elements mentioned in the DoD’s September 2025 Contingency Plan Guidance were also singled out in the OBBBA for allocation of funds from the extra $150 billion added to fiscal 2025 defense spending.

A section entitled “Enhancement of Department of Defense Resources for Shipbuilding” was allocated $29 billion. This included $750 million for additional supplier development across the naval shipbuilding industrial base; $500 million for advanced manufacturing techniques in the shipbuilding industrial base; $500 million for additional dry-dock capability; and $450 million for additional maritime industrial workforce development programs.

Another section for Trump’s Golden Dome missile defense program entitled “Enhancement of Department of Defense Resources for Integrated Air and Missile Defense,” was allocated $25 billion. This included $7.2 billion for the development, procurement, and integration of military space-based sensors; $5.6 billion for development of space-based and boost phase intercept capabilities; $2.55 billion for the development, procurement, and integration of military missile defense capabilities; and $2.2 billion for acceleration of hypersonic defense systems.

A third section of the OBBBA entitled “Enhancement of Department of Defense Resources for Munitions and Defense Supply Chain Resiliency,” also got $25 billion. This included $5 billion for investments in critical minerals supply chains; another $2 billion for additional activities to improve the U.S. stockpile of critical minerals; $1 billion for the creation of next-generation automated munitions production factories; $688 million for the development, production, and integration of long-range multi-service cruise missiles; and $300 million for the production of Army medium-range ballistic missiles.

As I mentioned above, there was another $170 billion for the Department of Homeland Security added to OBBBA and it is money available to be spent during the shutdown.

For example, there was $46.5 billion for elements for the new border infrastructure and border wall system; $45 billion for single adult alien detention capacity and family residential center capacity; and $6.2 billion for procurement and integration of new inspection equipment to combat the entry or exit of illicit narcotics at ports of entry and along the southwest, northern, and maritime borders.

On the personnel side, there was $4.1 billion to hire and train additional Border Patrol agents, Office of Field Operations officers, Air and Marine agents, rehired annuitants, and U.S. Customs and Border Protection field support personnel; and another $2.1 billion to provide recruitment bonuses, performance awards, or annual retention bonuses to eligible Border Patrol agents, Office of Field Operations officers, and Air and Marine agents.

Another OBBBA provision provided $10 billion “to remain available until September 30, 2029, for reimbursement of costs incurred in undertaking activities in support of the Department of Homeland Security’s mission to safeguard the borders of the United States.”

Three other items need no explanation.

In the OBBBA there was $625 million for security and other costs related to the 2026 FIFA [Soccer] World Cup, and $1 billion for security, planning, and other costs related to the 2028 Olympics.

Finally, there was $300 million included for the Federal Emergency Management Agency (FEMA) to reimburse state or local law enforcement personnel “for protection activities directly and demonstrably associated with any [non-governmental] residence of the President.” That would cover, at a minimum, Mar-A-Lago in Florida, Bedminster Golf Club in New Jersey and Trump Tower in New York. According to one news story, Trump during his first four years in office traveled to his properties nearly 550 times.

Under this OBBBA provision, the reimbursement would be available only for costs that a state or local agency incurred or incurs on or after July 1, 2024; demonstrated to the FEMA Administrator as being in excess of typical law enforcement operation costs; and was directly attributable to Presidential protection requested by the U.S. Secret Service.

One has to admit that Trump and key members of his staff clearly did some advance planning when they put together the OBBBA – maybe they even foresaw a government shutdown.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Lawmakers ‘Bullseye and Bait’ in AI-Driven Deepfake Campaigns

OPINION — Elected officials are both the bullseye and the bait for AI-driven influence campaigns launched by foreign adversaries. They are targeted with disinformation meant to sway their opinions and votes, while also serving as the raw material for deepfakes used to deceive others. It’s a problem so widespread that it threatens our faith in democratic institutions.

Even seemingly trivial posts can add to divisions already infecting the nation. Over the summer, a deepfake video depicting Rep. Alexandria Ocasio-Cortez (D-NY) discussing the perceived racist overtones of a jeans commercial went viral. At least one prominent news commentator was duped, sharing misinformation with his audience. While the origin of the fake is unknown, foreign adversaries, namely China, Russia, and Iran, often exploit domestic wedge issues to erode trust in elected officials.

Last year, Sen. Ben Cardin (D-MD) was deceived by a deepfake of Dmytro Kuleba, the former foreign minister of Ukraine, in an attempt to get the senator to reveal sensitive information about Ukrainian weaponry. People briefed on the FBI’s investigation into the incident suggest that the Russian government could be behind the deepfake, and that the Senator was being goaded into making statements that could be used for propaganda purposes.

In another incident, deepfake audio recordings of Secretary of State Marco Rubio deceived at least five government officials and three foreign ministers. The State Department diplomatic cable announcing the deepfake discovery also referenced an additional investigation into a Russia-linked cyber actor who had “posed as a fictitious department official.”

Meanwhile, researchers at Vanderbilt University’s Institute of National Security revealed that a Chinese company, GoLaxy, has used artificial intelligence to build psychological profiles of individuals including 117 members of Congress and 2,000 American thought leaders. Using these profiles, GoLaxy can tailor propaganda and target it with precision.

While the company denies that it — or its backers in the Chinese Communist Party — plan to use its advanced AI toolkit for influence operations against U.S. leaders, it allegedly has already done so in Hong Kong and Taiwan. Researchers say that in both places, GoLaxy profiled opposition voices and thought leaders and targeted them with curated messages on X (formerly Twitter), working to change their perception of events. The company also allegedly attempted to sway Hong Kongers’ views on a draconian 2020 national security law. That GoLaxy is now mapping America’s political leadership should be deeply concerning, but not surprising.

GoLaxy is far from the only actor reportedly using AI to influence public opinion. The same AI-enabled manipulation that now focuses on national leaders will inevitably be turned on mayors, school board members, journalists, CEOs — and eventually, anyone — deepening divisions in an already deeply divided nation.

Limiting the damage will require a coordinated response drawing on federal resources, private-sector innovation, and individual vigilance.

The White House has an AI Action Plan that lays out recommendations for how deepfake detection can be improved. It starts with turning the National Institute of Standards and Technology’s Guardians of Forensic Evidence deepfake evaluation program into formal guidelines. These guidelines would establish trusted standards that courts, media platforms, and consumer apps could use to evaluate deepfakes.

These standards are important because some AI-produced videos may be impossible to detect with the human eye. Instead, forensic tools can reveal deepfake giveaways. While far from perfect, this burgeoning deepfake detection field is adapting to rapidly evolving threats. Analyzing the distribution channels of deepfakes can also help determine their legitimacy, particularly for media outlets that want to investigate the authenticity of a video.

Washington must also coordinate with the tech industry, especially social media platforms, through the proposed AI Information Sharing and Analysis Center framework to build an early warning system to monitor, detect, and inform the public of influence operations exploiting AI-generated content.

The White House should also expand collaboration between the federal Cybersecurity and Infrastructure Security Agency, FBI, and the National Security Agency on deepfake responses. This combined team would work with Congress, agency leaders, and other prominent targets to minimize the spread of unauthorized synthetic content and debunk misleading information.

Lastly, public figures need to create rapid response communication playbooks to address the falsehoods head on and educate the public when deepfakes circulate. The United States can look to democratic allies like Taiwan for inspiration in how to deal with state-sponsored disinformation. The Taiwanese government has adopted the “222 policy” releasing 200 words and two photos within two hours of disinformation detection.

Deepfakes and AI-enabled influence campaigns represent a generational challenge to truth and trust. Combating this problem will be a cat-and-mouse game, with foreign adversaries constantly working to outmaneuver the safeguards meant to stop them. No individual solution will be enough to stop them, but by involving the government, the media, and individuals, it may be possible to limit their damage.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in

The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Rear Adm. (Ret.) Mark Montgomery

Glenn Corn

Back to top