The Cipher Brief

OPINION — The Department of Defense does not always announce structural shifts loudly; often, it buries them in the dense columns of budget lines where only the most attentive analysts can find the seismic activity. The $1.5 trillion FY2027 spending proposal contains exactly such a shift, a profound and subtle transformation that effectively reorders the American approach to conflict. Central to this plan is the Departmental Autonomous Warfighting Group (DAWG), an organization established late last year with a modest budget of $225 million. For the 2027 fiscal year, the Pentagon has requested $54.6 billion for this organization, representing a staggering 24,166% increase in funding; that single line accounts for nearly 15 percent of the total reconciliation and exceeds the gross domestic product of many small nations and is higher than the entire budget request for the US Marine Corps of $52.8 billion.

Internal documents indicate the intent to transform the group into a unified combatant command, a joint entity that would coordinate drone, aircraft, and vessel operations across all warfighting domains. This shift mirrors previous military evolutions, specifically the establishment of Space Command in 2019 and the elevation of Cyber Command in 2017. Historically, Congress has authorized these specialized commands when fragmented service approaches created redundancy or dangerous gaps; the same logic applies here. By consolidating these capabilities, Secretary of War Pete Hegsethwants to streamline the development of autonomous systems, ensuring the service branches do not pursue conflicting tactical goals or incompatible technical standards.

The reflects the hard lessons learned in modern conflicts, particularly the ongoing struggles in Ukraine and Iran. CTO Emil Michael has observed that these wars routinely involve thousands of low cost systems engaging against each other in highly contested environments. To maintain a competitive edge, the Pentagon launched the Replicator program with the ambitious goal to deploy hundreds of thousands of one way attack drones by 2028. However, early efforts faced substantial hurdles regarding hardware reliability and supply chain bottlenecks that delayed delivery targets. These shortcomings led to a fundamental realization within the leadership: hardware is secondary to the AI software that drives it.

The current strategy treats artificial intelligence and physical autonomy as a tandem force, where the software is the primary strategic asset. This perspective has created a unique friction point between the Department of War and the private sector, specifically with Anthropic. While the military requires flexible, decisive models for high stakes environments, Anthropic has maintained strict red lines regarding the use of its Claude model. This impasse prompted the Department of War to designate certain domestic AI firms as supply chain risks, a move that highlights the growing chasm between Silicon Valley and national security. If a model is too restricted to perform in a combat environment, it becomes a liability rather than an asset.

The policy landscape remains contentious as Congress prepares the next National Defense Authorization Act. While the technological advantages are evident, the legislative challenges are substantial. Armed Services Committee leaders like Senator Roger Wicker and Representative Mike Rogers have cautioned against making such massive structural shifts without a clear strategy that accounts for ethical and operational oversight. They have drawn clear lines on executive branch activism regarding autonomy, requiring that any major push receives rigorous scrutiny. Representative Rob Wittman has echoed these concerns, noting that while the military must move fast, it cannot afford to abandon the principles of accountability that define American governance.

Internationally, the pressure is even more pronounced. Recently, 156 nations supported a United Nations General Assembly resolution expressing deep concern over the risks of an autonomous arms race. These nations fear that removing humans from the loop will lower the threshold for conflict and lead to unpredictable escalations. The United States was among the minority that declined to support the resolution, citing the necessity of maintaining a technological lead against competitors like China and Russia who are pursuing their own autonomous capabilities with little regard for international norms. Current U.S. policy prohibits the employment of lethal autonomous systems without senior official approval, but critics argue this is a temporary safeguard that could easily be swept away by the speed of machine warfare.

History suggests that as technical capabilities drift, legal frameworks must evolve to provide clear definitions of what constitutes an autonomous weapon. The transition to a unified command for autonomy is not merely a budgetary or structural change; it is a recognition that the nature of power has shifted from physical platforms to the cognitive software that controls them. Failing to adapt to this reality would leave the United States holding an expensive, manned fleet in an age of attritable, intelligent swarms. The window for this transformation is closing, and the FY2027 budget request is the most significant signal yet that the Pentagon is ready to step through it.

Success will depend on more than just the $54.6 billion requested; it will require a new type of coordination between the warriors who fight and the engineers who build the tools. As the Department of War navigates the friction with firms like Anthropic and the skepticism on Capitol Hill, it must articulate a vision where autonomy enhances human judgment rather than replaces it. If they succeed, the 12th Unified Command will become the backbone of American security for the next century; if they fail, the machines will indeed be at the helm, but we may not like where they are steering us.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Anthropic Mythos - We’ve Opened Pandora's Box

EXPERT OPINION -- For a decade the cybersecurity community was predicting a cyber apocalypse tied to a single event - the day a Cryptographically Relevant Quantum Computer could run Shor’s algorithm and break the public-key cryptography systems most of the internet runs on. We braced for a one-time shock we would absorb and adapt to. The National Institute for Standards and Technology (NIST) has already published standards for the first set of post-quantum cryptography codes.

It’s possible that the first cybersecurity apocalypse may have come early. Anthropic Mythos now tilts the odds in the cybersecurity arms race in favor of attackers - and the math of why it tilts, and how long it stays tilted, is different from anything our institutions were built to handle.

In 2013, Edward Snowden changed what people understood about nation-state cyber capabilities. In the decade that followed disclosures and leaks of nation state cyber tools reduced uncertainty and accelerated the diffusion of cyber tradecraft.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

The defensive playbook that followed - compartmentalization, need-to-know, leak-surface reduction, clearance reform, “worked” because the Snowden leaks and those that followed were one-time disclosures, absorbed over a decade, with the system returning to something like equilibrium.

We got good at responding to the shocks of disclosures. It became doctrine. It was the right doctrine for the wrong future.

Pandora's Box

In 2026, Anthropic Mythos (and similar AI systems) is changing what people can do. Mythos found Zero-day vulnerabilities and thousands of “bugs” that were not publicly known to exist (a must read article here.) Many of these were not just run-of-the-mill stack-smashing exploits but sophisticated attacks that required exploiting subtle race conditions, KASLR (Kernel Address Space Layout Randomization) bypasses, memory corruption vulnerabilities and logic flaws in cryptographic libraries in cryptography libraries, and bugs in TLS, AES-GCM, and SSH.

The reality is a number of these were not “bugs.” There were nation-state exploits built over decades.

What this means is that Anthropic Mythos, and the tools that will certainly follow, has exposed hacking tools previously only available to nation-states and transformed into tools that Script Kiddies will have within a few months (and certainly within a year.) No expertise will be required to apply that tradecraft, compressing both the learning curve and the execution barrier.

All Government’s Will Scramble

When Mythos-class systems are used to analyze the code in critical infrastructure and systems, the hidden sophisticated zero-day exploits that are already in use, (including ones nation-states have been sitting on for years) will be found and patched. That means intelligence agency sources of how to collect information will go dark as companies and governments patch these vulnerabilities.

Every serious intelligence service will scramble, likely with their own AI, to find new access before the visibility gap costs them something they cannot replace. A new generation of AI-driven exploits will rise to replace the ones that have been burned.This will build an arms race with a new generation of AI-driven cyber exploits looking to replace the ones that have been discovered. Whichever side sustains faster AI adoption - not just “procures” it, but ships it into operational systems, holds a widening advantage measured in powers of two every four months.

The binding constraint is not budget. Not authority. Not access to models. It is institutional capacity for change - the rate at which a defender organization can actually change what it deploys.

The Long Tail Will Not Be Patched

Anthropic has given companies early access to secure the world’s most critical software. That will help Fortune 100 companies. But the Fortune 100 is not just a small part of the software attack surface.

The attack surface includes the unpatched county water utility, the regional hospital, the third-tier defense supplier, the school district, the state Department of Motor Vehicles, the municipal 911 system, and the small-town electric co-op. Tens of thousands of systems running software nobody has time to patch, maintained by teams that have never heard of KASLR.

Every one of those systems is now exposed to nation-state-grade tradecraft, wielded by attackers with no expertise required. Mythos-class hardening at the top of the pyramid does not trickle down. The long tail will stay unpatched for years.

Attackers Advantage - For Now

Under continuous exponential growth of AI designed cyberattacks, a cyber defender using traditional tools can't just respond just once and stabilize their systems. They’ll need to keep investing at a rate that matches the offense's growth rate itself. A one-time defensive shock like compartmentalization might work against a sudden attack, but it will fail against sustained exponential pressure because there's no stable equilibrium to return to. The defender's investment rate has to track the offense's growth rate.

Ultimately and hopefully, the next generation of AI driven cyber-defense tools will create a new equilibrium.

What We Need to Do

Mythos and its follow-ons will change how we think about cyber-defense. We can’t just build a set of features to catch every exploit x or y. We need to build cyber systems that can maintain or exceed the capability rate of the attackers.

Here are the three tools governments and cyber defense companies need to build now:

Measure the Gap Between Attackers and Defenders. We need to know the gap between what the attackers can do and what we can defend against. We need to develop instrumented red/blue exercises (a simulation of a cyberattack, where two teams – the red team and the blue team – are pitted against each other) to estimate the number of new vulnerabilities vs cyber defense mitigation. (This can be built in six months, with a small team.)
Measure the Defender Response Time. For each corporate or government mission system, measure how long it takes to implement a change from identification to production deployment. Treat each organizational obstacle as equivalent to technical debt that needs to be remediated.
Specify Speed, Not Features. Any new Cyber Defense tools and architecture - including the next-generation cloud-native systems sitting in review right now - should have explicit ‘rate’ requirements. Claims of “our product delivers X capability is now the wrong specification. “Closes detection gap at rate greater than or equal to the offense growth rate” is the right one.

Buckle up. It's going to be a wild ride - for companies, for defense and for government agencies.

Mythos is a sea change. It requires a different response than what the current cyber security ecosystem was built for, and one the current system is not built to produce. We are not behind yet. The gap between Mythos and what we can build to defend is small enough today that a serious response can still match it. A year from now, the same response will be eight times too slow. Two years, sixty-four.

By the way, the only thing left in Pandora’s Box was hope.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

America’s Cyber Strategy Has a Budget Problem

OPINION – The threat from cyberattacks has never been more acute, but there is reason to worry America is not rising to the challenge. It is not the lack of a cybersecurity strategy, but rather a growing gap between what the United States says and what it is willing to fund. The Trump administration’s latest budget proposal makes that gap impossible to ignore.

At the center of the proposal is a $707 million reduction to the Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s primary civilian cybersecurity body. The request would bring CISA’s budget down to just over $2 billion. That’s well below the roughly $2.6 billion Congress had been prepared — on a bipartisan level — to provide to the agency prior to the partisan blow up over the Department of Homeland Security’s budget because of a dispute over immigration enforcement.

Over the past year, the agency has already been weakened by layoffs and reduced support for state and local cybersecurity efforts. The new budget would accelerate that trend. The administration has framed the cuts as a refocusing of CISA on its “core mission,” shuttering supposedly unnecessary initiatives like the Stakeholder Engagement Division. But the reality is that modern cybersecurity does not operate in a vacuum. Defending critical infrastructure — energy grids, transportation systems, water utilities, and telecommunications networks — depends on constant coordination with state and local governments, private sector operators, and international partners. Dismantling the very offices designed to enable that coordination undermines the mission the budget claims to prioritize.

At the same time, the broader federal cyber ecosystem is also being thinned. The Office of the National Cyber Director would see a $3 million reduction in funding. The State Department’s cyber apparatus has been reorganized in ways that risk diluting its effectiveness. The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response would see budget $40 million below FY25 enacted levels of $200 million. And there has been a noticeable pullback in engagement with the private sector and international cyber community — two pillars of any credible cyber defense strategy.

The contradiction becomes even clearer when viewed against the broader threat environment. The United States faces sustained cyber pressure from sophisticated adversaries, including China, Russia, Iran, and North Korea. These actors are not just targeting federal systems; they are probing the connective tissue of American society – ports, pipelines, hospitals, and supply chains. Many of these systems are owned and operated by the private sector or local entities that rely on federal support, guidance, and information sharing to defend themselves.

To be clear, not every line in the budget moves in the wrong direction. There is a modest $15 million increase proposed for Treasury’s “critical cyber capabilities, sanctions targeting, and combatting illicit financial activity.” State Department funding to improve its own IT infrastructure would also see a slight boost. These are useful investments, but they are not substitutes for a coherent, whole-of-government approach.

The most striking aspect of this budget is how misaligned it is with widely accepted cybersecurity priorities. For years, policymakers from both parties have emphasized the need for stronger public-private collaboration, improved information sharing, and deeper international partnerships. Yet, the proposed cuts target precisely those functions.

This raises a more fundamental question: what is the administration’s theory of cyber defense?

If the goal is to reduce federal overreach, that is a legitimate policy debate. But the current approach does not simply scale back — it selectively removes the connective infrastructure that enables decentralized defense to work. Without federal coordination, the burden shifts to actors who often lack the resources, visibility, or expertise to manage nation state cyber threats on their own.

Congress has seen this dynamic before. In prior budget cycles, lawmakers from both parties rejected proposals to significantly cut cyber funding, recognizing the mismatch between rising threats and reduced investment. There is little reason to believe the underlying risk calculus has changed. If anything, it has intensified.

The United States is entering a period of heightened geopolitical tension, where cyber operations are increasingly integrated into broader military and economic strategies. In this environment, underinvesting in civilian cyber defense is not a cost-saving measure — it is a strategic liability.

A credible cybersecurity strategy requires more than strong rhetoric. It requires sustained investment in the institutions, partnerships, and capabilities that make defense possible. Right now, the budget and the strategy are moving in opposite directions. Congress should close that gap.

Jiwon Ma is the senior policy analyst at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation, where she contributes to the work of CSC 2.0.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Extremist Groups Are Sharing a Global Media Strategy

OPINION — In the private sector, we analyze competitors to understand where they excel, so we can improve our approach. With this same mindset, I reviewed how 15 adversarial groups utilize media to communicate locally and internationally.

The headline is that the groups, ranging from Al-Shabaab to ISIS-K to Hezbollah, are clearly learning from each other, leading to an informal universal playbook that is consistent across the groups.

This is quite similar to the private sector where innovation is more of an iterative race. We have a tendency to copy what works.

Let’s take a look at these common behaviors by separating them into media strategy and narrative style.

Media Strategy

Telegram is home base. It is the top distribution channel for a reason. Telegram offers broadcast channels with no limit on subscribers, bots for automation, end-to-end encrypted direct messages, minimal content moderation and easy migration after bans via invite links. Narratives often start in Telegram, then content is fed to other platforms.

Each group has a similar distribution strategy that anticipates content takedowns. Groups distribute content, on average, across 3-7 platforms simultaneously. Knowing takedowns will occur, they also upload content to Archive.org, which serves as a holding tank. If content goes down on a social channel, it can be re-uploaded from Archive.org. An example of a media mix may include Telegram, Facebook, TikTok, Element and Archive.org.

A two-tier distribution system. All groups have two-tier distribution – their official channels for direct distribution and unofficial channels for supporters/surrogates (TikTok, Instagram, YouTube) to reshare and amplify content. The supporters help groups maintain a presence despite official account bans. Platform policies have difficulties proactively monitoring and patrolling the surrogate amplification layer.

Enforcement leads to migration. Each group pre-positions on other channels, e.g., Rocket.Chat, Element and Session so they can more easily activate a pre-existing presence in alternative channels or they move to new channels beyond the reach of platform moderation, such as satellite TV (Hezbollah, Houthis) and physical offline media (JI, Boko Haram).

Narrative Style

Groups are expert at establishing a false narrative frame. It is standing protocol to exploit major geopolitical events by immediately inserting their narrative within hours. If they conduct this type of “narrative jacking” within 2-4 hours of the incident they have a chance to lead the first wave of interpretation before mainstream media establishes the dominant frame.

Video accelerates attack claims. Every group releases an official video within hours of any attack. Pre-produced, officially branded with logos, released to Telegram first. Sets the frame and it is often more emotional.

Expertise in parallel audience messaging. The local message is in local language and often focuses on governance legitimacy or grievance. The international message focuses on solidarity, victimhood and humanitarian framing. Dual-narrative analysis will be more instructive than tracking either alone.

Ability to reframe civilian imagery. The footage is often authentic. The deception is in the attribution, the framing, or the claimed scale.

Grievance amplification is a gateway to radicalization. Media strategy often begins by amplifying legitimate grievance – real injustices, real conflicts, civilian suffering. Extreme content gets layered on top over time, and because the foundation is real, platform policies usually don’t flag it.

Overall, if we understand how groups learn from each other, it improves our ability to identify which media, technology and AI trends are being utilized by any of the groups. We know that what breaks new ground will be analyzed and implemented as quickly as possible.

The implication for any counter-messaging team is practical. Watching one group’s innovation is watching all fifteen. The right question to ask inside your own operation is whether you are monitoring the first mover in the playbook — not just the group on your assigned target list.

Note: the groups analyzed include ISIS, Al-Qaeda, Al-Shabaab, Boko Haram/ISWAP, Taliban, Hay’at Tahrir al-Sham, Hezbollah, Hamas, Tehrik-i-Taliban Pakistan, AQAP, ISIS-K, Jemaah Islamiyah, Abu Sayyaf Group, Jaish-e-Mohammed/Lashkar-e-Taiba, Houthis.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Pakistan: Broker of Peace While Still at War

Just a few weeks ago, Pakistan, the host for fragile ceasefire talks aiming to end the war between the U.S. and Iran, was at war with Afghanistan in what has been described as the worst conflict between the two countries in years.

A ceasefire between Pakistan and Afghanistan that was scheduled to run from midnight March 19 to midnight March 24 - and brokered at the request of Saudi Arabia, Qatar, and Turkey - offered the first lull in nearly a month of what was widely described as open warfare. Few analysts were treating it as anything more than a pause, risking

Pakistan’s Information Minister Attaullah Tarar was explicit: Operation Ghazab Lil Haq would resume with greater intensity the moment any cross-border attack, drone strike, or terrorist incident occurred inside Pakistan during the holiday period. On Monday, as the ceasefire approached its midnight deadline, Deputy Prime Minister and Foreign Minister Ishaq Dar reaffirmed that Pakistan’s approach had not shifted. “Pakistan remains firmly committed to eradicating the menace of terrorism,” he said.

Previous ceasefires have not held. The one brokered by the same mediators in October 2025 collapsed within days - Istanbul peace talks broke down on October 29, and Pakistan threatened to “obliterate” the Taliban government shortly after. Saudi-led mediation in December 2025 also failed.

What has changed is the scale of the conflict. Pakistan declared “open war” against Afghanistan. Late February brought Operation Ghazab Lil Haq — air and ground strikes hammering Taliban positions across Kabul, Kandahar, Paktia, Nangarhar, Khost, and Paktika, the most significant cross-border military action since the Taliban retook power in 2021. Pakistani officials now claim more than 684 Taliban fighters killed, over 912 injured, 252 posts destroyed, and 229 tanks, armored vehicles, and artillery guns taken out of action.

The Taliban dispute nearly all of those figures. Pakistani airstrikes have hit Kabul repeatedly, Afghan forces have sent drones and mortars back across the border, and the United Nations has tallied at least 289 Afghan civilian casualties since the fighting began — 104 of them children, 59 women.

The worst single day came on March 16. A Pakistani airstrike hit the Omid Addiction Treatment Hospital in Kabul while patients were inside. Afghan authorities counted more than 400 dead. The UN put the confirmed figure at 143 or more. Pakistan said it had struck only military infrastructure. The following day, mass funerals moved through the capital.

Aparna Pande, Senior Fellow for India and South Asia at the Hudson Institute, tells The Cipher Brief that the ceasefire pattern should surprise no one.

“Historically speaking, these ceasefires have never been durable,” she says. “Each side has simply used the pause in fighting to rebuild and replenish before the next round.”

With the truce now expiring and both sides’ core grievances entirely unresolved, the question pressing analysts is whether Islamabad has a realistic end-state in mind, or whether open war with a nuclear-armed state’s most volatile neighbor has become a policy that Pakistan can start but not finish.

A relationship Pakistan can no longer manage

The roots of this conflict run directly through Islamabad’s own strategic choices. For decades, Pakistan cultivated the Afghan Taliban as a buffer against Indian influence, the doctrine of “strategic depth,” conceived in the 1980s, envisioned a pliant Kabul as an extension of Pakistani security space.

That calculation has collapsed entirely. The immediate trigger for the current war is the Tehrik-e-Taliban Pakistan, the militant group that Islamabad accuses Kabul of sheltering and enabling. TTP attacks inside Pakistan have dramatically escalated since 2021, and Pakistan’s Army Chief Field Marshal Asim Munir said during a March 4 visit to troops in South Waziristan that peace can only exist if the Taliban “renounced their support for terrorism and terrorist organisations.”

The Taliban, meanwhile, have never recognized the Durand Line, the colonial-era border Pakistan regards as sacrosanct, and that dispute alone makes any durable political settlement nearly impossible to achieve.

Aref Dostyar, Director of the Afghanistan Program at the University of Notre Dame and former senior Afghan diplomat, tells The Cipher Brief that Pakistan’s military logic is backfiring on itself.

“If the goal is to weaken the Taliban, Pakistan’s aggression is backfiring because it is triggering a ‘rally round the flag’ effect,” he says. “Even Taliban opponents are being cornered to choose between supporting the current regime’s stance against Pakistan or appearing to justify foreign aggression. Most are choosing the former.”

The strategic paradox here is stark: Islamabad is now at war with an actor it once created, sustained, and expected to serve its interests indefinitely. Pande is equally direct: any durable agreement would require each side to move off entrenched positions that the other has shown no willingness to abandon.

The Afghan Taliban would need to pressure their ideological ally, the TTP, to ease attacks inside Pakistan. For its part, Pakistan would need to accept that “it cannot combat an insurgent movement through conventional means and hence offer some economic and other incentives,” Pande says, underscoring that “there is a reason a compromise has not happened as both sides are sticking to their hardline positions.”

Dostyar also questions Islamabad’s underlying objectives.

“Pakistan cites the TTP as justification for ‘open war,’ but its true aims are unclear,” he analyzes. “Mapping the specific locations of Afghan targets may reveal an agenda that contradicts their stated counter-terrorism goals.”

The Iranian dimension

The war in Afghanistan, however, is not happening in isolation. On February 28, coordinated United States and Israeli strikes on Iran killed Supreme Leader Ayatollah Ali Khamenei and triggered a rapidly expanding Middle East conflict. For Pakistan, already engaged in open fighting on its northwestern border, the implications of Iranian instability on its southwestern frontier are severe.

Pakistan’s western frontier with Iran runs for 565 miles, cutting through territory where both sides of the border — Pakistan’s Balochistan and Iran’s Sistan-Balochistan — have long hosted ethno-separatist insurgencies. Roughly $1.4 billion in goods moved between the two countries in 2024-2025, most of it through barter deals and informal crossings rather than anything approaching a formal trade architecture.

Iranian fuel and food have kept Balochistan’s markets from seizing up entirely since the Afghan border shut in October. That lifeline now runs through a war zone, and the border districts of Balochistan, among Pakistan’s poorest, would feel any disruption most acutely.

Afghanistan shares its own 572-mile border with Iran, and the stakes for Kabul are equally acute. Iran hosts an estimated three to five million Afghan refugees and migrant workers. It serves as Afghanistan’s primary remaining trade route to the sea via Chabahar port, a lifeline that became critical after Pakistan closed its border in October. With that route now disrupted by the war, Afghanistan faces a dual economic squeeze that has no near-term resolution.

Pande points out that the security calculus around Balochistan is shifting fast.

“Groups like the BLA have used Iranian and Afghan Baluchistan to operate inside Pakistani Baluchistan,” she observes.

The BLA, the Balochistan Liberation Army, is the most powerful of several insurgent groups operating in the province, a banned separatist organization designated a foreign terrorist group by the United States that seeks to carve an independent Balochistan from Pakistani territory and has escalated sharply in recent months, carrying out coordinated bombings, train hijackings, and mass casualty attacks.

“Instability inside Iran can be helpful to these groups as it may make it easier for them to move across the borders and also easier to find access to military equipment,” Pande continues, stressing that the picture cuts both ways. “Instability inside Iran and the Iranian state’s focus on the western frontier means the Pakistani state may find it easier to target these Baluch groups, knowing that Iran’s attention is diverted.”

Pakistan is also home to an estimated 15 to 20 percent Shia population, one of the largest outside Iran. Violence erupted in Pakistani cities following news of Khamenei’s death. Jihadist networks, including the Islamic State Khorasan Province, al-Qaeda, and the TTP, have been trying to expand their footprints in Balochistan, and instability in Iran would divert Pakistani security resources toward border management, creating an opening for those networks to grow.

In Balochistan’s Makran coast region, home to the Chinese-operated deep-sea port of Gwadar, local officials have advised residents to avoid Iranian territory entirely.

A nuclear state on three fronts

Then there is India. Last May, the two nuclear-armed neighbors fought their most intense clash since 1971. India launched Operation Sindoor on May 7, striking nine sites linked to militant groups Jaish-e-Mohammed and Lashkar-e-Taiba in Pakistan and Pakistan-administered Kashmir — the first time India had struck inside Pakistan’s Punjab province since the 1971 war.

When reports surfaced that Pakistan had summoned its Nuclear Command Authority, the body that controls decisions over its nuclear arsenal, the crisis took on a different character altogether. Analysts read it as a calculated signal. Pakistani officials later said no such meeting occurred. Fears of escalation to the nuclear threshold drove United States government involvement, with Secretary of State Marco Rubio working the phones before President Trump announced the ceasefire on social media on May 10.

The intervention produced a fragile truce yet left the underlying tensions entirely intact. Delhi has held the Indus Waters Treaty in abeyance since then, a move Islamabad has called an act of war. The Indus basin supplies roughly 80 percent of Pakistan’s irrigated agricultural land and underpins a sector that accounts for nearly a quarter of GDP.

Dostyar does not mince words about where all this leaves Islamabad.

“Pakistan is facing a failing economy, political instability, and internal separatist movements,” he asserts. “In the face of all this, it is an enormous gamble to engage in multiple external conflicts. It may be a ‘distraction’ strategy, but it poses a significant regional risk, particularly regarding the security of Pakistan’s nuclear arsenal.”

Pande agrees the military believes it can manage all three frontiers for now, partly because of what she describes as confidence in Washington’s backing and a mutual defense arrangement Pakistan concluded with Saudi Arabia in September 2025, which stipulates that any aggression against either country is treated as aggression against both. Still, she flags a structural weakness in the information campaign that sustains it.

“The message being sent by the top brass is that events that are happening are a conspiracy against Pakistan, in an attempt to rally the people to support the state and its actions,” she says.

That Washington has left the mediation work entirely to Ankara, Doha, and Riyadh is itself telling and consequential. As Dostyar puts it, “Washington’s apparent absence from mediation is likely driven by either insufficient awareness about what is truly going on or a strategic choice due to competing priorities.” In plain terms, the United States is either not paying close enough attention or has decided this fire is someone else’s to put out.

That calculation carries costs. A nuclear state fighting one neighbor, frozen out by another, and watching a third descend into war on its doorstep is exactly the kind of cascading regional breakdown that tends to pull Washington back in regardless of its intentions.

The security of Pakistan’s nuclear arsenal under simultaneous pressure on three fronts, the risk of jihadist networks exploiting the chaos in Balochistan, and the potential for an escalation that pulls in India — all of these are American national security equities, whether Washington chooses to engage or not.

The Eid pause now expiring gives diplomats the narrowest of windows. Saudi Arabia, Qatar, and Turkey all called this week for a path toward a sustainable agreement. Whether the structural conditions for such an agreement exist is another matter entirely. Pakistan’s preconditions — TTP sanctuaries dismantled, militant leaders handed over — are non-starters for a Taliban government that has staked its domestic legitimacy on refusing to be seen as compliant with Islamabad’s demands. The Taliban’s own precondition, recognition of Afghan sovereignty over the Durand Line, is equally unacceptable to Pakistan’s military establishment.

The underlying drivers are unchanged.

As Pande frames it, the core problem is not a lack of mediation but a lack of political will on both sides.

“The Afghan Taliban believes they are no longer beholden to Pakistan, they are in power, and they are reluctant to act against their ideological ally, the TTP,” she adds. “Pakistan believes that since it helped the Afghan Taliban regain power, the latter should be grateful to Pakistan, should keep Pakistan’s interests in mind and should tame the TTP. The key challenge for Pakistan is the ongoing conflict with its former proxy.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Costly Illusion of the Golden Dome

OPINION — “The Golden Dome for America strategy [President Trump’s proposed nationwide anti-missile defense system] remains centered on affordable and scalable capabilities. In the short-term, we will leverage battle-proven technologies and systems to provide immediate defense against current threats. By improving, multiplying, and integrating existing systems, we can field a credible defense now. However, defeating an increasing number of sophisticated, lower-cost offensive threats with a limited supply of multi-million-dollar [space- and ground-based] interceptors is an economically untenable proposition in the long term.”

That was from the prepared statement of Space Command General Michael Guetlein, Program Manager for the Golden Dome for America project, who appeared last Wednesday before a House Armed Services Strategic Subcommittee hearing held to provide an update on Golden Dome and other Department of Defense (DoD) missile defense programs along with other senior officers.

In announcing the Golden Dome program on January 27, 2025, Trump, in an Executive Order said, “The United States will provide for the common defense of its citizens and the Nation by deploying and maintaining a next-generation missile defense shield; the United States will deter — and defend its citizens and critical infrastructure against — any foreign aerial attack on the Homeland; and the United States will guarantee its secure second-strike capability.”

Last May, Trump predicted, “Once fully constructed, the Golden Dome will be capable of intercepting missiles even if they are launched from other sides of the world, and even if they are launched from space, and we will have the best system ever built.”

Guetlein, just before the two-hour session ended, again made clear, cost would be a factor in the system. “If we cannot do it affordable we will not go into production and that's something that others have not understood. Because we are looking at the threats from a multi-domain perspective, to make sure I have redundant capabilities, and I don't have single points of failure, so if boost- phase intercept from space is not affordable and scalable, we will not produce it because we have other options to get after it.”

During the hearing, Guetlein and the others made clear what a long, costly and complicated process the Golden Dome will involve.

For example, when Guetlein was asked how many American cities are currently protected by Patriot or Terminal High Altitude Area Defense (THAAD) batteries – the U.S. Army’s existing ground-based anti-missile units he referred to above -- he answered, “Today, none.”

I remember back in the 1950-to-1970 Cold War days when the U.S. Army deployed nuclear-armed Nike surface-to-air missile batteries around major cities such as Washington, D.C., Chicago, Detroit, Minneapolis, and the Florida coast to intercept Soviet missiles or bombers. One example: back then 19 Nike anti-air sites ringed New York City.

As I read Guetlein, Golden Dome will require Patriot and THAAD batteries to be deployed to hundreds of U.S. cities to provide the protection President Trump envisioned.

Today, a single Patriot battery cost $1.1 billion -- $400 million for the radar, control station and launchers plus another $690 million for the interceptor missiles, at some $4 million each. In addition, it takes 90 service personnel to operate that Patriot battery. A single battery can protect an area with a 42-mile defense radius, depending on the surrounding terrain, while its radar can track up to 50 potential targets and engage five simultaneously.

A Patriot battery acts as a terminal-phase shield against tactical ballistic missiles, cruise missiles, drones, and advanced aircraft.

The U.S. Army today operates roughly 15-16 Patriot battalions, consisting of some 60 active batteries, with some 30+ stationed within the U.S., while the remaining are deployed in Europe, the Middle East, and the Indo-Pacific region.

A single THAAD battery, designed to intercept short-, medium-, and intermediate-range ballistic missiles, typically costs between $1 billion and $2.7 billion. A battery is comprised of six truck-mounted launchers, 48+ interceptors, the AN/TPY-2 radar, and fire control units. Again, some 90 personnel are needed to operate a THAAD battery.

As of June 2025, the Army had just eight THAAD batteries with four stationed overseas -- in Guam, South Korea, Israel and Middle East -- and four on U.S. Army bases at home.

Supplementing these terminal-phase defense systems, in considering this new Golden Dome concept, is the Ground-Based Midcourse Defense (GMD), the only operational U.S. system theoretically designed to defend the entire U.S. against long-range ballistic missiles. However, GMD is designed to defend against limited ICBM threats from rogue nations such as North Korea and Iran and not the advanced ICBM capabilities of Russia and China.

GMD consists of a space-based and ground-based global network of sensors and radars to detect and track threats; command, control, battle management and communications; a fire control system that can calculate interception points; and just 44 Ground based Interceptors (GBI), 40 at Fort Greely, Alaska, and 4 deployed to Vandenberg Air Force Base, California. President Trump has requested funding for 20 additional GBI interceptors to be deployed in the United States.

Each GBI has cost roughly $90 million and the GMD system as a whole has been estimated to have cost over $40 billion.

The U.S. Missile Defense Agency (MDA) in 2021 awarded Northrop Grumman and Lockheed Martin contracts to develop a Next Generation Interceptor (NGI) as a follow-on to the GBI. In April 2024, the MDA announced it had selected Lockheed Martin as the sole prime contractor for the NGI program’s development phase.

The NGI plan called for the first new interceptors to be operational by 2028 and the final multi-year contract to be worth an estimated $17 billion.

When Guetlein told the House subcommittee last week “Golden Dome for America is not a single or static weapon system, but an integrated ‘system of systems,’” these three – Patriot, THAAD and GMD -- are the basic systems I believe he was talking about.

There is also the Navy’s AEGIS shipboard anti-missile system, which also provides midcourse and terminal interceptions. But other than the one land-based AEGIS system in Europe, the remainder appear to be needed to protect the fleet.

Guetlein explained, “The architecture that we're building is a very flexible open architecture design system so that we can continuously modernize it as the threat continues to mature. It is not a static architecture. So we will continue to upgrade along the way to get after the threat.”

He claimed his new system “will increase the number of threats we can defend against for a fraction of the cost…by building a modular, layered, defense-in-depth ‘system of systems’ where all components can operate independently and, therefore, can be replaced without having to rebuild the entire enterprise.”

Guetlein said, “We are going to deliver an operational capability by the summer of [20]28 that will be able to protect the homeland against a variety of threats. The ultimate objective architecture is going to be $185 billion. That's $175 billion as identified by the President of the United States and an additional $10 billion to accelerate some space capabilities that were not originally part of our architecture.”

Another House subcommittee witness, Lieutenant General Heath Collins, Director of the Missile Defense Agency, introduced the idea that directed energy weapons, lasers, would also be part of the Golden Dome program.

“We are certainly putting more attention into potentially game-changing directed energy,” Collins said. “Capabilities in an unmanned air platform is what we're focused on so we can bring that capability to the edge of the fight and thin the herd of UAVs [unmanned air vehicles] – potentially air threats and the like. So, we're very into that and we're driving through on that experimentation as we as we move forward.”

Speaking of Patriot and THAAD, Collins said , “We have some very proven systems with incredible capability…We are always driving to figure out how to drive the cost of those down. One through the acceleration in quantities that we're going to talk about. We're going to have a

savings in those. But those are pretty exquisite and unique weapons. As we move forward we are continuing to push directed energy and non-kinetics to change the cost equation.”

Near the close of the hearing, Gen. Guetlein was asked to sum up “in layman’s terms,” why Golden Dome was the right option to meet the current threat.

Guetlein responded in part, “We are seeing threats coming from the multi-domain environment meaning they're coming from air, they're coming from the sea, they're coming from space, they're coming from land. They [U.S. adversaries] have figured out how to get some low-cost threats in there as well to challenge our depth, our defenses.”

Guetlein concluded, “This is driving a demand for increased magazine depth [an adequate supply of interceptors] and a demand for lower cost solutions to get after these sectors. That's what Golden Dome is focusing on…how to change that defense equation. And we're doing that through partnerships with industry, partnerships with academia and partnerships with the national labs.”

I believe the truth is, as the U.S. discovered during the Reagan years, that missile offenses will always defeat missile defenses, and while an Iron Dome defense can be set up for a small country – Israel -- no Golden Dome can be established to protect a large country such as the U.S.

And, ironically, trying to create a defensive system will eventually lead to a more aggressive offensive arms race than exists today.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump, Iran, and the Stress Test of Western Alliances

OPINION – The war with Iran has grown beyond just a regional war; it is also a preliminary test of the cohesion of Western alliances under President Donald Trump. Deep root causes concerning burden-sharing, strategic partnership, and political trust within NATO are being exposed by the United States’ and its allies' reactions as tensions escalate and the shock of disruption through the Strait of Hormuz is felt by the world's energy markets. A broader re-evaluation of how Western alliances function in an increasingly volatile global context is taking place, rather than just a contest of deterrence against Iran.

This war unfolds in a distinct political setting in Washington - different from previous Middle East conflicts. Trump's foreign policy approach throughout his current term has remained consistent with a transactional view of alliances, putting concrete commitments and national advantage over conventional ideas of shared security.

NATO's internal structures are experiencing pressure and uncertainty. European allies are currently dealing with a more nuanced strategic context, where unconditional alignment with the United States is hardly assumed but still anticipated. As a result, the Iran war reveals the political boundaries of alliance unity.

A Regional War with Global Consequences

The war’s global implications are being highlighted by the closure of the Strait of Hormuz. Uncertainty in the Strait, a vital conduit for global energy supply, has direct and major economic repercussions, from rising energy costs to heightened financial market swings. The economic implications caused by the Iran war raised calls for de-escalation for European economies already facing structural strain.

NATO allies' strategic calculations are hampered by this economic element. While local economic factors favour neutrality, security commitments require European states to back U.S. policy. The result is a dual strain that weakens collective decision-making. As a result, the Iran War cannot be viewed simply as a regional security matter; rather, it is a confluence of political, economic, and military concerns that go well beyond the Middle East.

Trump’s Alliance Strategy: Pressure as Policy

Trump's use of external threats to alter alliance behaviour is a larger trend in his foreign policy, which appears in how he managed the situation. The current crisis intensified his repeated criticism of NATO states for inadequate defence spending, with new demands for enhanced European contribution to both military operations and financial commitments.

There could be inconsistent outcomes from such a strategy. On one hand, it could hasten European attempts to strengthen strategic autonomy and increase defence spending. On the other hand, it carries the risk of upsetting allies who see this type of strain as eroding the alliance's cooperative roots. According to political scientist Stephen M. Walt alliances are upheld by bilateral trust as well as common interests, which can be weakened when relationships are laid out mainly in terms of give and take.

However, Trump's strategy does make some sense. The realists argue that greater shared burdens could boost the alliance's overall capabilities. The tough element is achieving this without weakening political cohesion that is vital for successful shared action.

NATO at a Crossroads

The Iran war has exposed long-standing divisions in NATO cohesion. Attempts to develop a cohesive response have been hindered by member countries' varying views of the risk. Russia remains as the key security threat for many Eastern European nations, with Middle East instability seen as a secondary concern. On the other hand, the impact of Middle Eastern unrest is more urgent for Southern European nations, especially about migration and energy security.

Establishing agreement turns tougher because of these conflicting agendas. NATO's viability eventually depends on political agreement among its members, even if it maintains strong bureaucratic procedures. Even in the absence of explicit disagreement, the current crisis highlights the risk of a slow erosion of strategic cohesion.

However, history reveals that crises may also act as a catalyst for adaptation. As political scientist Barry R. Posen points out, alliances often fluctuate in response to changing strategic conditions. The question involves whether NATO can utilise the Iran war to reassess its goals, or if internal division will worsen.

The Expanding Role of Middle Powers

Middle powers have played a significant part in fostering diplomatic dialogue throughout the current war. States like Pakistan and Turkey have emerged as mediators, showing the multipolar character of international diplomacy. Pakistan's recent effort to portray itself as a mediator and host the negotiators from the United States, and Iran is especially notable. Despite an inconsistent track record in regional policy and counterterrorism, Islamabad has utilised its alliances with rival blocs in order to preserve channels of communication at a critical time. In this respect, its role is less about resolving the war and more about preventing further escalation by facilitating dialogue in circumstances where direct engagement is politically constrained.

Their engagement reflects a broader shift away from Western dominance in conflict resolution and highlights the growing role played by regional players in crisis management. For NATO, this development provides both challenges and opportunities. On one hand, reliance on external mediators may indicate an erosion in Western diplomatic dominance. On the other hand, it offers other de-escalation alternatives that can complement formal alliance protocols.

The capability of NATO member countries to interact productively with these actors will be crucial in determining the trajectory of the crisis. Successful diplomacy in such a complicated setting requires cooperation outside conventional alliance agreements.

Future Trajectories: Cohesion, Transnationalism, or Fragmentation

The long-term repercussions of the Iran conflict for Western alliances will ultimately be shaped by how these interactions play out. Three potential pathways can be identified.

The first path is a renewed feeling of cohesiveness. In this scenario, the common challenges caused by the war contribute to greater cooperation among NATO members, strengthening NATO's legitimacy and efficiency. This would signify the continuation of NATO's enduring position as a foundation of Western security.

The second path is a shift towards transnationalism. The alliance persists, but collaboration becomes increasingly conditional, driven by national interests and contributions rather than unified standards. While this could enhance efficiency in certain areas, it also has the potential to weaken NATO's sense of joint missions.

The third path is gradual fragmentation. If internal divisions continue to grow, NATO may struggle to react to future crises as a cohesive alliance. This would not necessarily lead to the alliance's collapse, but it might significantly diminish strategic unity and influence.

The Iran war indicated that it’s more than just a test of military capacity or regional strategy; it also tests Western allies' resilience and adaptation in a shifting geopolitical context. Under President Trump, this test is exacerbated by a leadership style that prioritises power and negotiation above established alliance conventions.

For NATO, the stakes go beyond the current crisis. The alliance must manage a complicated web of security challenges, economic constraints, and political disagreements while retaining its credibility as a collective defensive agency. The capacity to manage these opposing needs will determine whether it emerges stronger or more fractured at the end of this period.

Ultimately, the significance of the Iran war may lie less in its immediate outcomes than in what it reveals about the future of alliance politics. In an era of shifting power dynamics and increasing uncertainty, the capacity of Western alliances to adapt will be a critical determinant of their continued relevance.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

An FBI Perspective on FISA Section 702

OPINION – I spent twenty years at the FBI supporting investigations into cybercrime, tracking ransomware gangs, and watching foreign adversaries tear through American networks. I've sat across the table from hospital administrators trying to figure out how to care for patients when their systems are locked. I've talked to small business owners who lost everything to a cyber operation traced back to a state-sponsored group operating with near-impunity abroad.

What I can tell you, from that vantage point, is that allowing Section 702 to lapse would create intelligence gaps that our adversaries are already positioned to exploit.

Section 702 is a vital tool. A nimble authority that provides for collection against foreign-based, non-U.S. person threat actors intent on harming Americans. The threats this authority was built to address have not slowed down while Congress deliberates. Iranian-nexus actors are actively probing U.S. critical infrastructure, Chinese operators remain embedded in telecommunications networks, and ransomware groups – some operating with the direct support or tolerance of foreign governments – are targeting hospitals, water systems, and school districts across the country.

The actors dominating today's headlines each represent a different dimension of why 702 matters to the FBI as an investigative and intelligence collection tool.

Iran has demonstrated both the intent and the capability to conduct attacks on US soil. Beyond cyber operations against critical infrastructure – including recent attacks against operational technology in water treatment plants – Iran has sought to assassinate American citizens, including senior government officials, and to silence dissidents operating on US soil. Many of these plots are planned from abroad, coordinated through the internet, and would be invisible to investigators without 702. It is the tool that lets us connect the dots before an attack is executed rather than after.

China is playing a longer game. The campaign to pre-position access inside US critical infrastructure – power grids, water systems, transportation hubs, communications networks – is patient and methodical, designed to be activated at a moment of Beijing's choosing, including in the event of a conflict over Taiwan. In the FBI's own experience, 702 has been the difference between detecting that access early and discovering it only after the damage is done. When Chinese hackers compromised a major US transportation hub, it was 702-derived intelligence and US person queries that allowed the FBI to pinpoint exactly which network infrastructure had been hit, alert operators to the specific vulnerability, and help close the backdoor.

Ransomware, which defined much of my work at FBI, has evolved from a criminal problem into a national security one. Many of the groups responsible for attacks on hospitals and pipelines operate under the protection or direction of state sponsors who understand that ransomware destabilizes the same infrastructure a military adversary would want to disable. Over the past decade, malicious cyber actors have accounted for more than half of the FBI's Section 702 targets. The authority is central to how the FBI does cyber work: identifying victims, warning them before attacks begin, and helping them close backdoors before the next wave hits.

If Section 702 authority expires, active collection against foreign targets stops. Leads go cold. Investigations that depend on 702-derived intelligence hit a wall at exactly the moment continuity is critical. Adversaries don't pause. Every day the authority lapses is a day they move more freely through networks they have already compromised.

On compliance, the record deserves an honest accounting. The FBI's pre-reform querying practices were unacceptable. Director Wray said so plainly, and he was right. But beginning in 2021, there was a genuine institutional reckoning: foundational reforms to training, supervision, and accountability that produced documented, court-verified improvement. The same court that documented FBI’s violations in the first place – the Foreign Intelligence Surveillance Court (FISC) – concluded the reforms are having the desired effect.

The same rigor that produced those improvements is exactly why this reauthorization debate deserves to be evaluated on its own merits. The concern about government acquisition of commercially available data is legitimate, but it is a separate question from 702. Conflating the two risks taking down a well-functioning authority over a fight that belongs elsewhere in statute.

From two decades working to counter these threats, I know what it costs to arrive after the damage is done. The good news is that Congress doesn't have to make that choice. The oversight architecture is working. The reforms are documented. The threats are real and they are not waiting. Reauthorize 702, address commercial data on its own track, and keep the investigative capability that makes the FBI's cyber and national security work possible.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why Greenland is the Linchpin of the Golden Dome

OPINION – When President Trump first proposed the purchase of Greenland, the world’s reaction leaned toward mockery. But as the strategic landscape of the 2020s shifts from traditional ground wars to a high-stakes Arctic battlefield and space-based competition, the real estate deal of the century is looking less like a whim and more like a calculated move for national survival.

The logic behind the push for Greenland, whether through outright acquisition or a significantly expanded role as its primary protector, is not about land mass nor rare earth minerals. It is about latitude. As the U.S. develops the Golden Dome system, a revolutionary, layered missile defense shield, Greenland is the one of the only geographic assets that offers the location necessary to protect the American mainland from modern existential threats.

The Ultimate Vantage Point

To understand Greenland’s value, one must look at a globe, not a map. The shortest flight path for an Intercontinental Ballistic Missile (ICBM) launched from Russia, China, or North Korea toward the United States is not across the oceans, but over the North Pole.

Greenland sits directly beneath these routes often referred to as Great Circle routes. By securing unfettered access to this territory, the U.S. can transition the Pituffik Space Base from a mere warning site into an active intercept location. Forward-basing interceptors on Greenland allows the military to engage incoming missiles in their mid-course phase—while they are still coasting through the vacuum of space. This provides a second line of defense that can neutralize threats thousands of miles away, ensuring that any debris or nuclear fallout occurs over the uninhabited Arctic ice rather than North American civilian populations.

Commanding the High Orbit

Beyond missile interceptors, Greenland should be the operational fulcrum for the space-based leg of the Golden Dome. Modern defense relies on the Proliferated Warfighter Space Architecture (PWSA), a mesh network of thousands of small satellites in Low Earth Orbit (LEO).

● Satellite Command: Because polar-orbiting satellites pass over the North Pole on every revolution, a ground station in Greenland can communicate with these satellites more frequently than any site in the continental U.S.

● Atmospheric Clarity: Greenland’s cold, dry air is a scientific miracle for communications. It provides the perfect medium for laser-based satellite links and high-frequency V-band radio, which are far more resistant to enemy jamming than traditional signals.

Beyond Greenland: The Svalbard Puzzle

While Greenland serves as the western anchor of this Arctic shield, it is only one piece of a broader polar puzzle. To truly secure the High North, the U.S. and its allies must eventually address the strategic anomaly of Svalbard.

Located halfway between Norway and the North Pole, Svalbard shares Greenland’s near-perfect latitude for satellite downlinking and missile detection. However, unlike Greenland, which is governed by a bilateral agreement with Denmark, Svalbard is governed by the Svalbard Treaty of 1920. This unique international document recognizes Norway’s sovereignty but with a major catch: the islands must remain demilitarized and open to commercial activity from all 40+ signatory nations (that includes Russia, China, North Korea, Iran and others).

This has led to a bizarre patchwork of land ownership that presents a significant security challenge:

● 34 Plots: Historically, land on Svalbard was divided into 34 distinct claims (aka, plots which were based on mineral or fishing rights).

● Norway (31 Plots): The Norwegian state owns a majority of the land, maintaining the primary administrative hub in Longyearbyen.

● Russia (2 Plots): Through the state-owned mining company Arktikugol, Russia owns two significant plots, including the active mining town of Barentsburg and the "ghost town" of Pyramiden. This allows Moscow a permanent, legal foothold on what is technically NATO soil.

● Private Hands (1 Plot): For years, the last remaining private plot, Søre Fagerfjord, has been a source of geopolitical anxiety. In late 2024 and throughout 2025, the Norwegian government took the unprecedented step of blocking the sale of this Manhattan-sized plot to prevent it from falling into the hands of non-NATO actors, specifically citing concerns over Chinese interest. This included blocking it from being sold to an American firm which would have ensured it could not fall under the control of a foreign power (conveying Arctic status to any such possibly malignant actor).

Conclusion: A Unified Arctic Strategy

If the push for Greenland is the first move in securing the Golden Dome, Svalbard is the inevitable second move. The topography that makes Greenland an ideal interceptor site is mirrored in Svalbard. However, the presence of Russian commercial outposts and the treaty’s strict restrictions on warlike purposes create a diplomatic minefield.

As the U.S. seeks to build an impenetrable shield against trans-polar threats, it must look beyond just buying land. It must navigate a complex web of hundred year-old treaties to ensure that the top of the world remains a vantage point for the West, rather than a loophole for its adversaries.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Most Dangerous Extremist Movement in America Has No Ideology

She Was 13. She'd Been Inside This World Since She Was 8.

A week after her birthday, Audree was dead.

Her mother didn't know why – not until a detective called to say Audree's journal was filled with drawings of school shooters. Not until she searched TikTok and recognized her daughter's artwork everywhere. Not until she learned that the online world her artistic, funny, guitar-playing daughter had been living in for five years had a name.

The True Crime Community. The TCC.

The TCC is one of the most dangerous pipelines operating right now – and most parents have never heard of it.

A Fandom Built Around Killers

It's not an organization. There's no leader, no membership card, no political ideology. Researchers call it nihilistic violent extremism – a fandom built around mass killers, driven by hatred of humanity and a hunger for notoriety.

The Columbine shooting gave this world a look and a feel. Members dress like shooters, draw fan art of them, and celebrate them the way other teenagers celebrate musicians. The community has migrated from Tumblr to TikTok, where a hand making an "OK" sign paired with a photo of boots signals TCC membership – and comment sections do the recruiting.

When a new shooting happens, the perpetrator often becomes the next idol. After the December 2024 shooting at Abundant Life Christian School in Madison, Wisconsin, the 15-year-old shooter became a figure the community celebrated – and three more school shootings in Tennessee, Minnesota, and Colorado followed. Each attack feeds the next.

Since January 2024, researchers have linked TCC to at least 25 attacks or disrupted plots. The FBI reported a 300% increase in this kind of extremism between late 2024 and late 2025. And this week, a school shooting in Argentina was directly tied to TCC by government officials, who said it had nothing to do with bullying – only membership in an international online subculture. This isn't an American problem anymore.

The Signs Are There – Parents Just Don't Know What They're Looking At

There is no recruitment script. No one knocks on your door. Your child doesn't come home saying she joined an extremist group. She asks for a T-shirt. She draws something in her notebook you don't recognize. She uses a username that sounds random.

One mother – Audree's mother – didn't just miss the signs. She helped create them. She made custom T-shirts for her daughter printed with logos tied to the Columbine killers. She had no idea what they meant. "I wanted to vomit," she said when she found out.

These communities target kids who are struggling – isolated, anxious, looking for somewhere to fit in. According to de-radicalization expert Allizandra Herberhold of Parents for Peace, about 95% of TCC participants never harm anyone else – they are far more likely to hurt themselves. This is a self-harm crisis as much as a violence crisis.

One more thing most parents don't know: TCC is roughly half girls, half boys – unusual for any extremist group. Girls often find their way in through online eating disorder communities. Boys typically come in through gore forums. If you think only boys are at risk, you're missing half the picture.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

A Phone Call Can Stop It

In January, an Indiana mother called the sheriff after noticing something wrong with her 17-year-old daughter. Investigators found the girl had recorded a walkthrough video of her school and was planning an attack with people she'd met online. The mother's call stopped it.

Another mother, Heather Dioneff, watched her daughter Lilyanna get pulled into the TCC world. Lilyanna idolized killers, wrote a manifesto, and made a list of people she wanted to hurt at school. She eventually told a therapist. The therapist called for help. Lilyanna was hospitalized before anything happened.

Two different families. Two different paths. Same result – someone paid attention and made the call.

The warning signs are about looks, not words. Watch for fixation on specific shooters, drawings of killers, references to Columbine, or usernames and symbols you don't understand. If something confuses you – a meme, a post, an image – search it before you react.

Monitor private channels, not just public profiles. Discord needs close attention. Experts say don't allow children on Telegram at all – it's full of violent and exploitative content.

Don't wait until you're sure. Parents for Peace runs a confidential helpline for families worried about where a child is headed. Their number is 1-844-49-PEACE. No judgment. No obligation. The Anti-Defamation League has sent TCC research to more than 16,000 schools and offers guidance on what to look for. Lawmakers have also introduced a bill that would make it a federal crime to push children toward self-harm – a step in the right direction.

The Adults Closest to These Kids Don't Know What to Look For

We have systems for identifying jihadist radicalization. We are building them for domestic extremism. We have almost nothing in place for this threat at the school and community level. The most sustainable fix, researchers say, is treating this like a public health problem – reduce what makes young people vulnerable before an attack happens, not just respond after. That means youth mental health investment, school-based threat assessment training, and making sure the counselors, coaches, and pediatricians who see these kids every day know what they're looking at.

That gap is where children are dying.

The mothers in that CNN story aren't asking for sympathy. They're asking for accountability – from platforms, from policymakers, and from a public that keeps acting surprised by attacks that researchers saw coming.

Kids are going to seek out secret worlds. That instinct is human – it's the same one that draws them to spy stories, adventure novels, and tales of people who matter and belong to something bigger than themselves. The question is who finds them first and what world they're handed when they arrive.

Resources:

Parents for Peace confidential helpline: 1-844-49-PEACE | parents4peace.org
ADL Center on Extremism: adl.org
K-12 School Shooting Database: k12ssdb.org
If you or someone you know is in crisis: call or text 988

The Trump-Xi Summit: A Chance to Change the Global Narrative

Let’s hope the May summit between Presidents Donald Trump and Xi Jinping is uplifting, giving the world hope that these great powers can cooperate for the common good. The global community is distraught and fatigued with the wars in Ukraine, Gaza and Iran and the sense that war has now become accepted behavior.

The summit of the U.S. and China is an opportunity to change the narrative and instill hope that these two great powers can work through the many issues that divide us and focus on the issues that can lead to the betterment of mankind.

The summit will be an opportunity to discuss a myriad of economic and trade issues that continue to be an irritant in the bilateral relationship: The U.S. trade imbalance with China; industrial subsidies China provides to state-owned enterprises and cheap financing from state banks; U.S. restricted exports to China of advanced semiconductors and chipmaking equipment and AI-related technologies; Intellectual Property theft by China and industrial espionage; U.S. tariffs and de-risking efforts with rare earths, batteries and pharmaceuticals; U.S. investment restrictions and China’s efforts to keep the yuan undervalued to boost exports; and U.S. human rights-related trade restrictions and sanctions on Chinese companies.

China has strong views on each of these issues, accusing the U.S. of economic containment. As major economic competitors, these and other related issues can and should be addressed routinely, in diplomatic and trade negotiations. Indeed, these economic and trade issues can and should be mentioned and discussed at the summit but left to the diplomats and trade negotiators to resolve during routine annual meetings in Beijing and Washington.

What the world needs to hear is how the U.S. and China can cooperate to end wars and make the world more inhabitable.

Indeed, conflict resolutions should be high on the list of issues to discuss. Ensuring that we do not have a repeat of the Belgrade Embassy bombing of 1999 (when the U.S. accidentally bombed the Chinese Embassy in Belgrade) and former President Jiang Zemin refusing to take with President Bill Clinton’s calls to apologize; or the EP-3 incident of 2001 ( a U.S. reconnaissance aircraft collided with a Chinese jet in international airspace, killing the Chinese pilot) when President Jiang Zemin would not take the calls from former President George W. Bush who wanted to apologize for the incident and request the release of the U.S. crew being held in Hainan Island.

We cannot have a repeat of these two tragic events. It is important that our leaders communicate in a timely and secure manner, to ensure that incidents of this type do not escalate. The hotline between our military leaders is equally important, to avoid inadvertent escalation and potential conflict.

Taiwan and the South China Sea are issues requiring immediate presidential attention. These are issues that can escalate quickly and potentially lead to conflict and war. The U.S. Taiwan Relations Act of 1999 clearly states that the issue of Taiwan should be resolved peacefully between the People’s Republic of China and Taiwan, while the U.S. provides Taiwan with arms of a defensive character. Mr. Xi has said he wants a peaceful resolution of issues with Taiwan, but China, he said, is prepared to use military force if necessary. The recent meeting of Taiwan’s opposition leader, Cheng Li-wun, Chairman of Taiwan’s Kuomintang (KMT) with Mr. Xi on April 10 was the first meeting in a decade with Mr. Xi, who has increased military pressure around Taiwan and sees reunification with Taiwan as an important part of his legacy.

The South China Sea is a potential flash point between China and the U.S. Island-building activity by China has been found illegal under the United Nations Convention on the Law of the Sea (UNCLOS). Between 2013 and 2015, China engaged in extensive land reclamation in the Spratly Islands, building artificial islands in areas claimed by the Philippines and Vietnam. An arbitral tribunal ruled in 2016 that China was in violation of UNCLOS. But China persists, insisting – based on dated maps going back to the Qing Dynasty – that China has sovereignty of the South China Sea Islands. The U.S. position is that China’s claim to sovereignty of the South China Seas islands is unlawful and freedom of the seas is consistent with international law.

Discussing Taiwan and the South China Seas is necessary, to avoid conflict that could develop into a war. But these are long-established points of conflict that require close and continued diplomatic and military dialogue with Beijing. A two-day leadership session in Beijing likely will not resolve either of these contentious issues. But continued dialogue is necessary.

What the people would like to see from this summit is how the U.S. and China are prepared to cooperate to resolve conflicts and wars and how the U.S. and China plan to cooperate on global issues requiring immediate attention: Global pandemics, global warming, nuclear proliferation, biosecurity, counterterrorism, counternarcotics, counter international organized crime, and other issues requiring attention.

The May summit between the leaders of the U.S. and China is an opportunity to show the world that two great powers can coexist peacefully and cooperate to make the world a better place for mankind.

The author is a former associate director of national intelligence. All statements of fact, opinion or analysis are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication of information or endorsement of the author’s views.

This article was originally published in The Washington Times and is republished here with permission from the author.

What Iran Is Learning from Russia’s War and Why the U.S. Should Be Concerned

KREMLIN FILES/COLUMN: The war in Ukraine is often framed by optimistic academics, and some policymakers as a cautionary tale—an example of how military aggression can backfire, weaken a state, and isolate it from the world. But that assumption may be dangerously incomplete. For regimes like Iran, the more relevant lesson may not be Russia’s failures, but its endurance.

Four years into the conflict, Moscow has not collapsed. Instead, it has adapted militarily remarkably well, particularly in the past two years. Russia has resisted sanctions to make its economy even more domestically oriented and more reliant on China. It has also dramatically strengthened the security and intelligence structures that sustain authoritarian rule. If Iran’s leadership is studying this war—and there is strong evidence that it is—it may come away with lessons that make it more resilient, more technologically capable, and more repressive. That possibility should concern the United States.

The first lesson Iran’s regime might learn is that war fosters innovation, especially when countries must operate under constraints. Even before Russia’s full-scale invasion of Ukraine, Moscow and Tehran were already working together militarily. While not a strategic alliance like NATO, or anything close to approaching the strength of our “Five Eyes” partnerships, Iran supplied Russia early in the war with Shahed drones, which quickly became a key part of Russia’s strike campaign against Ukrainian infrastructure.

But the relationship didn’t stop at the simple transfer and sale of weapons. Throughout the war, both countries have adapted and improved. Russia has modified Iranian drone designs, increased their range and guidance systems, and expanded domestic production for new generations of its GERLAN drone series (based initially on the Shahed, but evolved significantly since). They have also established a new “Unmanned Systems Troops” branch for their military. Some might argue they are ahead of NATO in this innovation (though still behind Ukraine, thankfully).

Meanwhile, Iran has gained battlefield feedback, collecting real-world data on how its systems perform against modern air defenses when the Russians deployed them. That seems to be paying off in some respects now with Iran’s own conflict. Their drones have indeed penetrated U.S. and allied defenses in the region. U.S. airpower remains a dominant force on any battlefield of any potential conflict still, but for how much longer?

The wartime innovation is not limited to drones. Russia has improvised with electronic warfare, missile production, and decentralized command structures under pressure—the latter being particularly difficult for its Soviet-style military to adapt from, but reports are that they have done so. Iran, which already prioritizes asymmetric warfare, is likely absorbing these lessons. The development of new generations of loitering munitions—like Iran’s IRSA-7—illustrates how quickly relatively simple technologies can evolve into more effective and harder-to-counter systems.

For Iran, the takeaway is clear: even under sanctions and technological isolation, war can accelerate military advancement rather than stall it. That has direct implications for U.S. forces now at war in Iran, and partners in the Middle East, who could face more sophisticated and battle-tested Iranian systems if the war continues.

A second lesson Iran might learn is that prolonged conflict doesn't necessarily topple a regime—it can instead make it more resilient. Western policymakers often believe that ongoing economic pressure and battlefield losses will eventually lead to political change. Russia’s experience complicates that argument and shows how an autocratic system can be built to endure a long conflict.

Despite broad sanctions, export controls, and diplomatic isolation, the Russian government has kept functioning. It has shifted its economy toward non-European partners, especially China, maintained energy revenues, and passed the hardships onto its people. Russia’s domestic production of many agricultural and other goods has actually increased during the war. How does this compare with the U.S. and the West? Not very well, of course. If international shipping stopped bringing goods to the U.S. market, our economy would collapse.

Iran is arguably even better positioned to absorb this lesson. It has decades of experience operating under sanctions, developing informal trade networks, and insulating its core institutions from economic shock. What Russia has demonstrated is that a large, resource-rich, authoritarian state can endure far longer than many expected, even under intense pressure. For Tehran, this reinforces the idea that time may be on its side—that it can outlast external pressure campaigns without fundamentally changing its behavior. That belief, in turn, could make Iran more willing to engage in risky or confrontational actions, calculating that the long-term costs are manageable.

The final—and perhaps most troubling—lesson is the strengthening of the security state. Over the course of the war, Russia’s internal security services, particularly the FSB, have not weakened; they have grown more powerful. As I have argued previously in this column, the FSB now has a strong claim to being the most powerful and all-encompassing security service in the history of Russia, pre- and post-USSR. Compared against the Okhrana, the KGB, Cheka, and even Ivan the Terrible’s oprichniki, that is saying something.

But as the conflict dragged on, the Russian government systematically dismantled what remained of independent media, criminalized dissent, and expanded surveillance and repression. In many ways, the war accelerated a process that was already underway: the consolidation of a security-service-driven state.

History offers a grim parallel. By the end of World War II, organizations like the Gestapo and the SS had become central pillars of the Nazi regime, enforcing loyalty and eliminating opposition. Hitler used the failed Valkyrie plot (Colonel von Staufenberg and other senior Wehrmacht officers who planted a bomb at the Wolf’s Lair) to ruthlessly eliminate all dissent in the final year of the war. Could Iran’s regime similarly build on its already brutal suppression of dissent just before this conflict and then crack down even harder?

While the contexts are different, the underlying dynamic is similar: prolonged conflict can empower internal security institutions, making them the backbone of regime survival. In Russia today, the erosion of freedoms has been accompanied by the rise of a system in which dissent is nearly impossible. Many of the country’s brightest young minds left early in the war, and those who remain often operate under intense fear and constraint. Intellectual life is stifled, and opposition is either exiled, imprisoned, or silenced. Even when in prison, though, as in the case of Aleksey Navalny, that is not enough—the regime imposes the “highest measure” and continues to murder the opposition.

For Iran, this is a powerful example, one they have practiced well over the decades. The regime already relies heavily on its own security apparatus, including the Islamic Revolutionary Guard Corps and its many intelligence and security services/police. The Russian experience suggests that war—or even the sustained perception of external threat—can justify further expanding these institutions’ power. It creates a political environment in which repression is not only tolerated but framed as necessary for national survival. The result is a system with little to no space for dissent, where the regime becomes more stable precisely because it is more coercive.

Taken together, these lessons point to a sobering conclusion. Iran’s regime and its new leadership may see Russia’s war not as a warning but as a model: a demonstration that a determined authoritarian regime can innovate under pressure, endure economic punishment, and consolidate power internally even while engaged in a costly conflict. For Russia, they have been telling their people and their claimed allies, like Iran, that they are “fighting all of Europe.” And for Russia, they believe they are prevailing. For Iran, the lesson may be—we can win too.

For the United States, these challenge several core assumptions about deterrence and pressure. If regimes believe they can survive—and even strengthen themselves—through confrontation, then the tools Washington relies on may be less effective than hoped.

The war in Ukraine is not just a regional conflict; it is a global case study in how modern authoritarian states adapt to crises. The danger is not that Iran misreads Russia’s experience, but that it reads it correctly and that we in the West, possibly, have not. And if it does, the next phase of confrontation between Iran and the United States may unfold under conditions far less favorable to deterrence than policymakers expect.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Copy of Trump’s Cyber Strategy Is a Strong Playbook, but It’s All in the Execution

OPINION — The White House is making a significant effort toward putting the nation’s cyber house in order. A newly released National Cyber Strategy represents a big step in the right direction for U.S. national security policy — advocating for the aggressive defense of our national infrastructure.

While the strategy includes important goals for the administration — streamlining regulation, developing the cyber workforce, defending federal networks, and partnering with the private sector — how the administration proceeds will determine whether it achieves the goals the strategy outlines. Across the strategy’s six pillars, the administration needs to clarify its arguments, refine its implementation plans, and improve its articulation of the challenge we face.

Defending U.S. national interests in cyberspace requires understanding the threat to our national security. Despite the prioritizing efforts to shape adversary behavior in the first of the strategy’s six pillars, it falls short of identifying America’s most aggressive adversaries — Russia and China. Both countries have repeatedly targeted American critical infrastructure without a meaningful response from the United States. It fails to mention China’s operational preparation of the battlefield on U.S. soil through its Volt Typhoon campaign against national critical infrastructure or Russia’s targeting of networking devices. Shaping adversary behavior in cyberspace requires identifying who the adversary is.

Pillar One provides a strong, effective argument for developing the offensive cyber capabilities and operations which are critical to enable success in today’s warfare. This White House showed its willingness to use these cyber capabilities in both Venezuela and Iran. There is an ongoing debate as to whether private companies should be allowed more agency to “hack back” against attackers, and the administration is reportedly considering an expanded role for the private sector. While the government should work with the private sector to develop these offensive capabilities, this should be limited to tool building and network defense rather than the actual conduct of offensive operations. If private companies conduct offensive cyber operations, the government risks losing control over escalation in conflict.

Pillar Two prioritizes streamlined regulations. Data and cybersecurity regulations help ensure companies have safe and secure practices. The proliferation of cyberattacks, however, has caused an explosion of cyber-related regulations. The federal government should work with the private sector to ensure that these regulations are comprehensive without being an unnecessary burden on the private sector.

Pillar Three focuses on the important goal of securing federal networks and modernizing procurement. The strategy wisely mentions post-quantum cryptography, zero-trust architecture, and cloud transition. To account for this emerging technology, the government must refine procurement processes to enable continuous improvement of federal networks.

Pillar Four calls for building strong private-public collaboration to defend critical infrastructure. This is a noble goal, but most of former Secretary of Homeland Security Kristi Noem’s work over the past year contradicted this goal. She eviscerated the cyber defense agency’s workforce — reducing it by nearly 40 percent — and disrupted cybersecurity grant programs, weakening the agency’s efforts to support state and local governments and public utilities. She cancelled the Critical Infrastructure Partnership Advisory Council, effectively gutting the federal government’s authority to engage private companies collectively to advance cyber defense.

The Trump administration can reverse this disastrous trend and get the United States on the right track to cyber defense of critical infrastructure. Noem’s replacement should start by rejuvenating and resourcing the Cybersecurity and Infrastructure Security Agency (CISA).

Pillar Five prioritizes American superiority in critical and emerging technologies — a necessary priority for ensuring U.S. success in cyberspace. Executing this strategy requires investment in the research centers that are the driving force for consistent improvement and development of critical and emerging technologies.

A key element of the new cyber strategy is in Pillar Six — its continued commitment to building America’s capability to develop talent in cyberspace. Without a strong cyber workforce in the government, the military, and the private sector, the nation is at risk of falling behind. The administration can validate this pillar with continued support to programs like the CyberCorps: Scholarship for Service which provides scholarships for cyber-related degrees in exchange for government service after graduation.

Because of the administration’s workforce cuts and hiring freezes, the program has faced challenges in the past year with maintaining funding and placing participants. The administration should support and expand funding for the program and prioritize hiring for participants. President Donald Trump should also establish a new military service for cyber, a U.S. Cyber Force, which would create a better mechanism for generating a military cyber workforce sufficient in size and skill to fulfill America’s strategic goals.

Trump would be wise to put the plan into action through additional executive orders (EOs) to implement the stated goals — presidentially signed orders task the federal agencies with discrete deliverables while White House strategic documents lack enforcing power. These EOs should prioritize support for CISA, cyber workforce development, and an organizational construct for taking aggressive action against U.S. adversaries. Taking the “ends” of the strategy and equipping them with “ways” and “means” via EOs will enable continued American superiority in cyberspace.

The six “Pillars of Action” in the new strategy have the potential to guide the United States toward success in cyberspace. That success will depend on whether the administration takes the necessary action to back up the sound rhetoric.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Avoiding Another 9/11: 3 Key Reasons to Reauthorize Section 702

Editor's Note: Section 702 of the Foreign Intelligence Surveillance Act was originally enacted as a post 9/11surveillance program that allows the government to collect electronic communications of foreign nationals located outside the United States without needing a warrant for each target. Supporters have called it 'indispensable' and critics worry about its potential use to surveil Americans. Section 702 is up for Congressional reauthorization this month.

The Cipher Brief asked General Paul Nakasone (Ret.), former director of the National Security Agency and former Commander of U.S. Cyber Command for his take on reauthorization and why it matters to future U.S. national security.

EXPERT PERSPECTIVE – I strongly support the clean reauthorization of Section 702 of the Foreign Intelligence Surveillance Act. Allowing this critical authority to lapse would put our nation at unnecessary risk.

This view is informed not only by my experience leading U.S. Cyber Command and the National Security Agency, but also by the lessons of September 11th—a day I remember vividly from the Pentagon. Our intelligence community was surprised on 9-11, and the consequences were devastating. We cannot afford to repeat that failure.

Section 702 should be cleanly reauthorized for three key reasons:

First, it is a carefully designed authority that balances national security with civil liberties. It is limited to surveillance of foreigners abroad, and it operates under oversight from all three branches of government, with established mechanisms to identify and address misuse. There is no other statutory authority that gives our nation the equivalent information vital to our national security.

Second, it enables targeted—not bulk—collection. Contrary to common misconceptions, Section 702 is not a mass surveillance tool. It is a precise capability that helps us discover, and if necessary, prevent threats like Iranian sponsored attacks in the homeland, Chinese cyber thefts, and Russian espionage.

Finally, we face an increasingly complex and dangerous global environment. Letting this authority lapse risks creating intelligence gaps at the worst possible time. Maintaining an effective and bounded tool like Section 702 helps prevent overreactions in a crisis—when emergency measures might be broader and less protective of civil liberties.

For nearly six years, I relied daily on Section 702 to identify terrorist threats, protect our servicemen abroad, foil cyber intrusions, and prevent attacks against our homeland. It was, and remains, indispensable to our safety and security, while also upholding our values. A clean reauthorization of Section 702 is essential to both ensuring our national security and the protection of our civil liberties.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

The Navy is changing the way it does business and its still pretty pricey

OPINION -- "After a rigorous, data-driven analysis, we've made the tough but necessary decision to inactivate the USS Boise. This strategic move allows us to reallocate America’s highly-skilled workforce to our highest priorities: delivering new Virginia [attack] and Columbia [strategic ballistic missile] - class submarines and improving the readiness of the current fleet. We owe it to our Sailors and the nation to make these tough calls to build a more capable and ready Navy.”

That was a statement by Chief of Naval Operations Adm. Daryl Caudle as part of a U.S. Navy press release distributed last Friday that announced the decision to inactivate the Los Angeles-class attack submarine USS Boise (SSN 764).

Friday’s press release also said, “The move is part of the Navy’s broader, data-driven initiative to optimize the fleet's composition, ensuring that every dollar is invested in capabilities that directly contribute to maintaining a decisive war-fighting advantage…The Navy is changing the way it does business, and part of that shift is ensuring all authorized funding directly contributes to readiness and our ability to defeat future threats.”

I quote that Navy press release because the USS Boise represents what must be considered an extreme case of military service over-spending.

According to Defense News, “The Navy had originally planned for Boise to begin its overhaul in 2013, but the timetable was repeatedly delayed, primarily due to a lack of shipyard availability.” As a result, the submarine has not been to sea since its last cruise in January 2015 and formally lost its dive certification nine years ago.

Meanwhile, contracts were awarded for its overhaul beginning with one for $59.8 million on October 16, 2017 to Huntington Ingalls Inc. - Newport News Shipbuilding, for planning and execution of Engineered Overhaul of the Boise. Work was expected to start in January 2019 and be completed by February 2021.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

In February 2020, Huntington-Ingalls was awarded a $15 million modification to the previously-awarded contract and in September 2020 Huntington-Ingalls was awarded another modification, this time a $351.8 million cost-plus-fixed-fee contract, for continued advanced planning and modernization to prepare the USS Boise for its overhaul, which was to begin in dry dock.

Finally, despite the earlier delays, in February 2024, Huntington Ingalls Inc. was awarded a $1.17 billion cost-plus-incentive-fee modification to the previously awarded contract for completion of USS Boise (SSN 764) engineered overhaul. However, only $36 million was to be made available at the time of award. This time, the overhaul was to be completed by September 2029.

Last Friday, Navy Secretary John Phelan told Fox News that the Boise overhaul had already cost $800 million and would require another $1.9 billion to finish repairs. "At some point, you just cut your losses and move on," Phelan said.

I wondered whether the Boise case is that unique, particularly because the Navy’s new fiscal 2027 budget request sent to Congress last week contains a record $65.8 billion in shipbuilding funding for 18 battle force ships and 16 non-battle force ships.

Looking at Pentagon contracts last Thursday, I came across a Navy award of a $33.5 million firm-fixed-price contract to BAE Systems, Maritime Solutions San Diego, “for maintenance, modernization and repair of USS Augusta (LCS 34) Fiscal 2026 Docking Selected Restricted Availability.” The work will be performed in San Diego and is expected to be completed by August 2027, according to the Navy.

A Docking Selected Restricted Availability is essentially a major scheduled shipyard overhaul. The ship is placed in dry dock so crews can inspect and repair parts of the hull and propulsion systems that are normally below the waterline, while also updating onboard equipment and carrying out checks that cannot be done at sea.

The USS Augusta is the 17th Independence-class U.S. Navy Littoral Combat Ship (LCS), a controversial group of vessels that has suffered numerous issues from hull fatigue cracks limiting their design top speed and other issues that have made them unable to carry out the roles they were built to fill.

The Augusta was delivered to the Navy in May 2023 and commissioned in September 2023. Based on user reports and social media messages, the Augusta has had mechanical and sanitary challenges since arriving at Naval Base San Diego in late 2023. The reported issues have included engine startup failures that delayed pier movements and severe plumbing issues.

In November 2025, little more than two years after the Augusta was commissioned, the Naval Sea Systems Command put out a solicitation requiring “a combination of maintenance, modernization, and repair, and…a highly capable contractor with substantial facilities, to include capable pier (for the applicable ship class) as well as human resources capable of completing, coordinating, and integrating multiple areas of ship maintenance, repair and modernization.”

So, after three years of minimal service at sea, the Augusta LCS, which cost over $500 million to build and will spend the next year being repaired and modernized for at least another $30 million-plus.

Having reviewed the story of the Augusta, I then looked into the history of the LCS program

and found another cautionary Navy shipbuilding tale worth telling given that in fiscal 2027 the Pentagon is about to embark on establishing what the Office of Management and Budget calls in budget documents “President Trump’s Golden Fleet, including initial funding for the Trump-class battleship and next generation frigates, as well as increasing the capacity of public shipyards and improving overall ship production.”

Initiated in February 2002, the Navy held a major, multi-year competition for the LCS program that involved two distinct designs -- Lockheed Martin’s steel monohull (Freedom class) and Austal USA/General Dynamics’ (Independence class) with an aluminum trimaran hull, meaning a slender main hull flanked by two smaller outrigger hulls to provide superior stability, speed, and efficiency compared to monohulls.

In November 2010, the Navy asked that Congress approve ten each of the Independence and Freedom classes as part of a plan to build two LCS variants totaling 52 modular ships. The separate modules for the LCS included anti-submarine warfare, mine countermeasures, surface warfare and special warfare missions.

The two different designs meant the ships could not trade parts or sailors, making them more expensive to maintain and crew. Costs also grew because of development delays and testing failures thanks to a combination of new concepts and systems. Originally to be priced at $220 million per LCS unit, costs for the first ships rose to $700 million, later dropping to around $500 million.

In December 2015, Defense Secretary Ash Carter ordered the Navy to reduce the number of LCS to be built from 52 to 40, and ordered the service to down-select to one version by fiscal year 2019.

In 2021, the Navy decommissioned LCS-2, the USS Independence, after only 11 years in what was to be 25 years in service. It was part of a Navy plan to decommission the first four LCS vessels due to high operating costs and structural issues. Instead, by 2023, six additional LCS ships were decommissioned.

Three other LCS were scheduled to be taken out of service but have since been kept as test beds for Navy robotic autonomous systems and other purposes.

There is a reported $1 billion in the Navy’s fiscal 2027 budget request for President Trump’s proposed 35,000-ton guided missile battleship that would house rail-guns, hypersonic missiles, nuclear cruise missiles, lasers, and a large Vertical Launch System battery.

Trump said last December “we’re starting with the first two immediately,” but based on the Navy’s record of developing and building warships, I don’t expect this questionable vessel to appear any time soon.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

The Case for Reauthorizing Section 702

Editor's Note: Section 702 of the Foreign Intelligence Surveillance Act was originally enacted as a post 9/11surveillance program that allows the government to collect electronic communications of foreign nationals located outside the United States without needing a warrant for each target. Supporters have called it 'indispensable' and critics worry about its potential use to surveil Americans. Section 702 is up for Congressional reauthorization this month.

The Cipher Brief asked Rob Joyce, a 34-year NSA veteran, who most recently served as Director of Cybersecurity at the NSA for his take on reauthorization and why it matters to future U.S. national security. Joyce is also a principal member of The Cyber Initiatives Group.

EXPERT PERSPECTIVE -- Section 702 of the Foreign Intelligence Surveillance Act is one of the most vital tools we have for protecting the nation. It underpins our ability to disrupt cyberattacks against critical infrastructure, track terrorist plots before they reach our shores, counter hostile nation-state activity, and understand the intentions of adversaries ranging from Beijing to Tehran to Pyongyang.

Let's be clear about what 702 is and what it isn't. It is a targeted authority aimed at specific foreign persons located overseas who possess foreign intelligence value. It is not bulk collection, not a dragnet, and not a tool pointed at Americans. The intelligence it generates shows up in the President's Daily Brief, in warnings to network defenders, and in the disruption of threats the public never hears about precisely because 702 worked.

The current headwinds around reauthorization are largely driven by concerns about the government's purchase of commercially available data. Those concerns are legitimate and deserve serious attention, but they are a separate issue from 702. Commercial data acquisition should be examined on its own merits, and Congress should write the law and policy that addresses it directly. Conflating the two risks letting a proven, lawful authority lapse over a distraction.

Section 702 is already subject to unprecedented oversight from all three branches of government: it operates under rules approved by the Foreign Intelligence Surveillance Court, which has steadily tightened query procedures and compliance requirements, and it is audited repeatedly by inspectors general, congressional intelligence committees, the Privacy and Civil Liberties Oversight Board, and the Department of Justice.

No comparable intelligence authority anywhere in the world carries this much scrutiny.

Let's get this done. The threats are not pausing while we debate, and an expired 702 means blind spots our adversaries will exploit immediately. Reauthorize it, address commercial data separately, and keep the tool that keeps Americans safe.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Is the U.S. lagging when it comes to drone warfare superiority?

When Iranian Shahed drones began tearing through the Gulf in the opening hours of Operation Epic Fury on February 28, killing American service members and overwhelming allied air defenses, Washington faced an uncomfortable revelation. The most powerful military in the world was flying into its first major drone war, having studied the problem primarily from afar, and had recently dismissed an offer from the one country that had been living in it for four years.

Nearly seven months before the bombing of Iran began, Ukrainian officials had offered the United States their battle-tested technology for downing Iranian-made attack drones. The Trump administration passed. American officials now describe that decision as one of the costliest tactical mistakes of the war. They prepared a detailed presentation displaying a map of the Middle East with a stark warning: Iran is improving its Shahed one-way-attack drone design.

The Trump administration dismissed the offer, then reversed course after Iranian drones began killing Americans.

The cost was measured almost immediately in blood and treasure. In the first two days of the war alone, the U.S. burned through a reported $5.6 billion in munitions. The Pentagon fired more than 850 Tomahawk missiles in five weeks of Operation Epic Fury alone — roughly a quarter of the total United States inventory, according to analysts at the Center for Strategic and International Studies, at a cost of approximately $3 billion, given a unit price of up to $3.6 million per missile.

Washington initially ordered 350 Tomahawks for 2026, which it has since increased to more than 1,000 annually under new framework agreements with Raytheon. However, timelines for achieving that rate remain unclear, and the U.S. has already expended more than 850 Tomahawks in the first five weeks of the campaign alone.

The economics were brutal from the start: shooting down $20,000 drones with multimillion-dollar interceptors is unsustainable against a comparatively modest adversary like Iran and becomes completely unthinkable in a scenario involving China or Russia.

The new drone powers — and America’s place among them

Low-cost, mass-produced drone warfare is reshaping every modern battlefield — and America is not leading it. Iran, Russia, and Ukraine have each shown they can turn out drones by the tens of thousands annually, in some cases pushing toward millions. The United States has not come close.

Iran’s Shahed-136 loitering munition, costing between $20,000 and $50,000 per unit, has become one of the defining weapons of the 21st-century battlefield. Iran supplied the design to Russia, which built its own production ecosystem. Russia’s domestically produced variant has since taken on a life of its own — navigation systems upgraded, warhead capacity expanded, and by early 2026, Starlink connectivity folded in. Moscow has set a production target of up to 1,000 Geran-2 drones per day.

Ukraine, forced into innovation by necessity, became the world’s most experienced practitioner of both drone attack and drone defense. More than 160 drone manufacturers operating in Ukraine have pledged to deliver 8 million first-person-view drones in 2026 alone. Over 80 percent of Russian battlefield casualties are now inflicted by Ukrainian drones, while a drone-dominated kill zone stretching roughly ten miles either side of the front lines makes any major offensive operation extraordinarily hazardous.

America went into the Iran war with its own version of the Shahed — a drone called LUCAS, built by Arizona startup SpektreWorks from a reverse-engineered Iranian airframe, priced at $35,000 a unit. It saw its first confirmed combat use on February 28. Full-rate production, however, had not yet begun.

The strategic irony was not lost on analysts: America struck Iran using a weapon derived almost entirely from Iran’s own signature strike platform.

Kate Bondar, a fellow at the Center for Strategic and International Studies, tells The Cipher Brief the gap, however, runs deeper than raw production numbers.

“The gap is very real, especially in the category that matters most in modern attritional warfare: cheap, expendable, and rapidly replaceable systems,” she said, noting that to truly integrate first-person-view drones into operations, “volumes need to reach into the millions.”

Current U.S. plans for roughly 300,000 small drones by 2027 are a step forward, Bondar observed, but “still fall short of what this kind of warfare demands.”

The Ukrainian classroom

While Washington spent years deliberating over acquisition timelines, Kyiv was building the most combat-tested drone force on earth. Ukraine’s intercept rate against Shahed-class drones now approaches 90 percent — and Kyiv is aiming for 95.

Russia has launched nearly 57,000 Shahed-type drones at Ukrainian cities across four years of war. The low-cost defensive solutions Ukraine developed, however, were never replicated across Gulf nations or by the American military in the region. When Iran’s drones began arriving in mass, the United States was left improvising.

One Ukrainian drone specialist, speaking to The Cipher Brief at the Ground War symposium in Washington, explained that only three countries on the planet can fight with drones efficiently — Iran, Russia, and Ukraine.

“Americans have helped to produce these interceptors, but they don’t have the experience of applying them,” the military specialist, identified only as Yuri, noted. “Only those engaged directly in warfare, like Ukraine, have the understanding and intuition of how to apply new technology. And it’s changing every single day.”

Yuri, who came to the Ukrainian military with a background in IT and cybersecurity, described a feedback loop that American procurement culture has never had to replicate.

“The best way is close communication between manufacturers and the military,” he continued. “After using different types of drones or technologies, they need to provide fast feedback to manufacturers. These cycles of upgrades need to take a very short time. That’s why our drones are always up to date.”

Ukraine has now deployed 228 counter-drone specialists across five regional partners — Jordan, Qatar, the United Arab Emirates, Saudi Arabia, and Kuwait. Ukrainian specialists have also been dispatched to protect American military bases in Jordan, with Zelensky confirming that more than ten countries had requested Kyiv’s assistance. Trump initially rebuffed the offer.

“We don’t need their help in drone defense,” he told Fox News. “We know more about drones than anybody. We have the best drones in the world, actually.”

Days later, Washington reversed course.

Catching up — at war speed

To its credit, the Pentagon has moved with unusual urgency since the gap became undeniable. Travis Metz, the Pentagon’s drone dominance program manager, told senators that the Defense Department has committed $1.1 billion to buy drone systems over the next 18 months, including 30,000 small, one-way attack drones to be delivered to military units over the next five months. The broader Drone Dominance Program aims to acquire more than 300,000 low-cost drones by 2027, with the FY2026 defense budget allocating $13.4 billion for autonomous military systems.

Bondar, however, warns that ambition and production are different things.

“Success in this space depends on constant iteration,” she pointed out. “Russia has introduced dozens of modifications to Shahed systems and their employment over time. The United States moved too slowly for too long, and is still not operating at the scale or speed required.”

Lt. Col. Jahara Matisek, a non-resident research fellow at the U.S. Naval War College, tells The Cipher Brief the deeper problem is organizational.

“Russia and Iran treat drones as a consumable and design their whole kill chain around adaptation and attrition,” he said. “The U.S. spent too long with a boutique mindset: exquisite platforms, slow procurement, and drones as ISR accessories.”

In Ukraine, drone warfare doctrine doesn’t update on a doctrinal cycle; it updates on a survival cycle.

“Every three to four months, a new jamming technique or counter-drone tactic forces units to rewrite how they fight,” Matisek explained. “Squad leaders brief new engagement protocols after a single bad day.” In the U.S., doctrinal updates take years.

The China dimension makes all of this even more urgent. Matisek points out that a war in the Indo-Pacific would be a drone-and-missile volume fight at a scale that dwarfs anything seen in the Gulf, with China holding dominant positions across the upstream supply chain — batteries, optical systems and rare earth minerals.

Ukraine has worked hard to wean itself off Chinese drone components — the share dropped from roughly 97 percent at the start of the war to an estimated 38 percent by 2025, per the Ukrainian Council of Defense Industry and the Snake Island Institute. But Chinese supply chains still run through both sides of this conflict.

The United States faces the same dependency at precisely the moment it is trying to scale up: China controls an estimated 90 percent of the global commercial drone market and dominates production of the batteries, motors, cameras, and flight controllers that underpin virtually every small drone system in use today.

“What I think is most worrying,” Matisek continues, “is that the U.S. military in four weeks of the Iran war has basically spent four to five days’ worth of precision-guided munitions that it would need in a war with China. If a war with China broke out next month, the U.S. would only have enough PGMs for three days of fighting, at most.”

The model for getting this right already exists in American history. During World War II, eleven factories built the M4 Sherman tank using standardized engineering documentation, producing nearly 50,000 units between 1942 and 1946. The question now is whether, a generation into the drone age, the United States can do it fast enough.

“What matters now,” Bondar adds, “is whether these initiatives produce not just inventory, but a repeatable ecosystem: rapid procurement, operator training, software iteration, battle damage feedback, and industrial learning loops.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Strategic Realignment: Iran, China, and the Great Power Contest

OPINION — The conflict in Iran is not solely the result of 47 years of unresolved tension. That framing misses a more consequential story: what is unfolding is a significant disruption to China's grand strategy, with consequences reverberating far beyond Tehran.

The Islamic Republic’s hostility toward the United States was foundational, defined by explicit opposition to American influence since 1979. While successive American administrations managed this threat through containment, the strategic calculus has shifted due to changes in the threat itself. While Iran’s nuclear ambitions have received the most attention, the deepening military and economic relationship between Tehran and Beijing was quietly transforming Iran’s conventional capabilities and changing the strategic math for every actor in the region.

The China-Iran Military Nexus

China’s 25 year Comprehensive Strategic Partnership with Iran, signed in 2021, outlined up to $400 billion in Chinese investment in exchange for discounted oil and expanded military cooperation. Intelligence assessments grew focused on the potential transfer of two specific categories of advanced Chinese weapons systems:

- Hypersonic Anti-Ship Missiles: China has deployed some of the most capable anti-ship weapons in the world. A transfer of this capability to Iran could fundamentally alter the threat environment in the Persian Gulf and the Strait of Hormuz, threatening U.S. carrier strike groups and commercial shipping.

- Advanced Air Defense: Iran sought Chinese surface to air missile systems more capable than its existing Russian S-300 variants. These systems would have significantly complicated any future military operation against Iranian nuclear or military infrastructure.

Taken together, a nuclear threshold Iran equipped with Chinese hypersonic missiles and advanced air defenses represented a qualitatively different threat than the one managed for the past four decades.

Disruption of the Belt and Road

Beyond arms transfers, Iran occupies a central role in China’s broader geopolitical architecture. The Belt and Road Initiative and the International North-South Transport Corridor (INSTC) both run through Iranian territory. These commercial projects seek to connect Chinese manufacturing to European markets and Gulf energy without transiting Western controlled maritime chokepoints.

China has a specific vulnerability at the Strait of Malacca, where it is susceptible to a naval blockade; Beijing hoped to address this through Iranian geography. That project is now severely disrupted. Furthermore, the sinking of the IRIS Dena in the Indian Ocean sends a message that the U.S. Navy can project dominance across all oceans.

Beijing’s Strategic Calculation

China’s response to the strikes on Iran has followed a formula of measured condemnation and calls for restraint. Notably, Beijing has not acted; it evacuated its citizens with efficiency but offered no meaningful military or material support to Tehran. This appears to be a deliberate calculation. Beijing prizes its commercial relationship with Washington and its perception as a responsible great power, recognizing that active intervention would trigger consequences it is not prepared to absorb.

The exposure of this gap may benefit America for years. Nations across the Global South may conclude that China offers investment but not insurance in times of conflict. The Iranian conflict has thus disrupted Chinese interests across multiple dimensions: energy diversification, logistics architecture, INSTC investment, and its credibility as a security partner.

The Path Ahead

The road ahead remains complicated. If the clerics retain power, Iran may continue to deploy asymmetric retaliation across the region. While the U.S. and its allies are addressing these uncertainties through overwhelming targeting of command infrastructure and leadership, there is a risk that additional damage to Gulf civilian infrastructure could drive those nations to embrace closer ties to China.

To avoid this, the U.S. must achieve regime change in Tehran. Even if achieved, the military phase will give way to a longer contest to shape the post conflict order and determine if China’s Eurasian architecture is permanently disrupted. This competition will be decided in port cities, pipeline corridors, and trade agreements. America must offer a coherent and attractive alternative to Beijing’s model: investment, security partnerships with genuine mutual obligations, and frameworks that serve the interests of participating nations.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why Australia Needs a National Spy Museum

OPINION — Australia is entering one of the most complex and psychologically destabilizing security periods in its modern history. The ASIO Director‑General’s Annual Threat Assessment 2025 underscored a strategic environment defined by accelerating foreign interference, sharper geopolitical competition, and a domestic threat landscape that is more fragmented, more digitally enabled, and more unpredictable than at any point in the past decade.

2025’s assessment was notable for its future‑focused framing: a warning that Australia is not simply managing discrete threats, but navigating a structural shift in the security climate itself. ASIO’s futures work, which is normally classified, outlined a trajectory to 2030 marked by intensifying espionage activity, the mainstreaming of conspiracy‑driven extremism, and a rising cohort of younger Australians vulnerable to radicalisation.

Burgess said: Many of the foundations that have underpinned Australia’s security, prosperity and democracy are being tested: social cohesion is eroding, trust in institutions is declining, intolerance is growing, even truth itself is being undermined by conspiracy, mis- and disinformation. Similar trends are playing out across the Western world. (ASIO)

Against this backdrop, the Bondi attack (on 14 December 2025, during a Hanukkah event at Bondi Beach, where two gunmen opened fire on the crowd) and the consequential Royal Commission on Anti-Semitism and Social Cohesion, have become national inflection points. While the Commission will rightly focus on operational lessons, interagency coordination, and systemic gaps, its broader significance lies in how it has shaken public confidence. Australians are now grappling with the uncomfortable reality that threats can emerge rapidly, across domains, and exploit seams between federal, state, and community‑level preparedness.

Furthermore, recent events in Iran as well as the intensification of others conflicts abroad underscore the importance of strong foreign intelligence agencies to provide governments with accurate information to guide policy and reduce the risk of miscalculation or misunderstanding. Informed decision‑making becomes essential to managing both international and domestic consequences.

This is precisely why the establishment of the National Spy Museum Australia (NSMA) is not a cultural luxury - it is a strategic necessity.

For decades, Australia’s intelligence and national‑security community has operated behind a veil of necessary secrecy. Yet the 2025 threat assessment makes clear that the most significant vulnerabilities now sit at the intersection of public behavior, digital ecosystems, and foreign manipulation. Espionage and interference no longer target only government; they target communities, universities, businesses, and individuals.

A population that does not understand how intelligence works - or why it matters - is a population more easily exploited.

The NSMA addresses this gap directly. By telling Australia’s intelligence story with accuracy, dignity, and national purpose, it provides something the country urgently needs: a civic literacy uplift in how modern threats operate and how national security is actually maintained.

Museums are not typically thought of as instruments of national resilience. But globally, intelligence museums from Washington to Berlin have become powerful soft‑power platforms. They demystify the work of intelligence agencies, build public trust, and attract the next generation of intelligence professionals, including technologists, analysts and linguists.

For Australia, the timing is critical. The Bondi Royal Commission will inevitably expose gaps - some operational, some cultural, some structural. The NSMA offers a parallel national building project: one that strengthens public understanding, honors quiet service, and reinforces the legitimacy of the intelligence mission at a moment when trust is both fragile and essential.

Australia is facing significant changes in the security climate ,which Burgess described as a long‑term shift rather than a passing storm. In such an environment, national resilience is not built solely through classified capabilities. It is built through public comprehension, societal cohesion, and a shared understanding of the threats we face.

The National Spy Museum Australia is, at its core, a nation‑building institution. It anchors Australia’s intelligence story in the public domain at the exact moment the country needs clarity, confidence, and connection to the people who protect it.

In a decade defined by uncertainty, the NSMA offers something rare: a strategic investment in public understanding - one that strengthens Australia’s security from the inside out.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

America’s AI Strategy Is Fighting the Last War

OPINION — Washington’s strategy for artificial general intelligence (AGI), or the ability to replace human cognitive labor, assumes the United States is locked in a decisive race with Beijing—one requiring maximum acceleration and denial of Beijing’s access to semiconductor chips and technology. This approach, as captured in the White House’s AI Action Plan from last year, echoes the race in the 1940s to build the atomic bomb and during the Cold War to dominate space. It risks refighting the Cold War, which is ill-equipped for a technology-based struggle. This posture misdiagnoses the nature of the AI competition and risks degrading, rather than strengthening, America’s long-term strategic position. It also has a sizable blind spot: dealing with an inevitable dislocation in the global workforce.

Presidents Trump and Xi have an opportunity to reset the terms of this competition over AI when they meet next month.

The current U.S. AI strategy amounts to a wartime footing defined by denial and containment of competitor capabilities, hundreds of billions in capital expenditure in AI capabilities, and expansive export controls of diminishing effectiveness. But AI is not a binary capability—either you have it or you don’t. It is a continuous, evolutionary technology with no single threshold that confers decisive, let alone permanent advantage. Our national workforce policies have remained remarkably stable so far, though AI is but one of many emerging technologies that may upend the global economy for which the U.S. is well positioned.

The international AGI ecosystem is rapidly evolving with many competitors entering, replicating others’ advances, and exiting to pursue niche applications. It was once assumed the U.S. held a year-plus advantage over China in frontier AI models. That gap has dwindled to 2-3 months, despite stringent export controls. Even if these controls have slowed China’s training on new frontier models, they have not dampened China’s advantages in AI deployment and diffusion. China’s AI influence on the global stage has only grown, aided by increasingly capable models, dramatically cheaper end-user pricing, and leverage of the global open-source developer community.

The economic advantage from AI does not stem from being first to develop frontier models, but from being first to diffuse capabilities across industries and scale across the economy. China rarely competes on frontier quality (it prefers being “good enough”), but on quantity, price, time to market, and speed to dominate supply chains. In this race, China is likely outpacing us. ByteDance’s Doubao chatbot exceeded 100 million daily active users. Alibaba’s Qwen models have surpassed 700 million downloads globally, spawning 180,000+ derivative models. Chinese open-source models are fast becoming the de facto platform for sovereign AI efforts across the Global South and startup companies globally (even in the U.S.).

China leads in 66 of 74 critical technologies tracked by the Australian Strategic Policy Institute, accounts for 54% of global industrial robot installations (International Federation of Robotics, 2024), produces about half of the world’s AI researchers, and builds more new electricity capacity annually than the rest of the world combined. These are the foundations of AI deployment at scale; denying chips won’t offset these structural advantages.

Washington often perceives the Chinese AI effort as a state-directed monolith. The reality is a fiercely competitive and innovative commercial ecosystem with creative business models. ByteDance’s Doubao is a closed-source consumer product fighting for domestic market share. Zhipu AI generates over 60% of revenue from enterprise deployment services. MiniMax earns roughly 70% of revenue from international API sales. Alibaba open-sourced Qwen to drive cloud adoption; DeepSeek did so to attract research talent. Framing this diverse, commercially motivated ecosystem as a centrally planned strategic threat produces policy responses that are either too blunt—restricting all Chinese AI—or too narrow, focused on chip exports while ignoring the deployment gap (how models are trained and used in practice).

The U.S. is now chasing artificial “superintelligence” (ASI) in pursuit of permanent dominance, relying on chaotic and unsustainable private investment. Meanwhile, China is building the industrial AI infrastructure with a consistent regulatory approach that will shape how roughly 150 countries deploy this technology for decades.

The consequences of this mismatch are profound. U.S. technology firms have committed over $500 billion annually in AI capital expenditures for 2025–2027, while job openings in the U.S. have declined sharply. Data from the World Bank indicate 60% of the U.S. workforce is at risk of being displaced due to AI without a compensatory social safety net.

The impact in the defense sector is similar. Proponents of the current posture often argue that if China gets AGI first, they’ll weaponize it. But the US military does not need the latest or the best frontier model. It needs models that are fit to task—certified, tested, and integrated into operational systems.

The decisive military advantage may lie less in which country trains the most capable model than in who can field AI-enabled systems fastest across its force. By that metric, the current U.S. acquisition system is at a structural disadvantage. The U.S. military’s vendor and model certification process can take over a year. The Chinese government reviews AI models even before their public releases to streamline their deployment.

AI does pose genuine security risks. AI-enabled cyber weapons, the proliferation of autonomous weapons, and malicious use of AI by bad actors all pose significant hazards. But these threats are best addressed through narrowly scoped controls and shared intelligence with key allies (Australia, Japan, the European Union, and South Korea) to provide safety standards and semiconductor supply chain resilience. This strategy should address misuse of AI by malicious actors, potential instability from mass displacement of workers, undue market concentration. and inadvertent military escalation. Washington should take a posture of allied industrial policy for AI diffusion, targeted safety agreements with enforcement mechanisms, and serious domestic investment in workforce transition. The precedent to replicate is not the Manhattan Project that sought first deployment of nuclear weapons, but Cold War arms control agreements that stabilized relations with the Soviets and allowed the U.S. economy to boom.

Additionally, we must enable a soft landing for the looming workforce displaced by AI. We should be creating workforce legislation modeled on the post-WWII GI Bill and educational, housing, and living assistance programs to help the economy adapt. We should be building with likeminded global partners an architecture that nurtures international AI standards, polices compliance, and provides guardrails for open-source AI capabilities for civil applications.

If Washington continues fighting the last war as AI’s promise matures, it may win battles over benchmarks and chips ,but lose the campaign that actually matters—safely diffusing AI to remake the global economy for the next century. Rethinking the parameters of today’s competition is the first step to ensuring AI strengthens rather than erodes American security and prosperity.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

America’s Drone Strategy Has a Supply Chain Problem

OPINION — In this issue we will discuss implications of the Drone Dominance Program, how weakness in the U.S. industrial base has been laid bare, and how the war with Iran could benefit our adversaries. Private capital can play a critical role in national defense, but we need to focus financially and politically on our long-term objectives.

Welcome to The Iron Triangle, the Cipher Brief column serving Procurement Officers tasked with buying the future, Investors funding the next generation of defense technology, and the Policy Wonks analyzing its impact on the global order.

The United States Defense Technology Ecosystem is undergoing its most radical realignment since the Cold War. For decades, the Pentagon prioritized multi-year requirements and exquisite, multi-million dollar platforms, essentially betting our national security on a handful of exquisite systems. But as the Maneuver Center of Excellence recently signaled, blankets don't stop Shahed drones, and the era of the paper requirement is officially dead.

Driven first by the realization in Ukraine that drones are the new heartbeat of the battlefield, and now punctuated by the high-stakes validation of the war with Iran, the U.S. defense technology market is vibrating on a massive double-dose of strategic caffeine. We are pivoting toward a model defined by Transformation in Contact: a world where the winner of a contract doesn't just get a victory lap for the CFO—they may also get a flight to the front lines.

While leveraging market dynamics for national security is a textbook-perfect strategy, investors and policy wonks should view the context through something other than rose-tinted, bureaucratic goggles. The government’s intent is clear: use the world’s best-funded customer to subsidize a domestic manufacturing renaissance through brute-force demand. In a peacetime seminar, this is brilliant. Why not send Uncle Sam on a shopping spree to fix our brittle supply chains? But while the planners were busy sketching out this elegant industrial roadmap, they neglected a minor detail: a war that has thrown the entire plan into a violent overdrive. We are forced into a series of geopolitical trade-offs involving Russian oil and Chinese motors, the very actors we are trying to out-innovate, to keep our own production lines from flatlining.

Strategic Attrition: The Great Industrial Reset

The most significant shift isn't merely that the military has rebranded drones as ammunition (Class V); it’s the long-overdue admission that in a modern peer conflict, industrial throughput is the strategy. The Drone Dominance Program (DDP) represents a pivot from exquisite quality to unstoppable mass. In a world where our adversaries are already burning through thousands of airframes a month, Phase I’s commitment to 30,000 units isn't a victory lap—it’s a diagnostic test for an industrial base that has forgotten how to build at scale.

The plan to reach 150,000 units by Phase IV is a signal to our adversaries that the Arsenal of Democracy is trying to clear its throat. However, the schedule for DDP Phase IV which concludes on January 28, 2028, is a masterclass in bureaucratic optimism. Our government is so heroically self-unaware that they truly believe they can circle an exact Tuesday two years from now, despite the fact that they can’t successfully schedule a Zoom call this week.

Geopolitically, this timeline is a liability. While we plan for a transition in 2028, Iran and its proxies are operating on a 2026 timeline. The reality is that if the conflict continues at its current pace, the U.S. will need significantly more than 150,000 drones, and we will need them long before the bureaucrats reach their 2028 finish line.

Supply Chain Sovereignty: Patriotic Red Tape

Policy wonks: observe the weaponization of the supply chain. In a fit of aggressive sovereignty, the DDP mandates that every drone component be Blue UAS/NDAA compliant. By Phase II, August 2026, anything from a covered country is forbidden; a bold attempt to force-start a domestic industry that currently exists mostly in brochures. While the intent to secure the industrial base is laudable, the execution is, shall we say, operationally awkward.

The trouble is that you can’t manufacture a miracle in a two-week sprint. The supply chains simply do not exist. Further, in a classic display of first-mover advantage, many companies who were admitted to DDP Phase I spent their considerable venture capital dollars stockpiling components in anticipation of the win. The result is that the actual winners of the Gauntlet are now wandering the OEM market, hats in hand, trying to buy components from the very companies they just beat; they are the only ones holding the inventory. The companies who did not win DDP Phase I have effectively become the defense community’s version of scalpers.

Naturally, the firms left holding the bags (and the boxes of flight controllers) are thrilled to sell their stockpiles–at a markup. Keep in mind, the Pentagon has mandated strike prices below $2,300 per unit for DDP Phase II. Simultaneously, they are demanding an ambitious list of features, such as Automatic Target Recognition (ATR), fiber-optic tethering for EW resilience, and kinetic warheads, that reads like an F-35 spec sheet on a Cessna budget. The math places the winners of DDP Phase I in a difficult position.

Even if you solve the hoarding problem, you hit the incentive wall. There is no market motivation for a manufacturer to prioritize drone motors when the margins are abysmal compared to high-performance electric vehicle (EV) drivetrains or offshore wind turbines. Neodymium, the critical component of brushless motors, doesn't care about your National Defense Strategy; it follows the highest ROI. For a drone startup to bridge this gap, they would need to vertically integrate, a pivot that requires tens of millions in CAPEX, specialized technical expertise that doesn't exist in a start-up, and a domestic mining industry that is currently more aspirational than actual. Until our domestic industrial base stops groaning and starts growing, our drone dominance will remain throttled by a bottleneck of patriotic red tape.

The Ukraine Paradox: A Masterclass in Circular Logic

To understand why the DDP is so vital, one must look at the staggering scale of the Ukrainian front. Fueled by Russian aggression and a desperate need for mass, Ukraine manufactured roughly 4,000,000 drones in 2025 and is pacing toward 7,000,000 this year. To achieve this, they didn't achieve a domestic rare earth miracle; they embraced a brutal strategic compromise: they bought Chinese drone components.

The resulting geopolitical through-line is a dizzying exercise in circular logic. China props up the Russian war machine with one hand while selling the critical drone motors to Ukraine with the other, motors that Kyiv then uses to strike Russian infrastructure. In essence, the money Ukraine spends to defend its sovereignty flows into the coffers of Beijing, which then uses those funds to stabilize Moscow. Ukraine is, by logistical necessity, indirectly financing the strikes that rain down on its own cities.

This cycle of dependency has now been complicated by the Iranian dimension. The U.S. and Israel are now in a direct kinetic exchange with Tehran. When Iran responded by closing the Straits of Hormuz, they triggered a predictable domino effect. Choking off 20% of the world's oil supply sent global energy prices screaming upward, a political nightmare for a U.S. administration facing an election year.

In a move of pure realpolitik, Washington responded by granting sanctions relief to Russia to keep global oil prices manageable. The irony is complete: Russia is now the primary beneficiary of the war in the Middle East, receiving both a higher price per barrel and sanctions relief so that they can sell more oil.

The Strategic Absurdity: Winning vs. Being Right

If the war in Iran continues, U.S. demand for inexpensive drones will shift from a crawl to a sprint, likely topping 1,000,000 units per year. Since we’ve already established that a mere order for 30,000 drones has paralyzed our NDAA-compliant supply chain, the Pentagon is staring at a tough choice: stick to the rules and run out of ammo, or waive compliance and buy Chinese.

By granting sanctions relief to Russia to stabilize energy prices, the current administration has already signaled that they prioritize winning over being right on long-term strategy. If they apply this same logic to the DDP, it will be a generational failure. Waiving NDAA compliance wouldn't merely be a shortcut; it would be a surrender. It would funnel money into Chinese accounts, effectively paying our primary adversary to supply the secondary ones, while simultaneously strangling nascent U.S. domestic manufacturing in its crib.

To be clear: waiving these requirements would directly undermine domestic security, subsidizing the same actors who are engaging in commercial theft and ensuring that our defense industrial base remains anemic, dependent, and perpetually caffeinated on foreign supply.

The Bottom Line: An Investor’s Call to Action

The Drone Dominance Program is the death knell for the high-priced platform, and I am a fan. But the true opportunity for the Iron Triangle isn't in the drones themselves—it’s in the "picks and shovels" of the 21st-century battlefield.

Any pitch deck that contains the word “drones” paired with pictures of our Secretary of War indignantly waving his finger will net a defense technology start-up a $40,000,000 seed round nowadays. But we are funding the wrong side of the equation. If we want long-term national security, capital must flow into the unsexy, high-complexity infrastructure of domestic manufacturing: motors, flight controllers, and rare-earth processing. We need to fund the foundations, not just the fuselages.

History shows us that the private sector’s ability to pivot toward mass is what wins wars. During World War II, the Ford Motor Company famously built the Willow Run plant, which at its peak produced one B-24 Liberator bomber every 63 minutes. It wasn't just a feat of engineering; it was a show of industrial will that overwhelmed the Axis powers through sheer throughput. Similarly, the Supermarine Spitfire, the symbol of British defiance, was not the product of a slow-moving government design bureau, but of private industry pushing the boundaries of what was aeronautically possible under the shadow of imminent invasion.

These were not merely aircraft; they were the kinetic expressions of an industrial philosophy that understood that in total war, the only requirement is survival, and the only schedule is now. If we want to win the next conflict, we need to focus on our domestic industrial might.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Drones Are Changing Warfare And America Isn’t Ready

OPINION — Drones in Ukraine and in the War with Iran have made the surface of the earth a contested space. The U.S. has discovered that 1) air superiority and missile defense systems (THAAD, Patriot batteries) designed to counter tens/hundreds of aircraft and missiles is insufficient against asymmetric attacks of thousands of drones. And that 2) undefended high-value fixed civilian infrastructure - oil tankers, data centers, desalination plants, oil refineries, energy nodes, factories, et al -are all at risk.

When the targets are no longer just military assets but anything valuable on the surface, the long-term math no longer favors the defender. To solve this problem the U.S. is spending $10s of billions of dollars on low-cost Counter-UAS systems - detection systems, inexpensive missiles, kamikaze drones, microwave and laser weapons.

But what we’re not spending $10s of billions on is learning how to cheaply and quickly put our high-value, hard-to-replace, and time-critical assets (munitions, fuel distribution, Command and Control continuity nodes, spares), etc., out of harm's way - sheltered, underground (or in space).

The lessons from Gaza reinforce that underground systems can also preserve forces and enable maneuver. The lessons from Ukraine are that survivability while under constant drone observation/attack requires using underground facilities to provide overhead cover (while masking RF, infrared and other signatures). And the lessons from Iran’s attacks on infrastructure in the Gulf Cooperation Council countries is that anything on the surface is going to be a target.

We need to rethink the nature of force protection as well as military and civilian infrastructure protection.

Air Defense Systems

For decades the U.S. has built air defense systems designed for shooting down aircraft and missiles.

The Navy’s Aegis destroyers provide defense for carrier strike groups using surface-to-air missiles against hostile aircraft and missiles. The Army’s Patriot anti-aircraft batteries provide area protection against aircraft and missiles. The Missile Defense Agency (MDA) provides missile defense from North Korea for Guam and a limited missile defense for the U.S. MDA is leading the development of Golden Dome, a missile defense system to protect the entire U.S. against ballistic, cruise, and hypersonic missiles from China and Russia.

All of these systems were designed to use expensive missiles to shoot down equally expensive aircraft and missiles. None of these systems were designed to shoot down hundreds/thousands of very low-cost drones.

Aircraft Protection

After destroying Iraqi aircraft shelters in the Gulf War with 2,000-lb bombs, the U.S. Air Force convinced itself that building aircraft and maintenance shelters was not worth the investment. Instead, their plan - the Agile Combat Employment (ACE) program - was to disperse small teams to remote austere locations (with minimal air defense systems) in time of war. Dispersal along with air superiority would substitute for building hardened shelters. Oops. It didn't count on low-cost drones finding those dispersed aircraft. (One would have thought that Ukraine’s Operation Spider’s Web using 117 drones smuggled in shipping containers - which struck and destroyed Russian bombers - would have been a wakeup call.)

The cost of not having hardened aircraft shelters during the 2026 Iran War came home when Iran destroyed an AWACS aircraft and KC-135 tankers sitting in the open. Meanwhile, China, Iran and North Korea have made massive investments in hardened shelters and underground facilities.

Protecting Ground Forces

The problem of protecting troops with foxholes against artillery is hundreds of years old. In WWI, trenches connected foxholes into systems. Bunkers were hardened against direct hits. Each step was a response to increased lethality from above. Today, drones are the new artillery; a persistent, cheap and precise overhead threat but with the ability to maneuver laterally, enter openings, and loiter. And mass drone attacks put every high value military and civilian target on the surface at risk. Fielding more hardened shelters for soldiers like the Army's Modular Protective System Overhead Cover shelters is a first step for FPV kamikaze drones defense, but drones can get inside buildings through any sufficiently sized openings.

Drone Protection

Ukraine has installed ~500 miles of anti-drone net tunnels with a goal of 2,500 miles by the end of 2026. These are metal poles and fishing nets stretched over roads but they represent the same instinct: the surface is a kill zone, so cover it. Russia has done the same.

The logical response is to go underground (or out to space) but the technology to do it quickly, cheaply, and at scale is genuinely new. The gap in current thinking is between "put up nets" (cheap, fast, limited) and "build a Cold War concrete bunker" (expensive, slow, permanent). What's missing is the middle layer - rapidly bored shallow tunnels that provide genuine overhead cover for movement corridors, equipment parking, and personnel protection.

What tunnels solve that nets and shelters don't

A net stops an FPV drone's propellers. A shelter stops shrapnel. But a tunnel 15-30 feet underground is invisible to ISR, immune to most top-attack munitions, can't be entered by a drone through a door or window, and survives anything short of a bunker-buster. Gaza proved that even with total air superiority and ground control, Israel has destroyed only about 40 percent of Gaza's tunnels after two and a half years of war.

That's an asymmetric defender's advantage the U.S. military should be thinking about for its own use, not just as a threat to overcome.

What's changed to make this feasible is that we may not need boring tunnels per se, but instead modular, pre-fabricated tunnel segments that can be installed with cut-and-cover methods at expeditionary bases. Or autonomous boring machines sized for military logistics (smaller versions of the Boring Company TBMs) corridors rather than highway traffic.

The problem is a lack of urgency and imagination

The problem is real, the incumbents (Army Corps of Engineers) are slow, and the existing commercial tunneling industry isn't thinking about expeditionary military applications.

The doctrinal gap is between "dig a foxhole with an entrenching tool" (individual soldier, hours) or deploy a few Army's Modular Protective System Overhead Cover shelters or "build a Cold War hardened aircraft shelter" (major construction project, years, billions). There's no doctrine for rapidly boring hardened underground movement corridors, dispersed equipment shelters, or protected command post positions using modern tunneling technology.

Army doctrine treats excavation as something done with organic engineer equipment — backhoes, bulldozers, troops with shovels — to create individual fighting positions and cut-and-cover bunkers. The Air Force doctrine barely addresses physical hardening at all, having spent 30 years assuming air superiority and dispersing would substitute for it.

Nobody in the doctrinal community is asking: what if the Army could cut and cover 100 meters of precast tunnel segments in a day or if we could bore a 12-foot diameter tunnel 30 feet underground at a rate of a hundred of meters per week and use it as a protected logistics corridor, command post, or aircraft revetment?

Summary

Oceans on both sides and friendly nations on our borders have lulled America into a false sense of security. After all, the U.S. has not fought a foreign force on American soil since 1812.

Protection and survivability is no longer a problem for a single service nor is it a problem of a single solution or an incremental solution. Something fundamentally disruptive has changed in the nature of asymmetric warfare and there’s no going back. While we’re actively chasing immediate solutions (Golden Dome, JTAF-401, et al), we need to rethink the nature of force protection, and military and civilian infrastructure protection. Protection and survivability solutions are not as sexy as buying aircraft or weapons systems but they may be the key to winning a war.

The U.S. needs a coherent protection and survivability strategy across the DoW and all sectors of our economy. This conversation needs to be not only about how we do it, but how we organize to do it, how we budget and pay for it and how we rapidly deploy it.

Lessons Learned

There is no coherent protection and survivability strategy that addresses drones across the DoW and the whole of nation
- Just point solutions
For troops near the front, tunnels could reduce visual, thermal, and RF signature while providing fragment protection with a network of small, concealed, overhead- covered positions, short connectors, buried command posts, protected aid stations, and revetted vehicle hides.
We need to underground assets that cannot be quickly replaced
- Command posts, comms nodes, ammunition, fuel distribution points, repair facilities, key power systems, maintenance spares, and high-value aircraft or drones.
- Think protected taxiways, blast walls, covered trenches, buried cabling, alternate exits, redundant portals, and rapid runway repair. Sortie generation under attack depends on a whole system, not one bunker.
We need to work with commercial companies to harden/defend their sites
- Provide active defenses and incentives for undergrounding critical facilities
The Army and Air Force need to rethink their doctrines and techniques for Protection and Survivability
- Army Techniques Publications (ATP) 3-37.34 - Survivability Operations treat excavation as something done with backhoes, bulldozers, troops with shovels to create individual fighting positions and cut-and-cover bunkers. Update it.
- The Air Force needs to do the same with AFDP 3-10, AFDP 3-0.1 (Force Protection and AFTTP 3-32.34v3, AFH 10-222, Volume 14 and UFC 3-340-02
We need to think of force and infrastructure protection not piecemeal but holistically
- Part of any weapons systems requirement and budget should now include protection and survivability
- Protection and survivability should be deployed concurrently with weapons systems

• We need a Whole of Nation approach to protection and survivability for both the force and critical infrastructure

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How the Iran War Is Reordering the World, Second and Third-Order Effects

OPINION — Five weeks into the US-Israeli war against Iran, the immediate military picture — decapitation strikes, missile exchanges, and the grinding attrition of Iranian launch capacity — dominates headlines. But the more consequential story is playing out in the war’s cascading second- and third-order effects: the economic shock reverberating through global energy and food systems, the hardening of the Iranian regime, the fracturing of alliance structures Washington has depended on for eight decades, the accelerating consolidation of a Russia-China axis, and the humanitarian emergencies now metastasizing far from any battlefield. These downstream consequences are rapidly outpacing the conflict itself in strategic significance, and they will shape the international order long after the last missile is fired.

This analysis maps the cascading effects across six domains: energy and economic disruption, future Iranian threats, alliance fragmentation, great power realignment, humanitarian spillover, and the erosion of international norms and institutions.

A note on scope and methodology: In the US Intelligence Community, the analysis of second- and third-order effects is a distinct and demanding discipline — one that is typically undertaken precisely when a situation is still fluid, not after the dust has settled. Decisions made in the opening phases of a conflict tend to lock in trajectories that become progressively harder to reverse. Waiting for certainty means waiting too long. What follows is structured speculation, grounded in regional knowledge and historical pattern, about the choices this conflict is compelling and the world those choices are likely to produce.

The Hormuz Chokepoint: From Energy Shock to Systemic Economic Crisis

The closure of the Strait of Hormuz — through which roughly 20 percent of global seaborne oil and a significant share of liquefied natural gas transited before the war — has triggered what the International Energy Agency has called the largest supply disruption in the history of the global oil market. Brent crude surged past $120 per barrel at its peak, and WTI has nearly doubled since the start of 2026. Emergency stockpile releases by the IEA’s 32 member states — some 400 million barrels — have provided a temporary buffer, but at current global consumption rates of roughly 105 million barrels per day, those reserves buy weeks, not months.

Second-order effect: Stagflationary pressure across the global economy. The Dallas Federal Reserve estimates that the Hormuz closure alone could reduce global GDP growth by an annualized 2.9 percentage points in Q2 2026. Goldman Sachs has raised its probability of a U.S. recession to 25 percent. Oxford Economics warns that sustained oil prices of $140 per barrel would push the eurozone, the UK, and Japan into outright contraction. U.S. gas prices hit $4 per gallon on March 31 — and the trajectory is upward.

Third-order effect: Cascading commodity disruptions well beyond oil. The Hormuz closure has choked the global supply of sulfur (Gulf countries account for roughly 45 percent of global output), helium, aluminum feedstocks, and — most critically — fertilizer. Approximately one-third of global seaborne fertilizer trade transits the Strait. Urea prices have surged roughly 50 percent since the war began, landing squarely during the Northern Hemisphere spring planting season. The UN Food and Agriculture Organization has warned of a three-month window before planting decisions for 2026 and beyond are irreversibly compromised. Countries like Bangladesh, Pakistan, India, and several East African nations — which depend on Gulf fertilizer imports and have limited stockpiles — face the prospect of a food security crisis that could persist well into 2027.

This is the progression policymakers failed to game out: a military strike designed to destroy Iranian nuclear and missile capacity has, within weeks, metastasized into a global supply chain crisis touching everything from jet fuel pricing (costs have more than doubled) to corn yields in Iowa to hospital operating costs in the Philippines.

Iran As A Garrison State

The conventional Western assumption was that killing Supreme Leader Khamenei and degrading Iranian military capacity would either topple the regime or leave it fatally weakened. The opposite dynamic is taking hold.

The installation of Mojtaba Khamenei as successor — a move that would have been controversial in peacetime, with even his father reportedly opposing the appearance of dynastic rule — was enabled precisely by the existential crisis the war created. Reports that Mojtaba may have been seriously injured in the initial strikes only deepened the symbolic connection to his father, who lost the use of his right hand in a 1981 assassination attempt. Mojtaba can remain a cipher to the general public while the network his father built over nearly thirty-seven years ensures continuity of the system’s core commitments. His value to the regime is less political than totemic: a wounded son of a martyred leader, governing from the shadows while the security apparatus runs the country.

The regime’s resilience should not be surprising to serious students of Iranian history, even if it has surprised many in Washington. The foundational narrative of the Islamic Republic emphasizes survival against overwhelming odds. The revolutionary generation endured institutional disarray, purges, urban street fighting, tribal uprisings, a coup attempt, and Saddam Hussein’s devastating invasion — and emerged intact. As one Tehran resident told the Wall Street Journal in the war’s early days: “This regime will become stronger, crueller, more monstrous even than before. People don’t have the weapons to fight back.”

Second-order Effect: What is emerging in Tehran is something that has no precise precedent in the Islamic Republic’s forty-seven-year history: a garrison state. The revolutionary experiment under Khomeini and the institutional consolidation under Ali Khamenei both preserved at least the fiction of factional competition — reformists versus hardliners, clerics versus military, elected officials versus appointed ones. That fiction is over. The IRGC and the wider security apparatus are now in effective control of governance, economic policy, and foreign affairs. The war provided the pretext for de facto martial law. Electronic surveillance, preemptive text messaging campaigns, and a sustained pace of executions have ensured that whatever domestic opposition survived the January protest crackdown will not resurface while the bombs are falling. This is a regime that has shed its civilian skin.

Third-order effect: For however long the regime survives, its leadership will be dominated by hardened reactionaries with no effective internal counterweights. The factional competition between religious and republican elements that provided limited openings for reform has evaporated. President Pezeshkian retains a more moderate image but wields no institutional power. The practical implications for American policy are significant: any future diplomatic engagement will confront an Iranian interlocutor that is simultaneously more consolidated, more traumatized, and more committed to the nuclear hedge that the campaign was supposed to eliminate.

Alliance Fracture: NATO’s Worst Crisis Since Suez

The transatlantic alliance is under extraordinary strain. When President Trump called on NATO allies, China, Japan, and South Korea to help secure passage through the Strait of Hormuz, the response was a near-unanimous refusal. On March 16, both China and NATO’s European members rejected the request. France has refused to allow its territory to be used for military operations linked to the war. Italy has cited legal and procedural objections to providing U.S. forces access to certain military facilities. Even the United Kingdom — Washington’s most reliable ally — has limited its support to defensive operations from existing bases, withholding full political or military backing.

Second-order effect: The war has exposed a fundamental asymmetry in how Washington and its allies perceive risk. European governments see the conflict as a unilateral American action launched during active negotiations — recall that Oman’s foreign minister had announced a diplomatic breakthrough on Iran’s nuclear program the day before strikes began — and are unwilling to absorb the economic and political costs. Eastern European allies, particularly Poland, are explicit: their priority is Russia, and they will not redeploy air defense assets to the Middle East. Poland’s defense minister has warned that a prolonged conflict could jeopardize arms supplies to Ukraine.

Third-order effect: The war is accelerating a structural decoupling within NATO. Trump’s March 17 Truth Social post renouncing NATO assistance — and extending that rebuke to Japan, South Korea, and Australia — signals something more consequential than a diplomatic spat. It reflects a worldview in which alliance obligations are transactional, and allies who decline to participate in American conflicts forfeit their claim to American protection. This logic, if sustained, threatens to unravel the foundational bargain of the liberal international order. European capitals are drawing their own conclusions. The concept of “strategic autonomy” — European defense capacity independent of the United States — has moved from theoretical aspiration to operational necessity in a matter of weeks.

The Russia-China Windfall

Of all the second-order effects, the war’s impact on great power competition may prove most durable.

Russia is the most immediate beneficiary. Moscow built its 2026 federal budget on oil at roughly $60 per barrel. Brent at $120 has rescued the Russian war economy, providing the Kremlin with the revenue it needs to sustain operations in Ukraine precisely when Western sanctions were supposed to be biting hardest. U.S. officials have reported that Russia is providing Iran with satellite imagery and intelligence on the locations of American warships and aircraft — a level of operational cooperation that crosses a meaningful threshold. Iran’s Foreign Minister Araghchi has not denied that military cooperation with both Russia and China continues during the conflict.

Second-order effect: The conflict is hardening the Russia-China relationship from cautious coordination into structured alignment. China’s 2026–2030 development blueprint, submitted to the National People’s Congress in March, reflects renewed momentum for the Power of Siberia 2 pipeline and other measures designed to reduce Beijing’s vulnerability to Middle Eastern energy disruption. China has also been building strategic petroleum reserves, holding roughly 104 days of import coverage — enough to weather a medium-duration Hormuz closure. Russia trades hydrocarbons for Chinese capital, technology, and diplomatic cover; the war has intensified every dimension of that exchange.

Third-order effect: The war is demonstrating to the Global South that the U.S.-led order cannot guarantee the stability of critical global commons. The Hormuz closure, the inability of the United States to compel its own allies to help reopen the strait, and the spectacle of developing nations scrambling for energy and fertilizer supplies while Washington prosecutes a war of choice — all of this feeds a narrative of American overreach and declining systemic reliability. China, which has been carefully positioning itself as a neutral party calling for de-escalation, accumulates soft power by default. The December 2025 U.S. National Security Strategy treats China and Russia in isolation, offering no framework to prevent their convergence. The Iran war has made that strategic gap painfully visible.

Humanitarian Catastrophe Beyond the Battlefield

The war’s most consequential victims may be populations with no stake in the conflict whatsoever.

In the Gulf states themselves, the Hormuz blockade has triggered a grocery supply emergency. GCC states rely on the Strait for over 80 percent of their caloric imports. By mid-March, 70 percent of the region’s food imports were disrupted, producing consumer price spikes of 40 to 120 percent. Iranian strikes on desalination plants — the source of 99 percent of drinking water in Kuwait and Qatar, and roughly 75 percent in Saudi Arabia — have introduced the specter of a water crisis affecting 62 million people. A leaked 2008 U.S. diplomatic cable warned that Riyadh would have to evacuate within a week if its primary desalination plant were seriously damaged. That scenario is no longer hypothetical.

Second-order effect: The war has shattered the Gulf’s narrative as a permanently stable destination for expatriates and investment. Large-scale departures of foreign residents from the Gulf have begun. The Qatar-funded Middle East Council on Global Affairs has suggested the war has “irreversibly shaken” perceptions of the Gulf’s stability — a conclusion with profound implications for the region’s post-oil economic transformation strategy.

Third-order effect: The food and fertilizer disruption is compounding pre-existing crises in the world’s most vulnerable populations. The World Food Programme’s Deputy Executive Director has warned that humanitarian supply chains are approaching their most severe disruption since COVID and the 2022 Ukraine war. WFP shipping costs are up 18 percent. Fuel price increases of over 80 percent in the Philippines have driven hospitals to consider surcharges. In Somalia, food prices are up 20 percent; in Sudan — already the world’s largest hunger crisis — the disruption to aid flows through the Bab-el-Mandeb and Suez corridors is compounding an already catastrophic situation. The UN estimates the conflict could push 45 million additional people into acute hunger.

This is the third-order chain in its starkest form: a military operation in the Persian Gulf → a fertilizer shortage in the Indian Ocean → a planting crisis in South Asia and East Africa → a famine risk extending into 2027.

Norms Erosion and Institutional Collapse

The war is systematically degrading the international rules and norms that constrain state behavior.

The targeting of civilian water infrastructure — by all three belligerents — represents a particularly dangerous escalation. U.S. and Israeli strikes have damaged Iranian water systems. Iran has retaliated against desalination plants in the Gulf.

President Trump has publicly threatened to destroy Iran’s electric power facilities and its remaining desalination capacity. None of the three countries has ratified Additional Protocol I, which explicitly protects civilian water systems, but the norm against targeting water infrastructure was, until recently, broadly respected. Its erosion establishes a precedent that will echo in future conflicts.

Second-order effect: The war has demonstrated the practical impotence of the UN Security Council. Russia and China (with France) effectively blocked a resolution that would have authorized the use of force against Iran to reopen of the Strait of Hormuz, while the United States has blocked resolutions calling for a ceasefire. A resolution condemning Iran’s retaliatory strikes did pass — illustrating the Council’s selectivity rather than its authority.

Third-order effect: The war is accelerating the delegitimization of the post-1945 international order in the eyes of the Global South. The fact that the United States launched a war during active nuclear negotiations — after Oman’s mediator had announced Iran’s agreement to irreversibly downgrade its enriched uranium stockpile — reinforces the perception that great powers invoke rules-based order selectively. This is not merely a public relations problem. It actively erodes the cooperative frameworks — nonproliferation, maritime law, humanitarian protections — on which U.S. long-term security depends.

The Outlook: Cascade Without an Off-Ramp

Five weeks in, the diplomatic picture is not encouraging. The U.S. has transmitted a 15-point peace framework to Iran via Pakistan. Iran has publicly rejected it as “maximalist” and countered with five conditions of its own — including war reparations and international recognition of Iranian sovereignty over the Strait of Hormuz. President Trump has extended a deadline for Iranian compliance to April 7, with threatened escalation against energy infrastructure if no deal is reached. Meanwhile, Israel is reportedly accelerating strikes on Iranian arms factories in anticipation of a possible ceasefire — suggesting Jerusalem fears Washington may settle for less than the maximalist demands Israel prefers.

The deeper problem is structural. The second- and third-order effects described above are not side effects of the war — they are now the war’s primary strategic consequences. And they are largely irreversible in the near term. Even a ceasefire tomorrow would not rapidly reopen the Strait, restore fertilizer flows in time for the planting season, repair the transatlantic alliance, or unwind the Russia-China energy partnership now hardening into permanence. Each week of continued conflict compounds these downstream costs exponentially.

For intelligence professionals and policymakers, the lesson is one the IC has articulated for decades but that political leaders chronically fail to internalize: in a hyperconnected global system, the second- and third-order effects of major military action will almost always exceed the first-order gains. The cascade from Operation Epic Fury is proving that maxim with painful clarity.

The author is a former CIA intelligence officer with extensive experience on the Near East. This analysis draws on open-source reporting, regional analysis, and publicly available assessments. All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Watch my Special Competitive Studies Project podcast, Intelligence at the Edge

This article was originally published on Substack, and is reposted here with permission from the author.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

U.S. Intel’s Sobering Assessment of Iran’s War Resilience

Six weeks into Operation Epic Fury, with airstrikes having killed a sitting supreme leader, wiped out scores of top military and intelligence commanders, and significantly degraded Iran’s missile arsenal and naval capacity, Washington is confronting a conclusion that was reached by its own intelligence community before the first bomb fell: the Islamic Republic is not going anywhere.

A National Intelligence Council assessment completed in February concluded that neither limited airstrikes nor a larger, prolonged military campaign would be likely to result in a new government taking over in Iran, even if the current leadership were killed. The briefings delivered to President Trump were described by one source familiar with the findings as “sobering.”

A multitude of intelligence reports now provide consistent analysis that the regime is not in danger of collapsing and retains control of the Iranian public. The war’s costs are nonetheless mounting.

More than $16 billion has been spent so far, 13 U.S. troops have been killed, and Iran’s grip on the Strait of Hormuz has slowed shipping traffic to a trickle, creating a historic oil disruption that has sent global energy markets into turmoil. Daily oil exports from the Middle East have fallen by at least 60 percent since the war began, the IEA has said, calling it the largest supply disruption in the global oil market’s history.

A U.S. intelligence official, speaking to The Cipher Brief on background, captured the core dilemma plainly, “You can’t get regime change from the air, and who is to replace them when there is no viable alternative.”

The son rises — harder than the father

Nine days into the war, Iran's Assembly of Experts met and named a new supreme leader. They chose Mojtaba Khamenei 56, second son of the slain Ayatollah Ali Khamenei, and in doing so gave Washington an answer it had not been looking for. Inside Iran, critics felt the sting of a republic born from the ashes of dynastic rule that had just handed the top job from father to son. President Trump called the selection “a big mistake” and said Mojtaba was flatly “unacceptable” to him.

The new supreme leader is widely assessed as even more hardline than his father, though the full contours of his leadership remain difficult to read, in part because he has not appeared in public since the war began, knowing that he is being actively targeted.

For decades, he operated in the shadows of his father’s office. U.S. diplomatic cables published by WikiLeaks in the late 2000s referred to him as “the power behind the robes” and his father’s “principal gatekeeper.”

At the same time, a 2008 cable reportedly assessed him as “a capable and forceful leader and manager” though it also noted his lack of theological qualifications and relative youth. His path to power ran not through religious scholarship; he holds no senior clerical rank and has published no works of Islamic jurisprudence, but through the IRGC, with which he forged ties during the Iran-Iraq war in the late 1980s and cultivated ever since.

Intelligence experts stress that Mojtaba essentially owes the IRGC for his ascendance, and in that vein, he isn’t going to have the same broad leverage as his father. The succession process itself underscored that dynamic. The IRGC argued that the war required a swift process and that selecting a candidate who defied the United States, contacted Assembly of Experts members, and prompted objections, yet, in the end, they felt compelled to support him. IRGC leaders, Basij commanders, and top security officials had unparalleled access to the assembly, many of whose members rely on the Revolutionary Guards for personal protection.

The first statement attributed to Mojtaba since his appointment came on March 12, read aloud by a state television anchor over a still photograph — the new supreme leader himself nowhere to be seen. The tone left little room for interpretation.

“The lever of blocking the Strait of Hormuz must definitely continue to be used,” he declared, not as a negotiating position, but as a statement of intent. The waterway that moves a fifth of the world’s oil had become, in his telling, a weapon.

Some private sector analysts noted that while his rhetoric toward the United States and Israel was uncompromising, he did not fully close the door to political outcomes, placing responsibility for ending the war squarely on Washington. Iran’s parliament speaker, Mohammad Bagher Ghalibaf, was less equivocal.

On March 17, he posted on X that the Strait of Hormuz “won’t return to its pre-war status.” Two days later, Expediency Council member Mohammad Mohaber went further still, calling for a “new regime” for the strait that would allow Iran to sanction the West by denying passage to its ships. Taken together, the message to Washington was hard to misread: across the Islamic Republic’s power structure, this war has produced no moderates.

IRGCistan: the state that emerges

What American airpower has effectively accelerated is not the dismantling of the Islamic Republic but the consolidation of its most dangerous institutional element. The IRGC is taking an even greater role in the domestic affairs of the state, ensuring the structure of the regime stays in place, while Iran’s opposition remains fractured without a credible leader capable of challenging hardline officials.

A telling example of who holds actual power came one week into the war, when President Masoud Pezeshkian apologized for Iran’s attacks on Gulf states, saying he “personally apologizes to neighboring countries that were affected by Iran’s actions.” The IRGC and hardliners pushed back immediately, a hardline parliamentarian called the statement “weak, unprofessional, and unacceptable,” forcing Pezeshkian into a climbdown that notably omitted his original apology from the official readout. This has been widely interpreted as the IRGC now being in full charge of the embattled nation, and calling the shots as to who, how and when to attack.

Despite sitting on the interim leadership council formed to administer the country while a new supreme leader was selected, Pezeshkian appears to have been reduced to a figurehead. The elected civilian layer of the Iranian state has been hollowed out in real time.

That hollowing-out has only deepened since. On March 17, Ali Larijani — the secretary of Iran’s Supreme National Security Council and one of the most prominent non-clerical figures in Iranian politics — was killed in an Israeli airstrike, removing the highest-level official to be assassinated since Khamenei himself. U.S. and Israeli intelligence had assessed Larijani as Iran’s de facto leader in the weeks after the war’s opening strikes, given widespread doubts about Mojtaba’s capacity to govern. Iran has since named Mohammad Bagher Zolghadr, a hardline former IRGC deputy commander, to replace him; a move that further consolidates the Guards’ grip over the regime’s security architecture.

The pattern is difficult to ignore. Each leadership vacancy created by the war’s decapitation strikes has been filled not by civilian or clerical figures but by men with deep IRGC roots. As one U.S. intelligence official speaking on background to The Cipher Brief told us, the internal dynamics are shaped less by strategy than by the weight of an accepted narrative — and that narrative, for now, belongs to the guards.

Royce de Melo, a security and defense consultant and analyst specializing in the Middle East and Africa, tells The Cipher Brief that he sees the current trajectory as a natural, if not inevitable, evolution.

“As fanatical loyalists, the IRGC have always been the power behind the regime since the 1979 Iranian Revolution; they are Iran’s Praetorian Guard,” he explains. “For the IRGC to take control of the government temporarily, be it until this war ends, or with a longer-term intent, in my opinion, would be a natural course.”

A senior Arab official told Axios that the IRGC is taking over Iran and that its members are “highly ideological and are ready to die.” Whether this constitutes a full “IRGCistan” remains debated. De Melo, however, cautions against treating the framing as settled.

“It’s early days, and no one seems certain as to what is happening with the government at the moment,” he continues. “Nonetheless, even if Iran’s government becomes military-dominated under the IRGC, that is not to say it still won’t remain theocratic. It can be both military-dominated and theocratic.”

The senior director of the Iran program at the Foundation for Defense of Democracies, Behnam Ben Taleblu, has closely tracked this dynamic. The regime, he argues, is not deluded about its own condition — it knows the damage is real. What it is counting on is that a wounded adversary can still make the price of finishing the job too high. The IRGC’s track record of reconstituting after setbacks is a significant part of why that bet is not entirely unreasonable.

The IRGC has buried commanders before and found new ones. Its missile production was designed from the ground up to keep running under pressure, drawing on domestic supply rather than imports that could be choked off. Strikes can hollow out a building. They are less effective against an institution that knows how to reconstitute — and Western policymakers are finding that out as the war continues.

There is also no one waiting to take over. The Iranian opposition is split along ethnic, ideological, and geographic lines, with no figure capable of commanding broad national support and no organization with the reach to matter. Azizi, a postdoctoral associate and lecturer at Yale, puts the IRGC's position plainly: not a single chain of command, but circles and networks that have spent decades threading themselves through Iran's economy and military alike. You do not dislodge that with bombs.

A harder adversary than the one Washington set out to degrade

The administration’s stated objectives — the missiles, the navy, the nuclear program — may yet be achieved. Inside the intelligence community, however, the more unsettling question has never really been about the targets. It has been about what comes after. The consistent answer across multiple outside assessments is not reassuring: the Iran that emerges from this war is shaping up to be harder to manage than the one Washington decided to strike.

Jonathan Panikoff, who served as former deputy national intelligence officer for the Near East at the National Intelligence Council before becoming director of the Atlantic Council’s Scowcroft Middle East Security Initiative, described the best-case scenario for a post-war Iran as one in which there is meaningful competition for power — but added that he was skeptical such an outcome would arise. “Somebody with guns fundamentally has to switch sides or stand aside,” he said. That has not happened.

The nuclear dimension adds a further layer of complexity. IAEA Director General Rafael Grossi has been unambiguous on the point: military action has badly damaged Iran’s nuclear program, but it cannot erase the knowledge, materials, and industrial capacity that would allow Tehran to rebuild.

“You can’t unlearn what you’ve learned,” Grossi said, adding that Iran retains the capabilities and the industrial base to reconstitute.

De Melo also flags what he sees as the variable most likely to shape Iran’s rebuilding speed: Beijing and Moscow. Chinese companies have kept the pipeline of dual-use technology moving — missile fuel components, electronics, drone engines — throughout the conflict.

Russia, meanwhile, has spent years on the receiving end of Iranian military hardware, taking in billions of dollars’ worth of equipment and drone technology since 2021. The reversal De Melo describes is straightforward: Russia can

now send Iranian-design drones, manufactured on Russian soil, back the other way.

A Pentagon source, speaking to The Cipher Brief on background, offered a sobering structural observation about how intelligence informs — or fails to inform — decision-making at the top.

“In my experience, what happens is you submit a brief that is then accepted, edited or rejected on the basis of the accepted narrative,” the source cautions. “It is narrative, whatever that might be, which is controlling.”

It is a dynamic that troubles those who have spent careers watching Washington repeat the cycle.

Del Wilber, a retired CIA case officer, warns that the administration risks mistaking tactical gains for strategic resolution. Declaring victory short of complete regime change, he argues, would be a fundamental error.

“Iran will only redouble its efforts to reconstitute their weapons development programs quietly, and stir up mischief in the region,” he tells The Cipher Brief. “Nothing will stop the existing regime from pursuing its goal of the destruction of Israel and hurting the United States.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Admiral James Stavridis (Ret.)

“I am struck by how comprehensive and thoughtful The Cipher Brief’s Open Source Report is. It is just as good as the President’s Daily Brief, having spent a decade reading the PDB. And it’s unclassified, too! I'm proud to be part of the network of experts at The Cipher Brief, which provides superb geopolitical advice and intelligence insights.”

A Wartime Budget Without an Innovation Strategy

OPINION — “The use cases that help to drive the research agenda can come from a variety of different settings…We need to acknowledge that it's okay for those use cases to come from the Department of War (DoW) and Intelligence Community (IC). It's our responsibility to be able to help put the best minds here in the U.S., the best talent here in the U.S., to help unlock some of that research and innovation. And then it's up to our colleagues at DoW and the IC, whom we collaborate with, to harness some of those outputs for the betterment of our national interests and our national needs.”

That was Erwin Gianchandani, the National Science Foundation (NSF) Assistant Director of the Directorate for Technology, Innovation and Partnerships (TIPS), speaking last Friday at the Center for Strategic and International Studies during a meeting on NSF's National Security Mission for the Twenty-First Century.

TIPS is an NSF program that invests in use-inspired research and the translation of those research results to the market to continue to keep society and the nation secure.

Ironically, I had listened to Gianchandani’s remarks last Friday before reading the outline of President Trump’s fiscal 2027 budget request with its gigantic increase for Defense Department (DoD) spending – to near $1.5 trillion. Much to my surprise, not only was federal research and development cut in that request for next year, but NSF’s own next year’s budget was cut from $8.8 billion to $4 billion.

Before I talk about what’s interesting about NSF’s TIPS program, I want to make a few observations about the proposed 2027 DoD budget request, which represents a 44 percent increase over this year’s spending.

In a letter accompanying the budget outline, Office of Management and Budget Director Russell T. Vought said that in addition to the $1.1 trillion base DoW budget, Trump is including “a request for $350 billion in additional mandatory resources for critical Administration priorities such as increasing access to critical munitions and further expansion of the defense industrial base.”

This vast Trump federal growth of U.S. military spending seems very similar to what Russian President Vladimir Putin has done to the Russian government’s economic base, putting it on a wartime footing to meet the needs of his four-year Ukraine war.

I will also point out there is a $3.6 billion increase for the National Nuclear Security Agency (NNSA), which runs the nation’s nuclear weapons program. Budget Director Vought wrote, “The United States must maintain and expand its set of nuclear capabilities that allow the President flexibility to protect the homeland and deter adversaries. Specifically, the Budget makes strong investments to develop new [nuclear] warheads that would bolster deterrence, modernize NNSA’s supporting infrastructure, and extend the life of existing warheads.”

The U.S. has already been building new warheads for its new submarine-launched cruise missile and its new land-based intercontinental ballistic missile [Sentinel]. There is also a new nuclear air-launched cruise missile on the way. What other new warheads does this country need “to develop”?

Need I also mention there’s an additional $18 billion for Trump’s Golden Dome dream of a missile defense system to feature space-based interceptors, plus unstated amounts for his un-needed Trump battleships.

I want to focus back on the NSF’s TIPS program because Assistant Director Gianchandani described changes in the academic research world worth recording.

For example, he reminded that China’s “President Xi has said that science and technology is the new international battlefield. It is the vehicle by which the international battlefield is going to be shaped going forward…We cannot take that lightly,” Gianchandani said , adding, “If we are going to ensure our competitiveness, our security, our defense, we have to take that very seriously. And that means that there are going to be instances a lot of the technology that we are surfacing and that we are enabling are dual-use [for war and/or peace] technologies.”

Gianchandani said it still takes years for basic science to be unlocked but that “every sector of our economy really is being transformed by the introduction of data and AI [Artificial Intelligence] -- that is the new currency of scientific progress and in that context I think the pace of discovery and innovation is greatly accelerated.”

He also pointed out changes in academia.

“It used to be that in certain fields the majority of PhDs would go into academia,” Gianchandani said. He continued, “Today the majority of PhDs in those same fields are going anywhere but academia. Nothing against our higher education institutions, but the types of jobs that we are training for, the types of opportunities that we are trying to unlock, span from the Department of Defense to the Intelligence Community to the private sector to venture capital and so forth.”

Gianchandani also spoke about what he termed “our early-career faculty,” who “are saying, you know, we want to have impact with the work that we're trying to do…And for them, impact at the end of the day isn't necessarily about papers and publications. It's about the startups that they can create. It's about the ecosystem that they can cultivate. It's about these partnerships with industry and seeing their ideas over time make their way into products and services that are changing people's lives or that are for the betterment of the U.S. defense and intelligence enterprises. That's early-career faculty who are up and coming who are trying to see that happen.”

Gianchandani also explained that TIPS wanted to change that linear pathway between basic science and needs in the real world.

As he described it, “You start with just simply use discovery science, you let the great flowers bloom, and then you harness that, but we want to complement that…with also what are the real world use cases from Department of War (DoW) , the Intelligence Community (IC) etc. That can help to inform and shape some of that use-inspired research, some of that translational research, and accelerate that to actually have impact at the end of the day.”

One TIPS program he cited was “our ability to be successful tied to critical minerals.” NSF did a technical assessment and found, “it turns out that by the year 2030 about a quarter -- several data sets have shown this – about a quarter of the nation's critical minerals needs could be addressed through the harnessing of end-of-life critical minerals -- waste stream critical minerals and so forth,” Gianchandani said.

That became the basis for TIPS’ Tech Metal Transformation Challenge whose grant winners demonstrated their capability to create solutions to solve the hardest technical gaps in critical materials recovery, gaps that directly impacted U.S. manufacturing competitiveness and national security.

“If we're going to think about the equipment that you need for hypersonics and the ability to do ground and air scanning, in real time, you're going to need those critical mineral assets,” Gianchandani said, adding, “And so being able to leverage this type of an approach and surfacing the teams that can potentially do so in a rapid manner and in a in a sort of a different way than we might traditionally do through some of our normal processes. I think allows us to be able to ensure that we are maintaining that competitiveness.”

For four years, TIPS has been running a Regional Innovation Engines Program providing the largest investments that the agency makes in terms of R&D and workforce development.

Gianchandani said, “We funded an engine in central Florida in Osceola County, Florida, that increasingly now covers more and more of the state with a particular focus on semiconductor technologies and specifically advanced packaging capabilities.”

Within weeks, he said, “there was an announcement that the Department of War was also investing in that same ecosystem in that same team. So that shows you sort of the symbiosis between our investments and that of our colleagues elsewhere in the government.”

That engine, he continued, “Brought together Valencia Community College. They've brought together their backyard secret sauce, which is the only municipal-owned fab [a semiconductor fabricating plant] in this country to our knowledge, operated by SkyWater Technology [a semiconductor manufacturer]. That particular setup has allowed them to be able to reskill, upskill, the workforce in Osceola County to the point that folks were making minimum wage and

six months later they're making three or four times as much, which has huge implications on their livelihoods [and] has huge implications on their ability to put food on the table for their families and oh by the way it's also a job that they're really excited about working in these semiconductor fabs. So that's one example.”

Overall, Gianchandani said, “Engines across the board, an [original NSF] investment of $135 million over the last two years has been matched by over a $1.5 billion in matching commitments from state and local governments, private industry, venture capital, and so forth. And they've touched at least 20,000 Americans. That's a floor, probably much more than that, but at least 20,000 Americans with re-skilling and upskilling.”

Gianchandani closed with a statement worth thinking about: “The pace of science is changing before our very eyes. It is greatly accelerating. And as that pace accelerates, that also means that going from basic discovery to an innovation to thinking about a new capability…The rate at which we're making progress is changing. And so it's important for us to be acknowledging that, and it's important for us to be thinking about science sort as a front and center vehicle that allows us to be able to keep that cutting edge, keep that leadership mantle that I think we want to see for our national defense and for our national prosperity as we go forward.”

I should point out that the Trump administration cut the NSF fiscal 2026 budget request in half from the prior year — to $3.9 billion -- and last year the Members of Congress in their wisdom reinstated it to $8.75 billion. I expect, hope, that ignoring the Trump administration request will happen again.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

A Declining Demand for Strategic Intelligence? U.S. and Israeli cases

OPINION — Strategic intelligence, usually perceived as intelligence supporting the formulation of strategy, has always had limited influence over national security decisions. Leaders in democratic countries, let alone in authoritarian ones, have their own ideological views of the world, and their own vision of ways to shape the world. They do not rely only on their intelligence agencies for sense-making of the strategic environment. But in the cases of the US and Israel, the demand for strategic intelligence might be declining.

Both the US and Israel are increasingly implementing preventive strategies, initiating preventive campaigns while using brute force, which aimed to coerce the adversary through compellence rather than through deterrence. The preventive approach is not new; Israel, for instance, has always aimed at preventing its adversaries from acquiring nuclear weapons. However, the implementation of this approach has accelerated.

This was the case, for instance, in the June 2025 Israeli campaign against Iran, intended to prevent the Islamic Republic from developing nuclear weapons and ballistic missiles, augmented by US strikes also aimed at preventing Iran from developing nuclear weapons. Deterrence was not working to change Iran’s calculus and actions, hence compellence was needed. In the US operation to capture Venezuelan president Maduro in January 2026, the US once again applied compellence using brute force. Deterrence was not working to change Venezuela’s conduct, hence compellence was needed. The current US and Israeli campaigns against Iran are the most vivid illustration of the preventive approach, with Israel and the US taking the initiative and applying compellence. Both the US and Israel have declared that this campaign is intended to prevent Iran from developing nuclear weapons, as well as to negate Iran from its regional power projection capabilities. And at least in the case of Israel, also to bring about regime change. Deterring Iran from further developing its nuclear and missile capabilities was once again not working.

The application of these preventive and proactive strategies might illustrate a declining demand for strategic intelligence. First, such strategies are mostly aimed at degrading adversary capabilities, effectively assuming that understanding adversary intentions and manipulating them, mainly through deterrence, is not enough. Hence, operational-level intelligence analyzing adversary centers of gravity, operational and technical intelligence analyzing adversary military and industrial projects, and above all, targeting intelligence, is more important than strategic intelligence trying to decipher adversary intentions and rationale. In the case of Iran, for instance, the US and Israel seem to have decided that the Iranian intentions for developing nuclear capabilities are threats which must be prevented, regardless of whether the Iranians indeed intend to employ nuclear weapons in the future.

Second, leaders increasingly judge the “imminency level” of threats based on their vision and ideology, not just on intelligence assessments. This is especially evident in the current campaign against Iran. In the US, DNI Gabbard recently mentioned that only the US president decides if a threat is indeed imminent, referring to the Iranian nuclear project. In Israel, Prime Minister Natanyahu mentioned that Israel had to take action since the Iranians were moving their infrastructures into underground facilities, thus denying Israel from the ability to attack these infrastructures. Once again, strategic intelligence about adversary future intentions seems less important than operational intelligence about adversary capabilities, let alone than targeting intelligence, such as that produced by Israel for eliminating Iran’s political and military leadership in the beginning of the current campaign against Iran, or by US in January 2026 to capture Maduro.

Third, leaders increasingly distrust the quality of strategic intelligence produced by their intelligence agencies. In the US, for instance, President Trump has consistently expressed distrust in DNI’s Gabbard assessments regarding Iran, and during his first term, urged intelligence professionals to “go back to school”. Furthermore, the IC is often viewed by the Trump administration as politicized, a belief which effectively leads to politicization. In Israel, it is more than reasonable to assume that following the colossal intelligence failure of October 2023, which among other things reflected a complete failure to understand Hamas strategy and intentions, the current Netanyahu government lost trust in the intelligence system’s strategic assessments. This also might lead to politicization. Hence, while leaders cannot execute their strategies without operational and targeting intelligence, they might assume that their own judgements about adversary intentions are better than those produced by the intelligence professionals.

These challenges for strategic intelligence are not new, but at least in the US and Israel in recent years, they seem to be exacerbated. These trends, therefore, might reflect a declining demand for strategic intelligence, specifically focused on analyzing adversary intentions. It is not clear, for instance, whether such intelligence was provided to US and Israeli decision-makers prior to initiating the current campaign against Iran, regarding potential contingencies in the Straits of Hormuz? In any case, this might lead to a “vicious circle”, where diminishing demand leads to decreasing supply, which in turn might decrease the demand, and so forth. Both leaders and intelligence professionals should be troubled by this phenomenon.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Iran War Scorecard Looks Bad for America’s Strategic Interests

OPINION — While the war has yet to conclude, we have enough information to create a preliminary net assessment of its effects on U.S. security and prosperity. Spoiler alert: the war is on track to be a net negative for Americans.

Instead of focusing on variously articulated war aims, this assessment strives to assess a selected but broader range, admittedly unscientifically derived, of U.S. interests. This scorecard is designed to simply show whether these interests have improved (↑), declined (↓), or remained about the same (→).

Let’s start with the positive and work our way to more negative longer-term effects:

↑ The Iranian regime has been historically weakened. Regime change is out. President Trump has long forgotten his promise to anti-regime Iranians that “help is on the way” and Iran “will be yours to take;” and the idea that changing leaders equals “regime change” does not meet the smell test. But there is no doubt that military operations have deeply weakened and probably fractured Iran’s regime. While the level of destruction is not yet knowable, Iran’s steel industry, largest bridge, and other dual-use productive capabilities are in ruins. Iran’s more fragile, but also probably more brutal, regime will have difficulty managing Iran’s overwhelming and now significantly worsened economic and environmental crises. More political instability is likely down the road, perhaps providing an opening to the opposition but more likely to different flavors of Iran’s hardline security leadership.

↑ Iran’s missiles and missile production facilities are significantly degraded, although Iran retains enough missiles and drones to continue to threaten the region. The degradation does not materially affect the U.S. homeland although this posed a threat to Israel, because Iran would not have been able to produce an intercontinental ballistic missile for nearly a decade, assuming we didn’t stop them along the way. Given the lessons that Iran has absorbed—literally, during the 12-day war in June and this round—it was and is highly unlikely that Iran would strike the U.S. or Israel pre-emptively. Rather, Iran is likely to rebuild its missile capabilities to deter and retaliate against future attacks. The degradation of Iran’s capabilities could prove a Pyrrhic victory, because Israel and/or the U.S. will strike Iran again if Iran rebuilds its military or nuclear program, potentially restarting the cycle of war.

→ Iran is not likely to be able to produce a nuclear weapon for years, as President Trump said on 31 March. But that was exactly where we were after U.S. and Israeli strikes “obliterated” the program or, more accurately, deeply buried most of it, during the 12-day war. The location and accessibility of the 440 kg of 60% enriched uranium have not yet been verified, absent IAEA inspectors. Some experts have asserted that the remnant Iranian regime will now be more likely to pursue a nuclear weapon, a process ironically constrained by the now deceased Supreme Leader. Regardless, unless this fissile material is dealt with via negotiations, a possibility, or a U.S. special forces operation, the war has not materially changed the threat or the ability to manage it.

→ Iran’s proxies remain capable of inflicting harm on U.S. interests and on Israel. The defeat of Iran’s proxies was probably overstated, in hindsight. Hezbollah retained missile and rocket capabilities that have surprised Israel, and Iranian-backed militias in Iraq have struck numerous U.S. facilities and kidnapped a U.S. journalist. Israel has moved into Lebanon, threatening to occupy the south, and is imposing major losses on Hezbollah. But Israel’s approach is not likely to military defeat Hezbollah and will prove counterproductive to U.S. goals of a more stable Lebanon, at least in the near term. Yemen’s Houthis have fired largely performative missiles and drones toward Israel, but its limited involvement allows it to retain and rebuild capabilities that could again threaten the Red Sea and U.S. regional interests and partners.

↓ Freedom of navigation has ended through the Strait of Hormuz; Iran now effectively controls it. It is a sad irony that the presence of U.S. forces in the region prior to the war had deterred Iran from seriously threatening traffic in the Strait for since the 1980s. But the overwhelming U.S-Israeli strikes on Iran removed this deterrent effect and reduced conventional forces, leaving Iran primarily asymmetric tools and economic points of leverage as its best response. Iran is now building a practice of taking tolls or striking arrangements with sponsors or collaborators. This is not likely to change unless the U.S. and Iran negotiate an end to the conflict that includes Iran’s agreement to stop threatening and extorting traffic in the Strait. Absent this, it is likely that Iran will retain leverage and reap a windfall from permits and other fees, however illegal under international law.

↓ Americans’ wallets will be squeezed for some months and perhaps into next year. While the U.S. economy is more insulated than most U.S. partners’ and allies’, we are hardly immune from the largest supply disruption in the history of the global oil market, with knock-on effects for gas, derivatives like diesel, helium for semiconductors, fertilizers, plastics, and a range of chemicals. It is likely to take months to resume pre-war oil and gas production and shipping levels through the Strait, with cascading timelines for shipments to arrive and refining. Diesel prices, which have risen 40%, are hiking the cost of shipping, airfares, farm production (along with fertilizer price rises), and will ultimately cause food inflation. Sustained overall inflation, high mortgage rates, and lower growth are not certainties, but the risk is growing.

↓ Terrorist attacks are on the rise. Since February 28, Iran and Hezbollah have mounted or inspired attacks, mostly foiled, in at least seven countries, primarily targeting U.S. personnel and assets and Israeli or Jewish facilities from the U.S. and Western Europe to Iran’s neighboring countries, Kuwait and Azerbaijan. With the disruption to IRGC command-and-control, attacks by lone wolves and recently recruited criminal proxies are more likely, but sleeper cells reportedly have been activated and have been present in the U.S. and Europe since the 1980s. Some thwarted attacks have been more serious: Azerbaijan disrupted an IRGC plot to bomb a critical oil pipeline and Kuwait rolled up a Hezbollah assassination network targeting the country's leadership. And lone wolf attacks are harder to defend against, already taken Americans’ lives in Austin, Texas. As counterterrorism capabilities have improved over the decades, Iran's success rate dropped precipitously, but the volume of attempts has increased dramatically in compensation. With reportedly diminished U.S. counterterrorism resources, the odds of success in the U.S. appear higher.

↓ The Transatlantic Alliance is at risk, with Allied and Trump anger hitting new highs. A permenant rewiring is not inconceivable, as this crisis piles on top of Washington’s gambit to obtain Greenland, tariff and trade pressures, and efforts to undermine the EU and its regulatory powers. While it is unlikely that President Trump will formally withdraw from NATO, its ability to deter Russia will be diminished as its capabilities and cohesion erode. Canadian Prime Minister Carney’s calls for a “middle power” coalition are hard to implement, but more countries are on board with the concept. More collaboration on specific issues like critical minerals supply chains and reopening the Strait of Hormuz are likely to grow either separately or in parallel to collaboration with the U.S., which remains a practical requirement. One has to worry about effects on the US-UK special relationship and the Five Eyes alliance.

↓ Russia gains the most. In addition to the Transatlantic rift, the war ties down U.S. military capabilities, undermines NATO capabilities and cohesion, removes pressure on Moscow to end its own war, and further limits arms flows to Ukraine. In practice, it gives Russia the ability to fight this war longer and to impose greater costs on Ukraine. With U.S. sanctions lifted, Russia’s budget crisis is stabilized. And the impunity Trump has handed Putin for helping Iran target Americans will encourage Putin to push the boundaries of its gray-zone attacks further, until or unless President Trump decides to react.

↓ China, having prepared for such a shock, also stands to gain strategically. U.S. weapons intended to deter China have been expended or withdrawn from the Asia Pacific, leaving gaps in air defenses. Shortages of U.S. precision-strike weapons (like Tomahawks) and air defenses will limit and delay planned acquisitions by our allies. With U.S. forces depleted in the near term, will President Trump be more likely to grant concessions to President Xi in order to keep the peace? Economically, though not completely isolated from global economic shocks given its export dependence, China’s dominance in green technologies will pay dividends as the rest of the world drives to diminish import dependence. Strategically, China is playing up its role as a stabilizing global power, although this has limits given its unwillingness to directly engage in ending the war, provide security, or help neighbors that have asked China for emergency supplies of fuel and fertilizer.

↓ Economic shocks rippling through the Asia-Pacific threaten promises on U.S. trade and investment and risk political fallout in allied countries. The war is a crisis of both supply and price in Asia. Governments’ across the region have turned to emergency spending to replace Gulf imports and increase subsidies, spiking deficits and debt in turn. Poorer countries’ fuel reserves are running dangerously low, forcing austerity measures, business contraction, and closures. Violence and protests already have broken out, including in India, Pakistan, the Philippines, and Bangladesh. Second order effects on tourism, food production, and potentially remittances from Gulf states will linger. Financial strains will raise domestic pressures to pull back on investment and trade pledges that already are seen as unfairly benefitting the U.S. Third-order effects of political instability and upheaval catalyzed by financial distress is likely over the next few years, for example in the Philippines.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

While the U.S. Focuses on Iran, Russia and China See Strategic Gain

OPINION — Russia and China are certainly concerned about the desperate state of Iran’s regime, an invaluable transactional partner to both countries. Yet they are also working to secure more strategic gains at America’s expense. Both likely prefer—and are enabling—a drawn out, grinding, and unpopular U.S.-led war that strains U.S. military reserves, alliances, global influence, and deterrence. Their shared goal is to turn successful U.S. and Israeli strikes on Iran into a strategic and costly setback for Washington without overt military involvement.

Russia has earned billions due to rising global energy prices and loosened U.S. restrictions on Russian oil, possibly rescuing Russia’s weakened national budget. This provides critical funding to its war effort against Ukraine at a time when sanctions were having an impact.

The diversion of weapons systems, intelligence assets, and funding to the Middle East and reduced political pressure by the U.S. on Russia to negotiate with Ukraine favor Russia’s war efforts against Ukraine.

Russia’s provision of intelligence, upgraded drone technology, and targeting support is forcing the U.S. to employ high-demand and expensive defensive weapons. This is clearly a message by Russia that it is “paying back” the U.S. for support to Ukraine.

Like other gray-zone operations by Russia, this is a chance for Russia to enable cognitive as well as lethal operations against the U.S. For those hoping for a diplomatic path with Moscow, this is another reminder of Russia’s focus on the U.S. as its primary adversary.

China is likewise benefiting strategically. Much like Ukraine, Iran is a live laboratory for China on U.S. military capabilities, drone defenses, strength of alliances, global logistics and supply chains under pressure and, most critically, political resolve. China likely views this as invaluable as it looks toward Taiwan.

China is the primary benefactor of Iranian oil. It not only gets significant discounts; it also increasingly settles in Chinese yuan to undermine the U.S. dollar.

Strategically, the war commits U.S. forces, carriers, munition stocks, and intelligence assets in the Middle East, which takes some pressure off Chinese aggressive activities near Taiwan. China may also be calculating if a major military distraction for the U.S. at some point in the future may create conditions favorable to a more aggressive move against Taiwan.

China is also quietly providing Iran dual-use technology such as BeiDou navigation systems that enable lethal strikes by Iran against U.S., Israeli, and regional targets. In parallel, China exploits current events in the Middle East through information and cognitive operations to undermine U.S. reputation and influence while strengthening its own.

U.S. and Israeli strikes on Iranian leadership, nuclear infrastructure, and military capabilities have been impressive in precision and lethality. Those metrics are useful in a conventional sense, but this is asymmetric warfare embedded in great power competition. Russia and China are not just bystanders. They are active gray-zone participants and clear benefactors of the war, committed to a strategic defeat for the United States. Russia reaps huge energy windfalls and sees less pressure over Ukraine while China quietly observes, learns, and calibrates its options toward Taiwan.

Of course, our national security team understands these dynamics. The challenge is not to fully pivot to Iran, but to continue with a clear-eyed approach to Russia’s and China’s aspirations against the U.S. Even as the U.S. displays considerable military strength against Iran, the U.S. is vulnerable to its most capable strategic adversaries.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

New Presidential Executive Order Targets Transnational Cybercrime

OPINION – The Cipher Brief broke new ground when it published my piece addressing scams as a national security issue in December 2023. Two years later, there is broad consensus that transnational criminals are attacking our citizens and businesses at unprecedented scale, and the White House has responded with a new Executive Order to combat the surge in cybercrime. It is time to raise our defenses, and the Intelligence Community has an important role to play. The lessons gained from the battle with counterterrorism apply to the new world of cybercrime — intelligence and data fusion are key.

A Tsunami of Cybercrime

Reported fraud losses have surged nearly 430% since 2020, according to FTC testimony at a recent Congressional hearing.

[Source: FTC testimony at U.S. Congress Joint Economic Committee, 25 March 2026.]

The money flows mainly into the pockets of foreign crime syndicates—Chinese gangs in Southeast Asia running investment scams, Indian call centers preying on seniors, Mexican narco‑terrorists funneling the proceeds from time‑share fraud into drug trafficking, and others. Who is behind the “toll road” scam that we’ve all received via text message? Chinese cybercriminals.

Teens are at risk, too. Sextortion specialists in West Africa and the Philippines have caused more than 36 teenagers to commit suicide.

The future looks grim. Over the next three to five years, INTERPOL expects a sharp escalation in transnational fraud, driven by artificial intelligence, low-cost digital tools, and increased global criminal collaboration. INTERPOL reports a global surge in AI-enhanced fraud schemes, notably sextortion, investment scams, impersonation frauds, and fake kidnappings for ransom.

Sounding the Alarm

Corporate America started warning last year about the severity of the threat. In February 2025, Google issued a report entitled: “Cybercrime: A Multifaceted National Security Threat.”, urging policymakers to elevate cybercrime as a national security priority.

In late 2025, Amazon, Google, JPMorgan Chase, Meta, Microsoft, Target, and 40 other companies sent an open letter to Congress saying “Scams are a fast-evolving national security threat.” They described a “national epidemic” that endangers public trust and economic stability alike, and concluded: “Our country, its citizens, and its corporations are being targeted and robbed by transnational criminal operations.” Senator Chuck Grassley made the same point at a 2025 Judiciary Committee hearing, describing “industrial‑scale fraud” by transnational organized crime groups as “a national security crisis hiding in plain sight.”

A New Presidential Executive Order Targets Cybercrime

In early March 2026, President Trump signed a landmark Executive Order on Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens, declaring it the policy of the United States to “protect Americans from, and harden our financial and digital systems against, these threats.” The president ordered the Departments of State, Treasury, War, Homeland Security, and the Attorney General to prepare an action plan by July 2026.

For the first time, the White House:

Described cyber-enabled fraud as not just a consumer protection issue, but as an attack by transnational criminals.
Stated that cyber protection for U.S. citizens is a priority.
Assigned a White House official to coordinate the action plan: the Homeland Security Advisor. The Office of the National Cyber Director is also to be consulted. Elevating the issue to the White House level is the right call when faced with a threat that cuts across multiple departments and agencies.

The new Executive Order is a critical step toward restoring trust and safety in our digital economy.

As the nation begins to mount defenses to thwart foreign cybercrime, we would do well to consider some best practices.

The Counterterrorism Model

In recognition of the rising threat of Transnational Criminal Organizations (TCOs), we should think big and create a National Center in the executive branch. The Center would be an operational interagency effort, modeled on the successful National Counterterrorism Center (NCTC) that the U.S. government created after 9/11. The new Center could be under DOJ and DHS, and it would comprise relevant elements from across the government and the private sector. Its mission would be to address all of the ways we are being attacked by transnational criminals, including scams.

In recent months, the federal government has created a variety of task forces to address particular parts of the transnational crime threat. Rather than pursue individual approaches, a National Counter TCO center would provide a more comprehensive and efficient response.

The UK Model: Intelligence and Data Fusion

In March 2026, the British government announced its newest Fraud Strategy and committed £31 million to launch an Online Crime Centre (OCC) in April 2026. The OCC will “unite UK policing, the UK Intelligence Community (including GCHQ, the National Cyber Security Centre and the National Cyber Force) alongside private sector partners from the financial, telecommunications, technology, and cyber industries.” The goal is not just to respond to fraud, but to disrupt it at scale—analyzing large volumes of data to block calls, freeze accounts, and take down fraudulent websites. The UK also recently created a centralized reporting system to speed analysis of victim reports.

Initial U.S. Steps Require Follow-Through

The U.S. Government’s response lags significantly behind that of the British government. The U.S. has not yet created a national strategy, a centralized reporting system, or an intelligence-driven data fusion center. As a result, the U.S. approach is mainly reactive, not preventative. We’re falling further behind.

The UK has committed £250 million over three years to combat fraud, but neither the White House nor Congress has yet allocated the necessary resources. In the U.S., the Administration's budget request proposes a $555.1 million reduction to the FBI's budget for FY 2026.

To illustrate the mismatch in resources, the UK’s central reporting system uses AI from Palantir to analyze the crush of fraud reports. But the FBI told Congress in late March that the Bureau does its analytic work manually. Why can’t our FBI afford modern tools?

As other nations raise defenses, the U.S. risks becoming an increased target. But that outcome is not inevitable. The U.S. has the best technology in the world. With the proper leadership and resources, we can defend our nation against the growing scourge of cybercrime.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Back to top