The Cipher Brief

DEEP DIVE – Ukraine’s President Volodymyr Zelensky calls it “our most successful missile.” One expert says it’s "Ukraine’s strongest security guarantee.” And former CIA Director and Cipher Brief expert Gen. David Petraeus says it has the potential to be “a game changer” in the war against Russia.

They are talking about the FP-5 Flamingo, a ground-launched, subsonic, made-in-Ukraine cruise missile, built to hit targets deep in Russian territory.

Not since the first salvos of Russia’s 2022 invasion has Ukraine’s defense industry sounded so enthusiastic about a weapon manufactured on its soil. The successes of Ukrainian defense technology are well known; as The Cipher Brief reported last month, the country is now widely believed to have the world’s most innovative defense sector. Its drone technology in particular continues to earn rave reviews from experts and western defense companies alike.

But the Flamingo is something different – a missile with a reported range of 1800 miles and the ability to carry more than 2,000 pounds of munitions, meaning that in one strike it could cause greater damage than even a swarm of drones. Compared to the top-class American Tomahawk cruise missile, the Flamingo is believed to be less accurate but with a similar range and a much heavier payload. And because it is manufactured in Ukraine, the Flamingo can be launched against Russian targets without Western-imposed restrictions.

“The Flamingo may actually be a game changer,” Gen. Petraeus said at the Cipher Brief’s annual Threat Conference last month. “You add that capability to what Ukraine has already done,” he said, referring to the recent drone campaign against Russia’s oil sector, “and [the Flamingo] will extend this dramatically.”

Zelensky said last month that the Flamingos had carried out their first missions, including a three-missile attack on a Russian security base in northern Crimea. Last week, Ukraine’s General Staff said it had used Flamingos as part of a strike that targeted “several dozen” military and infrastructure sites inside Russia and in occupied Crimea.

The Flamingo’s manufacturer, the Ukrainian firm Fire Point, claims to be producing between 1-2 missiles per day, with plans to scale to 7 per day by year’s end, for a 2026 projected total of more than 2,500. "By December we’ll have many more of them,” Zelensky told reporters in August. “And by the end of December or in January–February, mass production should begin."

Experts say every one of those missiles will dwarf the power of a drone weapon.

“With the drone-strike campaign, you have the challenge that they mostly carry fairly small warheads,” John Hardie, Deputy Director of the Russia program at the Foundation for Defense of Democracies (FDD), told The Cipher Brief. “The damage is far less than you could do with a one-time warhead that’s carried by the Flamingo.”

All of which raises the question: Might the Flamingo change the course of the war?

How the Flamingo was born

Even by the lofty standards of Ukraine’s recent defense-tech achievements, the Flamingo’s origin story is an inspiring one. And it dates to the last days of the Cold War.

In the wake of the Soviet Union’s collapse in 1991, Ukraine agreed to give up not only its nuclear weapons but also its considerable arsenal of Kh-55 cruise missiles. And after Russia’s 2022 invasion of Ukraine, while Zelensky and other Ukrainian leaders pressed constantly – and with mixed success – for western weaponry and security guarantees, they also began turbocharging their domestic defense industry.

“Ukrainians were authors of the Soviet space program and rocket program,” Oleksiy Goncharenko, a member of Ukraine’s Parliament, told The Cipher Brief. “When you have a lot of experience and when your people are smart enough, then the result is obvious. You have technologies which other countries respect.”

For more than three years, however, Ukraine remained largely dependent on Western countries for high-end, long-range strike capabilities. That led to the creation of a made-in-Ukraine cruise missile program.

The result is the FP-5 Flamingo, developed by Fire Point, a former casting agency that spun itself into a defense firm in the summer of 2022. In 2023, Fire Point produced its first FP-1 attack drones, ultimately turning out 200 FP-1s that year; this year the figure is expected to hit 20,000. Its cruise missile project has moved at a similar warp speed: in August, less than a year after it began work on the cruise missile, the company was showing off the prototype; soon after that, the first Flamingos were flying.

“We came up with it pretty fast,” Iryna Terekh, the company's 33-year-old Chief Technical Officer, told Politico. “It took less than nine months to develop it from an idea to its first successful tests on the battlefield.”

Terekh and other Ukrainian defense entrepreneurs speak often about how the Russian invasion has motivated their work – what Goncharenko calls “the unfortunate inspiration of war.” Terekh fled a Russian-occupied village near Kyiv in the early days of the war, and says her car still has a hole from a Russian bullet. She joined FirePoint as a partner in June 2023.

Ralph Goff, a former Senior Intelligence Executive at the CIA, calls the Flamingo production story “combat Darwinism at its best.”

“If the West isn't going to give them the long-range weaponry that they want to carry out their strategic attacks, they'll develop them themselves,” Goff told the October Cipher Brief conference. The Flamingo, he said, “is a serious piece of offensive weaponry.”

As for the missile’s unusual name, that traces to an in-house story at Fire Point, about the day when someone painted a solid rocket booster prototype pink, in a nod to the women involved in the male-dominated world of weapons production. Later, when the missiles were ready for testing, the company needed a bright color to help locate post-launch debris. Pink paint was available – and that led to the Flamingo moniker. The Pink has gone – missiles used in actual strikes are colored less conspicuously – but “Flamingo” stuck.

“You don’t need a scary name for a missile that can fly 3,000 kilometers," Terekh said. "The main goal is for a missile to be effective.”

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Reality check

If Fire Point’s claims are borne out, the Flamingo will have a reach and power on par with western cruise missiles, and an arsenal to match any European nation’s other than Russia.

Experts warn that behind that “If” lie multiple concerns – most of them due to the fact that there has been minimal independent verification of the company’s claims.

“In the defense industry, it’s easier to make statements than to actually implement them,” Ukrainian lawmaker Roman Kostenko said of the Flamingo’s potential, speaking to Radio NV last month.

One issue involves accuracy, which experts say Fire Point had to sacrifice to a degree in its push for a low-cost, fast-to-market weapon. In the Crimea strike, one missile reportedly landed some 100 meters from its target.

“Because it's low-cost, you kind of skimp on some of the more high-end features you might see in a more exquisite missile, guidance and accuracy being one of them,” Hardie said. “It's a relatively inaccurate missile at least by modern standards.” But he added that if the pace of manufacturing ultimately yields the high numbers Fire Point has promised, then “that tradeoff [high volume for accuracy] makes sense.”

Balazs Jarabik, a former European Union diplomat and analyst for RPolitik, has studied the Flamingo project since its early days. He doubts that Fire Point can reach its production goals.

“The Flamingo is real, but the production capacity is overstated, at least so far,” Jarabik told The Cipher Brief. He noted that an earlier Ukrainian-made missile, the Neptune, has yet to reach its promised scale, and that for all its defense-sector successes, Ukraine must contend with wartime supply-chain issues that would bedevil any weapons manufacturers. He and Hardie said that scaling to hundreds of Flamingos per month will require consistent supplies of everything from engines to warheads to electronics for guidance systems.

“I'm a little skeptical, but it's possible the Ukrainians will get there,” Hardie said, and Gen. Petraeus said that the Ukrainians “really need to double down” on the pace of the Flamingo manufacturing. “They're trying to get that into full production.”

Fire Point must do so while Russia targets Ukraine’s young defense companies as well as the country’s energy infrastructure. The latter is critical, given the defense sector’s high demand for energy. For one piece of the Flamingo supply chain, the company has already found a workaround: in September, Fire Point announced that Denmark had agreed to produce fuel for the Flamingo, effectively removing a key production facility from the war zone. The announcement provoked a warning from the Kremlin, which called the Danish plans “hostile.”

That response raises the question of Russian retaliation – a concern that has accompanied the delivery of virtually every new weapons system to the Ukrainian side. Some experts fear that any successful, high-impact Flamingo strike against Russia, carried out with help from Western intelligence – the destruction of a weapons factory deep in Russian territory, for example – would risk a NATO-Russia fight that the West has been desperate to avoid. Others doubt that Vladimir Putin has any interest – at least not in the current moment – in any escalation that might lead to conflict with the West.

“The Russians have been consistently more bark than bite,” Hardie said. “They know that attacking a NATO country in an overt military way – not the sort of gray-zone, below-the-threshold-of-war stuff they've been doing, but an overt military missile strike – that's an act of war. And Putin doesn't want any part of a direct conventional fight with the United States and NATO allies.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

What to watch for

Even analysts who are skeptical about the Flamingo’s future note that it would take only a few successful strikes to inflict severe damage, and that if Fire Point can get anywhere close to its 2500-missile-per-year pledge for 2026, the battlefield impact could be profound. Beyond the Russian oil refineries and other energy facilities the Ukrainians have attacked lately, the Flamingo will put more military targets in range as well. The holy grail might be the joint Russia-Iran manufacturing facility in Tatarstan that is turning out the deadly Shahed drones, at a scale that the Ukrainians must envy.

Experts say that with hundreds of Flamingos at the ready, Ukraine might achieve what Jarabik refers to as “mass saturation,” an ability to bring a heavy and varied drone-and-missile threat to military and energy targets across all of European Russia.

“If you're Ukraine,” Hardie said, “you'd like to be able to combine these missiles and drones into a complex strike package much as the Russians are currently doing, and keep the Russian air defense on its toes.”

“The Flamingo is heavy, and it’s also relatively easy to shoot down,” Jarabik said. “And so they will need mass saturation – a lot of these missiles, but with drones or other weapons too, to get through to the targets. They're going to have to produce enough that they can have a sustained impact, …and I don't think we're going to be there anytime soon.”

Then Jarabik added: “All that said, you have to acknowledge Ukraine’s innovation and skill. And I think [the Flamingo] is a big thing. Absolutely.”

As for the accuracy concerns, Ukrainian officials noted that while one of the Flamingos fired at Crimea did miss its mark, the two others leveled a barracks and brought a “massive destructive power,” with craters measuring 15 meters in diameter.

No one is touting the Flamingo as a replacement for the array of Western missiles that have been delivered to Kyiv. The Ukrainians will still covet the German Taurus, and the British-French Storm Shadow/Scalp cruise missiles, which are more accurate, though they come with conditions attached to their use. The diversity and volume of weapons systems, experts say, are what could make a real difference. And the Flamingo adds a powerful new element to the Ukrainian arsenal.

“No one system or weapon is going to be the decisive game changer,” Hardie said. “I don't think there's any such thing as a wonder weapon. That being said, for a supporter of Ukraine, it's really encouraging to see Ukraine being able to move out on its own more in terms of long-range strike capabilities. They are taking these steps forward and really taking it to the Russians right now with this campaign against energy infrastructure. That's been impressive to see and I think it kind of augurs more to come. So if I were the Russians, I would be worried about that.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Q&A: Interpol’s Cybercrime Chief on How AI is Driving Borderless Cyber Threats

EXCLUSIVE INTERVIEW — Anthropic’s announcement that Chinese state-sponsored hackers used its Claude AI technology for a largely automated cyberattack underscores how cybercriminals are becoming faster, stronger and more organized, driven by advances in technology like artificial intelligence. Criminal networks are now blending phishing, fraud and ransomware with other enterprises like trafficking and money laundering, making this borderless threat even more complex and serious.

The Cipher Brief spoke with Dr. Neal Jetton, the Cybercrime Director of Interpol, to discuss how the world’s largest international police organization is taking on the threat. Speaking from last month’s Global Cybersecurity Forum in Riyadh, Saudi Arabia, Dr. Jetton said Interpol-driven efforts like information-sharing, cross-border cooperation and law enforcement training are critical in countering emboldened cybercriminals.

The Cipher Brief: Can you tell us what kind of buzz has been there? Have there been key themes or issues at this very point in time among the cyber experts that you've been talking to?

Dr. Jetton: I think you can't get away from AI here. Every panel, every discussion has an AI focus, and you think, "Ugh, more AI." But, it's here. It does impact probably everything. We have a lot of cyber threat intel companies here from the private sector who are working with it every day for their means.

And then from a law enforcement perspective, we look at it kind of as a double-edged sword. I'm from INTERPOL, so we look at how AI can benefit law enforcement in the long run. But as a cybercrime director, I also see how cyber criminals are also utilizing AI to enhance the effectiveness of their criminal activities.

The Cipher Brief: What can you tell us about the role that INTERPOL plays in countering these threats?

Dr. Jetton: So, just a little bit about INTERPOL because maybe there's some misconceptions about what it is. Even my neighbors sometimes think, "What do you actually do, Neal?" So in INTERPOL, there are 196 member countries. We are focused on law enforcement to law enforcement connections. So what we want to do in the Cybercrime Directorate is understand what our membership is suffering from as far as the type of crimes that they are seeing the most.

So we will send out yearly threat assessments because we think we might have a good idea of what a particular region is suffering from, but we need to hear it directly from the law enforcement officers and experts on the ground. We'll get that information, and then we'll turn that around and we'll try to base our training, our coordination meetings, and then our operations focused on the threats that they, our members, see most commonly.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

The Cipher Brief: When we talk about things like attribution, going after threat actors and bolstering cybersecurity, where do those rank on the priority scale for INTERPOL?

Dr. Jetton: Within the Cybercrime Directorate, we have three goals. I tell my team, what we want to do is we want to build up the capacity for our country. So we have to understand what they need, what they're lacking in terms of tools and training. We then want to provide accurate, useful intelligence to our member countries that they can use and turn into evidence that then helps drive their investigations to be more successful.

But my goal is to increase the capacity for our member countries, to provide relevant intelligence to them so that we have operational success, and we've done that. I think we've done more than 10 operations this year within the Cybercrime Directorate, both global and regional, focused on the threats that our members are seeing most.

What we will do is, in a lot of instances, we will bring the countries that are participating in our operations all together at one point. We'll then bring relevant private sector partners, many of them here at GCF, to come and provide training to them on the ground. We will do tabletop exercises, and then at the end of that week, it's usually a five-day process, we'll kick everybody out and we'll just focus on the operation at hand. We'll say, "We're going after this malware or these threats. These are the types of steps that we think you should take that would help you in your investigation."

So we really do want to benefit our members. I want to say though that the success that these operations have had—we've had some big wins recently—the lion's share of the success goes to our member countries, the law enforcement on the ground who are doing the actual investigations, who are going and making the arrests and seeing those things through. We've done several recently with great success.

The Cipher Brief: We asked Chris Inglis, who is the former National Security or Cybersecurity Director in the United States, about the connections between nation states and cyber criminal groups. How do you see INTERPOL playing a role in this area? Are there both challenges and opportunities when you're talking about cybercrime that may be backed by nation states?

Dr. Jetton: That's one of the misnomers with INTERPOL. The big thing with INTERPOL is neutrality. I came from a task force where we looked at nation state transnational cybercrime. But within INTERPOL, I just have to state that our constitution does not really allow us to focus on investigative matters of a religious, racial, political, or military nature. So we know that that limits the nation state actors, and I'm very aware of that. It's not like I'm naive to understand who's behind a lot of these cyber criminal activities. But to maintain that neutrality and trust with 196 members, there is a limit to what INTERPOL is allowed to do. Countries will reach out to you and they will say, "Hey, our government networks have been breached," and I know automatically this is not your usual financially motivated cyber criminals, there's something there. So I have to work hand in hand with my legal affairs team to say, "Where can we draw the line?" I don't just want to say, "No, we're not doing anything," but can we provide something, at least the starting point, but we don't want to provide attribution or state like, "Hey, it's this person.” But maybe give them a little bit of a head start and then hand off to the countries that provided the intel or are having the issues and then help them along the way.

So I just want to be clear. Nation state actors, there are a lot of organizations that are focused on that, including where I was previously. But INTERPOL, we are really focused on the financially motivated cyber criminals.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The Cipher Brief: It's such an interesting patchwork of expertise that it is critical for collective defense. What vulnerabilities do you see from your perch at INTERPOL right now in cyberspace, and where do you think defenses are failing?

Dr. Jetton: For us, when we're asking countries, "What are the biggest issues that are preventing you from being more successful in combating cybercrime?" A lot of it is the tools and the training, just having insufficient funds to actually drive up their investigative know-how or expertise. But also I think between countries, it's just the rapid ability to share information.

There are what we call MLATS, Mutual Legal Assistance Treaties. A lot of times it just takes a long time to ask for information. And we know in cybercrime, we need instantaneous help. So I would always encourage countries to reach out to INTERPOL. We have a 24/7 network. That's why we're there. I can't promise we can do everything in every situation, but we will do our very best to make the connection between which countries you need or if you need a particular company. We can't compel, but we'd put you in touch and at least let you have that conversation.

The Cipher Brief: What are the trends you are seeing right now in cybercrime?

Dr. Jetton: What we're seeing primarily is the use of AI in increasing the efficiency, scope, and effectiveness of emails and the phishing scams. They're using this phishing as a platform. You can just blank X as a platform. So it's these tools that you didn't have to have a really sophisticated technical level of abilities, and you can have these tools that allow you to then go out and commit fraud at scale. And so we are seeing that.

Also, what we're seeing is a convergence of different crimes. So cyber is poly-criminal. I live in Singapore, and one of the big things in Southeast Asia are the cybercrime centers. You hear about that all the time. What happens is you have these organized crime groups that are using cybercrime as fraudulent job applications, the emails, things like that, recruiting, and then the human trafficking aspect of it, and then forcing the people to commit the cybercrime while they're there. So we see that as a huge issue, the poly-criminal aspect of cyberware. It doesn't matter if it's human trafficking, drugs, guns—there's going to be some sort of cyber element to all those crimes.

The Cipher Brief: What are some of the most interesting conversations that you've had on the sidelines there? Has there been anything that's surprised you from some of the other guests and speakers?

Dr. Jetton: We were talking about the use of AI and where we think it's going, whether it's kind of positive or negative. What I was surprised at was, I was on a panel and I was the only person that had the glass half empty. I realized that there are some obvious useful uses for AI, and it's a game changer already for law enforcement. But what I see is these technologies being utilized by criminals at a faster rate than what law enforcement can usually do. So I see it as somewhat of a negative knowing that we're going to have to catch up like with AI-produced malware. I think that will be an issue in the future.

Whereas my other panelists were all from the private sector, and they were all like, "No, no, AI is great. It's going to allow us to use it in these positive directions," which is true, but I'm the negative, the Grinch here talking about it from saying that. So I would say that that was probably the most surprising thing.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Hezbollah’s Quiet Rebuild

DEEP DIVE — Tucked deep into the cragged hills of southern Lebanon, Hezbollah, the once powerful Iranian-backed militia brought to its knees by a war with Israel, has spent the past year meticulously gouging its way back to relevancy.

For Western and Israeli security forces, the designated terrorist group’s covert but influential resurgence establishes a precarious problem: a persistent, low-level threat that could instantly trigger a wider conflict, critically testing the resilience of any ceasefires and the existing, fragile statehood.

Financial Lifelines and Sanctions

The November 5 announcement from the U.S. Treasury’s Office of Foreign Assets Control (OFAC) targeted key elements of Hezbollah’s financial network. Two operatives — Ossama Jaber, a Hezbollah financier who personally collected tens of millions via Lebanese exchange houses from September 2024 to February 2025, and Ja’far Muhammad Qasir, a sanctioned terrorist collaborating with Syrian oil magnate Yasar Husayn Ibrahim — were blacklisted for laundering Iranian cash into Hezbollah’s war chest.

These funds, exploiting Lebanon’s cash-heavy, regulation-light economy, bankrolled everything from paramilitary salaries to the reconstruction of terror infrastructure battered by Israeli strikes. Under Secretary of the Treasury for Terrorism and Financial Intelligence, John Hurley, didn’t mince words: For Lebanon to emerge “free, prosperous, and secure,” Hezbollah must be “fully disarmed and cut off from Iran’s funding and control.”

Matthew Levitt, a senior fellow and director of the counterterrorism and intelligence program at The Washington Institute for Near East Policy, and a former counterterrorism intelligence analyst for the FBI, points out that despite sanctions, Iran’s financial backing is pivotal to Hezbollah’s survival and operational reach.

“We assume Iran still provides about the same amount of money, but Hezbollah is having a harder time getting it through on a timely basis. They can’t just ship it from Iran or Iraq anymore without inspections, so they rely more on diaspora networks in South America and Africa,” he tells The Cipher Brief. “All of this is against the backdrop of severe setbacks. Hezbollah intends to continue positioning itself to not only fight militarily but also assert an oversized, dominant position within Lebanon by virtue of force.”

A Battered Front, But Not Broken

The Israel-Hezbollah war, which ignited in 2023 alongside the war in Gaza, decimated the organization’s leadership, weapons arsenal, and fighting ranks, with more than 3,000 of its fighters killed. The decapitation strikes were surgical: On September 27 last year, an Israeli airstrike flattened Hezbollah’s Beirut headquarters, killing Secretary-General Hassan Nasrallah, the group’s iron-fisted architect of asymmetric warfare. In the ensuing ground incursion, Israeli forces dismantled border launch sites and command bunkers, leaving Hezbollah’s Radwan Force, the elite unit tasked with infiltrating Galilee, reeling.

Yet, as analysts caution, Hezbollah is battered but not broken. A number of its battle-hardened fighters, who cut their teeth supporting the Assad regime in Syria, are now integrating into civilian life, ready to rearm at any time. Furthermore, the group’s Shia base, which comprises roughly 31 percent of the Lebanese population, remains loyal to Hezbollah, upheld by its wide-reaching welfare networks amid a country grappling with a crumbling economy.

These moves indicate that Hezbollah’s military recovery is already well underway.

“Hezbollah is giving much more attention than before the war to its Badr Unit, positioned north of the Litani River, and strengthening it with Radwan forces,” Sarít Zehavi, senior researcher at the Alma Research and Educational Center, tells The Cipher Brief. “They are also shifting from smuggling to local manufacturing of drones and missiles. Even though some brigades are not yet redeployed to the border, they continue training and rebuilding capabilities.”

The Badr Unit, a key element of Hezbollah’s northern forces, has become the group’s tactical spearhead along the Litani River and near the Israeli border. Tasked with reconnaissance, border infiltration, and rapid response, the unit has been reinforced with Radwan-trained fighters and advanced drone capabilities. Badr is central to Hezbollah’s evolving doctrine of “strategic latency,” maintaining a persistent threat without provoking full-scale war, and acts as a bridge between conventional militia operations and the group’s clandestine drone and cyber activities.

Moreover, Lebanon’s political deadlock increases the risk that Hezbollah will maintain its military dominance.

The Beirut government, assembled hastily earlier this year under President Joseph Aoun, is characterized as the least Hezbollah-affiliated in years, with a focus on reclaiming national independence from the dominant insurgents. There is, however, significant skepticism about how such a push is enforced. Hezbollah continues to rebuff key appointments, and its diminished but growing stockpile, estimated at 20,000 remaining rockets, hangs over Beirut’s ambitions.

This hybrid threat presents a national security nightmare for Washington: a non-state actor wielding state power, rendering diplomacy incredibly difficult.

Iran’s Evolving Logistical Pipelines

Tehran’s shadow looms largest. The IRGC-Quds Force, Hezbollah’s ideological leader since 1982, has poured over $1 billion into the group this year alone, per Treasury disclosures — despite layered U.S. sanctions biting into Iran’s oil exports. However, a source familiar with the U.S. Office of Foreign Assets Control told The Cipher Brief on background that tracking Iran’s funds has become increasingly challenging in recent months.

“The Treasury and State Departments need more resources to track violations, and the government shutdown left many investigators sidelined,” the source observed. “Congress can help by requiring reports on Iranian weapons shipments and funding enforcement teams.”

The Iranian cash flows through hawala networks and Beirut’s labyrinthine exchange houses, where operatives like Jaber convert petrodollars into untraceable Lebanese pounds. It’s a masterclass in sanctions evasion: Iran’s regime, squeezed by domestic protests and a rial in freefall, prioritizes its “Axis of Resistance” over breadlines at home.

“Assad’s downfall severely crimped Hezbollah’s pipeline from Tehran, but even so, Hezbollah and Iran remain adept at exploiting fragile states. Beirut and Damascus show some interest in interdiction. Still, both are weak governments, and they have other priorities,” Jonathan Ruhe, Director of Foreign Policy at the JINSA Gemunder Center for Defense & Strategy, tells The Cipher Brief. “Iran also exploits power vacuums in Sudan and Libya to resupply Hezbollah from the sea, using surreptitious maritime tactics like Iran’s sanctions-busting ‘shadow fleets.’”

Post-war Syria has forced Tehran to improvise. The once-feared land bridge — stretching from Iran through Iraq and Syria to Lebanon — has been battered by Israeli airstrikes and rebel attacks, yet parts of it still survive. To bolster its Middle East proxy, the Iranian regime has upped its use of maritime routes. Iranian cargo ships dock at Syria’s Tartus port under civilian manifests, offloading drone kits and rocket fuel disguised as fertilizer. Trucks then traverse the unguarded border into Lebanon’s Qalamoun Mountains, often chaperoned by IRGC advisors.

Domestically, however, Hezbollah is reducing reliance on imports. Clandestine factories in Beirut’s Dahiyeh suburbs and Bekaa orchards churn out refurbished Kornet anti-tank missiles and Ababil drones from scavenged parts. There is a reported network of 50-plus workshops, some powered by smuggled Chinese microchips, slashing reliance on vulnerable sea lanes. Despite its own economic ailments, Tehran continues to give precedence to Hezbollah’s position as a frontline deterrent over short-term financial stability.

Rebuilding the Arsenal: From Ashes to Drones

Israeli assessments estimate Hezbollah has reclaimed just 20 percent of its pre-war precision arsenal, but what emerges is nimbler and deadlier in specific domains. Drones top the list: low-cost Shahed-136 clones, assembled from Iranian blueprints and Syrian-sourced engines, can loiter over Galilee for hours, scouting IDF positions or delivering 50 kg (110pounds) warheads. Short-range Fajr-5 rockets, concealable in olive groves, are proliferating under civilian camouflage — mosques, schools, even UNIFIL outposts.

Smuggling remains vital. Iran’s military equipment, including advanced components for precision-guided missiles (PGMs), is first transported into Syria using an array of methods designed to evade international scrutiny. Non-descript convoys then travel from Syria’s Homs City to the border city of Al-Qusayr near Lebanon. The Syrian-Lebanese border in the Homs/Al-Qusayr area is porous, mountainous, and complex to police. Over the course of this year, Israel has conducted more than 40 strikes intercepting shipments near the southern coast of the city of Tyre. Yet the cat-and-mouse game favors smugglers. Private companies, fronts for IRGC logistics, reportedly run nighttime operations mixing weapons with sacks of flour labeled as aid.

“Even before October 7, Hezbollah tried to make precision munitions with Iranian help,” Ruhe noted. “Tehran is now redoubling these efforts. For all Israel’s successes over the last two years, it struggled to wage a multifront war of attrition, and it struggled to defeat Hezbollah’s drones. Hezbollah and Iran want to exploit this exact weakness by being able to oversaturate Israeli defenses with mass drone swarms, similar to what Iran helps Russia do against Ukraine.”

Indeed, Hezbollah’s rebuilding of its ranks is quieter but no less strategic. After losing an estimated 5,000 to 7,000 fighters, the group now runs “resistance summer camps” in the Litani Valley, teaching teenagers bomb-making and cyber tactics under the guise of community service. Morale has waned, but ideology endures: recruits draw strength from chants of Nasrallah’s martyrdom.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

The Long Game: Shadows on the Northern Border

For Israel, the situation is a high-stakes strategic battle. Prime Minister Netanyahu’s cabinet has stepped up its drone strikes into Lebanon in recent weeks, and preemptive raids to enforce ceasefire arms restrictions are not off the table. Nonetheless, Hezbollah leaders in November rejected talks, and in an official letter to the Lebanese government, insisted that “any attempt at political negotiations with Israel does not serve Lebanon’s national interest.” The statement both rallies supporters and signals Tehran’s firm stance. Iran’s approach is one of “strategic latency” — maintaining a constant, restrained threat to deter Israel without triggering all-out war.

The United States also has global interests at risk. Hezbollah’s networks extend into Latin America and Africa, where they help launder money through drug and diamond trades. Those funds could support operations that reach U.S. soil. Washington’s current strategy — including a $230 million-plus aid package to Lebanon tied to reforms — aims to cut off Hezbollah’s financial base.

This fragile financial and operational landscape underscores that, despite international efforts, Hezbollah’s on-the-ground capabilities remain resilient and difficult to fully contain. A spokesperson for the U.S. Department of State tells The Cipher Brief that while “the Government of Lebanon made a courageous and historic decision to restore state authority by ordering the disarming of Hezbollah and establishing the Lebanese Armed Forces and Internal Security Forces as the legitimate forces for Lebanon, the credibility of Lebanon’s government rests on its ability to transform words into action.”

“The region and world are watching carefully,” the spokesperson continued. “Disarming Hezbollah and other non-state actors, as well as ending Iran’s proxy activities, is crucial to ensuring peace in Lebanon and across the region. The United States of America commends the Government of Lebanon’s efforts to ensure Lebanon is sovereign, peaceful, prosperous, and safe for all Lebanese people.”

Zehavi also pointed to the gap between hopes for disarmament and reality.

“The Lebanese Army is not entering villages and into the private properties where Hezbollah is actually hiding its weapons down,” she explained. “If this continues this way, and it looks like this is where it is going, what we will see is a very unstable situation.”

Lebanon, however, may face the most direct consequences. Hezbollah functions as both a militia and a provider of social services. Several of its clinics are also used as bunkers, and Tehran-financed roads routinely lead to new depots and launch locations. As Zehavi highlights, Hezbollah is rebuilding on two fronts: strengthening its military infrastructure while expanding civilian programs to maintain local support.

The organization, experts say, is not right now preparing for a major offensive but focuses on smaller, ongoing operations — perhaps cyberattacks on Haifa’s ports, sniper fire along the border, and drone swarms testing Israel’s defenses. Iran’s proxy strategy remains intact despite sanctions and setbacks.

Yet, according to Ruhe, if the United States, Europe, and Arab partners enforce UN sanctions on Iran’s rearming of Hezbollah and back Beirut, a better-than-status-quo scenario is possible.

“(But) if Hezbollah and Iran believe Beirut is alone, and that Israel will be isolated for acting militarily, then it’s a matter of when — not if — Hezbollah recovers,” he continued. “And the more successfully it helps Hezbollah rebuild, the more likely Iran will test Israeli and U.S. resolve with its own rearmament.”

For Western policymakers, the objectives are clear: disrupt Hezbollah’s finances, bolster Lebanon’s government, and limit the group’s military power. Otherwise, the risk grows of a wider northern conflict that could draw in larger powers.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Understanding the U.S. Military Mobilization in the Caribbean

OPINION / EXPERT PERSPECTIVE — The armada the U.S. has assembled in the Caribbean is more formidable than anything the region has seen in decades. What is going on? The administration says it is targeting drug trafficking through the Caribbean. Is that it? Is that really all we are doing? Trump administration officials insist that it is but also acknowledge that strikes on land targets may be necessary to achieve the administration’s goals. Skeptics suggest that regime change in Venezuela is part of the administration’s plan. Is it?

Early in 2025, shortly after taking office, the Trump administration designated several drug cartels as terrorist organizations. This signaled the administration’s intention to escalate U.S. efforts to fight trafficking beyond the usual efforts of the Coast Guard, Drug Enforcement Administration and Border Patrol. It also presaged the use of the military.

Combating narco-trafficking remains the administration’s declared purpose. Implicitly, the decision to escalate U.S. efforts is based on several key points. First, drug abuse in the United States remains at epidemic levels despite decades of efforts to control it. Second, previous efforts to suppress drug smuggling into the U.S. have not been successful. Third, because the cartels smuggling drugs into the U.S. are not merely drug traffickers but large terrorist organizations, they need to be confronted as forcefully as terrorist groups elsewhere. This, effectively, means employing military force.

The administration contends that Venezuela is the country from which much of the illicit boat and air traffic carrying cocaine emanates and that Venezuela’s long-time strong man is really the head of a cartel and “a fugitive from American justice.” On August 7, the administration announced a 50-million-dollar bounty on Venezuela’s long-time strong man, Nicolas Maduro. It is this view of the Venezuelan regime and its leader, in combination with the size and capabilities of the deployed U.S. military in the Caribbean, that suggests the administration’s goals are more ambitious than just striking alleged traffickers on the high seas.

The question then is, how would the Trump administration define regime change? New leadership or something more extensive? If regime change is a goal, how does the administration hope to achieve that result? Would a combination of intimidation, enhanced economic sanctions and diplomatic pressure from the world’s democratic community convince Maduro to abandon power? Can the Venezuelan military, which in 2002 temporarily removed Maduro’s mentor, Hugo Chavez, be persuaded to act once again? Or is the U.S. administration contemplating military strikes inside of Venezuela? If so, how extensively? Would a targeted attack of regime leadership result in regime change or would the U.S. need to hit various elements of the military plus drug labs? The scope of any U.S. kinetic actions would likely affect the way Venezuelans – who overwhelmingly rejected Maduro in last year’s presidential election, react. It would also affect how the region and the rest of the world regard the U.S. campaign.

If the U.S. were able to oust Maduro what would follow? There is a legitimate government in waiting. Former diplomat Edmundo Gonzalez won last year’s presidential election by a huge margin despite regime efforts to sabotage the democratic opposition. Would anything short of the installation of the democratic opposition be considered an acceptable outcome to Venezuelans or the United States? Would a government of national unity which included some of the Venezuelan dictator’s base and elements of the military be acceptable to the democratic opposition? To the U.S? The Venezuelan military has been deeply compromised by the Maduro regime’s criminal activity and is believed to be complicit at the highest levels in drug trafficking. The Cartel de los Soles is thought to include many high-ranking military personnel. Would the U.S.be prepared to put troops on the ground to prevent criminal elements of the Venezuelan military from regrouping even if current regime leadership were forced out?

Finally, what effect will current U.S. operations in the Caribbean have on U.S. relations with the rest of Western Hemisphere especially if U.S. military strikes Venezuela directly? What effect have U.S. operations already had? The answers to these questions are not all obvious.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

The Trump team has never mentioned regime change as a campaign goal. The size and nature of the deployed U.S. forces, however, make speculation on the U.S. administration’s real intentions inevitable. The number of ships, aircraft, sailors and marines appeared to be substantially greater than required to combat narcotrafficking through the Caribbean and eastern pacific even before the ordered deployment of the U.S.’s most advanced aircraft carrier, the USS Gerald R Ford. The messaging from Washington, moreover, focuses squarely on the Venezuelan regime.

What we have been hearing from Washington about operations in the Caribbean is a logical extension of steps taken by the Trump administration prior to the start of current operations. While President Obama first called Venezuela a threat to national security in 2015, it was only earlier this year that the U.S. designated the cartels as terrorist organizations. The designation of the cartels as terrorists was a necessary step to operationalize the shift from a law enforcement effort to a military one.

The new militarized U.S. strategy in the Caribbean has had an effect. Drug trafficking by sea is apparently way down. That said, this new strategy has not diminished trafficking by land nor reduced the flow of deadly fentanyl into the country. It has, on the other hand, generated concern in some countries about the return of American gunboat diplomacy. Domestically, the president’s new approach resonates well in some quarters but has incensed many Democrats in the U.S. Congress and even worried some Republicans. British concern about the legality of the U.S. strikes on the high seas is now so acute that the United Kingdom has ended intelligence sharing on Venezuela. The Trump administration has, however, given no indication that either international concern or congressional criticism will precipitate a change in policy.

President Trump’s change of the U.S strategy for fighting the cartels and maybe for achieving regime change in Venezuela has important implications for U.S. relations with its allies everywhere but especially within the region. The Trump administration has clearly made the Western Hemisphere a national security priority but there are many other vitally important arenas in which U.S. interests are affected by developments in this hemisphere – both positively and negatively.

Accordingly, the administration’s agenda in Latin America must include more than just winning the drug fight and controlling our Southern border. More than 40% of all U.S. manufacturing goods are sold into the Western Hemisphere and the U.S. has a positive trade balance with many countries in the region, including Brazil, Chile, Peru, Panama and others. Millions of American jobs depend on trade with the region. Energy production in the region is also significant; Canada is our largest foreign supplier but there are other key players including Mexico, Brazil, Colombia, Ecuador, Trinity and Tobago and, more recently, Guyana. Guyana’s oil production, in fact, is exploding. The country’s GDP grew by over 25% in 2023 and by more than 30% in 2024. On the other hand, China’s influence continues to surge and China is now the largest trading partner for South America in the aggregate. The U.S. clearly needs to do what it can to strengthen the value proposition for the countries of Central and South American to see the U.S. as their commercial partner of choice.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

It is, at this point, not clear what the Trump administration’s end game is in the Caribbean. What is clear is that the U.S. cannot ignore other issues around the region or other views on how challenges should be met. Neither should we naively assume that success in suppressing the trafficking of cocaine out of South America is assured even temporarily, however many go-fast boats the U.S. military sinks. Transit by land, which the Trump administration has indicated it may take on next, is still robust. Demand for illegal drugs is still strong in the U.S. and Europe. The U.S. has recently made progress in engaging Mexico, especially on combating the Mexican cartels, but how effective joint efforts will be remains to be seen. Relations with Colombia, the source of most of the world’s cocaine, on the other hand, have deteriorated dramatically. Colombian President Gustavo Petro has characterized U.S. attacks on the drug boats as atrocities, called President Trump a criminal and encouraged American military personnel to defy his orders. The U.S., for its part, has decertified Colombia for failing to cooperate fully with U.S. counternarcotics efforts and cancelled Petro’s visa.

The U.S. still has partners in Latin America, especially trade partners, but there is also, always, concern over U.S. unilateralism. Moreover, President Trump’s announcement that he has authorized the Central Intelligence Agency to become active in Venezuela inevitably recalls for some an earlier and darker time in U.S. relations with Latin America. That said, criticism of U.S. operations in the region has been surprisingly muted – and some countries have been explicitly supportive.

Still, many in the region have been left wondering where multilateral cooperation, diplomacy, democracy support and human rights, pillars of U.S.-Latin American policy since at least the 1980s, fit in America’s new more muscular policy toward the region. At the same time, most of the region agrees that the cartels are a grievous problem, and recognize that Venezuela is a dictatorship and that it has become an epicenter for a great deal of the most pernicious activity in the region. I expect they are dubious about the likelihood of the U.S. eradicating all drug trafficking from South America because so much of the trafficking is by land. They are also unconvinced that combatting drug trafficking per se is the U.S.’s only goal. They do not wish to see a war in either South or Central America but they are also profoundly tired of living with the consequences of the growing and corrosive power of the cartels.

The Trump administration’s campaign to date has had some success and may have put Russia, China and Iran – Venezuela’s extra-regional allies -- on notice that the U.S. has decided to counter malign activity and actors in the region forcefully. But this is a high stakes game for the U.S. A U.S. escalation to ground operations could catalyze world-wide criticism of the U.S. Success with targeted strikes is not assured. At present, we are left to wrestle with the question of whether the campaign to date is a preamble to even more ambitious operations. And, can what has been accomplished to date be sustained at a time when coca cultivation in source countries like Peru and Colombia is increasing and the head of a cartel – which is how the administration has characterized Maduro – remains in control of the government of Venezuela?

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Assessing the Pentagon’s Mission to Rebuild the ‘Arsenal of Freedom'

DEEP DIVE — The Pentagon is waging war against its own acquisition bureaucracy. In a sweeping speech on Friday, Secretary of War Pete Hegseth described the “adversary”, not as a foreign power but as a process: decades-old requirements and procurement rules that reward paperwork over outcomes.

The core argument: if the U.S. wants to deter adversaries in today’s world of fast-moving threats that include gray-zone coercion, contested logistics and AI-enabled systems, it must accept more acquisition risk as a means to reduce operational risk later.

The Pentagon’s new plan pairs rhetorical urgency with specific structural changes. It proposes killing the legacy Joint Capabilities Integration and Development System (JCIDS) and replacing it with a tighter, more centralized alignment, pushing commercial-first solutions even if they deliver an “85% solution” initially and forcing a cultural shift across both DoD and industry toward speed, volume, and continuous iteration. The plan also signals tougher expectations for primes to invest private capital and for government to send longer demand signals. It’s a tall order.

Here’s a look at the key ideas:

“Increase acquisition risk to decrease operational risk”: field good-enough capabilities faster, iterate in production, and stop chasing perfect specs that arrive too late.
JCIDS → RRAB / MEIA / JAR: cancel the slow, document-heavy requirements process; stand up a Requirements & Resourcing Alignment Board (RRAB) to tie priorities to funds, a Mission Engineering & Integration Activity (MEIA) to co-design/experiment with industry early, and a Joint Acceleration Reserve (JAR) to bridge the “valley of death.”
War-fighting Acquisition System & PAEs: rebrand and reorganize acquisition around Portfolio Acquisition Executives (PAEs) who have end-to-end authority to trade cost/schedule/performance for time-to-field, with embedded contracting and fixed delivery cycles.
Modular Open Systems + multi-source: mandate modular architectures, maintain at least two qualified sources on critical components, and enable third-party integration to avoid vendor lock and accelerate upgrades.
Commercial-first, 85% solution: accept non-perfect bids that meet the mission faster, then iterate software and components continuously.
Wartime Production Unit (WPU): a deal-team model to negotiate across a contractor’s total DoD portfolio, create incentives for on-time delivery, and unlock surge capacity.
Workforce & Culture shift: convert the Defense Acquisition University (DAU) into a “Warfighting Acquisition University,” lengthen leader tenures, and evaluate contracting/program teams on mission outcomes rather than compliance metrics.
Foreign Military Sales realignment: move DSCA/DTSA under Acquisition & Sustainment to unify planning, contracting, and delivery so allies get kit faster without undercutting U.S. readiness.

Why this matters now

Adversaries are iterating faster, supply chains are brittle, and the U.S. military’s ability to produce and sustain at volume - will decide deterrence credibility. The proposal promises measurable gains in lead times, throughput, and availability, but it also raises hard questions about safety, governance, industry incentives, and the talent pipeline.

In the sections that follow, we pressure-test these claims with former commanders and acquisition leaders: how to set guardrails around “good-enough,” where the new risks are and the impact on the industry.

Cipher Brief Executive Editor Brad Christian spoke with General Phil Breedlove (Ret.), Lt. General Mike Groen (Ret) and Silicon Valley Entrepreneur and Stanford Professor Steve Blank, who has recently published a Department of War Program Executive Office directory to help companies better navigate the complicated system for selling to government.

Christian: What was your reaction to last week’s announcement that we heard from the secretary?

General Philip M. Breedlove

Gen. Breedlove retired as the Commander, Supreme Allied Command, Europe, SHAPE, Belgium and Headquarters, U.S. European Command, Stuttgart, Germany. He also served as Vice Chief of Staff of the U.S. Air Force, Senior Military Assistant to the Secretary of the Air Force; and Vice Director for Strategic Plans and Policy on the Joint Staff.

General Breedlove: There are things that I really am looking forward to, and there are some things that are a bit worrisome, the way they were rolled out. But you never really know what's going to happen until you start seeing it in action and the changes to the rules for how we do our acquisition.

But make no mistake, our acquisition system to date is moribund. It's horrible. We laugh now about this “Valley of Death” between when something is created in the laboratory and when it gets to the field, six, seven, eight years or more sometimes. And people who are at war and doing this very differently, they're doing it in weeks, sometimes days, but not years. So we definitely have to change.

Part of the reason our acquisition system is so slow is because in our past, maybe even decades and decades ago, people took advantage of the system and they made money in a bad or almost illegal way. And so lawmakers do what lawmakers do, and technocrats and bureaucrats do what they do, and they created layers and layers of oversight to try to protect against some of those bad acts that happened decades ago. And the result is an acquisition system that is completely unresponsive to the needs of the warfighter. And I'm glad that we're starting to change it.

Lt. Gen. Michael Groen (US Marine Corps, Ret.)

Lt. Gen. Groen served over 36 years in the U.S. military, culminating his career as the senior executive for AI in the Department. Groen also served in the National Security Agency overseeing Computer Network Operations, and as the Director of Joint Staff Intelligence, working closely with the Chairman and Senior Leaders across the Department.

Lt. Gen. Groen: My immediate reaction, like everybody else, when somebody uses the word acquisition, you kind of cringe a little bit. And immediately you get the vent of, it takes too long, it's too expensive, the processes don't work, the people in the processes don't know what they're doing, the long litany of usual complaints. And most of them are actually true. What we have currently, I would articulate, is an unaccountable bureaucracy. It's a professional bureaucracy. They know the process. They build the process. They work the process. But the process doesn't necessarily meet our real war fighting objectives. And I think that is probably the most important thing here.

We'll talk about drones and technology and all these other things, but I think at its core, you actually do have to have a process for this. And just getting the credit cards out and buying stuff at Best Buy doesn't work either, right? So, I think it's a requirement for us. You can't just say, well, we're just gonna blow up all the rules and let people do whatever they want. Because as soon as you do that, you're gonna realize that if we didn't have a system, we wouldn't be able to do all these other things. How do you get to integration? How do you get to common standards? How do you get to the things that actually make weapon systems work effectively and with the caliber of ammunition that they use and the system that produces that and all of the other components? So it's easy, and I've done it probably more than anybody else, to just rant about the acquisition process.

But if you didn't have an acquisition process, you would need to invent one. So, our challenge really today is, okay, the one we have for a lot of reasons is not going to be the one that we will need tomorrow. It does okay on band-aids and making munitions for today. But it is certainly not a kind of process that enables war fighting flow. So I think we are very much at a transformation point, not just in the fact that the way we want to do acquisition must change, but more importantly, the way we do everything, the way we fight must change. And so naturally we have really an incredible opportunity. Let's build the system that enables the kind of fast moving, rapid innovation that we will want on the battlefield: AI driven, data driven. We know what the future looks like. Let's actually build to that and not let unaccountable bureaucracies get in the way.

Steve Blank

Steve Blank is an adjunct professor at Stanford and co-founder of the Gordian Knot Center for National Security Innovation. His book, The Four Steps to the Epiphany is credited with launching the Lean Startup movement. He created the curriculum for the National Science Foundation Innovation Corps. At Stanford, he co-created the Department of Defense Hacking for Defense and Department of State Hacking for Diplomacy curriculums. He is co-author of The Startup Owner's Manual.

Blank: It was mind blowing - not because anything the Secretary said was new; they are things that people who are interested in acquisition reform have been asking for the last 10 years. But it was put in a single package and was clearly done by the infusion of people who have actually run large businesses and were used to all the language of organizations that already know how to deliver with speed and urgency.

The part that didn't get said is essentially the Department of War wants to adopt startup innovation techniques of lean iteration, pivots, incremental releases, good enough delivery, and that gets you what the Secretary asked for, which was speed of delivery. But all those are things that we lived with in Silicon Valley for the last 50 years, and it wasn't until we had people who worked outside of buildings with no windows inside the Pentagon to understand that those techniques could actually be applied. And it required blowing up the existing system. And they did that spectacularly well. Very few holes in those proposals.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

Christian: A central piece of the plan as it was explained on Friday is the idea of eliminating the Joint Capabilities Integration and Development System, which has long been criticized for some of the slow processes and the overly bureaucratic results that we have. The new approach seeks to centralize procurement and funding under the DOD senior leadership. Are you comfortable that this is the right approach?

General Breedlove: So this is one of those, like I opened up with, some good, some bad. There are elements of JCIDS that I think we should hold on to. We shouldn't throw the whole thing out with the bath water. But there are a lot of elements of JCIDS that we need to get rid of.

Much like the rules we just talked about that were created because of people and bad acts for acquisition, the same sort of thing has happened in the process of moving an idea from the lab to the field in that now there are layers and layers of people who can hold up the process or say no. And when they do that, it adds time, schedule delays, more testing, and much more money to the program. And these people bear zero responsibility for their actions. The people that end up getting blamed for the delays and increased costs are the services or the primes. And the people that have this authority now but hold no responsibility for what they do, we've got to get rid of them. We have to ensure that people who have decision authority are held accountable for what they do, to the point of maybe even not charging this off to primes or to the folks who are developing these things. If someone else is out there slowing things down and they don't have to worry about it because they're not accountable to it, we're not in a good place.

Lt. Gen. Groen: One issue is there isn’t a cadre of professionals in DOD leadership that will be able to take this mission on full time. If you consider a broad sweep of what we build and acquire and how we do that, how we innovate, they will just run out of hours in the day and minds to engage in order to build a replacement for what we have today.

The impulse to change the way we do things is the right impulse. Our impulse to be disciplined about the way we go about things, that's also correct. So it's not enough to say “let’s blow it all up, we don't need any rules”. We actually do need rules. Regulation actually is an enabler. It helps you flow. It lets you know how things can be done. That's a really powerful thing.

The problem is with humans involved, there is always a tendency to distort a process through petty bureaucracies, tribalism, ignorance and bad temper. It is really important for leaders to actually lead in this space and create accountability for the people that are actually working. What we have today is a derivative of it. We don't need too many history lessons here, but this is like General Motors in the 1960s, where we started to really do modern industrial design at scale. So if you understand where we’ve come from, you can see how important things like industrial processes and quality checks.

In a digital environment, a transformational environment that is driven by artificial intelligence and data availability, all the notes change. The music changes. And you still need a process for things like money so you can pay people to build things. But we're not building things on a conveyor belt anymore. We're building code. We're building code that changes by the hour. We're building code that builds its own code. This is where we are. So you can't do that in a completely undisciplined way, that says “have at it team and we'll see what we get at the end of the process”. What we’re doing here is too important.

Christian: Part of the new approach will involve increasing acquisition risk, to decrease operational risk with a focus on increased use of commercial solutions and of even fielding 85 % solutions. Where's the red line that you would want as a commander before fielding an 85% solution?

Gen. Breedlove: This is a concept which is extremely hard to criticize. But we have to be pretty serious here because you're saying increasing acquisition risk to decrease operational risk. Well, if the product isn't operational yet and we have increased the purchasing and acquisition risk, and in between that costs us the life of a soldier, sailor, airman, marine or guardian, we have messed it up. So the rules are there for a reason. I completely understand. I absolutely, 100% agree with the fact that we've got to start taking more risk, but we can't do that in a way that is reckless and puts the lives of our troops on the line.

And an example where I think this concept is working well is Ukraine. They get a new drone that is designed to get past a certain capability of the Russian defenses. And why should we do a two-year testing on that thing? If the testing is to fire it into Russia where it's not going to kill any friendlies and see what happens, let's fire it into Russia and get the testing done on the battlefield, where we're less concerned with what happens. So there are ways to shorten and to change the way that we do tests and other things on the acquisition side that gets us faster to the operational side. And if we can do that, again, without raising the risk to our troops, let's go for it. And we're seeing that done well by the Ukrainians, and to some degree by the Israelis.

Lt. Gen. Groen: The first thing that pops in my mind is- What does an 85 % solution look like? What is 85% of a truck? What is 85% of a battleship or a carrier? Pick your system. If you're just doing software, you can do a lot of things in software, but still, software that's 15 % buggy and doesn't work, because you've chosen 85%, that's almost like going right back to the industrial age process flow for code. And I think that the real magic here at its core is transforming the way we do our war fighting. We need new thinking about how to integrate capabilities and new thinking about how to build artificial intelligence modalities and then the systems.

Warfare is changing under our feet right now. Ukraine and drones, I accept that example, but it's so much more than that. We need a complete transformation in the way we understand the enemy, the way we understand our mission, the way we can use autonomy to integrate with humans, the way that we can build robotics, the way that we can now start what I like to call putting the mind of a commander on a pedestal by taking all the data environment and revealing that to a commander and everybody else who is working with the commander so that you have common situational awareness.

The opportunity here is enormous to transform our war fighting to the same degree we're transforming our industries. And you see the transformation every day when you drive through DC or Austin or San Francisco. Transformation is real and it's driving our economy today. What we haven't done is purposefully mapped out how we're going to drive our war fighting capability through this technology. And this is so important because we have to have a plan for how we build operational workflows. Where do we build those? Who builds those? And so I think moving from monitoring a process of manufacturing to really considering war fighting as the core element that the technology springs from.

Christian: Obviously the Pentagon procurement system that we have today is a product of decades of bureaucracy and rules. Are you hopeful that you're going to be able to see the kind of change in the rapid timeline that they've laid forth here?

Blank: Number one, this is a pretty extensive reorganization. Right now the Department of War is siloed between requirements and system centers for testing and prototyping and acquisition, which was the acquisition with a small A with the PEOs and program managers, and then it went to contracts and then it went to sustainment, et cetera. Those were silos. Now we're putting it all underneath a single portfolio acquisition executive. So, instead of making their offices 10,000 people, it's actually a matrix organization, much like a combatant command is. Most of those people will stay in their existing orgs but now be tasked to work on specific portfolios. And instead, the portfolios will no longer be arranged by weapon system. They're going to be arranged, for example, by war fighting concepts or technology concepts, et cetera.

That said, boy, try moving an elephant and making it dance. And at the same time, they recognized - this was one of the genius parts - people won't just get a memo and know what to do. Historically, they've depended on the Defense Acquisition University, which taught them, contracting officers and the rest, how to work with the 5,000 pages of the DFAR and FAR, Federal Acquisition, Defense Acquisition Regulations. One of the unnoticed things was they basically told the Defense Acquisition University, stop teaching that today. You now need to teach people this new methodology. That's not going to happen by telepathy. First of all, we need to train the trainers, then we need to train all the people who've grown up in their career following the paperwork.

So, I predict six months or a year of chaos and confusion. And probably, there's always in a large scale reorganization saboteurs who are angry that their cheese has been moved or worse, their authority has been diminished or the head count went somewhere else. This is going to be no different except maybe at a bigger scale.

In the end, if we pull this off, and I'll explain the only possible reason not to do this, the country will be much better for it. The other obstacle will be if you're on the board of directors and the exec staff of a prime, you're going to go through the 12 stages of denial and grief and whatever because I don't know how many times both Feinberg and Hegseth made it clear that the primes weren't delivering and they weren't investing in the things the country needed and they got used to the system and we were kind of mutually dependent on a broken system - and that's over. Well, you're not going to let your stockholders say you just went home and packed up. Obviously, it's pretty clear that appealing to the Pentagon isn't going to work, but Congress is “coin operated”. This is now going to be a race of lobbying cash from the primes versus lobbying cash for the first time from private equity and venture capital. So it's going to be, who has the biggest pile of cash to influence Congress and the executive branch to keep these rules in place or modify them?

Remember what a disaster this is if you're an existing large company selling to the DOD. It says number one, we're going to buy commercial off the shelf. Number two, we're going to buy commercial off the shelf and then modify it. If and only if either one and two work, we do some bespoke contracting with the existing organization. It's never happened before. Pretty clear, pretty direct. So, the easy thing would be for primes to change their business model. But my prediction is they're going to double and triple down the amount of lobbying and dollars spent.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Christian: Secretary Hegseth also had some words of warning to the major U.S. defense contractors, the primes, to speed up weapons development and production, invest their own capital to increase capacity, or risk becoming obsolete. This is a relatively complicated issue for these companies. What are your thoughts on this?

General Breedlove: I think that our senior leaders, maybe to include the Secretary of War and others, have sort of allowed the verbiage around this topic to get a little loosey goosey. What happened in the past was that some primes used money out of existing contracts to create excess capacity that then saved them money the next time they had to build new equipment. And our government, Congress and others got tired of that and wrote laws that limit how much money you can spend out of existing contracts to create excess capacity. And the way I understand the laws, most of them are zero. If we pay you to build 100 B-21s and you create a line that could do 120, you're going to jail or you're going to court. And so I think that there's some imprecise language running around and we need to give some of this time to sort out when the dust settles to understand what they're really asking of the primes, because they are limited on one side, fiducially and fiscally, and they're limited on the other side by laws and sometimes regulations that have been created by the regulatory agencies to correct past [behaviors].

I applaud the ideas and the initiative that the Secretary laid out. But to the defense of the primes, they're going to need some regulatory or legal relief to be able to do most of the things being talked about under the new plan. They just can't snap their fingers and say, OK, we're going to do this because then they'll end up in court.

Christian: It's not going to be an overnight process to reboot the Pentagon's procurement system. The Department of Defense is the largest single organization within the US Government. The amount of products and services that flow through that system is enormous. You've clearly laid out the tremendous opportunity that exists to rebuild the system. What are you most worried about? What's the biggest risk that can impede progress as the Pentagon starts this journey?

Lt. Gen. Groen: Tribalism. Tribalism will sink us. We are so horrifically tribal that we can't think like an extended entity. We can't think like a singular organism that is really effective through data and our systems flowing together. Tribalism kills that. And I see it every day. I'm not in the Pentagon every day anymore, but I see it: the tribalism among services, the tribalism among components of services and the tribalism within the department. And all of that tribalism is an afterglow of our industrial might in the 1960s. Now is the time for thinkers that are wearing a uniform, it's not about buying stuff without asking. It's about thinking through the flow that you want to achieve and then building the capabilities that you need to do that. It's a mindset thing, but that’s all about what transformation is. The form changes. And so when we transform, we transform ourselves into this place where we leave that tribalism behind because we have integrated effectiveness.

Working with broad autonomy is gonna help us think that way. I think that there's a broader awareness of what the technology is able to do and how it will facilitate. We just have to be careful to make sure that that's not the end state. Technology is not the end state. It's humans, war fighters who are winning on the battlefield because they understand and they can make the right calls. That's what we're after. And so all of the stuff about acquisition and the rules and why people don't follow the rules and why is it so tribal that we can't get anything to be, I think all of that merits some dynamite, but it also merits some thinking about how do we better integrate our thinking and flows and how do we do that on the battlefield?

Christian: How much of a risk is the next administration coming in and potentially changing everything? And then in particular, if you're one of those big primes, are you baking that into your long-term planning that this might shift in a measurable way in the future? Or do you think these changes are going to be something that is so overwhelmingly positive that future administrations have to stick with it?

Blank: Well, if you were asking me this three years ago, I would have said, well, you should get all this done now because it's going to be flipped back in three years. What's changed now is the amount of capital available for startups, scale-ups, and private equity firms that can match or overpower the lobbying efforts of the primes. So as I said, both the executive branch and Congress are coin operated, even more so now than ever. And for the first time ever, the insurgents have as much or more coin than the incumbents. That's what's going to change this game.

So yes, of course, a Democratic administration or another Republican one might have a different opinion. But in this case, we're talking about piles of money flooding the streets in Washington to try to change the game. Think about who are now sitting in the cabinet. And other places have commercial experience for the first time ever at scale, inside the executive branch for sure and inside the Department of War which changes the nature of the conversation and as we're seeing the types of things they're recommending.

Again, it wasn't that people didn't recognize this before. It was kind of hard to explain this to people who had never run a business or who have been career successful. I've said for years, we had world class organizations, world class people for a world that no longer existed. And finally, we have people who understand what that world should be like because they've been operating in it. Secretary Feinberg has been writing checks of tens of billions of dollars- buying an aircraft carrier, okay, he’s written those kinds of checks before. Tell me who else ever had that position.

And again, it's not that the DOW should run like a corporation or startup, but having that experience sets a bar for what you know is possible for doing extraordinary things. It's what this country knew how to do in World War II and during the Cold War, and we just kind of lost it when Robert McNamara, an ex-chief financial officer of Ford, put in the first version of the Planning, Programming, Budgeting and Execution System (PPBE) in 1962. We've been operating on that system for 63 years, or some variance of it. Basically, he imposed a chief financial officer's kind of strategy on budgeting and planning, which made sense at the time. It stopped making sense about 15 years ago, but no one inside the building knew what to do differently. That's changed.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

How America Can Balance Legal Migration with Strong National Security

OPINION — Zohran Mamdani, a Ugandan-born New York State Assembly member, was just elected Mayor of New York City, the largest city in the U.S. We in the U.S. take this for granted that a naturalized U.S. citizen could aspire to hold prominent federal, state and local positions. But this is unique for the U.S. and a select few countries that welcome legal migration and provide naturalized citizens with the same rights available to natural-born citizens.

I’ve spent almost two decades living in other countries and can assure you that in most countries, there is no clear path for foreign-born inhabitants to acquire citizenship and hold office. In fact, even buying property is problematic in many of these countries.

Except for the president and vice president, who must be natural-born citizens (Article 11, Section 1, Clause 5 of the Constitution), naturalized citizens can hold offices in the Congress and in federal, state and local governments. Indeed, Madeleine Albright, a naturalized citizen born in Czechoslovakia, was Secretary of State and Henry Kissinger, born in Germany, was National Security Advisor and Secretary of State and Elaine Chao, born in Taiwan, was Secretary of Labor and Transportation. These are just a few prominent Americans who became naturalized citizens and went on to serve our country with distinction.

Currently, Ilhan Omar, born in Somalia, is a member of the House of Representatives from Minnesota and Senator Mazie K. Hirono, born in Japan and representing Hawaii, are two of 30 members of the 119th Congress who were not born in the U.S. The list of naturalized Americans who contributed to our nation’s economic growth, academic excellence, athletic prowess and the arts is awe-inspiring. Indeed, our country’s open-door policy has contributed to making the U.S. the “shining city on a hill.”

This open-door policy of legal migration has served our Republic well. What our elected officials must ensure is that we continue to care for all the people and that we ensure that terrorists, narco-traffickers, criminals and state-supported proxies are prevented from entering our country and causing harm to our people and institutions.

This is a list of just a few of the domestic law enforcement issues requiring immediate attention from federal, state and local authorities, and the representatives elected by the people to ensure that the proliferation of crime in the U.S. is managed on a priority basis.

Drug Trafficking: There are over 100,000 overdose deaths annually, largely driven by synthetic opioids like fentanyl, methamphetamine, cocaine and heroin entering the U.S. from Mexico, Columbia and South American cartels.
Human Trafficking and Exploitation: Transnational criminal networks traffic migrants, women, and children for labor and sex across borders, including into the U.S.
Cybercrime and Financial Theft: Russian, Chinese, North Korean and East European cybercriminal groups target U.S. individuals, corporations, and infrastructure with ransomware attacks, identity theft, and bank fraud, costing U.S. companies and consumers tens of billions of dollars annually. Such cyberattacks also threaten critical infrastructure – energy grids, hospitals, and water systems.
Money Laundering and Corruption: Criminal organizations launder billions through U.S. real estate, shell companies, cryptocurrency, and luxury goods.
Threats to National Security: Transnational criminal groups often collaborate with hostile states or terrorist networks, often blurring the line between organized crime and geopolitical conflict.
Economic and Social Costs: Drug deaths, cyber losses, law enforcement costs, and social disruption likely exceed hundreds of billions of dollars annually, with communities suffering from increased violence, addiction, and corruption.

Despite the efforts of the FBI, DEA, DHS and Treasury, the adaptability of criminal groups and the global nature of technology and finance - and the support of countries determined to cause harm to the U.S. -- makes enforcement increasingly difficult.

The U.S. experiment with an “open door policy” for legal migration to the U.S. has been a great success. It is why the U.S. is the “shining city on a hill.” But we should not take this for granted. We and our elected representatives must work even harder to rid the country of organized crime and defeat our adversaries who wish for us harm.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Uncovering the Truth Behind Trump’s Call to Resume Nuclear Testing

OPINION — “Nearly 1,000 feet below the Nevada desert, [U.S.] scientists and engineers are conducting groundbreaking nuclear weapons research. Subcritical experiments, or ‘subcrits’ for short, play a crucial role in ensuring national security. Subcritical experiments are a key part of the [National Nuclear Security Administration (NNSA)] science-based Stockpile Stewardship Program, which is the way America ensures that our nuclear weapons are safe, secure, and reliable -- without conducting full-scale nuclear weapons tests.”

That was a quote from Don Haynes, Los Alamos National Laboratory (LANL) senior director at the Nevada National Security Sites, from an article published in LANL’s National Security Science magazine just 13 days ago on October 29, 2025.

The article goes on to explain, “Subcritical experiments allow researchers to evaluate the behavior of nuclear materials (usually plutonium) in combination with high explosives. This configuration mimics the fission stage of a modern nuclear weapon. However, subcrits remain below the threshold of reaching criticality. No critical mass is formed, and no self-sustaining nuclear chain reaction occurs -- there is no nuclear explosion.”

I’m going to quote more from the LANL article because it shows what subcritical testing the U.S. has been doing for years. For example, I wrote a Cipher Brief column in July 2021 that described subcrits this way: “Put simply, inside a steel container, a chemical high-explosive is detonated around a coin-like, small sample of plutonium [less than eight ounces] to simulate aspects of a nuclear explosion. No actual chain reaction or nuclear explosion occurs. But this contained detonation, with the assistance of computers, has helped scientists determine how plutonium behaves under the extreme pressures that do occur during detonation of a nuclear weapon.”

I further explained four years ago, “The main purpose, up to now, of subcritical experiments has been to identify and decrease uncertainties in the performance of currently deployed U.S. nuclear weapons, at a time when actual testing is not being done.”

I write this to deal with President Trump’s rather confused – and at times inaccurate -- series of recent statements about restarting U.S. nuclear testing. The President’s words have caused varied responses from his own officials – some of whom apparently did not want to appear correcting him. And the President’s words have gone so far as to encourage Russian President Vladimir Putin to convene a publicized Kremlin meeting last Wednesday where senior Russian national security officials discussed the possibility of Russia exploring the restart of their own full-scale underground nuclear testing.

To make it clear, the U.S. and Russia, by agreement, conducted their last underground nuclear tests in 1992. China did their last one in 1996. All three were signatories to the 1996 Comprehensive Nuclear Test Ban Treaty (CTBT), which prohibited “any nuclear weapon test explosion or any other nuclear explosion.” However, under the treaty, as the U.S. State Department explains on its website, the CTBT “does not prohibit subcritical experiments to help ensure the continued safety and reliability of nuclear weapons.”

Russia has conducted at least 25 subcritical experiments at its Novaya Zemlya test site, according to past statements by U.S. Department of Energy (DOE) and Russian authorities. As of May 2024, the U.S. had conducted some 34 subcrits at the Nevada test site, according to DOE.

In 2022, a spokesperson for DOE’s National Nuclear Security Administration (NNSA), which manages the nuclear program, told Kyodo News that in June and September 2021, the U.S. conducted two subcritical tests, the first under the Biden administration. Three rounds of subcritical nuclear tests were conducted under the first Trump administration, and four rounds under Obama, according to other sources.

Currently, LANL has subcritical experiments scheduled into the year 2032, according to the recent National Security Science magazine article.

Meanwhile, the U.S. is developing several new warheads including the W93, which is intended for deployment on U.S. sub-launched ballistic missiles by 2040, according to NNSA. The NNSA website said of the W93, “Key nuclear components will be based on currently deployed and/or previously tested nuclear designs…The W93 will not require additional nuclear testing.”

Against that background, let’s review what President Trump has been saying, along with some of the responses.

The testing issue began with Trump in Korea on the evening of October 29. He had a meeting scheduled for 11 a.m. the next morning with Chinese Leader Xi Jinping. At 9 p.m., Trump sent off a message on his Truth Social public website that said: “The United States has more Nuclear Weapons than any other country. This was accomplished, including a complete update and renovation of existing weapons, during my First Term in office. Because of the tremendous destructive power, I HATED to do it, but had no choice! Russia is second, and China is a distant third, but will be even within 5 years. Because of other countries’ testing programs, I have instructed the Department of War to start testing our Nuclear Weapons on an equal basis. That process will begin immediately.”

What triggered Trump’s message has not yet been explained. Three days earlier, Putin, dressed in a military uniform, had publicly announced with some fanfare that Russia had successfully tested a nuclear-powered missile over the Arctic Ocean after years of development.

It may have been just competitiveness, but Trump was not clear what he was talking about when he wrote “testing our nuclear weapons.” Was he talking about nuclear delivery systems, as Putin had just been? Or was he talking about testing nuclear warheads or bombs?

If it were the latter, Russia actually has more nuclear weapons than the U.S., primarily because the U.S. has retired most of its tactical nuclear weapons. But if Trump meant strategic nuclear delivery systems, he was correct.

Then there was the ambiguity of what kind of testing Trump was talking about? He mentions instructing the Pentagon to “start testing,” which implied nuclear delivery systems, such as missiles, which the military controls. DOE’s NNSA tests the nuclear portion of warheads and bombs.

The next day, October 30, hours after the Xi meeting, Trump was flying back to the U.S. from Korea aboard Air Force One, and held an impromptu press conference. After 10 minutes of questions about meeting Xi, Trump was asked why he wrote the Truth Social piece about nuclear testing, Trump initially replied, “Well, that had nothing to do with them,” meaning the Chinese.

Trump went on, “It had to do with others.” He paused and then continued, “They seem to all be nuclear testing. We have more nuclear weapons than anybody. We don't do testing. You know, we've halted it years, many years ago, but with others doing testing, I think it's appropriate that we do.”

Since Trump mentioned the U.S. had halted the testing “years ago,” he created the impression at that moment he must have been thinking of explosive underground nuclear testing. When asked a follow-up question on where or when such testing would take place, Trump waved it off saying, “It will be announced. You know, we have test sites. It'll be announced.”

Having given the idea that he had ordered the resumption of explosive underground nuclear tests, it was no surprise that the next day, Friday, October 31, when Trump sat down at Mar-a-Lago with Norah O’Donnell for the 60 Minutes CBS News television program to be aired two days later.

Here I am using the CBS transcript of the entire one-hour, thirteen-minute Trump/O’Donnell interview and not the shorter, edited version shown on Sunday night, October 31.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Well into the interview, after covering Trump’s Asia trip and meeting with China’s Xi, O’Donnell referred to his October 29, Truth Social message where he mentioned new nuclear testing and asked Trump, “What did you mean?”

Trump initially gave this wide-ranging response: “Well, we have more nuclear weapons than any other country. Russia's second. China's a very distant third, but they'll be even in five years. You know, they're making them rapidly, and I think we should do something about denuclearization, which is going to be some-- and I did actually discuss that with both President Putin and President Xi. Denuclearization's a very big thing. We have enough nuclear weapons to blow up the world 150 times. Russia has a lot of nuclear weapons, and China will have a lot. They have some. They have quite a bit, but…”

At that point, O’Donnell interrupted and asked specifically, “So why do we need to test our nuclear weapons?”

This time Trump answered, “Well, because you have to see how they work. You know, you do have to-- and the reason I'm saying-- testing is because Russia announced that they were going be doing a test. If you notice, North Korea's testing constantly. Other countries are testing. We're the only country that doesn't test, and I don’t want to be the only country that doesn't test.”

As I have pointed out above, other than North Korea’s six underground nuclear tests beginning in 2006 and ending in September 2017, there have been none confirmed, other than Russia’s acknowledged subcritical nuclear tests. So it again is unclear what Trump was mentioning.

Trump actually went on saying, “We have tremendous nuclear power that was given to us largely because when I was President (and I hated to do it, but you have to do it)-- I rebuilt the military during my first term. My first term was a tremendous success. We had the greatest economy in the history of our country.”

Trump then tried to turn the conversation to the economy, but O’Donnell brought him back to the subject by asking, “Are you saying that after more than 30 years, the United States is going to start detonating nuclear weapons for testing?”

This time Trump insisted, “I'm saying that we're going to test nuclear weapons like other countries do, yes,” and went on saying “Russia's testing nuclear weapons...And China's testing them too. You just don't know about it.”

Trump claimed the U.S. is an open society, but “they [Russia, China] don't go and tell you about it. And, you know, as powerful as they are, this is a big world. You don't necessarily know where they're testing. They test way underground where people don't know exactly what's happening with the test. You feel a little bit of a vibration. They test and we don't test. We have to test.”

That same day of the Trump/O’Donnell interview, October 30, Vice Admiral Richard Correll, Trump’s nominee to be head of Strategic Command, was having his confirmation hearing before the Senate Armed Services Committee. Asked if he knew whether Russia, China or any other country were doing explosive testing of nuclear warheads, Correll answered, “No.”

Asked whether Trump could have been talking about nuclear delivery systems, Correll said, “I don't have insight into the President's intent. I agree that could be an interpretation.”

On November 2, Energy Secretary Chris Wright appeared on Fox News and was asked about the new nuclear tests mentioned by the President. Wright replied, “I think the tests we're talking about right now are system tests. These are not nuclear explosions. These are what we call non-critical explosions.”

Asked whether the tests involve the existing stockpile weapons or new systems, Wright said, “The testing that we'll be doing is on new systems, and again these will be non-nuclear explosions.”

Wright explained that thanks to the nation’s national laboratories “the U.S. actually has a great advantage with our science and our computation power. We can simulate incredibly accurately exactly what will happen in a nuclear explosion. And we can do that because in the 60s, 70s, and 80s, we did nuclear test explosions. We had them detailed and instrumented and we measured exactly what happened. Now we simulate what were the conditions that delivered that and as we change bomb designs, what will they deliver. We have a reasonable advantage today in nuclear weapons design over all of our adversaries.”

On November 3, CIA Director John Ratcliffe came to Trump’s defense on the Russia, China testing issue, writing a Tweet on X saying the President “is right.” To back it up, Ratcliffe cited a May 2019 quote from then-Defense Intelligence Agency Director Lt. Gen. Robert Ashley Jr. saying Russia “probably” was conducting low-yield tests although Ashley did not claim to have specific evidence. He stated that Russia had the "capability" to conduct very low-yield nuclear tests.

Ratcliffe also cited a 2020 Wall Street Journal article that said the U.S. believed China may have secretly conducted a low-yield nuclear test based on circumstantial evidence, such as increased excavation, activity in containment chambers, and a lack of transparency at the site.

That same day, Sen. Tom Cotton, chairman of the Senate Intelligence Committee, put out his own Tweet on X saying, “After consultations with Director Ratcliffe and his team, they have confirmed to me that the CIA assesses that both Russia and China have conducted super-critical nuclear weapons tests in excess of the U.S. zero-yield standard. These tests are not historic and are part of their nuclear modernization programs.”

Despite all this Trumpian back and forth, I strongly doubt the U.S. will return to explosive nuclear testing, but rather remain with subcritical experiments as currently planned.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is everyone’s business.

Sudan’s War Without Borders: How Global Powers Turned Darfur into a Proxy Battleground

DEEP DIVE — Entire cities in the Darfur region of Sudan have been burned and razed, millions have fled their homes, and unspeakable terror and violence plague those left behind. When fighting erupted on April 15, 2023, between the Sudanese Armed Forces (SAF) under Abdel Fattah al‑Burhan and the Rapid Support Forces (RSF) led by Mohamed Hamdan Dagalo, better known as Hemedti, few predicted the conflict would become one of Africa’s worst humanitarian disasters.

There is, however, more to this war than just an internal battleground. The war in Darfur is no longer simply a domestic power struggle. It has become a multilayered proxy battlefield involving Egypt, Turkey, the United Arab Emirates (UAE), Saudi Arabia, Russia, Iran and more — each supporting rival Sudanese actors to secure strategic footholds.

“The current phase has Darfur as a killing field. The Sudanese protagonists have sorted out somewhat the areas each controls. Still, on the political front, both are committed to eliminating the other in a fight to the finish,” United States Ambassador to Sudan during the George W. Bush administration, Cameron Hume, tells The Cipher Brief. “There may be agreement on a time-limited humanitarian ceasefire, but no one is aiming at a durable political settlement between the two main parties.”

Infographic with a map showing areas controlled by the army, the Rapid Support Forces and neutral groups in Sudan as of September 23, 2025, according to the Critical Threats Project at the American Enterprise Institute and the AFP. (Infographic with a map showing areas controlled by the army, the Rapid Support Forces and neutral groups in Sudan as of September 23, 2025, according to the Critical Threats Project at the American Enterprise Institute and the AFP (Graphic by AFP) (Graphic by Olivia Bugault, Valentina Breschi, Nalini Lepetit-Chella/AFP via Getty Images)

United Arab Emirates

Despite official denials, the UAE remains the RSF’s cornerstone patron in Darfur, suspected of funneling advanced weaponry — including Chinese CH-95 and “Long Wang 2” strategic drones for 24-hour surveillance and strikes, Norinco-guided bombs, howitzers, and thermobaric munitions —via a covert air bridge of more than 240 UAE-chartered flights from November 2024, often landing at Chad’s Amdjarass airfield or South Darfur’s Nyala base.

These supplies, additionally routed through Libyan intermediaries like Khalifa Haftar’s networks and Ugandan/Somali airfields, have empowered RSF assaults, such as the latest siege and takeover of El Fasher. Economically, UAE-based firms like Hemedti’s Al-Junaid control Darfur’s Jebel Amer and Songo gold mines, exporting $1.6B in 2024, reportedly laundered via seven sanctioned Dubai entities to fund RSF salaries, Colombian mercenaries and further arms.

“The United Arab Emirates is the key sponsor of the RSF in strategic terms. Its interest is to convert influence in western Sudan into leverage over corridors, gold monetization and logistics, and to prevent an outcome in which Islamists consolidate in Khartoum,” Dr. Andreas Krieg, Associate Professor at King’s College London, tells The Cipher Brief.

Sudan’s gold — its primary export — has also become a lifeline for the UAE, feeding Dubai’s markets with more than ten tons a year from RSF-controlled areas. The trade aligns with Abu Dhabi’s long-term ambitions and its stance against the Muslim Brotherhood, as well as its past reliance on RSF fighters in Yemen. Despite Emirati denials and Sudan’s failed genocide case against the UAE at the ICJ, evidence ties the UAE directly to embargo breaches, from passports recovered in Omdurman to Emirati-made vehicles found at RSF sites.

As the UAE expands its influence through RSF control of Darfur’s 700-kilometer Red Sea corridor, reviving stalled DP World and AD Ports projects to rival Saudi NEOM, it effectively uses the militia as a proxy to secure resources and block SAF dominance. Approximately 70 percent of Sudan’s gold production from RSF-controlled areas is smuggled through Dubai, while overall illicit exports account for around 40 percent of the country’s total gold output.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Turkey

Ankara, seeing the Darfurian conflict as both a threat to its regional ambitions and a challenge to Islamist allies, has backed al-Burhan’s forces with drones worth $120 million, delivered through Egypt. Their weapons supply assisted SAF in retaking Khartoum earlier this year but comes with deeper incentives: ideological ties with Burhan’s Islamist faction and strategic objectives for Red Sea access.

“Turkey’s quiet intelligence-sharing and counterterrorism pacts give it outsized sway over local regimes,” John Thomas, managing director of strategic policy firm Nestpoint Associates, tells The Cipher Brief.

The result, experts say, is a dangerous and growing proxy war between the UAE and Turkey — one now fought with advanced drones and air defenses across Sudan’s skies. The stalemate has fractured the country, spilled instability into Chad and Libya, and left tens of thousands dead, a toll experts warn could further destabilize the Horn of Africa.

Beyond the pace and scale of Turkish arms transfers, the presence of Turkish private military contractors (PMCs) in Africa merits closer scrutiny.

“In addition to the pace and spread of Turkey’s arms flow, I would say the presence of Turkish PMCs in Africa is something policymakers really ought to focus on more closely,” Will Doran, Turkey researcher at the Foundation for Defense of Democracies, tells The Cipher Brief. “A lot of these PMCs, like Erdogan himself, are warm towards the Muslim Brotherhood and have some questionable ties to Islamist militias on the ground in the Sahel. This isn’t to say Turkey is backing the region’s big names in terrorism. For one, Ankara’s deployed against al-Shabaab in Somalia, but the PMC trend is worrisome nonetheless.”

Egypt

Egypt views Sudan as a vital flank for its national interests. The Nile River flows from Sudan into Egypt, and Cairo has long been vigilant about any instability upstream. Egypt supports General Abdel Fattah al-Burhan and his Sudanese Armed Forces (SAF) because Cairo views them as the most dependable group to safeguard Egypt’s key national interests — namely, the Nile River corridor, which is Egypt’s sustenance for water and trade, and the southern border, which it shares with Sudan.

According to Dr. Krieg, “Egypt is the principal state backer of the army.”

“Its strategic priorities are the security of the Nile heartland, avoidance of an Islamist resurgence, and denial of hostile basing or rival influence along the Red Sea,” he continued.

Egypt, already hosting more than a million refugees, also fears that if Khartoum collapses into chaos, the resulting instability — such as refugee flows, arms trafficking, or militant activity — could spill over the border into its territory. Diplomatically, Cairo has kept direct intervention limited and insists on a Sudan-led solution, yet it retains close military and political ties to Burhan.

Saudi Arabia

Riyadh shares a parallel concern: as the Gulf kingdom pursues its Vision 2030 and Red Sea coastal investments, it has an interest in a stable Sudan firmly aligned with its regional agenda. Riyadh has backed the SAF via financial and diplomatic support, while also positioning itself as a mediator.

“Saudi Arabia is perhaps the outside player with potential influence that gets the least attention,” said Amb. Hume.

Dr. Krieg also observed that “Saudi Arabia has positioned itself as a convenor and would prefer a unified state that secures the Red Sea.”

“Chad and the Haftar camp in eastern Libya function as corridors and logistics enablers, and their choices directly affect the intensity of fighting in Darfur,” he explained. “Those intermediaries in Libya and Chad are all part of the UAE’s Axis of Secessionists; a network of non-state actors that are all tied to Abu Dhabi directly or indirectly.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Iran

Since late 2023, Iran has resumed ties with SAF leader Abdel Fattah al-Burhan after a seven-year break, sending Mohajer-6 and Ababil drones, artillery, and intel via seven Qeshm Fars Air flights to Port Sudan from December 2023 through July 2024. This aid helped SAF retake Khartoum in March 2025 and strike RSF in Darfur. In addition, Iran uses Sudan’s Yarmouk arms factory to counter the UAE-backed RSF. Tehran’s overarching goal? Access to Port Sudan to support the Houthis in Yemen and spread Shiite influence — risking wider regional proxy conflict.

“Iran’s military support has helped shift momentum toward the SAF. As one of many foreign actors exacerbating Sudan’s internal tensions, Iran contributes to the country’s unfolding humanitarian disaster,” Jonathan Ruhe, Director of Foreign Policy at the JINSA Gemunder Center for Defense & Strategy, tells The Cipher Brief. “And as one of many foreign actors trying to claim concessions from the government and vying to exploit Sudan’s natural resources, Iran helps worsen the country’s already high levels of impoverishment.

Research Fellow at the Foundation for the Defense of Democracies, Husain Abdul-Hussain, also underscored that while Iranian involvement in Sudan is still in its infancy, “it will certainly grow as the war grinds on.”

“The more reliant Islamist militias become on Iran, the stronger they become and the more indebted to Tehran,” he explained. “Eventually, relations between Iran and Sudanese Islamist militias will be similar to its relations with Islamist militias in Lebanon (Hezbollah), Iraq (Hashd Shaabi), Gaza (Hamas) and Yemen (Houthis). Note that Sudan Islamist militias are Sunni (like Hamas in Gaza), and unlike Shia Iran and its Lebanese and Iraqi Shia militias. The Houthis are their own breed of Islam (Yazidis) but are allied with Shia Iran.”

Russia

Moscow, meanwhile, has played both sides in Sudan’s civil war for profit and power. Before 2024, the Wagner Group, now under Russia’s Defense Ministry, backed the RSF with arms like surface-to-air missiles, in return for gold from RSF-held mines like Jebel Amer — smuggling up to 32.7 tons worth $1.9 billion via Dubai from 2022 to 2023 to skirt Ukraine war sanctions and fund operations. This fueled RSF violence, including the 2023 to 2025 massacres in el-Geneina and el-Fasher.

Around midway through last year, in the aftermath of Prigozhin’s demise, Moscow flipped to bolstering the SAF in its quest for a Port Sudan naval base. Russia subsequently vetoed a UN ceasefire resolution last November to keep up its influence in Khartoum, while reports emerged of Russian mercenaries operating in West Darfur, worsening the fear and displacement.

“Russia linked commercial and security networks remain present around gold flows and in facilitation roles close to the RSF camp,” said Dr. Krieg.

Why So Many Foreign Players?

At the heart of Sudan’s crisis lie three intertwined forces: geography, resources, and regional rivalry. Poised along the Nile, the Red Sea, and the Horn of Africa, Sudan is pivotal to everything from Cairo’s water security to the maritime goals of Gulf States to the influence ambitions of Moscow and Ankara. Moreover, its ports and resource-rich land have morphed domestic infighting into a lucrative war economy.

“Material backing has lengthened the war and structured its geography,” Mr. Krieg said. “The result is not a decisive victory for either side but a hardening of zones, with the RSF advantaged in a peripheral theatre where it can police corridors and extract revenue, and the army entrenched where the state’s core institutions, population and donor attention reside.”

Why It’s So Hard to End the War

With so many players in the field and a deep distrust among warring parties, ending the war in Sudan has become extraordinarily difficult. The United States, for its part, leads the “Quad” alongside the UAE, Egypt, and Saudi Arabia, pushing for a three-month humanitarian truce. The RSF agreed to a deal on November 6, and Washington is now pressing the Sudanese army to do the same in hopes of easing the fighting and starting talks on the war’s deeper causes.

If the war in Sudan continues, the U.S. faces a growing humanitarian catastrophe: estimates suggest more than 150,000 deaths and over 14 million people displaced, with nearly 25 million facing acute hunger. Regionally, unchecked control of the RSF in Darfur could destabilize the Red Sea corridor, a vital route for global trade and U.S. allies. Domestically, failure to resolve the conflict would erode U.S. credibility on human rights and genocide prevention, heighten refugee pressures in North Africa and Europe, and contradict the moral precedent set during the 2003 Darfur genocide.

“Washington will be paying more attention,” one White House-connected source tells The Cipher Brief. “It isn’t ignored. It is a conflict Trump wants to see ended.”

Dr. Krieg asserted that Sudan is entering a consolidation phase in which the Rapid Support Forces have turned Darfur into a defensible rear area and administrative base. The fall of El Fasher removed the last significant government foothold in the region. It gave the RSF control of the interior lines across West, South, Central, and much of North Darfur, as well as access to Libya and Chad for resupply and commerce.

He thus asserts that Sudan’s future is likely to go one of two ways.

“The Sudanese Armed Forces still hold the Nile corridor, the capital area and much of the east, which creates a west versus centre geography. That configuration points to two near-term paths. Either the front stabilises into a frozen conflict that resembles an informal partition, or the RSF seeks to push east through North Kordofan and test the approaches to the center,” Dr. Krieg added. “Humanitarian conditions are acute, with siege tactics, displacement and food insecurity now baked into the conflict economy. The political tempo has slowed rather than accelerated, since battlefield gains in Darfur give the RSF reasons to bank advantages before contemplating concessions.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Why Putin Is Losing The War In Ukraine That He Thinks He Is Winning

OPINION — The Russian invasion of Ukraine that began in January 2022 is now approaching its fourth year. The cost for Ukraine has been very high, but the cost for Russia has been astronomical. Russian forces have been pushed back nearly to the territory they controlled at the end of 2021. According to British Intelligence, by October 14, 2025, Russian casualties (killed and wounded) since January 2022 totaled 1,118,000 military personnel. This figure is only slightly lower than the Ukrainian estimate made on the same day of 1,125,150 Russian casualties. Ukraine also estimates Russian losses over the same period of 11,256 tanks, 23,345 armored combat vehicles, and 33,628 artillery systems. The scale of these losses can be compared with Russia’s force structure (FS) at the start of the invasion, which included 900,000 active duty personnel, 3,417 active tanks, 11,000 armored combat vehicles, and 5,000 active artillery systems. In short, Russia has lost more than twice its entire 1992 army force structure since the invasion.

Yet the Russian army continues to engage in desperate efforts to regain limited territory to the west. British intelligence estimates that since the start of 2025 Russia has suffered 332,000 casualties, the highest loss rate since the invasion. Russia has made only marginal gains, which Putin trumpets as victories as he throws more men and equipment into the Ukraine meatgrinder.

Of course, Putin cannot afford to admit failure, but it nonetheless seems as if he actually believes his strategy is succeeding. Why?

The answer lies in the perverse incentives of Russian command and control (C2), which conceal the weaknesses of Russian FS. Russian C2 is concentrated in one civilian with no military training (Putin), and his small circle of advisers.

Putin’s leadership discourages innovation by field officers and welcomes blind obedience. Bad news from field officers of all ranks is punished with demotion or arrest. Good news is rewarded with promotion. As a result, field officers routinely lie about their failures in hopes of promotion and reassignment. There is almost no active search for information by headquarters to correct misinformation sent by field officers.

Russian force structures are notoriously corrupt—a corruption that is expected and tolerated, but also can be an excuse for punishment. Officers steal from their units by exaggerating the size of the unit and pocketing the unused pay. Hence, many Russian units are severely understaffed. Soldiers steal from their units by selling weapons, ammunition, and fuel, leaving their units under-equipped. The vast majority of battle-hardened soldiers are long gone, as are military trainers, who were all sent to the front lines. New Russian recruits are untrained and unaware of the risks they face.

Russia's C2 and FS Problems from the Start of the Invasion

A brief review makes it clear that C2 and FS problems have bedeviled the Russian invasion from the start of the 2022 invasion. Planning for the invasion ignored standard military doctrine, which emphasizes that successful invasions require sufficient scale, speed, and force. The considerable literature on the force differentials needed for an invasion, including Soviet doctrine, agrees on the classic rule that a frontal assault requires a 3:1 force ratio to compensate for the higher casualties suffered by the invaders.

Effective command and control are also essential for the success of an invasion. This includes accurate intelligence about enemy forces, freedom for field officers to improvise as needed, rapid field intelligence upward to inform tactics and strategy as the invasion proceeds, and quick top-down decisions in response to field intelligence.

The 2022 invasion violated all these requirements. In order to conceal its intentions and achieve an operational surprise, the planning of the invasion was limited to a very small group led by Putin. Not even Russia’s Foreign Minister, Sergey Lavrov, was included in this group. The Russian field commanders on the ground in Belarus for military exercises had no idea that they would be leading an invasion. The success of this secrecy came at a high cost: there was no opportunity for critiquing the invasion plan and no consideration of fall-back strategies.

Russian intelligence about the Ukraine’s response was based entirely on faulty assumptions that a high-speed invasion would demoralize the Ukrainian military, the Russian military would easily defeat the Ukrainian military on the battlefield, the top Ukrainian leaders would be quickly captured and executed, and that the vast majority of Ukrainians would either welcome the Russian invaders or remain passive.

The 3:1 force differential rule should have required an invasion of 590,000 Russian, given that the Russians knew the Ukrainian military had 196,600 active-duty personnel. Instead, the Russians planned an invasion of 190,000 personnel, actually smaller than the combined Ukrainian armed forces. Even worse, instead of massing its invasion force at one point to achieve a breakthrough, the Russians decided to attack on six different axes: from the Black Sea in the southeast, from Crimea in the south, from Donbas in the east, from Belgorod in the northeast (towards Kharkiv), from Kursk in the northeast (towards Kyiv), and from Gomel, Belarus, in the north (towards Kyiv).

All the Russian invasion routes faced unexpected problems, but the flaws in Russian C2 and FS can be illustrated by the fate of Russia’s most promising attack, coming from Gomel, Belarus, and aimed at Kyiv. This included an airborne assault on Antonov airport, in the Kyiv suburb of Hostumel. The Ukrainians had not expected an attack from Belarus and were unprepared for both the land invasion and the airborne assault.

Why did these attacks fail? Russian secrecy about the invasion had left the Russian ground forces in Belarus completely unprepared. They were informed of their roles in the invasion only 24 hours before the invasion. As a result, they lacked ammunition, fuel, food, and communications. They did not anticipate heavy fighting. Mud forced their armor to use the few roads, causing traffic jams. They encountered entire towns that were not on their maps, requiring them to stop and ask civilians where they were. Residents reported the Russian positions to Ukrainian authorities.

The Ukrainians acted swiftly to confront the Russian assault from Gomel, which was approaching the outskirts of Kyiv. They committed most of their available special forces and special units of other security units, called up all their reserve units, and mobilized the cadets and staff of their military academies into new battalions, supported by two brigades of artillery and one mechanized brigade. Even so, the Russians had a 12:1 troop advantage on the Gomel axis. On 27 February, their advance units were able to capture the suburb of Bucha, just west of Kyiv.

However, the phone calls from residents from towns in the Russian path permitted Ukrainian artillery to target the Russian columns. The Ukrainian forces knew the territory well, giving them a huge tactical advantage, and they were able to assault the slow-moving Russian columns almost at will, causing panic, abandonment of equipment, and blockage of the roads. As the Russian columns stopped moving, their losses multiplied. The Russian advance units that had reached Bucha were short on fuel, ammunition, and manpower. They assumed defensive positions, waiting for reinforcements that never arrived.

In the battle for Antonov airport on the edge of Kyiv, the Russians used helicopters and elite airborne troops. These troops were to capture and execute the Ukrainian leadership. But the Ukrainians surrounded the airport with heavy armor, pounding the Russians. They were able to capture the airport, driving the Russians into the surrounding woods. While the Russians were able to recapture the airport after a couple of days, the Ukrainians had time to destroy the runways, making impossible the landing of reinforcements and preventing the Russians from capturing the Ukrainian leadership.

On March 16th the Ukrainian government announced a counteroffensive in the Kyiv region, and by the end of March, Russian ground forces were retreating north from the Bucha area. By April 2nd the entire Kyiv oblast was back in Ukrainian hands, including the area bordering Belarus.

What was the Russian response to this humiliating defeat? Those Russian generals who were not killed, were mostly cashiered or arrested, as were many of the colonels. The disaster resulted largely from Putin’s leadership, but the defeated units took the blame. This added to the incentive for officers to lie about failure and pretend achievement.

The First Stalemate

The war has continued through various phases. The second phase, from early April through the end of August, 2022, was marked by active fighting along front lines, with heavy Russian losses, but was a relative stalemate in terms of territorial gains by either side.

The Second Ukrainian Offensive

The third phase began on September 6, 2022, when Ukrainian troops attacked the Kharkiv front near the Russian border. On September 9, Ukrainian mechanized units broke through. Ukrainian forces raced north and east. The cities of Kupiansk and Izium fell to the Ukrainians on 10 September. By the next day the Russian forces north of Kharkiv had retreated over the border, leaving all of the Kharkiv Oblast under Ukrainian control. Pressing on to the east, Ukrainian forces on 12 September crossed the Siverskyi Donets, and on 1 October the Ukrainians recaptured Lyman, a major railway hub, and took as prisoners an estimated 5,000 Russian troops.

As Russian forces rushed to the northeast front, Ukraine launched its counteroffensive in the Kherson region on October 2. By 9 October Ukrainian forces had retaken 1,170 square kilometers of territory, pressing on toward the Dnieper River and the city of Kherson. On 11 November, Kherson was occupied by the Ukrainians.

The Second Stalemate

The second period of stalemate dates from 12 November 2022 until the present. During this three-year period, the war has seen the introduction of drone warfare on a massive scale, first by Ukraine and then by Russia. As a result of the drone warfare, the entire conflict has changed in character. Drones have made assaults by armored vehicles so costly that the war has reverted to trench warfare reminiscent of World War I. Drones now account for two-thirds or more of front-line casualties in the war.

Ukraine’s government discarded Soviet-era regulations to provide tax breaks and profit incentives to independent Ukrainian drone producers, authorizing the Ukrainian military to contract with them. These independent companies have made good use of Ukraine’s large cadre of skilled aeronautical engineers and information technology specialists. About 200 of these companies are officially recognized to receive military contracts, and as many as 300 other groups manufacture drones and donate them directly to military units. However, financial resources remain a limiting factor.

Russia has rapidly developed its own drone capacity. Moreover, Russia has the resources to outproduce Ukraine, even if its drones are less sophisticated. Russian drone production is limited less by finances than by the search for microchips, smuggled from the west or bought from China. Russia also has ballistic and airborne missile systems that are hard for Ukraine to bring down. Russia has been using massive barrages of drones and missiles to demoralize Ukraine. But this effort is counterproductive. Bombings anger enemy populations and stiffen resistance, as shown in WWII by the Blitz of London and Allied carpet bombings of Germany. Russian barrages may have strained Ukraine’s economy, but they have not lessened resistance.

While the drone/missile war is well known, Ukraine’s other defense industry growth is less known. Ukraine now produces more artillery shells than all of NATO’s 32 members and Europe. Since 2022, domestic production of armored personnel carriers has increased by 400 percent, artillery by 200 percent, ammunition by 150 percent, and anti-tank weapons by 100 percent. By 2025, a single Ukrainian factory was producing 20 Bohdana howitzers each month, similar in specifications to the French Caesar. Ukrainian defense companies deliver howitzers in 60 days for $2.5 million compared to a several-year wait and a cost of $4.3 million in the West.

Russia has had to develop a new tactical approach for the active fronts. Groups of two or three soldiers are forced (by firing squads) to run towards Ukrainian lines and if they live, conceal themselves to fight later. Specialized units such as snipers, artillery spotters, or drone operators try to identify and target the sources of firing at these individuals. Then larger assault units move forward to capture territory. However, these assault units are now poorly trained, and their equipment is obsolete armor or more often simply cars, vans, and motorcycles, often heavily camouflaged. Ukrainian spotter drones are waiting for these assaults, and once the Russian vehicles are in motion and supported by Russian artillery, Ukrainian drones blow up both the vehicles and the artillery. On a typical day in autumn 2025, the Russians were losing 1,000 soldiers, 10 armored units, 25 artillery barrels, and 100 vehicles. By offering increasingly high incentives, Russia was recruiting 30,000 soldiers a month, barely enough to cover losses.

Russian electronic warfare has improved dramatically, with a focus on disrupting Ukrainian drones. As a result, Ukrainian forces are now losing about 10,000 drones per month. Russian air defenses also have improved, reducing the ability of Ukrainian fighter jets to attack. Russian engineers have been effective in designing and building defensive trenchworks, minefields, and tank traps in areas they control.

However, Ukraine air defenses have also improved. Russian airplanes now must launch airborne missiles from Russian territory, with a considerable loss of accuracy. Russian ground to ground ballistic missiles are hard to bring down, but also lack accuracy.

Faced with the hardening of Russian front lines, Ukrainian forces are focused on inflicting high Russian casualties, rather than attacking themselves. The exception occurs when the Ukrainians decide to roll back a Russian salient to prevent it from being hardened. The massive Russian missile and drone attacks deep in Ukraine have required the Ukrainians to invest heavily in missile and drone defenses of all types, which have something like a 90% success rate. Nonetheless, Ukraine suffers considerable damage. This serves as a constant reminder to Ukrainians of what is at stake.

Conclusion

Putin’s war in Ukraine has provided him with a rationale for stifling dissent in Russia, redirecting vast resources to turn Russia’s economy to military production, sponsoring efforts to overturn governments that support Ukraine, and preparing for additional invasions that will re-establish the Russian empire and cement his legacy as a modern Stalin.

In spite of all this, Putin is still losing the war in Ukraine. That conflict is chewing up men and equipment at an unsustainable rate. Moreover, it has been a strategic disaster. The war strengthened Ukrainian nationalism. It energized the European members of NATO and caused Finland and Sweden to join NATO, which doubled the length of NATO’s frontier with Russia. It destroyed the myth of Russian military superiority. It ended Russian natural gas exports to the European Union, which had been carefully cultivated for decades. It led to the emigration of more than half a million of Russia’s best and brightest.

Most NATO countries are now rearming and expanding their militaries. The E.U. countries combined gross domestic income EU GDP of $19.4 trillion in 2024 added to the UK GDP of $3.6 trillion totaled over 23 trillion dollars, whereas the gross domestic income of the Russian Federation RF GDP in 2024 was 2.1 trillion. Over the long run, Russia cannot compete with Western Europe. Europe can afford to support Ukraine’s economy and war effort while European countries ramp up their defense industries and military infrastructure. Putin will eventually lose not only his Ukraine War, but also his dream of a new Russian empire.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is everyone’s business.

The Brave New World of Drone Swarms

DEEP DIVE – A drone weapon heads behind enemy lines, on a mission to kill troops and destroy equipment. To its left and right are a dozen other armed drones, and as the mission unfolds they compare notes – on enemy positions, the success or failure of their strikes, and their next tactical moves. There are no humans involved – other than the people who programmed the drones and launched them on their way.

It may sound like a wild premise, but swarms of drone weapons that use artificial intelligence to “think” for themselves are no longer a subject for science fiction; they are in the advanced stages of testing and in one instance at least – according to a recent report – they are already operational.

The Wall Street Journal reports that Ukraine has begun deploying AI–powered drone swarms in combat – using software developed by the Ukrainian company Swarmer. Battlefield units have used the system more than 100 times, according to the report, in deployments of between three to eight drones at a time against Russian positions.

“The technology is upon us,” Rear Admiral (Ret.) Mike Studeman, who served as Commander of the Office of Naval Intelligence, told The Cipher Brief. “There are many miles to go in terms of the most sophisticated swarm abilities, but there are plenty of reasons to fear even where we are today.”

Not long ago, the mere existence of drone weapons was a battlefield game-changer; this latest paradigm shift involves entire units of drones that carry out operations with humans almost entirely out of the loop.

“If there were a battle to go down today, some of the first engagements might be with unmanned systems,” Studeman said. “The most central engagements would involve a lot of them. The race is on.”

It’s a “race” both in terms of offensive “swarm” capabilities and the technologies to counter them.

“It's an absolute game-changer for any campaign,” Joey Gagnard, a former senior Army Chief Warrant Officer, told The Cipher Brief. “It’s a force multiplier for special operations forces or for any military element. Now it becomes incumbent on the defender to figure out a way to down all of those drones, while not also hurting his own capabilities.”

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

What’s in a “swarm”?

Experts define drone swarms as coordinated systems of at least three drones that act autonomously and with “swarm intelligence,” mirroring the behavior of birds or insects when they travel in groups. An effective drone swarm will use artificial intelligence (AI) and machine learning to navigate obstacles and communicate changes in the environment to other drones in the group.

Experts draw a distinction between swarms in number only, and those with the ability to operate in dynamic conditions. A 2022 test in China, in which dozens of drones navigated their way through a bamboo forest, demonstrated the difference. The drones were able to move in and around the forest (you can watch the video here), but there was nothing more than the bamboo stalks to stop them – no defense systems, no one shooting at them.

“So we have the components in place such as microchips and microprocessors, we have battlefield experimentation and battlefield data that can enable these groups and swarms to operate,” Samuel Bendett, an adviser to the CNA’s Strategy, Policy, Plans and Programs Center, told The Cipher Brief. “But none of it has really come together yet to form a full picture from that mosaic that would spell a swarm.”

The biggest challenge lies in the dynamism of a battlefield. A static environment – say a military base or airfield, or a bamboo forest – will be easier for a drone swarm to navigate than a moving force. “If something changes, is the swarm intelligent enough to adapt and then attack?” Bendett asked. “How is it going to adapt and attack if there are changes?”

Even Ukraine’s complex June drone strike, dubbed "Spider Web", which deployed more than 100 first-person-view (FPV) drones against Russian air bases, still relied heavily on human direction.

For a swarm to operate successfully, Bendett said, “there needs to be secure communication between members; they need to pass data to each other about their state of being, about their flight to target, about the conditions that affect their flight to target, about any movements or changes on the ground or with a target, obviously communication with ground control stations and those that launched them and so on.”

Studeman noted that in a fluid combat situation, “you have all sorts of other challenges that exist, including somebody who wants to jam you, using a high-power laser or microwave weapons, and you're encountering all sorts of things that maybe were not planned for at launch, may not actually be in the software parameters of the drones.” For complex operational scenarios, he said that true swarms are “probably a bridge too far today,” but he and other experts stressed that the battlefield application is coming soon.

Dr. Stacie Pettyjohn, Director of the Defense Program at the Center for a New American Security, envisions scenarios in which drones in a swarm display “command and control” capabilities, “not only acting on their own, but coordinating their behavior, without any human involved, with a bunch of other drones.”

In such an operation, “the swarm as a whole makes decisions about how to modify its operations in the best way to achieve its objective,” Pettyjohn told The Cipher Brief. “Another drone might take its place, or the collective might decide that they realized there were air defenses in place and they needed to flush those out and actually send a wave of them to attack the air defenses, force them to engage a few of the targets, which would then create a gap that the others could exploit to hit their actual objective.”

Gagnard said that drone swarms will soon be doing the work of dozens – perhaps hundreds – of drone operators.

“Instead of one guy piloting one drone for a limited duration and being able to go through the entire targeting cycle, you would have a whole swarm of drones doing all of those mission functions simultaneously,” he said. “You’ll have drones conducting reconnaissance, tagging off to other drones that are going to conduct strikes or one-way attacks, tagging off to other drones that are going to do logistics. So they would make decisions on their own, and operate freely on their own, based on the stimulus and the feedback that they're getting in the environment.”

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

Coming soon

Whether true AI-driven drone swarms hit the battlefield next month, next year, or three years from now, this much is clear: the technology is already part of the planning for nearly every advanced military, and as a result, it’s a booming business. Everyone, it seems, is training and experimenting with swarm technology – beginning on the battlefield where drone innovation is most apparent.

“Both Russians and Ukrainians are really busy trying to develop swarm technologies,” Bendett said, and both sides are benefiting from outside help – the Russian military from China, the Ukrainians from the U.S. and Europe – to obtain the microprocessors and microelectronics that enable their operations.

Other militaries and defense tech companies have watched the Ukraine theater and entered the drone-swarm “race.”

In the U.S., the Pentagon’s Replicator initiative to fast-track innovation includes multiple drone swarm projects. The Defense Innovation Unit (DIU) has awarded contracts to Anduril Industries, L3Harris Technologies, and Swarm Aero to produce prototype software for drone swarms. The contracts are part of the DoD’s “Autonomous Collaborative Teaming” (ACT) program, which seeks “automated coordination of swarms of hundreds or thousands of uncrewed assets,” according to the DIU. Meanwhile, the Defense Advanced Research Projects Agency (DARPA) has been testing swarms for years, and says that by 2027, the U.S. could deploy swarms of as many as 1,000 armed drones. The DoD has also mandated the creation of dedicated drone testing ranges to support live swarm exercises.

The U.S. hardly has a monopoly in the field, even in the West. One of NATO’s newest members, Sweden, is fast-tracking drone-swarm development, in what Defense Minister Pål Jonson said was a response to Russia's aggression in Ukraine. In January, the Swedish Armed Forces unveiled a drone swarm program, developed by defense giant Saab, that would allow soldiers to control 100 drone weapons simultaneously. Elsewhere in Europe, the German drone manufacturer Quantum Systems has conducted tests on AI-controlled drones with the German military; Britain’s Defence Science and Technology Laboratory (Dstl) has awarded contracts for “Mixed Multi-Domain Swarms”; the Dutch Research Council has funded an exploration of drone swarm technology; and Hungarian researchers reported the design of a 100‑drone swarm operating without a central controller—based on algorithms inspired by flocking behavior in animals.

Countering the swarms

Every military innovation – from gunpowder to the tank to the stealth bomber – prompts efforts to counter it, and AI-driven drone swarms are no exception.

“We're going to have to be as good on the defense as we are on the offense for how we use drones,” Studeman said. Asked about U.S. counter-drone efforts, he cited partnerships between the Pentagon and the private sector and said, “I think we're moving as fast as we can.”

If the world needed a reminder of the need for counter-drone capabilities, it got a stark one in July from Robert Brovdi, Ukraine’s newly appointed drone boss, who told NATO commanders that his crews could turn a NATO base into “another Pearl Harbor” in 15 minutes, without coming closer than 10km (6 miles). “I’m not saying this to scare anyone,” Brovdi said, “only to point out that these technologies are now so accessible and cheap.”

He went on to warn NATO: you are unprepared.

“I don’t know of a single NATO country capable of defending its cities if faced with 200-300 Shaheds (drones) every day, seven days a week,” Brovdi told the LANDEURO conference. “Your national security urgently requires a strategic reassessment.”

Bendett agreed, citing Brovdi’s warning as well as the damage Hamas inflicted with drones against Israeli forces in the early days of the 2023 Israel incursion into Gaza. “So the question,” Bendett said, “is what would it take for us to realize that we are facing the same threat and what would it take for our military to make these appropriate changes?”

As a starting point, he said that U.S. military facilities will need to guard against what he called the “Ukraine-type threat” of small groups using multiple drones to go after targets. “They only have to be used once, and you only have to be successful once,” Bendett said. “I know the U.S. military is learning, and internalizing these lessons, and people are trying to understand what kind of threats they're facing. Is it happening fast enough?”

The U.S. military has worked for at least three years on counter-swarm defense – mostly involving high-energy lasers and high-power microwave (HPM) systems.

Recently the head of the Army's Rapid Capabilities and Critical Technologies Office (RCCTO) announced a competition for high-energy laser weapon systems focused on countering drone swarms. The RCCTO has already built several directed energy prototypes; this would be a higher-level weapon, and hopefully one that would move from prototype to operational system.

“We have to continue to work harder,” Lt. Gen. Robert Rasch, the RCCTO director, said at the Space and Missile Defense Symposium in August. “We have to continue to work with industry to develop our directed-energy platforms and focus on the areas of reliability.”

Among other American swarm-defense projects: The Air Force’s THOR, an HPM directed energy weapon, and the Leonidas HPM system, developed by Epirus and fielded with the U.S. Army, both of which emit electromagnetic pulses capable of disabling multiple drones simultaneously.

On August 26, the Leonidas system defeated a swarm of 49 quadcopter drones in a test conducted at an Indiana National Guard base. Axios reported that “suddenly, all 49 — like a flock of stricken birds — crashed into a grassy field.” Their circuits had been overwhelmed by the system’s electromagnetic waves.

Epirus’s CEO, Andy Lowery, says Leonidas creates an “electronic dead zone” that disables anything that carries computer chips.

“It works for drones, which are like flying computers,” Lowery told Defense One. “It will stop a Tesla in its tracks, it’ll stop a boat motor in its tracks, anything with a computer inside of it.”

Other NATO members are working on counter-swarm technology as well. The German startup Alpine Eagle has developed a system known as Sentinel – a platform that deploys drone swarms against other drone swarms. Sentinel has been tested by the German Armed Forces and in Ukraine against FPV (first-person view) drone threats; Poland has deployed SKYctrl, which sends drones to collide in “non-explosive” fashion with other drones; and the British U.K. Ministry of Defense said recently that its “Radiofrequency Directed Energy Weapon,” mounted on a truck chassis, had successfully “defeated” swarms of drones. Far from Europe, India's Bhargavastra, developed by Solar Defence & Aerospace, used unguided rockets to eradicate swarms of drones at close range.

“The more sophisticated, latest versions are the ones that can actually interfere with the commands inside the unmanned drones,” Studeman said. “This smart neutralization, through a kind of electronic interference that goes after the actual logic and the commands of the UAS unmanned aerial system itself, shows you where this is going.”

All that said, some experts worry that the U.S. military isn’t adequately prepared for the drone-swarm threat.

“The U.S. is not ready,” Pettyjohn said. “It has begun to procure some defenses that were specifically made to counter small drones…and that's good. But you really need these layered defenses, where you have cost-effective interceptors.” She and other experts say that for all the tests and pledges, the U.S. has yet to show that it has an effective multi-layered defense against potential swarm attacks.

“High-powered microwaves are the one emerging technology that the U.S. Army has fielded a few prototypes that hold the promise of actually being able to knock out a true swarm,” she said. “The challenge is it requires a lot of energy. It's a very short-range weapon, so it's like your final force field. You need those longer layers of kinetic and EW interceptors to try to thin out the herd. And you have to figure out how to use the high-power microwave in a way that doesn't fry the electronics of US military equipment that it's trying to defend.”

Gagnard agrees that more work needs to be done.

“I'd say we have weapon systems that can defeat drones on a small scale,” he said, “but on a large scale, right now the aggressor is going to have the decisive advantage if they're incorporating this swarm technology into their repertoire.”

China’s drone-swarm advantage

Military experts – including the head of the U.S. Indo-Pacific Command – have said that the opening salvos in any Pacific war would almost certainly involve cutting edge drone-swarm technologies. And last November, China unveiled a potentially devastating tool in the drone-swarm ecosystem. Experts called it a "drone mothership."

The Jiu Tian, introduced at the Zhuhai Air Show, China’s biggest aerospace trade fair, is an 11-ton aircraft billed as the world’s largest drone carrier. It is itself a drone, an enormous one, operating without a crew. According to several reports, the Jiu Tian can carry as many as 100 smaller UAVs more than 4,000 miles and unleash them against a target. Essentially, it’s a delivery vehicle for a drone swarm.

“China is going like gangbusters right now” in the drone space, Studeman said. “They have the manufacturing capability. They've built thousands of armed drones, and they’ve built the equivalent of motherships, where the intent is to throw lethal capability forward.”

As The Cipher Brief reported earlier this year, China’s military is in the throes of an innovation and manufacturing boom in drone weaponry to prepare Beijing for a potential war over Taiwan. China already produces some 70% of the world’s commercial drones – and is building a rapidly growing AI industry.

“They have the production, they have large inventory and now they also have the AI,” Dr. Michael Raska, a professor at the Military Transformation Programme at Singapore’s S. Rajaratnam School of International Studies, told The Cipher Brief. “With all these combined, they have been experiencing a leap forward in the quality and quantity of all the drones across the different domains.”

China also has more than 3,000 manufacturers producing anti-drone equipment. In 2024, Beijing issued 205 procurement notices related to counter-drone technology; the figure was 122 in 2023, and only 87 in 2022.

“Our manufacturing is weaker than the Chinese manufacturing in this regard, and scale matters,” Studeman said. “Even with simpler technology. If somebody puts more robots on the front lines, we've got a problem, Houston.”

”This is definitely one area where China has an upper hand with the numbers,” Bendett said. “If Ukraine and Russia can manufacture millions (of drone weapons), then China can manufacture tens of millions, maybe hundreds of millions of UAVs.”

It’s not a stretch, Bendett said, to imagine China launching, in the early hours or days of a conflict over Taiwan, “10,000 mid-range UAVs at a suspected American carrier battle group east of Taiwan. Do we have enough to defend against that group?” he asked. “What do we have in our arsenal?”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

The terror threat

Beyond the military applications for drone swarms, there are important civilian uses. Disaster relief, search and rescue missions, and fighting wildfires are often mentioned, given the ability of drone swarms to map affected areas and conduct support operations in dangerous conditions.

Then there are the nightmare applications – primarily, the fear that as the ease and accessibility of drone-swarm technology grows, so will the odds that it will land in the hands of terrorists.

In March 2025, the U.S. conducted a war game that envisioned multiple drone attacks against U.S. military facilities. The exercise, which involved more than 100 participants from 30 agencies, uncovered deficiencies in response and highlighted the need for coordination among federal, state, and local authorities. A lack of clear rules of engagement across nearly 500 U.S. military installations was identified as a major concern.

Experts also worry about attacks on non-military sites – which as a rule are far less well defended.

“They could be at different sporting events or other large gatherings,” Pettyjohn said. “Obviously, as with any form of terrorism, you're not going to be able to protect people everywhere, but there needs to be a lot more counter-drone defenses for the homeland to prevent terrorist attacks from succeeding in really critical locations, either in terms of infrastructure or where there are large numbers of people.”

“American infrastructure is very vulnerable,” Gagnard said. “We don't have solid defenses that are institutionalized, that are in use everywhere, and American infrastructure is a prime target for that type of attack.”

He added that drone technology – and lax U.S. laws – could allow a would-be terrorist to conduct reconnaissance on a target without being noticed. “In America, we have a relatively free sky,” he said. “You could fly drones all day long over certain things and never really raise anyone's radar.”

In the nightmare scenario for a drone-swarm terror attack, Gagnard said, the target would be assessed, the swarms well “briefed,” and – depending on the target – defenses might be porous.

“You wouldn't need very smart drones in order to do that,” he said. A drone swarm attack, he said, “could be very successful in America.”

Gagnard, who serves as a senior advisor at the Institute for Critical Infrastructure Technology, has argued for a “national counter-drone doctrine.”

“How are we going to counter drones? What's acceptable, what isn't acceptable? And then we need some sort of unified command. Someone needs to determine exactly how we're going to counter drones.”

Several experts cited Ukraine’s June Spider Web operation as a reason for concern – given how deeply it penetrated Russian territory, even without using the AI tools that might produce a “thinking” drone swarm.

“We should really, really worry” about a drone-swarm terror attack, Bendett said, “because if anything, the Spider Web operation showed that a well-organized effort that is enabled by commercial technologies can be devastating against an unprepared target.”

David Ochmanek, Senior International Defense Researcher at RAND, said that the U.S. has been “a little slow to recognize the magnitude of the threat” of drone attacks, in part because Americans are so far from Russia and Ukraine, where the drone-war realities play out on a daily basis.

“We've seen how clever adversaries can smuggle these kinds of capabilities,” Ochmanek told The Cipher Brief. “So we shouldn't be lulled into a false sense of security that our oceans will protect us, even from attacks by fairly short range. The Houthis have shown us that they can launch these things. One can imagine an enemy loading them onto ships off our coast that would be indistinguishable from merchant ships, and launching from there.”

While this year’s White House executive order for a “Golden Dome” mandated a defense against all air threats, the order specifically referenced sophisticated missiles – not swarms of inexpensive drones.

Pettyjohn and other experts said that for domestic drone-swarm defense, the preference will be for non-kinetic systems – microwaves, lasers and so forth – to avoid shoot-downs that result in explosions or damage from falling debris. “In the homeland, there are a lot more restrictions on how you can take down foreign objects in the sky,” she said. “The FAA gets involved, Homeland Security, local authorities – the U.S. needs to work through all of these issues and figure out bureaucratically how it would respond and what the policies and procedures are that are in place.”

Studeman raised another concern – that drone swarms would be particularly effective if tasked with pursuing an individual.

“You think about protection of senior principals in government – a president, prime minister and on down,” he said. “There could be a swarm of drones coming to simply do one thing: keep pounding until just one penetrates while one principal leader is exposed.”

It’s a collection of worrisome scenarios, few of which can be dealt with by even the most sophisticated “Golden Dome” defense – which of course is years if not decades away.

As Pettyjohn put it, “there is no easy fix to this challenge.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

America’s Next National Security Crisis: A War on Its Own Energy Base

OPINION — Every mission begins with trust. In World War II, the U.S. government trusted private energy producers to deliver aviation gasoline at record scale, and those companies trusted Washington to stand behind them. That compact powered victory. Breaking it now with retroactive lawsuits betrays the trust we need for the challenges ahead.

For more than a century, America’s energy sector has been a vital partner in national defense. During the Second World War, operating under direct federal command, oil and gas companies increased production twelvefold to supply high-octane fuel that carried bombers over Europe, powered the ships that stormed Normandy, and drove the tanks that liberated the continent. As the Trump administration’s Department of Justice later acknowledged, it “was a war of oil,” and American producers supplied the lion’s share. Those barrels were more than statistics. They were the lifeblood of freedom.

Today, those same companies face lawsuits for actions carried out under wartime orders. Louisiana parishes, backed by trial lawyers and supported by Gov. Jeff Landry and Attorney General Liz Murrill, are seeking billions in damages. The theory behind these cases is corrosive. It tells American industry that even if you answer the government’s call in wartime, you may still be punished in peacetime. It tells veterans and workers who built the arsenal of democracy that their sacrifice can be rewritten as a liability.

That message strikes at the heart of the compact that binds our military, our industry, and our government. It also directly undermines President Donald Trump’s second-term priorities. His executive orders link military readiness and energy dominance, making clear that abundant domestic energy is a national security imperative.

A strong domestic energy base keeps costs down for American families and ensures that the Pentagon can surge capacity without relying on foreign suppliers. Deterrence depends not only on ships and planes but also on the affordable, reliable fuel that keeps them moving.

Without trust, the supply chain breaks. If refiners hold back on capacity for fear of retroactive liability, where will the Pentagon turn for jet fuel in a crisis? If contractors doubt that obeying federal orders will later be defended in court, how can America count on its industrial base when the nation is under fire?

A $744 million verdict in one parish case already shows how these lawsuits could drain the capital needed to expand fuel reserves. Former Joint Chiefs of Staff leaders Adm. Michael Mullen and Gen. Richard Myers warned the Court that “our national security depends on encouraging—not discouraging—such private sector assistance.” If the precedent is set against energy companies, it will not stop there. Shipyards, aerospace firms, and logistics providers could also be targeted, leaving America’s armed forces dangerously isolated.

What makes Gov. Landry’s role especially troubling is that he knows better. Once a defender of Louisiana’s energy workers, he now sides with trial lawyers against the very companies that powered both his state’s economy and America’s victories abroad. At a time when China is racing to corner global oil and mineral supplies, Russia is using gas as a weapon, and Iran is funding terror with oil revenues, Gov. Landry’s choice to undermine Louisiana’s energy base is more than short-sighted. It is a betrayal of trust in his constituents, in America’s veterans, and in the compact that has kept this nation secure.

The Supreme Court will soon decide in Chevron v. Plaquemines Parish whether lawsuits tied to wartime production will proceed in federal or state court. The answer must be federal. Only a federal forum can ensure that decisions made under federal authority are not second-guessed by local juries decades later.

America cannot afford to cripple the public-private partnerships that powered victory in the past. The stakes are too high. Louisiana’s energy workers and America’s veterans have always answered the call when the nation needed them. They deserve leaders who will stand with them – at present, Gov. Landry and Attorney General Murrill stand opposed.

Our armed forces do not run on lawsuits. They run on reliable fuel, trust, and readiness. The sacred contract between America’s industry and its defenders must not be broken.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Can High-Tech “Sensor Fusion” Revolutionize Biosurveillance?

DEEP DIVE – It’s the opening act in a potential public health nightmare: a chicken dies on a farm, for no apparent reason; another perishes at a farm hundreds of miles away; it takes time for the farm owners to notice, more time for tests to be conducted and different anomalies connected, and before the diagnostics are complete, the damage is done – the first wave of a bird flu pandemic has broken.

Beyond natural outbreaks, there are also concerns involving deliberate acts: This week the Department of Justice charged three Chinese nationals with smuggling biological materials into the U.S.; and in June two Chinese researchers were charged with trying to smuggle a fungus into the U.S. that can devastate grain crops.

Some experts are imagining a world in which technology is harnessed to ensure that such biosecurity nightmares don’t happen – or are dealt with much faster and more effectively.

“What we're promoting is a system that can look at things more holistically and on a much larger scale,” Robert Norton, a professor of veterinary infectious diseases and coordinator of national security and defense projects at Auburn University, told The Cipher Brief. “The system is designed to fill gaps in biosurveillance, looking for disease outbreaks, whether they be naturally occurring or induced through bioterrorism.”

That proposed system has a name – BISR, for Biosurveillance Intelligence, Surveillance, and Reconnaissance – and its backers believe it would revolutionize the field of biosurveillance. The core concept is that sophisticated sensors and other tools used by the U.S. Intelligence Community (IC) can be leveraged to improve detection, and that artificial intelligence can be deployed to help fast-track diagnosis. The chicken-farm example is only one scenario; responses to a COVID-19-like outbreak or acts of bioterrorism would be improved as well.

Norton, Daniel Gerstein, a senior policy researcher at RAND, and Cris Young, professor at the College of Veterinary Medicine at Auburn, co-authored an article last year arguing that the creation of a BISR system was “a national security imperative at the crossroads of technology, public health, and intelligence.” The BISR, they wrote, “would be designed to address two mission-critical requirements for biosurveillance: rapid detection and predictive analysis.”

They have taken their plans to Capitol Hill – specifically, to the House Permanent Select Committee on Intelligence, where they say they have received “good reviews.” The Select Committee wouldn’t comment on the BISR proposal itself but in a statement to The Cipher Brief, a spokesperson said that “The Committee continues to explore various biosecurity initiatives and programs to ensure that the U.S. is postured sufficiently to combat and prevent any future biosecurity threats that could cause widespread harm.” The statement went on to say that the Committee is working with the Office of the Director of National Intelligence (ODNI) “to establish an Office of Intelligence within the U.S. Department of Agriculture to address threats to U.S. agriculture.”

The threats are clear, to agriculture and beyond. The U.S. remains vulnerable to biologically driven disruption – be it from another COVID-like pandemic, an outbreak of bird flu that reaches humans, or bioterrorism. Anxiety over the latter has grown as experts worry that AI may be used to create dangerous biological pathogens.

At last year’s Cipher Brief Threat Conference, Jennifer Ewbank, a former CIA Deputy Director for Digital Innovation, warned of “the application of AI in biological weapons by unsavory actors.” And a 2024 report from the Johns Hopkins Center for Health Security said that the same AI capabilities that might produce medical breakthroughs could – inadvertently or otherwise – lead to the creation of deadly pathogens. AI models may “accelerate or simplify the reintroduction of dangerous extinct viruses or dangerous viruses that only exist now within research labs,” the report found.

How prepared is the U.S. to counter such threats? And might a technology-driven “BISR” system revolutionize biosurveillance, as its backers contend?

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

How a “BISR” might work

The crux of the case for a BISR system is twofold: first, that an array of sophisticated data-gathering tools – drones, satellites, hyperspectral sensors and others – can be mobilized to track biosecurity anomalies; and that trained AI models would analyze the data that the system collected. The system’s architects envision a BISR “dashboard” that provides first responders and decision makers in government, the military and business near-real time insight and analysis.

It’s a high-tech effort to gather clues – a change in a community’s waste water, a spike in the sales of certain medications, even the breathing or social behavior of animals – and assess their meaning more rapidly than current systems allow.

“Our system is agnostic,” Norton said. “It doesn’t matter whether it’s a natural disease outbreak or a terrorism event, it’s looking for those changes and then being able to rapidly detect them and rapidly alert the individuals that are responsible.”

To expand on the chicken-farm scenario: at the moment, one animal’s death might lead a farm worker to call the company veterinarian, the veterinarian would take samples, the farm would look at the flock as a whole, and samples would be brought to laboratories for tests. Ultimately the case might go to a national lab to determine whether avian influenza or another condition was present.

Public health officials say the current system works – but can be slow. Advocates for the BISR system say it would at minimum improve the speed of response, gaining valuable time to determine not only whether a virus was present, but also how it might be circulating in the broader environment. Sensors in and around the poultry houses would track not only a dead chicken, but also the emissions and even behavioral anomalies within the flock – “pattern-of-life” behavior, as the experts say. Any anomaly would be flagged and the system “tipped off,” as Auburn’s Cris Young put it, to alert sensors on other farms.

“The sensors would tip and cue other sensors that would then take a larger look at the larger area or even a state,” Young told The Cipher Brief, “to determine if those signatures coming off of that one particular house that's affected are similar to things happening in other houses.”

Given the sheer volume of data generated by a BISR system, AI models would be used to rapidly assess the data – and check anomalies against specific pathogens.

BISR’s proponents say a similar approach could be taken with viruses among humans, providing more rapid early-warning mechanisms and analysis.

“Advances in sensor capabilities, coupled with the use of AI platforms, provide new capabilities that could be applied to the detection of biological events in the early stages of an outbreak,” the authors of the BISR article wrote. “The concept would provide new tools for early detection, response, mitigations, and ultimately, recovery from an outbreak.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

The tools of a BISR system

The system’s architects say most of its high-tech elements already exist – sensors in place on poultry farms or in public spaces, and various tools of ISR (intelligence, surveillance and reconnaissance) that are currently used across the IC. These might include multispectral and hyperspectral sensors, and many airborne assets – balloons, drones, aircraft and satellites – that have been used to detect concentrations of gases for national security purposes. The International Space Station, for instance, regularly uses hyperspectral imaging to map the earth’s surface, and the Department of Defense uses hyperspectral imaging for several purposes – including detection of chemical and biological hazards.

Norton cited the example of the IC’s use of satellite imagery to monitor concentrations of nitrate in Afghanistan – because high levels of nitrate often indicated the presence of bomb-making facilities. Nitrate is also a component found in animal waste – and so in the public health example, he said, satellite imagery could be used to monitor levels of nitrate and other compounds on a farm.

Ultimately, BISR’s proponents believe the system could also be used to monitor the volatilome (essentially, what humans and animals breathe out) of people at airports or stadiums or other crowded environments, and alert public health officials about anomalies in the data. Young described a scenario in which international arrivals at Atlanta’s Hartsfield Airport – the nation’s busiest – would be watched by hyperspectral sensors to detect anomalies in respiration.

“We might have sensors set up in multiple places as [people] disembark from their flight,” Young said. “There might be several places to take a different scan with multiple sensors, and we might be able to say with some certainty, this person is infected with let's say COVID, and this person is actually shedding the virus.”

The hope is that any anomaly – be it on a chicken farm or at a crowded airport – would tip the system to sweep up other relevant information: Have ER visits spiked in a community? Does social media from that community suggest related anomalies? And so forth. Ideally, a dangerous pathogen would be flagged and identified before it leads to a pandemic, or an act of bioterror would be detected at the earliest possible moment.

Michael Gates, CEO of GDX Development, a company that bills itself as “solving very complex national security challenges,” says he joined the BISR effort “from the technology side of the equation.” GDX has worked previously with the U.S. Special Operations Command. Gates says the key to BISR’s success will involve “sensor fusion” – the linking of a range of data-gathering mechanisms.

“If you think about the world of the Internet of Things, everything's a sensor, and there's not very many systems out there that have the ability to collect off of all of those sensors, bring that data payload in, and then push it into a single pane of glass that can be used for military operations, for intelligence sharing or more tactical things,” Gates told The Cipher Brief.

In the chicken farm example, Gates envisions “sensor fusion” ranging from a hyperspectral scan to “available drone assets” and ultimately “zeroing in down to sensors such as temperature, air purification, even cameras monitoring chicken behaviors.”

Once a problem has been identified, Gates said, “you can use open-source intelligence and other things to mine, let's say, a Reddit form for these things – is anybody talking on the internet about their chicken coops having issues? – and so on, for whatever the issue is.”

“There's already enough sensors out there,” he added. “The data is there. What's happening is that information's not being shared. It's not being centralized, meaning we're getting delayed responses...Nobody has a holistic picture right now on biosurveillance.”

In the early stages of a crisis, the BISR might do a lot of work before humans are engaged, though the Auburn professors stress that the system aims only to provide experts a head start, rather than cut them out of the proverbial “loop.”

“We support human-in-the-loop artificial intelligence systems,” Young said. “We want there to be a person that has to look at this screen at some point and say, okay, I understand what's going on here. Maybe that happens within minutes of an anomaly occurring, but regardless, at some point a person needs to decide, Yes, that's what this is, or No, we need further information.”

The challenges

Norton and Young say they have presented their plans to the House Select Committee and are prepared to do the same to the Defense Advanced Research Projects Agency (DARPA). They believe their system can be 80 percent complete in three years and fully functional in five. As for costs, they say the first two years would require a budget of $10 million, and that the system’s operating costs would eventually be $300 million annually. They argue that billions of dollars have been spent in the biosurveillance domain, and that the BISR would be a major upgrade over existing capabilities.

It may sound like a no-brainer – the smart use of technology to guard against myriad biosecurity threats – but questions abound about BISR and its future. And many of the hurdles to its implementation involve, in one way or another, the human element.

Just as the Intelligence Community has struggled at times to share information and assess national security risks, the government architecture in biosurveillance is complex and often siloed. A host of agencies share responsibility for the nation’s biosecurity – the Centers for Disease Control (CDC), the Health and Human Services Department (HHS), the National Institutes of Health (NIH), the Department of Homeland Security (DHS) and the Department of Agriculture (USDA), to name a few. Experts say they don’t always communicate effectively with one another – and that states don’t always share critical information effectively with the federal government.

Dr. Tom Inglesby, Director of the Johns Hopkins Center for Health Security, noted that in the most recent bird flu outbreak in the U.S., some states wanted to handle the information and response without involving the federal government.

“They weren't even very interested in USDA at times,” Inglesby told The Cipher Brief. “So they said, we'll handle this on our own and we'll let you know. Meanwhile, CDC has to wait for states to bring them the data and information. They don't have command authority to say you must deliver it. It's a voluntary basis.”

Norton says the BISR developers are hoping to partner with one “Mother Ship” agency within the IC – he wouldn’t say which one – because the IC controls the government’s most sophisticated satellites and other data-gathering systems. He also said that while the system involves high-tech elements and the building of the BISR “dashboard,” technology isn’t the primary hurdle.

“Biosurveillance is not a technology problem, but rather a permissions and authorities problem,” Norton said. That might involve permission to use a Pentagon satellite for biosecurity purposes, he said, or agreement from a major industrial farm to share its data or house sensors on its property.

Inglesby said that transparency and information-sharing would be critical for a BISR-like system to work – and that in the case of the chicken farm example, key stakeholders might be unwilling to cede control of the analytical process to a BISR “dashboard.”

“You have the farm owner who will want to make his or her own assessment, you have local government that may not want outsiders coming in and making a determination for them, and you might have unwillingness even at the federal level to do this,” Inglesby said. “You’re going to need an across-the-board buy-in that we haven’t always seen.”

There are also questions about technical implementation. In the Atlanta airport example, Norton acknowledged that even a highly sophisticated hyperspectral sensor wouldn’t be able to detect, say, COVID-19, unless passengers were directed to a discrete area close to the sensors – and here again, permissions would be needed to install such sensors. The post-COVID atmosphere has suggested less public appetite in the U.S. for intrusive screening, not more. The House Select Committee, in its statement to The Cipher Brief, included a reference to “ensuring any proposal balances privacy and the need to avoid the abuses of the COVID-19 period.”

Inglesby also stressed the importance of transparency on the global stage when it comes to public health crises. In the early days of the COVID-19 pandemic, China failed to share the detailed casework of its first 500 patients in the “ground-zero” city of Wuhan – and more than five years later, it still hasn’t done so.

“In Wuhan, the data was very available, there were a lot of people dying, but the data was covered up,” Inglesby said. “And so even if you had installed the most sophisticated systems, if they're being run by people who don't want to share that information, it's not going to change anything.”

Some early-warning biosurveillance systems are already in place, in the world of what’s known as “Syndromic Surveillance” – and experts say many have worked well.

The CDC’s BioSense platform gathers health-related data from hospitals and clinics to detect potential outbreaks or bioterrorism events. As a part of BioSense, "Sentinel Alerts" are generated when reports involve high-concern viruses or diseases. In the case of influenza (the human variant), alerts are triggered when more than 3 % of ER visits are for the flu. Globally, satellites have been used to track dengue fever outbreaks by measuring water levels in the jungle. And wastewater surveillance systems exist to check on levels of bacteria or viruses.

A less positive precedent is the BioWatch program, which was created by DHS in 2001 and billed as "the nation's first early warning network of sensors to detect biological attack." The system tracks the air supply using Environmental Protection Agency air filters, and sends information to the CDC and – if warranted, to the FBI. The system has been blamed for generating dozens of false positives, and in an audit reported by the Associated Press in 2021, BioWatch was said to have failed in detecting known threats.

Norton told The Cipher Brief that today’s technologies are sophisticated enough to ensure that BISR would operate at a higher level than BioWatch. He added that rigorous standards in the AI models would “prevent AI hallucinations” that could cause false positives – or worse, false negatives.

And Inglesby was quick to note that any improvements in early warning and diagnostics would be welcome.

“There is no single system in the country, and people have been talking about building stronger biosurveillance for a long time,” he said. “Anything you can get done in this space would be super-valuable, assuming the costs aren’t prohibitive and you get the buy-in to use this information wisely.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump’s Trip Was a True “Pivot” to East Asia

OPINION — President Trump’s meetings in East Asia last week did more to enhance our relationship with a few allies and partners in the region than the past fifteen years of talking about a “pivot to Asia”.

Yes, showing the flag and having the President interact with counterparts is an important part of diplomacy, at the highest level. It has impact because it shows that the U.S. cares about allies and partners, that the U.S. values this relationship and will be there for allies and partners, regardless of the cost.

So, Mr. Trump’s visit to the region was more than tariffs and trade. It was about relationships that principally deal with national security,

Mr. Trump’s meetings with Japan’s new Prime Minister, Sanae Takaichi, and South Korea’s President Lee Jae Myung were particularly noteworthy. The U.S. and Japan signed security and economic measures – and a Memorandum of Cooperation – to expand cooperation on shipbuilding and critical-minerals supply chains, an apparent initiative to reduce reliance on China for rare earth and other critical minerals. More importantly, it established a relationship with Japan’s new prime minister that will ensure we remain close allies.

With South Korea, U.S. approval to develop nuclear-powered submarines using U.S. technology and facilities was a major U.S. decision, with South Korea joining a select few states that operate nuclear-propulsion submarines. There are a few particulars related to the fuel and safeguard agreements that will have to be addressed, but the bottom line is that South Korea, within a few years, will have nuclear-powered submarines (with conventional weapons), a major enhancement of their deterrent capabilities. South Korea also committed to purchasing large quantities of U.S. energy – oil and gas – and a $350 billion trade and investment agreement.

The highly touted meeting of Mr. Trump with Chinese President Xi Jinping was important because it happened, while underwhelming for the substantive progress. Yes, China did agree to resume purchasing U.S. soybeans and agreed to suspend planned export restrictions on rare earth minerals for one year, while also committing to greater cooperation on the trafficking of fentanyl precursor chemicals into the U.S. In return, the U.S. reduced tariffs on Chinese products from 57% to 47%.

The U.S. also said it discussed the possible sale of U.S. computer chips to China, although not the newest AI chips. For many, Mr. Trump’s announcement that he will visit China in April 2026, with a subsequent trip to the U.S. by Mr. Xi was welcomed by many, hoping that a more robust dialogue with China would be in our respective countries’ interest.

Interestingly, there was no mention of Taiwan or potential conflict in the South China Sea. Apparently, the Trump-Xi meeting dealt exclusively with trade and fentanyl-related issues. Or, if these issues were discussed, both agreed that there would be no public statement documenting these discussions.

Mr. Trump’s visit to Malaysia, Japan and South Korea was an important visit of a U.S. president who prides himself on being a peacemaker. In Malaysia Mr. Trump witnessed the signing of a peace accord between Cambodia and Thailand that he personally brokered. Indeed, that’s how Mr. Trump started his five-day trip to East Asia. He ended it with a request that the U.S. and China help end the war in Ukraine. This has been a heavy lift for the U.S. and Mr. Trump personally, who tried to end this war. It’s also a challenge for China, given that China continues to buy Russian oil, and reportedly provides machine tools, semiconductors and other dual-use items that help Russia rebuild its defense industry.

Mr. Trump’s trip to East Asia was a success, especially for what he accomplished in South Korea and Japan.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Former GCHQ Chief: Cybersecurity, AI, and the New Age of Multilateral Defense

EXPERT INTERVIEW — The last few months have seen a series of major cyber incidents which have frozen airports, crippled companies, compromised government systems, and stolen millions from unwitting victims. Cyber leaders are warning that the threat is being worsened as hackers leverage new technology like artificial intelligence for more potent attacks.

The Cipher Brief spoke with Robert Hannigan, who served as Director of GCHQ, the UK’s largest intelligence agency, which provides signals intelligence (SIGINT) and information assurance (IA), about the nature of the cyber threat, and why everything from supply chain security to cross-sector cooperation is needed for a strong defense. We caught up with him from Riyadh’s Global Cybersecurity Forum (GCF).

The Cipher Brief: I'm curious if you could tell us right off the top, with so many different countries represented, so many different areas of expertise, what is the buzz there, Robert? What are people really most concerned about?

Hannigan: I think the big cyber incidents happening in the Middle East and Europe in recent months, particularly ransomware as a service, so big names like Jaguar Land Rover and others, have kind of given this meeting an extra buzz just before we met. Quite a few people flew in from airports that have been affected by the supply chain attack on baggage handling software. So it was very relevant and topical.

I think that's touched on a broader theme for the last couple of days, which is about supply chain. This is a global supply chain in many cases. So how do we secure that? It's a challenge, but it's no longer enough for companies or governments to secure their own perimeters. They have to worry about the tens of thousands of suppliers and vendors attached to them, their ecosystem, if you like. So regulators are getting there, and the EU has already regulated this and said we're all responsible. Other countries like the UK are getting there. So I think supply chain has been a big theme.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

The Cipher Brief: Ransomware supply chain has been around forever. They're very difficult in their own right, but now we're looking at a world where AI is impacting everything. How concerned are you about that?

Hannigan: I'm really concerned that we don't repeat the mistakes of the past with AI. So as we rush to adopt AI and to use it in our applications across business and government, can we make sure we do it securely? We learned the lessons of cybersecurity because we're all paying the price in a way for 20, 30 years of building a digital economy on software, particularly, but also hardware that was not designed with security in mind. So again, regulators are getting there. They're mandating Secure by Design in most countries, but that's going to take years to follow through. So can we make sure that when we adopt AI, we're doing it safely and securely? And I think there are some big risks in AI, particularly in data poisoning.

The Cipher Brief: Sam Altman did an interview just recently saying the horse is out of the barn, so to speak. And he's not even sure where this is going when it comes to building in kind of more secure ethical processes into using AI.

You sat on a panel there talking about converging crises, the future of cyberspace and complex global dynamics. And boy, are they complex. I'm really curious to hear how all of these different countries are coming together to talk about working together in cyber when some of the countries have closer relationships to China than other countries do. How are you looking at that complex landscape for both risk and opportunity?

Hannigan: It’s a great question. I think the other theme of these last two days has been multilateralism under pressure. This is not a great time for cooperation between states. And that's a problem for cyber because as you know, from your background, cyber is a team sport. You can't do this within one country. And so we really need to approach this multilaterally. I think on our panel this morning, we weren't pessimistic. Yes, it's difficult in geopolitical terms, but actually it's in everyone's interests to try and secure cyberspace. And there are plenty of initiatives going across countries that are working. Secure by Design is one, trying to improve the standard of secure software development. Some of the security work on AI is going across countries. So I haven't given up hope on that working, but it's really essential and why it's great to have people from all over the world at this kind of meeting.

The Cipher Brief: One of the other things I always love to ask you about because it's always extremely relevant is the relationships with the private sector. As former head of GCHQ, this is something that you're very close to. You have a deep understanding of what needs to happen to make these work. How do you take private sector-government relationships in one country and then sort of scale that, if you will, with other trusted partners?

Hannigan: I think it's a great question. I think The Cipher Brief is a great example of an organization that's tried to bring together government and companies in a really effective way. I've just come from the UK where I've done lots of interviews on our recent big retail, ransomware attacks, Jaguar Land Rover and others. It's striking that people still expect government to be able to defend everybody. We all know that that's just not possible.

Government has very limited resources; it can advise, it can regulate. But actually it's up to the private sector companies to defend themselves and to prepare for resilience. And one of the frustrating things for me is that this is possible, this is an achievable goal. We hear about the failures, but actually there are thousands of companies protecting themselves very well and preparing for resilience in case there is an attack so they can contain it and get back up and running very quickly. So there are a lot of people doing the right thing, some people who aren't, and we need to help them get better.

The Cipher Brief: I think you're absolutely right in saying that some of these larger companies that really have the resources to put into cybersecurity and information sharing have a lot more responsibility on their shoulders than those medium and smaller companies which sort of have to wait to see what comes down to them.

Have you been involved in any conversations there that have surprised you or made you think differently about any part of what you focus on every day when it comes to cybersecurity and all of these complex issues?

Hannigan: I think we've had a really good conversation about the positive lessons coming out of Ukraine. And Chris Inglis, who you know very well, was talking about this on his panel. And I think it's a really good point that there are so many positive things coming out of that terrible situation in Ukraine on the cyber side. So why has Ukraine managed to keep going in cyberspace to resist this avalanche of attacks coming from Russia? It's because they've had a partnership with private sector companies, big tech and small companies, with allied countries, in Europe and the U.S. in particular, and there has been a coalition of defense. And there's something really interesting there about the model for how if you get together, private and public, across different allies, you really can defend. And as Chris and one or two others put it, defense is the new attack. It's really powerful when you do it properly.

The Cipher Brief: That was such an interesting time when the full scale invasion started because you did see it's a volunteer army of all of these companies. And the important thing I think to look at there is it was very values based. That landscape is also changing. Are you concerned at all about that in the future?

Hannigan: I think we're all concerned about polarization and some of those companies being torn between East and West and, as you say, closer to China or indeed closer to Russia. I think what's powerful though in Ukraine is they not only used companies and, as you say, volunteers, they also looked to their own citizens and they used very talented people, whatever their backgrounds, to get involved in this great effort to defend Ukraine. So you can achieve good things if you can organize people together. And it's amazing they're still up and running.

And it’s also a victory for cloud. I remember 10 years ago when governments were very nervous about putting anything in the cloud. Ukraine's a great example of where cloud has saved them essentially by putting stuff outside the country. They've managed to keep going and that's impressive and a great vote of confidence.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

A New Frontline: How Digital Identity Fraud Redefines National Security Threats

DEEP DIVE — From stolen military credentials to AI-generated personas seamlessly breaching critical infrastructure, digital identity fraud is rapidly escalating into a frontline national security threat. This sophisticated form of deception allows adversaries to bypass traditional defenses, making it an increasingly potent weapon.

The 2025 Identity Breach Report, published by AI-driven identity risk firm Constella Intelligence, reveals a staggering increase in the circulation of stolen credentials and synthetic identities. The findings warn that this invisible epidemic, meaning it's harder to detect than traditional malware, or it blends in with legitimate activity, is no longer just a commercial concern—it now poses a serious threat to U.S. national security.

“Identity verification is the foundation of virtually all security systems, digital and physical, and AI is making it easier than ever to undermine this process,” Mike Sexton, a Senior Policy Advisor for AI & Digital Technology at national think tank Third Way, tells The Cipher Brief. “AI makes it easier for attackers to simulate real voices or hack and steal private credentials at unprecedented scale. This is poised to exacerbate the cyberthreats the United States faces broadly, especially civilians, underscoring the danger of Donald Trump’s sweeping job cuts at the Cybersecurity and Infrastructure Security Agency.”

The Trump administration’s proposed Fiscal Year 2026 budget would eliminate 1,083 positions at CISA, reducing staffing by nearly 30 percent from roughly 3,732 roles to around 2,649.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

The Industrialization of Identity Theft

The Constella report, based on analysis of 80 billion breached records from 2016 to 2024, highlights a growing reliance on synthetic identities—fake personas created from both real and fabricated data. Once limited to financial scams, these identities are now being used for far more dangerous purposes, including espionage, infrastructure sabotage, and disinformation campaigns.

State-backed actors and criminal groups are increasingly using identity fraud to bypass traditional cybersecurity defenses. In one case, hackers used stolen administrator credentials at an energy sector company to silently monitor internal communications for more than a year, mapping both its digital and physical operations.

“In 2024, identity moved further into the crosshairs of cybercriminal operations,” the report states. “From mass-scale infostealer infections to the recycling of decade-old credentials, attackers are industrializing identity compromise with unprecedented efficiency and reach. This year’s data exposes a machine-scale identity threat economy, where automation and near-zero cost tactics turn identities into the enterprise’s most targeted assets.”

Dave Chronister, CEO of Parameter Security and a prominent ethical hacker, links the rise in identity-based threats to broader social changes.

“Many companies operate with teams that have never met face-to-face. Business is conducted over LinkedIn, decisions authorized via messaging apps, and meetings are held on Zoom instead of in physical conference rooms,” he tells The Cipher Brief. “This has created an environment where identities are increasingly accepted at face value, and that’s exactly what adversaries are exploiting.”

When Identities Become Weapons

This threat isn’t hypothetical. In early July, a breach by the China-linked hacking group Volt Typhoon exposed Army National Guard network diagrams and administrative credentials. U.S. officials confirmed the hackers used stolen credentials and “living off the land” techniques—relying on legitimate admin tools to avoid detection.

In the context of cybersecurity, “living off the land” refers to attackers (like the China-linked hacking group Volt Typhoon) don't bring their own malicious software or tools into a compromised network. Instead, they use the legitimate software, tools, and functionalities that are already present on the victim's systems and within their network.

“It’s far more difficult to detect a fake worker or the misuse of legitimate credentials than to flag malware on a network,” Chronister explained.

Unlike traditional identity theft, which hijacks existing identities, synthetic identity fraud creates entirely new ones using a blend of real and fake data—such as Social Security numbers from minors or the deceased. These identities can be used to obtain official documents, government benefits, or even access secure networks while posing as real people.

“Insider threats, whether fully synthetic or stolen identities, are among the most dangerous types of attacks an organization can face, because they grant adversaries unfettered access to sensitive information and systems,” Chronister continued.

Insider threats involve attacks that come from individuals with legitimate access, such as employees or fake identities posing as trusted users, making them harder to detect and often more damaging.

Constella reports these identities are 20 times harder to detect than traditional fraud. Once established with a digital history, a synthetic identity can even appear more trustworthy than a real person with limited online presence.

“GenAI tools now enable foreign actors to communicate in pitch-perfect English while adopting realistic personas. Deepfake technology makes it possible to create convincing visual identities from just a single photo,” Chronister said. “When used together, these technologies blur the line between real and fake in ways that legacy security models were never designed to address.”

Washington Lags Behind

U.S. officials acknowledge that the country remains underprepared. Multiple recent hearings and reports from the Department of Homeland Security and the House Homeland Security Committee have flagged digital identity as a growing national security vulnerability—driven by threats from China, transnational cybercrime groups, and the rise of synthetic identities.

The committee has urged urgent reforms, including mandatory quarterly “identity hygiene” audits for organizations managing critical infrastructure, modernized authentication protocols, and stronger public-private intelligence sharing.

Meanwhile, the Defense Intelligence Agency’s 2025 Global Threat Assessment warns:

“Advanced technology is also enabling foreign intelligence services to target our personnel and activities in new ways. The rapid pace of innovation will only accelerate in the coming years, continually generating means for our adversaries to threaten U.S. interests.”

An intelligence official not authorized to speak publicly told The Cipher Brief that identity manipulation will increasingly serve as a primary attack vector to exploit political divisions, hijack supply chains, or infiltrate democratic processes.

Private Sector on the Frontline

For now, much of the responsibility falls on private companies—especially those in banking, healthcare, and energy. According to Constella, nearly one in three breaches last year targeted sectors classified as critical infrastructure.

“It's never easy to replace a core technology, particularly in critical infrastructure sectors. That’s why these systems often stay in place for many years if not decades,” said Chronister.

Experts warn that reacting to threats after they’ve occurred is no longer sufficient. Companies must adopt proactive defenses, including constant identity verification, behavioral analytics, and zero-trust models that treat every user as untrusted by default.

However, technical upgrades aren’t enough. Sexton argues the United States needs a national digital identity framework that moves beyond outdated systems like Social Security numbers and weak passwords.

“The adherence to best-in-class identity management solutions is critical. In practice for the private sector, this means relying on trusted third parties like Google, Meta, Apple, and others for identity verification,” he explained. “For the U.S. government, these are systems like REAL ID, ID.me, and Login.gov. We must also be mindful that heavy reliance on these identity hubs creates concentration risk, making their security a critical national security chokepoint.”

Building a National Identity Defense

Some progress is underway. The federal Login.gov platform is expanding its fraud prevention capabilities, with plans to incorporate Mobile Driver’s Licenses and biometric logins by early 2026. But implementation remains limited in scale, and many agencies still rely on outdated systems that don’t support basic protections like multi-factor authentication.

“I would like to see the US government further develop and scale solutions like Login.gov and ID.me and then interoperate with credit agencies and law enforcement to respond to identity theft in real time,” Sexton said. “While securing those systems will always be a moving target, users’ data is ultimately safer in the hands of a well-resourced public entity than in those of private firms already struggling to defend their infrastructure.”

John Dwyer, Deputy CTO of Binary Defense and former Head of Research at IBM X-Force, agreed that a unified national system is needed.

“The United States needs a national digital identity framework—but one built with a balance of security, privacy, and interoperability,” Dwyer told The Cipher Brief. “As threat actors increasingly target digital identities to compromise critical infrastructure, the stakes for getting identity right have never been higher.”

He emphasized that any framework must be built on multi-factor authentication, phishing resistance, cryptographic proofs, and decentralized systems—not centralized databases.

“Public-private collaboration is crucial: government agencies can serve as trusted identity verification sources (e.g., DMV, passport authorities), while the private sector can drive innovation in delivery and authentication,” Dwyer added. “A governance board with cross-sector representation should oversee policy and trust models.”

Digital identities are no longer just a privacy concern—they’re weapons, vulnerabilities, and battlegrounds in 21st-century conflict. As foreign adversaries grow more sophisticated and U.S. defenses lag behind, the question is no longer if, but how fast America can respond.

The question now is whether the United States can shift fast enough to keep up.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Why Are There No U.S. Offensive Cyber Unicorns?

OPINION -- I recently had a conversation with senior intelligence community leaders about their desire to build stronger partnerships with private-sector technology companies—the so-called “Silicon Valley” ecosystem. They were asking for advice on how to engage, build relationships, and ultimately establish strategic partnerships.

But the companies they were most interested in? They were largely consumer-facing platforms. Innovative, yes—but not mission-aligned. That conversation highlighted a broader, more fundamental gap I’ve been thinking about for a long time: Why are there no U.S. offensive cyber unicorns?

We certainly have defense contractors who do cyber work—on site, on contract, embedded with the government. And we have standout cybersecurity companies like CrowdStrike, Mandiant, and Dragos focused on detection, response, and resilience. But where are the startups building offensive cyber tools and platforms? Where’s the VC-backed innovation model we’ve seen in drones, hypersonics, and space?

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

Companies like Anduril and SpaceX have proven that Silicon Valley-style innovation—product-focused, capital-efficient, fast-moving—can thrive in the national security space. So why hasn’t that approach been applied to offensive cyber? Yes, there are legal and secrecy constraints. But those same constraints haven’t stopped commercial companies from building weapons systems or highly classified ISR platforms.

Take a look at the NatSec100 - a curated list of top defense and national security startups. You’ll find companies working on AI, autonomy, sensing, and cybersecurity. But not a single one focused on offensive cyber. Why not?

Shouldn’t we want the best minds at CrowdStrike or Mandiant to spin off and build next-generation offensive platforms? Shouldn’t the DOD and IC be seeding these ideas and building an ecosystem that encourages this kind of innovation?

I believe we should.

Follow Bryan on LinkedIn or right here at The Cipher Brief.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump’s Latest Military Campaign Tests the Limits of Presidential War Powers

OPINION / EXPERT PERSPECTiVE — According to reports, the Trump administration informed Congress that the ongoing hostilities against alleged narco-terrorist groups does not fall within the scope of the War Powers Resolution (WPR). As a result, the administration does not believe the President’s authority to continue to wage this military campaign is in any way constrained by the law.

Trump is building on an interpretation of the law first advanced by the Obama administration to avoid WPR compliance in relation to the U.S. involvement in the NATO campaign against Libya in 2011. This interpretation posits that the WPR is inapplicable to hostilities that fall below the level of large-scale ‘war’ and involve minimal risk of U.S. casualties. Yet ironically, President Trump’s assertion of inherent constitutional authority to start and continue this military campaign is exactly what the law was intended to cover.

Enacted into law in 1973 over President Nixon’s veto, the War Powers Resolution was motivated by congressional determination to prevent future presidents dragging the nation into a war incrementally. The context was obvious: Vietnam. For a super-majority of legislators, that conflict began and slowly expanded under the same premise: presidential assertions of inherent constitutional authority to commit small numbers of U.S. armed forces to low-level operations with limited risk: first as advisors, then to engage in limited direct action, then through ‘limited risk’ air operations. What evolved was an escalation that most of these legislators believed was inconsistent with both presidential assurances and the Gulf of Tonkin Resolution – the statutory use of force authorization Congress enacted in 1965 to empower the President to respond to subsequent North Vietnamese attacks on U.S. assets. From 1964 to 1967, the number of U.S. armed forces in Vietnam had escalated from approximately 25,000 to almost 500,000.

Nothing in the Gulf of Tonkin Resolution limited that escalation, and over the years Congress continued to provide presidents with the money and manpower to wage the war. Yet it was a different lesson from that experience that provided the true motivation for the WPR: the undeniable reality that it is far more difficult for Congress to force an end to a war than it is to prevent (or limit it) from inception.

Voting to cut off funding for an ongoing conflict is certainly a tool in the congressional arsenal to check presidential assertions of war power, but in the context of ongoing hostilities it is unrealistic to expect it will be useful. To begin with, restricting existing appropriations would require a veto-proof super-majority in both the House and Senate. But even mustering a simple majority to deny a continuation of appropriations for ongoing hostilities is politically unrealistic as it will be perceived as ‘abandoning’ or ‘betraying’ troops in the field.

The conflict in Southeast Asia proved this. Even after Congress revoked the Gulf of Tonkin Resolution, it continued to provide fiscal and human resources in support of hostilities. And when service-members asked federal courts to rule that the President lacked constitutional authority to order them to war, judges consistently ruled that this continued support demonstrated joint action by the President and Congress, satisfying the Constitution’s war powers equation. Even when Congress enacted a Bill to cut off all funding for the bombing campaign in support of the Cambodian military’s struggle against the Khmer Rouge, President Nixon’s veto threat and the accordant compromise that extended that funding was enough to lead a federal appeals court to reach the same conclusion. In short, unless Congress could muster a sufficient majority to override a presidential veto and enact law prohibiting continued operations, a president’s unilateral decision to commit the nation to a conflict would effectively put Congress in a straitjacket.

It was against this background the WPR was enacted. At its foundation is the assertion that the President’s authority to commit “United States Armed Forces into hostilities or into situation where imminent involvement in hostilities is clearly indicated by the circumstances” requires either express statutory authorization (a declaration of war or authorization for the use of military force) or “a national emergency created by attack upon the United States, its territories or possessions, or its armed forces.” As a result, the law includes several essential provisions:

· The President must report any such commitment to congressional leadership within 48 hours.

· Once reported (or when such a report was required), the President has 60 days to persuade Congress to support the operation by enacting express statutory authority.

· If Congress fails to enact such an authorization, the operation must terminate (unless Congress grants the President a 30-day extension to bring the operation to an end).

· Congress may order termination of an operation at any time by concurrent resolution (a majority vote by the Senate and the House with no opportunity for a presidential veto).

· Congressional authorization may not be inferred from any appropriation or other law unless it expressly authorizes the operation.

· Nothing in the WPR – to include the 60-day grace period provision – may be interpreted as a grant of authority to the President to commit U.S. forces to hostilities or imminent hostilities.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

From inception, presidents (and many experts) have criticized the WPR as self-contradictory, most notably because it also includes a provision that indicates nothing in the law “is intended to alter the constitutional authority of the Congress or of the President…” These critics argue the law does just that by unconstitutionally intruding upon the inherent war powers vested in the President and the prerogative of Congress to indicate support for presidential war powers initiatives by implication. And there are other defects. For example, the law omitted the well-established inherent authority of presidents to use military force to rescue U.S. nationals abroad (the Senate version included such a provision but it was removed during conference negotiations). And the provision allowing Congress to order termination of an ongoing military operation by concurrent resolution arguably runs afoul of a subsequent Supreme Court decision invalidating what is known as a legislative veto – use of a concurrent resolution to revoke a delegation of authority to the President enacted by law (although there is a question of whether the WPR concurrent resolution provision falls into that category as it is not withdrawing any prior statutory delegation of authority).

And then there is the so-called 60-day clock, perhaps the most misunderstood and at the same time perplexing provision of the law: misunderstood because it is often asserted as a statutory grant of authority to the President to conduct any military operation for up to 60 days (which contradicts Section 8 of the WPR); perplexing because if it is not a grant of authority, then what exactly did it mean?

The answer to the second question is ironically highlighted by the current counter-narcotic military campaign. Because it may not be interpreted as an express grant of constitutional authority to engage in hostilities (or situations of imminent hostilities), it is best understood as a failsafe – an acknowledgment that presidents will likely initiate combat operations on the belief they are acting pursuant to constitutional authority. If they do so, however, the law requires such an assertion of authority be validated by express congressional endorsement within 60 days. If a President is unable to secure such validation, congressional inaction functions as opposition, requiring termination of the operation.

There are, of course, problems with this equation. First, from a president’s perspective, if he is acting pursuant to valid constitutional authority on day 59, how does it evaporate on day 61? And if it was valid on day 59, a mere statute cannot dictate its invalidity. Second, there is something troubling about allowing Congress to require a president to terminate a military operation by inaction. Finally, as noted above, this provision ignores the frequently utilized congressional practice of expressing its support for a presidentially initiated military campaign by implication – primarily through funding and providing necessary resources (including manpower). Examples include not only the Korean War, but also the two post-WPR campaigns that exceeded 60 days without express statutory authorization: the Serbian air campaign in 1999, and the Libyan air campaign in 2011.

Nonetheless, the process of at least seeking congressional endorsement of a military campaign that extends beyond 60 days acknowledges a critically important premise: that the Constitution diffuses war powers between Congress and the President. While the requirement for express statutory authorization may have been constitutionally overbroad from inception of the WPR, seeking some manifestation of congressional support preserves this important war powers balance between the two political branches. Perhaps more importantly, it acknowledges the Congress’ constitutional authority to impose limits on – or even prohibit – commitment of the nation to hostilities.

Instead of acknowledging this shared constitutional role in authorizing war, the Trump administration is staking a claim of unilateral presidential authority. Because we are told there is little risk of U.S. casualties, Congress ostensibly has no role, and the WPR is inapplicable. But it is precisely because, “From small things, big things someday come” that Congress enacted the WPR. Acknowledging a congressional role now – while perhaps not necessarily express authorization – will advance the necessity that the administration make its case for the necessity, morality, and legality of this campaign before the representatives of We the People; give Congress the opportunity to exercise its constitutional role in war powers; and most importantly protect the nation from being dragged, incrementally, into a war Congress may find near impossible to get us out of.

This is a genuine War Powers Resolution moment.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Ukraine’s Long-Range War: How Drone & Missile Strikes Are Taking the Fight Deep Inside Russia

DEEP DIVE – By any traditional definition, the city of Ryazan doesn’t belong on a list of battlegrounds in the Ukraine war. There are no Ukrainian soldiers or tanks deployed there, and it’s in western Russia, roughly 600 miles from the active front lines of Pokrovsk or Kupiansk.

But residents and officials in Ryazan – population 550,000 – wouldn’t be surprised to find their city on such a list. Ukraine has attacked Ryazan at least a half dozen times, as part of an escalating drone-and-missile campaign against Russia’s oil sector. Most recently, an oil refinery in Ryazan – Russia’s fourth-largest – was forced to shut down after an Oct. 23 attack by Ukrainian drones.

Ryazan is hardly alone.

Lt. Gen. Vasyl Maliuk, head of the Ukrainian Security Service, said last week that Ukraine has carried out more than 160 successful attacks on Russian refineries and other energy targets this year; an Open Source Centre investigation identified more than 90 strikes between Aug. 2 and Oct. 14. In the last week alone, Ukraine has struck an oil terminal and tanker in Russia’s Black Sea port of Tuapse; energy facilities in Russia's Oryol, Vladimir, and Yaroslavl regions; and the Koltsevoy, or “ring,” pipeline, which links refineries in Moscow, Ryazan, and Nizhny Novgorod, and supplies fuel to the Russian military. Earlier strikes damaged one of Russia's biggest oil refineries near St. Petersburg, and perhaps most impressive – from the Ukrainian point of view – the campaign has reached as far as the Siberian city of Tyumen, some 1200 miles east of Moscow.

Stretching the conventional notion of front lines is clearly part of the Ukrainian strategy; the strikes have forced the Kremlin to worry about drone and missile attacks across a broad swath of Russian territory. But the main aim is to hurt the Russian oil sector – the country’s richest revenue source, and a key reason why the Kremlin has been able to maintain the funding of its war machine.

“Ukraine’s theory of victory now includes destroying Russia’s energy sector,” Lt. Gen. Ben Hodges, a former commander of U.S. Army Forces in Europe, told The Cipher Brief. “They’ve developed capabilities that can reach great distances with precision, exposing Russia’s vulnerability – its inability to protect critical infrastructure across its vast landscape.”

Last week Ukrainian President Volodymyr Zelensky vowed to intensify the pace and scope of the campaign. “We must work every day to weaken the Russians. Their money for the war comes from oil refining,” Zelensky said in an Oct. 27 address to the nation. “The most effective sanctions - the ones that work the fastest - are the fires at Russia’s oil refineries, its terminals, oil depots.”

Zelensky also noted that 90 percent of the strikes have been carried out by Ukrainian-made drones and missiles – a not-so-subtle message to Europe and the U.S.: get us more of your long-range weapons, and we can help bring Russian President Vladimir Putin to the negotiating table.

“It’s very impressive,” said Balazs Jarabik, a former European Union diplomat and analyst for RPolitik, said of Ukraine’s campaign against the Russian energy sector. In an interview with The Cipher Brief, Jarabik said the attacks have “had an impact in terms of getting headlines, making the Russian war effort more expensive, and creating shortages so the Russian people feel the pain of the war.”

That’s also the aim of the recent U.S. sanctions against energy giants Rosneft and Lukoil, the first American economic penalties imposed on Russia since Donald Trump returned to office. The Treasury Department said the sanctions would “increase pressure on Russia’s energy sector and degrade the Kremlin’s ability to raise revenue for its war machine.”

While Ukrainian officials have welcomed the sanctions, they have also said that their drone and missile attacks pack a more powerful punch.

“Our strikes have already had more impact than sanctions,” Kyrylo Budanov, Ukraine’s head of Military Intelligence, said on Telegram following last week’s spate of attacks.

For their part, Putin and other Russian officials have downplayed the impact of the strikes while at the same time warning that they are dangerously escalatory. The Kremlin has also said that neither the attacks nor the sanctions will move them to change course in the war.

Experts say both sides may be right – that in the short term, the Kremlin can probably ride out the impact of the Ukrainian campaign, but that Russia may feel significant pain if the sanctions are enforced and the oil sector strikes continue.

“Russia’s oil refineries are a bit like a man who is being repeatedly punched,” Sergey Vakulenko, Senior Fellow, Carnegie Russia Eurasia Center, wrote in a recent assessment for Carnegie Politika. “He will not die from one punch, or even half a dozen punches. But it becomes harder and harder for him to recover after each subsequent blow. Although no single punch is fatal, he could end up being beaten to death.”

Assessing the damage

To date, the Ukrainian strikes have hit 21 of Russia's 38 large oil refineries, according to the BBC, and several have been struck more than once. Roughly 20% of the nation’s refining capacity has been damaged or destroyed, and last month the International Energy Agency (IEA) reported that Russia's revenues from crude oil and refined products had fallen to their lowest level in a decade – excluding the period immediately following the COVID-19 outbreak.

"Persistent attacks on Russian energy infrastructure have cut Russian crude processing by an estimated 500,000 barrels per day, resulting in domestic fuel shortages and lower product exports," the IEA said. In an accompanying forecast, the agency said that if the sanctions remain in place and the attacks continue – even without Zelensky’s promised scaling-up of their cadence – the impact to Russia’s refining would stretch to at least mid-2026.

Beyond the macroeconomic impact, the Ukrainian campaign has also been felt by Russian citizens, in the form of higher fuel prices and – in some regions – shortages and long lines for gas.

“The economic impact of strikes against Russian energy infrastructure is beginning to be felt outside of Moscow, as Russia diverts available energy from the regions to keep Moscow supplied,” Rob Dannenberg, a former chief of the CIA’s Central Eurasia Division, wrote last week in The Cipher Brief. “There are shortages and energy price hikes that the Kremlin can no longer conceal.”

And in a broader reflection of Russia’s economic woes, this week the central bank downgraded the country’s growth forecast. Experts say the sanctions and Ukrainian strikes are a big part of the problem for Moscow.

“Ukraine’s attacks on Russian energy infrastructure are strategically meaningful and increasingly so,” Jacek Siewiera, a former head of Poland’s National Security Bureau, told The Cipher Brief. He said the strikes are serving three strategic functions: forcing Russia to divert efforts to rear-area defense; raising the overall cost of war by creating new logistical costs inside Russia; and a less tangible, more symbolic impact.

“These attacks send a message to Moscow and its economy that Ukraine – and its backers – can reach deep,” Siewiera said. “That has symbolic as well as material value.”

What comes next

Might the Ukrainian campaign alter the course of the war? Experts are divided on the question.

On the one hand, dozens of Russian oil sector targets are now within reach of Ukrainian missiles and drones – and it’s clear that Zelensky’s vow to expand and intensify the campaign is underway. An already-bruised industry in Russia is surely girding for more punishment.

But several experts said that in order to sustain the tempo and volume of the attacks, Ukraine will need help from the West or a significant boost to its own capabilities.

“Ukraine has made impressive inroads but it’s not yet clear whether the strikes will fundamentally degrade Russia’s war-fighting capacity,” Siewiera said. He and others echoed Zelensky’s point – that the West should support Ukraine’s deep-strike capabilities to boost the impact of the current attacks, and improve the odds that they will effect change in Moscow. Until then, Siewiera said, it’s unlikely that the campaign can deliver “a knockout blow.”

Jarabik agreed, noting that Ukrainian drones typically carry payloads of only 50-60 kilograms (roughly 110-130 pounds); long-range missile systems can inflict far greater damage. He and others said that much will depend on the success of the Ukrainian-made Flamingo missile – which has been touted as a homegrown alternative to western long-range weapons. Officials say the Flamingo is now operational, and that it can carry more than 1,000 kilos (2000+ pounds), with a range of roughly 1800 miles.

“I think we are going to see the Ukrainian strikes increasing,” Jarabik said. “The big question here is whether Ukrainians are going to have the missile capabilities to scale the attack.” At the current rate, he said, Ukraine cannot compel the Kremlin to alter its approach. “So far, neither the sanctions nor this (campaign of strikes) is actually enough to bring the end of the war. Russia has the means to continue.”

All those interviewed for this piece agreed that the success of the Ukrainian campaign will depend on whether Ukraine can hit more targets, more frequently, and with heavier payloads.

“As Ukraine continues to improve its long-range precision strike capability – and if the West adds its own weapons to Ukraine’s arsenal – the impact is going to increase significantly,” Lt. Gen. Hodges said. And that, he said, “could lead to a successful outcome for Ukraine.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The U.S. Role in a Multipolar World - and the Dangers of Isolationism

OPINION — “What should the U.S. role in the world be right now? We're waiting for the [Trump administration] National Security Strategy to come out from the White House, which should come out in the next couple of months, which will be really interesting to see what they have to say. We are in the post-post-Cold War world. You know we had that brief period at the end of the Cold War when it was like, yeah, we won, everything's good -- and then no it's not. So now we're like accepting that it is a complicated world. So what role do we play?”

That was Rep. Adam Smith (D-Wash.) last Wednesday as The Brookings Institution’s keynote speaker at the 2025 Knight Forum on Geopolitics. Elected to Congress in 1996, Rep. Smith has served on the House Armed Services Committee since 1997. He was committee chairman from 2019-to-2023, and today is the ranking Democrat. He has also previously served on the House Foreign Affairs Committee and the House Permanent Select Committee on Intelligence.

Smith, who has focused on national and international security strategy during most of his 28 years in Congress, is someone I believe should be listened to in this controversial time in our history. And during his Brookings appearance, he not only touched on the key issues today, but also put them in an historic context that makes for a better understanding of them.

For example, Rep. Smith said, “We did a masterful job in my humble opinion post World War II of figuring out what is our role in the world and then playing that role to a very effective degree. It's not perfect. Certainly there were mistakes. I think we need to do that again. And the number one biggest theme for me is we have to get rid of the idea that we are going to dominate the rest of the world.”

Instead, he said, “We have to be engaged, but we have to embrace the idea of a multi-polar world that we can influence, but not control. And that I think was the biggest downside to the end of the Cold War -- it gave us grandiose ambition, delusions of grandeur, if you will, and the notion that our mission was to make sure that no pure competitor emerged. You remember that philosophy? That's a really hard thing to do. We're not going to be able to do it, just like we're not going to be able to defeat China.”

So how does Rep. Smith suggest we deal with China?

“We really need to talk with China,” he emphasized last week. “I think the relationship with China is the most consequential bilateral relationship in the world right now and will be for decades to come. The two most powerful economies [and] increasingly pretty close to the two most powerful militaries, as China has ramped up [militarily]. And I think we need to find a way to get along with China.”

However, he said, “The focus in Washington D.C. is very much how do we beat China? And that you see in Congress all the time. You certainly see it from the [House] China Select Committee. What I want to know is what is our plan for coexisting with China? Because that's what we're going to have to do. We're not going anywhere. They're not going anywhere.”

Rep. Smith acknowledged that China, along with what he called the “cringe” people -- Russia, Iran and North Korea – are threats. But, he added, “of that group, China is the most invested in a global order. I mean, their economy is dependent upon it. They have slightly different views for how that global order should be run. But we are a lot closer to aligned in that than we are certainly with Russia or North Korea or Iran or your average ISIS or al-Qaeda [terrorist] group. So I think there was an opportunity there to have a dialogue with China that could bring the tension down and get to a better relationship.”

At another point, Rep. Smith said, “If China wants those [global order] rules to be changed to help them, they're going to have to show that they're something other than a belligerent aggressive actor just trying to gobble up as much as they can gobble up. Because people forget we had to do a lot of crap that was just helping other people, all right? You know, the Marshall Plan in Europe, we rebuilt Japan, earthquakes, tsunamis all over the world. You know, we've done that. You know, that's part of it. All right, China, you want to be the big global player. Part of it is not just looking at the rest of the world as a resource opportunity. Not that we haven't done that, too, but we've balanced that out with helping people.”

Rep. Smith described something he said “the Biden administration did really, really well… I know there are a lot of people who are critical of a lot of different things the Biden administration did, but the alliances that we built up around China during his Presidency were really consequential and very important. Certainly, the Quad with Japan, Australia, India and the U.S. was important. Japan has become a much better partner. South Korea, the Philippines, these are areas where we built partnerships that strengthened us.”

“China looks at the U.S. and sees us as having three great advantages,” Rep. Smith said. “One, we got partners and alliances that no other nation in the world has. Two, we do research better than anybody. And three, people want to come here. You know, we're damaging all three of those to one degree or another at the moment. But taking advantage of those partnerships and alliances to strengthen ourselves, I think needs to be part of the solution.”

He went on saying, “Maintaining and building on those partnerships is crucial. Obviously, [President] Trump has a slightly different approach, more confrontational. I worry about how that's going to impact it.”

Noting that President Trump “has a slightly different approach, more confrontational,” and was at that moment in Asia “trying to patch that up,” Rep. Smith advised, “I would say figure out how to get along with China, maintain and build alliances with as many other nations in that part of the world as possible.”

“But I would love to see a world 10, 20, 30 years from now,” Rep. Smith said, “where China and the U.S., if there's some disaster in the world, if there's a famine, if there's a natural disaster, if there's just a country that's infrastructure is crumbling, are sitting at the same table talking about how do we handle this? Okay, that is a better world. Now, to get there, we have to get off of this zero sum competition.”

It was in dealing with allies and partner countries that Rep. Smith said, “Trump came in with his uniquely bullying approach to try to get them [allies and partner countries] to do more. And what I worry about there is if you're just trying to get them to do more as part of a collective understanding of what our national security interests are -- great. You know, be as aggressive as you have to be, make it work. But there is considerable concern that isolationism is pushing Trump's viewpoint as much as a desire for greater burden sharing, which is to say, ‘We don't care. We're out. Good luck.’"

“That is where we don't want to go,” Rep. Smith said, “And that's where a lot of the Trumpian rhetoric is troubling to me because on the Trump side…is the argument that somehow the

United States of America has been taken advantage of for the last 80 years. All these European countries, these Asian countries, we provided security to them. I think [Defense] Secretary [Pete] Hegseth had the unique way of saying it, you know, Uncle Sam shouldn't be Uncle Sucker.”

Rep. Smith explained, “Those partnerships, those alliances that we built benefited us more than any other country in the world. We had the biggest, most powerful economy ever because we had a relatively peaceful world. We had a lot of partners and friends. We weren't doing it out of some generosity. We didn't want to be dragged into another world war, which would be costly to us. And we wanted a reasonably prosperous world to do business with. That's what we wanted.

And that's what we got. Now how we divided that wealth back here at home has certainly raised some issues, but the basic point is that we generated a very robust global economy that we benefited from.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Pointing out that after WWII, “we didn't want those countries [Germany, Japan] building up their militaries and doing more, because we saw how that had played out over the course of the previous thousand years,” Rep. Smith said. But, he added, “We're right now in the midst of a huge debate over the U.S. presence in Eastern Europe, and are we going to maintain it? A lot of mutterings…[are] that we're going to be pulling out, which can undermine the [NATO] alliance. So, I'm worried about it.”

His worry, he said, “is this administration going to remain committed to the concept of why these alliances are important, not just for our partners, but for us as well?”

But Rep. Smith explained, “Now is not the time to signal weakness to [Russian President] Vladimir Putin in Eastern Europe. Now, that's kind of hard to argue with, so why are they doing it? And that gets back to sort of the concern about their world view. The way they [the Trump administration officials] try to pitch it is we can only do so many things at once. So we're trying to prioritize in different places.”

Rep. Smith went on, “I guess the argument there would be they're prioritizing in Asia. But the world is connected. Sorry, but what's happening in Europe has a profound impact on what's

happening [in Asia]. In fact, you know, if we want to stop China from being overly aggressive in terms of taking the territory of other nations and militarily, the single best thing we can do is make sure that Putin fails in Ukraine, to make it clear that that type of aggression to expand territory doesn't work. So, we're not helping Asia by looking weak in Eastern Europe.”

Rep. Smith also looked at other parts of the world.

He said, “Israel's consistent effort, with our help through multiple administrations, [led to] weakening Hezbollah, you know, weakening Hamas and weakening Iran, certainly put them in a vastly weaker position as a regional player. And [that] has created the opportunity to get a stable government in Syria and a stable government in Lebanon and an increasingly stable government in Iraq.”

He added. “That's where we want to get to. And we've made a large amount of progress on that. Now again, Donald Trump is going to take absolutely 100% of the credit for that. and he deserves maybe five percent of the credit for that. But that puts us in a better position on that.”

Closer to home, Rep. Smith said, “I do worry about the Trumpian Monroe Doctrine approach here. We're spending a heck of a lot of money out of the [U.S.] military to secure a border that Trump says is already secure. That is a distraction financially. Then, picking a war with Venezuela and Colombia and randomly blowing up people down in the Caribbean, in the Pacific -- that's expensive, destabilizing, and I don't see it having the positive impact that they claim it is. And it also undermines our credibility if we are engaging in what most of the world views as extrajudicial killings.”

I must add here as a closing, something Rep. Smith said two days later during an appearance at the Council on Foreign Relations. It’s the best summation I’ve seen of all the issues involved in the Trump administration’s self-started drug war.

“Basically,” Rep. Smith said, “the President of the United States has decided that he will institute the death penalty for drug dealing. Now that’s an interesting policy question. It’s been debated. There are some countries that have gone to different places on it, but it is not a policy question that we’ve had in the United States of America. That’s not legal. That’s not something we’ve decided to do. Not only has the President of the United States decided to circumvent all of that, and say, ‘Yes we’re going to have the death penalty,’ but he’s decided to do it without any due process. He’s appointed himself judge, jury and executioner. And who are they targeting? From what we can glean from the briefing yesterday [last Thursday by Pentagon officials], and what they have said publicly, there are 24 different narco-terrorist groups, as they called them. We have no details on who’s in the 24. But it’s also, not just the people who are part of the 24 drug cartels, but anyone who is affiliated with the drug cartels which also comes with not much of a definition.”

Rep. Smith concluded, “So the President basically empowers himself to use the United States military to do lethal strikes against tens-of-thousands of ill defined people without the oversight [needed]. That is a clear abuse of power and a massive expansion of the power for the President of the United States and I believe that undermines the Constitution and the rule of law to people who care about those things anymore.”

I fully agree.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Countering the Kremlin’s Five Most Effective Narratives About Ukraine

EXPERT PERSPECTIVE — In the summer of 2008, as Russian tanks rolled toward the borders of Georgia, the battle had already begun—shaped decisively by large-scale cyberattacks and cognitive warfare. Weeks before the first shots, cyberspace erupted with coordinated attacks crippling Georgian government and media websites, including distributed denial-of-service (DDoS) and defacements. Simultaneously, state-controlled and aligned media saturated both domestic and international audiences with fabricated narratives portraying Georgian aggression, warnings of impending genocide in South Ossetia, and accusations blaming the U.S. for encouraging Georgian belligerence through NATO membership promises. These tailored information operations sowed confusion and paralysis, isolating Georgia as Russian forces advanced.

The invasion of Georgia by Russia may have marked the first notable instance in which Moscow simultaneously employed conventional military operations, cyberattacks, and cognitive warfare in a military campaign. Of particular note for this article, Russia’s weaponized narratives before, during, and after the invasion constructed a false reality that attempted to influence—at the speed of global media—and with some success, how the West and a broader international audience understood what was happening in Georgia—and why it was happening—with the goal to manipulate Western views, decisions, and actions. Of the many lessons Russia learned in its invasion of Georgia in 2008, that may have been one of the most important.

If this sounds similar to Russia’s actions against Ukraine in 2014 and 2022; it should. This strategic approach of using persuasive and weaponized narratives is grounded in Russian “Active Measures” and “Reflexive Control”.

Active Measures: Russian actions, most of which are covert and deniable, to achieve its foreign policy objectives through the use of political coercion, espionage, sabotage, assassination, media manipulation, ambiguous forces, and propaganda.

Reflexive Control: Actions by Russia to influence and shape an adversary’s decisions so that the adversary voluntarily makes choices that favor Russia.

These two elements of Russian doctrine embrace cognitive warfare as a comprehensive strategy and the blurring of lines between peace and war to target civilians, military leaders, and policy makers. As evidenced in Georgia, Russia’s goal is to also sustain long-term cognitive impact, or cognitive occupation, according to the Institute of Development of Freedom of Information (IDFI), even after fighting ends so that a target state’s people, government, and institutions unconsciously align with Russian interests. “Cognitive occupation”, or the calculated persistent and long-term presence and effects of cognitive warfare on people, institutions, policies, and decision-making, is also a threat to the U.S.

Russia’s use of weaponized narratives has played a foundational role in Russia’s long-standing attempts to subjugate Ukraine and blunt U.S and Western interference. Narratives that criminalize, delegitimize, and “Nazify” Ukraine’s leaders, claim that Russian is protecting vulnerable populations within Ukraine, point to U.S. and Western interference as forcing Russia’s hand, and provide even a thin rationale for illegally annexing territories are now recognized as textbook Russian strategy.

Those narratives and Russia’s use of broader cognitive warfare tools have evolved as conditions change to now include negotiations, and remain in use today against Ukraine, but also against the U.S., NATO, and in fact a global audience. Russia’s intent is to deceive, confuse, fracture, intimidate, and to manipulate decisions that favor Russia both on the ground in Ukraine and in negotiations. Feigned cooperation with the West as well as distractions and delays—while Russia is simultaneously attempting to seize more territory in Ukraine and conducting gray zone attacks in Europe to fracture and weaken NATO support for Ukraine—is part of that same strategy.

This isn’t a new topic—in fact, much has been written by analysts and think tanks on Russia’s use of narratives in its war on Ukraine and the persuasive power of narratives. This article argues that there are five broad Kremlin narratives aimed squarely at the West, and the West’s lack of an effective counter-narrative strategy is inadvertently allowing these narratives to weaken Western resolve toward Ukraine and ceding control of the information space to Russia.

These are the five broad narratives that Russia is employing today, all of which you will recognize.

1. Russia’s invasion of Ukraine was justified—The West/NATO/Ukraine is the root cause of the war in Ukraine

This narrative has been well documented in Russian foreign ministry statements, Russia media, and Vladimir Putin speeches beginning with the Crimea crisis. It is similar to Russian tactics during its 2008 invasion of Georgia. Topics on “protecting Russian speakers,” “de-Nazification,” and “forced into war by the West” feature in almost all Russian communications leading up the invasion of Ukraine and after, particularly Putin’s speech that launched the invasion.

Although the “strategic declassification” by the U.S. in 2022 of Russia’s plan to invade Ukraine helped undermine the legitimacy of these narratives, Russia’s persistence in pushing this narrative extended its influence. Russia has used this narrative to attempt to cast itself more as a victim of U.S. and NATO expansion or even as a reluctant actor in Ukraine.

Most in the West generally dismiss this narrative, but it is still influential within Russia and with pro-Russian voices around the world. It has resonance in the Global South and is amplified by China. It will be difficult to displace globally as it exploits historical grievances and anti-Western sentiments and is still discussed in some Western policy debates.

2. Putin wants peace—but pressure on Russia will collapse talks

This is a constant theme in Kremlin messaging, beginning in 2014, and particularly pronounced from late 2021 onward as Russia massed troops near Ukraine. Russia often stated that it was only seeking negotiations and security guarantees and that pressure from the U.S. and the West would undermine potential talks.

The narrative has particularly manifested itself in the approach to the negotiations. Putin established redlines early as negotiations approached, and the U.S. team offered concessions to get Putin to the table, to test his commitment to real negotiations and a ceasefire, and to prevent him from walking away. Putin instead offered to stop fighting and freeze battle lines if Ukraine turned over all the territory in its Donetsk and Luhansk regions that remains in Kyiv’s hands. Putin basked in the warm reception in Alaska but continued to resist making any concessions or move toward a ceasefire.

This narrative appears to be weakening in influence today, in part because of Putin’s maximalist demands, delaying tactics, and very visible resistance to a ceasefire and concessions.

3. Ukraine will have to give up territory—Ukraine’s intransigence prolongs the war

This has become one of the more normalized, and I think potentially persuasive, narratives employed by Russia, and it is often presented as the “only reasonable solution” to the war in Ukraine. Russia began demanding territorial concessions in 2014, with greater intensity in 2022, when Russia raised Ukraine’s “inevitable” need to cede land for peace. Within months of the invasion, discussions began to appear in some Western media about “difficult compromises” facing Ukraine. Over time, this narrative managed to replace “Russia must withdraw its forces”, demonstrating the influence of narratives in countering geopolitical realities.

Ukraine finds itself in an odd place. There must be a term that describes how an invading aggressor (Russia) is not asked to give up illegally-seized territory because of the perception that it is irreversibly entrenched in its negotiating position, while the defending country under attack (Ukraine) is asked to concede more, to give up more, merely because it is more cooperative.

Of course, this also reflects the power imbalance and the perceptions of strength and weakness in the negotiations. The U.S. does not believe it can compel Putin to make concessions—even the most obvious ones, like withdrawing from Ukraine or paying reparations—so it doesn’t demand them or put them on the negotiating table. Conversely, the U.S. believes it can persuade Ukraine to make concessions because Ukraine needs U.S. support, so it expresses more expectations for Ukraine, including to sacrifice its national sovereignty and territorial integrity.

This narrative is rising in influence. War fatigue, Russian intransigence, the perception of a lack of real options, and the desire for a settlement are increasing the discussions for “realistic outcomes.” If this narrative prevails, it could result in an outcome that directly rewards Putin's aggression and signals to global authoritarians that invasion is a viable long-term strategy

4. Ukraine joining NATO is off the table—Russia must be involved in security guarantees

Russia has been long opposed NATO membership for Ukraine. Going back to the 2008 Bucharest Summit, Moscow has strongly stated that Ukraine joining NATO aspirations was unacceptable. This intensified after 2014 and this became a core Russian talking point after its 2022 invasion of Ukraine, including the stated requirement of the involvement of Russia in any future security arrangements. Today, Putin and Foreign Minister Lavrov have explicitly advanced this narrative since the first phases of negotiation, particularly when discussing alternatives to NATO membership for Ukraine.

The question of NATO membership for Ukraine has also been debated within Western policy circles for years. Discussions of possible security guarantees involving Russia surged in early 2022 as policymakers sought alternatives to NATO membership. Russia’s insistence on being part of those security guarantees continues to complicate these discussions.

It is fair to say that this narrative continues to be influential. A hold on Ukraine’s NATO prospects is essentially U.S. and NATO policy for now. Russia continues to strongly state the requirement for its involvement in future security guarantees—essentially a Russian veto on the implementation of those guarantees—as essential to any agreements.

5. A Russian victory is inevitable—Ukraine can never win

This is less about a single speech and more about a recurring theme in Russian state media and propaganda since the bleak outlook at the beginning of the war when it looked like Ukraine could fall within days or even hours. Russian propaganda of “unstoppable” Russian forces contrasted with Ukrainian weakness and futility was a persistent theme. Some Western analysts and so-called experts also predicted a quick Russian victory. Russian propaganda about the strength and power of its forces had effectively influenced a global audience.

I believe it is fair to say that a theme of Russian invincibility and inevitable victory regardless of actions by Ukraine and the West can and has undermined some support to Ukraine. It can create a defeatist attitude and risk aversion in some Capitals. It may also cause some countries to question the value of continued investment in Ukraine. Many nefarious actions and statements by Putin, including his own deliberately-crafted strong-man image, are meant to support this narrative.

Today, this narrative is far less credible than in 2022 from a battlefield perspective. Ukraine, with the support of the U.S. and NATO, shattered the myth of Russian battlefield dominance. However, this narrative has shifted to Russia’s ability to use political maneuvering, manipulation of the negotiations, bypassing of sanctions, support by China, and exploiting division within the West to achieve its goals. This narrative still influences many in the West and has the potential to undermine negotiations to the favor of Moscow.

These five narratives gain strength and persistent influence when repeated throughout traditional and social media. They are significantly enabled by Russia media and its proxies. They are also strengthened when discussed or even supported by U.S. and Western public officials. I have not heard official in the West having a real discussion about Nazis in Ukraine, but there have certainly been numerous discussions about a NATO role in Russia’s invasion, the “need” for Ukraine to give up territory, the challenges of Ukraine joining NATO, and if Ukraine can win at all even with U.S and NATO support.

I am not implying that U.S. and Western officials are intentionally using Russian narratives, but the alignment of Russian narratives with views already held by some in the West extend the life and influence of these narratives.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Although these Kremlin narratives have been somewhat successful, particularly when used in unison, they are also somewhat fragile because they are false and not anchored in reality. If we compare a narrative to a flame, a narrative needs oxygen to grow and spread; without that oxygen, narratives can weaken and lose relevance.

Oxygen for narratives come from their continued use in social and traditional media, in legitimate public discourse, and by legitimate public figures. These narratives are also persistent and persuasive when they are unopposed by equally persuasive and persistent narratives. For example, narratives, such as “Ukraine will have to give up territory” or “Ukraine joining NATO if off the table”, which are based on the evolving positions of the involved parties will remain persistent and legitimate with continued use and in the absence of alternative narratives.

Let’s look at the five narratives that can undercut and replace the Kremlin’s five false and manipulative narratives. These five new narratives don’t require complex explanations. They are principled, grounded in facts and international law, speak directly to sovereignty and territorial integrity for all nations, and are based on a commitment to accountability and to deny reward to authoritarian invaders. We’ve heard them all before: yet as Kremlin narratives have spread, these have faded from prominence and influence.

1. The invasion of Ukraine was an illegal and unprovoked military action by Russia.

This narrative grounds the conflict in international law and strips away Russian efforts to justify its invasion. It’s a reminder that Russia alone is the “root cause” of the war in Ukraine.

2. Russia must withdraw all forces that invaded Ukraine in 2022 and pay reparations to Ukraine. Crimea remains sovereign Ukraine territory illegally occupied by Russia.

This narrative addresses accountability of Russia’s actions and undermines Russian efforts to normalize its presence in Ukraine. Further, it puts pressure on Russia to explain why it isn’t withdrawing from Ukraine instead of Ukraine explaining why it should not give up territory to an invader. It is also a strong statement that invasion and occupation by aggressive authoritarians will not be rewarded.

3. Ukraine is a free, independent, and sovereign state. A decision to join NATO is a decision between Ukraine and NATO.

This narrative reinforces the sovereignty, territorial integrity, political independence, and autonomy of nations, including Ukraine. It undermines any efforts by Russia to undermine the legitimacy of Ukraine as a nation and to control discussions over Ukraine’s future.

4. Russia is attempting to delay and undermine the negotiations. It must come to the negotiating table willing to make concessions or face consequences.

This puts the burden squarely where it belongs—on Russia—to engage in meaningful negotiations to end its occupation of Ukraine and the war, or face real and sustained consequences. This narrative is strengthened by US and NATO publicly planning and implementing measures, such as energy and banking sanctions, secondary sanctions, redirection of seized assets to Ukraine, expulsion of Russian diplomats, and other persuasive actions directed at Russia.

5. The U.S and NATO stand together to support Ukraine.

This narrative emphasizes the unity and shared commitment to the security of Ukraine that Russia has worked so hard to undermine. It is also a signal that Putin’s efforts to charm America and increase its gray warfare on Europe has failed. It is strengthened by an increase in arms and sustained support to Ukraine by the U.S. and NATO as a strong signal of unity to Russia.

These replacement narratives simply need oxygen—in public discourse, global media, and statements by Western public figures about Ukraine, Russia, and the negotiations, particularly from the U.S. negotiating team. Now is the time to use these narratives—persistently and in unison—to replace the Kremlin’s false and manipulative narratives and to undermine the hold Putin wants to have on the discussions on Ukraine and the negotiations. Displacing entrenched narratives isn’t easy, particularly in parts of the world where Russian influence is high, but repetitive use of these narratives by U.S. and Western officials can begin to erode the Kremlin’s narratives and send strong signals to Russia itself.

Finally, it is clear that the U.S. is dissatisfied with the pace and outcomes to date of the negotiations. This is, in part, because we have been losing the battle in the information and influence space to these Russian narratives. The goal of Russian “reflexive control” is to persuade Russia’s adversaries to make decisions voluntarily that support Russia. Russia’s weaponized narratives play a role in achieving that outcome. It is certainly not too late to change the course of the dialogue and the negotiations in a way that favors the U.S., Ukraine, and our allies. Putin believes he is in control and can dictate the outcome. Advancing these narratives will show him that he’s wrong.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

How the U.S. Can Stay Ahead of China in Space

OPINION — Space has gone from frontier to front line. But despite this increased urgency and promises to remain first in flight, the Trump administration recently cut the Office of Space Commerce’s budget. Additionally, NASA remains without a permanent leader and is struggling to select a new lunar lander for its Artemis missions.

It’s a dangerous place to be as America’s adversaries are investing heavily in everything from spy satellites to landing on the Moon. Now is the time for the United States to prioritize investment in innovation and security.

Space systems form a comprehensive network of terrestrial and extra-terrestrial assets that drive economic growth. America’s space economy provided nearly $241 billion in direct gross economic output in 2023 while undergirding communications, energy, and financial services infrastructure. Space also remains at the frontier of the American way of war, underpinning much of the country’s precision-strike capabilities, and remains a key element of the Trump administration’s plans to invest in the “Golden Dome” missile-defense system.

In space, China is seeking to dominate the commercial market, develop dual-use platforms to execute military objectives, and undermine American infrastructure. Having spent billions to develop its space launch sector, China may use its statist model to strategically hollow out the American private satellite launch market, forcing firms to rely on Chinese infrastructure vulnerable to espionage. Beijing also remains committed to militarizing space, both to launch “blinding” attacks against U.S. space-based assets and as a means to achieve new precision-strike capabilities. Some of these capabilities have already been delivered to Russia and Iran, allowing them to strike American interests and, in the case of the Iranian-backed Houthis allegedly using Chinese-provided targeting data, assets.

Chinese efforts call for immediate action from Washington to secure U.S. space systems, though the need to act quickly and with innovation needs to be balanced with the imperative to secure critical infrastructure.

First, the Trump administration should designate space systems as critical infrastructure under National Security Memorandum 22, while designating NASA as the federal partner responsible for helping private industry identify and mitigate risk. This designation, which will place space systems on the same footing as the terrestrial defense industrial base and the healthcare and public health sector, will ensure that the White House prioritizes space security concerns and provides more comprehensive protection for space systems.

Second, the Federal Communications Commission (FCC) should continue its work to streamline licensing processes. This can be done by adopting the proposed “licensing assembly line” that clarifies standards and accelerates innovation paired with a “building block” approach to encourage evolving technologies. The FCC should also adopt the new licensing category of “Variable Trajectory Spacecraft Systems” to allow novel orbiting technologies, such as landers, orbital transfer vehicles, or in-space assembly, to flourish within a predictable and expedited regulatory environment. Establishing this category will help the United States to diversify its space assets, offer redundancy, and enhance its competitive capacity.

Third, the government should prioritize the physical and cyber security of space systems, keeping in mind the rapidly changing technology landscape. Lowering the threshold for requiring American firms to report foreign ownership to five percent will better capture the ownership structures used by foreign adversaries. Requiring space station operators to improve data sharing practices to account for different levels of data sensitivity and the need to preserve data security can enable safer operations and prevent adversaries from accessing sensitive data. Mandating stronger cybersecurity standards that account for the unique vulnerabilities of space infrastructure is critical for maintaining space operations. Future-proofing cybersecurity standards by prioritizing encryption adaptability will help address weaknesses related to the long-term nature of many space-based assets.

Finally, the administration should ensure that the centers tasked with maintaining security of space infrastructure are adequately resourced. These elements include not only those dealing with commerce, but with science and innovation as well, particularly NASA. Without an effective Office of Space Commerce, satellites are at risk of collision; without a well-funded NASA, the government loses significant procurement clout and cedes its innovative edge. And without space, America forgets its past in the process of losing its future.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Sahel’s Terror Surge Signals a New Front in Global Security

DEEP DIVE — On the night of June 20, 2025, the Nigerien village of Manda became the stage for one of the deadliest massacres in the Sahel in recent memory. As dozens of worshippers gathered at a mosque for evening prayers, militants from the Islamic State’s Sahel Province encircled the village and opened fire without pause. Bullets tore through the congregation, killing at least 71 men, women, and children and wounding dozens more.

Survivors later recalled the horror of lying motionless beneath the bodies of neighbors and relatives to avoid being shot, while houses were torched and families scattered in the chaos. The bloodshed was not only an assault on a remote community in Tillabéri, but a stark signal of how deeply jihadist violence has penetrated this once quiet borderland.

In the span of a few hours, Manda joined the growing list of towns and villages reduced to symbols of terror, underscoring the reality that groups like Islamic State in the Sahel now operate less as rogue insurgents than as entrenched power brokers whose reach stretches across Niger, Mali, and Burkina Faso. For the United States, the massacre is more than a humanitarian catastrophe — it is a sobering reminder that the doctrine of forward defense faces its most formidable test yet in Africa’s most fragile frontier.

“The threat from Sahelian jihadists is really two-fold,” Caleb Weiss, editor of FDD’s Long War Journal, tells The Cipher Brief. “They are destabilizing wider West Africa, particularly the Gulf of Guinea states, which have been firm U.S. and Western allies. And secondly, there is worry about European security if jihadis in the Sahel are allowed to operate freely. The Sahel can become a base of operations from which to launch or even sponsor attacks into continental Europe.”

Hans-Jakob Schindler, Senior Director of the Counter Extremism Project, frames the problem in similarly stark terms.

“There are two primary terrorist threats that can be identified,” he tells The Cipher Brief. “First of all, the rapid expansion of the al-Qaeda affiliate JNIM as well as the ISIS affiliates ISSP and ISWAP in the Sahel region has destabilized several countries, in particular Burkina Faso, Mali and to a growing extent also Niger, with continuing serious security problems in the North of Nigeria.”

From Margins to Mainstream: The Rise of Sahelian Jihadism

The massacre in Manda reflects a decade-long unraveling of state control. The collapse of Libya in 2011 unleashed vast armories and fighters into the desert, reigniting dormant rebellions and enabling extremist groups to entrench themselves in northern Mali. The Malian state itself fragmented in 2012 following a coup, allowing jihadist coalitions to seize major northern cities.

Over time, groups splintered and reformed. Jama’at Nusrat al-Islam wal Muslimeen (JNIM), an al-Qaeda affiliate, emerged in 2017, while the Islamic State in the Greater Sahara (ISGS) evolved into the Islamic State’s Sahel Province. These factions began imposing taxes, adjudicating disputes, and governing their respective territories. According to Vision of Humanity, the Sahel accounted for 51 percent of global terrorism deaths in 2024, with nearly 25,000 conflict-related fatalities — a near tenfold increase since 2019.

Liam Carnes-Douglas of the Terrorism Research & Analysis Consortium (TRAC) says the rise reflects more than battlefield victories.

“Some of the most urgent threats posed by Sahel-based jihadist groups stem from the destabilization of key regional partners,” he tells The Cipher Brief. “Once among the strongest U.S. allies in counterterrorism, these governments have shifted rapidly from fragile democracies to military juntas, fueled in part by the failures of Western-backed security initiatives. That has sidelined the United States as anti-Western sentiment grows.”

Andrew Lewis, president of the operational intelligence firm Ulysses Group, agrees that the power vacuum extends beyond the battlefield.

“In the truest sense, the U.S. has limited national security interests in the region. But we do have resource and energy interests that underpin our national security strategy — particularly in Niger, Mali, and Burkina Faso,” he tells The Cipher Brief. “The control of trade routes, ports, and export conduits of critical minerals is a strategic concern. We would like to see JNIM, ISIS, and their affiliates contained before they threaten those supply chains.”

Tactical Adaptation and Regional Spillover

Over the last eighteen months, jihadist groups in the Sahel have evolved their tactics in ways that suggest a larger ambition. Motorcycles enable lightning raids across ungoverned stretches. Drone warfare — once limited to surveillance — has evolved into an offensive capability. JNIM has carried out more than 30 confirmed drone strikes since late 2023.

“Both al-Qaeda’s JNIM and the Islamic State’s Sahel Province have deployed suicide drones,” Weiss noted. “They’re also utilizing Starlink to stay connected in remote areas. Helping counter drones, exploiting Starlink’s vulnerabilities, and shutting off externally sourced financing would help the region tremendously.”

Carnes-Douglas also warns that “rapid technological advancements are increasingly shaping warfare.”

“Drones and Starlink-enabled communications stand out as particularly transformative, yet both regional security forces and U.S. capabilities lag significantly behind,” he continued, pointing out that lessons from Ukraine “demonstrate how these technologies are quickly adapted for combat,” and their proliferation “signals that warfare in the Sahel is entering a transitional, high-tech phase.”

Schindler underscores a connected, transnational risk.

“The Sahel region is also a key network hub for the international drug transportation pipeline of Hezbollah-linked drugs that are transported from South America via West Africa to Europe for sale there,” he explained. “This pipeline directly funds Hezbollah’s activities in Lebanon. Given the central role that the U.S. is playing in the current negotiations between Hezbollah and Israel, this income stream for Hezbollah will continue to ensure that this terror group will be able to continue to fund its activities both within Lebanon and beyond.”

Across Niger, Mali, and Burkina Faso, militants are consolidating control.

“Islamic State in the Greater Sahara has long used the tri-border area to evade interdiction,” Carnes-Douglas explained. “That makes coordinated regional responses not just useful but necessary.”

The violence, however, is also spilling outward.

“Sahelian jihadis are now inching closer to Senegal,” Weiss said. “They’re creating a jihadist land bridge between the Sahel, littoral West Africa, and Nigeria — effectively one large area of jihadist operations encompassing a significant chunk of the continent.”

This expansion also has a sectarian dimension. Lewis surmised that more than 50,000 Christians have been murdered in Nigeria since 2009, “with more than 7,000 killed in 2025 alone.”

“It’s difficult to assess the true scale of persecution Islamist militant groups are carrying out,” he underscored. “But it’s happening.”

Schindler also highlights an alarming operational trend: “Currently they are not only able to conduct multi-layered attacks against single targets (such as a military camp) but also to conduct simultaneous and coordinated attacks on multiple targets across relatively large geographic areas.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

U.S. Policy Today: A Detachment Problem?

For years, the U.S. viewed the Sahel as a key front in counterterrorism, maintaining drone bases and training missions in Niger. But the 2023 coup upended that equation. Washington froze over $500 million in aid and limited cooperation even as the junta expanded ties with Russia’s Wagner Group. The result is a fragile balance between limited engagement and strategic erosion.

“Outside of JSOC, U.S. efforts in the region have been marginal at best. That’s evident in the surge in violence and the formation of the Alliance of Sahel States, which pivoted away from the West to Russia,” Lewis said. “None of our 333 programs in the region has dented terror operations. We rely heavily on intelligence-led frameworks but have very little real-time intelligence since withdrawing key assets from Niger.”

Carnes-Douglas echoes that concern. “American counterterrorism efforts have achieved tactical successes but strategic failures,” he observed. “Short-term gains from drone strikes or training are constantly undermined by state fragility, coups, and shifting alliances.”

Moreover, while France’s drawdown from Operation Barkhane — the 2014–2022 French-led counterterrorism campaign across the Sahel that deployed more than 5,000 troops to combat Islamist insurgencies in Mali, Niger, and Chad — created a vacuum, “the U.S. has not yet developed a sustainable replacement strategy,” Weiss stressed. “There are some indications the U.S. has resumed limited intel support to Sahelian juntas, but nothing that matches previous levels of engagement,” he continued.

Schindler argues that the disengagement itself has worsened the crisis.

“Although a lot of criticism has been levied against the UN, EU and US counter terrorism operations in West Africa and the Sahel in the past, the current situation, in which the UN, the EU and the US have largely disengaged from the region clearly demonstrates that overall, the counterterrorism efforts had been successful in stemming the tide of terrorist expansion in the region,” he said.

A Strategic Imperative: What Must Washington Do Next

Analysts emphasize that the path forward requires reimagining engagement. Weiss argues that U.S. support should focus on technology denial and intelligence integration, not just kinetic strikes.

“Helping counter drones, exploiting the use of Starlink and the data vulnerabilities therein, and helping to shut off externally sourced financing would help the region tremendously,” he said.

Washington, Lewis highlighted, must also think pragmatically about force posture.

“If we want to contain JNIM and ISIS, the focus should be on protecting the coastal regions with ISR and targeted strikes where success is measured by territory denied, not by how many host forces we train,” he said. “But that requires basing rights, logistics, and political will, and China and Russia hold significant leverage over potential host countries.”

Indeed, Beijing’s influence looms large.

“China has financed major ports, railways, and industrial projects across Ghana, Côte d’Ivoire, Nigeria, and Senegal,” Lewis explained, noting that this gives it immense leverage to counter U.S. influence and deny access to infrastructure critical for forward operations.

Carnes-Douglas, meanwhile, advocates for a recalibrated diplomacy that acknowledges political realities.

“Although U.S. foreign policy appears to be shifting away from involvement in these conflicts, Washington should recommit pragmatically to directly limit jihadist groups’ ability to threaten American interests,” he asserted. “This, in turn, would form stronger relationships with the newly formed governments and in turn could be an industrial and economic boon, as well benefiting all partners.”

Schindler proposes a containment-first approach, prioritizing direct engagement with the littoral Gulf of Guinea states.

“One primary goal should be containment, ensuring that the expansion of terrorist activities and control in the region does not affect additional countries, in particular the littoral states of the Gulf of Guinea,” he said.

The slaughter at Manda, the border ambushes, the drone blitzes — all are signs of a metastasizing threat.

“Through the increasing influence and power of these terrorist affiliates in the Sahel region, the threat to US interests in the region, as well as potentially to the US homeland, is increasing in parallel,” he added.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Putin’s Strategic Failure: How the Ukraine War Is Eroding Russia From Within

And there is one sure thing about the fall of gods: they do not fall a little; they crash and shatter or sink deeply into green muck.

- John Steinbeck, East of Eden

Evil people don’t have songs. How is it, then, that the Russians have songs?

- Friedrich Nietzsche, Twilight of the Idols

OPINION -- The war that Russian President Vladimir Putin started in Ukraine may finally be turning in a direction that will result in Russia’s defeat as the strategic tide seems to be turning against Putin.

Russian casualties in Ukraine continue to mount as the Ukrainians are now effectively taking the war to the Russian Federation. Russia’s wartime economy is starting to show signs of strain, and evidence may be emerging that discontent with Putin leadership is starting to grow in some of Moscow’s elite circles.

One hopes that when he returns from his Asia trip, President Trump will turn his focus to the actions of his erstwhile friend Putin. This is a good time to soberly assess Russia and Putin’s current situation and the prospect that Russia might be on a path to losing the war they started.

In recent weeks, there have been a number of reported incidents of Russian drone and aircraft incursions over neighboring states, including the airspace of NATO members. In an escalation of nuclear saber rattling, Putin has tested a Burevestnik cruise missile, a Poseidon nuclear capable “super-torpedo” and conducted large-scale nuclear drills.

These are signs of weakness not strength and are certainly designed to intimidate leaders in the West—including President Trump—to reduce military and economic support to Ukraine. Putin’s strategy with regard to Trump again seems to have backfired with Trump announcing that the U.S. will resume nuclear testing after a pause of more than thirty years.

President Trump also made public the fact that the U.S. has nuclear capable submarines stationed off Russia’s coast. This is not the revelation of a strategic or military secret — just a reminder to Putin (and Russia’s elites) that the U.S. is a strategic nuclear power and Putin’s use of a nuclear weapon would result in the destruction of the Russian Federation and his kleptocracy.

Some Ukrainian leaders believe that there is a number of Russian casualties they can inflict that would bring about the collapse in the fighting effectiveness of the Russian army in Ukraine. While hard data on Russian casualties is difficult to gather, credible estimates put Russian combat deaths at over 200,000 and total casualties at over 1.1 million - many of those killed in 2025 as a result of Russia’s strategy of fighting a war of attrition using outmoded tactics to gain territory that can be measured in tens of kilometers.

Ukrainian leaders also believe that taking the war to the Russian people will have an impact on Moscow’s ability to sustain the invasion. Ukraine has done this effectively in recent months, even without Tomahawks.

Ukraine has used targeting data and weapons supplied by the West (Storm Shadow/SCALP cruise missiles and ATACMs) to strike targets deep inside of Russia. These weapons combined with Ukrainian long-range drone capabilities (and ingenious operations such as SPIDER WEB) are taking the fight to the Russian Federation and making the war visible to the average Russian, despite efforts by Russian state-controlled media to push the false narrative that Russia is winning the war.

The economic impact of strikes against Russian energy infrastructure is beginning to be felt outside of Moscow as Russia diverts available energy from the regions to keep Moscow supplied. There are shortages and energy price hikes that the Kremlin can no longer conceal.

Russia’s economy is also suffering the impact of more effective and comprehensive sanctions on Russian energy production and sales. European purchases of Russian hydrocarbons are diminishing and the U.S. has levied new sanctions on Rosneft and Lukoil and a number of their subsidiaries. This will have an impact on the network of oligarchs that support Putin. Inflation is also rising at an 8 percent increase year on year. There is scarcity of critical parts affecting the production of things like automobiles, aircraft and consumer appliances. It is only technology provided by China that keeps Russia’s defense industrial base functioning.

Even this may be less sustainable in the long run if there is any truth to reports that Trump and Chinese President Xi Jinping had productive conversations on ending the war. (I’m personally skeptical that Xi will do much to disappoint his partner and friend, Putin.)

There are also unconfirmed reports of growing discontent among Russian elites. A number of media sources now suggest that Mikhail Khordokovsky may be trying to organize a coup to remove Putin from power. It was only about 18 months ago that Yevgeniy Prigozhin launched a rebellion that saw his forces moving with surprising speed and success toward Moscow. Apparently in some circles in Russia, Putin is derisively referred to as the “moth.” And since Putin invaded Ukraine in 2022, an estimated one million Russians, mostly youth, have emigrated, creating a brain drain and, together with military casualties, exacerbating a labor shortage.

The situation is increasingly bleak. Finland and Sweden have joined NATO - turning the Baltic into a NATO lake. Ukrainian strikes have driven Russia’s Black Sea fleet from the eastern reaches of the Black Sea undermining Russian naval power. Europe is rearming and defense spending in NATO states is moving toward compliance with Treaty requirements or beyond. The alliance itself has been given new purpose.

Putin has destroyed any possibility of peaceful accommodation with Ukraine and in the process, has created a nation that will move inexorably toward a Western political and economic model. This is a strategic failure of Putin’s that cannot be undone.

Subscriber+Members have exclusive access to the Open Source Collection Daily Brief, keeping you up to date on global events impacting national security. It pays to be a Subscriber+Member.

In other areas of the former Soviet Union, Russian influence continues to wane.

Azerbaijan and Armenia have agreed to a U.S.-brokered peace agreement. Kazakhstan is showing new political and economic independence. Putin’s ally Iran has suffered significant setbacks at the hands of U.S. ally Israel. Putin’s friend and supporter Bashar al Assad lost his hold on power in Syria and is in hiding in Moscow. The U.S. has led peace efforts in the Middle East as Moscow has been sidelined.

Now is the time for decisive action to end the conflict in Ukraine.

The action needs to take place on three levels: political, economic and military.

As discussed at the recent Cipher Brief Threat Conference in Sea Island, Georgia, the West has yet to meaningfully coalesce international political support behind Ukraine beyond gatherings of European and or NATO leaders. The U.S. should sponsor a global meeting of heads of states from around the world to decisively declare support for Ukraine, brand Russia and Putin as the aggressor in the conflict, and call for Russian withdrawal, payment of reparations for war damage and remand war criminals to justice. The simple message should be, “Mr. Putin, end this war!”

Secondly, the U.S. and the West need to increase further pressure on Russia’s economy to weaken Russia’s ability to prosecute the war.

And thirdly, military support to Ukraine needs to be increased, particularly in air defense technology and the delivery of systems that allow Ukraine to continue to take the war to the Russian Federation and make Russians feel the pain of the conflict. A concerted effort on these fronts will almost certainly lead to Putin’s demise and the end of the war.

Putin and his Foreign Minister Sergey Lavrov constantly talk about the need to address the ”root causes” of the conflict. Quite simply, Putin is the root cause of the conflict and addressing his delusions of empire is the surest way to end it. That can’t come soon enough for the brave people of Ukraine and the world.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Inside Xi Jinping’s Military Purge: Loyalty, Power, and Taiwan

OPINION — Last week’s Fourth Plenum of the Chinese Communist Party witnessed a purge of China’s senior military leaders, culminating in over two years of the removal of senior military officials once loyal to President Xi Jinping.

The last two defense ministers – Wei Feng he and Li Shangfu – were removed in October 2023 and June 2024. And now, He Wei Dong, Vice Chairman of the Central Military Commission (CMC) was expelled from the Party and Military for “serious violations of Party discipline.” Admiral Miao Hua, Director of the CMC’s Political Work Department (responsible for the political/ideological work in the military) was removed from the CMC in June 2025 and later officially expelled.

The list goes on and on: Lin Xiangyang, Former Commander of the Eastern Theatre Command; Wang Houbin, Former Commander of the PLA Rocket Force; Wang Chunning, Former Commander of the People’s Armed Police. These are just three of eight or nine senior military officers purged in October 2025.

Purges of senior officials are not new to China. On July 1, 1989, Zhao Ziyang was removed as the Party’s General Secretary -- and Vice Chairman of the CMC -- for supporting the students during the June 1989 Tiananmen Square demonstrations, and on July 1, 1987, Hu Yaobang was removed as the Party’s General Secretary for supporting the students who were demanding more democracy. Deng Xiaoping accused Mr. Hu, a former protégé of his, of “bourgeoise liberalization.”

And in 1971, Lin Biao, Vice Chairman of the Chinese Communist Party and his wife, Ye Qun, planned the assassination of Chairman Mao Zedong, to replace Mao as the supreme leader. The plot was discovered and Lin Biao died in an airplane crash as he was fleeing for his life.

Many of the recently purged generals, including He Weidong and Admiral Miao Hua, worked in the 31st Group Army stationed in Fujian Province during the 1970s and 80s. This region is the front line for any potential military operation against Taiwan. In fact, He Weidong later served as commander of the Eastern Theatre Command from 2019 to 2022, the unit responsible for operations concerning Taiwan.

General He was a member of the Communist Party’s Politburo and Vice Chairman of the CMC, the third highest-ranking military official in China. His professional prominence was also due to his association with Xi Jinping, but in October 2025, General He and eight others senior military officers were expelled from the Communist Party and the military. They in fact were referred for criminal prosecution on charges of corruption and “serious violations of discipline and law.”

General He and the other purged generals all had connections to Fujian and the former Eastern Theatre Command commander Lin Xiangyang and Navy Admiral Miao Hua. It would be fair to assume that these senior military officers disagreed with some of Mr. Xi’s policies toward Taiwan.

Given the importance of Taiwan for Mr. Xi and the Communist Party, a disagreement with seniors in the military over Taiwan could develop into an issue that affects the inner workings of the Party. Mr. Xi has consistently refused to renounce the use of force to bring Taiwan under its control and continues to conduct military exercises near Taiwan. Mr. Xi maintains, however, that “peaceful reunification” is preferable but reserves the option of using force, particularly in response to “external forces” or “separatist activities” in Taiwan.

Hopefully, Mr. Xi will pursue a policy of peaceful reunification with Taiwan and immediately halt military exercises and related activities to intimidate Taiwan.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

From the Caribbean to Jalisco, Trump Takes Aim at Cartels — But Will He Strike the Kingpins?

DEEP DIVE — Eight weeks ago, Secretary of State Marco Rubio went to Mexico City, the epicenter of the global illegal drug trade, and declared, “The president of the United States is going to wage war on narco-terrorist organizations.”

Since then, the administration’s military counter-drug offensive in Latin America and the Caribbean has destroyed at least 15 small boats and killed at least 61 people – but none of them were drug kingpins or senior, irreplaceable figures in the transnational organized crime cartels that make and move fentanyl and other lethal opioids that have killed hundreds of thousands of Americans.

“Targeting fast boat operators will not stop major drug trafficking kingpins from sending multi-ton quantities of drugs to our country and around the world,” Michael Chavarria, a former DEA supervisor who spent 26 years investigating drug cartels in Mexico, the Caribbean and the Southwest border, told The Cipher Brief. “The drug trade is the most profitable business in the world, without equal. The minions currently targeted on the high seas will continue risking their lives because kingpins pay them more than they could ever earn pursuing legal options. Now, on the high seas, they’re being extrajudicially murdered, in a campaign that will have no impact on the global drug trade.”

Like other veterans of the DEA, Chavarria suspects that if the boats blown up so far contained contraband, it was likely marijuana or cocaine, a stimulant manufactured in Colombia from coca plants grown in Colombia, Peru and Bolivia. Many of the small boats plying the Caribbean are believed to be supplying the European market, where cocaine brings double or triple U.S. prices. While hardly benign, cocaine is not considered a major overdose danger, and it has fallen out of fashion among many American drug users, who have increasingly turned to far riskier substances — particularly fentanyl, a synthetic opioid painkiller much stronger than heroin, and the synthetic stimulant methamphetamine. Both are manufactured mostly in Mexico, in cartel “superlabs,” with precursor chemicals imported from China and India.

“I doubt these decisions [to attack small boats] involve input from DEA leadership, who I believe serve the American public as best as resources allow,” Chavarria said. “Instead, let’s focus on the Chinese fentanyl sources responsible for threatening our citizens’ lives. The new deadly triangle is China-Mexico-United States.”

Despite objections from Congress, legal scholars and foreign governments, President Trump has announced he may soon authorize strikes inside Venezuela. Many experts believe his agenda in that country is about forcing President Nicolas Maduro out of office, rather than stopping drugs, because Venezuela is not known for producing massive quantities of illegal drugs. The U.S. government's most authoritative annual intelligence assessments – the Drug Enforcement Administration’s National Drug Threat Assessment and the State Department’s International Narcotics Control Strategy Report – characterize Venezuela as a transshipment hub. Maduro himself and a number current and former Venezuelan officials were indicted in 2020 for conspiring with Colombia’s leftist FARC insurgents to transport cocaine produced in the guerillas’ jungle labs in Colombia.

The problem is in Mexico

The world’s richest, most powerful drug lords are Mexican citizens, with well-armed private armies, dynasties and bases of operations nestled deep in the Mexican countryside. Mexican president Claudia Sheinbaum has absolutely ruled out the idea of American boots on Mexican soil. Will the U.S. defy her wishes by ordering American armed drones or special operations teams into Mexico to conduct unilateral commando raids? So far, Trump and his senior advisors have not signaled that such incursions are imminent – but they’ve never said never. In Ecuador two months ago, Rubio said the administration would continue to target and kill suspected traffickers without their homelands’ consent, if those countries didn’t participate in Trump’s new war on drugs by mounting their own attacks on cartels. “For cooperative governments, there’s no need because those governments are going to help us,” he said. “They’re going to help us find these people and blow them up, if that’s what it takes.”

Mexican security forces have repeatedly tried and failed to arrest El Mencho, real name Nemesio Rubén Oseguera Cervantes, Mexico’s kingpin of kingpins. Oseguera is the 59-year-old founder and leader of the Cartel de Jalisco Nueva Generación (CJNG), Mexico’s, and the world's most successful and feared organized crime enterprise. The CJNG, which emerged from the western state of Michoacán, famed for its avocados, is now a multinational billion-dollar business with a presence in nearly every state in the U.S.and at least 40 countries, according to DEA’s National Drug Threat Assessment. The U.S. has put a $15 million bounty on Oseguera’s head.

“The CJNG is probably the wealthiest criminal group in the world, maybe even more than the IRGC [Islamic Revolutionary Guard Corps] in Iran,” Paul Craine, formerly DEA’s regional director for Mexico, Central America, and Canada, told The Cipher Brief. “It’s the biggest terrorist organization in the Western hemisphere. The CJNG is now right on the border, which no one ever expected. Plus, they have the U.S. infiltrated with their elements for smuggling guns, drugs and other businesses.”

Reward poster for information leading to the arrest and/or conviction of “El Mencho”. (State Department)

In second place is the older, fragmented but still powerful Sinaloa cartel. Sinaloa cartel leaders Ivan Archivaldo Guzmán Salazar and Jesus Alfredo Guzmán Salazar, known as the Chapitos, are sons of the infamous cartel founder Joaquín "El Chapo" Guzmán, now serving time in a U.S. prison. They are credited with creating the fentanyl craze by promoting it in their distribution systems, alongside cocaine, meth and marijuana. The U.S. is offering rewards of $10 million apiece for them.

In an interview with The Cipher Brief, Rep. Dan Crenshaw, R-Tex., who recently led the Congressional task force on cartels to Mexico to confer with Sheinbaum’s senior security officials, said he would not advise Trump to try a unilateral incursion on Mexican soil without that nation’s full agreement and active participation. Such an act would explicitly violate the two nations’ joint agreement signed last month pledging “respect of sovereignty and territorial integrity.” Both nations promised to fight drug trafficking and other crimes “each in our own territory,” Mexican foreign secretary foreign secretary Juan Ramon de la Fuente emphasized.

To dismantle the cartels and destroy their sanctuaries in Mexico, Crenshaw, a former lieutenant commander in the Navy SEALs, and other members of Congress are pushing for a massive joint U.S.-Mexico initiative modeled on the U.S.-Colombian military-intelligence relationship in the 1990s and early 2000s. In those operations, Colombian commandos were the point of the spear, with advisors and trainers from U.S. special operations, the Central Intelligence Agency, National Security Agency and the U.S. Drug Enforcement Administration working behind the scenes, providing training, communications intercepts, human intelligence, tracking technology, financial analyses and other technical assistance. As a result, in 1993, the joint effort tracked signals from a radio phone wielded by legendary Medellin cartel founder Pablo Escobar to the roof of a dingy building in downtown Medellin. A Colombian military marksman shot him dead. The rest of the Medellin cartel crumbled. By 1995, the Cali cartel had fallen. FARC guerillas soon stepped into the breach by setting up jungle labs and taking over the cocaine manufacturing business. The CIA covertly supplied U.S.-made precision-guided munitions that the Colombians used in a series of air strikes that decimated the FARC leadership. In 2016, surviving FARC guerillas made a peace accord with Bogotá and agreed to demobilize.

What the fight would look like

Any commando team that tries to take on Mexico’s drug bosses and their large, well-armed paramilitary forces can expect ferocious resistance financed by very deep pockets. CJNG territory covers thousands of square miles in the western Mexican state of Michoacán, where Oseguera was born, and in neighboring Jalisco state. His domain is rugged countryside, dotted with ranches and laced with hidden trails, caves and mines. Oseguera has even built his own hospital, according to DEA intelligence, so he can undergo treatment for chronic kidney disease.

The Chapitos are similarly well-protected in Sinaloa state. Experts warn that a joint Mexican-U.S. special operations assault would raise the specter of possible “blue-on-blue”or “green-on-green” firefights a with corrupt elements of Mexico’s security forces defending the narco leaders. “They travel in hordes of security,” says a senior DEA agent who has investigated them for many years. “And not just hordes of security, but you're talking about a paid-off military that's protecting them, paid-off police protecting them. The corruption is just so rampant, and this is why a lot of these people can't get caught.”

“Whether you call it counterterrorism or counterinsurgency, that is what we're dealing with in Mexico,” Crenshaw told the Cipher Brief. “They use terroristic tactics. They terrorize their own people. They are an insurgency, in the sense that they're integrated into every level of society, from government to their own military, to security, to pop culture… The Mexican military has some very, very elite units that I think would be respected anywhere in the world. But there's not many of them. They need more, and additional training, additional pipelines into those elite units. Basic aircraft, ISR [intelligence surveillance reconnaissance], close air support, things that are largely lacking. When they do go into these very dangerous areas and try to go after some of these dangerous kingpins, they're doing so without the kind of support that U.S. special operations would be used to.”

Violence on the Mexico-United States border continues to rise. Just 10 days into the month, nearly 21 homicides are recorded. On Monday, March 10, seven people are shot and killed in separate incidents. (Photo by David Peinado/NurPhoto via Getty Images)

The CJNG’s defenses are considered particularly militarized and formidable. According to current and former U.S. officials who have investigated the cartel, Mencho roams about his domain via four-wheel-drive convoys or small aircraft, always surrounded by large numbers of heavily-armed paramilitary fighters who wear insignia identifying them as FEM, Fuerzas Especiales Mencho or Grupo X, which specializes in fighting rival cartels. Like Osama Bin Laden, he avoids using phones and instead uses messengers.

For a commando team, armed drone or precision-guided munition to find Mencho and his party, precise GPS coordinates would be needed, and they’ll be hard to come by.

“He moves pretty often,” a U.S. expert who has recently assessed the kingpin’s vulnerabilities told The Cipher Brief. “So the intelligence on his location would have to be extremely good. Which it’s not.”

Whether surveillance drones could obtain reliable coordinates on Mencho’s position in real time is questionable. “Where Mencho is hiding they can hear drones coming,” the U.S. expert said. “It’s so quiet out there there’s no noise pollution. They’ve been successfully avoiding SEMAR’s drones for years.” SEMAR is U.S. military shorthand for a Mexican navy/marines special operations unit that has trained with the U.S. Navy SEALs and worked closely with the U.S.

The cartel has its own drone unit, called the Operadores Droneros, complete with badges. Cartel operatives also set up security cameras, like hunting cameras, to detect the presence of outsiders.

“They have a lot of early warning capability,” said Chavarria, who used to run the DEA’s office in Guadalajara, the capital of Jalisco, then ran investigations of the Gulf cartel out of Houston. “I don't think that we have the type of precise intelligence that would allow us to effect an operation. And even if it's available, it's time-sensitive, it's perishable. If you're not there on top of your objective, you're going to miss. And then there's going to be gunfights and a lot of innocent people are going to get killed. Mencho hangs out in cities, he bounces around because he's untouchable. He's got police escorts, he's got state cops and municipal cops protecting him. His men have ringed perimeters of security, where they're communicating with one another on various frequencies that are digitally encrypted. So it's very difficult for the U.S. to crack those encryptions, and obviously for the Mexican security forces as well.”

According to Chavarria and other current and former officials, the CJNG has extensive counter-surveillance capabilities. Cartel security officers, known as sicarios, literally, assassins, issue mobile phones with heavily encrypted voice-over-internet and radio-over-internet apps to hundreds of human lookouts, called halcones, meaning hawks, spies, who are under orders to report any strangers showing up in cartel territory.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Mexican security forces have been driven back every time they’ve tried to get close to Mencho. Notoriously, on May 1, 2015, a Mexican military helicopter that flew over his convoy in Jalisco state was shot down by the cartel paramilitary force with an Iranian-made rocket-propelled grenade and .50 caliber belt-fed machine gun. Nine Mexican soldiers and federal police died, and others were severely wounded. Rubén Oseguera González, AKA Menchito, Mencho’s California-born son and second-in-command, then 25, was accused of ordering the attack on the helicopter. The Mexican military and police mounted a massive operation to track him to a wealthy suburb of Guadalajara. Menchito was extradited to Los Angeles, prosecuted for violating U.S. drug laws, convicted last September and on March 7, sentenced to life plus 30 years in a U.S. prison.

The U.S. victory was short-lived. Mencho’s stepson Juan Carlos Valencia González, a California-born U.S. citizen who is the son of Oseguera’s wife, Rosalinda González Valencia and has emerged as Mencho’s heir-apparent. A leader in the cartel’s elite commando force, he’s known as R-3. The U.S. is offering a $5 million reward for him. ( His mother Rosalinda, AKA La Jefa, comes from a powerful cartel dynasty, the Valencias. Her uncle is Armando Valencia, AKA El Maradona, founder of the Milenio Cartel, the predecessor of the CJNG. A major player in her own right, Rosalinda spent time in a Mexican prison for money laundering but was released last February, according to news reports in Mexico.)

Sheinbaum has convinced many in Washington that she is sincere in her determination to break the power of the cartels, especially the CJNG, which has menaced her administration unceasingly.

In 2020, Sheinbaum’s trusted advisor Omar García Harfuch, then Mexico City’s chief of police, narrowly survived a CJNG assasination attempt. Sheinbaum was Mexico City’s mayor at the time. When Sheinbaum became president in October 2024, she named Harfuch national security minister and accelerated military raids on CJNG labs and other sites.

But so far, the cartel has proved stronger. Last March, Mexican soldiers and national guardsmen driving in a convoy near CJNG territory on the border between Jalisco and Michoacán states were ambushed, and six security force officers and three CJNG hitmen were killed. Three days later, security forces in the area were again ambushed, two of their number killed and the rest forced to retreat.

On May 1, exactly 10 years to the day after the helicopter downing, Oseguera staged a flamboyant retribution for the incarceration of his son Menchito. Iván Morales Corrales, a Mexican policeman who survived the crash, badly burned, was decorated as a national hero and testified against Menchito in the U.S. trial in Los Angeles, was gunned down with his wife while driving on a quiet street in a town far from the CJNG’s turf. This was an unmistakable statement that the cartel could reach anyone, anywhere, anytime.

David Cristobal Barraza Sainz, known as Commander "Nitro" within the Sinaloa State Police, was shot and killed after an attack that took place on Pedro Infante Boulevard at around 1:00 p.m in Sinaloa, Mexico on July 15, 2025. (Photo by Stringer/Anadolu via Getty Images)

Derek Maltz, who served as DEA administrator until June and before that ran the agency’s elite Special Operations Division for a decade, believes that if the Mexican army fails to mount more operations against the CJNG and other cartel strongholds, the Trump team will seriously consider unilateral operations, despite Sheinbaum’s vocal objections. “If the U.S. government doesn't perceive that Mexico has the will or capabilities to literally take them off the playing field, I wouldn't be surprised that the administration is looking at targeted strikes on the [cartel] leadership,” Maltz told The Cipher Brief. “ I would personally encourage it. The president has made it clear that he's going to place American families first, trying to keep everyone safe and secure. So if it means taking out some kingpins in the narco-terrorist world, I would fully support that.”

As a practical matter, a raid or two wouldn’t solve the problem. Mexico’s cartels, like major corporations, could survive the loss of a few key executives. “Killing Mencho would be significant, but it's not going to take out the organization,” Craine said. “You're going to have to have sustained operations against the whole network.”

A global syndicate of evil

The CJNG has built out a complicated and durable executive structure in recent years as it has gone global and diversified.

“Mencho is expanding around the world,” Maltz told The Cipher Brief. He and his allies “have recognized the threat to their business enterprise with the increased attention by the Trump administration. So they're adjusting strategies, realigning, identifying new partnerships, being strategic in some of their global routes and capitalizing on the market in different areas of the world.” Maltz and other DEA veterans say Mencho has cemented international alliances with organized crime syndicates, from motorcycle gangs in the U.S to the Japanese Yakuza. When the profits to be made from human trafficking dwindled due to the Trump administration’s crackdown on the border, the CJNG developed other robust cash streams, including stealing fuel from the Mexican oil company PEMEX and other energy outlets, extorting avocado farmers, and even smuggling mercury, a pricey, poisonous by-product of gold-mining, according to the DEA and news reports.

“The CJNG is the first international criminal conglomerate,” Craine said. “It’s the first ICC to operate worldwide and to have criminal control of legal commodities and services as well, such as oil, gasoline, minerals, chemicals, timber, government funding, infrastructure and resources, armed forces, weapons, politics, police services, judicial systems, international financial services, and so forth.”

What’s most alarming is the significant CJNG and Sinaloa cartel presence in the U.S.

“What we face today in Southern California is a full-scale infiltration by foreign criminal empires, the Sinaloa cartel and the Jalisco New Generation cartel – paramilitary organizations with global supply chains, corporate level logistics, and battlefield tactics,” Matthew Allen, DEA’s chief of operations, told the Senate Judiciary committee last June.

Allen testified that a few weeks earlier, a DEA team had raided an old warehouse in downtown Los Angeles, a few blocks from the agency’s big Southern California office. Hidden inside, the agents discovered, was a luxurious CJNG safe house with places for cartel operatives to lounge, a pool table, polished floors and, presiding over it all, a floor-to-ceiling mural of El Mencho, depicted in a bulletproof vest emblazoned with the CJNG insignia and Mencho’s personal symbol, a bloody cockfight.

It was, Allen said, “a shrine, not hidden in the jungle or some remote compound but right in the heart of the heart of America’s second-largest city. The message was clear: ‘We are here. We are among you’.”

Image of Cartel de Jalisco Nueva Generación safe house in Los Angeles.(DEA Official)

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

A Fragile Truce at the Durand Line: Will the Afghanistan–Pakistan Ceasefire Last?

OPINION — One of the most enduring security issues in South Asia has been rekindled by the recent border conflicts between the Taliban-led Afghanistan and Pakistan military regimes. Diplomatic efforts by Qatar and Turkey have resulted in a tenuous ceasefire after days of fierce fighting that claimed scores of lives on both sides, offering a little respite from the rising violence. However, talks for a lasting peace have since collapsed. The crisis reveals long-standing structural tensions along one of the most volatile frontiers in the world that have their roots in militant activity, historical enmity, and disputed sovereignty.

Escalation and Triggers of Conflict

Intense fighting broke out along several stretches of the 2,600-kilometer Afghanistan-Pakistan Durand line in early October 2025, especially close to Spin Boldak–Chaman and the Kurram tribal areas. Each side accused the other of starting the conflict. The Taliban-led government denounced Pakistan's retaliatory bombings as a violation of national sovereignty, while Pakistan asserted that militants connected to the Tehrik-i-Taliban Pakistan (TTP) were conducting cross-Durand line attacks from Afghan territory. According to reports, Pakistani air raids in the provinces of Kandahar and Paktika killed dozens of civilians. Taliban members retaliated by attacking a number of Pakistani military installations, with the opposing side suffering heavy losses. Afghan traders are losing millions of dollars every day as a result of the conflict's rapid disruption of humanitarian and commercial routes, which led to the closure of important Durand line crossings.

This breakdown was not the first. Pakistan has long accused the Afghan Taliban of harbouring the TTP, a group committed to destroying Pakistan's government but philosophically linked with Kabul's leadership. The Taliban have refuted these claims, stating that Afghanistan forbids the use of its territory against other countries. However, the Durand Line, from the colonial era, continues to function as a political and geographic fault line, trapping both sides in a never-ending blame game.

The Doha-Istanbul Ceasefire Agreement

An emergency ceasefire agreement was reached on October 19, 2025, following nearly a week of fighting, thanks to intensive mediation by Qatar and Turkey. Both parties committed to immediately stopping offensive operations, prohibiting cross-Durand line attacks, and setting up systems for ensuring compliance under the agreement. To address implementation and verification procedures, a follow-up meeting was planned for October 25 in Istanbul. The deal was heralded as a diplomatic victory, particularly since Turkey and Qatar, who both have comparatively open lines of communication with the Taliban leadership, were instrumental in facilitating communication between two regimes which do not trust one another.

Khawaja Muhammad Asif, the defence minister for the Pakistani military dictatorship, underlined that Islamabad would evaluate the truce based on the Taliban's capacity to control the TTP. "This agreement will be broken by anything coming from Afghanistan," he cautioned. The Taliban's stated position that Afghanistan "will not allow its soil to be used against any country" was reaffirmed by Zabihullah Mujahid, the regime's spokesperson. Although these declarations show official dedication, they conceal more profound disparities in ability and perspective. The Taliban government sees the threat as a matter of border integrity and sovereignty, whereas Pakistan primarily sees it through the prism of counterterrorism. It will take more than diplomatic words to bridge different viewpoints.

Istanbul Talks

The follow-up talks in Istanbul — intended to turn the Doha truce into an enforceable framework—ended without a resolution after four days of negotiations. Reporting from multiple outlets indicates that mediators could not bridge the gap over concrete action against TTP networks allegedly operating from Taliban controlled soil and over how to verify any commitments. Pakistani regime’s officials briefed that Kabul was unwilling to accept binding steps to rein in or relocate the TTP; Afghan sources countered that the Taliban does not command or control the TTP and rejects responsibility for cross-Durand line attacks.

On the eve of, and during, the Istanbul round, Pakistan’s defence minister publicly warned that failure would risk “open war,” underscoring how narrow the window is for diplomacy if violence resumes along the frontier. While he acknowledged the ceasefire had broadly held for several days, he framed the talks’ success as contingent on Kabul’s verifiable curbs on the TTP. Reports say talks in Istanbul have restarted in another attempt for a deal.

Key unresolved issues

First, TTP-focused measures: Islamabad sought explicit commitments (dismantling safe havens, detentions/relocations, or handovers of wanted militants), while Kabul insists it won’t allow Afghan territory to be used against neighbours but resists operations that might trigger internal backlash or fracture ties with sympathetic factions. No binding text on TTP was agreed.

Second, a verification and incident-prevention mechanism: negotiators discussed joint hotlines, third-party monitoring, or liaison teams stationed in cross-Durand line hubs to investigate incidents in real time. Talks stalled over scope, authority, and who would adjudicate disputes.

Third, the Durand Line: Pakistan has fenced large stretches and wants coordinated patrols and recognized crossing protocols; the Taliban does not formally recognize the Durand Line as an international boundary, making technical fixes politically sensitive. This gap persisted in Istanbul.

Fourth, trade and crossings: business lobbies on both sides pushed for a timetable to reopen Spin Boldak–Chaman and other checkpoints for normal commerce and humanitarian flows, but negotiators did not finalize sequencing (security steps first vs. parallel reopening).

Fifth, refugees and returns: Islamabad raised concerns around undocumented Afghans and cross-Durand line facilitation; Kabul pressed for humanitarian safeguards. No durable arrangement was announced.

Obstacles to Durable Peace

The structural issues threatening Afghanistan-Pakistan ties are still mostly unaddressed in spite of the truce. First, the ceasefire does not include militant organisations like the TTP. Their independence severely restricts the enforceability of the agreement. According to analysts, the Taliban are reluctant to use force to fight the TTP because of ethnic and ideological ties that make internal Afghan politics more difficult.

Second, monitoring is quite challenging because of the porous nature of the Durand-line. Pakistan has unilaterally fenced off significant portions of the Durand Line, whereas Afghanistan does not formally recognise it as an international border. Recurrent conflicts are exacerbated by this lack of mutual recognition, especially when it comes to security patrols and cross-Durand line trading.

Third, there is still an imbalance of interests. Attacks by militants coming from Afghanistan are the problem for Pakistan. Pakistan's repeated airstrikes and backing of anti-Taliban groups are the source of Kabul's resentment. Joint security coordination is hampered by these conflicting narratives.

Fourth, pressure from within both governments is increasing. While the Taliban in Afghanistan must strike a compromise between meeting external demands and preserving their credibility among nationalist and tribal factions, public annoyance in Pakistan has increased due to an increase in attacks on security forces. Internal resentment could result from any impression of giving in.

Last but not least, the economic aspect introduces another level of complication. Afghanistan relies significantly on cross-border trade through Pakistan for imports and transit to global markets. Significant financial losses and humanitarian difficulties have resulted from the bridge closures. Unless trade flows restart fully, the truce will have limited practical effects.

The Strategic and Regional Implications

There are wider ramifications for South and Central Asia from the crisis and the resulting truce.

Stability and militancy in the region: Should the truce fail, transnational militant networks, such as IS-K and al-Qaida elements, may gain more confidence. Resuming hostilities might destabilise the entire region, as these organisations flourish in uncontrolled border areas.

Taliban governance: The truce also serves as a litmus test for the Taliban's ability to govern. Global opinions of its legitimacy as a ruling power will be influenced by its capacity to maintain territorial control, interact diplomatically, and quell militant groups.

Realignments in diplomacy: The participation of Qatar and Turkey demonstrates how regional diplomacy is changing. Both nations have established themselves as go-betweens that can interact with the Taliban government without granting official recognition. Their mediation highlights a changing power dynamic in South Asia, where non-Western actors are having a greater impact on resolving disputes.

Economic and humanitarian impact: The conflict's humanitarian effects go beyond its security implications. Food and medical supplies have been disrupted by the closing of the Cross-Durand line, and the situation for displaced people on both sides of the frontier is getting worse. Maintaining peace will depend on reopening trade channels and making sure help is delivered.

The Road Ahead

The establishment of cooperative verification systems, a quantifiable decline in militant attacks, and the resumption of trade are important markers to keep an eye on. If any party breaks the agreement, the area can quickly revert to hostilities. It will be a careful balancing act for Pakistan to keep pressure on the Taliban without inciting escalation. The ability of the Taliban to control militant organisations while maintaining internal unity and sovereignty will be put to the test in Afghanistan. Supporting monitoring, communication, and de-escalation procedures is essential for regional partners, especially Qatar and Turkey, to continue their mediation efforts beyond symbolic diplomacy. As of October 28, the Istanbul process has adjourned without a deal, leaving these markers unmet and the ceasefire’s durability uncertain until verifiable steps are negotiated.

In the end, the ceasefire between Afghanistan and Pakistan serves as an example of the potential and vulnerability of regional diplomacy in a post-Western security context. In addition to bilateral discussions, broad regional collaboration tackling the interconnected problems of militancy, Durand-line governance, and economic interdependence will be necessary for a lasting peace. The willingness of both regimes to turn promises into tangible, verifiable action will determine whether this armistice develops into long-lasting stability or just serves as another brief break in a lengthy history of antagonism.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The War You Can’t See: Gray Zone Operations Are Reshaping Global Security

EXPERT PERSPECTIVE -- In the middle of the night, with no witnesses, a single ship flagged out of Hong Kong drags its anchor across the Baltic Sea. In silence, it severs a vital gas pipeline and the digital cables that link northern capitals. By morning, millions lose connectivity, financial transactions stall, and energy grids flicker on the edge.

The culprit vanishes behind flags of convenience, leaving blame circulating in diplomatic circles while Moscow and others look on, exploiting maritime ambiguity and the vulnerabilities of Europe's lifelines.

Meanwhile, in Warsaw and Vilnius, shoppers flee as flames engulf two of the largest city malls. Investigators soon discover the arsonists are teenagers recruited online, guided by encrypted messages, and paid by actors connected to hostile state agencies. The chaos sows fear, erodes social trust, and sends shockwaves through European communities—proxy sabotage that destabilizes societies while providing plausible deniability to those orchestrating the acts.

Thousands of kilometers away, Chinese dredgers and coast guard vessels silently transform disputed reefs into fortified islands in the South China Sea. With no declaration of war and no pitched battles, new airstrips and bases appear, steadily shifting maritime boundaries and economic interests. Each construction project redraws the strategic realities of an entire region, forcing neighbors and distant powers alike to reckon with incremental, shadowy coercion and efforts to change the status quo.

In early 2024, Chinese state-sponsored hackers, known as "Volt Typhoon," penetrated U.S data repositories and embedded themselves deep within the control systems of U.S. critical infrastructure, including communication networks, energy grids, and water treatment facilities.

Then-FBI Director Christopher Wray described it as a pre-positioning of capabilities by China that can be turned on whenever Beijing wanted - wreaking havoc and causing real-world harm to American citizens and communities. China has denied any connection to these attacks on U.S. sovereignty.

And just weeks ago, around 20 Russian drones violated Poland’s airspace. Russia’s denials were predictable and since then, Russian drones and jets have violated airspace in Romania, Estonia, and over the Baltic Sea.

Were these threats, tests of capability and resolve, provocations, or demonstrations—or maybe all of the above? Just as NATO will develop a set of lessons-learned for future incursions, it’s also likely that Russia learned from these episodes and will recalibrate future incursions.

Threaded almost invisibly through all of these gray zone activities, and countless others like them, is cognitive warfare—a persistent tool of our adversaries. It is an assault on cognition. The information and decision spaces are flooded with weaponized narratives, AI-powered disinformation, synthetic realities, and the coercive use of redlines and intimidation.

The goal is clear—deceive, change how we see the world, fracture societies, destroy faith in institutions and partnerships, erode trust, challenge and replace knowledge and belief, coerce and intimidate; and perhaps most importantly; undermine decision autonomy. It is here, in the crowded intersection of AI; cyber; traditional tools such as narratives and storytelling; and cognition; that today’s most urgent battles are fought.

These are all operations in the gray zone. We all use somewhat different terms for this, but let me share the definition of the gray zone that I think works well.

The gray zone is the geopolitical space between peace and war where adversaries work to advance their own national interests while attacking and undermining the interests of their adversaries and setting the conditions for a future war without triggering a military response.

We might refer to attacks in the gray zone as gray warfare. It is the domain of ambiguity, deniability, and incremental aggression calculated to limit deterrence and discourage persuasive response.

The 2026 Cipher Brief HONORS Awards are open for nominations. Find out more at www.cipherbriefhonors.com

Today, it is the space where global competition, particularly great power competition, is playing out.

Why are we seeing more gray zone activity today?

First, great power competition is intensifying. This includes great powers, middle powers, and impacts almost every other nation. Almost every nation has a role to play, even if involuntary: competitor, ally and supporter, enabler, spoiler, surrogate, or innocent bystander and victim. Like the African proverb says, “When elephants fight, it is the grass that suffers.”

But great powers will go to great lengths to avoid 21^st Century superpower conflict, primarily because of the fear of unintended losses and damage to national power that could take decades to recover. The catastrophic damage to nations and militaries from WWII are distant—but still vivid—reminders of the impact of a war of great powers.

Today, just look at the unprecedented loss of national power by Russia in indirect superpower conflict. Superpower conflict has consequences. Given these strategic considerations, the gray zone and gray warfare provide an effective strategic alternative to conventional war. Our adversaries have calculated that there are more gains than risks in the gray zone, and that any risks they do face are acceptable.

Second, technology levels the playing field, creating new opportunities for gray zone attacks. Cyberattacks, even those that are disrupted, lead to more effective cyber capabilities by our adversaries. AI-driven cognitive warfare now delivers persuasive content with unprecedented global access and immediacy. Small kinetic drones can be wielded by state and non-state actors to pose both kinetic and cognitive threats. Technology also enables adversaries to conceal their operations and increase non-attribution. Even simple technologies have the potential to generate strategic effects in the gray zone.

Third, surrogates and proxies offer expanded reach, ambiguity, and impact

Little Green Men, hired criminals, ghost ships, unknown assassins and saboteurs, and shadowy companies that help evade sanctions blur attribution, providing bad actors with a veneer of deniability while increasing their reach, impact, and lethality. On a broader scale, Houthi attacks on global shipping and North Korean soldiers fighting Ukraine elevate the effects of this ambiguous warfare to a higher level. This trend is likely to intensify in the future.

Fourth, it is important to address the direct impacts of Russia’s war on Ukraine on an increase in gray zone attacks. Russia’s significant loss of national power and limited battlefield gains have created pressure on the Kremlin to reassert relevance, project power, and potentially punish antagonists. This dynamic almost certainly means a continued escalation of gray zone activities targeting Europe and aimed at destabilizing the continent. Many experts believe the Baltics and the Balkans may be particularly vulnerable.

That Russian gray bullseye is crowded—the U.S. is also a traditional target, and more Russia activity to undermine and weaken the U.S. is coming, despite Putin’s offers of renewed diplomatic and economic cooperation.

Finally, there are more gray zone attacks because real deterrence and persuasive responses to gray attacks are challenging, and our adversaries know it. In other words, gray zone attacks in most cases are relatively low cost, often effective, provide a level of deniability, and frustrate efforts at deterrence and response.

Our adversaries have calculated that they can hide behind ambiguity and deniability to violate sovereignty, ignore national laws and international norms, and engage in activities such as political coercion, sabotage, and even assassinations without triggering an armed response.

This “no limits” approach exploits the openness, legal norms, and ethical standards of democratic societies, making coordinated, timely, and effective response more difficult.

So, what can we do?

The most important outcome of our actions is to change the risk calculation of our adversaries. Gray zone attacks that go unanswered reward our adversaries and reinforce the idea that there are more gains than risk in the gray zone and encourage more attacks. Further, our adversaries calculate, often accurately, that our reasonable concerns for avoiding escalation will lead to indecision, weak responses, or the acceptance of false choices.

We need improved and shared gray zone intelligence to see through the fog of disinformation, synthetic realities, false risks and threats, and an overload of information by our adversaries to understand what is taking place in the gray zone. This not only strengthens our operations to counter gray zone attacks but it helps our citizens, communities, and countries to understand, recognize, reject, and remain resilient in the face of gray zone attacks.

We have to employ “strategic daylighting” to expose and put into context the gray zone activity by our adversaries—stripping away deniability and laying bare nefarious and illegal actions—knowing that our adversaries will go to great lengths to conceal, defend, and attack our efforts to expose their activities.

We have to speak frankly and convincingly to our adversaries and of course, we have to back up our words with persuasive action. Empty warnings and rhetoric will fall short. Changing the risk calculation of our adversaries means real consequences across a broad spectrum—public, diplomatic, economic, legal, informational, or even kinetic. It means a strategy on how to respond - not just a series of hasty responses. Real deterrence will result from planning and strategy; not decisions in the moment based on immediate circumstances.

Finally, we need to think of deterrence and response as a team sport - an “Article 5 mindset.” Our adversaries will seek to divide and isolate. Collective, unified action and resolve can form a powerful deterrent.

Of course, none of this is new. All of us need a solid understanding of the problems and the likely best solutions and implementation remains the greatest challenge.

We can go a long way with a good strategy, good partners, and resolve which seems like a reasonable place to start.

This Cipher Brief expert perspective by Dave Pitts is adapted from a speech he recently delivered in Sarajevo. Comments have been lightly edited for clarity. All statements of fact, opinion, or analysis expressed are my own and do not reflect the official positions or views of the US Government. Nothing in my remarks should be construed as asserting or implying US Government authentication of information or endorsement.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Former CIA Station Chief on the Trump Administration’s Caribbean Strategy

EXPERT INTERVIEW — Secretary of War Pete Hegseth announced today that the U.S. has carried out three additional strikes on four sea vessels, bringing the total number of attacks on boats to 13, resulting in more than 57 deaths. The Secretary said 14 people were killed and one person survived yesterday’s attacks targeting drug traffickers.

The Secretary posted on X that, “The Department has spent over TWO DECADES defending other homelands. Now, we’re defending our own. These narco-terrorists have killed more Americans than al-Qaeda, and they will be treated the same,” warning of more strikes to come. “We will track them, we will network them, and then, we will hunt and kill them.”

The strikes come amid a major U.S. military buildup in the region, most recently bolstered by Secretary of War Pete Hegseth’s order last week for the USS Gerald Ford aircraft carrier and its escorts to deploy from the Mediterranean to Latin America. President Trump says he is also considering military action against land targets in Venezuela, a sentiment echoed recently by Republican Senator Lindsey Graham.

Experts on the region believe part of the counternarcotics campaign is aimed at pressuring Venezuelan President Nicolas Maduro to step down. The U.S. has recently suspended diplomatic efforts with Maduro’s government and the Venezuelan president has been directly accused by the U.S. of involvement in drug trafficking. And in a highly unusual move, President Trump publicly announced recently that he has authorized the CIA to conduct covert action in Venezuela.

Maduro has condemned the U.S. military activity, accusing Washington of “fabricating a new war” while vowing to defend national sovereignty.

The Cipher Brief spoke with former CIA station chief David Fitzgerald, who served in Latin America, at the 2025 Cipher Brief Threat Conference about the implications of the strikes and other forms of pressure on both the cartels and Maduro. Fitzgerald joined the conference live from Panama. Our interview has been lightly edited for length and clarity.

THE INTERVIEW

Kelly: Dave, you have deep expertise in the region and in understanding the drug cartels. With everything going on in the region right now, what's top of mind for you?

Fitzgerald: Regarding Venezuela specifically, it's an interesting situation and I think President Maduro feels like the pincer movement is coming in on him right now. He's feeling the pressure, no doubt, from the military actions in the Caribbean, and also from some of the declarations by President Trump. He doesn't have the support of his neighboring Latin countries that he would like, specifically Brazil - if you remember back when he was elected during the last time, his main ally in Latin America, President Lula, never recognized the election. So theoretically, none of his counterparts other than the ones from the countries everybody suspected would - Nicaragua, Cuba, and, at the time, Bolivia - had recognized the election and President Maduro as the president elect and now the president.

So he understands very well that if push comes to shove, if there's some type of military action vis-a-vis Venezuela, Russia, China, Cuba, even Iran is not going to come to his assistance. He's going to be out on his own and he's going to be very outgunned and outmatched by the U.S. military. [He has a] decrepit air force and a decrepit army. He also claims to have rallied 4 million militia members that are undergoing training to help defend Venezuela.

Kelly: President Trump has openly said that he has authorized covert activity in Venezuela. What does this mean? If you're Maduro, what is that message that you're taking from that? How does it change the situation?

Fitzgerald: I think we're all a little surprised by that announcement, which is very out of character for the IC to have a covert action finding actually being announced by the president of the United States. I guess on one hand he's just circumventing what would eventually happen, and that's having it leaked, which I think has happened to all of the other covert programs. On the other hand, I think it's part of that pressure campaign that Trump is putting on Maduro and I think he's really feeling squeezed. There have been recent media reports that Maduro has offered to provide natural resources to the United States to try to find a way out of the situation by accommodating President Trump by providing oil and some of the other rich resources that Venezuela has. But I think he [Maduro] understands that his plan B is going to get on a plane and go to Cuba, much as President Chavez was back in 2002 when he had a short-lived coup d'état attempt in Caracas. There are not many options for him at this time.

Kelly: This administration has made clear that part of the policy towards Venezuela is applying pressure which includes the targeting of suspected drug boats off the coast of Venezuela. With your decades of experience understanding what motivates the drug cartels and what doesn't, how do you think these attacks might shift their thinking, if at all? And I also want you to explain to us how the cartels are technology, reportedly, better than most other groups in the world. Is this true?

Fitzgerald: They're very sophisticated and vis-a-vis Venezuela, you actually have kind of a, I hate to use the word state-sponsored, but I will say state-approved cartels working in Venezuela. I don't know if we remember the days of Cartel de los Soles, which in English means the cartel of the generals, and that was so true back in the 90’s. The then head of the National Guard was under indictment [for involvement.] He's still under indictment. He has never left Venezuela since then.

Hugo Carvajal, who was General Carvajal, the head of military intelligence, fled to Spain around 2020-2021 because he had a falling out with Maduro. He was extradited to the U.S. back in ‘23. He pled guilty [to involvement in narcoterrorism and drug trafficking] in June of this year and is going to be sentenced at the end of this month. I know the guy personally, and I remember having these conversations with him and telling him, Hugo, one day this house of cards is going to come crumbling down and there's going to be a price to pay, right? He says, ah, no, no, no, no. And I think it's kind of that same atmosphere in Venezuela right now with the senior military officers. Maduro has done a good job of handling the military in the sense of the stick and the carrot, and they all understand that as long as they're true and loyal to Maduro, they're going to benefit from it, from their illegal activities, either allowing trafficking or corruption to take place or participating in it. So there's going to be more indictments, I think. There's no doubt Carvajal is making a plea with the U.S. attorney right now in order to lower his sentence.

You have that combined with what you see now in Colombia. Trump had called President Petro a narco trafficker and said he's cutting all narcotics assistance to Colombia. That's a blow to him, but it's also a blow to our efforts in the region because Colombia, as everybody knows, has been our strongest ally in this fight, both in the Counter-terrorism fight in the region and also in the counter-narcotics fight. So we're going to watch how this plays out.

Elections in Colombia are in May of next year. All polls indicate Petro really doesn't have a chance. I'm not sure whether this announcement will help him or not. Colombia's not doing well right now. The United Nations just last month announced that they have record cultivation of coca now in Colombia. They're producing more than they ever did even before we started our Plan Colombia back in the 90’s. So it's a worrisome situation.

Kelly: I'm glad you brought up Colombia because I was going to ask you about that.

I’ve also heard recently that the epicenter of the drug problem is in Mexico. Talk to us a little bit about that and about what you have seen work or not work, against drug cartels in Mexico.

Fitzgerald: The question has always been how do you declare victory? Okay, narcotics traffic is going to exist for the rest of time. It always has, right? So the question is how do you define victory over that target? Years back, I had a conversation with [former Colombian] President [Alvaro] Uribe and I said, “we’ve made great strides, a lot of great things have happened. How do you define victory over these trafficking and terrorist groups?” Back then it was the FARC and the ELN where they were a two for one, or both trafficking and terrorist groups.

He looked at me and said victory is when these problems stop being a national security problem, a threat to our national security, and just basically turn into a regular criminal problem. I think he nailed it on the head. In countries like Colombia, Venezuela, Mexico, all through Central America, these are national security problems. The corruption that it entails, the penetrations that the traffickers have made through all society. It is a threat to the region and a threat to national security of all of those countries, and indirectly a threat to our national security, especially along the border and especially with some of the violence that comes with it.

In Mexico, I think President [Claudia] Sheinbaum has done a fairly good job. You've seen all the newspaper articles about the ICS (Integrated Country Strategy) participation in Mexico. It has been a successful program, but again, flying under the radar, you really can't broadcast this. Colombia was very effective at taking out the heads of the cartels. Extradition was key. We have extradition with Mexico, but again, you have pockets of immunity within Mexico. The corruption is rampant. How to get past the corruption? Venezuela is that kind of dark hole where you really can't do much. But there has been some success, and I can't take that away from the Mexican services, to a lesser extent, the Colombian services and all through Central America, but we're not where we need to be right now.

Question from NBC Reporter Dan DeLuce (in the audience): Let's say Maduro does get on a plane and fly to Cuba. What does he leave behind? What are the scenarios you see unfolding? I know it's highly speculative, but I'd like to hear your thoughts.

Fitzgerald: First of all, he wouldn't be the only one on the plane. He would be joined by his wife, probably half of the general staff and anybody else who could get on that plane. They will all understand that if he goes, they go and that they're going to be left to the hoards to try and figure out their survival. So I think right now that is option B, because militarily, he understands the Russians are not going to come to his assistance. The Chinese look at this as a transactional relationship with Venezuela. They are making money off Venezuela’s oil and the loans they provide. They just want to be paid back. Maduro is pretty weakened right now. Nobody is likely to come to his aid. So I think for him right now, it's a very serious consideration as far as plan B, how to get out of Venezuela and how to get out of Venezuela fast.

Kelly: How do you measure the impact of these strikes against these boats?

Fitzgerald: In two ways. The first impact is the psychological impact, and the second is the actual counter-narcotics effort impact. I think the impact of stopping the drugs from reaching [destinations], whether they're going to San Domingo or Dominican Republic or some other Caribbean island as a transit, that's minimal. The Coast Guard has been doing that for decades. It helps, but in many ways it's a drop in the bucket. The psychological impact, however, is far greater. I doubt there's very few volunteers or crewmen, both from Venezuela and from Colombia, who are happy about getting on some of these fastboats or the submersibles to crew them out to the Caribbean. I think what you're going to see, it's probably already started, is a shift to the Pacific side. This situation is kind of a pendulum and it’s been like this for decades. The US and our allies would focus on the Caribbean. They'd switch to the Pacific. We'd focus on the Pacific. They go back to the Caribbean. They would just change their routes, change their modus operandi of how they traffic drugs.

Kelly: Thank you so much, Dave. I really appreciate you taking the time. I know you don't do a lot of interviews like this.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Ukraine’s Winter War Is the World’s Test — and America Can’t Afford to Blink

OPINION — Two weeks ago, my colleagues and I stood in Dnipro while warning sirens cut across the city and Shahed drones screamed overhead. We had come as a medical-humanitarian delegation to inspect trauma centers that receive the worst of the front’s casualties; instead, we found ourselves in a strike zone, sifting through a debris field that included drone fragments and watching medics pull the wounded from an improvised triage line. A United Nations car park across from the drone strike had been shattered; buildings for two city blocks were heavily damaged; more than thirty civilian casualties were reported.

We traveled with a security team of veteran U.S. special operations personnel made up of Green Berets, former SEALs, and allied SOF veterans who have been fighting and advising in Ukraine since 2019 and earlier. Their presence allowed us safe, rapid access to hospitals, strike sites, and frontline briefings, and their frontline experience provided critical context to what we observed. I mention them not to publicize operations but to make a point: American veterans who have been embedded here for years see the same patterns we do — a war accelerating in tempo and technological reach, but one that could still be won both for Ukraine and the free world.

What we saw that day in Dnipro was not a local catastrophe. It was a live demonstration of how modern, networked war is metastasizing beyond the battlefield and how quickly it could remap the global order unless the West acts now.

The tactical picture in Donbas is of immediate strategic urgency. Russian forces are mounting coordinated pincer operations, advancing from Pokrovsk through Kramatorsk to Slovyansk, designed to encircle and absorb the Donbas region, then push west to take Zaporizhzhia and threaten Dnipro. The fall or isolation of Dnipro would sever east–west logistical and medical corridors, producing a catastrophic collapse in Ukrainian operational tempo and resilience. That outcome would not merely alter front lines; it would force a recalibration of Europe’s entire defense posture. Moreover, Moscow’s likely playbook is predictable: secure territorial gains, press for an immediate ceasefire on favorable terms, and use the pause to move seasoned forces into Belarus to stage further aggression against NATO’s vulnerable Suwałki corridor and the Baltic states.

Holding the frontline in Donbas against those pincer movements requires urgent, concrete material and logistics support. The immediate tactical needs are specific and time-sensitive: Lancet-equivalent loitering munitions in quantities sufficient to strike armor and artillery beyond FPV range; thousands of FPV frames and spares for tactical units; higher-payload fixed-wing drones with enhanced electronic-warfare modules; long-range fiber-optic drones for secure, EW-resistant target acquisition; ISR quadcopters such as DJI Mavic models; heavy-bomber quadcopter drones and Shark and RAM-X systems; additional M119 105 mm howitzers and tens of thousands of rounds (including laser-designated munitions); tons of C4 or Cemtex explosives and initiators; smoke grenades; Starlink terminals and hardened communications kits to keep command-and-control functioning under jamming; unmanned ground vehicles for casualty evacuation under fire; thermal winter clothing for tens of thousands of soldiers; and precision munitions and laser target designators to convert targeting into effect. Rapid delivery of these items before winter is not an optional improvement. It is the single most important determinant of whether Ukrainian units can blunt the pincers and maintain cohesive defense lines.

The operational challenge is only part of the problem. The more profound danger is industrial and doctrinal: the battlefield is being remade by a global axis of authoritarian actors and by grassroots innovation that together change the tempo of war.

On the state side, China, Iran, North Korea, Venezuela and shadow networks tied to Wagner, the GRU, the FSB, proxy forces and criminal cartels are not acting independently; they are converging. China supplies much of the critical electronics powering the drone systems we see on the front. Iran provided the Shahed design architecture. North Korea supplies ammunition and manpower. Venezuela and other nodes proliferate systems and tactics across regions. Wagner remnants, clandestine elements and proxy contractors conduct psychological operations, sabotage, and hybrid warfare to stoke fear, hesitation, and distraction to destabilize the West and blunt coordinated timely response. The result is a horizontally linked industrial and doctrinal ecosystem that accelerates lethal innovation on a timeline far faster than Western procurement cycles can match.

Compounding the danger, Ukraine’s defenders have taught us something brutal and clear: the frontline is now a maker space. Volunteer workshops and unit-level innovation labs crank out field-adapted FPV and fixed-wing drones assembled from 3-D-printed parts. Fighters become engineers, iterating designs in days rather than years. Low-cost airframes, priced in the hundreds to low thousands of dollars, are proving operationally decisive. Within two years many of those platforms will be semi- or fully autonomous and capable of swarm behaviors. That combination of authoritarian mass production on one side and decentralized battlefield innovation on the other yields a force-multiplying effect that threatens to swamp Western advantage in both kinetic and non-kinetic domains.

There is also a human reality behind the hardware. While much popular discussion focuses on Ukrainian mobilization shortfalls, the manpower problem may, in fact, be deeper and more structurally damaging for Russia. Moscow’s mobilization has produced a manpower pool that is larger on paper but qualitatively hollow: many conscripts recruited under debt and inducements, reports of chronically ill or terminally ill soldiers sent to the front, widespread morale collapse, and systematic reclassification of killed personnel as missing to avoid payouts. Russia may be hemorrhaging men while failing to sustain unit cohesion and effective rotations. That weakness creates opportunities for Ukraine, if the West supplies the means to exploit it.

Casualty numbers for the Russians are sobering. From January through August 2025 battlefield data indicate more than a quarter million personnel losses and a cumulative toll since 2022 that exceeds one million killed, wounded or missing. Reported kill ratios in some sectors range from three-to-one to fifteen-to-one in favor of Ukrainian forces. Those ratios, while indicative of tactical success, mask the strain: Ukraine’s advantage is sustained only by speed of thinking, of logistics and of resupply. Medical systems are stretched, evacuation chains fray, and field hospitals operate at or beyond capacity. Yet Ukrainian medical practice preserves far more wounded who can return to the fight or to wartime industry than the Russians, whose KIA:WIA ratio is reported abysmally as 1:1.3. Ukrainians value life. Russians do not.

All of this yields a stark policy imperative: there is a two- to three-month window this winter in which Western action, or inaction, will disproportionately shape outcomes. If the West moves decisively now, Ukraine can stabilize the Donbas, increase pressure on Kremlin command and possibly force fissures within the Moscow-Beijing axis. If the West hesitates, Russia could consolidate gains, demand a favorable ceasefire and use the lull to redeploy and reconstitute forces for broader escalation.

What should America and its allies do?

First, address the immediate tactical needs to hold Donbas through the winter and spring. Prioritize delivery of the specific items listed above and ensure Dnipro’s bridges and trauma centers remain operational. These are the lifelines that keep supplies, casualties, and command flowing to and from the front.

Second, treat this tactical issue in Donbas, Zaporizhzhia and Dnipro as a strategic emergency for Europe and allied forces. Otherwise, Russia will push its advantage to secure a bad faith ceasefire and shift its aggression towards Europe and beyond.

Third, institutionalize the agility we see on the ground. Create micro-procurement authorities, rapid-fielding channels, vetted modular kits and secure surge logistics so that front-line innovation can be turned into operational capability within days, not months.

Fourth, mount a coordinated counter-industrial campaign to choke the supply chains and machine tools that fuel authoritarian drone production. That means targeted sanctions, export controls on critical components and GNSS substitutes, and diplomatic pressure on transshipment nodes. It means using financial and law enforcement tools to disrupt proxy financing and criminal exploitation of battlefield lessons.

Fifth, broaden our conception of the battlefield. Hybrid operations are global — from psychological operations in Europe to proxy sabotage across the globe and the potential adaptation of FPV tactics by criminal/extremist networks in the West. Defense planning must be whole-of-government and whole-of-hemisphere, integrating intelligence, law enforcement, financial mechanisms and coalition logistics.

Finally, make the moral case plainly: this fight is not simply about Ukrainian territory. It is a contest over whether the global commons — maritime lanes, satellite-enabled logistics and cyberspace — will be sustainably weaponized by authoritarian states and their proxies. If we cede initiative in the technology of war, we will forfeit the strategic initiative in peace. Stated plainly: this is a war for the preservation of the free world.

From a shattered car park in Dnipro to a makeshift techlab where a combat drone takes shape, two realities are obvious: the war is changing, and it is changing fast. We cannot afford to be outpaced. The choice this winter is stark: enable Ukraine to hold the frontline against the pincer offensives in Donbas, support Ukrainian strategic efforts against the Russian war machine on its home soil, and stymie the global strategic battle against the axis of authoritarians. Or watch the battlefield’s innovations be converted into instruments of wider, harder-to-control global conflict.

This is not easy. It is, however, solvable, if we treat it with the urgency, specificity and imagination it requires. The future of war is now. The time to prepare was yesterday. The clock is running fast."

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump’s National Guard Plan Faces Legal Pushback and Constitutional Questions

OPINION — “I'm not going to answer particulars on something that may be in the planning process, but we definitely do have multiple layers of National Guard response forces, whether it's in each state, whether it's regionally, whether it's Title 10 active duty, whether it's Washington D.C. We've got a lot of different ways that constitutionally and legally we can employ Title 10 and Title 32 forces, and we will do so when necessary.”

That was Defense Secretary Pete Hegseth in the Oval Office this past Friday, after a meeting of the Trump administration’s Homeland Security Task Force, responding to a reporter’s question about whether the establishment of multi-state National Guard rapid response forces “that's going to be trained in crowd control and civil unrest and deployed in all 50 states by April of 2026” is underway.

It’s worth remembering that buried as part of “Operational Actions” called for under an August 25, Trump Executive Order (EO) entitled, “Additional Measures To Address the Crime Emergency in the District of Columbia,” there is a section that reads: “The Secretary of Defense shall immediately begin ensuring that each State’s Army National Guard and Air National Guard are resourced, trained, organized, and available to assist Federal, State, and local law enforcement in quelling civil disturbances and ensuring the public safety and order whenever the circumstances necessitate, as appropriate under law.”

That EO section goes on to say. “In coordination with the respective adjutants general, the Secretary of Defense shall designate an appropriate number of each State’s trained National Guard members to be reasonably available for rapid mobilization for such purposes. In addition, the Secretary of Defense shall ensure the availability of a standing National Guard quick reaction force that shall be resourced, trained, and available for rapid nationwide deployment.”

Before Trump signed the August 25 EO, his assistant Will Scharf described it as “an executive order that contains a number of additional measures relating to crime and law enforcement in Washington, D.C. It charges, for example, your Secretary of Defense with establishing specialized units in both the D.C. National Guard and the National Guard units around the country specifically trained and equipped to deal with public order issues.”

Hegseth added about the response teams, “And at your direction as well, sir, [meaning Trump] it's just common sense to make sure they're armed as well.”

Under Title 10, the President can federalize any state’s National Guard if the country “is invaded or is in danger of invasion by a foreign nation,” if there’s “a rebellion or danger of a rebellion” against the federal government’s authority, or if the president “is unable with the regular forces to execute the laws of the United States.” Such an order “shall be issued through the governors of the States,” Title 10 says.

Under Title 32, state National Guard units can be deployed for federal purposes, but they remain under state control. Since the troops are under state control, they are not subject to the Posse Comitatus Act’s restriction against engaging in civilian law enforcement.

On August 26, retired-National Guard Maj. Gen. Randy Manner said on PBS: “I think this is unneeded and also very dangerous. It's setting a new precedent.”

He went on, “When I was the acting vice chief of the National Guard Bureau, we absolutely already put into place the ability of having quick reaction forces in every state, depending on the size…They were at the time, of course, targeting the ability to respond to emergencies in the state such as floods, hurricanes, forest fires, earthquakes, and so on to be able to save lives. The difference here is that it's focused on ‘public order.’ That's very disturbing.”

Manner added, “Also, the idea of creating a unit whose primary mission is to deploy anywhere in the country to deal with potentially demonstrations or civil disorder, as the President sees fit…that is not in keeping with the mission of the National Guard as a strategic reserve for our military and for our nation.”

Manner then made an important point, relative to what has happened since: “This is something where the President is imposing the armed military to go into American cities. That is the most significant difference. And it's very important to remember that civil disturbance deployments by governors is actually the smallest amount of missions that have ever been done by the National Guard. It is a rarity, whereas now the President is elevating it to be a significant capability for the National Guard.”

Over the objections of the Governors of California, Oregon and Illinois, President Trump has ordered Title 10, federalized Guard units deployed – deployments which are all undergoing judicial tests.

In Illinois, U.S. District Judge April Perry on October 9, issued a temporary order that barred the Trump administration “from ordering the federalization and deployment of the National Guard of the United States within Illinois.”

Perry said in her opinion that there was “insufficient evidence of rebellion or a danger of a rebellion,” as required by Title 10, nor was there “sufficient evidence that the President was unable with the regular forces to execute the laws of the United States.” The Trump administration immediately appealed and moved for a stay of the order pending appeal.

On October 16, the U.S. Court of Appeals for the Seventh Circuit agreed with Judge Perry, writing that in their opinion “the facts do not justify the President’s actions in Illinois under [Title 10], even giving substantial deference to his assertions. The Circuit Court did, however, allow Presidential federalization of a National Guard unit, while prohibiting its deployment.

In its opinion, the Circuit Court made points about the “rebellion or danger of rebellion,” that are worth reviewing since it’s clear the Trump administration sees Title 10 allowing them to use military troops freely.

The Circuit Court wrote: “Political opposition is not rebellion. A protest does not become a rebellion merely because the protestors advocate for myriad legal or policy changes, are well organized, call for significant changes to the structure of the U.S. government, use civil disobedience as a form of protest, or exercise their Second Amendment right to carry firearms as the law currently allows.”

The Court added, “Nor does a protest become a rebellion merely because of sporadic and isolated incidents of unlawful activity or even violence committed by rogue participants in the protest. Such conduct exceeds the scope of the First Amendment, of course, and law enforcement has apprehended the perpetrators accordingly. But because rebellions at least use deliberate, organized violence to resist governmental authority, the problematic incidents in this record clearly fall within the considerable daylight between protected speech and rebellion.”

I quote the Circuit Court opinion because the Trump administration from the start has claimed in this case before the District and Circuit Courts and elsewhere, that the President’s federalization of the Guard under Title 10 “is not judicially reviewable at all. Alternatively, it contends that the factual predicates of [Title 10] are satisfied in light of the deference due the President’s decision to federalize the Guard.”

On October 17, the day after the Circuit Court opinion, Trump’s Solicitor General D. John Sauer filed an emergency motion with the Supreme Court seeking to block the Perry order that prevents deployment of the federalized Illinois National Guard units.

In seeking that order, which would also overrule the Seventh Circuit Court opinion, Sauer argued, as he had done unsuccessfully in District Court, “As a threshold matter, both the statutory language and historical tradition make clear that the President’s decision whether to federalize the Guard is not subject to second-guessing by the State of Illinois or a federal district court.” He then quoted Title 10 with respect to “rebellion or danger of rebellion.”

Sauer also wrote, to support the argument for deployment, that “The President has express statutory authority to ‘call into Federal service’ the National Guard, after which the Guardsmen serve under the command and control of federal military officials and ultimately the President as Commander in Chief.”

The Supreme Court has not yet acted on this emergency motion.

But as writers in Just Security said last Friday, “The government’s interpretation suggests that a President may deploy military forces anywhere in the United States for any reason, and that courts would have no authority to determine its legality. This assertion runs counter to U.S. history, the structure of powers related to the military in the U.S. Constitution, and the theory of checks and balances.”

Or as New York Attorney James D. Zirin wrote yesterday in The Washington Monthly, “If the Court grants Trump relief in Chicago, what will stop Trump from deploying National Guardsmen nationwide to supplement the ICE program in enforcing immigration laws? And then, based on some pretext that there is a rebellion, posting troops at select polling places nationwide to intimidate voters during the midterm elections?”

It is Zirin’s second fear, for the 2026 midterm congressional elections, that first drew my concern over Trump’s August proposal for all 50 states to have National Guard rapid reaction forces prepared to ensure “the public safety and order whenever the circumstances necessitate, as appropriate under law.”

There has been no public report I know of from the National Guard Bureau or Defense Department as to how many such units have been formed so far under the Trump administration, despite the April 2026 deadline. It is one of many things to watch for.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

General Philip M. Breedlove

Lt. Gen. Michael Groen (US Marine Corps, Ret.)

Steve Blank

Back to top