The Cipher Brief

BOOK REVIEWS & RECOMMENDATIONS -- Welcome to our annual holiday book review and recommendations list, where we highlight some of the terrific books that have been reviewed and featured in The Cipher Brief in recent months. Since our summer newsletter, we've covered and reviewed more than 35 books – often sliced and diced by world-class subject matter experts. In this newsletter, we’ve singled out about a dozen that received our highest four out of four “trench coat” rating. As always, the books reviewed in The Cipher Brief represent an eclectic mix of topics ranging from the history of past wars to the prospects of future ones. We’ve included both fiction and non-fiction faves.

FICTION FAVORITES:

Tops on many folks’ list is The Persian: A Novel by veteran CIA analyst David McCloskey. For this one, we turned once again to Joe Zacks, a veteran of four-plus decades of government service, to offer his take. Zacks writes that The Persian may be the finest of McCloskey’s four spy novels to date (high praise given how well the first three were received). For this one, Zacks calls McCloskey’s novel “a sophisticated and multidimensional depiction of human nature and the motivations that propel people to action. It brings the HUMINT discipline to life, vividly portraying how a sophisticated intelligence service identifies, targets, and ultimately recruits and handles an agent while plumbing the depths of the agent’s psyche and inner conflicts.” To learn even more about the book – and its author – Cipher Brief CEO & Publisher Suzanne Kelly did a debrief with McCloskey in this fun-filled Cover Stories podcast.

To review veteran spy novelist Daniel Silva’s 25^th book, An Inside Job, we turned to a couple of CIA veterans – Anne and Jay Gruner. The latest Silva book brings back skilled art restorer and former Mossad chief Gabriel Allon, in a fast-paced tale involving art theft, European crime and corruption – and a newly elected Pope. The Gruners’ review declares that Silva has once again demonstrated that he is a master of his craft.

While Gabriel Allon, the hero of Silva’s novel, is a fictional former Mossad officer, a genuine Mossad alumni, Yariv Inbar, is also a prolific novelist. His latest book, Behind the Trigger, was reviewed for us by Dr. Ken Dekleva, a novelist in his own right and a former Regional Medical Officer/Psychiatrist for the State Department. With that background, Dekleva was quick to spot Inbar’s skill in describing the human, emotional, and psychological aspects of espionage. The book features two central female characters and a Middle East canvas.

Not all of the novels that won plaudits on The Cipher Brief came from long-time authors. There was the thriller The Moldavian Gambit by first-time novelist Brad Meslin about a man-portable nuclear device that goes missing at the time the Soviet Union was coming apart in the early 1990s and may have fallen into the hands of a terrorist -- and possibly smuggled into Paris. We asked James Lawler, a former CIA officer with deep experience in thwarting rogue state weapons proliferators and the author of several well-received novels himself to review it. Lawler gave Meslin high marks for technical accuracy and heart-stopping story telling. Meslin also joined us on a Cover Stories podcast to discuss what inspired him to write the novel and his sources and methods for keeping readers on the edge of their seats.

THE NON-FICTION BOOKS THAT ROCKED CIPHER BRIEF REVIEWERS:

With Latin American counternarcotics operations much in the news, a timely read is After Escobar: Taking Down the Notorious Cali Godfathers and the Biggest Drug Cartel in History reviewed by veteran government lawyer Terence Check. Written by former DEA agents Chris Feistl and Dave Mitchell with an assist from Jessica Balboni, the book tells the two-year saga in the mid-1990s of the investigation, apprehension, and prosecution of the leading “godfathers” of the Cali drug cartel (aka “Cocaine, Inc.”) one of the biggest multi-billion-dollar drug trafficking enterprises of all time. In his review, Check writes that After Escobar “is really a story about diplomacy, and the power it has as a force multiplier for our law enforcement and military….(showing) the reader the importance of the diplomatic cadre in helping to bring down the Cali Cartel by doing the hard work of negotiating with the Colombian government.”

The criticality of diplomacy was at the forefront of another book this fall. Great Power Diplomacy: The Skill of Statecraft from Attila the Hun to Kissinger by A. Wess Mitchell. The book was reviewed for The Cipher Brief by retired U.S. Ambassador Gary Grappo. In his review Grappo describes the book as “part history lesson and part instruction manual for national leaders and diplomats, reprising the tactics, strategies, methods and actions of previous major state leaders and diplomats who found themselves confronting similar great power contests.” Grappo lauds the book for being a: “resounding reaffirmation of the value and importance of diplomacy as an indispensable component of national power not just in the past but even more so today. The skills of its practitioners may need rejuvenating. But there is no denying that diplomacy ultimately holds solutions to the problems of today.”

Several books we will highlight here offer fresh looks at past history. Let’s start with one from Yale University Press: No More Napoleons: How Britain Managed Europe from Waterloo to World War One. The book was written by Andrew Lambert and one of our most prolific reviewers, Jean-Thomas Nicole, a Policy Advisor with Public Safety Canada, reviewed it. Nicole praised the book for its reminder of “the enduring utility of maritime power, the virtues of restraint, and the necessity of maintaining influence without overreach.” Nicole notes that these themes resonate strongly with today’s global challenges.

World War II and the events that led up to and followed it are often good fodder for books. Among those that stood out for us this year was “The Spy and the Devil” by Cipher Brief expert Tim Willasey-Wilsey. Journalist and author Michael Smith reviewed it for us and called it “one of the greatest untold stories of the Second World War intelligence.” It is the story of a Lithuanian-born ‘Baltic-German’ who ended up working for British intelligence and managed to penetrate the highest Nazi circles prior to the war including having several meetings with Adolf Hitler himself. Willasey-Wilsey also joined us on a Cipher Brief Cover Stories podcast to talk about this remarkable story.

In October, we published a review of The Traitor’s Circle: The True Story of a Secret Resistance Network in Nazi Germany – and the Spy Who Betrayed Them by Jonathan Freedland. Australian writer Susan Gorgioski reviewed it and told us the book reads like a detective novel but tells the real story of a “little-known group of opponents to the Nazi regime in Germany who were willing to sacrifice careers, social position, money, and ultimately for some, their lives.”

And then there was Rain of Ruin: Tokyo, Hiroshima and the Surrender of Japan by Richard Overy and reviewed by former senior CIA clandestine service officer (and Cipher Brief expert) Sonya Seunghye Lim. In her review, Lim praises Rain of Ruin for being a “thought-provoking and disturbing book” and its explanation for “why armed conflicts will continue to plague the world: dehumanizing the enemy, depersonalizing killings by making attacks as remote as possible, and glamorizing combat serve to palliate our collective conscience and to justify the persistence of jingoism.”

But not all the good stuff came from ancient history. CNN anchor Jake Tapper published a book in October called Race Against Terror: Chasing an Al Qaeda Killer at the Dawn of the Forever War. So, we turned to someone with deep expertise – Joe Zacks who was just wrapping up a 42-year career - half in the Army and half as a CIA officer - and whose final post was Deputy Assistant Director of the CIA for Counterterrorism, to review it for us. Perfect credentials to evaluate Tapper’s book which Zacks describes as “ a mix of detective story and legal drama” about a six-year odyssey of tenacious federal prosecutors trying to bring an al Qaeda terrorist to justice.

Some of our best received books were about future intelligence challenges. For example, there is The Fourth Intelligence Revolution: The Future of Espionage and the Battle to Save America by Anthony Vinci. We tapped Cipher Brief expert and principal with the Cyber Initiatives Group Glenn Gerstell to review that one for us. In his review, Gerstell describes the book as examining “the confluence of increasingly complex geopolitical challenges and of global technological advances” and tells us that the conclusion is that “America’s spy agencies must not merely adapt but also dominate this dynamic if we are to blunt (if not defeat) our adversaries.”

But no matter how good the technology is going forward, you’re gonna need people to make it all work right – and they need to be people who can get a security clearance. So, what do you need to know in order to try and do that? Fortunately, there’s a book for that. Trust Me: A Guide to Secrets: Who Gets Them and Why We Have Such a Mixed Track Record with Them by Lindy Kyzer. We trusted retired CIA Deputy Director for Analysis (and current Cipher Brief Expert) Linda Weissgold to review it. Weissgold is also a professor at Texas A&M’s Bush School of Government and Public Service in Washington, DC and says she now recommends the book to her students who want to understand the opaque yet crucial process of getting a security clearance. The book offers practical and philosophical advice that seeks to demystify the process.

While a little harder to give as holiday gifts, there are some podcasts interviews we highly recommend as well, including:

A discussion with Marine and CIA ground branch veteran – and award-winning writer Elliot Ackerman discussing his latest novel Sheepdogs.
A deep dive into North Korean matters with Ambassador Joe DeTrani on his memoir The North Korean Threat: Intelligence and Diplomacy.
A discussion with journalist and Marine veteran Chas Henry about a devastating Pacific cyclone that triggered a horrendous fire at Marine Corps Base in Japan.
And even a book by a publishing expert, Jane Friedman, who offers essential advice on how YOU can write your own book. Get her guide, The Business of Being a Writer, and maybe in a couple of years The Cipher Brief will be carrying a review of your book.

Before we go – we should note that some of our reviewers are really tough graders – and there are dozens of other books we’ve reviewed that came in with slightly under the four trench coat rating that we are certain you would enjoy. So, be sure to check out the complete list of reviews here.

Happy Holiday shopping and reading!

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Echoes of 1940: Learning from an Ally at War and Preparing the U.S. for the Next Fight

EXPERT OPINION / PERSPECTIVE — Eighty-five years ago, as the United States cautiously explored an expanded alliance with Great Britain, our own population was divided. London was already fighting for its very survival, standing alone after the fall of France; Washington was not yet fighting at all. Public opinion tilted toward isolationism, and President Roosevelt had to proceed slowly to avoid losing the support of both Congress and the U.S. public. Yet a year later, the Atlantic Charter was signed with Churchill, publicly declaring a shared stand against tyranny and an alliance that would stand for the rest of the century. But behind the scenes, the two leaders negotiated a deeper exchange: American weapons for British technology.

Through Lend-Lease, the United States sent destroyers and vital equipment to keep Britain in the fight against Nazi aggression. Less understood was what the U.S. quietly received in return: cutting-edge capabilities that would shape its own success once it entered the war. That historical moment holds lessons for today, with America again questioning its commitments abroad, and for the value of learning from a Ukrainian ally engaged in a war we are not fighting ourselves.

One of Britain’s most consequential contributions in 1940 was the technology behind “Chain Home,” an early, revolutionary radar network. A constellation of radio stations sent out beams whose returns revealed the direction, altitude, and approximate numbers of incoming Luftwaffe aircraft during the Battle of Britain. Integrated with human observers and command-and-control stations, the system allowed RAF leaders to deploy their limited squadrons with precision, conserving fuel, protecting pilots, and preserving the nation’s survival. As Churchill famously said of the RAF, “never in the field of human conflict was so much owed by so many to so few.”

That success was not only a triumph of courage but a triumph of rapid wartime innovation and operational learning. And it is exactly the kind of learning the United States must pursue now as Ukraine pioneers new modes of drone warfare against a technologically sophisticated adversary.

Drone warfare in Ukraine today is the chain home radar of our time. Today in Ukraine, that country “owes so much to so few”: drone warrior heroes fighting not only for their country, but for all of Europe and democracy. The drone operators and their innovation are helping Ukraine to stay in the war against overwhelming Russian numbers. The U.S. and other NATO allies have provided large weapons systems like HIMARS, ATACMS, Abrams tanks, and F-16s. All of these systems at one time were supposedly ruled out for Ukraine, only to be provided later. Meanwhile, Ukraine’s own drone industry and innovations have helped it to turn the tide of countless battles.

There has been frustration in the U.S., however, with the support. Many are asking: for all the weapons and funding we have provided to Ukraine, what are we getting back? Defending freedom and fighting Russian aggression for Europe and our allies should be enough for our arsenal of democracy. But it’s a fair question. It is understandable after 20 years of war that the American people want to know what else we are getting if the U.S. is to be so heavily engaged financially and militarily.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

One of the things we are learning, and can learn even more ahead, are incredible lessons about the battlefield for our future force. The Army War College has led a multi-year effort to help in a project called “Call to Action: Lessons for the Future Force”. Others in various military training and testing commands across all our services, and our allies, are doing the same.

There are many more lessons to be learned, and not enough resources are being put into the fight. For years, the U.S. embassy and government were limiting the number of official Americans and contractors allowed into the war zone to work with and learn from the Ukrainians. That should end for good, and we should be flooding our ally with experts ready to help, but also to learn. One of the areas we should be drawing a lot more lessons from is drone warfare.

The Russian military and its intelligence services have learned a lot about drone warfare in Ukraine. They have stood up an entire new service of their troops devoted to drone warfare, as well as a drone center called Rubikon, which is changing the battlefield. The Russians are also using drones in gray warfare against NATO countries, to probe their borders, weaknesses at airports, and other facilities across the continent in what has grown in recent months into a wave of drone incursions. This is hybrid warfare practiced by a country and its intelligence services that have a long history of doing so: testing reactions, looking for weak points, antagonizing the alliance to find soft spots, or partners willing to acquiesce to Russian aggression.

In turn, we in the NATO alliance and in the U.S. are slow to adapt. The United States needs to deploy more personnel, more resources, more engineers, and experts into Ukraine to learn all the desperately valuable lessons about the world’s first truly all-encompassing drone war. It is monumental both in scale and evolution. Just as the United States learned valuable lessons about radar, which saved countless American pilots and other lives throughout World War II, we need to learn these important lessons from the Ukrainians about drone warfare before we may find ourselves engaged in a conflict we are not prepared for.

There are three salient lessons for those who are studying the war and how it has evolved just in the past four years. These are areas the U.S. should focus more resources on. The first lesson that we need to study from the Ukrainians involves the electromagnetic space on the battlefield and electronic warfare (EW). American soldiers have never operated in a battle space so encumbered by all manner of electromagnetic jamming, as is taking place every day across the battlefields of Ukraine. Cyber operations, both enabling and disabling various systems, command and control, and what is called “PNT” or the precision navigational systems of all manner of weapons— all are being jammed and interfered with on an unprecedented scale in the EW space.

The second lesson we need to understand and learn from are the ingenious innovations and adaptations that the Ukrainians, in particular, have carried out with their drones. Ukraine stood up an entire industry to build millions of the very smallest type of drones designed to target an individual Russian soldier in a trench, to much larger mother drones to carry other drones, deliver supplies, and even carry out strategic strikes like those against Russian bombers at airfields, taking off from “conex” shipping containers. These are remarkable operations and feats that we can mine for lessons from our Ukrainian allies. We are well behind their innovation and acquisition curve.

Third and finally, the most important lesson we need to learn from the Ukrainians is how to fight a war where we might be out-manned and out-gunned. That is not something the American people could have imagined for nearly a century. But Russia’s aggression is stark and unprecedented. Add to it the prospect of a potential war with China over the Taiwan Strait looming, which the Chinese are preparing and training for, also at an unprecedented level. They and the North Koreans are sharing weapons’ components and helping Russia evade sanctions. And in the case of the latter, North Korean soldiers are dying for Russia on the battlefield. They are getting the know-how and learning the lessons from Russia.

Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.

We are at a point where all of China’s conventional forces, with very few exceptions - on the land, sea, and air (save for nuclear forces)- outnumber the United States. China has a larger land army, a larger navy now by volume of surface vessels, and a Chinese Air Force that rivals our own and NATO’s airpower. Many will argue correctly that the Chinese do not have the experience of decades of combat, as our pilots do, nor the expertise of our sailors and soldiers on the ground. But as many famous generals have noted in history, “quantity has its own quality.” This is also a lesson from Ukraine, as overwhelming numbers of Russian troops are wearing down the front lines of Ukraine in the east. Overwhelming numbers of drones and artillery, as well as missile strikes combining in multi-vector attacks—all these are also making a significant impact on the battlefield.

We would be wise to engage with and learn more from our Ukrainian partners, just like the United States did 85 years ago from our British allies, before we were forced into war. It forged a “special relationship” that has stood for a century. We can hope for the same with our Ukrainian brothers and sisters fighting now against aggression in no less of a challenge to all of democracy than the Nazis were to Europe. Putin and his Chinese allies are out for world domination; make no mistake, we have to learn the lessons to prepare to fight and support our allies fighting again.

While we, supporters of Ukraine, hope this war will end soon, we also need to prepare for the next war. As Churchill said then, we should: “gather strength for the morning. For the morning will come. Brightly will it shine on the brave and true; kindly upon all who suffer for the cause; gloriously upon the tombs of heroes. Thus will shine the dawn.”

The dawn will come, but so will night again. We should learn from the Ukrainian heroes who have suffered through all the nights of this war, not doubt their commitment to freedom, nor our own obligation to support them.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Russia is Waging a Sabotage Shadow War on Europe

DEEP DIVE — In the darkness of night on November 15, a massive explosion ripped through a stretch of the Warsaw-Lublin railway line close to Mika, Poland, severing a critical logistics route used to ship military equipment and aid eastward from Warsaw toward the Ukrainian border.

The blast, caused by a C-4 explosive device, damaged the tracks and a passing freight train’s wagon floor, halting rail traffic and sending ripples of alarm through Poland, one of Ukraine’s staunchest allies.

Polish authorities quickly confirmed sabotage, charging three Ukrainian nationals — Oleksandr K., Yevhenii I., and Volodymyr B. — with executing the plot under Russian direction. The incident was not a lone act but part of a growing wave of covert operations targeting railways, ports, and pipelines across Europe, aimed at undermining support for Kyiv.

Ivana Stradner, a research fellow at the Foundation for Defense of Democracies, characterizes these actions to The Cipher Brief as Russia “waging a long, low-cost pressure campaign that targets not only the battlefield but everyday life across EU countries.”

Polish prosecutors outlined the operation’s chilling precision. In September 2025, Volodymyr B., arrested on November 20 and charged on November 22, drove Yevhenii I. to the sabotage site for reconnaissance, enabling the selection of the explosive placement. Oleksandr K. and Yevhenii I., the primary perpetrators acting on behalf of Russian intelligence, planted the device and a metal clamp intended to derail a train, then fled to Belarus, where Poland’s extradition requests remain pending.

Immediately following the attack, Foreign Minister Radoslaw Sikorski characterized it as “state terror.” Warsaw closed Russia’s last consulate in Gdansk, and thousands of soldiers were deployed nationwide to protect critical infrastructure. The Kremlin, nonetheless, rebuffed the accusations as “Russophobia” and vowed to retaliate by severing Polish diplomatic ties. This exchange of moves points, however, to a larger trend: the use of subtle, sophisticated attacks aimed at crippling Ukraine’s supply lines without triggering a full-blown escalation.

Proxies in the Shadows: Recruiting the Unwitting

Moscow’s strategy for sabotage is built on proxies, using local citizens and displaced people to carry out attacks and maintain Russia’s plausible deniability. The situation in Poland is particularly disturbing, where the involvement of Ukrainian nationals exposes an aggressive recruitment campaign aimed at vulnerable youth from their war-torn home country. Ukrainian security services have documented a sharp rise, reporting that Russian operatives have entrapped over 170 minors in the last 18 months, often luring them through Telegram channels disguised as job boards or casual chats.

The recruitment base consists of migrants from Eastern Europe and Russian-speaking citizens of countries where the sabotage operations are carried out. They are often individuals with criminal histories or financial problems. What begins as innocuous tasks — snapping photos of buildings or mailing postcards — escalates to planting bombs or torching vehicles, often with payments that seem too good to refuse.

Head of Ukraine’s National Police Juvenile Prevention Department, Vasyl Bohdan, described the ploy’s subtlety: “For the most part, the children don’t understand what is happening, or that it’s very serious.” Experts note that Russian operatives often begin by masquerading as sympathetic figures to build trust with their targets. Once the relationship is established, they leverage compromising material to secure compliance through blackmail. In one recent instance in Ivano-Frankivsk, two teenagers were promised $1700 each and thus embedded a device that detonated remotely, killing one and maiming the other.

“Russia’s intelligence services use Ukrainians inside NATO states because it blurs the political story and creates deniability, especially since many recruits are young, economically vulnerable, and have no prior ideological profile,” Natalya Goldschmidt, CEO of Lightning Associates LLC, a strategic geopolitical consulting firm focusing on Russia, Eurasia, and Latin America, tells The Cipher Brief. “Most of the initial interactions now happen through encrypted apps and seemingly low‑stakes’ tasks, such as taking photos of infrastructure, moving small packages, or counting vehicles, which makes these pipelines hard to spot before an operation moves from reconnaissance to action."

Ukraine’s countermeasures have gained traction, with police and NGOs flooding schools and camps with warnings, partnering with celebrities like boxer Oleksandr Usyk to drill home the dangers. Reports of attempted recruitments have surged to 74 this year, and successful cases have plummeted, as Bohdan noted: the number of successful child recruitment cases has decreased “exponentially over the past year.”

According to Goldschmidt, Moscow’s hybrid operations and cognitive warfare are most effective against a Europe already fragmented by domestic political crises, economic fatigue, and unresolved debates over migration and identity.

“The most worrying escalation over the next year or so is not one spectacular act, but a carefully timed cluster of incidents that together amount to a strategic shock: rail disruptions and warehouse fires at a critical moment for aid to Ukraine, damage to energy or data links in Northern Europe, and Russian drones killing or seriously injuring someone on NATO territory, all wrapped in enough ambiguity to delay a unified response,” she cautioned.

This proxy model extends well into Europe.

In October, Romanian intelligence smashed a parallel operation by arresting two Ukrainian citizens. The pair had smuggled bomb components — incendiary devices disguised in car parts and headphones — into Bucharest, targeting the Nova Post headquarters, a Ukrainian courier firm moving vital aid. In addition to thermite and barium nitrate, the packages included counter-surveillance measures, exhibiting classic Russian tradecraft. According to investigators, the duo is part of a wider network acting under Moscow’s direction, which has allegedly targeted Nova Post sites in Poland and elsewhere.

The threat became clearer that same week when Poland detained eight suspects tied to planned infrastructure attacks. Officials in Europe attribute these coordinated operations to Russian elite formations, notably GRU Unit 29155. General Andrei Averyanov leads the unit and is part of a dedicated sabotage hub under General Vladimir Alekseev, which marshals over 20,000 Spetsnaz operatives.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Hybrid Echoes: Testing the Article 5 Threshold

The sabotage wave laps at diverse shores, blending old-school explosives with cutting-edge disruptions to fray Europe’s logistical sinews.

There have been several cases of undersea fibre cable damage or destruction in the Baltic under murky circumstances, prompting high-level investigations. From Germany to the Nordic states, prosecutors and security services have reported a pattern of suspected sabotage in fires and parcel-incendiary incidents that have scorched logistics hubs and defense manufacturing sites.

At the same time, GPS and navigation jamming across the Baltic and northeastern Europe has surged — European ministers and national regulators report daily interference that has disrupted flights and aviation operations, and they warn of substantial economic impacts. In September, mass drone overflights and cross-border incursions, including a large wave of drones into Poland and a 19-September violation of Estonian airspace by MiG-31s, prompted NATO consultations and temporary airport closures in the region.

These disruptions, while seemingly tactical, tie directly into a broader strategic calculus aimed at testing NATO’s unity and response mechanisms.

The strategic heart of the issue is NATO’s collective defense clause. Stradner also notes that, “Vladimir Putin has been candid about his desire to discredit NATO’s Article 5 in which members pledge to treat an attack against one ally as an attack against all.” She argues that because Putin, “Trained as a KGB operative, is well versed in so-called ‘active measures,’” his goal is to challenge the alliance.

Alexander Graef, Senior Policy Fellow at the European Leadership Network, however, contends to The Cipher Brief that “the actual impact of these sabotage acts on the flow of aid to Ukraine remains extremely limited.”

In his view, the activities are primarily aimed “less at disrupting logistics than at influencing public opinion in Western societies by trying to convince voters that further support for Ukraine carries unacceptable risks.” He stresses that this strategy “rests on a misreading of Western threat perceptions,” as such actions tend to “reinforce the opposite conclusion: that Russia is a growing danger and that support for Ukraine, as well as investment in defense, must increase further.”

“The Article 5 threshold remains deliberately high. Invoking it requires consensus within the North Atlantic Council. It is hard to imagine such agreement emerging in response to low-level sabotage, ambiguous incidents, or non-lethal disruptions,” Graef said. Therefore, Moscow does indeed appear to be “calibrating its operations to stay well below that line. Still, it is not achieving its intended political effects.”

George Barros, Russia Team & Geospatial Intelligence Team Lead at the Institute for the Study of War, concurs to The Cipher Brief that Russia is “boiling the frog and NATO member states have so far elected to not treat Russian acts of war against them as they truly are.”

“Russia has already passed the threshold with its sabotage actions, manned aircraft airspace incursions, and missiles entering the airspace of Poland and Romania. Russia seeks to normalize this activity so that NATO de facto approves a new normal, in which case we don’t treat Russian acts of war seriously,” he noted. “The West has far too long allowed Russia to operate against us with relative impunity. The West must seize the strategic initiative from Russia and begin imposing dilemmas on Russia.”

Yet even as these operations escalate, analysts say Russia is careful to keep them calibrated just below the line that would trigger NATO’s collective-defense clause.

The problem with Article 5, as experts observe, is that the ‘hybrid’ qualities of ambiguity and deniability – which, it is feared, Russia would manipulate to come close to the Article 5 threshold without reaching it – can paralyze the institutional and political mechanisms of collective defense.

“Putin does this all the time. It’s the same pattern — gray-zone hybrid operations run out of the GRU,” former CIA station chief Daniel Hoffman, tells The Cipher Brief. “Operating against enemies on foreign soil with impunity and facing no repercussions. They’re sending a message.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Fortifying the Front: Europe’s Counteroffensive

While concerns over Russian interference deepen, Europe tries to fortify its infrastructure. In response to September’s airspace breaches, EU defense ministers accelerated deployment of a “drone wall” along the eastern flank.

To harden against airspace violations, Graef advises that measures must be tailored, noting that while airspace violations require increased internal coordination, harmonized rules of engagement, and improved information sharing, sabotage is primarily the responsibility of “police, counterintelligence services, and judicial authorities.”

He maintains that if Russia’s objective is to weaken European support, then “demonstrating political unity is in itself an important countermeasure.”

Maksym Skrypchenko, nonresident scholar in the Russia Eurasia Program, points out that, from Kyiv’s purview, European governments’ measures to protect infrastructure are catastrophically insufficient.

“Russia is several steps ahead, while Europe is acting reactively rather than proactively. Russian embassies remain operational, and Russian tourists continue to travel, which is being exploited not only for information gathering and influence operations but also for sabotage,” he tells The Cipher Brief. “European countries need to start with basic steps: acknowledge that they have a single major threat. Once this acknowledgment happens, the next step should be decisive action – ceasing the purchase of Russian energy resources, blocking Russia’s shadow fleet, expelling Russian diplomat-spies, strengthening infrastructure protection, and investing in acquiring Ukrainian anti-drone systems, to name a few.”

While some analysts discuss limited, deniable counter-sabotage in response, Graef warns that “such activities carry significant risks.”

“They can easily fuel an action–reaction cycle without generating meaningful deterrent effects,” he asserted, highlighting that the focus should remain on strengthening resilience, improving attribution, and coordinating clear response thresholds rather than “entering a covert tit-for-tat that neither deters nor stabilizes.

In the face of this persistent, multi-layered threat, Stradner believes the ultimate answer lies in deterrence through strength.

“We should not fear escalations as kindness is weakness for Putin, and he only understands the language of power,” she noted, underscoring that the consequences of continued inaction and ambiguity in the face of Moscow’s “new generation warfare.”

“Until NATO resolves the lack of clarity regarding Article 5’s threshold for acts of aggression warranting collective defense, Russia will continue to sabotage without the consequences of all-out war, and the Western response to this hybrid war will remain reactive and insufficient,” Stradner added.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Why an Unmanned Mission May be Most Effective in Venezuela

OPINION — Wars are increasingly fought by unconventional means. A recent example is Ukrainian insertion of unmanned aerial systems (UAS) to attack Russian airfields, launched from civilian outfitted trucks. The Israeli pager attacks are another example of leveraging unconventional means to achieve an outsized effect. Both examples demonstrate that unconventional methods can not only disrupt enemy forces and destroy key objectives, but also achieve tremendous psychological effects and by saturating the airspace, limit an adversaries ability to mount offensive operations.

While the U.S. continues a conventional military buildup off the coast of Venezuela, the lessons from the Ukrainian and Israeli conflicts may be prescient: the US can achieve most of our policy objectives with limited or no ground forces deployment into Venezuela. The authors assume the current U.S. administration’s objectives are centered on regime change without conventional warfare.

Venezuelan forces may be well-prepared for guerilla warfare. Reports are circulating that Russian “advisors” have been dispatched to Venezuela, and it is likely that the Venezuelan army is incorporating Russia’s lessons from Ukraine into their preparation. American forces meeting a small, well-prepared drone force could lead to unacceptable casualties, a prolonged conflict, unnecessary escalation, and international embarrassment.

We suggest, therefore, that if intervention in Venezuela is forthcoming, the U.S. should adopt a strategy centered on unmanned systems. Modern combat in Ukraine and Israel provide a viable model.

Our proposed strategy suggests leveraging a combination of UAS and unmanned ground vehicles (UGV) to weaken the Maduro government’s internal support, and hasten favorable conditions for peace - again, assuming “regime change” or negotiated peace are the desired endstates.

How the U.S. Military Thinks of War

The U.S. Military uses a six-phase planning model to describe the progression of an operation or campaign. This continuum begins with Phase 0: Shape, which involves continuous peacetime activities to influence the operational environment and prepare for contingencies. As an operation develops, the force moves to Phase I: Deter, demonstrating capability and resolve to dissuade, followed by Phase II: Seize Initiative once hostilities begin, gaining access and advantage. The core combat phase is Phase III: Dominate, which involves applying overwhelming combat power to defeat the enemy force. The final stages, often requiring significant force commitment for irregular warfare, are Phase IV: Stabilize, focusing on securing the operating area and providing security, and Phase V: Enable Civil Authority, which transitions security and control back to legitimate local governance to establish a lasting peace. Technologies are used in every phase as a strategic force multiplier.

Proposed Unmanned Systems Strategy

Phase 0 should begin immediately. This phase would be centered on information collection around the capital, Caracas, and the economic epicenters, Venezuela, Maracaibo, Valencia, and Barquisimeto, as well as oil refineries, given their central importance to the Venezuelan economy. Significant real-time intelligence collection could be achieved by leveraging High Altitude Long Endurance (HALE) aircraft coupled with pervasive small, ground-based sensors. UGVs would provide long-term, ground-based multi-disciplined intelligence collection capabilities, leveraging commercial off-the-shelf technologies (proven effective in Ukraine) to reduce risk of exposing sensitive or proprietary technologies.

The assessed trigger for escalation would be a breakdown of negotiations over a change of government. Subsequent operations would focus on precision degradation and infrastructure interdiction, designed to be quick, minimize political fallout, and avoid direct engagement with Venezuelan forces. Generally, operations would seek to scale between Phase 1 - Deter, and Phase 3 - Dominate, to apply and then relieve pressure on the Venezuelan government and population as needed to degrade political will and popular support. Operations should be carefully crafted, and targets thoughtfully selected, not just for military effect, but for their psychological and political impact.

Aerial and Electronic Warfare Dominance

The first actions would be entirely aerial, focused on blinding the Venezuelan government and shaping persistent intelligence, all while demonstrating the ability to dominate without causing significant destruction. The U.S. could suppress air defenses using high-altitude, stealth drones, and specialized EW drones to undermine government influence and degrade command and control. Targets would include Venezuela's air defense systems, mostly Russian S-300VM and Buk-M2E missile batteries, and radar networks. Key locations would be targeted with precision-guided munitions or overwhelmed and jammed by EW drones before kinetic strikes to establish air superiority for subsequent UAS waves.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

Targeting Command and Control

The U.S. could leverage loitering munitions and specialized communications relay and jammer UAVs to target key military and government communication nodes, high-frequency transmission sites, and satellite ground stations. Small, inexpensive UAS could be coupled with highly mobile UGVs to extend range, and to achieve precise sequencing, impressing urgency and conveying the message that the Maduro government is inept. By severing communication links between the military high command and field units, the U.S. could cause decentralized chaos, which would degrade the will to fight. Unmanned surface vehicles (USVs) and unmanned underwater vehicles (UUVs) could contain Venezuelan forces, targeting the fleet to deny freedom of movement.

Given instability in Venezuela and the Maduro Government’s demonstrated willingness to enter into discussions, well-sequenced escalation and deescalation may provide the necessary impetus to achieve the desired effect. Minimizing destruction up to this juncture reduces the subsequent burden of rebuilding, which would increase popular support for a replacement government. Minimizing damage would also reduce the likelihood of causing unintended regional instability through large-scale human displacement.

With their extended battery life and ability to recharge with onboard solar panels or from civilian power sources, UGVs provide an ideal baseline for extended operations, providing prolonged ground-based intelligence and surveillance. Information from onboard sensors, long-term intelligence collection, could provide timely battle damage assessments, and would shape planning for subsequent operations.

Well-Timed Precision Strikes

Small UAS loaded with precision explosive and cyber and EW payloads could be loaded onto UGV and transported deep within the country, where they would be staged for well-timed, precision operations to set conditions for negotiations. Disabling power to cause temporary service blackouts, or disrupting and corrupting government information campaigns would allow the U.S. to control the narrative. These precision operations should be choreographed and limited to eliminate harm to civilians.

Precision strikes launched from UGVs could damage government buildings and political headquarters, timed for maximum media coverage, to demonstrate penetration and weakness. Cellular towers could be struck with small munitions to inconvenience and frustrate the population. These limited actions could continue near indefinitely, and would reinforce the narrative that Maduro is weak and incapable, increasing the likelihood of a timely resignation.

UGVs with an explosive payload could be covertly controlled over cellular networks over extended distances, to strike key locations such as bridges, military installations or troop concentrations deep within Venezuela. In the event of a troop deployment, UGV could also be outfitted with weapon platforms such as machine guns or grenade launchers, for force protection.

Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.

Conclusion

With warships off the coast and the airspace over Venezuela “closed”, all signs indicate that the U.S. administration intends to leverage the military to achieve a political objective. There are two options should we choose to proceed. The first is a conventional war, with high financial cost, significant political risk and moderate risk of casualties. The second option is to leverage our growing unmanned systems arsenal, where financial costs will be relatively low, and the risk of casualties will be minimal.

The lessons from modern conflicts in Ukraine and Israel overwhelmingly provide a model for moving towards an agile, unmanned systems-centric strategy. This agile approach, moving from pervasive intelligence collection to targeted electronic warfare and precision kinetic strikes, if choreographed with other effects, would exert maximum political and psychological pressure. It also minimizes collateral damage by avoiding direct military engagement with Venezuelan forces.

This strategy has several advantages: it drastically reduces the risk of unacceptable casualties for American forces, and it minimizes the destructive aftermath that traditionally prolongs conflict and burdens post-conflict reconstruction. An unmanned systems strategy also enables the U.S. to move fluidly between deterring and dominating to maximize effects, and serves as a strong deterrent against countries who might doubt America’s ability to fight and win in modern combat.

Ultimately, the choice to intervene will always be a political one. However, if such action is deemed necessary, adopting a nearly exclusive unmanned strategy offers a path to achieving a political end-state quickly and cleanly. It is a recognition that the future of modern warfare is defined not by the size of a conventional buildup, but by the strategic, ethical, and precise application of unmanned systems to effect change.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

America’s Antibiotic Weakness Is a National Security Blindspot

OPINION – Offshoring and outsourcing antibiotic production to China and India is putting America’s access to lifesaving medicines at risk. It’s time to implement antibiotic security measures before a supply crisis occurs. The first step is rebuilding onshore fermentation manufacturing capacity.

Antibiotics have significantly improved life expectancy and overall public health for over 80 years. Penicillin alone has saved approximately 200 million lives. Its discovery paved the way for further advancements in antibiotics that have saved hundreds of millions more.

From the 1940s to the late 1980s, the United States led global antibiotic manufacturing. The volume of fermentation capacity required to produce antibiotics in the U.S. was a key measure of this. However, over time, pharmaceutical companies steadily outsourced and shifted antibiotic manufacturing to other countries, largely driven by opportunities to reduce costs and avoid capital investment.

Today, the production of antibiotic active pharmaceutical ingredients (APIs) is concentrated in a handful of countries; nearly 70% of the manufacturing sites for a representative shortlist of 40 antibiotic APIs are in India and China (with the majority in China). More concerning, the United States no longer has any significant fermentation manufacturing capabilities to produce antibiotic APIs onshore (see Table 1).

Fermentation capacity for manufacture of antibiotics in USA

Year	Fermentation Capacity (Liters)
1944	400,000
1984	18,000,000
2024	Less than 400,000

This reality creates risks to health security and equitable access to key medicines, especially since antibiotics are such an essential tool for combating infections. In 2024, there were 256 million prescriptions for antibiotics distributed in the U.S. alone. Yet, the amount of antibiotics manufactured in the United States has dwindled to a concerningly low level; 92% of the 111 most-prescribed antibiotics have no U.S. source as of 2021. Worse, antibiotics are 42% more likely to be in short supply than other drug products.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

During the COVID-19 pandemic, India limited exports of two common antibiotics, tinidazole and erythromycin (among other drugs), due to dwindling supply of APIs resulting from the temporary closure of Chinese manufacturing facilities. And, in 2017, there was a global shortage of two other antibiotics, piperacillin-tazobactam and benzathine penicillin, because a single factory in China shut down. Just three API manufacturers for these products remain, all in China.

Other countries are already steps ahead of the U.S. in securing their own antibiotic supply. India’s Production Linked Incentive (PLI) scheme, for example, enhances antibiotic security by promoting domestic manufacturing of APIs, key starting materials (KSMs), and drug intermediates. This reduces India’s reliance on imports, and plays a crucial role in protecting Indian public health.

For its national security, the United States must bring antibiotics manufacturing back home. Key is maintaining a level of fermentation manufacturing capacity. This would enhance domestic ability to respond to public health emergencies and minimize the impacts of global supply chain disruptions and geopolitical tensions. Beyond improving antibiotic security, increasing capacity in the U.S. would create net new jobs and enable the implementation of improved and lower cost technologies.

Collaboration between the government and the private sector, particularly via government funding, is crucial to catalyze change in the production landscape. It would also drive innovation in manufacturing processes. To bring fermentation capacity back onshore, something the U.S. has already done to ensure access to other key products, there will have to be incentives.

The CHIPS and Science Act, for example, reduces U.S. dependence on foreign semiconductor manufacturing, particularly from geopolitical rivals like China. The Act provides $52.7 billion in funding to boost domestic semiconductor production, research, and workforce development, ensuring that the United States maintains a secure and resilient supply of critical microchips used in defense, infrastructure, and consumer technology. Antibiotics should receive the same treatment.

Given that higher costs to produce antibiotics onshore drove antibiotic production overseas in the first place, further economic incentives, such as tax credits and subsidies, are also needed. These could motivate pharmaceutical companies to invest in manufacturing capacity domestically. Contract manufacturing organizations (CMOs) and generic drug suppliers should also be targets of these incentives since generics represent over 80% of antibiotic market share by revenue.

Finally, guaranteed purchasing agreements from the government or public entities can provide financial stability for antibiotic manufacturers and make investing in fermentation or manufacturing capabilities a more attractive, lower risk opportunity.

These opportunities are not without challenges. Pharmaceutical companies have historically prioritized more profitable, chronic disease treatments; antibiotics are prescribed for short durations and generate significantly less revenue compared to other drugs. Any new economic incentives need to be meaningful enough to bridge this gap significantly.

In the meantime, the government should continue stockpiling antibiotics to insure against future shortages. Currently, the U.S. maintains an undisclosed amount of antibiotics through the Center for the Strategic National Stockpile (SNS), but a longer term manufacturing strategy is required to improve safety and reduce risk of shortage.

Access to antibiotics is too critical to simply let cost dictate where production occurs. At the end of the day, this is about protecting our ability to combat infection and preserve the health of the American people.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Can Europe Survive the New Multipolar World?

EXPERT PERSPECTIVE — For more than three decades after the Cold War, Europe lived under the illusion that history had settled in its favor. Liberal democracy seemed ascendant, global markets expanded without friction, and American military primacy insulated the continent from hard-power competition. Under those conditions, the European Union could focus on enlargement, regulation, and internal integration rather than geopolitics.

That era is finished.

A new multipolar world, shaped primarily by the United States, China and Russia has taken hold, and Europe’s place within it is increasingly uncertain. The EU now faces a destabilizing combination of external pressures and internal constraints that call into question its long-term strategic relevance. The next decade will determine whether Europe becomes a genuine pole of power or resigns itself to being a geopolitical appendage.

The End of Post-Cold War Certainties

The post-1991 Western order rested on three assumptions: U.S. military dominance, deepening globalization, and the notion that political liberalization would eventually spread worldwide. Each of these pillars has eroded.

U.S. primacy is no longer guaranteed. Washington is now stretched between deterring China in the Indo-Pacific, supporting Ukraine, and managing crises in the Middle East. American policymakers—across both parties—increasingly resent Europe’s reliance on U.S. defense guarantees and expect the EU to realign its China policy with America’s priorities. Europe’s security depends on a partner whose long-term predictability it cannot ensure.

Globalization is fragmenting. The pandemic, geopolitical rivalries, and technological decoupling between Washington and Beijing have shattered faith in frictionless global supply chains. Europe, whose prosperity hinges on exports, advanced manufacturing, and access to global markets, feels the squeeze.

Authoritarian resilience has replaced Western convergence. China’s techno-authoritarian model and Russia’s militarized nationalism offer alternatives to liberal democracy. Across Africa, the Middle East, and South Asia, states increasingly hedge rather than take sides, reducing the EU’s ability to shape norms or export its model. The world is no longer moving toward Europe. It is moving away from it.

The New Power Triangle: Washington, Beijing, Moscow

1. The United States: indispensable, but increasingly impatient

The U.S. remains the only actor capable of deterring Russia on Europe’s behalf, and without American intelligence, logistics, and weaponry, Ukraine’s position would be far more precarious. Yet Washington’s strategic focus is shifting eastward. In every administration, the question recurs: Why should America subsidize European security indefinitely?

Growing U.S. skepticism combined with the possibility of future political shifts exposes Europe’s most dangerous vulnerability: dependence on an ally whose priorities are changing faster than Europe can adapt.

2. China: Europe’s vital economic partner turned systemic rival

China is indispensable to European industries from electric vehicles to renewable energy to pharmaceuticals. Yet Beijing’s industrial subsidies, strategic investments, and political influence operations challenge the EU’s economic model and internal cohesion. As Washington accelerates decoupling, Europe is pressured to follow suit at high cost to its own industry.

China is no longer just a market; it is a shaping force in a global system that Europe struggles to influence.

3. Russia: the security threat that will not disappear

Russia’s invasion of Ukraine shattered Europe’s illusions of a “post-historic” continent. Even after the initial shock, Moscow’s ongoing militarization signals a long-term confrontation. Europe’s sanctions, energy diversification, and support for Kyiv have been substantial but the EU still lacks the military and industrial backbone to sustain a prolonged, high-intensity conflict without the United States.

Russia is not a temporary crisis. It is a structural challenge.

Europe’s Structural Weakness: Power Without Agency

Europe has economic weight, technological capability, and regulatory influence but struggles to convert them into geopolitical power.

1. Fragmented decision-making. EU foreign policy requires unanimity, making coherent action nearly impossible. France pushes for “strategic autonomy,” Germany for economic stability, Poland for deterrence, Italy for flexibility. Diverging priorities fracture the bloc at every major juncture, from China policy to Middle East diplomacy.

2. Military insufficiency. Despite increases in defense spending, Europe remains dependent on the U.S. for intelligence, logistics, command-and-control, missile defense, and advanced weapons. The continent’s defense industry is fragmented into dozens of incompatible national systems that a luxury Europe can no longer afford.

3. Economic vulnerabilities. From semiconductors to critical minerals, Europe relies on external suppliers. In a world defined by technological blocs and industrial rivalry, the EU risks being squeezed between U.S. security demands and Chinese economic dominance.

4. Demographic decline. Aging societies and shrinking workforces reduce the EU’s long-term competitiveness and its ability to project power.

These vulnerabilities do not make Europe irrelevant—but they do make it reactive.

Three Possible Futures

Scenario 1: Strategic Autonomy Becomes Real

Europe could choose to become a coherent geopolitical actor—pooling defense procurement, adopting majority voting on foreign policy, investing heavily in its defense industry, and crafting a unified China strategy. This would give the EU real agency.

But achieving this requires political courage that Europe has rarely demonstrated.

Scenario 2: Renewed Atlantic Dependence

The EU may double down on the U.S. alliance, accepting a secondary role in global geopolitics while focusing on economic and regulatory power. This is the easiest path both politically and financially but it leaves Europe dangerously exposed to America’s domestic turmoil.

Scenario 3: Fragmentation and Decline

If member states continue to pursue conflicting national policies and U.S. attention continues shifting to Asia Europe risks strategic irrelevance. In this scenario, global powers shape Europe’s environment, while Europe merely adapts.

This path is unlikely to be dramatic. Decline rarely is. It is slow, quiet, and comfortable until suddenly it is not.

Europe Must Choose Power Over Comfort

The multipolar world will not wait for Europe to get its act together. The question is no longer whether the EU wishes to become a global actor; it is whether it can afford not to.

Europe’s future is binary:

A genuine geopolitical pole, capable of defending its interests. A subordinate ally, protected but strategically constrained. Or a divided continent, overshadowed by the ambitions of others. For three decades, Europe believed it had escaped history. Now history has returned with force. Whether Europe survives the new multipolar world depends on whether it chooses power over comfort, strategy over complacency, and unity over drift.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Inside the Pentagon IG’s Findings on Signalgate

OPINION — “The [Defense] Secretary [Pete Hegseth] sent nonpublic DoD information [on March 15 at 11:44 EDT] identifying the quantity and strike times of manned U.S. aircraft over hostile [Houthi] territory [in Yemen] over an unapproved, unsecure network [Signal] approximately 2 to 4 hours before the execution of those [U.S. aircraft] strikes. Using a personal cell phone to conduct official business and send nonpublic DoD information through Signal risks potential compromise of sensitive DoD information, which could cause harm to DoD personnel and mission objectives.”

That was one finding from the December 2, Defense Department Inspector General (DoD IG)] report entitled Evaluation of the Secretary of Defense’s Reported Use of a Commercially Available Messaging Application for Official Business that was released last Wednesday.

Another finding was “We [Office of the DoD IG] concluded that the [Defense] Secretary [Hegseth] sent sensitive nonpublic, DoD operational information that he determined did not require classification over Signal on his personal cell phone. Although EO 13526 [Executive Order on Classified National Security Information] grants the [Defense] Secretary the authority to determine the proper level of classification of DoD information, we concluded that the Secretary’s actions did not comply with DoDI 8170.01 [DoD Policy for social media accounts] which prohibits using a personal device for official business and sending nonpublic information over a non-approved commercially available messaging application.”

So in that first finding the DoD IG found Hegseth’s message potentially endangered U.S. military members and their mission, and in the second finding the DoD IG said the Defense Secretary had violated DoD policy.

On Wednesday evening, after public release of the DoD IG report, Hegseth on X messaged, “No classified information. Total exoneration. Case closed. Houthis bombed into submission. Thank you for your attention to this IG report.” At roughly the same time, Pentagon spokesman Sean Parnell in a statement said: “Total exoneration of Secretary Hegseth and proves what we all knew – no classified information was shared. The matter is resolved and the case is closed.”

Of course the DoD IG report is the opposite of “total exoneration,” and by no means should the case be closed. In fact, this entire matter should have been an illustration to the Trump administration that it cannot get away with lying about serious matters, but nonetheless they have continued to try.

The history of this DoD IG report shows that Hegseth and others in the Trump administration even failed to cooperate in the IG’s investigation.

For example, the DoD IG report said frankly, “The Secretary declined to be interviewed for this evaluation.” Hegseth did, after four months, supply to the IG Office a July 25, one-page, five paragraph statement. In it, Hegseth used two paragraphs to defend the questioned details in his March 15, Signal chat message, arguing at one point the information was “either not classified, or that I could safely declassify [it].”

Meanwhile, there were other times of non-cooperation. The DOD IG report said, “We requested a copy of the Secretary’s communications on Signal on or about March 15. According to a senior official in the Office of the Secretary of Defense (OSD), the Secretary declined to provide us direct access to his personal cell phone.”

At another point, when the DoD IG was trying to get a full transcript of the March 15, Signal chat, it found that OSD had a consolidated version it received from the White House Counsel’s Office, but the request for a copy was declined “because it was not a DoD-created record.”

The DOD IG report, itself, originated from a request back on March 26, by Sens, Roger Wicker (R-Miss.) and Jack Reed (D-R.I.), the Chairman and Ranking Member of the Senate Armed Services Committee.

The two Senators were reacting to two articles dated March 24, and March 26, on The Atlantic website written by Editor Jeffrey Goldberg, who had described that somehow then-National Security Advisor Mike Waltz had made Goldberg part of a Signal chat group of senior Trump administration officials named the Houthi PC small group. The chat group included Vice President JD Vance, Secretary of State Marco Rubio, Secretary Hegseth, Director of the Central Intelligence Agency John Ratcliffe, and Director of National Intelligence Tulsi Gabbard.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading toSubscriber+Member status.

Goldberg’s March 24, Atlantic article alleged that on March 15, the Signal chat group received from Hegseth sensitive war plans about the U.S. air strikes before they took place on Yemen that day. The Atlantic initially chose not to print those war plan details because potentially they contained classified information. Although the White House initially said the story seemed authentic, Hegseth initially said, “Nobody was texting war plans, and that’s all I have to say about that."

By the next day, the Trump administration had settled on their response. Appearing on March 25 before the Senate Select Committee on Intelligence, CIA Director Ratcliffe said, “The Secretary of Defense is the original classification authority, and my understanding is that his comments are that any information that he shared was not classified.” DNI Gabbard, appearing with Ratcliffe, echoed him saying, “There were no classified or intelligence equities that were included in that chat group at any time.”

After the denials, The Atlantic on March 26, then published Goldberg’s subsequent article which contained Hegseth’s pre-strike details. They gave the scheduled March 15 time of the first F-18 launch package; the time the first strike F-18s should reach “Target Terrorist;” the time of launch of MQ-9 strike drones; the time launch of second F-18 package; the time “when first bombs will definitely drop,” and the time when F-18 2nd package strike begins; and the time when the first sea-based Tomahawk missiles launched.

Although Hegseth claimed, “there were no details that would endanger our troops or the mission,” anyone who knew where the F-18s were based, their time of departure and the expected time bombs were to be dropped in Yemen might have been be able to determine the targets.

The DoD IG report concluded, “If this information had fallen into the hands of U.S. adversaries, Houthi forces might have been able to counter U.S. forces or reposition personnel and assets to avoid planned U.S. strikes. Even though these events did not ultimately occur, the Secretary’s actions created a risk to operational security that could have resulted in failed U.S. mission objectives and potential harm to U.S. pilots.”

Nominations for outstanding leaders in national security and intelligence are now open for the 2026 Cipher Brief Honors Dinner. Find out more here.

Another issue raised by the DOD IG report is that Hegseth was involved in other Signal chat groups into which he could have put additional classified information.

For example, the DOD IG reported, “One of the officials we spoke with stated that the Secretary posted the same sensitive operational information concerning the March 15, Houthi attack plans on the ‘Defense Team Huddle’ group chat.” That was a chat group Hegseth established from his personal and professional inner circle in January 2025, before his confirmation as defense secretary, and included Hegseth’s wife, Jennifer, who is a former Fox News producer.

The New York Times reported the Defense Team Huddle chat group also included Hegseth’s younger brother, Phil Hegseth, who has since become a senior adviser to the Defense Secretary and a DoD liaison officer to the Department of Homeland Security (DHS).

Other OSD officials told DoD IG investigators there are “multiple additional Signal group chats in which the Secretary allegedly participated to conduct official DoD business and transmit nonpublic DoD information,” according to the IG report. “Two officials stated that they were part of several group chats, and one of them stated that the Secretary and others used the chats to coordinate meetings, respond to media inquiries, or alert staff to check their official email accounts.”

That was another reason, the report said, “why we [DoD IG] requested copies of messages from these other Signal group chats, as well as access to the Secretary’s personal cell phone,” which so far have been unsuccessful.

I must conclude this article by saying that much credit goes to the DoD IG office, and Acting DoD IG Steven A. Stebbins. They did an admirable job on this inquiry given the lack of cooperation from their top bosses to this inquiry. They showed the professionalism looked for and needed in federal government employees.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

What China’s ‘World-Class Navy’ Means for the U.S. and Asia

DEEP DIVE — On a Wednesday in November, with Chinese President Xi Jinping looking on, the People’s Liberation Army Navy (PLAN) commissioned the 80,000-ton Fujian, the country’s third aircraft carrier and largest to date, in a ceremony that also featured its latest Navy stealth fighters, helicopters and command aircraft. A week later, China’s Ministry of Defense announced that the Sichuan, one of the world’s largest amphibious assault ships, had completed initial sea trials and would be ready for deployment next year. And last week, Shanghai is hosted “Marintec China,” the largest maritime conference in the world.

These are all signs of China’s continued rise as a maritime power and challenger to U.S. supremacy on the seas. And they have happened at a lightning-fast pace.

China now has “a world-class Navy,” retired Rear Admiral Mike Studeman, a former Commander of the Office of Naval Intelligence, told The Cipher Brief. “It's not, ‘Hey, we're going to achieve this in 2049.’ And it's just not in the numbers, it's in the quality. These ships are modern by any standard.”

The recently commissioned Fujian is the first Chinese carrier (and only the second in the world, after the U.S. Gerald R. Ford) to be equipped with electromagnetic catapults for launching aircraft. As for the new amphibious vessel, the Sichuan, experts have been impressed both by its sophistication and the fact that it was built in just over two years.

Top U.S. Navy officials are taking note. On an Asia-Pacific tour last month, Admiral Daryl Caudle, the U.S. Chief of Naval Operations, acknowledged the new carrier and assault ship and the overall “impressive” growth of China’s Navy.

“How they utilize those aircraft carriers globally is, of course, a concern of mine,” Adm. Caudle said in Japan. As for the Sichuan assault vessel, Adm. Caudle said, “We’ll watch that very closely and see what they’re going to do there. That’s a large ship, very capable.”

Experts say the recent milestones are the latest evidence of gains that have seen China’s Navy surpass the U.S. fleet in overall numbers while boosting the quality of its vessels as well.

“It's impressive,” former Rear Admiral, Mark Montgomery, told The Cipher Brief. “They're building a hundred merchant ships for every one we build, and two warships for every one we build. And they have quantitatively exceeded the size of our U.S. naval ship numbers.”

Montgomery was quick to add that China’s advances “don’t mean they have a more capable Navy” than the U.S. In terms of the quality of submarines and destroyers and carriers – “your choice, ship class after ship class,” as he put it – the U.S. remains without peer. But Montgomery and others say that China has rapidly narrowed the quality gap, and already changed the strategic equation for any potential conflict over the South China Sea or Taiwan.

China is “building a lot of ships, but the technological sophistication of those vessels has also significantly increased,” said Matthew Funaiole, Senior Fellow at the China Power Project at the Center for Strategic and International Studies (CSIS). “They're really trying to compete with other countries – and they obviously have their sights set on the U.S. in terms of maritime dominance in the region.”

The Trump Administration issued an executive order in April to jumpstart the U.S. shipbuilding industry and restore “American maritime dominance,” but experts say the U.S. has work to do to match the urgency of the Chinese buildup.

“The shipbuilding capacity in China now dwarfs that of the United States,” Emmanouil Karatarakis wrote in a recent analysis for The Cipher Brief. Citing estimates that China's overall shipbuilding capability (armed and unarmed) is now hundreds of times larger than the U.S.'s, he added, “This imbalance has far-reaching implications for long-term strategy and wartime readiness.”

Subscriber+Members are invited to join in an exclusive virtual conversation on Monday, December 8 at 2:30p ET on Russia’s Gray Zone Operations in Europe with former leaders from the Department of Defense, CIA, NATO and the British Foreign Office. Members receive links to register via email.

Not a Subscriber+Member? Let’s fix that.

China’s maritime rise

As with many elements of China’s rise as a global power, this one began in the early 1990s. At the time, China’s Navy was deployed primarily to guard its coastline – and while precise figures are hard to come by, estimates of its 1990 force range from 350-400 vessels, most of which were small patrol craft. Back then, the PLAN had no modern destroyers or submarines, and when China first put a carrier to water – in 2012 – it was a retrofitted Soviet vessel (the ship had actually been built in the 1980s, in the then-Soviet republic of Ukraine).

Today, China’s Navy boasts more than 1,000 vessels, including roughly 370 warships and submarines in what the Pentagon calls China’s “battle force” capability. The bulk of this rags-to-riches rise in maritime assets has come during the tenure of Xi Jinping.

“Xi Jinping has always been clear-eyed about the fact that a great power is a maritime power,” RADM Studeman said. “He personally understands that China, in order to be the leading power in the world, needs to have a maritime capability bar none. And that's the course they're on.”

Beijing has taken advantage of a booming commercial shipbuilding industry and the fact that – unlike in the U.S. – the civilian and military sectors in China are intertwined. Shipbuilding was included in the 10 core technologies in Beijing’s “Made in China 2025” industrial strategy, a blueprint for competing with global leaders in key industrial sectors.

A CSIS report offered staggering evidence of China’s maritime rise: the country’s share of global shipbuilding has jumped from 5% in 1999 to roughly 50%, while the U.S. now builds fewer than 1% of commercial ships globally. China’s largest state-owned shipbuilder built more commercial vessels by tonnage in 2024 than the entire U.S. shipbuilding industry had built since the end of World War II.

As for warships, China is now on track to have a 425-ship fleet by 2030, while the U.S. Navy currently has fewer than 300 deployable battle-force vessels – a total which experts worry may drop as aging ships are retired faster than new ones are put to water. “The growing size and sophistication of China’s Navy, combined with Beijing’s increasing assertiveness,” the CSIS report said, “poses major challenges to U.S. and allied military readiness and deterrence in the Indo-Pacific.”

Strategic implications

Experts say there are two basic strategic aims behind China’s maritime growth: preparing for potential conflict in the region, and adding a critical element for the country’s projection of global power and influence.

For the latter goal, the Fujian adds a major “chess piece,” as RADM Studeman put it, helping the PLAN expand its growing “blue-water” capabilities and extend its reach well beyond China’s Southeast Asian neighbors.

“They have been going up into the Bering Sea and parts of the Arctic and Antarctic,” Studeman said. “And they've been able to expand their footprint and develop their capabilities in an evolutionary way, which has been remarkable to see.”

The new carrier group might also be used in a maritime blockade of Taiwan, global humanitarian missions, and show-of-force deployments far from China’s shores.

“China wants to have the ability to operate globally,” Funaiole told The Cipher Brief. “I don’t think they want to do the same things the U.S. does, which is to have forward-positioned fleets all over the world. But they do want the ability to operate in different regions that are further and further away from the Chinese mainland, and you need to have a blue-water Navy in order to do that. It's the key to power projection.”

As far as a potential Taiwan conflict is concerned, the Sichuan – the newly-minted amphibious vessel, would be the more important “chess piece.” It’s an assault ship built to provide launch platforms for large combat drones, helicopters, and amphibious equipment, according to China’s Ministry of Defense.

“The carriers are less important for a Taiwan contingency than a lot of the other assets,” Funaiole said. “The amphibious ships are critical for that being successful.”

RADM Montgomery echoed the point, calling the new carrier group “a muscle flex and power projection,” while noting that the Sichuan and other assets would bring more concrete benefits in a regional conflict.

“The rest of their Navy [beyond the carrier group] isn't a muscle flex,” he said. “This is actually building a capability and capacity to push the United States farther and farther away from the area of crisis and contingency, whether in the East China Sea around the Senkaku [Islands] with Japan, in Taiwan, or in the South China Sea. The idea is to keep our Navy as far away as possible with a mix of missiles, aircraft, submarines, surface ships, all of that.” Those elements have been developed “at close to breakneck speed,” Montgomery said. “They've done a fantastic job of identifying, developing, resourcing and fielding a Navy air and missile force that places the US Navy and US Air Force at risk.”

U.S. Navy commanders have also warned that in the event of a Pacific war, China would be better equipped to replace lost ships – by virtue of geography and its more efficient shipbuilding. Taiwan war scenarios have shown that China would be able to absorb far heavier warship losses than the U.S.

Save your virtual seat now atThe Cyber Initiatives Group Winter Summit on December 10 from 1p – 4p ET for expert-led conversations on cyber, AI and the future of national security.

Can the U.S. turn the tide?

The White House’s April order, issued under the heading “Restoring America’s Maritime Dominance,” marked a recognition of China’s rise and a high-profile effort to reverse the erosion of U.S. shipbuilding. As The Cipher Brief has reported, the order mandates a whole-of-government push to jump-start the domestic shipbuilding industry.

The order called for the creation of an “Office of Shipbuilding” within the National Security Council, and said that within 210 days, the Assistant to the President for National Security Affairs “shall submit a Maritime Action Plan (MAP) to the President…to achieve the policy set forth in this order.”

That 210-day deadline has passed (November 5 was the 210th day), and there has been no public announcement of such a plan. The White House did not respond to requests for comment.

RADM Studeman acknowledged that even in the best-case scenario, these goals would take years to achieve, but added that he was disappointed by a slow pace of progress since the order was signed.

“I expected to see more frankly,” he said. “I think that they're incredibly good ideas that were in that directive, and unless it's going on very quietly, I haven't seen enough progress in each of the areas.”

RADM Montgomery agreed.

“I know it's expectation management, but I'm disappointed,” he said, adding that he worries that future U.S. budgets may not provide the funds he believes are needed to kickstart the warship-building industry.

“China has modernized shipyards, as have Japan and Korea, who equally outpace us,” Montgomery said. “We do not have modernized shipyards for a number of reasons. We have not properly invested in that. Our labor costs are significantly higher, and that's particularly true in shipbuilding and defense manufacturing.”

He and others hold out hope that investments and expertise from Korea and Japan will help boost the U.S. output. The authors of the CSIS report urged a blend of punitive measures against China and long-term investments in U.S. and allied shipbuilding capacity. “U.S. Navy leaders have begun intensive outreach to allies like Japan and South Korea to support U.S. shipbuilding efforts,” the report stated, “an effort that President Trump has indicated he supports. However, much work remains to be done.”

“You need basically startup VC capital to get things going on it,” Funaiole said. “And it's not just the technical part or the physical infrastructure. We also have a lack of expertise and shipbuilding in this country. And so there also needs to be personnel training investments and exchange programs with other countries as well and specialization into new areas.”

Experts agree on this much: failure to address these issues risk damage to U.S. national security.

“As tensions rise,” the CSIS report said, “leaders in Beijing may calculate that China’s superior shipbuilding capacity would be a material benefit to outlasting adversaries in a protracted military conflict.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Putin Sees “Useful Meetings”, the U.S. Should See a Trap Set for Inexperienced Negotiators

EXPERT OPINION / PERSPECTIVE -- Reports from Moscow suggest that U.S. representatives Jared Kushner and Steve Witkoff are “optimistic” about the prospect of results from their discussion with Kremlin officials this week. But after months of fruitless negotiations, if they are optimistic about achieving a negotiated solution to Russia’s invasion of Ukraine, they have little reason for it, given comments from Russian officials on the Moscow discussions.

If, as has been recently suggested to me, a central priority behind Kusher and Witkoff’s participation in negotiations (instead of relying on more experienced U.S. diplomats with a record of dealing with autocrats like Vladimir Putin) is to secure business deals in Russia following the conclusion of hostilities, then both the negotiations over Ukraine’s future and future business deals in Russia will prove to be fool’s errands, the former first and the latter over time. President Trump should know better and should have selected better representation for U.S. interests.

Kremlin spokesman Dmitriy Peskov described the meeting between Putin and the U.S. representatives as “very useful, constructive, and highly substantive.” At the same time, he said no compromise on a peace plan was reached. He went on to note that Russia wants peace, but only if its objectives are met and reiterated that Moscow insists on achieving the goals of its “special operation.”

Peskov’s remarks are not surprising as they are completely consistent with the narrative that Putin has pushed before and during his ill-fated invasion of Ukraine. As if to emphasize the Kremlin’s rejection of the Kushner-Witkoff mission, Putin launched one of the largest drone and missile attacks on Ukraine, probably while the U.S. representatives were still in the air flying home.

Russia’s position in this “negotiation” is absolutely clear and has been for some time: The complete elimination of Ukraine as an independent nation; the breakup of the transatlantic alliance which has been the bedrock of European security since 1945; the creation and exacerbation of political division in the United States to weaken it as a strategic opponent and create the conditions for the establishment of a multi-polar world order with Moscow and Beijing leading the autocratic anti-democratic poles and a weakened U.S. and Europe, the other pole. Success in Ukraine is key to Putin and Chinese President Xi Jingping’s strategy.

As part of the red orchestra Putin is directing to set the stage for the achievement of his objectives, he is pushing two critical narratives. The first is that Russia can achieve through military conquest the subjugation of Ukraine - the narrative that Kyiv is losing and will inevitably lose the war. Secondly, he is pushing the argument in Washington and elsewhere that Europe is undermining the Trump Administration’s efforts to achieve a negotiated solution to the conflict (however feckless and unrealistic the 28 point peace plan was/is). Putin is also using a combination of “gray zone” clandestine kinetic and lethal operations across Europe to undermine public confidence in their security at home and undermine resolve to support Ukraine and resist Putin’s ambitions. The Russian leader has executed a number of these efforts in recent years with varying degrees of plausible deniability and certainly without any retribution or consequence paid.

Not a Subscriber+Member? Let’s fix that.

At Putin’s age and at this stage of his regime, he cannot back off his maximalist objectives in Ukraine, at least not until the pain from the war is felt by Russian elites and the Russian public to the point where his house of cards starts to tumble.

Ukraine’s ability to extract maximum casualties from Russia’s marginal territorial advances in Ukraine plus the cost being paid by Ukraine’s long-range strikes against energy infrastructure and military targets in the Russian Federation start to undermine support in those constituencies for Putin’s continued governance. The plan led by Kushner and Witkoff and endorsed by Trump works against undermining support in Russia for Putin’s aggression.

So, where does that leave Kushner and Witkoff with regard to a rumored undisclosed agenda of using the negotiations as cover for post-conflict business arrangements with Moscow? Dealing with business confidence in a kleptocracy is an oxymoron. If Kushner and Witkoff have never heard of Bill Browder, they should look him up.

Browder has consistently and accurately described the risks of doing business in Putin’s Russia. He again recently pointed out these risks in the specific context of warning Trump and his representatives of the risk they are taking on. Browder’s cogent observations and the wreckage of the hundreds of U.S. and western businesses that poured into Russia after the collapse of the Soviet Union show that you can put money in but getting it out is another matter entirely.

Who’s Reading this? More than 500K of the most influential national security experts in the world. Need full access to what the Experts are reading?

Trump and his representatives seem to think they will be the exception to the Russian kleptocratic paradigm. They will not be.

One can be sure Putin and Dmitriev will be whispering all the promises into the ears of their U.S. interlocutors. Kushner and Witkoff will dutifully carry these messages back to the White House and share their pipe dream fantasies of the untold riches of being on Putin’s good side.

The only thing Putin asks Kushner and Witkoff to relay is that Trump stop aiding and supporting the two remaining obstacles to a negotiated settlement, Zelensky and the European members of NATO. End military, intelligence, and economic aid to Ukraine, Putin certainly will have said, and Ukrainian resistance will collapse speedily, and the war will brought more rapidly to its inevitable conclusion. And the U.S. certainly should be able to put enough pressure on its NATO puppets to end their futile support for Ukraine and there will be peace in our time.

The President should engage some sound and experienced counsel to provide more realistic and experienced guidance on Russian realities. The first bit of that counsel would be to remove any illusion that Putin is a man who can be trusted. Putin’s public and private comments as well as his actions over the twenty plus years he has been running the Russian Federation leave no doubt as to where he stands with regard to the West in general and the U.S. in particular.

He believes democracy and capitalism are outmoded and morally exhausted political and economic philosophies doomed to collapse. As President of the country to which Putin refers as the “glavniy protivnik” or main enemy, President Trump should realize in Putin’s mind, HE is the main enemy.

Any promises of business deals that will follow the conclusion of the Ukraine conflict will inevitably be broken by Putin and his representatives. President Trump should understand Putin wants to steal his money the most. What greater victory for Putin than to have the U.S. hand him victory in Ukraine and in the process set up the biggest theft of money from a U.S. entity in history.

A second bit of counsel President Trump might seek to provide his representatives is that it is very difficult to keep secret deals secret when you are represented by someone as manifestly incompetent and compromised as Steve Witkoff. No additional evidence needs to be provided than the leaked transcript of the call with Kirill Dmitriev in which Witkoff provides advice on how to persuade President Trump to accept the Russian proposals for the end of the conflict in Ukraine.

In addition to the naiveté of having such a conversation in the first place, Witkoff should also be advised that undertaking such actions looks a lot like he is acting as an agent of influence for the Russian Federation.

Lastly, President Trump should be reminded of former British Prime Minister Winston Churchill’s famous remarks to Neville Chamberlain after Munich, “You were given the choice between dishonor and war. You chose dishonor and you will have war.” In the context of the current negotiations Churchill might have added that a fool and his money are soon parted.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. Government. Nothing in the contents should be construed as asserting or implying U.S. Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Strategic Failure on North Korea’s Nuclear Rise

EXPERT OPINION — South Korea’s Korea Institute for Defense Analysis recently publicly stated that we underestimated North Korea’s nuclear weapons program. According to their analysis, North Korea has between 127 and 150 nuclear weapons (not 50 to 60 nuclear weapons), and by 2030 they will have 200 nuclear weapons, reaching 400 nuclear weapons by 2040.

At the eighth Central Committee of the Workers’ Congress in late 2022, North Korean leader Kim Jong Un ordered the exponential expansion of North Korea's nuclear arsenal and the development of a more powerful intercontinental ballistic missile. Mr. Kim reportedly said: “They are now keen on isolating and stifling North Korea…and the prevailing situation calls for redoubled efforts to overwhelmingly beef up our military muscle.”

During this six-day meeting of the Central Committee, Mr. Kim not only called for an “exponential increase in North Korea’s nuclear arsenal”, but he also called for the mass production of battlefield tactical nuclear weapons targeting South Korea, and a new ICBM with a “quick nuclear counterstrike capability; a weapon that could strike the mainland U.S.”

North Korean leaders usually say what they plan to do. Indeed, this is the case with Mr. Kim. Not only has he apparently done this with his arsenal of nuclear weapons, but in October 2025, at the parade celebrating the 80th anniversary of the Korean Workers’ Party, the Hwasong-20, a solid fuel, mobile three stage ICBM capable of targeting the whole of the U.S., was introduced to the international community. The Hwasong-20 possibly could also be capable of launching multiple nuclear warheads at different targets, a capability that would challenge any missile defense system. So, the arsenal of ICBMs that could strike the U.S. – Hwasong-18 and 19 – has also grown exponentially with the Hwasong-20, as Mr. Kim said in 2022.

North Korea has also been working on its submarine program, to include a nuclear-powered submarine. This is in addition to its extensive work on hypersonic and cruise missiles, all representing a challenge to any missile defense system.

North Korea is also developing a second-strike capability, with programs to ensure the survivability of some of North Korea’s nuclear weapons and the progress North Korea has made with solid-fuel mobile ICBMs and nuclear-armed submarines, providing a mobile launch platform. Moreover, North Korea’s doctrine for the use of nuclear weapons has changed to a preemptive, first use of nuclear weapons if a nuclear attack against the leadership or command and control systems is imminent or perceived to be imminent.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Russian President Vladimir visited Pyongyang in June 2024, when he and Mr. Kim signed a mutual defense treaty, part of a “Strategic Comprehensive Partnership” between Russia and North Korea, ratified in November 2024. Article 4 of the treaty states that should either nation “put in a state of war by an armed invasion, the other will provide military and other assistance with all means in its possession without delay”

In October 2024, NATO claimed North Korean soldiers arrived in Russian Kursk Oblast to join Russian forces in its war of aggression with Ukraine. Additionally, North Korea was providing Russia with artillery shells and ballistic missiles. That assistance to Russia continues.

In return, it’s likely that in addition to energy and food assistance, Russia is providing North Korea with assistance with its satellite and ballistic missile programs and, also, with its nuclear program. Indeed, Russia could help with North Korea’s nuclear-powered submarine program, especially with the design, materials and components for such a technically challenging program.

North Korea’s mutual defense treaty with Russia, and its participation in the war with Ukraine, was a major failing of the U.S. and South Korea. We should have seen movement in this direction and did more to prevent it from happening. Of course, there is irony in Russia now saying North Korea should have nuclear weapons when in the Six Party Talks with North Korea, Russia, with China, Japan, South Korea and the U.S., was in sync arguing that North Korea should not have nuclear weapons.

North Korea’s nuclear and ballistic missile programs are an existential threat to the U.S. and its allies. Our past policy to “contain and deter” North Korea and to be “strategically patient” with North Korea didn’t work. They failed, as evidenced by North Korea’s robust nuclear and ballistic missile programs and their allied relationship with Russia – and China. Indeed, efforts should be made by the leadership in the U.S. and South Korea to get Mr. Kim to reengage, especially with President Donald Trump.

As South Korean President Lee Jae Myung said, North and South Korea are in a “very dangerous situation” where an accidental clash is possible at any time.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Second Strike, No Survivors: The Legal and Political Questions Around Trump’s Narco-Boat Killings

OPINION — “As we’ve said from the beginning, and in every statement, these highly effective strikes are specifically intended to be ‘lethal, kinetic strikes.’ The declared intent is to stop lethal drugs, destroy narco-boats, and kill the narco-terrorists who are poisoning the American people. Every trafficker we kill is affiliated with a Designated Terrorist Organization.”

That was part of a message from Defense Secretary Pete Hegseth last Friday evening on the social platform X, commenting on an earlier Washington Post story that alleged Hegseth had verbally ordered defense officials to “kill everybody” traveling on a narco-trafficking boat September 2. That was the first of 21 boats struck and sunk since then by U.S. military units – actions which have killed 83 people.

According to last week’s Post story, that first September 2, missile strike hit a so-called narco-trafficking boat carrying 11 passengers, but left two survivors clinging to the wreckage. The Post story then reported for the first time that a second strike was ordered by Adm. Frank "Mitch" Bradley, who was at the time, head of Special Operations Command and was the commander in charge of the operation.

In his Friday message, apparently referring to The Post article, Hegseth wrote, “As usual, the fake news is delivering more fabricated, inflammatory, and derogatory reporting to discredit our incredible warriors fighting to protect the homeland.”

Hegseth went on to write that the attacks have been “lawful under both U.S. and international law, with all actions in compliance with the law of armed conflict,” positions already being criticized and questioned before last week’s Post story.

On Sunday, President Trump on Air Force One said, “He [Hegseth] said he did not say that [the order “kill everybody”], and I believe him, 100 percent.”

Yesterday, White House Press Secretary Karoline Leavitt, said “Secretary Hegseth authorized Adm. Bradley to conduct these kinetic strikes,” and that “Adm. Bradley worked well within his authority and the law to ensure the boat was destroyed and the threat to the United States of America was eliminated.”

A good question is who was in the room when Adm. Bradley gave that order?

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

The second strike issue has also put a spotlight on President Trump’s threat policy toward Venezuela and its leader, Nicolas Maduro.

I describe it as a threat policy because Trump’s been unclear whether he just wants Maduro out, or plans for the U.S. to take over Venezuela and install a new government in Caracas.

Since August, a possible U.S. invasion force has been built up in the Caribbean, and over the past weeks Marine, Navy and Air Force elements have carried out well-publicized military exercises. Trump last week threatened to attack Venezuelan land-based drug facilities, and he disclosed on Sunday, that he had spoken to Maduro.

Press reports claim Trump offered free passage if Maduro left Venezuela, but indications are that the latter did not accept the offer. A Trump-led White House meeting on Venezuela was scheduled for 5 p.m. yesterday with the President’s top national security aides.

Let’s pause for a moment.

President Trump has not yet explained his strategy, or the specific purpose or plan, for the built-up U.S. Caribbean military forces. He has talked about stopping drugs from entering the U.S., often claiming – with no proof – that each narco-boat destroyed saves 25,000 American lives.

It’s no real war on drugs in the U.S. since it has no domestic element, and even the foreign side is flawed as illustrated by Trump’s surprise pardon offer last Friday to former-Honduran President Juan Orlando Hernández.

Based ironically on an investigation begun during Trump’s first administration, Hernandez was convicted and sentenced last year to 45 years in prison. Prosecutors described him as a “violent, multi-ton drug trafficker” who allegedly abused his political connections for personal and political gain and at least twice “helped arrange murders of drug trafficking rivals.”

Nominations for outstanding leaders in national security and intelligence are now open for the 2026 Cipher Brief Honors Dinner. Find out more here.

Meanwhile, up to now Congress has yet to hold a public hearing focused on the Caribbean buildup or the Venezuelan situation. However, this second-strike killing of the two September 2 survivors has brought new attention and concern to the legal questioning of the Trump administration’s killing of narco-traffickers.

Harvard Law School Professor Jack Goldsmith last Friday pointed out in his Executive Functions platform that the Defense Department’s own Law of War Manual says, “it is also prohibited to conduct hostilities on the basis that there shall be no survivors, or to threaten the adversary with the denial of quarter. This rule is based on both humanitarian and military considerations. This rule also applies during non-international armed conflict.”

Last Friday, Sens. Roger Wicker (R-Miss.) and Jack Reed (D-R.I.), chairman and ranking Democrat on the Senate Armed Services Committee, released a joint statement saying their committee “is aware of recent news reports and the Department of Defense’s initial response regarding follow-on strikes on suspected narcotics vessels in the SOUTHCOM area of responsibility.”

As a result, the two Senators said, “The Committee has directed inquiries to the Department and we will be conducting vigorous oversight to determine the facts related to these circumstances.”

Their notice comes on top of a letter sent November 24, to Attorney General Pam Bondi and Hegseth by Democratic Senators on the Armed Services Committee, seeking “expeditious declassification and public release of the Department of Justice Office of Legal Counsel’s [OLC] written opinion, dated September 5, 2025, concerning the domestic and international legal basis for recent military strikes of certain vessels near South America and the Caribbean, with appropriate redactions necessary to protect military personnel and sensitive intelligence matters.”

The 13 Senators pointed out, “Few decisions are more consequential for a democracy than the use of lethal force,” and noted as precedent that “after the United States carried out military strikes in Libya in 2011, and in Syria in 2018, the Department of Justice released the applicable OLC opinion justifying each operation.”

On Saturday, the House Armed Services Chairman and ranking Democrat. Reps. Mike Rogers (R-Ala.) and Adam Smith (D-Wash.), issued their own statement saying their committee is “committed to providing rigorous oversight of the Department of Defense’s military operations in the Caribbean,” and “we take seriously the reports of follow-on strikes on boats alleged to be ferrying narcotics in the SOUTHCOM region and are taking bipartisan action to gather a full accounting of the operation in question.”

With both Republican-chaired committees on record opening inquiries into the narco-boat attacks, and President Trump threatening new land attacks on Venezuela, it is not clear what happens next.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

What Trump has done is put out statements on Truth Social such as the one last Saturday, “To all Airlines, Pilots, Drug Dealers, and Human Traffickers.” They are to “please consider THE AIRSPACE ABOVE AND SURROUNDING VENEZUELA TO BE CLOSED IN ITS ENTIRETY.” Most international commercial flights had been cancelled more than 10 days ago after the November 21, U.S. Federal Aviation Administration warning of the risks of flying over Venezuelan airspace,

What is all this Trump messaging supposed to mean? And is this a way a serious U.S. President should be conducting foreign policy?

As I and others have pointed out, there has been unease indicated within the Defense Department since these unprovoked killings began. In mid-October, SOUTHCOM Commander Adm. Alvin Holsey announced his early retirement on December 12 – little more than a year after he assumed the position. Holsey has yet to disclose his reasoning, but the New York Times reported that he had raised internal concerns about the attacks on the boats.

In November, NBC reported that a senior SOUTHCOM Judge Advocate General in August, before the strikes began, had raised whether they would be legal, and that he was later sidelined.

We also have had President Trump’s social media outbursts beginning November 20, against Sen. Mark Kelly (D-Ariz.) and five other Members of Congress, each of whom had served in the military or CIA, for their video reminding military personnel that they “can refuse illegal orders.” Trump at various times called what they had done “Seditious Behavior” that was “punishable by death.”

Hegseth, last Tuesday in a memo to the Navy Secretary John Phelan, described Kelly’s participation in the video as “Potentially Unlawful Conduct,” and asked for it to be reviewed for “consideration and disposition as you deem appropriate.” As a retired Navy officer, Kelly could be ordered back on active duty and face a court martial trial. But Hegseth, having apparently left it up to Phelan and the Navy to carry out, made it highly unlikely that anything more than an inquiry will ever take place.

While all these activities are taking place today, I want to also record a bit of history surrounding Operation Southern Spear, which Secretary Hegseth announced November 13, “as a new, formal military and surveillance campaign,” with a goal “to remove ‘narco-terrorists’ from the Western Hemisphere and secure the U.S. homeland from illicit drugs.”

In fact, Operation Southern Spear had its roots in the Biden administration and was officially announced by the U.S. Navy 4th Fleet on January 28, 2025, as “a heterogeneous mix of Robotic and Autonomous Systems to support the detection and monitoring of illicit trafficking while learning lessons for other theaters.” In a press release, the 4th Fleet said the operation was an evolution of the Navy’s previous operation dubbed Windward Stack, begun in 2023. It added, the results of Operation Southern Spear “will help determine combinations of unmanned vehicles and manned forces needed to provide coordinated maritime domain awareness and conduct counternarcotics operations.”

In a July 2, 2025, announcement, the Navy said SOUTHCOM and 4th Fleet have launched Operation Southern Spear which “will involve un-crewed surface vessels that can stay at sea for extended periods, small robotic interceptor boats, and vertical take-off and landing un-crewed air systems. These will combine with manned forces to help provide coordinated maritime domain awareness and conduct counternarcotics operations.”

I doubt that the originators of Operation Southern Spear foresaw it as a human killing program.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Kremlin's Kill List: Inside a Culture of State-Sponsored Murder

EXPERT OPINION / PERSPECTIVE — The 2024 spy swap between Russia and the West exposed a brutal truth: Moscow still treats innocent civilians as bargaining chips, and killers as heroes. In the deal, Russia forced multiple governments to trade convicted Russian intelligence officers, including an SVR “illegal” couple arrested in Slovenia, in exchange for Western citizens that the Kremlin had deliberately entrapped. But the real prize for Russian President Vladimir Putin was Vadim Krasikov, the FSB assassin who was convicted by a German court for murdering Chechen exile Zelimkhan Khangoshvili in Berlin in 2019. Through years of negotiations, including those aimed at freeing Wall Street Journal reporter Evan Gershkovich, Krasikov’s release remained a non-negotiable demand from Russia.

When the swap finally happened, Putin greeted Krasikov on the tarmac with a public embrace, an extraordinary display of presidential affection for a convicted murderer. Days later, the Kremlin confirmed his FSB status, praised his “service,” and even highlighted his past role as a presidential bodyguard. Putin’s message to his security services—and to the world—could not have been clearer: if you kill for Putin’s regime, the regime will protect you. Killing for the regime has always been a mission for Russia’s intelligence services (RIS).

State-directed murder was long embedded in the mission and culture of the RIS and their predecessors. The practice predates the Soviet Union, reaching back to the Czarist Okhrana, which routinely hunted down dissidents when exile to Siberia failed to silence them. After the 1905 revolution, Czar Nicholas II unleashed a wave of retributive assassinations that set a precedent for the violence institutionalized by the Cheka and later the KGB. He became known as “Bloody Nicholas.” The state security “organs” (as they are still known in Russia) elevated assassination into a professional craft, giving rise to the notorious phrase in Russian: vishaya mera nakazaniya — the highest measure of punishment. The term still carries its original meaning and dreaded connotation: death at the order of the state, whether by trial or extrajudicial killing.

There were many examples both at home and abroad for Soviet citizens to be afraid. Stalin’s plot to kill his arch-rival and fellow revolutionary, Leon Trotsky, was decades in the making and ended with an ice pick to Trotsky’s head while he was in Mexico City. His assassin, Ramon Mercader, was awarded the title Hero of the Soviet Union when he was released from prison and arrived back in the USSR.

Secret institutes like the infamous “Poison Factory,” known in the KGB as Laboratory 1 or “kamera” (for “the cell”), were set up during the early years of the Cold War to study chemical and biological agents that could be used to murder quietly. Laboratory 1 specialized in refining special toxins, like the ricin pellet the KGB provided to their Bulgarian allies, and used in the infamous assassination of Bulgarian dissident Georgi Markov on a London bridge in 1978.

Today is no different. Some assassinations are believed to be directly ordered by Putin in what the Russians call “direct action” (pryamoye deistviye, also known colloquially as mokroe delo, or wet work), while others are believed to be carried out with his implied approval. Poison factories continue to function inside of Russia. Today, the FSB uses a modern “kamera” which helped refine the nerve agent Novichok for use against the defector Sergei Skripal in the 2018 Salisbury UK attack. It was the same agent used against Russian Opposition leaders Alexei Navalny in a failed assassination attempt, prior to his death in a remote Russian prison, also likely wet work at the hands of the FSB.

Why does Putin let his Chekist assassins use such a well-known, state-only produced chemical weapon like Novichok to kill defectors or dissidents? The answer: because he wants the world to know the RIS were behind the attacks and that the tradition of the “highest measure” continues. Otherwise, he could certainly have his hitmen use a gun, ice pick, or other more deniable method. There is a track record now for decades, going back to the FSB defector Alexander Litvinenko and his death from polonium in the UK. The RIS will not hesitate to murder any intelligence or military defectors that the RIS can find and reach in the West. The lack of a formidable response from the UK and the U.S. to the Litvinenko poisoning only emboldened Putin and his henchmen (one of the assassins, Lugavoy, was praised so highly within Russia that he was eventually elected to the Russian duma).

Save your virtual seat now atThe Cyber Initiatives Group Winter Summit on December 10 from 1p – 4p ET for expert-led conversations on cyber, AI and the future of national security.

The Russian Record of Killing their Own: Disincentivizing Dissent

Putin and his RIS siloviki want all of their officers to know that the price for treason is death, and they don’t care what government may be offended or what international laws are broken. Otherwise, the incentive for those officers to betray Russia’s corrupt services and look to a better life for themselves and their families is too high. It matters not whether the execution is ordered by a secret court, or carried out on the street, the RIS consider it within their purview to decide how and when.

Two historical points illustrate this as practice within the RIS. For decades of the Cold War, and after, the rumor proliferated within the KGB and GRU that one or both of the first GRU spies to work for the United States, Pyotr Popov and Oleg Penkovskiy, were executed by being thrown into a furnace alive. Popov was uncovered and executed in 1960. Penkovskiy was arrested and executed in May 1963 after the vital role he played in providing intelligence to the United States during the Cuban Missile Crisis.

The practice during that time period, carried over from Stalin’s purges, was more likely a bullet to the back of the head up against a wall at the infamous Lubyanka prison. But the rumor, which was spread to the West by GRU defector Viktor Suvorov, was effective and garnered a lot of attention within the services; it still does. It was purposely spread, and taught, and continues to be, at the KGB Andropov Academy through the 1980s, now known as the modern SVR Foreign Service Academy (what they call the AVR). The same rumor is taught to officers at the GRU Military Diplomatic Academy. Defectors have confirmed for years that this rumor is whispered among classes at the academies, and as a warning against dissents—“you want to be thrown into a furnace alive, shut-up you idiot!” The very idea of being burned alive in a furnace is hard for young officers to forget.

There is another example from Cold War history that illustrates the same point. In 1985, the so-called “year of the spy,” while crypto-spy John Walker and his family ring were uncovered and arrested, CIA officer Ed Howard defected to Moscow, and many other espionage incidents took place. CIA traitor Rick Ames gave his “big dump” of classified holdings to the Soviets. Ames offered up roughly a dozen different U.S. cases to the Soviet services, including many penetrations of the KGB and GRU. Most of those assets were executed in short order, sending up a giant “CI flag” of counterintelligence warning to CIA/FBI and the entire U.S. intelligence community that something was amiss. A major mole hunt, which unfortunately took nine years, eventually led to Ames’ arrest. Ames himself commented after his arrest that he was astounded that the KGB/GRU had killed so many assets: why not keep them running as controlled cases, at least for a time, in order to protect him? It was an unprecedented, even reckless reaction.

Why did they do it?

The answer, as some senior Russian officers including former Line KR (kontrarazvedka or CI) Chief Viktor Cherkashin would later confirm (he wrote a book that was translated in the West) was that the Soviet services had no choice. The KGB and GRU had to take drastic steps to stop the flood of espionage and leaks in the Soviet services—too many traitors! An example had to be set.

Cherkashin would know since he ran both Ames and FBI spy Robert Hanssen when he served in the Washington D.C. Residency (station) of the KGB. Reportedly, the issue went to the highest ranks of the KGB/GRU and then on to the Central Committee of the Communist Party. For all their feared security prowess in the Soviet Union, the vaunted KGB had no idea that the CIA was running so many cases under their noses, literally, in Moscow and around the world. Since their own counterintelligence, the 2nd Chief Directorate of the KGB, had failed so miserably, the decision was made to execute them all (or nearly all, a previous few escaped death in the Gulag). There had to be a hard line drawn for the tens of thousands of other Soviet intelligence officers not to betray the regime - the highest measure would be the warning.

Murder by Order or Murder to Impress the Boss?

The FSB is no less of a counterintelligence failure than their KGB predecessors. They cannot turn the tide against the U.S., our intelligence services, and those of our allies. Instead they arrest innocent civilians like those used to barter for the 2024 swap. That is why Putin likely continues to order death to all intelligence defectors. That is why he will greet a killer like Krasikov at the airport in Moscow in front of the cameras. But Putin’s RIS don’t just kill defectors and Chechen separatists. The RIS were almost certainly behind many political hits in Russia like Navalny, Boris Nemtsov and many others “falling out of windows” from Putin’s own government in recent years. Here it is important to recall that under President Yeltsin, Russia abolished the death penalty. So what were once judicial executions, ordered by the state, have become extra-judicial killings in the Putin era. But for the RIS, there is no distinction.

There have been many assaults and killings of journalists like Anna Politkovskaya. The question often arises—does Putin know about and order all of these murders? Perhaps, but there may be something else at play as well, an effort to impress “the boss.” This could also explain some of the more reckless acts of sabotage playing out in Europe at the hands of the RIS. Mafia families work in the same way - they surprise the boss with new income streams or take out a threat to the family with a hit, to earn one’s “button” and become a “made man.”

Indeed, the RIS function within mob-like cultures, fostered by patronage relationships, and corruption at every level. Officers are encouraged to pay bribes up the chain of command, and frauds of all kinds at every level infect their services. Putin has no doubt told aspiring leaders in the SVR, GRU and especially the FSB, his favorite service, to surprise him with new and inventive operations meant to hit back against the West, particularly regarding Ukraine. This has led to a cascading series of actions by the RIS, including sabotage, exploding parcels, and, yet again, like earlier in their history, attempted assassinations. The most brazen plot uncovered so far was the GRU plot that was unraveled in Germany in 2024 to assassinate the CEO of Rheinmetall, a leading provider of arms to Ukraine. GRU unit 29155 is likely behind that plot, just as they were behind the Skripal attack, and others.

The RIS attack dogs in Putin’s services are simply continuing a tradition of state-directed violence. Yet in the West, we often hesitate to assign blame, waiting for courtroom-quality evidence. But the evidence is already written across decades of Russian intelligence tradecraft, and reinforced by independent investigations.

Open-source teams like Bellingcat have repeatedly identified the GRU and FSB officers behind some of Moscow’s most feral operations - from the Skripal poisoning in Salisbury to the attempted assassination of Alexei Navalny. Still, conclusive proof of Kremlin authorization often appears only when an insider defects with hard intelligence. Those who contemplate such a step know they will be protected and given a new life in the West. They also know the stakes, however, if caught.

The absence of courtroom proof in every case of murder, poisoning, or a fall from a window should not silence the West. Putin’s record speaks for itself. His regime has presided over the killings of journalists, opposition figures, exiles abroad, and tens of thousands of Ukrainian civilians. He operates as a modern bloody czar, no different in impulse from Nicholas II—ordering assassinations, reprisals, and revenge killings with impunity. And the pattern is escalating. It is only a matter of time before Russian intelligence pushes further, testing its reach against U.S. and allied targets. The warning signs are unmistakable. The question is no longer whether the threat exists, but what the West intends to do about it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

‘Mind-Blowing’ Pentagon Overhaul Will Reshape Acquisition

FEATURED INTERVIEW — As the Pentagon undertakes its most ambitious overhaul yet of how it acquires new warfighting capabilities, Silicon Valley entrepreneurs are weighing in on whether the modernization effort can happen quickly enough to bring the U.S. up to speed with China in a time of rapid technological development.

When the overhaul was announced earlier this month, Secretary of War Pete Hegseth said the reforms aims to dramatically accelerate how the Department buys and fields new capabilities and that the changes are specifically aimed at cutting bureaucracy, rewarding rapid development, and pushing defense primes to invest more of their capital in new capabilities.

In the weeks since the announcement, the U.S. Army has shared details on how it will reform its service-level acquisition process. Part of the change involves consolidating the service’s program executive offices (PEOs), which are responsible for buying new weapons, into six new offices called “portfolio acquisition executives” (PAEs). Plans also include the creation of a new office to rapidly field and scale emerging technologies. Similar initiatives are in the works at the other services.

Measures like these have been championed by the private sector, which has traditionally on the cutting edge of innovative capabilities for decades. Cipher Brief COO & Executive Editor Brad Christian caught up with Entrepreneur and Stanford Professor Steve Blank, who recently published a Department of War Program Executive Office directory to help entrepreneurs better navigate the current complicated system for selling to government. Their conversation has been lightly edited for length and clarity.

Steve Blank

Steve Blank is an adjunct professor at Stanford and co-founder of the Gordian Knot Center for National Security Innovation. His book, The Four Steps to the Epiphany is credited with launching the Lean Startup movement. He created the curriculum for the National Science Foundation Innovation Corps. At Stanford, he co-created the Department of Defense Hacking for Defense and Department of State Hacking for Diplomacy curriculums. He is co-author of The Startup Owner's Manual.

THE INTERVIEW

Christian: Describe your initial reaction to the Pentagon's somewhat surprise announcement that it was overhauling its acquisition process.

Blank: It was mind blowing. It was mind blowing not because anything the Secretary said was new; these are things that people who are interested in acquisition reform have been asking for the last 10 years. But it was put in a single package and was clearly done by the infusion of people who have actually run large businesses and were used to all the language of organizations that already know how to deliver with speed and urgency.

The part that didn't get said, is essentially that the Department of War wants to adopt startup innovation techniques of lean iteration, pivots, incremental releases, good enough delivery, and that gets you what the Secretary asked for, which was speed of delivery. But all those are things that we've lived with in Silicon Valley for the last 50 years. And it wasn't until we had people who worked outside of buildings with no windows inside the Pentagon to understand that those techniques could actually be applied. And it required blowing up the existing system. And they did that spectacularly well. There are very few holes in these proposals.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

Christian: Obviously the Pentagon procurement system is a product of decades of bureaucracy and rules. Are you hopeful that you're going to be able to see the kind of change in the rapid timeline that they've laid forth here?

Blank: Number one, this is a pretty extensive reorganization. Right now, the Department of War is siloed between requirements and system centers for testing and prototyping and acquisition, which was the acquisition with a small A with the PEOs and program managers, and then it went to contracts and then it went to sustainment, et cetera.

Those were silos. Now we're putting it all underneath a single portfolio acquisition executive. So, instead of making their offices 10,000 people, it's actually a matrix organization, much like a combatant command is. Most of those people will stay in their existing organizations but now be tasked to work on specific portfolios. And the portfolios will no longer be arranged by weapons system. They're going to be arranged, for example, by war fighting concepts or technology concepts, et cetera.

That said, boy are they trying moving an elephant and make it dance. And at the same time, they recognized - this was one of the genius parts - that people won't just get a memo and know what to do. Historically, they've depended on the Defense Acquisition University, which taught contracting officers and the rest, how to work with the 5,000 pages of the DFAR and FAR, Federal Acquisition, Defense Acquisition Regulations. One of the unnoticed things was that they basically told the Defense Acquisition University, to stop teaching what they're teaching today, recognizing that they need to teach people this new methodology. That's not going to happen by telepathy.

First of all, we need to train the trainers, then we need to train all the people who've grown up in their career following the paperwork. I predict six months or a year of chaos and confusion. And there are always saboteurs in a large-scale reorganization who are angry that their cheese has been moved or worse, their authority has been diminished or their head count went somewhere else. This is going to be no different except maybe at a bigger scale.

In the end, if we pull this off (and I'll explain the only possible reason not to do this) the country will be much better for it.

The other obstacle will be if you're on the board of directors and the executive staff of a prime, you're going to go through the 12 stages of denial and grief and whatever because I don't know how many times both Deputy Secretary of Defense Steve Feinberg and Secretary Hegseth made it clear that the primes weren't delivering and they weren't investing in the things the country needed and they got used to the system and we were kind of mutually dependent on a broken system - and that's over. Well, you're not going to let your stockholders say you just went home and packed up. Obviously, it's pretty clear that appealing to the Pentagon isn't going to work, but Congress is “coin operated”. This is now going to be a race of lobbying cash from the primes versus lobbying cash for the first time from private equity and venture capital. So it's going to be, who has the biggest pile of cash to influence Congress and the executive branch to keep these rules in place or modify them?

Remember what a disaster this is if you're an existing large company selling to the DoD. It says number one, we're going to buy commercial off the shelf. Number two, we're going to buy commercial off the shelf and then modify it. If and only if either one and two work, we will do some bespoke contracting with the existing organization. It's never happened before. Pretty clear, pretty direct. So, the easy thing would be for primes to change their business model. But my prediction is they're going to double and triple down on the amount of lobbying and dollars spent.

Christian: In addition to the lobbying are we going to see consolidation? A major prime, like you said, isn't going to just pack up their bags and go home. Are they just going to start scooping up all of the small commercial providers?

Blank: In the space segment, they were already doing that. And in fact, were told to kind of stand down and that these things needed to flourish. You have to remember that primes and corporations are companies. Their number one priority, at least in their heads, is no longer national interests, it's the shareholders and returns and revenues and profits. That's the nature of capitalism. The problem here is that the Department of War said, 'Well, that's nice, but we're not getting what we need out of that. Send a note to your shareholders that life's about to change'. That's going to create a lot of conflict - with a lot of money involved - in trying to bend the rules back.

And just as an aside, the primes aren't useless. You don't want them to go out of business. No startup is building an aircraft carrier or a joint strike fighter. We can make the argument of whether we should anymore, but that's secondary. That level of complexity and skill set is just not built yet. Maybe the Andurils and others will get there in another five years, but they're not there yet. And so, waving a wand and making the primes go away completely is equally inane as saying we could depend on startups for everything that the Department of War needs.

But the balance of power, at least as the secretary and deputy believe, is that we need to be building things faster and delivering them faster and on time. And we're going to look for alternate sources. That's just a mind blower. So, as I said, I see six months to a year of confusion as this reorganization happens and people come and go as they establish who's in charge, what the rules are, et cetera.

The only good thing about making this happen is in a normal administration, the administration would wait for Congress's approval. I've not seen that happen in many of these cases with this administration. And in this case, it might actually be good for the country. Time will tell.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Christian: You referenced decades of Silicon Valley's experience with iterating and moving quickly. One of the threats and one of the actual challenges that a country like China poses to America is they have a top-down autocratic government that doesn't change every four years. That presents a unique challenge to the Pentagon that Silicon Valley doesn't know, or the private sector doesn't necessarily have. How much of a risk is there for the next administration to come in and potentially change everything? And then, if you're one of those big primes, are you baking that into your long-term planning that this might shift in a measurable way in the future? Or do you think these changes are going to be something that is so overwhelmingly positive that future administrations have to stick with it?

Blank: Well, if you were asking me this three years ago, I would have said you should get all this done now because it's going to be flipped back in three years. What's different now though, is the amount of capital available for startups, scale-ups, and private equity firms that can match or overpower the lobbying efforts of the primes. So as I said, both the executive branch and Congress are coin operated, even more so now than ever. And for the first time ever, the insurgents have as much or more coin than the incumbents. That's what's going to change this game.

So yes, a Democratic administration or another Republican one might have a different opinion. But in this case, we're talking about piles of money flooding the streets of Washington D.C. to try to change the game. Think about who is now sitting in the cabinet and in other places where we're seeing people with commercial experience for the first time ever at scale, inside the executive branch for sure and inside the Department of War which changes the nature of the conversation and as we're seeing - the types of things they're recommending. It wasn't that people didn't recognize this before. It was kind of hard to explain this to people who had never run a business or who have been career successful. I've said for years, we had world class organizations, world class people for a world that no longer existed.

Finally, we have people who understand what that world should be like because they've been operating in it. Secretary Feinberg has been writing checks for tens of billions of dollars- buying aircraft carriers, okay, he’s written those kinds of checks before. Tell me who else has ever been in that position.

Again, it's not that the DOW should run like a corporation or a startup, but having that experience sets a bar for what you know is possible for doing extraordinary things. It's what this country knew how to do in World War II and during the Cold War, and we just kind of lost it when Robert McNamara, ex-chief financial officer of Ford, put in the first version of the Planning, Programming, Budgeting and Execution System (PPBE) in 1962. We've been operating on that system for 63 years, or some variance of it.

Basically, he imposed a chief financial officer's strategy on budgeting and planning, which made sense at the time. It stopped making sense about 15 years ago, but no one inside the building knew what to do differently. That's changed.

There was also one set of announcements that kind of flew under the radar, and that was that the policy organization in the DOW lost three organizations to acquisition and sustainment (A&S). I think Elbridge Colby runs that group and it went to A&S. So all the foreign military sales and all the policy stuff kind of disappeared overnight. I don't know what the talking points will be, but the optics aren't great for policy. That's number one.

The second thing that got buried in the memo and I'm not sure it was in the speech, but this new Economic Defense Unit (EDU) I think has taken over the office of strategic capital. And I think that's good given what the agenda is, which is that we're essentially using the whole of nation approach to decouple from China and not only invest in critical minerals but in the other parts of the ecosystem that we need as well, everything from batteries to drone motors to whatever. So we can operate independently. Scaling that unit up was strategically as important.

This was an acquisition announcement, but watching all these other moves are really smart chess pieces at scale, not just nibbling around the edges, but at scale. And I think paying attention to the other moves that are being made inside the DOW, you'll at least understand the master chess game that they're at least trying to implement. It's pretty smart.

Christian: You've done incredible work recently with helping people understand and navigate his environment in ways that perhaps were difficult for people to understand before. What are you going to be looking for next and what are you potentially going to be working on as a result of these changes?

Blank: I think you're referring to the PEO directory that I wrote, which is about 300 pages long. It’s the first phone book for the Department of War with a 30 page preamble of go-to-market strategies. I literally have started rewriting it and it's now going to be called the Portfolio Acquisition Executive Handbook and now it's going to explain how PAEs work and what the silos looked like before and how each service is reorganizing.

For example, the Army likely will condense 12 PEOs into six portfolios and make major shifts, this month or certainly by the end of the year. And the other services will follow. I think the Army is a little ahead of everybody else. But having a phone book to actually explain who's who and what they're supposed to be doing.

As I said, it will be six months to a year of chaos and I think having some kind of handbook that at least shows you where things are heading and who are the new people to call on would be helpful. So that's what the Stanford Gordian Knot Center for National Security Innovation is doing.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

A Real Life Example of Russian Information Operations

EXPERT PERSPECTIVE — In January of 2018, I was involved in organizing and supporting the visit of General Aleksandr Bortnikov, and Sergey Naryshkin, the heads of the Russian Federal Security Service (FSB) and Foreign Intelligence Service (SVR), respectively, to Washington D.C. to discuss counterterrorism cooperation.

Interestingly, Bortnikov and Naryshkin did not travel at the same time, indicating to me that there was no love lost between the two. The SVR delegation arrived first, spent one day meeting with the leadership teams of the Central Intelligence Agency (CIA) and the Director of National Intelligence (ODNI), then departed the next day before Bortnikov and his delegation arrived. Contrary to the wild claims made by some U.S. politicians and journalists after the visit, the head of the Russian Main Directorate of Intelligence (GRU) of the Ministry of Defense (MoD) did not travel to the U.S. in January of 2018, and the SVR and FSB delegations did not have any other official or unofficial meetings with U.S. officials. Also, the visits were fully coordinated within the U.S. Government’s Interagency.

Because these visits were part of the U.S. Administration’s “Intelligence Diplomacy” efforts, the U.S. and Russian sides both agreed that there would be no public or official statements about the meetings, nor would there be any organized media coverage of the visits.

After meetings with the DNI and CIA, Naryshkin had dinner plans with the then-Russian Ambassador to the U.S., Anatoly Antonov. And on the day of his departure from the U.S., Naryshkin advised a representative of the U.S. side supporting the visit that he and Antonov chose to have dinner at a quiet restaurant in Georgetown and that while dining together, a Russian journalist “happened” to be in the same restaurant at the same time, saw Naryshkin, and would “probably write a story” about his visit.

In delivering this news, Naryshkin claimed that he had no control over what the journalist would say or write and, sure enough, soon after his plane departed, there were media reports circulating in the U.S. about Naryshkin’s visit. The initial story came from a source in the Russian media, and was picked up by multiple U.S. and International media outlets. But the reporting included false claims, like “Naryshkin and Bortnikov were joined in the U.S. by the head of the GRU General Igor Korobov." Some reporting implied that the visits were not coordinated within the U.S. Government and suggested that it was possible that the Russians had also met with officials from the White House and the National Security Council (NSC) — all insinuations that were meant to undermine the U.S. President at the time.

Of course, the SVR was aware of the deep political sensitivities in the U.S. related to all-things Russia at the time and they knew that Trump himself was still dealing with the fallout of the “Russia Collusion” narrative that had been created and promoted by political opponents during the 2016 Presidential election. Naryshkin used the opportunity presented by his visit to “leak” information about the visit itself and to exploit existing domestic problems in the U.S., knowing that would further inflame suspicions about the U.S. President and undermine both the President and confidence in the U.S. system. There is no doubt that Naryshkin’s boss, Russian President Vladimir Putin was aware of this information operation in advance and authorized it.

I refer to this action by the Kremlin as an “information operation” because to my knowledge, the SVR did not disseminate any false or distorted information directly when Naryshkin leaked news of his visit. However, it is very possible that this was part of what the Russians called an “operational combination” in which additional aspects of SVR operations could have involved seeding false information using clandestine sources in the U.S. media space - to amplify the narrative.

For example, it is possible that the Russians would used their sources to pass information to U.S. or Western journalists that led to a lot of the false claims about the GRU Director’s presence in the U.S. at the time and allegations of a "secret meeting" between the U.S. President and Russian Intelligence officials. Of course, it is also possible that the Russians did not have to seed this type of information and instead, simply benefited from the fact that Trump’s opponents were looking to seize on any tidbit of information to attack the President and were not beyond distorting facts or promoting falsehoods to advance their own political agendas.

Information Operations are designed to play on the emotions, fears, prejudices and pre-existing beliefs of their target audiences. They are much more successful when target audiences do not apply critical thinking skills and approach receiving information with a level of objective discipline.

Disinformation is used by U.S. adversaries to fuel divides between Americans. Find out how to spot it in this public service message from The Cipher Brief

In the case cited above, the Russians most likely assessed that “leaking” news of the visit of their Intelligence officials to the U.S. would play to the fears and political biases of certain portions of the U.S. audience and result in an emotional or politically charged response.

Unfortunately, the Russians likely got a great deal of benefit from a small investment of effort because elements of their target audience overreacted, giving the operation greater impact than it would have had if some targets of the effort had simply responded objectively, asked good questions about the news and purpose of the visit and taken the time to understand that the visit had been pre-cleared and coordinated within the U.S. Government “Interagency” system and was not unlike other visits by Russian Intelligence and Security officials to the U.S. during previous presidencies.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The U.S. Needs to Restore Deterrence Credibility Against Putin

OPINION — President Donald Trump’s 28-point peace plan is a humanitarian attempt to halt the killing and destruction in Ukraine, although Russia’s President Vladimir Putin may view the peace plan as an attempt to appease Russia. Since Russia’s invasion of Georgia in August 2008, the U.S. and its NATO allies have not been able to deter an aggressive Russian Federation.

When Russia invaded Georgia in 2008, this was a clear signal, especially to NATO, that Russia was prepared to use force in the “near abroad” when their interests weren’t respected. The response from the U.S. and NATO was weak: no military support to Georgia or strong punitive actions against Russia

In 2014, Russia seized Crimea, with minimal consequences. The muted response in 2008 to Russia’s invasion of Georgia no doubt convinced the Kremlin that the U.S. and NATO would not risk a military confrontation with Russia. Although Russia was suspended from the G8 and the United Nations General Assembly adopted a resolution condemning Russia’s annexation of Crimea, NATO’s military response – suspending all cooperation with Russia -- was weak:

The U.S. withdrawal from Afghanistan in August 2021reinforced the Russian view that U.S. and NATO “red lines” were either not clear or not credible. Indeed, Russia viewed the withdrawal as a weakening of U.S. deterrence credibility.

On February 4, 2022, just weeks before Russia’s invasion of Ukraine on February 24, 2022, Mr. Putin met with Chinese President Xi Jinping at the Beijing Winter Olympics. The joint statement from their discussion was clear in stating a “no-limits” partnership and “no forbidden areas of cooperation” between Russia and China.

And prior to Russia’s February 2022 invasion of Ukraine, the U.S. publicly stated that they had credible intelligence of Russia’s plan to invade Ukraine. Unfortunately, however, even with this insight, the U.S. could not convince Mr. Putin an invasion of Ukraine would cross a red line and result in sanctions and other consequences for Russia. We failed to deter Russia from this bloody four-year war, with over 400,000 Ukrainian casualties and over one million Russian casualties.

The 28-point peace plan is being reviewed by the leadership in Ukraine and NATO and it’s possible the peace plan will be amended, to secure greater support from Ukraine and NATO.

What’s clear from Russia’s actions in Georgia, Crimea and Ukraine is that U.S. and NATO deterrence failed. A credible deterrence strategy would have made it clear to Russia that their aggressive military behavior would have resulted in significant consequences, to include biting sanctions, pariah status and a likely military response.

China, North Korea and Iran, allies of Russia, are watching closely how the war in Ukraine ends. Indeed, their interest in what’s included in the peace plan and the consequences for Russia, given their invasion of a Ukraine that had security assurances from Russia – and the U.S. and United Kingdom – in the 1994 Budapest Memorandum on Security Assurances, which pledged to respect Ukraine’s independence, sovereignty, and existing borders.

Hopefully, none of Russia’s allies will view the Ukraine peace plan as license to foment trouble in their region. Clearly, China understands U.S. policy: A peaceful resolution of issues between China and Taiwan, in accord with the Taiwan Relations Act of 1979. North Korea knows that the U.S. has extended deterrence commitments to our ally in South Korea and Iran should appreciate – - especially since the June 2025 bombing of their Fordow nuclear facility -- that Israel is a close ally of the U.S, with strong security commitments.

Deterrence credibility is important. That’s why the U.S. is providing Taiwan with about $387 million in defensive arms sales in 2024. And that’s why we have a Washington Declaration with South Korea, enhancing the nuclear deterrence alliance. Iran saw clearly, with the bombing of Fordow, how close our allied relationship is with Israel.

These allies of Russia would be making a grievous error if they try to exploit any peace agreement with Russia to end the war in Ukraine. And Mr. Putin would be advised to comply with any peace accord to end the Ukraine war and to refrain from any future attempt to violate the sovereignty of any of the 32 NATO members.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Destroying Boats, Killing Crews, Escalating Risks: The Venezuela Gambit

OPINION — “Does the Coast Guard have legal authority to destroy a boat or to kill the crew with lethal force if there has not been a provocation?”

That was Sen. Andy Kim (D-N.J.), last Wednesday, questioning Adm. Kevin E. Lunday during the latter’s confirmation hearing to be the Commandant of the United States Coast Guard last Wednesday before the Senate Armed Services Committee.

Lunday answered, “Well, Senator, we're operating out there under our Coast Guard law enforcement authority as a law enforcement agency, a maritime law enforcement agency. And so that's not within our authority as a law enforcement agency during our Coast Guard operations under the Department of Homeland Security's authority.”

I begin with that exchange because to me, the heart of Lunday’s response – “that’s not within our authority as a law enforcement agency” – showed a senior military officer respecting the law under which he operates.

It also raises directly the question of under what law, or still-secret Justice Department interpretation of the law, is the Trump administration carrying out its destruction of alleged narco-trafficking boats and killing of crews – so far 21 boats and 83 dead crew members?

Before discussing, again, the legal issues surrounding the Trump administration’s military activity in the Caribbean, I want to lay out concerns about what the U.S. military is doing – beyond blowing up speed boats -- and how those actions, along with Venezuela’s reactions, could lead to a war no one wants.

On November 16, with the arrival of the USS Gerald R. Ford Carrier Strike Group, more than 15 percent of all deployed U.S. Navy warships are now positioned in the Caribbean Sea, a force greater than existed during the 1960s Cuban missile crisis. Remember, the earlier buildup included the USS Iwo Jima and its amphibious ready group with the 22nd Marine Expeditionary Unit (MEU) that has more than 2,200 Marines, MV-22 Ospreys, CH-53E helicopters, and landing craft.

Although U.S. Southern Command has said these forces are focused on counternarcotics efforts with regional partners, it has not commented or disclosed details on any other specific operations,

However, the New York Times reported Friday that “the U.S. Navy has routinely been positioning warships near Venezuela’s coast in locations far from the Caribbean’s main drug-smuggling routes, suggesting that the buildup is focused more on a pressure campaign against Venezuela than on the counternarcotics operation the Trump administration says it’s waging.”

At the same time, Air & Space Forces Magazine reported “multiple B-52H Stratofortress bombers [from Minot Air Force Base, N.D.] flew off the northern coast of South America on November 20,” on a “lengthy, nearly daylong flight, which a U.S. official said was a ‘presence patrol.’” At the same time that the B-52s were operating in the region, the U.S. also dispatched Navy F/A-18 Super Hornets from the Gerald R. Ford who then joined with a U.S. Air Force RC-135 Rivet Joint signals intelligence aircraft, the magazine reported.

“All the aircraft, including the fighters, switched on their transponders for parts of the mission, making them visible [to Venezuelan radar] on flight tracking data,” according to the magazine.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

From November 16 through November 21, elements of the Marine Corps 22nd MEU along with Trinidad and Tobago Defense Forces held joint training exercises in both urban and rural environments across Trinidad and Tobago, which is just seven miles away from the Venezuelan shoreline. Operations took place during daytime and after dark, and some incorporated 22nd MEU helicopters.

Last Saturday, Trinidad and Tobago Acting Foreign Affairs Minister Barry Padarath said that joint military training with Washington will continue. “We have said, very clearly, that part of our mandate from the nation has been to restore peace and security,” Padarath said, “and therefore we are partnering with the United States and continuing these joint efforts.”

All these past activities, plus President Trump’s threats, have caused Venezuelan President Nicolas Maduro to mobilize some 200,000 soldiers. With the announcement that the Gerald R. Ford was deploying to the Caribbean, Venezuelan Defense Minister Vladimir Padrino López raised the military alert levels in the country, according to El Pais newspaper. That meant, the newspaper wrote, “placing the entire country’s military arsenal on full operational readiness, as well as the massive deployment of land, air, naval, riverine, and missile assets; weapons systems; military units; the Bolivarian Militia; Citizen Security Organs; and the Comprehensive Defense Commands.”

Last week, Secretary of State Marco Rubio announced Monday’s U.S. State Department designation of Cartel de Los Soles, the Venezuelan criminal group Trump claims Maduro controls, as a “foreign terrorist organization (FTO).” Secretary of Defense Pete Hegseth said, “It gives more tools to our department to give options to the President,” and “nothing is off the table, but nothing is automatically on the table either.”

Sen. Rand Paul (R-Ky.), a member of the Senate Foreign Relations Committee and opponent of the attacks on alleged narco-trafficking boats, told Sunday’s CBS’ Face the Nation, “I think by doing this [naming Venezuela an FTO] they're pretending as if we are at war. They're pretending as if they've gotten some imprimatur to do what they want. When you have war, the rules of engagement are lessened.”

Looking at the political implications, Sen. Paul added, “I think once there's an invasion of Venezuela, or if they decide to re-up the subsidies and the gifts to Ukraine, I think you'll see a splintering and a fracturing of the movement that has supported the President, because I think a lot of people, including myself, were attracted to the President because of his reticence to get us involved in foreign wars.”

A CBS poll released Sunday showed just one in five Americans had heard a lot about the U.S. Caribbean military buildup, but of that knowledgeable group, 70 percent opposed going to war with Venezuela in the first place. In addition, 75 percent said Trump needed Congress’ approval before taking action in Venezuela, including just over half of Republicans.

Nominations for outstanding leaders in national security and intelligence are now open for the 2026 Cipher Brief Honors Dinner. Find out more here.

As for the legal side, Sen. Paul said, attacking boats “is really going against the rule of law in the way in which we interact with people on the high seas, and it has no precedent.”

At Wednesday’s hearing, Adm. Lunday gave the following explanation of how the Coast Guard legally carries out its non-lethal interdiction operations under maritime and U.S. laws.

“In the Eastern Pacific or the Caribbean or other locations, but principally in those areas,” Adm. Lunday explained, “we normally receive information. It could be from a surveillance aircraft or other means that there is a suspected drug smuggling boat that is headed north and then we will interdict that boat. We use an armed helicopter to disable the boat [by firing at their outboard engines] and then we will go aboard, seize the boat, and typically take a representative or take the samples, the cocaine that's on the boat if we can recover it. We'll destroy the boat as a hazard to navigation. Then we'll take the detainees who were operating the boat and we'll process them and…then arrest and then seek to prosecute.”

Lunday made clear “the helicopter interdiction tactical squadron which are…very specialized crews that do this work and they are trained and they're effective at disabling the engines. The time they would use lethal force was if they were fired upon from the drug smuggling boat under our mode of operating as a law enforcement agency.”

Near the end of last Wednesday’s hearing, Sen. Ben Ray Lujan (D-N.M.) asked Lunday, “Admiral, yes or no. Does the US Coast Guard have a role in these military strikes on vessels in the Caribbean or Pacific?”

Lunday responded, “Senator, thank you for the question. So, under our Coast Guard Maritime Law Enforcement Authority, we're not involved in the Department of War’s operations that you're describing. That's under the Department of War.”

Asked by Sen. Lujan if he had been to meetings about the strikes on vessels, Lunday replied he had “not been involved in meetings regarding those military activities specifically,” and later added, “I have not had a conversation with Secretary Hegseth about these strikes. No, Senator.”

Sen. Lujan closed by saying to the non-present Pete Hegseth: “Mr. Secretary, if you're out there, if you're listening to this…If you've ignored the Admiral, give him a holler, pull him in, have a good conversation, and learn from this wise person.”

That’s not a bad idea.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Delhi Blast and Pakistan’s Proxy War: Why Another Clash Looks Likely

OPINION — South Asia has once again returned to the global spotlight after a suicide bombing struck the heart of India’s capital on November 10. The bomber detonated explosives in a car near Delhi’s historic Red Fort, killing 13 and injuring 25 others. This attack—the first major attack in the Indian capital in over a decade—points to the threat of Pakistan-based terrorism beyond the border regions.

According to Indian authorities, the Delhi bombing was part of a broader plot that security agencies disrupted in the days leading up to the attack. The suicide bomber, allegedly recruited by the Pakistan-based group Jaish-e-Mohammad (JeM), reveals how Pakistan-backed outfits are upgrading their recruitment methods and fundraising tactics following Indian airstrikes in May that destroyed several of their operational centers. These developments highlight the fragility of regional security as both India and Pakistan edge closer to another military confrontation. With this backdrop, the United States must reassess its growing ties with Pakistan’s military establishment, which remains the epicenter of South Asia’s instability.

The Rise of a “White-Collar” Terror Network

Prior to the Delhi attack, Indian authorities uncovered a terror network across three provinces in India, including Jammu and Kashmir. Authorities seized nearly 2,900 kilograms of explosive materials near Delhi, including 360 kilograms of ammonium nitrate, confiscated assault rifles, and arrested at least ten doctors linked to the operation.

The scope of the seizure suggests that the “white collar” terrorist cell planned multiple coordinated attacks capable of mass casualties far exceeding the Delhi bombing. A hypothesis remains that the Delhi suicide bomber, Dr. Umar Nabi, acted independently after authorities preempted the larger plot and detained his associates. Nabi and another doctor from Kashmir were allegedly connected with JeM recruiters via Telegram and met their handlers in Turkey. It can be assessed with high confidence that the duo’s alleged meeting with their handlers overseas likely facilitated access to explosives, funding, and logistical support.

The revelation of the white-collar terrorist network in India marks a shift in Pakistan-based terrorist groups’ recruitment strategies—from radicalizing uneducated youth to mobilizing educated professionals with specialized skills. At the same time, JeM and other groups have shifted their financing from traditional banking channels to fintech platforms, mobile wallets, and decentralized digital payment systems. Together, these trends illustrate a strategic recalibration: a move toward more sophisticated, less detectable forms of proxy warfare aimed at destabilizing India’s internal security and social cohesion.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

The Pakistan Angle

A day after the Delhi bombing, another suicide attack outside Islamabad’s District Court killed 12 people. Pakistan’s Prime Minister Shehbaz Sharif and Defense Minister Khawaja Asif immediately blamed India, claiming the attacks were “orchestrated from Afghanistan at India’s behest.” However, the Pakistani Taliban (TTP) offshoot Jamaat ul Ahrar (JuA) claimed responsibility, contradicting the government’s narrative. Although no direct link has been established between the Delhi and Islamabad attacks, the latter exposes Pakistan’s deteriorating counterterrorism capacity and its flawed internal security policies. Official data from October indicates more than 4,700 terrorist incidents occurred in Pakistan this year alone, killing over 1,000 people despite 62,000 reported counterterrorism operations carried out by security forces. This paradox points to a chronic failure of strategy rather than a lack of effort.

Instead of reinforcing counterinsurgency grids in its northwest, Pakistan has relied on punitive airstrikes and heavy-handed tactics—often targeting civilian areas in Afghanistan. In early October, Pakistani jets carried out an airstrike in Kabul intended to kill TTP leader Noor Wali Mehsud. The botched operation, however, damaged civilian infrastructure and provoked international condemnation. Mehsud later released a video clip confirming he remains active within Pakistan, further embarrassing Islamabad. Additional airstrikes in Afghanistan’s Paktia Province killed three athletes, inflaming tensions along the Afghanistan-Pakistan border and triggering sporadic cross-border shelling. These misdirected operations have played directly into the TTP’s hands, enabling its expansion and emboldening more radical offshoots like JuA, which has increasingly targeted civilians in major Pakistani cities.

Pakistan’s motivations appear less about counterterrorism and more about geopolitical signaling. Its October 9 airstrike in Kabul coincided with Taliban Foreign Minister Amir Khan Muttaqi’s visit to India—the first such diplomatic outreach since the Taliban takeover of Kabul. The timing suggests Pakistan’s strikes were designed to warn Kabul against strengthening ties with New Delhi. Yet, Afghanistan has refused to yield and continues to deepen cooperation with India in healthcare and infrastructure development.

Nominations for outstanding leaders in national security and intelligence are now open for the 2026 Cipher Brief Honors Dinner. Find out more here.

Another Conflict Remains Imminent

As domestic terrorism surges, Pakistan’s civil-military leadership has diverted its focus to countering India’s strategic positioning in the region by inflicting punitive strikes on Afghanistan and increasing military cooperation with the interim government of Bangladesh, which is hostile to New Delhi. Simultaneously, Field Marshal Asim Munir, Pakistan’s Chief of Army Staff, recently consolidated power after parliament passed the 27th constitutional amendment, granting him sweeping authority and lifetime immunity from prosecution. This move has sparked widespread criticism within Pakistan. Three senior judges have resigned in protest, and prominent civil society figures warn that the country has entered a new phase of authoritarian rule. Munir’s expanding authority mirrors the military’s long-standing playbook: when legitimacy wanes, external crises—particularly with India—serve as instruments of political survival.

The conditions for another India-Pakistan confrontation are steadily aligning. Pakistan’s military, under domestic pressure, could once again resort to conflict with India to restore its standing. Meanwhile, Indian Army Chief General Upendra Dwivedi has warned that any future operation would be far more severe than Operation Sindoor—the codename for India’s May 2025 strikes on Pakistani terrorist and military infrastructure. General Dwivedi’s statement that territory remains the “currency of victory” signals India’s willingness to pursue limited territorial gains in Pakistan-occupied areas of Jammu and Kashmir in the event of renewed hostilities.

The May India-Pakistan conflict has set a precedent that Pakistan will use nuclear saber-rattling to secure a ceasefire with India. Yet, Indian strategists increasingly regard Pakistan’s nuclear threats as coercive posturing designed to provoke U.S. intervention rather than as credible deterrence. If another conflict erupts, India may not be deterred by Pakistan’s nuclear signaling. The Indian calculus appears to favor limited conventional offensives aimed at degrading Pakistan’s militant infrastructure and securing limited territorial gains while testing Islamabad’s actual nuclear resolve. Such a confrontation would dramatically alter South Asia’s deterrence dynamics and expose the fragility of Pakistan’s “bleeding India with a thousand cuts” doctrine.

Conclusion

For the United States, these developments present a dilemma. As I warned in The Cipher Brief in September, America’s national security priorities cannot align with Pakistan’s objectives in the region. Washington’s growing diplomatic and economic engagement with Pakistan risks undermining long-term regional stability if it fails to address Islamabad’s dual game—presenting itself as a counterterror ally while nurturing militant proxies.

Washington must reexamine the foundations of its Pakistan strategy. The United States should leverage its political influence and aid frameworks to condition engagement on measurable counterterror reforms: dismantling militant networks, enforcing digital financial oversight, and halting cross-border militant activity. Without such conditionality, the United States risks legitimizing a regime that fuels the very instability it claims to combat.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Information Warfare The New Frontline

Do Oil Sanctions Still Work?

DEEP DIVE — On October 22, 2025, in his boldest move yet to force Vladimir Putin back to the negotiating table, President Trump unleashed sweeping U.S. blocking sanctions on Russia’s energy giants — state-controlled Rosneft and privately held Lukoil, the two companies that pump nearly half of Moscow’s crude exports and bankroll the Kremlin’s war in Ukraine.

These aren’t slap-on-the-wrist measures. The designations freeze every asset these firms have in the U.S., ban American companies and citizens from any dealings with them, and put the world’s banks, refiners, and traders on notice: keep helping Rosneft or Lukoil, and you could be next under secondary sanctions.

Putin fired back quickly, branding the move an “unfriendly act” and vowing Russia “won’t bend,” but even he admitted “some losses are expected” as the Kremlin scrambles to shield its oil cash cow.

Markets didn’t wait for the dust to settle: Brent crude rocketed nearly 6 percent in a single day, hitting around $66 a barrel, as traders priced in the chaos. All eyes instantly shifted to the mega-buyers, India and China: would they defy Washington and keep discounted Russian oil flowing?

A month later, the squeeze is tightening: Russian Urals crude now trades at a painful $20 discount to Brent, Indian and some Chinese buyers have hit pause, and Moscow is desperately rerouting through shadowy intermediaries. With the U.S. wind-down window slamming shut on November 21, the big question looms larger than ever.

The sanctions hammer has landed hard — but will it finally cripple Putin’s war machine, or force Russia to get sneakier? And under what conditions do these measures actually bite?

“If you really work on sanctions and make them effective and implement them with rigor and offer a path out, they can be pretty effective. See Iran, South Africa, Libya,” Richard Nephew, a Senior Research Scholar at Columbia University’s Center on Global Energy Policy and a former U.S. sanctions official who served as the lead sanctions expert in the Obama administration’s Iran nuclear negotiations, tells The Cipher Brief. “If you do them as a way of just getting the press or activists to leave you alone, then they don’t work.”

The Theory of Oil Sanctions: Coercion via Crude

At its core, the rationale for oil sanctions is compelling and straightforward: many authoritarian regimes depend heavily on oil exports for a large share of their state revenue. By targeting the oil sector — blocking key companies, choking off trade, and denying access to Western finance — the goal is to slash those export earnings, intensify economic pain, erode the regime’s ability to fund wars or strategic ambitions, and ultimately force a behavioral change.

This logic has long been a cornerstone of U.S. foreign policy toward oil-rich adversaries like Iran, Venezuela, and now Russia, precisely because petroleum is both a strategic lifeline and a uniquely vulnerable pressure point. Over the past two decades, the overall use of economic sanctions has exploded, with energy sanctions standing out for their rare ability to deliver simultaneous economic and military leverage.

Yet experts caution that Washington often conflates pain with success.

“The U.S. often thinks about sanctions effectiveness the wrong way,” Rosemary Kelanic, Director of the Middle East Program at Defense Priorities, tells The Cipher Brief. “Effectiveness should be measured in terms of whether sanctions could achieve the desired policy outcomes, not just whether they impose costs.”

For Moscow, she stresses, the stakes are existential.

“Historically speaking, sanctions sometimes convince countries to give in on issues of minor importance, but they practically never compel countries to abandon vital national interests,” Kelanic continued. “For Russia, Ukraine is important enough to fight a long, slogging war over.”

In theory, when tightly enforced and backed by genuine international coordination, these measures can severely restrict foreign-exchange inflows, impose steep costs on rerouting exports, strain domestic budgets, curb military spending, and shift a regime’s calculus. In practice, however, the historical record reveals that outright success is elusive — evasion, adaptation, and incomplete coalitions often blunt the blow.

Why the Record Is Mixed

Even the toughest oil sanctions can falter without ironclad enforcement. Announcing penalties is easy; making them bite requires global banks, refiners, shippers, and buyers to comply. If Rosneft or Lukoil can still sell through opaque brokers, shadow tankers, or non-dollar deals, much of the intended pain evaporates. Treasury recognized this by explicitly threatening secondary sanctions against any foreign entity that continues to deal with the two giants.

Nephew says that the early signs of real pressure will be visible on shipping patterns.

“The biggest macro indicator will be whether we see prices going up, the semi-glut of oil being tapped, and oil coming off of the water,” he observed. “On a more micro level, if we see that there are additional sanctions being imposed on Russian cut-outs, if we’re seeing ports continuing to deny ships with oil, if we’re seeing indications of pipelines no longer carrying this oil into China. Those are the sorts of things that will be indicative of exports drying up.”

Russia, for one, has proven adept at evasion. After earlier measures, it built a vast “shadow fleet” of aging, untraceable tankers and rerouted most exports to Asia. A recent European Council on Foreign Relations report warns that unless Europe fully aligns — closing asset-divestment loopholes and mirroring U.S. measures — the squeeze will remain partial.

Global oil markets themselves have grown more resilient. The dollar’s once-dominant role has eroded; China, India, and others now buy discounted crude and settle in yuan or rupees. Iran’s exports collapsed under “maximum pressure,” then recovered to over 1.5 million b/d through similar workarounds. Russia has followed the same playbook, shifting nearly all seaborne volumes eastward since 2022.

Nephew points out that none of this is new.

“Smuggling has been a feature of sanctions forever,” he said, highlighting that alternative payment networks may look innovative. Still, countries have long relied on hawala-style systems to dodge banking restrictions. “What makes a difference is the commitment of governments to enforce sanctions and to pay costs to do so.”

Sanctions can also backfire. Disrupting supply often spikes global prices, partially offsetting the loss of volumes for the sanctioned producer. Brent jumped 5 to 6 percent the day Rosneft and Lukoil were hit, temporarily boosting Russia’s per-barrel revenue even as discounts widened.

Finally, pain tolerance matters. Oil and gas still fund roughly 25 to 30 percent of Russia’s federal budget, a heavy blow but not a fatal one. With once-huge reserves still significant, domestic repression to shift burdens to citizens, and eager buyers in Asia, Moscow can endure far longer than many Western policymakers expect. History shows that oil sanctions rarely force rapid capitulation; they inflict damage slowly and decisively only when the target is already economically fragile and internationally isolated. Russia, so far, is neither.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Making Oil Sanctions Work

Experts emphasize that oil sanctions can be far more effective if the U.S. and its allies act as a unified bloc rather than going it alone. The recent sanctions on Rosneft and Lukoil explicitly call on Europe and others to join by banning imports, seizing Russian companies’ assets, and closing loopholes that still allow some countries to buy discounted oil. Without this coordination, Russia reroutes its crude to willing buyers. Experts warn that half-measures create safe havens and sharply reduce the pain—true pressure demands everyone play by the same rules.

A second big fix is plugging the leaks in global shipping and finance. The new U.S. measures take a tougher line by directly threatening secondary sanctions against any bank, refiner, or broker that continues to deal with Rosneft or Lukoil. Better satellite tracking of ships and aggressive follow-through on those threats could choke off the underground routes that have kept Russian oil flowing despite years of sanctions.

Nephew argues that enforcement, not the sanctions themselves, was what made the Iran campaign effective. The BNP Paribas case, which carried massive penalties, showed banks that Washington meant business.

“We imposed really stringent sanctions that threatened a lot of people with ruin if they moved Iranian money,” Nephew recalled. “So long as the U.S. has an important economy, we’ll have some measure of economic power that can be used for sanctions power. We just won’t have as much ability to dictate terms; we’ll have to think about who to target and how. But, as for energy sanctions in general, so long as the world needs energy, denying it is going to carry weight.”

Kelanic also pointed out that the global oil system is more shock-absorbent than many assume.

“There’s plenty of oil that can cushion the market if any supply disruptions occur,” she explained.

That flexibility allows it to sustain pressure for longer without triggering global price spikes.

Third, sanctions work best when the goals are realistic and the timing is right. Asking Moscow to end the war overnight is unlikely to succeed; more achievable aims — like making new weapons harder to buy or keeping revenues low long-term — have a better shot, especially when paired with incentives, such as easing some restrictions for good behavior, and help for ordinary people caught in the crossfire. The global oil market has also changed dramatically: trades now happen in yuan or rupees through non-Western networks, so sanctions must constantly evolve to target those new pathways.

Oil Sanctions in Action: Three Big Examples Compared

The impact of oil sanctions depends heavily on the target’s strength, isolation, and resilience. Three recent cases show how different those outcomes can be.

Iran (2012–today): U.S.-led sanctions crushed Iran’s oil exports from 2.5 million barrels a day down to under 500,000 at their peak. It was excruciating and forced Tehran to the negotiating table for the 2016 nuclear deal. Yet once the pressure eased a bit, Iran bounced back; today it quietly ships 1.5 to 2 million barrels a day, mainly to China, using ghost tankers and creative payment tricks. Analysts underscore that sanctions can deliver massive short-term pain, but determined countries learn to live with them.

Venezuela (2019–today): Sanctions hammered the state oil company, PDVSA, and slashed exports, but Venezuela was already falling apart due to corruption, mismanagement, and hyperinflation. The regime lost a lot of cash yet made almost no real concessions — it just tightened its grip and kept surviving. Experts point out that if a country is already in free fall, additional pressure from sanctions doesn’t force significant political change.

Russia (2022–now, sharpened October 2025): Russia is different. It started with substantial cash reserves, a modern economy, and eager customers in China and India. The new direct sanctions on giants Rosneft and Lukoil are the toughest yet. Still, Russia has spent years building shadow tankers and Asian trade routes. Oil prices are down, and the discount on Russian crude is painful, but Moscow keeps exporting almost as much as before. Thus, when the target is big, rich, and has willing buyers outside the West, sanctions hurt but don’t quickly break the Kremlin.

A Tool Under Strain but Not Broken

Oil sanctions can hurt but they rarely force quick political surrender. Iran showed that sustained pressure can shift behavior, yet Russia and Venezuela demonstrate how resilient or already-collapsing regimes can absorb the pain and adapt. The new U.S. measures against Rosneft and Lukoil are the most challenging test yet of whether this tool can still bite in a more multipolar world.

Their impact ultimately hinges on strict enforcement, coordinated allies, closed loopholes, and whether the target is structurally vulnerable. Yet, if buyers keep finding workarounds and Russia keeps rerouting crude through shadow networks, the sanctions may sting without delivering major strategic change. The coming months will indicate whether oil sanctions remain a credible tool or drift into symbolism.

As Nephew puts it, “No tool works if it is applied halfheartedly, mildly or inconsistently.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Human Algorithm: Why Disinformation Outruns Truth and What It Means for Our Future

EXPERT PERSPECTIVE — In recent years, the national conversation about disinformation has often focused on bot networks, foreign operatives, and algorithmic manipulation at industrial scale. Those concerns are valid, and I spent years inside CIA studying them with a level of urgency that matched the stakes. But an equally important story is playing out at the human level. It’s a story that requires us to look more closely at how our own instincts, emotions, and digital habits shape the spread of information.

This story reveals something both sobering and empowering: falsehood moves faster than truth not merely because of the technologies that transmit it, but because of the psychology that receives it. That insight is no longer just the intuition of intelligence officers or behavioral scientists. It is backed by hard data.

In 2018, MIT researchers Soroush Vosoughi, Deb Roy, and Sinan Aral published a groundbreaking study in Science titled The Spread of True and False News Online. It remains one of the most comprehensive analyses ever conducted on how information travels across social platforms.

The team examined more than 126,000 stories shared by 3 million people over a ten-year period. Their findings were striking. False news traveled farther, faster, and more deeply than true news. In many cases, falsehood reached its first 1,500 viewers six times faster than factual reporting. The most viral false stories routinely reached between 1,000 and 100,000 people, whereas true stories rarely exceeded a thousand.

One of the most important revelations was that humans, not bots, drove the difference. People were more likely to share false news because the content felt fresh, surprising, emotionally charged, or identity-affirming in ways that factual news often does not. That human tendency is becoming a national security concern.

For years, psychologists have studied how novelty, emotion, and identity shape what we pay attention to and what we choose to share. The MIT researchers echoed this in their work, but a broader body of research across behavioral science reinforces the point.

People gravitate toward what feels unexpected. Novel information captures our attention more effectively than familiar facts, which means sensational or fabricated claims often win the first click.

Emotion adds a powerful accelerant. A 2017 study published in the Proceedings of the National Academy of Sciences showed that messages evoking strong moral outrage travel through social networks more rapidly than neutral content. Fear, disgust, anger, and shock create a sense of urgency and a feeling that something must be shared quickly.

And identity plays a subtle, but significant role. Sharing something provocative can signal that we are well informed, particularly vigilant, or aligned with our community’s worldview. This makes falsehoods that flatter identity or affirm preexisting fears particularly powerful.

Taken together, these forces form what some have called the “human algorithm,” meaning a set of cognitive patterns that adversaries have learned to exploit with increasing sophistication.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

During my years leading digital innovation at CIA, we saw adversaries expand their strategy beyond penetrating networks to manipulating the people on those networks. They studied our attention patterns as closely as they once studied our perimeter defenses.

Foreign intelligence services and digital influence operators learned to seed narratives that evoke outrage, stoke division, or create the perception of insider knowledge. They understood that emotion could outpace verification, and that speed alone could make a falsehood feel believable through sheer familiarity.

In the current landscape, AI makes all of this easier and faster. Deepfake video, synthetic personas, and automated content generation allow small teams to produce large volumes of emotionally charged material at unprecedented scale. Recent assessments from Microsoft’s 2025 Digital Defense Report document how adversarial state actors (including China, Russia, and Iran) now rely heavily on AI-assisted influence operations designed to deepen polarization, erode trust, and destabilize public confidence in the U.S.

This tactic does not require the audience to believe a false story. Often, it simply aims to leave them unsure of what truth looks like. And that uncertainty itself is a strategic vulnerability.

If misguided emotions can accelerate falsehood, then a thoughtful and well-organized response can help ensure factual information arrives with greater clarity and speed.

One approach involves increasing what communication researchers sometimes call truth velocity, the act of getting accurate information into public circulation quickly, through trusted voices, and with language that resonates rather than lectures. This does not mean replicating the manipulative emotional triggers that fuel disinformation. It means delivering truth in ways that feel human, timely, and relevant.

Another approach involves small, practical interventions that reduce the impulse to share dubious content without thinking. Research by Gordon Pennycook and David Rand has shown that brief accuracy prompts (small moments that ask users to consider whether a headline seems true) meaningfully reduce the spread of false content. Similarly, cognitive scientist Stephan Lewandowsky has demonstrated the value of clear context, careful labeling, and straightforward corrections to counter the powerful pull of emotionally charged misinformation.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

Organizations can also help their teams understand how cognitive blind spots influence their perceptions. When people know how novelty, emotion, and identity shape their reactions, they become less susceptible to stories crafted to exploit those instincts. And when leaders encourage a culture of thoughtful engagement where colleagues pause before sharing, investigate the source, and notice when a story seems designed to provoke, it creates a ripple effect of more sound judgment.

In an environment where information moves at speed, even a brief moment of reflection can slow the spread of a damaging narrative.

A core part of this challenge involves reclaiming the mental space where discernment happens, what I refer to as Mind Sovereignty™. This concept is rooted in a simple practice: notice when a piece of information is trying to provoke an emotional reaction, and give yourself a moment to evaluate it instead.

Mind Sovereignty™ is not about retreating from the world or becoming disengaged. It is about navigating a noisy information ecosystem with clarity and steadiness, even when that ecosystem is designed to pull us off balance. It is about protecting our ability to think clearly before emotion rushes ahead of evidence.

This inner steadiness, in some ways, becomes a public good. It strengthens not just individuals, but the communities, organizations, and democratic systems they inhabit.

In the intelligence world, I always thought that truth was resilient, but it cannot defend itself. It relies on leaders, communicators, technologists, and more broadly, all of us, who choose to treat information with care and intention. Falsehood may enjoy the advantage of speed, but truth gains power through the quality of the minds that carry it.

As we develop new technologies and confront new threats, one question matters more than ever: how do we strengthen the human algorithm so that truth has a fighting chance?

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because National Security is Everyone's Business.

Snatching Defeat from the Jaws of Victory

EXPERT OPINION – The recently leaked 28-point peace plan to end the war in Ukraine is nothing short of an appeasement that satisfies the maximalist demands of the aggressor in the conflict, Russian President Vladimir Putin. This is nothing short of the side on the verge of victory (eg, the free world) conceding to the side on the verge of defeat (Putin, the leader of the anti-west coalition). Sadly, it comes at a time when the situation on the battlefield is more or less a draw, both sides are effectively attacking energy infrastructure, and Russia’s economy is moving toward recession.

According to Russian data, third Quarter GDP growth in Russia was 0.6%. The expectation is that Q4 data will show the beginning of a recession. Sberbank has just decided to let 20% of their workforce go. Russia has for the first time, begun to sell gold reserves, presumably to make up for lost revenue from the recently imposed sanctions on Rosneft and Lukoil. Russia’s wartime transition to a command economy is not sustainable with a declining workforce sapped by the loss of young men sacrificed in Ukraine and those who have voted with their feet by leaving Putin’s kleptocracy.

The key points of the 28-point plan amount to nothing less than surrender by Ukraine and make in vain the sacrifices made by their valiant soldiers and citizens in their three plus years of war of full-scale war since Russia’s deadly invasion.

The agreement will be remembered in history with the same ignominy of the Munich Agreement of 1938 and will have the same consequence of setting the stage for a larger war to come.

Perhaps most egregious in the terms of the draft agreement is the re-establishment of the Russian Orthodox Church in Ukraine and the establishment of Russian as the official language. This indignity on top of the kidnapping of hundreds - if not thousands - of Ukrainian children to Russia and the forced conscription into the Russian army of men from Russian occupied territory. Then, of course, there is the massacre of innocent citizens by Russian soldiers in places like Bucha, all of which will go unaccounted for under the draft agreement. No judgement at Nuremberg for Russian war criminals.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

The plan U.S. officials have negotiated is nothing more than cultural genocide against the people of Ukraine. That the U.S. would be part of an agreement that almost certainly would result in the arrest, deportation and incarceration of a generation of brave Ukrainians who have bravely resisted Putin’s aggression is simply unthinkable.

Mr. Trump, every member of your national security team should be required to watch episode nine of the brilliant HBO series Band of Brothers. The episode’s title is “Why We Fight” and the reasons for standing up to autocracy and evil portrayed in that episode are perfectly applicable to the situation today with the free world standing strong against the aggression of a malevolent dictator.

The Trump Administration’s desire to end the violence in Ukraine is commendable, but not at the price of setting the stage for the next war by giving victory to the aggressor. The men who reportedly negotiated the key points of the agreement have no experience dealing with Russia or Russians of the KGB ilk. The promises of “peace” offered by the Russian side are a chimera at best. Putin and the gang of thieves in his government know perfectly well how to manipulate representatives of the character of Steve Witkoff, President Trump’s real estate specialist now in charge of negotiating with Russia over Ukraine. Perhaps those negotiators are working with the idea of “Commander’s intent” that the President believes an agreement can be reached and counted upon with a counter-party like Putin. This is a serious misjudgment with serious consequences.

Those who have studied Putin for decades, understand clearly that he wants nothing but the destruction of the United States, our system of government and the set of ideals for which we stand. This is core to his beliefs. Putin and his security services will do everything they can to undermine the United States. One should not be surprised if the Russian services do not use every opportunity in the context of the Epstein revelations to attack every angle of the political spectrum in the U.S. that they can, including President Trump.

President Trump is now facing the most significant foreign and national security moment of his presidency. It appears the representatives he has chosen to negotiate with the Russian side have left him in a position to be remembered forever in history as the Chamberlain of the 21st century. Mr. Trump would do well to recognize that history does not remember Neville Chamberlain for any achievements in his political career in economic or domestic policy in Great Britain. He is remembered solely for Munich and "peace in our time". Mr. Trump is setting himself up to be remembered by history similarly. Sadly, it could also be the legacy of the country that was once the pillar of strength of the free world.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I Was Cheney's CIA Briefer: This is the Dick Cheney I Knew

EXPERT PERSPECTIVE — About a week before being interviewed by Richard Bruce Cheney about whether I would be the right person to serve as his national security briefer, I broke a bone in my left foot. While bounding down the stairs at home in a rush not to be late to a meeting at the National Security Council, I missed a step. So, rather than spending the morning at The White House, I spent it at a doctor’s office getting a big, goofy, purple cast on my left leg. Fantastic. How better to exude to the Vice President of the United States that I would be competent as his President’s Daily Brief (PDB) briefer, than hobbling into the interview with a cast? Somehow, I got the job.

During the presidency of George W. Bush, the President and Vice President’s PDB briefers met and traveled with them six days a week, sometimes seven. We would awaken every morning around 1:00am to prepare what is known as the “Book” and accompanying material. The Book was the President’s Daily Brief itself, a brutally concise, relatively short collection of intelligence analyses produced at that time, by just the CIA; it went to a short list of designated policymakers. All who received it also got morning briefers to accompany and expand on the content as needed and to take taskings, but only those for the President and Vice President routinely traveled with them. In addition to the PDB, there was “behind-the-tab” material for all recipients except the President. In Cheney’s case, I decided—with zero supervision or coordination—what he also needed to see, per my judgement. Raw intel, press pieces, book summaries, graphics, and anything else that I thought could be useful.

I generally briefed the then-Vice President at the Naval Observatory, the official residence for U.S. vice presidents. But just a week into the job, I accompanied him on Marine Two to Camp David, where he would attend some meetings. Thus began a rapid, daily learning curve into who this man was - starting with how he treated others.

“Others” fell generally into two categories with little gray area between—those he respected and those he did not. People in both categories usually knew where they stood, and Cheney didn’t manifest different orientations toward people based on their societal stations in life. This was a man whose default setting was to show courtesy and respect toward others unless they convinced him otherwise. Every one of his ushers, central members of the residence staff, told me individually - with zero nudging from me - that they liked the Cheneys much more than they liked their predecessors. Why, I asked. Because the Cheneys always showed respect to them, their time demands, they told me. As for those in the other category? Many of us recall Cheney telling Senator Patrick Leahy to “go f*** yourself” on the Senate floor in 2004. He also bluntly expressed his opinions on a wide range of actors and even nations to me during our time together. Few if any fell into gray area.

Nominations for outstanding leaders in national security and intelligence are now open for the 2026 Cipher Brief Honors Dinner. Find out more here.

Cheney consistently hosted the longest of the PDB sessions across all PDB recipients of that Administration, a reflection of his intellectual curiosity, the endless stacks of books and other things he read, his many years of navigating the U.S. Government and geopolitics, and the fact that on most mornings, he went from his briefings with me to attending PDB sessions with his boss. I always had at least 30 minutes with him, and on mornings when events or travel altered the President’s schedule, my sessions could stretch beyond 90 minutes.

Something that was reflected in his time commitment to those PDB sessions was that, among being many things, Dick Cheney was an overachiever of the world-class order. Whatever task, duty, mission, strategic pursuit that might be in his cross hairs, he would be utterly prepared. This part of him of course helped land his stint as the youngest White House Chief of Staff in history, under President Gerald Ford.

Much has been written about Cheney’s role and actions in the immediate wake of 9-11; I came after, during the run up to and consequences following America’s second invasion of Iraq. Because of when I briefed him and the job I took immediately afterward in July 2003 - Chief of CIA’s Iraq enterprise covering military, political, leadership, and economic analysis - I draw from a unique combination of perspectives to offer context on the Iraq, Dick Cheney story. Some will be surprised by what I saw including during NSC meetings chaired by President Bush and attended by Cheney when I sat in as the 'plus-one' for the CIA Director or for the Director of National Intelligence.

On March 16, 2002, Dick Cheney said on NBC’s Meet the Press, “I think things have gotten so bad inside Iraq, from the standpoint of the Iraqi people, my belief is we will, in fact, be greeted as liberators . . . I think it [the invasion] will go relatively quickly . . . weeks rather than months.” As we now know, he - and other seniors in the Bush Administration - could not have been more wrong.

Not long after we invaded Iraq in March of 2003, violence there began to swell up, and soon thereafter the CIA enterprise I headed gave President Bush and Cheney - their first and highly unwelcome dose of the “I” word: insurgency. Early on, Bush and other Administration seniors explained the sources of the violence as “criminals, regime dead-enders, or trouble-makers” pushed into the country by Iraq and Syria as operatives. But in the summer of 2003, we put a PDB into the Oval Office arguing that an organized and indigenous insurgency was quickly developing. Feedback from Bush’s PDB briefer that morning was “The President was so angry he came off his chair. He wants a memo tomorrow morning recounting when we warned him this was coming.” A lot people worked overnight to produce that 4.5-page piece, which delivered what was asked.

At some point between that initial shock and late summer, fall of 2003, Cheney - whom we had briefed in more detail on the insurgency, told us “The President needs to hear this.” Consider that one of the Administration’s most vocal and influential advocates of invading Iraq, who had been on record saying the effort would be easy and short, had now turned to persuading Bush and his entire NSC that we faced an insurgency in Iraq. Cheney knew that this information, once it entered the public arena, would likely get himself as well as President Bush eviscerated by the media and by critics. But that seemed to matter little to him; the United States was underestimating what it was now facing in Iraq, and Cheney’s focus became aligning policy with reality.

A few days before Veterans Day in 2003, someone in the CIA Director’s office told me there would be a briefing that day for Bush’s NSC on Iraq that I would lead. Cheney had facilitated this. I also was told I could take one analyst of my choice, but I knew some on the NSC would push back hard and would expect "in the weeds" details of our analysis, so I subbed myself out and sent two senior analysts who knew the weeds - a superlative military expert and a political-analyst counterpart.

It was a PhD and former Marine CIA military analyst in my Iraq enterprise who forced then Secretary of Defense Don Rumsfeld and others to accept that an insurgency was emerging in Iraq. The analyst’s most persuasive moment came when Rumsfeld argued forcefully that there were several and differing definitions of insurgency, making use of the word confusing at best and inaccurate at worst. That military analyst calmly but firmly summarized the two most widely accepted definitions and illustrated that the CIA’s conclusion was based on the one observed by Rumsfeld’s Department of Defense. The analyst also laid out premises needed to justify that definition, all of which all in the room were seeing. Bush declared acceptance, noted that NSC members had to be square with this reality among themselves, and requested all to avoid the word insurgency in public.

Let me close with an insight that sheds light on Cheney’s near obsession with going into Iraq to find WMD and then showing a level of comfort with enhanced interrogation techniques that many find appalling.

One morning after a PDB briefing with me, Cheney sat back and recounted some history following the Gulf War, during which he was Secretary of Defense. He reminded me with some energy that during interrogations of Saddam Hussein’s son-in-law Hussein Kamel, who defected temporarily, we learned that Iraq’s nuclear-weapons program was further along than we had assessed. Rather than a form of scolding for off-the-mark CIA analysis back then, this perspective he was sharing signaled an acknowledgement that I knew the weight of his role in persuading Bush ’43 to invade Iraq—and in his mind, he had good reason. If we were underestimating Saddam’s WMD program again and Osama bin Laden gained access to any part of it, the consequences for Americans would be catastrophic.

The Economist Magazine recently summarized the unwavering sense of duty to nation felt by Cheney. In the closing words of its obituary in reference to criticism about his posture toward countering terrorism, and on being wrong about WMD in Iraq, The Economist wrote: “He was unmoved . . . He was, as always, just doing his job. Trying to protect America.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

How Myanmar’s Generals Crushed Democracy — And What Comes Next

OPINION — After decades of military rule in Myanmar, free and fair general elections were permitted in 2015 and the National League for Democracy and its leader, Aung San Suu Kyi, won by a landslide. In February 2021, a military coup d’etat installed General Min Aung Hlaing as the acting president, and imprisoned Aung San Suu Kyi, the de facto head of state and recipient of a Nobel Peace Prize in 1991 for her non-violent struggle for democracy and human rights in Myanmar.

The military coup has brought death and suffering to the people of Myanmar. Recent figures from the United Nations estimate that over 6,000 civilians have been killed by the military, including over 1,000 women and 695 children. According to the United Nations, over 62% of verified civilian deaths result from airstrikes and artillery barrages by the military. And more than 3.5 million people have been displaced within Myanmar since the military coup, with hundreds of thousands more seeking refuge in neighboring countries.

Anti-coup resistance forces are active in Myanmar, to include the People’s Defense Forces and ethnic armed organizations. The National Unity Government, an exiled government of elected politicians who were ousted in the coup, provides leadership, funding and support to the various resistance groups that often coordinate activities to fight the military junta, to restore democracy to Myanmar.

According to the United Nations, since the February 2021 coup, the military junta has imported over $1 billion in weapons, raw materials, and dual-use goods from several countries, with Russia and China topping the list of suppliers. Russia’s state arms exporter, Rosoboronexorrt, was instrumental in providing the military junta with over $400 million of weaponry: attack helicopters, fighter jets, missiles, drones, and radar systems. And for the world to see, there were joint naval exercises between Russia and Myanmar’s military junta.

China has resumed normal relations with the military junta and its various ministries, in addition to providing Chinese Y-8 transport planes. China is quite open about its political engagement with the military junta and, working with Russia, resists United Nations efforts to condemn the junta.

What has been disappointing is the inability of the Association of Southeast Asian Nations (ASEAN) to influence Myanmar’s military junta and restore democracy to Myanmar. Indeed, in April 2021 ASEAN adopted a “Five-Point Consensus” to stop the violence, initiate a dialogue and appoint a special envoy to oversee progress in restoring democracy in Myanmar. The military junta has basically ignored ASEAN and the five-point consensus, despite ASEAN’s engagement with the military junta, thus providing legitimacy with a regime committing grave abuses.

Malaysia, as the 2025 ASEAN Chair, has been proactive in pushing for a ceasefire and meaningful dialogue with resistance forces. Indonesia has been supportive and hopefully other ASEAN members will be equally supportive of a cease fire and dialogue with multiple ethnic armed organizations, to include the National Unity Government and the People’s Defense Forces.

The military junta announced phased elections in December 2025 through January 2026. There is understandable concern that this will be a sham election, designed to legitimize the military junta and its leader, General Min Aung Hlaing.

The United Nations, ASEAN and the U.S. should demand that they be permitted to send election monitors to Myanmar to certify that the election was fair and open to all the people.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Russia’s Intelligence Services After the War

EXPERT PERSPECTIVE — Russia’s intelligence services (RIS) have failed spectacularly in Ukraine: in planning, execution, and analysis, yet they will face no reckoning. Vladimir Putin cannot afford to hold the SVR, GRU, or FSB accountable because they are not merely instruments of the state; they are the pillars of his personal power. The RIS misled the Kremlin into believing Ukraine would fall in days, Europe would divide, and NATO would hesitate. Instead, they exposed the rot at the core of Russia’s national security system: corruption, internecine rivalry, and a profound detachment from reality. Understanding this dynamic matters for the West because it reveals not only how Russia fights its wars but how it fails, and how it will likely fight again.

As the war approaches its fourth year, the front lines have grown static, and speculation about an eventual end has returned. Certainly, the world hopes for peace and relief from the suffering that has defined Europe’s largest land conflict since 1945. Yet even when the drones stop flying, Ukraine’s struggle to rebuild will begin, and within the Russian government another kind of reckoning will unfold. The aggressor’s armed forces and intelligence services will take stock of losses and lessons learned. But unlike in the West, where failure invites inquiry and reform, Russia’s services are more likely to protect the system that failed them and pin any blame on each other.

Russian post-war accounting will not play out like we in the West might imagine. We are accustomed to commissions and legislative investigations after wars and major national security events, often resulting in harsh criticism for various agencies, and sweeping reforms. In Russia, however, Putin will largely give the RIS a pass.

To understand why, it is important to understand the roles the RIS played in the war and in the Russian government more broadly. The SVR (the Foreign Intelligence Service), the GRU (the Main Intelligence Directorate - military intelligence), and the FSB (the Federal Security Service), serve first and foremost as Putin’s Praetorian Guard. Their primary responsibility is securing his regime and hold on power. Moreover, Putin rose up through the RIS ranks in the KGB, and later held the post of FSB Director. His feelings toward the RIS are hardly objective. The reputations of Putin and the services are inextricably linked. Anything that significantly tarnishes the highly cultivated myth of RIS omnipotence inevitably damages his own hold on power.

If Putin and the “siloviki” (strongmen) who make up his inner circle try to call the RIS to account for their performance when the fighting stops, the one thing all three services will argue is that the war was an absolute success. Each will extoll their roles with little regard for the number of Russian lives lost and military assets squandered. Going back to Tsarist and Soviet times, casualties and human suffering were never a mark for a war’s success or failure in Russia. The RIS will focus on territory gained, Ukraine’s membership in NATO being halted (from their optic), and the alliance, they will claim, weakened. They will ignore the addition of two capable new members to the alliance (Finland and Sweden), the doubling of the length of NATO’s border with Russia, and the resuscitation of NATO’s military spending and defense industrial base. Facts will not stop the RIS from claiming success with Putin. But it is useful to further break down some of their likely claims, and actual performance, by service.

The SVR: “Speak up Sergey!”

Among the RIS, and especially relative to the FSB, Putin has never been particularly fond of the foreign intelligence service, the SVR. Its claims of success on Ukraine will likely not impress him or the other siloviki much. Recall Putin’s public dressing down of SVR Director Sergey Naryshkin on Russian TV in the days before the invasion for indecisiveness: “Come on Sergey, speak up, speak plainly!” But Sergey did not speak up, nor make much of a difference in the war.

Since they do not have troops or special ops elements in the war (their main Spec-Ops team, ZASLON, is used more for protection abroad), the SVR will likely try to boast of the success of its “active measures” operations. This is the traditional term the Russians have used for covert influence and disinformation activities intended to weaken, confuse, or disrupt their adversaries. Their modern term, however, is to refer to them as “measures of support” (MS). The SVR has an entire “Directorate MS” devoted to this line of operational work: using troll farms, social media, cyber operations, and recruited agents of influence to meddle in the internal politics, public opinion, and elite decision-making of its adversaries to Russia’s advantage. The Russians believe their active measures contributed to their successes in the Georgia invasion in 2008 and occupation of Crimea and parts of the Donbas in 2014. They believed they confused and stunted the West’s response and, to a degree, they were right.

But the SVR will have trouble claiming active measures succeeded in the current Ukraine war. They will perhaps try to sell Putin that the SVR sowed confusion at critical policy decision points when the U.S. and its European allies were not always in sync—hesitation in providing this or that weapons system, unity or lack thereof at times on sanctions, asset seizures, etc. Their efforts, however, did not materially alter Russia’s failure to achieve its war aims. If they were effective at all, it was only in the margins. There will be no dramatic accounting for the SVR but expect to see the SVR’s relative influence decline among the RIS, a continuation of trend since Putin’s rise to power.

GRU: Plowed into the Grinder, and Re-Special Purposed

The GRU will likely point to the various sabotage acts, conducted in Europe after the invasion, some successful but most not, including exploding packages, industrial arson, cable cuts in the Baltic Sea, and assassinations, or attempts at them. These are the purview of the GRU and its various numbered units, such as Unit 29155, which was behind both the attempted assassination of GRU defector Sergey Skripal in the UK in 2018, and likely also the thwarted assassination plot against the CEO of Germany’s Rheinmetall in 2024. The Lithuanian government is convinced the GRU also was behind the crash of a DHL plane that same year. But these actions failed in their primary mission, to intimidate and deter Europe and NATO from assisting Ukraine. If anything, the actions have only emboldened members to continue support for Ukraine.

Another shocking GRU failure, one heavily criticized in Russia’s pro-war blogosphere but receiving less attention in the West, was its squandering of precious, highly trained Spetsnaz units on the Ukrainian battlefield. There are nine Spetsnaz, or “Special Purpose,” brigades under the GRU’s 14th Directorate (roughly analogous to Tier 1 elements in the U.S. SOCOM). Nearly all were heavily deployed in Ukraine, and all suffered extremely heavy casualties. The planned decapitation strike against the Ukrainian leadership in the first days of the war, spearheaded by Spetsnaz units, was a complete and costly failure (the failed seizure of Hostomel airport was part of this). Many Spetsnaz were also used foolishly in frontal assaults and to plug gaps in forward lines when Russian “kontraktniki” (paid soldiers, but often supplemented in frontline units with conscripts) failed. GRU Spetsnaz have a storied history and culture. It will be hard for them to recover the reputation for being “elite” without notable successes to point to in Ukraine. They failed to impact the direction of the war in any significant way.

As with the SVR, the GRU will likely avoid any dramatic negative consequences. There will probably be some modest reorganizations, just as there have been since the collapse of the USSR. In fact, the GRU is technically not even called the GRU any longer. It was formally redesignated the “GU” (Main Directorate), although many stubborn officers still refer to themselves as “GRU-chniki.” One reorganization has already occurred since the war began, the standup of something called the Department for Special Tasks (SSD). Its function and exact composition are still not fully known, but it appears to combine various Russian-termed “direct actions” (e.g., assassinations, sabotage) units, such as Unit 29155, into a unified structure. The SSD is broadly equivalent to the CIA’s Special Activities Center in terms of covert action, but dwarfs it in size (and the CIA is bound by law not to carry out assassinations). The GRU is a mammoth bureaucracy and it will likely only grow more after the war.

FSB: Failed, But Still Putin’s Favorite

Despite their many failures, there will be few significant negative consequences for the FSB, which Putin once ran. In many ways, though, the FSB’s shortcomings in Ukraine were the most egregious and consequential. The FSB was in charge of the war’s planning, particularly the hybrid dimensions, or what Russian doctrine refers to more broadly as “non-contact war.” The FSB's lead for the Ukraine invasion was its Fifth Service, which heads up both operational analysis and reporting to the President on the war. The FSB has organizational primacy for RIS operations in the “near abroad,” i.e., the states of the former USSR, including Ukraine. In the pre-war planning phase, the Fifth Service was wrong about everything: wrong about Ukrainian resilience, wrong about how quickly and substantially Europe and NATO would react, and wrong about the FSB and Russian Armed Forces’ capabilities on the ground.

FSB Spetsnaz units Alpha and Vympel all participated in the war, but like their GRU cousins, they have not distinguished themselves. Still they are still frequently lauded in the Russian press for “actions that cannot be disclosed.” The FSB also has the lead for cyber operations against Ukraine with its 16th Center, but those cyber-attacks have not materially altered the direction of the war in Russia’s favor. The battle over bytes was not won in any way by Russian FSB hackers, whose ranks were bolstered by Russian criminal groups hacking for the state and their coffers.

The FSB will likely be the RIS agency most affected by the war. But instead of accountability for failure, its power and influence will likely only grow. First, because of all the services, the FSB, in its secret police role, is the critical player in securing Putin’s rule. In the bureaucratic pecking order, the FSB sits at the very top and will remain there. FSB Director Alexander Bortnikov holds the military rank of full General, and he is treated as such by Russian military generals, despite never having served in the military. Second, if there is a formal investigation or after-action when the fighting stops, the FSB will lead it, just as it did in the investigations of the 2002 Nord-Ost theater terrorist attack, the 2004 school seizure in Beslan, and the more recent Crocus City Hall terrorist attack in 2024, each of which involved breathtaking intelligence and operational failures, but did not have significant negative repercussions for the FSB. The FSB pretends to clean up after it performs incompetently.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

In conclusion, the one thing the West can count on is that the Russian services will continue to relentlessly compete with and back-stab one another. There is no “intelligence community” in Russia remotely similar to the one we have in the United States. The rivalries within our community pale in comparison. This presents opportunities to recruit personnel from all the RIS services, many of whom will have lost colleagues in the war for a cause and for leaders whose competence an increasing number of them will come to doubt. This and the pervasive corruption in Russia are still strong incentives for espionage against those who have led Russia down this disastrous path.

The RIS will not prevent another war for Russia; if anything, they will foment one. Before they do, the US and our allies must understand these failures, but also, and critically, the Russian services’ likely self-evaluation and the lessons they themselves will draw, or fail to draw, from those lessons. When the current war ends, Putin may plan another intervention or aggression--in Europe, again in Ukraine, or elsewhere. Before he does, we need to be ready to counter the next iteration of the FSB, GRU, and SVR tactics to encourage and support war. We can better do so by studying their playbook and some of their attempted actions, and dramatic failures.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Downside to Mission Focus: Why the Intelligence Community Should Not Forget to Look Inward

OPINION — Not long ago, I was talking to an old friend and China analyst about the need for Intelligence Community (IC) analysts to spend significantly more time looking at themselves and their own agencies, processes, procedures, habits, biases, etc.—in other words, to be more introspective. I thought this an uncontroversial assertion as it has been well established in management literature that healthy organizations have robust introspective proclivities. But his response proved me wrong: “Do you have any idea what my read pile looks like? I have no time for navel-gazing.”

The above comment beautifully captures not only the IC’s aversion to introspection but also what is probably the main reason for that aversion—our “mission focus.” In fact, for most of us “mission, mission, mission” becomes a mantra from the day we take our oaths. But that admirable mission focus also comes with a very real downside: we tend to see introspection as a distraction from the mission rather than as a prerequisite to mission success. Add to that another compelling reason for our aversion—our historical and cultural wariness about looking at “blue” (U.S.-related) issues—and the roots of our introspective deficiencies quickly become evident.

That said, our aversion to introspection might well be disputed by some observers. After all, most of us take multiple personality assessments (e.g., Myers Briggs, DISC, etc.) during the course of our service. Additionally, we do have many of the trappings of an introspective community: organizations (e.g., National Intelligence University, Center for the Study of Intelligence, etc.), personnel (e.g., methodologists, tradecraft specialists, historians, etc.), and publications (e.g., NIU’s Research Notes, Shorts and Monographs; CIA’s Studies in Intelligence, etc.) that are specifically dedicated to thinking about the practice of intelligence. Why, then, do I posit that we are not sufficiently introspective?

Well, relative to the IC’s size, the aforementioned trappings are, by any measure, tiny. Moreover, although a sub-community of extraordinarily introspective officers exists, the majority of them are at their most introspective when—and because—they are not working on the line. As part of my research, I talk to many intelligence officers, especially line analysts. And in doing so I never fail to be amazed at how few seem to view routine introspective activities as vital to high performance. Sure, they see value in the occasional class, tradecraft-focused article, or ticking off the boxes on an Intelligence Community Directive 203 (Analytic Standards) checklist. But as a systematic, thorough, and routine activity? Not so much.

Given this, the IC needs to fundamentally reassess its whole conception of introspection. No longer can it be sufficient to expect introspective initiatives to be carried out mostly by non-line or support entities, although their foundational introspective efforts will remain vital supports to mission. Rather, on top of that foundational work, the IC must start building introspective activity into the regular routines of officers actively and directly working on the mission. Just as practicing doctors and lawyers are required (at least on paper) to engage in self-assessment—”reflective practice”—even as they confront ever-increasing numbers of patients and caseloads, intelligence practitioners too must consciously invest time and thought in regularly reflecting on how we conduct our work and ways in which we could better achieve our mission.

There is no set form this reflective practice must take. It could be conducted in a group, individual and/or hybrid format. The only aspects that are non-negotiable are that it be regular, resourced (particularly with regard to time), and required.

Ultimately, and as mentioned at the outset, healthy organizations have strong introspective tendencies. It is crucial then, that the IC reconceives and incentivizes introspection as a fundamental prerequisite to mission success and not the distraction or “navel gazing” it too often is deemed to be.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Two-Front Nuclear Challenge: Iran, North Korea, and a New Era of U.S. Deterrence

DEEP DIVE — While Washington is focused on Iran’s accelerating uranium-enrichment program and increasingly aggressive regional posture, an equally consequential shift is unfolding with seemingly less fanfare: North Korea’s rapid nuclear and missile advancements are quietly reshaping the global threat landscape.

For U.S. policymakers, the danger is no longer a pair of isolated challenges but a converging two-front nuclear problem—one that threatens to push America’s deterrence posture, crisis-management capacity, and alliance coordination closer to a breaking point. To understand how these two fronts could interact, experts emphasize that Iran and North Korea share a long-standing strategic alignment.

“The Iran–North alliance represents a four-decade-long partnership driven by shared hostility toward the United States, economic needs, and strategic isolation,” Danny Citrinowicz, a nonresident fellow with the Atlantic Council’s Middle East Programs and former head of the Iran Branch in the Research and Analysis Division (RAD) in Israeli defense intelligence, tells The Cipher Brief. “The Iranians need to rearm and prepare for another campaign, which requires additional and fresh thinking regarding the depth of the relationship between Tehran and Pyongyang.”

He also warns that this moment may become an inflection point.

“If Iran seeks to change its nuclear strategy, it could ask North Korea for nuclear bombs or highly enriched material or spare parts for the destroyed nuclear facilities, such as the conversion facility in Isfahan,” Citrinowicz continued. “The potential damage in the event of such an event is so severe that it is essential that the intelligence organizations of the United States, South Korea, and Israel identify signs of this.”

Pyongyang’s Nuclear Threat

Despite UN sanctions and diplomatic efforts, a recent Congressional Research Service (CRS) brief underscored that North Korea continues to surge forward with both nuclear-weapons and ballistic-missile development. For Kim Jong Un, analysts note, nuclear weapons are a guarantor of regime security, and he has no intention of abandoning them.

North Korea’s nuclear doctrine and capability sets are evolving in troubling ways. The 2025 CRS brief states that a September 2023 law expanded the conditions under which Pyongyang would employ nuclear weapons, lowering what had been a high threshold for use. The same report noted the regime “promised to boost nuclear weapons production exponentially and diversify nuclear strike options.”

On the delivery side, the brief outlines how North Korea is fielding solid-fueled road-mobile ICBMs, sea-based launch systems, and pursuing multiple warheads on a single missile — all elements that raise the question not just of deterrence but of crisis stability and escalation control. In short, Pyongyang appears to be reaching toward a survivable deterrent — or perhaps a warfighting capability — that can impose calculations on the U.S. and its allies in a far more challenging way than before.

“Kim’s investment in new nuclear-capable delivery systems reflects the strategic importance of the country’s nuclear arsenal,” Kelsey Davenport, Director for Nonproliferation Policy at the Arms Control Association, tells The Cipher Brief. “North Korea is better positioning itself to evade and overwhelm regional missile defenses and target the U.S. homeland.”

Treston Wheat, chief geopolitical officer at Insight Forward, reinforces that intelligence picture, stressing that open-source assessments now “frame North Korea as a maturing nuclear-warfighting state,” with doctrine “trending toward first-use options in extreme regime-threat scenarios.” He notes that U.S. intelligence already evaluates Pyongyang as having achieved miniaturization: “A 2017 DIA assessment judged DPRK miniaturization sufficient for SRBM-to-ICBM delivery.”

Taken together, those capabilities point to a shifting threat environment for Washington.

“North Korea has tested missiles with the range necessary to target the continental United States,” Davenport underscored. “U.S. military planners have to assume that North Korea can target the United States.”

Iran’s Nuclear Surge

Meanwhile, Iran is not standing still. Tehran has begun openly emulating aspects of Pyongyang’s nuclear playbook, indicating that if Western strikes against Iranian nuclear infrastructure forced Tehran to go underground, it could adapt quickly. That duality matters: Iran can arguably deploy its program overtly, under inspection and diplomatic cover, but at some threshold, it may decide the only path to survival is accelerated weaponization. If that happens while North Korea is already pushing new strategic capabilities, the U.S. is confronted with two simultaneous flashpoints — one in the Middle East, the other in Northeast Asia.

Deterrence, by definition, demands clarity of purpose, credible capabilities, and correctly calibrated signals. When the U.S. must manage a nuclear-armed North Korea and a near-breakout Iran at the same time, the risk is that strategic bandwidth becomes overstretched.

“Despite the failure of that approach, Iran maintains that its nuclear doctrine is unchanged and it does not intend to pursue nuclear weapons,” Davenport noted. “(But) without a pragmatic diplomatic approach that addresses Iranian economic and security concerns, Tehran’s thinking about nuclear weapons could shift.”

That potential shift in Tehran’s calculus becomes even more concerning when paired with broader warnings about Western inattention.

“If Western focus on the Iran threat dwindles, there is a risk the regime could take a new, covert path to nuclear weapons using remaining or reconstituted assets or foreign help,” Andrea Stricker, Deputy Director of the Nonproliferation and Biodefense Program at the Foundation for Defense of Democracies, tells The Cipher Brief. “Such a lack of focus is similar to how North Korea became nuclear-armed.”

Tehran, experts caution, still retains deep technical capacity.

“Iran retained enough fissile stock and technical expertise to rebuild quickly, meaning the setback was tactical rather than strategic,” Wheat noted.

From Washington’s vantage point, the real danger is a dual crisis hitting at once — an Iranian enrichment surge or strike on its facilities in West Asia, paired with a North Korean missile volley or nuclear test in East Asia. That scenario forces the U.S. into parallel decision-cycles, stretching military, diplomatic, and intelligence resources, straining alliances, and creating openings that adversaries could exploit.

North Korea’s expanding warfighting delivery systems add another layer of risk: limited, precision escalation meant to test U.S. resolve. As the CRS notes, its ballistic-missile testing is designed to evade U.S. and regional defenses, putting American and allied forces at heightened risk. In effect, Pyongyang is developing not only a survivable deterrent but potential coercive leverage — just as Iran’s enrichment trajectory edges closer to a threshold that could trigger a U.S.-led military response.

“The possibility of Pyongyang providing nuclear assistance to Tehran is increasing,” Citrinowicz said. “The United States will need to focus its intelligence on this possibility, with the help of its allies who are monitoring developments.”

But that intelligence challenge intersects with another problem: mounting questions about U.S. credibility.

“President Trump has dealt a serious blow to U.S. credibility in both theaters,” Davenport asserted. “This risks adversaries attempting to exploit the credibility deficit to shift the security environment in their favor.”

U.S. Intelligence and Strategic Implications

Open-source intelligence paints a worrying picture: North Korea may have enough fissile material for perhaps up to 50 warheads, though the accuracy and reliability of delivery remain questions. It also signals Pyongyang’s development of submarine-launched ballistic missiles and multiple-warhead ICBMs. The regime has restored its nuclear test site and is now postured to conduct a seventh nuclear test at a time of its choosing.

The IAEA’s November 2025 report says it can no longer verify the status of Iran’s near–near-weapons-grade uranium stockpile after Tehran halted cooperation following the June 2025 Israeli and U.S. strikes on Natanz, Fordow, and Esfahan.

The last confirmed data, from September, showed Iran holding 440.9 kg of uranium enriched to 60 percent — a short step from weapons-grade and potentially enough for up to 10 bombs if fully processed. IAEA chief Rafael Grossi says most of this material is now entombed in damaged facilities. Moreover, satellite imagery activity around storage tunnels in Isfahan has raised serious red flags. The IAEA further cautions that oversight of this highly-enriched uranium site is “long overdue,” warning that the agency has lost “continuity of knowledge.”

Moreover, before the strikes, the IAEA assessed Iran could produce enough weapons-grade material for one bomb in about a week using part of its 60 percent stockpile at Fordow. Damage to centrifuges has likely slowed that timeline. Still, the larger question is political: whether Iran, under renewed UN sanctions and scrutiny, decides that staying within NPT safeguards costs more than openly moving toward a weapon, particularly if work resumes at undeclared or rebuilt sites.

“The U.S. and Israeli strikes have created a window of respite. What happens next depends greatly on Iran’s will to provoke new Israeli strikes,” Stricker said. “North Korea is a wild card and could provide nuclear fuel, facilities, and equipment to Iran.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Looking Ahead

For Washington, the takeaway is stark: systems designed to manage one nuclear threat at a time may crumble should two crises flare simultaneously. The U.S. would need tighter allied coordination, faster intelligence sharing, and stronger, more flexible military deployments to cope.

Yet above all, policymakers must anticipate the possibility of simultaneous escalation in different theatres.

In the coming months and years, key indicators will include North Korea’s choice to conduct a seventh nuclear test or field a credible submarine-launched nuclear force, and Iran’s enrichment trajectory or decision to strike a covert breakout path. The U.S. must also watch for signs of cross-coordination between Moscow and Pyongyang, or between Tehran and Pyongyang — though open links remain murky.

From a policy perspective, a dual-front scenario demands updated wargames, an inter-theatre force posture review, and close allied coordination across NATO, the Indo-Pacific, and Middle East partners. Washington must also guard against the “umbrella illusion” — the belief that the same deterrence logic will apply unchanged across two theatres facing two distinct adversaries with differing doctrine, capabilities, and thresholds.

Finally, media and public attention naturally tend to focus on Iran’s progress or North Korea’s missile launches — one at a time. However, deterring two simultaneous nuclear-adversary theatres demands strategic awareness that the world may not be sequentially configured. For the U.S., what happens in one theatre may shape adversary calculations in the other. The risk is that by the time Washington pivots from Iran, Pyongyang — or Tehran — may have forced a new reality.

In this two-front nuclear dilemma, the question is no longer whether to monitor Iran or North Korea, but how the U.S. will deter both at the same time — and whether its strategic framework is ready for that challenge.

Emerging forms of collaboration amplify that challenge.

“More concerning is that North Korea is positioning itself to benefit from Russian expertise and to further refine its missile systems using data collected from Russia’s use of North Korean systems against Ukraine,” Davenport added.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

What to Watch for in Saudi Crown Prince Mohammed bin Salman’s Visit to Washington

EXPERT INTERVIEW — President Trump is welcoming Saudi Crown Prince Mohammed bin Salman to the White House today with an announcement that he plans to approve the sale of F-35 fighter jets to the Kingdom, signaling a policy shift by the U.S. Administration.

The visit to Washington marks one of the most consequential moments in decades for the U.S.–Saudi relationship. Both governments see the meeting as a chance to cement the expansion of the U.S.-Saudi partnership from one focused on energy and security to include advanced technology, AI, critical minerals and defense cooperation.

The trip follows President Donald Trump’s high-profile visit to Saudi Arabia in May, when both countries announced a multibillion-dollar deal that could potentially give Riyadh access to advanced U.S. AI technology. While sources tell The Cipher Brief that many of the details of those deals remain in various stages of negotiation, the Crown Prince’s Washington visit aims to build off of that momentum.

More widely, the visit comes at the end of a year of rapid geopolitical and technological change for the Middle East. Through these shifts, Saudi Arabia and other Gulf leaders like the United Arab Emirates are positioning themselves as centers for AI infrastructure, diversified cheap energy, and global supply chains.

To help unpack the stakes and expectations behind the Crown Prince’s Washington visit, The Cipher Brief spoke with Norm Roule, who spent more than 34 years in the Intelligence Community and has been following regional developments for 43 years - including his time as a business consultant. Roule is in frequent contact with Gulf leaders on energy, security, finance and technology issues and travels frequently to the region. Cipher Brief CEO & Publisher Suzanne Kelly began by asking Roule to summarize the expectations going into this visit. Our conversation has been lightly edited for clarity and length.

THE INTERVIEW

Roule: The visit of Crown Prince Mohammed bin Salman to Washington will likely represent a transformational moment in Saudi-American relations that will stand out among the most important events in the 80-year relationship between the two countries. Each side will likely seek to use this visit to change the traditional relationship from one of oil and security to one that is more of a blend of advanced technology, mining, and energy, which includes nuclear, and defense.

Each side now sees the other as an indispensable partner and views this visit as a way of establishing an architecture that will ensure that periodic political difficulties don't destabilize a critical relationship that needs to last decades. The Saudis seek this more predictable relationship and assets that will allow them to accelerate their evolution toward becoming a global power center.

Washington seeks to revitalize and cement ties with a rising middle power that will certainly have considerably more influence in the Middle East and the Global South and will become an important link in the global energy and supply chain. Regional issues will be discussed during the visit, but I don't think it's likely we're going to see significant shifts outside of the ongoing trends.

Kelly: This visit, of course, does follow the visit by President Trump to Saudi Arabia in May of this year where some signficant deals were announced with regard to technology sharing and investment opportunities.

Roule: That is correct. In essence, what you're looking at is the other side of the coin from those visits. President Trump and a team of unprecedented stature of American cabinet members and highly consequential American business leaders traveled to the Kingdom and concluded a vast array of business deals over the months since that time. American diplomats and business leaders have met to finalize and further expand upon those deals. And now we're looking at a meeting that will, in essence, conclude those agreements or take them to the next stage of developing memorandums of understanding. These are very complicated agreements that in and of themselves will take months, if not years, to play out. But they are indeed transformational for the economies of each of the two partners.

This is exclusive Subscriber+Member content

Saudi Arabia and its neighbor, the United Arab Emirates are drawing on an unprecedented and historic combination of very focused policy decisions, massive domestic and global investment flows that they are developing with themselves and partners, and domestic social engineering that's been something that is unique in the world based upon AI and multiculturalism to redefine themselves from hitherto reliable energy suppliers into world-class members of the global supply chain - architects of the next generation of AI manufacturing and new nodes of political influence in a non-polar Middle East.

Each of these two countries is positioning themselves as models of rule of law, stable governance, and an oasis of multicultural life, open for business, open for boldness. And these two countries have a strategy that relies upon a tight weave of Liquified Natural Gas (LNG), chemicals, energy infrastructure, data centers, and finance. But each country also requires a deep, unprecedented and sustained access to the most advanced US AI technology.

So for this to happen, we're watching the Saudi Crown Prince come to Washington to build this new relationship with the United States. They know that this relationship brings tremendous benefits to the United States as well. It not only helps us build out our infrastructure, our employment at a time when we're having our own challenges, but in a way, it also sends a powerful message. They believe in us. They believe in the American future. They know that we will win, and often in ways that we sometimes don't express in ourselves.

Lastly, they're doing all of this in a way that means that they're not having to cut their commercial ties with China or offend Russia. In return for what they will give, they will receive technology that makes them global AI powers. And with the cheap energy that they are able to attach to that AI, they will be incredibly successful.

Kelly: Clearly, we're going through a dramatic shift in the Middle East right now. How important is this relationship to the United States?

Roule: It's critical. The Middle East remains vital to America's interest. The Middle East, as they say, it's in the middle. You look at any map and the Middle East is in the center of global trade, global transportation, multiple shipping routes move through the region, 80% of the data between Europe and Asia transit the region. You have global energy centered in the region. You have several of the world's major religions in the region. You have crossroads of multiple U.S. national interests.

At the same time, you're now looking at the development of an artificial intelligence infrastructure that is starting to blossom. And our ability to partner with that and to ensure that that technology does not threaten America's interests, and indeed sustains America's interest as that region partners with the Global South. It just protects our interest and expands our influence at a time when China would very much like to replace us.

Kelly: You talked about some of the ambitions of the Kingdom and the UAE, both in investment and AI. We've talked a lot in the past about their efforts and trying to lead when it comes to green energy. What do you think is driving their strategy?

Roule: Their strategy is driven by changes in the world that are just inevitable. If we were to go back one year and I were to tell you that knowledge is power, you would agree completely with me. But today, the adage is now, power is knowledge. The artificial intelligence system is inherently an energy system in and of itself. And artificial intelligence requires access to inexpensive, reliable 24-hour energy. And in the Middle East, Saudi Arabia and the Emirates and the other Gulf Cooperation Council states have access to tremendously inexpensive energy, and the prospect of additional inexpensive energy through their expansion of solar power and nuclear energy, which they're seeking. Those with access to such tremendous cheap energy and artificial intelligence have access to the benefits of artificial intelligence, which will bring them enormous economic advantage in the future.

Now, look at the other end of that stick. In Sub-Saharan Africa, at least 600 million Africans lack access to a reliable source of electricity. Imagine the social and economic disadvantage of those various societies. But let's go forward, just thinking about where the world is moving. By 2040, data center energy needs will rise fourfold. 1.5 billion people are estimated to move to cities. That means 2 billion new air conditioners will come online. And when you're in Saudi Arabia, a large portion of their oil needs, their oil production, is actually used for air conditioners in the summer. And you see their oil production move up in the summer for air conditioners. Global fleets of aircraft are expected to double from 25,000 to 50,000 aircraft by 2040. Jet fuel demand will be up by 30%. Six million kilometers of electrical transmission lines are needed by 2040. Imagine what that means in terms of copper.

So if you're looking at something like this, we're now looking at $4 trillion of investment needed annually for this energy architecture. We can't do this without partners with capital - like Saudi Arabia or the United Arab Emirates - and the many partners they bring together into their ecosystem.

So now let's look at energy. In recent years, you've had this great contest between the people who correctly talk about the need for us to battle climate change, and those who have talked about the need for more energy. Both issues must be dealt with. Well, now we realize oil demand is not going to drop. In fact, oil demand is expected to remain above 100 million barrels a day through 2040. This demand is going to be needed for materials and petrochemicals. LNG demand is expected to grow by 50%. Renewables will double. In essence, the world needs more energy, not replacement for these other energy sources.

Saudi Arabia and the Emirates and Qatar and Kuwait see themselves as becoming islands of cheap energy working with the United States. They see themselves at this moment in history - where, if they can capture a certain amount of extraordinary technology and a strategic relationship with the United States, and this ecosystem of multicultural partnership with the world - they can become a very different society. It's a fascinating dynamic. It's a very exciting time in history.

Kelly: Do you think falling oil prices are going to impact this strategy?

Roule: Well, we're watching that play out. So in essence, what we've seen is very prudent decision making. They have slowed some of the execution of major projects, but they have not stopped the projects themselves. They have extended timelines. They have delayed the rollout of certain large programs. If it has to do with their visions of Vision 2030 or Vision 2040, they have different visions in the Gulf, the projects remain on track. And it's because those projects are critical to where they need to go. If you look, for example, at the city of Neom that is often talked about, well, the port of Oxagon, which is critical to the infrastructure of trade in the Northwest Arabian Peninsula, that’s still functioning, it’s still out there. They're just going to slow the build out of that city because it's reasonable to say to slow the build out to the city. It's just not reasonable to think that you can slow the build out of trade and infrastructure in the Arabian Peninsula. That's going to happen on a different timeline.

Now, we've also seen reports that the Saudis have withdrawn some of their capital from not less productive, but maybe investments in the United States that aren't as relevant to the core vision of equities as in the past. That I think you may see a little more of, but I don't see a massive withdrawal of those investments unless we saw oil prices drop into say the low $50s or $40s. So what we're watching is prudent focus. We're watching attention to timelines. We're watching attention to anti-corruption. I'm impressed. I've not seen anybody waste money or do anything that is injudicious. And I've not seen anybody make allegations that such things have been noted by others.

Kelly: What will make this a successful visit to Washington, both on behalf of the Saudis and on behalf of the U.S.?

Roule: Architecture. And what you're looking for is something that lasts beyond one month, one deal. You're looking for something that binds us together over time. I think what you're going to hear will be announcements of MOUs. You will hear announcements of deals. And as important as it is to focus on the numbers associated with the deals, and there will certainly be focus on that and questions regarding that, it's really more important to focus on the industries, the sectors associated with those deals, and then the depth that each of those MOUs brings to the various societies.

For example, let's say that we see an aviation deal that might bring employment to the United States but will set up a manufacturing node in Saudi Arabia. If something like that were to happen, that would make Saudi Arabia part of a global supply chain. So 20 years from now, we would have a more reliable source of parts or an alternative source of parts. If mining is developed within the kingdom, well, it takes years to develop a mine, but we will have an alternative source of minerals, and Saudi Arabia is a rich source of multiple minerals that are important to the United States. Or if the Saudis invest in minerals in the U.S., it may take years for those to play out. So the architecture associated with those deals will mean employment but it's the depth and the timelines with those deals that will determine the depth of that relationship.

In terms of defense deals, I don't want to downplay that, but America has always stood with Saudi Arabia. People have often asked, 'If there's a single attack did we respond in as well or to the extent that we should have?' That's open to question. But there is no doubt in my mind, nor in the minds of regional leaders, that if there were a serious attack on Saudi Arabia by Iran or another country, we are absolutely going to be there. And do we need a defense deal to say that? I'll leave that to others, but not in my mind. But in any case, we will see some sort of defense architecture develop.

Should the Saudis have nuclear energy? Why not? Every other country does. They're looking for additional technology and there's no reason we can't provide that to them to assist them. But again, it's that architecture and the relationship over years that you seek, vice one delivery, one deal, and the announcements that go with it.

Kelly: Where do you see the region going in 2026? What will be the big headlines and the big drivers next year in the Middle East?

Roule: There's a lot of good news in the Middle East. The U.S. remains the dominant great power. Americans are not and likely will not be the target of a major military confrontation in the region. But the region itself continues to lack a strong cohesive narrative that pulls it together.

The biggest point in the region is that it remains a non-polar region. There's no reason to believe that this administration will cease its vigorous focus on the region. And we must applaud this administration for, in its first 11 months, having multiple emissaries and making visits and sending many cabinet ministers to the region. If you look at the recent conferences that have taken place in Manama, Qatar, Abu Dhabi and Riyadh, we've had cabinet level representation at all of those events to include during a government shutdown, which is no small thing, with representatives from multiple government departments. America is back and Russia and China are not.

Gaza is going to sputter along, and the U.S. commitment remains and CENTCOM is performing marvelously as a key force bringing things together. I think we're going to see that continuing. Neither side, Israel or the Palestinians, have a reason to return to war, but violence will continue. The largest or most significant political shifts in the region likely would come from a change in the Israeli government.

Iran is fragile. Iran nuclear talks are unlikely to begin until the administration sees evidence that the talks will not be a waste of time. Right now, the Iranians seek talks, but that doesn't mean they want to do anything other than have talks, because if they have talks, the rial will be strengthened and the Iranians don't have to bring anything up. The Quds Force will remain active. They will continue to deliver weapons to the Yemenis. But it's unlikely they're interested in looking for a conflict. We can't rule out a sudden collapse of Iran in case of an environmental disaster such as an earthquake, but the regime appears fragile at present.

Syria continues to make progress and I think we're going to see the progress continue in its current trend. Arab infrastructure investment continues to progress. I would watch for telecommunications and port investment work. And the reason that's important is that you're watching the Biden administration IMEC plan in essence or IMEC cooperation be realized as Gulf states put their lines up through Europe and through Syria.

Lebanon will likely remain a greater challenge. I think we're watching a lot of Saudi quiet diplomacy with Yemen and that will continue. GCC infrastructure will continue to develop. I would be surprised if we didn't see more Saudi work with Bahrain and Saudi work between the GCC and the West.

Oil will remain stable likely and soft in coming months. I think you're going to see a lot more natural gas come online. OPEC will continue to do everything it can to prevent oil from falling into the 50s while maintaining a relatively soft position so they can recapture market share from India and other places lost to Russia.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

A Constitutional Clash Over Trump’s War Powers in Venezuela

OPINION — “The question before the body is, can the Congress stop a military conflict declared by the Commander-in- Chief because we don’t agree with the decision, and without our [Congress] approval it must end? The answer, unequivocally, to me is no. Under the Constitution, the authority to be Commander-in-Chief resides exclusively with the President. The power to declare war is exclusive to the Congress. Now, what could the Congress do constitutionally if they disagree with a military action that is not a declaration of war? We could cut off funding.”

That was Sen. Lindsey Graham (R-S.C.) speaking on the Senate floor on the afternoon of November 6, when debate was to begin on S.J. Res. 90, legislation that was “to direct the President to terminate the use of U.S. Armed Forces for hostilities within or against Venezuela, unless explicitly authorized by a declaration of war or specific authorization for use of military force.”

Graham’s remark that Congress could cut off funds to halt a President ordered foreign military action took me back 56 years to December 1969, when I was working for Sen. J.W. Fulbright (D-Ark.), then chairman of the Senate Foreign Relations Committee. I had in late 1969 been to Laos where the Nixon administration was carrying out a secret bombing campaign in an attempt to limit weapons going from North Vietnam to pro-Communists in South Vietnam.

To halt the at-the-time classified Laos bombing program, Fulbright introduced an amendment to the fiscal 1970 Defense Appropriations Bill that prohibited the use of U.S. funds to send American ground combat troops into Laos or Thailand. To get his amendment debated and passed, Fulbright had to arrange for a closed-session of the Senate.

That closed session was held on December 16, 1969, with all 100 Senators present, a handful of staff – including me – but no one in the public galleries and no reporters in the press gallery. After a 90-minute debate, the amendment passed. The House accepted the amendment in conference and it was signed into law by President Nixon on December 29, 1969.

Fulbright’s purpose was to assert Congress’ Constitutional role when it came to a prospective military operation amid his concern that the Nixon administration was expanding the Vietnam War into neighboring countries without consulting Congress.

I describe that long-past activity to explain my continuing apprehension over today’s possible Trump administration military action against Venezuela. The Trump administration has already introduced deadly military operations against alleged narco-traffickers working from a secret list of drug cartels using a classified Justice Department Office of Legal Counsel opinion which claims the drugs are to kill Americans and finance arms to terrorists who will destabilize the U.S. and other Western Hemisphere countries.

Last Thursday and Friday, President Trump met in the Oval Office to discuss a host of options for Venezuela with Vice President JD Vance, Defense Secretary Pete Hegseth, Joint Chiefs Chairman Gen. Dan Caine, Secretary of State Marco Rubio and Deputy Chief of Staff Stephen Miller.

Friday night, in remarks to reporters aboard Air Force One as he traveled for the weekend to his Mar-a-Lago estate, the President said he had “sort of made up my mind” about how he will proceed with the possibility of military action in Venezuela. On Sunday, flying home, Trump told reporters the U.S. “may be having some discussions with [Venezuelan President Nicolas] Maduro,” adding that “they [the Venezuelans] would like to talk.”

Although he swings back and forth, it appears clear from President Trump’s point of view, he need not consult with Congress should he decide on any military action that targets the Venezuelan mainland. As Sen. Graham pointed out, “We have only declared war five times in 250 years, and we have had hundreds of military operations -- some authorized and some not.”

Opening the Senate debate on November 6, Sen. Tim Kaine (D-Va.), a key sponsor of the congressional resolution, pointed out, “On October 31, public reporting shows that many Trump administration officials have told the press that a secret list of targets in Venezuela has been drawn up. All of this, together with the increased pace of strikes in the Caribbean and Pacific [21 attacks on alleged narco-trafficking boats, 83 individuals killed], suggests that we are on the verge of something that should not happen without a debate and vote in Congress before the American people.”

On November 6, after a relatively short debate, the Senate resolution to block the use of U.S. armed forces against Venezuela was defeated by a 49-to-51 vote.

But during that debate some important points were made, and they need some public exposure.

For example, Sen. Tammy Duckworth (D-Ill.), a military veteran herself, said, “Listen, if the Trump administration actually believes there is an ongoing credible threat of armed conflict, then they must bring their case to Congress and give the American people a say through their elected representatives. They must respect our service members enough to prove why war is worth turning more moms and dads into Gold Star parents. And they must testify about what the end state of these military operations would actually look like.”

Sen. Adam Schiff (D-Calif.) said, “Maduro is a murderous dictator. He is an illegitimate leader in having overturned the last election by the use of military force. He is a bad actor. But I do not believe the American people want to go to war to topple this regime in the hopes that something better might follow… Let them [the Trump administration] seek an authorization to use force to get rid of Maduro. But let us not abdicate our responsibility. Let us vote to say no to war without our approval. We don’t have to wait, nor should we wait for that war to begin before we vote.”

Sen. Rand Paul (R-Ky.) pointed out, “Of course, we have the capability of overthrowing the Maduro regime, just like we had the power to overthrow Saddam Hussein and Muammar Qadhafi. But what comes next? Is anyone thinking about the potential blowback that such a campaign could entail? Overthrowing the Maduro regime risks creating more regional instability, not less. The breakdown of state authority may create a power vacuum that the very drug cartels the administration is ostensibly trying to destroy could exploit.”

“You cannot bomb your way out of a drug crisis,” said Sen. Jack Reed (D-R.I.), ranking member on the Senate Armed Services Committee. “The demand that motivates drug trafficking is not found in the Caribbean. It is located in communities across America where people are suffering from addiction, where economic opportunity has dried up, where the social fabric has frayed. Military strikes do nothing to address those root causes. Boats have been blown out of the water in videos released by the administration. But has the flow of fentanyl into America decreased? Has a single trafficking network been dismantled? The administration hasn’t provided any evidence that these strikes are achieving anything beyond the destruction they document on camera. This is not a strategy. This is violence without a strategic objective.”

Sen. Reed also pointed out how the Trump administration is expanding its war powers. “The White House is apparently now arguing that these strikes [on alleged narco-boats] don’t constitute ‘hostilities’ under the War Powers Act because American service members aren’t directly in harm’s way while operating standoff weapons and drones. This is ridiculous…They are very much in harm’s way, and to say that this operation is so safe that it doesn’t qualify as ‘hostilities’ is embarrassing…This new interpretation creates a dangerous precedent. If standoff weapons exempt military operations from congressional oversight, we have effectively granted the Executive Branch unlimited authority to wage war anywhere in the world so long as American forces can strike from a distance.”

Taking a different approach, Sen. Chris Van Hollen (D-Md.) pointed out an irony in Trump’s anti-drug argument. Van Hollen said, “I will tell you what you don’t do. You don’t submit a budget to the U.S. Congress that cuts the funding for the Drug Enforcement Agency and cuts funding for the task forces we developed to go after major organized crime syndicates involved in the drug business.” He added, “I happen to be the ranking member of the Appropriations Committee that oversees the Justice Department. And all my colleagues have to do is take a look at the request from the President of the United States when it comes to resources for fighting drugs coming to the United States. They cut them.”

Raising an additional problem, Sen. Andy Kim (D-N.J.) said, “Letting Donald Trump ignore the law abroad makes him think he has a free pass to do it right here at home. Donald Trump thinks if he can do this in the Caribbean, he can do it on the streets of Chicago. He could use the military for his own political retribution and consolidation of power in and outside our borders. After all, he [Trump] said in his own words: ‘We’re under invasion from within, no different than a foreign enemy but more difficult in many ways because they don’t wear uniforms.’ That is what the President said. We cannot be complacent as he sends troops into our cities as a tool of intimidation against his political enemies.”

While we await President Trump’s decision on what comes next, let me close with another ironic situation, created last Wednesday by Secretary of Homeland Security Kristi Noem.

Giving the keynote address at the Potomac Officers Club’s 2025 Homeland Security Summit, Noem celebrated recent successes in the counter-drug mission. She said that since January, the Coast Guard has stopped 91 metric tons of drugs, confiscated 1,067 weapons and seized more than $3.2 million in cash from terrorist cartels, thanks primarily due to Operation Pacific Viper, which Noem said is strategically designed to seize historic amounts of drugs from smugglers in the eastern Pacific. “Viper has saved millions of lives of individuals and Americans by stopping those drugs before they ever got to the U.S.,” Noem said.

Operation Pacific Viper, according to a Coast Guard press release, also resulted in the arrest of 86 alleged narco-traffickers as of October 15. A needed reminder: Viper was an interdiction program where narco-traffickers were intercepted, arrested and drugs seized – not boats blown up and people killed.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Can a “Flamingo” Cruise Missile Help Ukraine Turn the Tide?

DEEP DIVE – Ukraine’s President Volodymyr Zelensky calls it “our most successful missile.” One expert says it’s "Ukraine’s strongest security guarantee.” And former CIA Director and Cipher Brief expert Gen. David Petraeus says it has the potential to be “a game changer” in the war against Russia.

They are talking about the FP-5 Flamingo, a ground-launched, subsonic, made-in-Ukraine cruise missile, built to hit targets deep in Russian territory.

Not since the first salvos of Russia’s 2022 invasion has Ukraine’s defense industry sounded so enthusiastic about a weapon manufactured on its soil. The successes of Ukrainian defense technology are well known; as The Cipher Brief reported last month, the country is now widely believed to have the world’s most innovative defense sector. Its drone technology in particular continues to earn rave reviews from experts and western defense companies alike.

But the Flamingo is something different – a missile with a reported range of 1800 miles and the ability to carry more than 2,000 pounds of munitions, meaning that in one strike it could cause greater damage than even a swarm of drones. Compared to the top-class American Tomahawk cruise missile, the Flamingo is believed to be less accurate but with a similar range and a much heavier payload. And because it is manufactured in Ukraine, the Flamingo can be launched against Russian targets without Western-imposed restrictions.

“The Flamingo may actually be a game changer,” Gen. Petraeus said at the Cipher Brief’s annual Threat Conference last month. “You add that capability to what Ukraine has already done,” he said, referring to the recent drone campaign against Russia’s oil sector, “and [the Flamingo] will extend this dramatically.”

Zelensky said last month that the Flamingos had carried out their first missions, including a three-missile attack on a Russian security base in northern Crimea. Last week, Ukraine’s General Staff said it had used Flamingos as part of a strike that targeted “several dozen” military and infrastructure sites inside Russia and in occupied Crimea.

The Flamingo’s manufacturer, the Ukrainian firm Fire Point, claims to be producing between 1-2 missiles per day, with plans to scale to 7 per day by year’s end, for a 2026 projected total of more than 2,500. "By December we’ll have many more of them,” Zelensky told reporters in August. “And by the end of December or in January–February, mass production should begin."

Experts say every one of those missiles will dwarf the power of a drone weapon.

“With the drone-strike campaign, you have the challenge that they mostly carry fairly small warheads,” John Hardie, Deputy Director of the Russia program at the Foundation for Defense of Democracies (FDD), told The Cipher Brief. “The damage is far less than you could do with a one-time warhead that’s carried by the Flamingo.”

All of which raises the question: Might the Flamingo change the course of the war?

How the Flamingo was born

Even by the lofty standards of Ukraine’s recent defense-tech achievements, the Flamingo’s origin story is an inspiring one. And it dates to the last days of the Cold War.

In the wake of the Soviet Union’s collapse in 1991, Ukraine agreed to give up not only its nuclear weapons but also its considerable arsenal of Kh-55 cruise missiles. And after Russia’s 2022 invasion of Ukraine, while Zelensky and other Ukrainian leaders pressed constantly – and with mixed success – for western weaponry and security guarantees, they also began turbocharging their domestic defense industry.

“Ukrainians were authors of the Soviet space program and rocket program,” Oleksiy Goncharenko, a member of Ukraine’s Parliament, told The Cipher Brief. “When you have a lot of experience and when your people are smart enough, then the result is obvious. You have technologies which other countries respect.”

For more than three years, however, Ukraine remained largely dependent on Western countries for high-end, long-range strike capabilities. That led to the creation of a made-in-Ukraine cruise missile program.

The result is the FP-5 Flamingo, developed by Fire Point, a former casting agency that spun itself into a defense firm in the summer of 2022. In 2023, Fire Point produced its first FP-1 attack drones, ultimately turning out 200 FP-1s that year; this year the figure is expected to hit 20,000. Its cruise missile project has moved at a similar warp speed: in August, less than a year after it began work on the cruise missile, the company was showing off the prototype; soon after that, the first Flamingos were flying.

“We came up with it pretty fast,” Iryna Terekh, the company's 33-year-old Chief Technical Officer, told Politico. “It took less than nine months to develop it from an idea to its first successful tests on the battlefield.”

Terekh and other Ukrainian defense entrepreneurs speak often about how the Russian invasion has motivated their work – what Goncharenko calls “the unfortunate inspiration of war.” Terekh fled a Russian-occupied village near Kyiv in the early days of the war, and says her car still has a hole from a Russian bullet. She joined FirePoint as a partner in June 2023.

Ralph Goff, a former Senior Intelligence Executive at the CIA, calls the Flamingo production story “combat Darwinism at its best.”

“If the West isn't going to give them the long-range weaponry that they want to carry out their strategic attacks, they'll develop them themselves,” Goff told the October Cipher Brief conference. The Flamingo, he said, “is a serious piece of offensive weaponry.”

As for the missile’s unusual name, that traces to an in-house story at Fire Point, about the day when someone painted a solid rocket booster prototype pink, in a nod to the women involved in the male-dominated world of weapons production. Later, when the missiles were ready for testing, the company needed a bright color to help locate post-launch debris. Pink paint was available – and that led to the Flamingo moniker. The Pink has gone – missiles used in actual strikes are colored less conspicuously – but “Flamingo” stuck.

“You don’t need a scary name for a missile that can fly 3,000 kilometers," Terekh said. "The main goal is for a missile to be effective.”

Reality check

If Fire Point’s claims are borne out, the Flamingo will have a reach and power on par with western cruise missiles, and an arsenal to match any European nation’s other than Russia.

Experts warn that behind that “If” lie multiple concerns – most of them due to the fact that there has been minimal independent verification of the company’s claims.

“In the defense industry, it’s easier to make statements than to actually implement them,” Ukrainian lawmaker Roman Kostenko said of the Flamingo’s potential, speaking to Radio NV last month.

One issue involves accuracy, which experts say Fire Point had to sacrifice to a degree in its push for a low-cost, fast-to-market weapon. In the Crimea strike, one missile reportedly landed some 100 meters from its target.

“Because it's low-cost, you kind of skimp on some of the more high-end features you might see in a more exquisite missile, guidance and accuracy being one of them,” Hardie said. “It's a relatively inaccurate missile at least by modern standards.” But he added that if the pace of manufacturing ultimately yields the high numbers Fire Point has promised, then “that tradeoff [high volume for accuracy] makes sense.”

Balazs Jarabik, a former European Union diplomat and analyst for RPolitik, has studied the Flamingo project since its early days. He doubts that Fire Point can reach its production goals.

“The Flamingo is real, but the production capacity is overstated, at least so far,” Jarabik told The Cipher Brief. He noted that an earlier Ukrainian-made missile, the Neptune, has yet to reach its promised scale, and that for all its defense-sector successes, Ukraine must contend with wartime supply-chain issues that would bedevil any weapons manufacturers. He and Hardie said that scaling to hundreds of Flamingos per month will require consistent supplies of everything from engines to warheads to electronics for guidance systems.

“I'm a little skeptical, but it's possible the Ukrainians will get there,” Hardie said, and Gen. Petraeus said that the Ukrainians “really need to double down” on the pace of the Flamingo manufacturing. “They're trying to get that into full production.”

Fire Point must do so while Russia targets Ukraine’s young defense companies as well as the country’s energy infrastructure. The latter is critical, given the defense sector’s high demand for energy. For one piece of the Flamingo supply chain, the company has already found a workaround: in September, Fire Point announced that Denmark had agreed to produce fuel for the Flamingo, effectively removing a key production facility from the war zone. The announcement provoked a warning from the Kremlin, which called the Danish plans “hostile.”

That response raises the question of Russian retaliation – a concern that has accompanied the delivery of virtually every new weapons system to the Ukrainian side. Some experts fear that any successful, high-impact Flamingo strike against Russia, carried out with help from Western intelligence – the destruction of a weapons factory deep in Russian territory, for example – would risk a NATO-Russia fight that the West has been desperate to avoid. Others doubt that Vladimir Putin has any interest – at least not in the current moment – in any escalation that might lead to conflict with the West.

“The Russians have been consistently more bark than bite,” Hardie said. “They know that attacking a NATO country in an overt military way – not the sort of gray-zone, below-the-threshold-of-war stuff they've been doing, but an overt military missile strike – that's an act of war. And Putin doesn't want any part of a direct conventional fight with the United States and NATO allies.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

What to watch for

Even analysts who are skeptical about the Flamingo’s future note that it would take only a few successful strikes to inflict severe damage, and that if Fire Point can get anywhere close to its 2500-missile-per-year pledge for 2026, the battlefield impact could be profound. Beyond the Russian oil refineries and other energy facilities the Ukrainians have attacked lately, the Flamingo will put more military targets in range as well. The holy grail might be the joint Russia-Iran manufacturing facility in Tatarstan that is turning out the deadly Shahed drones, at a scale that the Ukrainians must envy.

Experts say that with hundreds of Flamingos at the ready, Ukraine might achieve what Jarabik refers to as “mass saturation,” an ability to bring a heavy and varied drone-and-missile threat to military and energy targets across all of European Russia.

“If you're Ukraine,” Hardie said, “you'd like to be able to combine these missiles and drones into a complex strike package much as the Russians are currently doing, and keep the Russian air defense on its toes.”

“The Flamingo is heavy, and it’s also relatively easy to shoot down,” Jarabik said. “And so they will need mass saturation – a lot of these missiles, but with drones or other weapons too, to get through to the targets. They're going to have to produce enough that they can have a sustained impact, …and I don't think we're going to be there anytime soon.”

Then Jarabik added: “All that said, you have to acknowledge Ukraine’s innovation and skill. And I think [the Flamingo] is a big thing. Absolutely.”

As for the accuracy concerns, Ukrainian officials noted that while one of the Flamingos fired at Crimea did miss its mark, the two others leveled a barracks and brought a “massive destructive power,” with craters measuring 15 meters in diameter.

No one is touting the Flamingo as a replacement for the array of Western missiles that have been delivered to Kyiv. The Ukrainians will still covet the German Taurus, and the British-French Storm Shadow/Scalp cruise missiles, which are more accurate, though they come with conditions attached to their use. The diversity and volume of weapons systems, experts say, are what could make a real difference. And the Flamingo adds a powerful new element to the Ukrainian arsenal.

“No one system or weapon is going to be the decisive game changer,” Hardie said. “I don't think there's any such thing as a wonder weapon. That being said, for a supporter of Ukraine, it's really encouraging to see Ukraine being able to move out on its own more in terms of long-range strike capabilities. They are taking these steps forward and really taking it to the Russians right now with this campaign against energy infrastructure. That's been impressive to see and I think it kind of augurs more to come. So if I were the Russians, I would be worried about that.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Q&A: Interpol’s Cybercrime Chief on How AI is Driving Borderless Cyber Threats

EXCLUSIVE INTERVIEW — Anthropic’s announcement that Chinese state-sponsored hackers used its Claude AI technology for a largely automated cyberattack underscores how cybercriminals are becoming faster, stronger and more organized, driven by advances in technology like artificial intelligence. Criminal networks are now blending phishing, fraud and ransomware with other enterprises like trafficking and money laundering, making this borderless threat even more complex and serious.

The Cipher Brief spoke with Dr. Neal Jetton, the Cybercrime Director of Interpol, to discuss how the world’s largest international police organization is taking on the threat. Speaking from last month’s Global Cybersecurity Forum in Riyadh, Saudi Arabia, Dr. Jetton said Interpol-driven efforts like information-sharing, cross-border cooperation and law enforcement training are critical in countering emboldened cybercriminals.

The Cipher Brief: Can you tell us what kind of buzz has been there? Have there been key themes or issues at this very point in time among the cyber experts that you've been talking to?

Dr. Jetton: I think you can't get away from AI here. Every panel, every discussion has an AI focus, and you think, "Ugh, more AI." But, it's here. It does impact probably everything. We have a lot of cyber threat intel companies here from the private sector who are working with it every day for their means.

And then from a law enforcement perspective, we look at it kind of as a double-edged sword. I'm from INTERPOL, so we look at how AI can benefit law enforcement in the long run. But as a cybercrime director, I also see how cyber criminals are also utilizing AI to enhance the effectiveness of their criminal activities.

The Cipher Brief: What can you tell us about the role that INTERPOL plays in countering these threats?

Dr. Jetton: So, just a little bit about INTERPOL because maybe there's some misconceptions about what it is. Even my neighbors sometimes think, "What do you actually do, Neal?" So in INTERPOL, there are 196 member countries. We are focused on law enforcement to law enforcement connections. So what we want to do in the Cybercrime Directorate is understand what our membership is suffering from as far as the type of crimes that they are seeing the most.

So we will send out yearly threat assessments because we think we might have a good idea of what a particular region is suffering from, but we need to hear it directly from the law enforcement officers and experts on the ground. We'll get that information, and then we'll turn that around and we'll try to base our training, our coordination meetings, and then our operations focused on the threats that they, our members, see most commonly.

Save your virtual seat now for The Cyber Initiatives Group Winter Summit on December 10 from 12p – 3p ET for more conversations on cyber, AI and the future of national security.

The Cipher Brief: When we talk about things like attribution, going after threat actors and bolstering cybersecurity, where do those rank on the priority scale for INTERPOL?

Dr. Jetton: Within the Cybercrime Directorate, we have three goals. I tell my team, what we want to do is we want to build up the capacity for our country. So we have to understand what they need, what they're lacking in terms of tools and training. We then want to provide accurate, useful intelligence to our member countries that they can use and turn into evidence that then helps drive their investigations to be more successful.

But my goal is to increase the capacity for our member countries, to provide relevant intelligence to them so that we have operational success, and we've done that. I think we've done more than 10 operations this year within the Cybercrime Directorate, both global and regional, focused on the threats that our members are seeing most.

What we will do is, in a lot of instances, we will bring the countries that are participating in our operations all together at one point. We'll then bring relevant private sector partners, many of them here at GCF, to come and provide training to them on the ground. We will do tabletop exercises, and then at the end of that week, it's usually a five-day process, we'll kick everybody out and we'll just focus on the operation at hand. We'll say, "We're going after this malware or these threats. These are the types of steps that we think you should take that would help you in your investigation."

So we really do want to benefit our members. I want to say though that the success that these operations have had—we've had some big wins recently—the lion's share of the success goes to our member countries, the law enforcement on the ground who are doing the actual investigations, who are going and making the arrests and seeing those things through. We've done several recently with great success.

The Cipher Brief: We asked Chris Inglis, who is the former National Security or Cybersecurity Director in the United States, about the connections between nation states and cyber criminal groups. How do you see INTERPOL playing a role in this area? Are there both challenges and opportunities when you're talking about cybercrime that may be backed by nation states?

Dr. Jetton: That's one of the misnomers with INTERPOL. The big thing with INTERPOL is neutrality. I came from a task force where we looked at nation state transnational cybercrime. But within INTERPOL, I just have to state that our constitution does not really allow us to focus on investigative matters of a religious, racial, political, or military nature. So we know that that limits the nation state actors, and I'm very aware of that. It's not like I'm naive to understand who's behind a lot of these cyber criminal activities. But to maintain that neutrality and trust with 196 members, there is a limit to what INTERPOL is allowed to do. Countries will reach out to you and they will say, "Hey, our government networks have been breached," and I know automatically this is not your usual financially motivated cyber criminals, there's something there. So I have to work hand in hand with my legal affairs team to say, "Where can we draw the line?" I don't just want to say, "No, we're not doing anything," but can we provide something, at least the starting point, but we don't want to provide attribution or state like, "Hey, it's this person.” But maybe give them a little bit of a head start and then hand off to the countries that provided the intel or are having the issues and then help them along the way.

So I just want to be clear. Nation state actors, there are a lot of organizations that are focused on that, including where I was previously. But INTERPOL, we are really focused on the financially motivated cyber criminals.

The Cipher Brief: It's such an interesting patchwork of expertise that it is critical for collective defense. What vulnerabilities do you see from your perch at INTERPOL right now in cyberspace, and where do you think defenses are failing?

Dr. Jetton: For us, when we're asking countries, "What are the biggest issues that are preventing you from being more successful in combating cybercrime?" A lot of it is the tools and the training, just having insufficient funds to actually drive up their investigative know-how or expertise. But also I think between countries, it's just the rapid ability to share information.

There are what we call MLATS, Mutual Legal Assistance Treaties. A lot of times it just takes a long time to ask for information. And we know in cybercrime, we need instantaneous help. So I would always encourage countries to reach out to INTERPOL. We have a 24/7 network. That's why we're there. I can't promise we can do everything in every situation, but we will do our very best to make the connection between which countries you need or if you need a particular company. We can't compel, but we'd put you in touch and at least let you have that conversation.

The Cipher Brief: What are the trends you are seeing right now in cybercrime?

Dr. Jetton: What we're seeing primarily is the use of AI in increasing the efficiency, scope, and effectiveness of emails and the phishing scams. They're using this phishing as a platform. You can just blank X as a platform. So it's these tools that you didn't have to have a really sophisticated technical level of abilities, and you can have these tools that allow you to then go out and commit fraud at scale. And so we are seeing that.

Also, what we're seeing is a convergence of different crimes. So cyber is poly-criminal. I live in Singapore, and one of the big things in Southeast Asia are the cybercrime centers. You hear about that all the time. What happens is you have these organized crime groups that are using cybercrime as fraudulent job applications, the emails, things like that, recruiting, and then the human trafficking aspect of it, and then forcing the people to commit the cybercrime while they're there. So we see that as a huge issue, the poly-criminal aspect of cyberware. It doesn't matter if it's human trafficking, drugs, guns—there's going to be some sort of cyber element to all those crimes.

The Cipher Brief: What are some of the most interesting conversations that you've had on the sidelines there? Has there been anything that's surprised you from some of the other guests and speakers?

Dr. Jetton: We were talking about the use of AI and where we think it's going, whether it's kind of positive or negative. What I was surprised at was, I was on a panel and I was the only person that had the glass half empty. I realized that there are some obvious useful uses for AI, and it's a game changer already for law enforcement. But what I see is these technologies being utilized by criminals at a faster rate than what law enforcement can usually do. So I see it as somewhat of a negative knowing that we're going to have to catch up like with AI-produced malware. I think that will be an issue in the future.

Whereas my other panelists were all from the private sector, and they were all like, "No, no, AI is great. It's going to allow us to use it in these positive directions," which is true, but I'm the negative, the Grinch here talking about it from saying that. So I would say that that was probably the most surprising thing.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Steve Blank

Back to top