The Cipher Brief

OPINION — Five weeks into the US-Israeli war against Iran, the immediate military picture — decapitation strikes, missile exchanges, and the grinding attrition of Iranian launch capacity — dominates headlines. But the more consequential story is playing out in the war’s cascading second- and third-order effects: the economic shock reverberating through global energy and food systems, the hardening of the Iranian regime, the fracturing of alliance structures Washington has depended on for eight decades, the accelerating consolidation of a Russia-China axis, and the humanitarian emergencies now metastasizing far from any battlefield. These downstream consequences are rapidly outpacing the conflict itself in strategic significance, and they will shape the international order long after the last missile is fired.

This analysis maps the cascading effects across six domains: energy and economic disruption, future Iranian threats, alliance fragmentation, great power realignment, humanitarian spillover, and the erosion of international norms and institutions.

A note on scope and methodology: In the US Intelligence Community, the analysis of second- and third-order effects is a distinct and demanding discipline — one that is typically undertaken precisely when a situation is still fluid, not after the dust has settled. Decisions made in the opening phases of a conflict tend to lock in trajectories that become progressively harder to reverse. Waiting for certainty means waiting too long. What follows is structured speculation, grounded in regional knowledge and historical pattern, about the choices this conflict is compelling and the world those choices are likely to produce.

The Hormuz Chokepoint: From Energy Shock to Systemic Economic Crisis

The closure of the Strait of Hormuz — through which roughly 20 percent of global seaborne oil and a significant share of liquefied natural gas transited before the war — has triggered what the International Energy Agency has called the largest supply disruption in the history of the global oil market. Brent crude surged past $120 per barrel at its peak, and WTI has nearly doubled since the start of 2026. Emergency stockpile releases by the IEA’s 32 member states — some 400 million barrels — have provided a temporary buffer, but at current global consumption rates of roughly 105 million barrels per day, those reserves buy weeks, not months.

Second-order effect: Stagflationary pressure across the global economy. The Dallas Federal Reserve estimates that the Hormuz closure alone could reduce global GDP growth by an annualized 2.9 percentage points in Q2 2026. Goldman Sachs has raised its probability of a U.S. recession to 25 percent. Oxford Economics warns that sustained oil prices of $140 per barrel would push the eurozone, the UK, and Japan into outright contraction. U.S. gas prices hit $4 per gallon on March 31 — and the trajectory is upward.

Third-order effect: Cascading commodity disruptions well beyond oil. The Hormuz closure has choked the global supply of sulfur (Gulf countries account for roughly 45 percent of global output), helium, aluminum feedstocks, and — most critically — fertilizer. Approximately one-third of global seaborne fertilizer trade transits the Strait. Urea prices have surged roughly 50 percent since the war began, landing squarely during the Northern Hemisphere spring planting season. The UN Food and Agriculture Organization has warned of a three-month window before planting decisions for 2026 and beyond are irreversibly compromised. Countries like Bangladesh, Pakistan, India, and several East African nations — which depend on Gulf fertilizer imports and have limited stockpiles — face the prospect of a food security crisis that could persist well into 2027.

This is the progression policymakers failed to game out: a military strike designed to destroy Iranian nuclear and missile capacity has, within weeks, metastasized into a global supply chain crisis touching everything from jet fuel pricing (costs have more than doubled) to corn yields in Iowa to hospital operating costs in the Philippines.

Iran As A Garrison State

The conventional Western assumption was that killing Supreme Leader Khamenei and degrading Iranian military capacity would either topple the regime or leave it fatally weakened. The opposite dynamic is taking hold.

The installation of Mojtaba Khamenei as successor — a move that would have been controversial in peacetime, with even his father reportedly opposing the appearance of dynastic rule — was enabled precisely by the existential crisis the war created. Reports that Mojtaba may have been seriously injured in the initial strikes only deepened the symbolic connection to his father, who lost the use of his right hand in a 1981 assassination attempt. Mojtaba can remain a cipher to the general public while the network his father built over nearly thirty-seven years ensures continuity of the system’s core commitments. His value to the regime is less political than totemic: a wounded son of a martyred leader, governing from the shadows while the security apparatus runs the country.

The regime’s resilience should not be surprising to serious students of Iranian history, even if it has surprised many in Washington. The foundational narrative of the Islamic Republic emphasizes survival against overwhelming odds. The revolutionary generation endured institutional disarray, purges, urban street fighting, tribal uprisings, a coup attempt, and Saddam Hussein’s devastating invasion — and emerged intact. As one Tehran resident told the Wall Street Journal in the war’s early days: “This regime will become stronger, crueller, more monstrous even than before. People don’t have the weapons to fight back.”

Second-order Effect: What is emerging in Tehran is something that has no precise precedent in the Islamic Republic’s forty-seven-year history: a garrison state. The revolutionary experiment under Khomeini and the institutional consolidation under Ali Khamenei both preserved at least the fiction of factional competition — reformists versus hardliners, clerics versus military, elected officials versus appointed ones. That fiction is over. The IRGC and the wider security apparatus are now in effective control of governance, economic policy, and foreign affairs. The war provided the pretext for de facto martial law. Electronic surveillance, preemptive text messaging campaigns, and a sustained pace of executions have ensured that whatever domestic opposition survived the January protest crackdown will not resurface while the bombs are falling. This is a regime that has shed its civilian skin.

Third-order effect: For however long the regime survives, its leadership will be dominated by hardened reactionaries with no effective internal counterweights. The factional competition between religious and republican elements that provided limited openings for reform has evaporated. President Pezeshkian retains a more moderate image but wields no institutional power. The practical implications for American policy are significant: any future diplomatic engagement will confront an Iranian interlocutor that is simultaneously more consolidated, more traumatized, and more committed to the nuclear hedge that the campaign was supposed to eliminate.

Alliance Fracture: NATO’s Worst Crisis Since Suez

The transatlantic alliance is under extraordinary strain. When President Trump called on NATO allies, China, Japan, and South Korea to help secure passage through the Strait of Hormuz, the response was a near-unanimous refusal. On March 16, both China and NATO’s European members rejected the request. France has refused to allow its territory to be used for military operations linked to the war. Italy has cited legal and procedural objections to providing U.S. forces access to certain military facilities. Even the United Kingdom — Washington’s most reliable ally — has limited its support to defensive operations from existing bases, withholding full political or military backing.

Second-order effect: The war has exposed a fundamental asymmetry in how Washington and its allies perceive risk. European governments see the conflict as a unilateral American action launched during active negotiations — recall that Oman’s foreign minister had announced a diplomatic breakthrough on Iran’s nuclear program the day before strikes began — and are unwilling to absorb the economic and political costs. Eastern European allies, particularly Poland, are explicit: their priority is Russia, and they will not redeploy air defense assets to the Middle East. Poland’s defense minister has warned that a prolonged conflict could jeopardize arms supplies to Ukraine.

Third-order effect: The war is accelerating a structural decoupling within NATO. Trump’s March 17 Truth Social post renouncing NATO assistance — and extending that rebuke to Japan, South Korea, and Australia — signals something more consequential than a diplomatic spat. It reflects a worldview in which alliance obligations are transactional, and allies who decline to participate in American conflicts forfeit their claim to American protection. This logic, if sustained, threatens to unravel the foundational bargain of the liberal international order. European capitals are drawing their own conclusions. The concept of “strategic autonomy” — European defense capacity independent of the United States — has moved from theoretical aspiration to operational necessity in a matter of weeks.

The Russia-China Windfall

Of all the second-order effects, the war’s impact on great power competition may prove most durable.

Russia is the most immediate beneficiary. Moscow built its 2026 federal budget on oil at roughly $60 per barrel. Brent at $120 has rescued the Russian war economy, providing the Kremlin with the revenue it needs to sustain operations in Ukraine precisely when Western sanctions were supposed to be biting hardest. U.S. officials have reported that Russia is providing Iran with satellite imagery and intelligence on the locations of American warships and aircraft — a level of operational cooperation that crosses a meaningful threshold. Iran’s Foreign Minister Araghchi has not denied that military cooperation with both Russia and China continues during the conflict.

Second-order effect: The conflict is hardening the Russia-China relationship from cautious coordination into structured alignment. China’s 2026–2030 development blueprint, submitted to the National People’s Congress in March, reflects renewed momentum for the Power of Siberia 2 pipeline and other measures designed to reduce Beijing’s vulnerability to Middle Eastern energy disruption. China has also been building strategic petroleum reserves, holding roughly 104 days of import coverage — enough to weather a medium-duration Hormuz closure. Russia trades hydrocarbons for Chinese capital, technology, and diplomatic cover; the war has intensified every dimension of that exchange.

Third-order effect: The war is demonstrating to the Global South that the U.S.-led order cannot guarantee the stability of critical global commons. The Hormuz closure, the inability of the United States to compel its own allies to help reopen the strait, and the spectacle of developing nations scrambling for energy and fertilizer supplies while Washington prosecutes a war of choice — all of this feeds a narrative of American overreach and declining systemic reliability. China, which has been carefully positioning itself as a neutral party calling for de-escalation, accumulates soft power by default. The December 2025 U.S. National Security Strategy treats China and Russia in isolation, offering no framework to prevent their convergence. The Iran war has made that strategic gap painfully visible.

Humanitarian Catastrophe Beyond the Battlefield

The war’s most consequential victims may be populations with no stake in the conflict whatsoever.

In the Gulf states themselves, the Hormuz blockade has triggered a grocery supply emergency. GCC states rely on the Strait for over 80 percent of their caloric imports. By mid-March, 70 percent of the region’s food imports were disrupted, producing consumer price spikes of 40 to 120 percent. Iranian strikes on desalination plants — the source of 99 percent of drinking water in Kuwait and Qatar, and roughly 75 percent in Saudi Arabia — have introduced the specter of a water crisis affecting 62 million people. A leaked 2008 U.S. diplomatic cable warned that Riyadh would have to evacuate within a week if its primary desalination plant were seriously damaged. That scenario is no longer hypothetical.

Second-order effect: The war has shattered the Gulf’s narrative as a permanently stable destination for expatriates and investment. Large-scale departures of foreign residents from the Gulf have begun. The Qatar-funded Middle East Council on Global Affairs has suggested the war has “irreversibly shaken” perceptions of the Gulf’s stability — a conclusion with profound implications for the region’s post-oil economic transformation strategy.

Third-order effect: The food and fertilizer disruption is compounding pre-existing crises in the world’s most vulnerable populations. The World Food Programme’s Deputy Executive Director has warned that humanitarian supply chains are approaching their most severe disruption since COVID and the 2022 Ukraine war. WFP shipping costs are up 18 percent. Fuel price increases of over 80 percent in the Philippines have driven hospitals to consider surcharges. In Somalia, food prices are up 20 percent; in Sudan — already the world’s largest hunger crisis — the disruption to aid flows through the Bab-el-Mandeb and Suez corridors is compounding an already catastrophic situation. The UN estimates the conflict could push 45 million additional people into acute hunger.

This is the third-order chain in its starkest form: a military operation in the Persian Gulf → a fertilizer shortage in the Indian Ocean → a planting crisis in South Asia and East Africa → a famine risk extending into 2027.

Norms Erosion and Institutional Collapse

The war is systematically degrading the international rules and norms that constrain state behavior.

The targeting of civilian water infrastructure — by all three belligerents — represents a particularly dangerous escalation. U.S. and Israeli strikes have damaged Iranian water systems. Iran has retaliated against desalination plants in the Gulf.

President Trump has publicly threatened to destroy Iran’s electric power facilities and its remaining desalination capacity. None of the three countries has ratified Additional Protocol I, which explicitly protects civilian water systems, but the norm against targeting water infrastructure was, until recently, broadly respected. Its erosion establishes a precedent that will echo in future conflicts.

Second-order effect: The war has demonstrated the practical impotence of the UN Security Council. Russia and China (with France) effectively blocked a resolution that would have authorized the use of force against Iran to reopen of the Strait of Hormuz, while the United States has blocked resolutions calling for a ceasefire. A resolution condemning Iran’s retaliatory strikes did pass — illustrating the Council’s selectivity rather than its authority.

Third-order effect: The war is accelerating the delegitimization of the post-1945 international order in the eyes of the Global South. The fact that the United States launched a war during active nuclear negotiations — after Oman’s mediator had announced Iran’s agreement to irreversibly downgrade its enriched uranium stockpile — reinforces the perception that great powers invoke rules-based order selectively. This is not merely a public relations problem. It actively erodes the cooperative frameworks — nonproliferation, maritime law, humanitarian protections — on which U.S. long-term security depends.

The Outlook: Cascade Without an Off-Ramp

Five weeks in, the diplomatic picture is not encouraging. The U.S. has transmitted a 15-point peace framework to Iran via Pakistan. Iran has publicly rejected it as “maximalist” and countered with five conditions of its own — including war reparations and international recognition of Iranian sovereignty over the Strait of Hormuz. President Trump has extended a deadline for Iranian compliance to April 7, with threatened escalation against energy infrastructure if no deal is reached. Meanwhile, Israel is reportedly accelerating strikes on Iranian arms factories in anticipation of a possible ceasefire — suggesting Jerusalem fears Washington may settle for less than the maximalist demands Israel prefers.

The deeper problem is structural. The second- and third-order effects described above are not side effects of the war — they are now the war’s primary strategic consequences. And they are largely irreversible in the near term. Even a ceasefire tomorrow would not rapidly reopen the Strait, restore fertilizer flows in time for the planting season, repair the transatlantic alliance, or unwind the Russia-China energy partnership now hardening into permanence. Each week of continued conflict compounds these downstream costs exponentially.

For intelligence professionals and policymakers, the lesson is one the IC has articulated for decades but that political leaders chronically fail to internalize: in a hyperconnected global system, the second- and third-order effects of major military action will almost always exceed the first-order gains. The cascade from Operation Epic Fury is proving that maxim with painful clarity.

The author is a former CIA intelligence officer with extensive experience on the Near East. This analysis draws on open-source reporting, regional analysis, and publicly available assessments. All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Watch my Special Competitive Studies Project podcast, Intelligence at the Edge

This article was originally published on Substack, and is reposted here with permission from the author.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

U.S. Intel’s Sobering Assessment of Iran’s War Resilience

Four weeks into Operation Epic Fury, with airstrikes having killed a sitting supreme leader, wiped out scores of top military and intelligence commanders, and significantly degraded Iran’s missile arsenal and naval capacity, Washington is confronting a conclusion that was reached by its own intelligence community before the first bomb fell: the Islamic Republic is not going anywhere.

A National Intelligence Council assessment completed in February concluded that neither limited airstrikes nor a larger, prolonged military campaign would be likely to result in a new government taking over in Iran, even if the current leadership were killed. The briefings delivered to President Trump were described by one source familiar with the findings as “sobering.”

A multitude of intelligence reports now provide consistent analysis that the regime is not in danger of collapsing and retains control of the Iranian public. The war’s costs are nonetheless mounting.

More than $16 billion has been spent so far, 13 U.S. troops have been killed, and Iran’s grip on the Strait of Hormuz has slowed shipping traffic to a trickle, creating a historic oil disruption that has sent global energy markets into turmoil. Daily oil exports from the Middle East have fallen by at least 60 percent since the war began, the IEA has said, calling it the largest supply disruption in the global oil market’s history.

A U.S. intelligence official, speaking to The Cipher Brief on background, captured the core dilemma plainly, “You can’t get regime change from the air, and who is to replace them when there is no viable alternative.”

The son rises — harder than the father

Nine days into the war, Iran's Assembly of Experts met and named a new supreme leader. They chose Mojtaba Khamenei 56, second son of the slain Ayatollah Ali Khamenei, and in doing so gave Washington an answer it had not been looking for. Inside Iran, critics felt the sting of a republic born from the ashes of dynastic rule that had just handed the top job from father to son. President Trump called the selection “a big mistake” and said Mojtaba was flatly “unacceptable” to him.

The new supreme leader is widely assessed as even more hardline than his father, though the full contours of his leadership remain difficult to read, in part because he has not appeared in public since the war began, knowing that he is being actively targeted.

For decades, he operated in the shadows of his father’s office. U.S. diplomatic cables published by WikiLeaks in the late 2000s referred to him as “the power behind the robes” and his father’s “principal gatekeeper.”

At the same time, a 2008 cable reportedly assessed him as “a capable and forceful leader and manager” though it also noted his lack of theological qualifications and relative youth. His path to power ran not through religious scholarship; he holds no senior clerical rank and has published no works of Islamic jurisprudence, but through the IRGC, with which he forged ties during the Iran-Iraq war in the late 1980s and cultivated ever since.

Intelligence experts stress that Mojtaba essentially owes the IRGC for his ascendance, and in that vein, he isn’t going to have the same broad leverage as his father. The succession process itself underscored that dynamic. The IRGC argued that the war required a swift process and that selecting a candidate who defied the United States, contacted Assembly of Experts members, and prompted objections, yet, in the end, they felt compelled to support him. IRGC leaders, Basij commanders, and top security officials had unparalleled access to the assembly, many of whose members rely on the Revolutionary Guards for personal protection.

The first statement attributed to Mojtaba since his appointment came on March 12, read aloud by a state television anchor over a still photograph — the new supreme leader himself nowhere to be seen. The tone left little room for interpretation.

“The lever of blocking the Strait of Hormuz must definitely continue to be used,” he declared, not as a negotiating position, but as a statement of intent. The waterway that moves a fifth of the world’s oil had become, in his telling, a weapon.

Some private sector analysts noted that while his rhetoric toward the United States and Israel was uncompromising, he did not fully close the door to political outcomes, placing responsibility for ending the war squarely on Washington. Iran’s parliament speaker, Mohammad Bagher Ghalibaf, was less equivocal.

On March 17, he posted on X that the Strait of Hormuz “won’t return to its pre-war status.” Two days later, Expediency Council member Mohammad Mohaber went further still, calling for a “new regime” for the strait that would allow Iran to sanction the West by denying passage to its ships. Taken together, the message to Washington was hard to misread: across the Islamic Republic’s power structure, this war has produced no moderates.

IRGCistan: the state that emerges

What American airpower has effectively accelerated is not the dismantling of the Islamic Republic but the consolidation of its most dangerous institutional element. The IRGC is taking an even greater role in the domestic affairs of the state, ensuring the structure of the regime stays in place, while Iran’s opposition remains fractured without a credible leader capable of challenging hardline officials.

A telling example of who holds actual power came one week into the war, when President Masoud Pezeshkian apologized for Iran’s attacks on Gulf states, saying he “personally apologizes to neighboring countries that were affected by Iran’s actions.” The IRGC and hardliners pushed back immediately, a hardline parliamentarian called the statement “weak, unprofessional, and unacceptable,” forcing Pezeshkian into a climbdown that notably omitted his original apology from the official readout. This has been widely interpreted as the IRGC now being in full charge of the embattled nation, and calling the shots as to who, how and when to attack.

Despite sitting on the interim leadership council formed to administer the country while a new supreme leader was selected, Pezeshkian appears to have been reduced to a figurehead. The elected civilian layer of the Iranian state has been hollowed out in real time.

That hollowing-out has only deepened since. On March 17, Ali Larijani — the secretary of Iran’s Supreme National Security Council and one of the most prominent non-clerical figures in Iranian politics — was killed in an Israeli airstrike, removing the highest-level official to be assassinated since Khamenei himself. U.S. and Israeli intelligence had assessed Larijani as Iran’s de facto leader in the weeks after the war’s opening strikes, given widespread doubts about Mojtaba’s capacity to govern. Iran has since named Mohammad Bagher Zolghadr, a hardline former IRGC deputy commander, to replace him; a move that further consolidates the Guards’ grip over the regime’s security architecture.

The pattern is difficult to ignore. Each leadership vacancy created by the war’s decapitation strikes has been filled not by civilian or clerical figures but by men with deep IRGC roots. As one U.S. intelligence official speaking on background to The Cipher Brief told us, the internal dynamics are shaped less by strategy than by the weight of an accepted narrative — and that narrative, for now, belongs to the guards.

Royce de Melo, a security and defense consultant and analyst specializing in the Middle East and Africa, tells The Cipher Brief that he sees the current trajectory as a natural, if not inevitable, evolution.

“As fanatical loyalists, the IRGC have always been the power behind the regime since the 1979 Iranian Revolution; they are Iran’s Praetorian Guard,” he explains. “For the IRGC to take control of the government temporarily, be it until this war ends, or with a longer-term intent, in my opinion, would be a natural course.”

A senior Arab official told Axios that the IRGC is taking over Iran and that its members are “highly ideological and are ready to die.” Whether this constitutes a full “IRGCistan” remains debated. De Melo, however, cautions against treating the framing as settled.

“It’s early days, and no one seems certain as to what is happening with the government at the moment,” he continues. “Nonetheless, even if Iran’s government becomes military-dominated under the IRGC, that is not to say it still won’t remain theocratic. It can be both military-dominated and theocratic.”

The senior director of the Iran program at the Foundation for Defense of Democracies, Behnam Ben Taleblu, has closely tracked this dynamic. The regime, he argues, is not deluded about its own condition — it knows the damage is real. What it is counting on is that a wounded adversary can still make the price of finishing the job too high. The IRGC’s track record of reconstituting after setbacks is a significant part of why that bet is not entirely unreasonable.

The IRGC has buried commanders before and found new ones. Its missile production was designed from the ground up to keep running under pressure, drawing on domestic supply rather than imports that could be choked off. Strikes can hollow out a building. They are less effective against an institution that knows how to reconstitute — and Western policymakers are finding that out as the war continues.

There is also no one waiting to take over. The Iranian opposition is split along ethnic, ideological, and geographic lines, with no figure capable of commanding broad national support and no organization with the reach to matter. Azizi, a postdoctoral associate and lecturer at Yale, puts the IRGC's position plainly: not a single chain of command, but circles and networks that have spent decades threading themselves through Iran's economy and military alike. You do not dislodge that with bombs.

A harder adversary than the one Washington set out to degrade

The administration’s stated objectives — the missiles, the navy, the nuclear program — may yet be achieved. Inside the intelligence community, however, the more unsettling question has never really been about the targets. It has been about what comes after. The consistent answer across multiple outside assessments is not reassuring: the Iran that emerges from this war is shaping up to be harder to manage than the one Washington decided to strike.

Jonathan Panikoff, who served as former deputy national intelligence officer for the Near East at the National Intelligence Council before becoming director of the Atlantic Council’s Scowcroft Middle East Security Initiative, described the best-case scenario for a post-war Iran as one in which there is meaningful competition for power — but added that he was skeptical such an outcome would arise. “Somebody with guns fundamentally has to switch sides or stand aside,” he said. That has not happened.

The nuclear dimension adds a further layer of complexity. IAEA Director General Rafael Grossi has been unambiguous on the point: military action has badly damaged Iran’s nuclear program, but it cannot erase the knowledge, materials, and industrial capacity that would allow Tehran to rebuild.

“You can’t unlearn what you’ve learned,” Grossi said, adding that Iran retains the capabilities and the industrial base to reconstitute.

De Melo also flags what he sees as the variable most likely to shape Iran’s rebuilding speed: Beijing and Moscow. Chinese companies have kept the pipeline of dual-use technology moving — missile fuel components, electronics, drone engines — throughout the conflict.

Russia, meanwhile, has spent years on the receiving end of Iranian military hardware, taking in billions of dollars’ worth of equipment and drone technology since 2021. The reversal De Melo describes is straightforward: Russia can

now send Iranian-design drones, manufactured on Russian soil, back the other way.

A Pentagon source, speaking to The Cipher Brief on background, offered a sobering structural observation about how intelligence informs — or fails to inform — decision-making at the top.

“In my experience, what happens is you submit a brief that is then accepted, edited or rejected on the basis of the accepted narrative,” the source cautions. “It is narrative, whatever that might be, which is controlling.”

It is a dynamic that troubles those who have spent careers watching Washington repeat the cycle.

Del Wilber, a retired CIA case officer, warns that the administration risks mistaking tactical gains for strategic resolution. Declaring victory short of complete regime change, he argues, would be a fundamental error.

“Iran will only redouble its efforts to reconstitute their weapons development programs quietly, and stir up mischief in the region,” he tells The Cipher Brief. “Nothing will stop the existing regime from pursuing its goal of the destruction of Israel and hurting the United States.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Admiral James Stavridis (Ret.)

“I am struck by how comprehensive and thoughtful The Cipher Brief’s Open Source Report is. It is just as good as the President’s Daily Brief, having spent a decade reading the PDB. And it’s unclassified, too! I'm proud to be part of the network of experts at The Cipher Brief, which provides superb geopolitical advice and intelligence insights.”

A Wartime Budget Without an Innovation Strategy

OPINION — “The use cases that help to drive the research agenda can come from a variety of different settings…We need to acknowledge that it's okay for those use cases to come from the Department of War (DoW) and Intelligence Community (IC). It's our responsibility to be able to help put the best minds here in the U.S., the best talent here in the U.S., to help unlock some of that research and innovation. And then it's up to our colleagues at DoW and the IC, whom we collaborate with, to harness some of those outputs for the betterment of our national interests and our national needs.”

That was Erwin Gianchandani, the National Science Foundation (NSF) Assistant Director of the Directorate for Technology, Innovation and Partnerships (TIPS), speaking last Friday at the Center for Strategic and International Studies during a meeting on NSF's National Security Mission for the Twenty-First Century.

TIPS is an NSF program that invests in use-inspired research and the translation of those research results to the market to continue to keep society and the nation secure.

Ironically, I had listened to Gianchandani’s remarks last Friday before reading the outline of President Trump’s fiscal 2027 budget request with its gigantic increase for Defense Department (DoD) spending – to near $1.5 trillion. Much to my surprise, not only was federal research and development cut in that request for next year, but NSF’s own next year’s budget was cut from $8.8 billion to $4 billion.

Before I talk about what’s interesting about NSF’s TIPS program, I want to make a few observations about the proposed 2027 DoD budget request, which represents a 44 percent increase over this year’s spending.

In a letter accompanying the budget outline, Office of Management and Budget Director Russell T. Vought said that in addition to the $1.1 trillion base DoW budget, Trump is including “a request for $350 billion in additional mandatory resources for critical Administration priorities such as increasing access to critical munitions and further expansion of the defense industrial base.”

This vast Trump federal growth of U.S. military spending seems very similar to what Russian President Vladimir Putin has done to the Russian government’s economic base, putting it on a wartime footing to meet the needs of his four-year Ukraine war.

I will also point out there is a $3.6 billion increase for the National Nuclear Security Agency (NNSA), which runs the nation’s nuclear weapons program. Budget Director Vought wrote, “The United States must maintain and expand its set of nuclear capabilities that allow the President flexibility to protect the homeland and deter adversaries. Specifically, the Budget makes strong investments to develop new [nuclear] warheads that would bolster deterrence, modernize NNSA’s supporting infrastructure, and extend the life of existing warheads.”

The U.S. has already been building new warheads for its new submarine-launched cruise missile and its new land-based intercontinental ballistic missile [Sentinel]. There is also a new nuclear air-launched cruise missile on the way. What other new warheads does this country need “to develop”?

Need I also mention there’s an additional $18 billion for Trump’s Golden Dome dream of a missile defense system to feature space-based interceptors, plus unstated amounts for his un-needed Trump battleships.

I want to focus back on the NSF’s TIPS program because Assistant Director Gianchandani described changes in the academic research world worth recording.

For example, he reminded that China’s “President Xi has said that science and technology is the new international battlefield. It is the vehicle by which the international battlefield is going to be shaped going forward…We cannot take that lightly,” Gianchandani said , adding, “If we are going to ensure our competitiveness, our security, our defense, we have to take that very seriously. And that means that there are going to be instances a lot of the technology that we are surfacing and that we are enabling are dual-use [for war and/or peace] technologies.”

Gianchandani said it still takes years for basic science to be unlocked but that “every sector of our economy really is being transformed by the introduction of data and AI [Artificial Intelligence] -- that is the new currency of scientific progress and in that context I think the pace of discovery and innovation is greatly accelerated.”

He also pointed out changes in academia.

“It used to be that in certain fields the majority of PhDs would go into academia,” Gianchandani said. He continued, “Today the majority of PhDs in those same fields are going anywhere but academia. Nothing against our higher education institutions, but the types of jobs that we are training for, the types of opportunities that we are trying to unlock, span from the Department of Defense to the Intelligence Community to the private sector to venture capital and so forth.”

Gianchandani also spoke about what he termed “our early-career faculty,” who “are saying, you know, we want to have impact with the work that we're trying to do…And for them, impact at the end of the day isn't necessarily about papers and publications. It's about the startups that they can create. It's about the ecosystem that they can cultivate. It's about these partnerships with industry and seeing their ideas over time make their way into products and services that are changing people's lives or that are for the betterment of the U.S. defense and intelligence enterprises. That's early-career faculty who are up and coming who are trying to see that happen.”

Gianchandani also explained that TIPS wanted to change that linear pathway between basic science and needs in the real world.

As he described it, “You start with just simply use discovery science, you let the great flowers bloom, and then you harness that, but we want to complement that…with also what are the real world use cases from Department of War (DoW) , the Intelligence Community (IC) etc. That can help to inform and shape some of that use-inspired research, some of that translational research, and accelerate that to actually have impact at the end of the day.”

One TIPS program he cited was “our ability to be successful tied to critical minerals.” NSF did a technical assessment and found, “it turns out that by the year 2030 about a quarter -- several data sets have shown this – about a quarter of the nation's critical minerals needs could be addressed through the harnessing of end-of-life critical minerals -- waste stream critical minerals and so forth,” Gianchandani said.

That became the basis for TIPS’ Tech Metal Transformation Challenge whose grant winners demonstrated their capability to create solutions to solve the hardest technical gaps in critical materials recovery, gaps that directly impacted U.S. manufacturing competitiveness and national security.

“If we're going to think about the equipment that you need for hypersonics and the ability to do ground and air scanning, in real time, you're going to need those critical mineral assets,” Gianchandani said, adding, “And so being able to leverage this type of an approach and surfacing the teams that can potentially do so in a rapid manner and in a in a sort of a different way than we might traditionally do through some of our normal processes. I think allows us to be able to ensure that we are maintaining that competitiveness.”

For four years, TIPS has been running a Regional Innovation Engines Program providing the largest investments that the agency makes in terms of R&D and workforce development.

Gianchandani said, “We funded an engine in central Florida in Osceola County, Florida, that increasingly now covers more and more of the state with a particular focus on semiconductor technologies and specifically advanced packaging capabilities.”

Within weeks, he said, “there was an announcement that the Department of War was also investing in that same ecosystem in that same team. So that shows you sort of the symbiosis between our investments and that of our colleagues elsewhere in the government.”

That engine, he continued, “Brought together Valencia Community College. They've brought together their backyard secret sauce, which is the only municipal-owned fab [a semiconductor fabricating plant] in this country to our knowledge, operated by SkyWater Technology [a semiconductor manufacturer]. That particular setup has allowed them to be able to reskill, upskill, the workforce in Osceola County to the point that folks were making minimum wage and

six months later they're making three or four times as much, which has huge implications on their livelihoods [and] has huge implications on their ability to put food on the table for their families and oh by the way it's also a job that they're really excited about working in these semiconductor fabs. So that's one example.”

Overall, Gianchandani said, “Engines across the board, an [original NSF] investment of $135 million over the last two years has been matched by over a $1.5 billion in matching commitments from state and local governments, private industry, venture capital, and so forth. And they've touched at least 20,000 Americans. That's a floor, probably much more than that, but at least 20,000 Americans with re-skilling and upskilling.”

Gianchandani closed with a statement worth thinking about: “The pace of science is changing before our very eyes. It is greatly accelerating. And as that pace accelerates, that also means that going from basic discovery to an innovation to thinking about a new capability…The rate at which we're making progress is changing. And so it's important for us to be acknowledging that, and it's important for us to be thinking about science sort as a front and center vehicle that allows us to be able to keep that cutting edge, keep that leadership mantle that I think we want to see for our national defense and for our national prosperity as we go forward.”

I should point out that the Trump administration cut the NSF fiscal 2026 budget request in half from the prior year — to $3.9 billion -- and last year the Members of Congress in their wisdom reinstated it to $8.75 billion. I expect, hope, that ignoring the Trump administration request will happen again.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

A Declining Demand for Strategic Intelligence? U.S. and Israeli cases

OPINION — Strategic intelligence, usually perceived as intelligence supporting the formulation of strategy, has always had limited influence over national security decisions. Leaders in democratic countries, let alone in authoritarian ones, have their own ideological views of the world, and their own vision of ways to shape the world. They do not rely only on their intelligence agencies for sense-making of the strategic environment. But in the cases of the US and Israel, the demand for strategic intelligence might be declining.

Both the US and Israel are increasingly implementing preventive strategies, initiating preventive campaigns while using brute force, which aimed to coerce the adversary through compellence rather than through deterrence. The preventive approach is not new; Israel, for instance, has always aimed at preventing its adversaries from acquiring nuclear weapons. However, the implementation of this approach has accelerated.

This was the case, for instance, in the June 2025 Israeli campaign against Iran, intended to prevent the Islamic Republic from developing nuclear weapons and ballistic missiles, augmented by US strikes also aimed at preventing Iran from developing nuclear weapons. Deterrence was not working to change Iran’s calculus and actions, hence compellence was needed. In the US operation to capture Venezuelan president Maduro in January 2026, the US once again applied compellence using brute force. Deterrence was not working to change Venezuela’s conduct, hence compellence was needed. The current US and Israeli campaigns against Iran are the most vivid illustration of the preventive approach, with Israel and the US taking the initiative and applying compellence. Both the US and Israel have declared that this campaign is intended to prevent Iran from developing nuclear weapons, as well as to negate Iran from its regional power projection capabilities. And at least in the case of Israel, also to bring about regime change. Deterring Iran from further developing its nuclear and missile capabilities was once again not working.

The application of these preventive and proactive strategies might illustrate a declining demand for strategic intelligence. First, such strategies are mostly aimed at degrading adversary capabilities, effectively assuming that understanding adversary intentions and manipulating them, mainly through deterrence, is not enough. Hence, operational-level intelligence analyzing adversary centers of gravity, operational and technical intelligence analyzing adversary military and industrial projects, and above all, targeting intelligence, is more important than strategic intelligence trying to decipher adversary intentions and rationale. In the case of Iran, for instance, the US and Israel seem to have decided that the Iranian intentions for developing nuclear capabilities are threats which must be prevented, regardless of whether the Iranians indeed intend to employ nuclear weapons in the future.

Second, leaders increasingly judge the “imminency level” of threats based on their vision and ideology, not just on intelligence assessments. This is especially evident in the current campaign against Iran. In the US, DNI Gabbard recently mentioned that only the US president decides if a threat is indeed imminent, referring to the Iranian nuclear project. In Israel, Prime Minister Natanyahu mentioned that Israel had to take action since the Iranians were moving their infrastructures into underground facilities, thus denying Israel from the ability to attack these infrastructures. Once again, strategic intelligence about adversary future intentions seems less important than operational intelligence about adversary capabilities, let alone than targeting intelligence, such as that produced by Israel for eliminating Iran’s political and military leadership in the beginning of the current campaign against Iran, or by US in January 2026 to capture Maduro.

Third, leaders increasingly distrust the quality of strategic intelligence produced by their intelligence agencies. In the US, for instance, President Trump has consistently expressed distrust in DNI’s Gabbard assessments regarding Iran, and during his first term, urged intelligence professionals to “go back to school”. Furthermore, the IC is often viewed by the Trump administration as politicized, a belief which effectively leads to politicization. In Israel, it is more than reasonable to assume that following the colossal intelligence failure of October 2023, which among other things reflected a complete failure to understand Hamas strategy and intentions, the current Netanyahu government lost trust in the intelligence system’s strategic assessments. This also might lead to politicization. Hence, while leaders cannot execute their strategies without operational and targeting intelligence, they might assume that their own judgements about adversary intentions are better than those produced by the intelligence professionals.

These challenges for strategic intelligence are not new, but at least in the US and Israel in recent years, they seem to be exacerbated. These trends, therefore, might reflect a declining demand for strategic intelligence, specifically focused on analyzing adversary intentions. It is not clear, for instance, whether such intelligence was provided to US and Israeli decision-makers prior to initiating the current campaign against Iran, regarding potential contingencies in the Straits of Hormuz? In any case, this might lead to a “vicious circle”, where diminishing demand leads to decreasing supply, which in turn might decrease the demand, and so forth. Both leaders and intelligence professionals should be troubled by this phenomenon.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Iran War Scorecard Looks Bad for America’s Strategic Interests

OPINION — While the war has yet to conclude, we have enough information to create a preliminary net assessment of its effects on U.S. security and prosperity. Spoiler alert: the war is on track to be a net negative for Americans.

Instead of focusing on variously articulated war aims, this assessment strives to assess a selected but broader range, admittedly unscientifically derived, of U.S. interests. This scorecard is designed to simply show whether these interests have improved (↑), declined (↓), or remained about the same (→).

Let’s start with the positive and work our way to more negative longer-term effects:

↑ The Iranian regime has been historically weakened. Regime change is out. President Trump has long forgotten his promise to anti-regime Iranians that “help is on the way” and Iran “will be yours to take;” and the idea that changing leaders equals “regime change” does not meet the smell test. But there is no doubt that military operations have deeply weakened and probably fractured Iran’s regime. While the level of destruction is not yet knowable, Iran’s steel industry, largest bridge, and other dual-use productive capabilities are in ruins. Iran’s more fragile, but also probably more brutal, regime will have difficulty managing Iran’s overwhelming and now significantly worsened economic and environmental crises. More political instability is likely down the road, perhaps providing an opening to the opposition but more likely to different flavors of Iran’s hardline security leadership.

↑ Iran’s missiles and missile production facilities are significantly degraded, although Iran retains enough missiles and drones to continue to threaten the region. The degradation does not materially affect the U.S. homeland although this posed a threat to Israel, because Iran would not have been able to produce an intercontinental ballistic missile for nearly a decade, assuming we didn’t stop them along the way. Given the lessons that Iran has absorbed—literally, during the 12-day war in June and this round—it was and is highly unlikely that Iran would strike the U.S. or Israel pre-emptively. Rather, Iran is likely to rebuild its missile capabilities to deter and retaliate against future attacks. The degradation of Iran’s capabilities could prove a Pyrrhic victory, because Israel and/or the U.S. will strike Iran again if Iran rebuilds its military or nuclear program, potentially restarting the cycle of war.

→ Iran is not likely to be able to produce a nuclear weapon for years, as President Trump said on 31 March. But that was exactly where we were after U.S. and Israeli strikes “obliterated” the program or, more accurately, deeply buried most of it, during the 12-day war. The location and accessibility of the 440 kg of 60% enriched uranium have not yet been verified, absent IAEA inspectors. Some experts have asserted that the remnant Iranian regime will now be more likely to pursue a nuclear weapon, a process ironically constrained by the now deceased Supreme Leader. Regardless, unless this fissile material is dealt with via negotiations, a possibility, or a U.S. special forces operation, the war has not materially changed the threat or the ability to manage it.

→ Iran’s proxies remain capable of inflicting harm on U.S. interests and on Israel. The defeat of Iran’s proxies was probably overstated, in hindsight. Hezbollah retained missile and rocket capabilities that have surprised Israel, and Iranian-backed militias in Iraq have struck numerous U.S. facilities and kidnapped a U.S. journalist. Israel has moved into Lebanon, threatening to occupy the south, and is imposing major losses on Hezbollah. But Israel’s approach is not likely to military defeat Hezbollah and will prove counterproductive to U.S. goals of a more stable Lebanon, at least in the near term. Yemen’s Houthis have fired largely performative missiles and drones toward Israel, but its limited involvement allows it to retain and rebuild capabilities that could again threaten the Red Sea and U.S. regional interests and partners.

↓ Freedom of navigation has ended through the Strait of Hormuz; Iran now effectively controls it. It is a sad irony that the presence of U.S. forces in the region prior to the war had deterred Iran from seriously threatening traffic in the Strait for since the 1980s. But the overwhelming U.S-Israeli strikes on Iran removed this deterrent effect and reduced conventional forces, leaving Iran primarily asymmetric tools and economic points of leverage as its best response. Iran is now building a practice of taking tolls or striking arrangements with sponsors or collaborators. This is not likely to change unless the U.S. and Iran negotiate an end to the conflict that includes Iran’s agreement to stop threatening and extorting traffic in the Strait. Absent this, it is likely that Iran will retain leverage and reap a windfall from permits and other fees, however illegal under international law.

↓ Americans’ wallets will be squeezed for some months and perhaps into next year. While the U.S. economy is more insulated than most U.S. partners’ and allies’, we are hardly immune from the largest supply disruption in the history of the global oil market, with knock-on effects for gas, derivatives like diesel, helium for semiconductors, fertilizers, plastics, and a range of chemicals. It is likely to take months to resume pre-war oil and gas production and shipping levels through the Strait, with cascading timelines for shipments to arrive and refining. Diesel prices, which have risen 40%, are hiking the cost of shipping, airfares, farm production (along with fertilizer price rises), and will ultimately cause food inflation. Sustained overall inflation, high mortgage rates, and lower growth are not certainties, but the risk is growing.

↓ Terrorist attacks are on the rise. Since February 28, Iran and Hezbollah have mounted or inspired attacks, mostly foiled, in at least seven countries, primarily targeting U.S. personnel and assets and Israeli or Jewish facilities from the U.S. and Western Europe to Iran’s neighboring countries, Kuwait and Azerbaijan. With the disruption to IRGC command-and-control, attacks by lone wolves and recently recruited criminal proxies are more likely, but sleeper cells reportedly have been activated and have been present in the U.S. and Europe since the 1980s. Some thwarted attacks have been more serious: Azerbaijan disrupted an IRGC plot to bomb a critical oil pipeline and Kuwait rolled up a Hezbollah assassination network targeting the country's leadership. And lone wolf attacks are harder to defend against, already taken Americans’ lives in Austin, Texas. As counterterrorism capabilities have improved over the decades, Iran's success rate dropped precipitously, but the volume of attempts has increased dramatically in compensation. With reportedly diminished U.S. counterterrorism resources, the odds of success in the U.S. appear higher.

↓ The Transatlantic Alliance is at risk, with Allied and Trump anger hitting new highs. A permenant rewiring is not inconceivable, as this crisis piles on top of Washington’s gambit to obtain Greenland, tariff and trade pressures, and efforts to undermine the EU and its regulatory powers. While it is unlikely that President Trump will formally withdraw from NATO, its ability to deter Russia will be diminished as its capabilities and cohesion erode. Canadian Prime Minister Carney’s calls for a “middle power” coalition are hard to implement, but more countries are on board with the concept. More collaboration on specific issues like critical minerals supply chains and reopening the Strait of Hormuz are likely to grow either separately or in parallel to collaboration with the U.S., which remains a practical requirement. One has to worry about effects on the US-UK special relationship and the Five Eyes alliance.

↓ Russia gains the most. In addition to the Transatlantic rift, the war ties down U.S. military capabilities, undermines NATO capabilities and cohesion, removes pressure on Moscow to end its own war, and further limits arms flows to Ukraine. In practice, it gives Russia the ability to fight this war longer and to impose greater costs on Ukraine. With U.S. sanctions lifted, Russia’s budget crisis is stabilized. And the impunity Trump has handed Putin for helping Iran target Americans will encourage Putin to push the boundaries of its gray-zone attacks further, until or unless President Trump decides to react.

↓ China, having prepared for such a shock, also stands to gain strategically. U.S. weapons intended to deter China have been expended or withdrawn from the Asia Pacific, leaving gaps in air defenses. Shortages of U.S. precision-strike weapons (like Tomahawks) and air defenses will limit and delay planned acquisitions by our allies. With U.S. forces depleted in the near term, will President Trump be more likely to grant concessions to President Xi in order to keep the peace? Economically, though not completely isolated from global economic shocks given its export dependence, China’s dominance in green technologies will pay dividends as the rest of the world drives to diminish import dependence. Strategically, China is playing up its role as a stabilizing global power, although this has limits given its unwillingness to directly engage in ending the war, provide security, or help neighbors that have asked China for emergency supplies of fuel and fertilizer.

↓ Economic shocks rippling through the Asia-Pacific threaten promises on U.S. trade and investment and risk political fallout in allied countries. The war is a crisis of both supply and price in Asia. Governments’ across the region have turned to emergency spending to replace Gulf imports and increase subsidies, spiking deficits and debt in turn. Poorer countries’ fuel reserves are running dangerously low, forcing austerity measures, business contraction, and closures. Violence and protests already have broken out, including in India, Pakistan, the Philippines, and Bangladesh. Second order effects on tourism, food production, and potentially remittances from Gulf states will linger. Financial strains will raise domestic pressures to pull back on investment and trade pledges that already are seen as unfairly benefitting the U.S. Third-order effects of political instability and upheaval catalyzed by financial distress is likely over the next few years, for example in the Philippines.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

While the U.S. Focuses on Iran, Russia and China See Strategic Gain

OPINION — Russia and China are certainly concerned about the desperate state of Iran’s regime, an invaluable transactional partner to both countries. Yet they are also working to secure more strategic gains at America’s expense. Both likely prefer—and are enabling—a drawn out, grinding, and unpopular U.S.-led war that strains U.S. military reserves, alliances, global influence, and deterrence. Their shared goal is to turn successful U.S. and Israeli strikes on Iran into a strategic and costly setback for Washington without overt military involvement.

Russia has earned billions due to rising global energy prices and loosened U.S. restrictions on Russian oil, possibly rescuing Russia’s weakened national budget. This provides critical funding to its war effort against Ukraine at a time when sanctions were having an impact.

The diversion of weapons systems, intelligence assets, and funding to the Middle East and reduced political pressure by the U.S. on Russia to negotiate with Ukraine favor Russia’s war efforts against Ukraine.

Russia’s provision of intelligence, upgraded drone technology, and targeting support is forcing the U.S. to employ high-demand and expensive defensive weapons. This is clearly a message by Russia that it is “paying back” the U.S. for support to Ukraine.

Like other gray-zone operations by Russia, this is a chance for Russia to enable cognitive as well as lethal operations against the U.S. For those hoping for a diplomatic path with Moscow, this is another reminder of Russia’s focus on the U.S. as its primary adversary.

China is likewise benefiting strategically. Much like Ukraine, Iran is a live laboratory for China on U.S. military capabilities, drone defenses, strength of alliances, global logistics and supply chains under pressure and, most critically, political resolve. China likely views this as invaluable as it looks toward Taiwan.

China is the primary benefactor of Iranian oil. It not only gets significant discounts; it also increasingly settles in Chinese yuan to undermine the U.S. dollar.

Strategically, the war commits U.S. forces, carriers, munition stocks, and intelligence assets in the Middle East, which takes some pressure off Chinese aggressive activities near Taiwan. China may also be calculating if a major military distraction for the U.S. at some point in the future may create conditions favorable to a more aggressive move against Taiwan.

China is also quietly providing Iran dual-use technology such as BeiDou navigation systems that enable lethal strikes by Iran against U.S., Israeli, and regional targets. In parallel, China exploits current events in the Middle East through information and cognitive operations to undermine U.S. reputation and influence while strengthening its own.

U.S. and Israeli strikes on Iranian leadership, nuclear infrastructure, and military capabilities have been impressive in precision and lethality. Those metrics are useful in a conventional sense, but this is asymmetric warfare embedded in great power competition. Russia and China are not just bystanders. They are active gray-zone participants and clear benefactors of the war, committed to a strategic defeat for the United States. Russia reaps huge energy windfalls and sees less pressure over Ukraine while China quietly observes, learns, and calibrates its options toward Taiwan.

Of course, our national security team understands these dynamics. The challenge is not to fully pivot to Iran, but to continue with a clear-eyed approach to Russia’s and China’s aspirations against the U.S. Even as the U.S. displays considerable military strength against Iran, the U.S. is vulnerable to its most capable strategic adversaries.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

New Presidential Executive Order Targets Transnational Cybercrime

OPINION – The Cipher Brief broke new ground when it published my piece addressing scams as a national security issue in December 2023. Two years later, there is broad consensus that transnational criminals are attacking our citizens and businesses at unprecedented scale, and the White House has responded with a new Executive Order to combat the surge in cybercrime. It is time to raise our defenses, and the Intelligence Community has an important role to play. The lessons gained from the battle with counterterrorism apply to the new world of cybercrime — intelligence and data fusion are key.

A Tsunami of Cybercrime

Reported fraud losses have surged nearly 430% since 2020, according to FTC testimony at a recent Congressional hearing.

[Source: FTC testimony at U.S. Congress Joint Economic Committee, 25 March 2026.]

The money flows mainly into the pockets of foreign crime syndicates—Chinese gangs in Southeast Asia running investment scams, Indian call centers preying on seniors, Mexican narco‑terrorists funneling the proceeds from time‑share fraud into drug trafficking, and others. Who is behind the “toll road” scam that we’ve all received via text message? Chinese cybercriminals.

Teens are at risk, too. Sextortion specialists in West Africa and the Philippines have caused more than 36 teenagers to commit suicide.

The future looks grim. Over the next three to five years, INTERPOL expects a sharp escalation in transnational fraud, driven by artificial intelligence, low-cost digital tools, and increased global criminal collaboration. INTERPOL reports a global surge in AI-enhanced fraud schemes, notably sextortion, investment scams, impersonation frauds, and fake kidnappings for ransom.

Sounding the Alarm

Corporate America started warning last year about the severity of the threat. In February 2025, Google issued a report entitled: “Cybercrime: A Multifaceted National Security Threat.”, urging policymakers to elevate cybercrime as a national security priority.

In late 2025, Amazon, Google, JPMorgan Chase, Meta, Microsoft, Target, and 40 other companies sent an open letter to Congress saying “Scams are a fast-evolving national security threat.” They described a “national epidemic” that endangers public trust and economic stability alike, and concluded: “Our country, its citizens, and its corporations are being targeted and robbed by transnational criminal operations.” Senator Chuck Grassley made the same point at a 2025 Judiciary Committee hearing, describing “industrial‑scale fraud” by transnational organized crime groups as “a national security crisis hiding in plain sight.”

A New Presidential Executive Order Targets Cybercrime

In early March 2026, President Trump signed a landmark Executive Order on Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens, declaring it the policy of the United States to “protect Americans from, and harden our financial and digital systems against, these threats.” The president ordered the Departments of State, Treasury, War, Homeland Security, and the Attorney General to prepare an action plan by July 2026.

For the first time, the White House:

Described cyber-enabled fraud as not just a consumer protection issue, but as an attack by transnational criminals.
Stated that cyber protection for U.S. citizens is a priority.
Assigned a White House official to coordinate the action plan: the Homeland Security Advisor. The Office of the National Cyber Director is also to be consulted. Elevating the issue to the White House level is the right call when faced with a threat that cuts across multiple departments and agencies.

The new Executive Order is a critical step toward restoring trust and safety in our digital economy.

As the nation begins to mount defenses to thwart foreign cybercrime, we would do well to consider some best practices.

The Counterterrorism Model

In recognition of the rising threat of Transnational Criminal Organizations (TCOs), we should think big and create a National Center in the executive branch. The Center would be an operational interagency effort, modeled on the successful National Counterterrorism Center (NCTC) that the U.S. government created after 9/11. The new Center could be under DOJ and DHS, and it would comprise relevant elements from across the government and the private sector. Its mission would be to address all of the ways we are being attacked by transnational criminals, including scams.

In recent months, the federal government has created a variety of task forces to address particular parts of the transnational crime threat. Rather than pursue individual approaches, a National Counter TCO center would provide a more comprehensive and efficient response.

The UK Model: Intelligence and Data Fusion

In March 2026, the British government announced its newest Fraud Strategy and committed £31 million to launch an Online Crime Centre (OCC) in April 2026. The OCC will “unite UK policing, the UK Intelligence Community (including GCHQ, the National Cyber Security Centre and the National Cyber Force) alongside private sector partners from the financial, telecommunications, technology, and cyber industries.” The goal is not just to respond to fraud, but to disrupt it at scale—analyzing large volumes of data to block calls, freeze accounts, and take down fraudulent websites. The UK also recently created a centralized reporting system to speed analysis of victim reports.

Initial U.S. Steps Require Follow-Through

The U.S. Government’s response lags significantly behind that of the British government. The U.S. has not yet created a national strategy, a centralized reporting system, or an intelligence-driven data fusion center. As a result, the U.S. approach is mainly reactive, not preventative. We’re falling further behind.

The UK has committed £250 million over three years to combat fraud, but neither the White House nor Congress has yet allocated the necessary resources. In the U.S., the Administration's budget request proposes a $555.1 million reduction to the FBI's budget for FY 2026.

To illustrate the mismatch in resources, the UK’s central reporting system uses AI from Palantir to analyze the crush of fraud reports. But the FBI told Congress in late March that the Bureau does its analytic work manually. Why can’t our FBI afford modern tools?

As other nations raise defenses, the U.S. risks becoming an increased target. But that outcome is not inevitable. The U.S. has the best technology in the world. With the proper leadership and resources, we can defend our nation against the growing scourge of cybercrime.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why a War in the Middle East Is Hitting Australians at the Petrol Pump

OPINION – Economic insulation is no longer guaranteed by geography. Australia is nevertheless very vulnerable to geopolitical unrest in the Middle East despite its distance from the region, especially through international energy markets. The recent escalation between Iran and important regional players has once again shown how swiftly economic effects from the Gulf War can spread across continents. Australian consumers, businesses, and governments are facing a well-known but growing reality: distant battles have home repercussions as oil prices rise and supply chains tighten.

According to recent Treasury modelling, prolonged fighting may cause Australia's inflation to rise by much to 1.25 percentage points while slowing GDP growth by 0.6 percent over the medium run (Reuters, 2026). This risk is more than just theoretical. It is already unfolding across fuel prices, transport costs, and broader inflationary pressures.

The Strategic Centrality of the Middle East

About 20 percent of the world's oil supply goes through the Strait of Hormuz, which is at the centre of the world's energy vulnerability. Global supply and pricing mechanisms are quickly impacted by any disruption, whether it is from military escalation, blockades, or attacks on infrastructure.

Australia is still largely dependent on imported refined petroleum products even though it is a significant exporter of liquefied natural gas (LNG). Australia suffers domestically from increased fuel and transportation costs while benefiting from high global energy prices through export income due to this structural dependency.

This vulnerability has been highlighted by recent tensions. Analysts warn that short-term price increases in Australia could reach 40 cents per liter due to oil price spikes associated with Middle East unrest (ABC News, 2026).

Transmission Channels: From Oil Shock to Inflation

The method of economic transmission is both quick and extensive. Growing oil prices directly affect the cost of gasoline, which in turn affects manufacturing, transportation, and logistics costs across the economy. In the end, these expenses are transferred to customers.

Higher oil costs affect everything from grocery and delivery services to construction and aviation, according to Commonwealth Bank study, demonstrating how ubiquitous energy-driven inflation is (CommBank, 2026).

This dynamic is strikingly illustrated by recent occurrences. Fuel price spikes associated with the turmoil in the Middle East have already compelled Australian companies, such as those in the transportation, aviation, and logistics sectors, to raise prices and pass costs on to customers (The Guardian, 2026).

Monetary policy responses exacerbate the inflationary effect. The Reserve Bank of Australia is under pressure to maintain or raise interest rates in response to rising inflation, which slows economic development. As a result, there is a classic stagflationary risk: slower growth coupled with price increases.

Structural Vulnerabilities in Australia’s Energy System

Long-standing structural flaws are the cause of Australia's vulnerability to global energy shocks.

First, in comparison to norms set by the International Energy Agency, the nation's strategic fuel reserves are comparatively low. Because of this, Australia is susceptible to temporary supply outages, especially during protracted geopolitical crises.

Second, over the past 20 years, Australia's refining capacity has drastically decreased, increasing reliance on imported refined fuels. As demonstrated by current shortages connected to both Middle East tensions and regional export restrictions, this reliance becomes particularly problematic when global supply lines are disturbed.

Third, domestic price volatility has resulted from the integration of domestic gas markets with international LNG markets. Although LNG exports bring in a significant amount of money, they also expose domestic customers to changes in global prices. Because of this, even in situations where domestic output is robust, Australian consumers may have to deal with rising gas and energy costs.

Beyond Energy: Broader Economic Impacts

The conflict in the Middle East affects more than just fuel prices. Particularly at risk are industries that rely significantly on fuel and transportation, such as manufacturing, construction, and agriculture.

According to recent data, Australia's construction industry is already under strain due to increased oil and freight costs, which are driving up the price of products like bitumen, steel, and cement (The Australian, 2026).

Furthermore, there are extra hazards associated with supply chain disruptions, especially through important maritime routes. Secure shipping channels across the Indian Ocean and Indo-Pacific are essential to Australia's trade-dependent economy. Any prolonged interruption to these routes could result in shortages, delays, and higher expenses in a number of industries.

Policy Imperatives for Australia

Global energy shocks are recurrent, which emphasises the necessity of an all-encompassing and proactive policy response. Australia needs to build structural resilience instead of reactive measures.

Strategic Fuel Security

Australia should significantly expand its strategic petroleum reserves and ensure compliance with International Energy Agency standards. Temporary measures such as relaxing fuel standards or releasing emergency reserves are insufficient substitutes for long-term preparedness.

Investment in domestic refining capacity should also be reconsidered as part of a broader national security strategy. While global markets offer efficiency, overdependence creates strategic vulnerability.

Energy Diversification and Transition

It is both geopolitically and environmentally necessary to accelerate the switch to renewable energy. Australia would be less vulnerable to outside shocks if it relied less on imported fossil fuels.

Long-term energy independence can be improved by investing in wind, solar, and hydrogen energy, especially in places like South Australia. To prevent short-term supply gaps and price volatility, the transition must be handled carefully.

Domestic Gas Reservation Policy

Australia should look into enhancing domestic gas reserve systems to ensure that a part of output is distributed to the local market at stable prices. The Western Australian approach provides a viable roadmap for balancing export revenues and domestic affordability.

Maritime and Strategic Security

Given the significance of global shipping routes, Australia must improve its maritime security capabilities and strengthen ties with regional partners. Maintaining global energy flows requires protecting freedom of passage, particularly in important chokepoints such as the Strait of Hormuz.

This involves diplomatic involvement, participation in global security initiatives, and naval capability development.

Economic Buffer Mechanisms

Short-term policy solutions are also useful for minimising immediate consequences. These could include targeted fuel subsidies, cost-of-living adjustments, and assistance for vulnerable industries.

However, such policies must be carefully constructed to prevent distorting market signals or jeopardising long-term energy transition objectives.

The Middle East wars are no longer remote geopolitical occurrences with little importance to Australia. In a linked global economy, they pose urgent and visible threats to home security.

The current crisis has highlighted a fundamental reality: Australia's economic resiliency is inextricably linked to global energy security. Rising oil prices, interrupted supply chains, and inflationary pressures are not outliers; they are structural characteristics of a globalised energy system.

Canberra's policymakers face a clear challenge. Australia must anticipate, rather than simply respond to, external shocks. This calls for a combination of strategic reserves, diverse energy sources, strong domestic policy, and active international participation.

Failure to act will expose Australia to the next Gulf disaster. Strategic foresight, by contrast, offers a pathway toward resilience in an increasingly volatile world.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why the ‘Day After’ Is The Most Important Day in the Iranian Conflict

OPINION — The countries that get held up as models for this kind of US led attack are worth looking at closely, because they’re instructive in the wrong direction.

Iraq fell in twenty-one days in 2003, but Saddam Hussein was running a hollow state. His military had been gutted by a decade of sanctions, the 1991 Gulf War, and the no-fly zones. There was no grassroots ideological loyalty to the man — people obeyed out of fear, not faith. The moment the fear lifted, the structure dissolved. What followed was twenty years and trillions of dollars trying to hold the country together. Regime change worked militarily in three weeks and failed politically for two decades. Libya was a one-man personality cult held together by oil money and tribal patronage with no real institutional military and no ideology beyond Gaddafi himself. Remove the man and there was nothing underneath. The result wasn’t a democracy. It’s been a failed state ever since. Venezuela is a different category altogether because it hasn’t actually undergone regime change but rather the leader of the regime changed.

Iran is categorically different, and there are six reasons why that’s worth taking seriously and explains why the Trump Administration’s goals have shifted from Regime Change to Negotiating a Deal.

1. The first is that the regime is the ideology. The Islamic Republic isn’t just a government. It’s a theocratic revolutionary project that has spent nearly forty-seven years fusing religion, nationalism, and anti-imperialism into a single identity. For tens of millions of Iranians, particularly the rural poor, the deeply religious, and the Revolutionary Guard apparatus, the regime isn’t just who’s in power. It’s who they are. Saddam had fear. Gaddafi had tribal patronage. Khamenei has true believers. Unfortunately, you can’t bomb an ideology out of existence.

2. The second is the IRGC, and this is probably the most under-appreciated part of the whole conversation. Most coverage treats the Revolutionary Guard as a military institution, which it is, but that framing misses what actually makes it so durable. These are people who control ports, construction contracts, telecommunications infrastructure, black market oil exports. In fact, it controls somewhere between a third and forty percent of the entire Iranian economy. Before the conflict started, the IRGC had its own navy, air force, ground forces, intelligence apparatus, and foreign legion in the Quds Force. It’s not only ideology holding the institution together. It's an enormous class of people with enormous personal financial stakes in the continuation of the current arrangement. When you kill a general in Iraq, the army wobbles. When you kill an IRGC commander, the institution absorbs it and hardens. Israel killed multiple top commanders in 2024 and 2025. The organization did not collapse. It adapted. There are some who think the IRGC’s recent comments indicated it has is following Venezuela’s lead; has seized power and wants to make peace with the US.

3. The third is geography and strategic depth. Iran is roughly four times the size of Iraq and three times the size of Libya. It covers one point six million square kilometers of mountains, deserts, and dispersed population centers. Critical military and nuclear infrastructure is buried under mountains, in tunnels reinforced with concrete and hundreds of feet of rock. Fordow was designed specifically to survive a nuclear strike. It is difficult to fully decapitate a regime that is geographically dispersed, has hardened underground command structures, and has spent forty years preparing for exactly this scenario. The ability of disparate groups to control vast swaths and for the country to degenerate into civil war is high. This administration seems to be cognizant of that risk and with total air supremacy has made substantial progress towards irreversible damage to the regime but there are challenges in what can be accomplished by air power alone.

4. The fourth is that the population is complicated in ways that get lost in Western coverage. Yes, there have been significant protests. Yes, millions of Iranians, particularly urban, educated, younger Iranians, despise the regime. But the assumption tends to be that they experience their government the way Iraqis experienced Saddam which was something purely imposed, something they’d shake off the moment an outside force gave them the opening. Iran fought the bloodiest war since World War II largely without allies, against an Iraq the West was quietly supporting. That experience left a scar that runs across ideological lines. You can find Iranians who genuinely despise the mullahs and who would still recoil from a US military intervention on Iranian soil. This stems not out of loyalty to the regime, but out of something older and harder to dislodge than political preference. They identify as Persian. A foreign airstrike doesn’t read as liberation in that context. It reads as confirmation of everything the regime has been saying since the 1970s. And Persians view themselves as the conquerors, not the conquered. Compare that to Iraq in 2003, where significant portions of the Shia and Kurdish populations welcomed the invasion, or Libya where rebels were already fighting in the streets asking for NATO intervention.

5. The fifth is the proxy architecture. Iran has spent decades building what it calls the Axis of Resistance which is a network of proxy forces spread across seven countries specifically designed so that Iran never has to absorb a full military attack alone. Hezbollah in Lebanon, the Houthis in Yemen, Shia militias in Iraq, Hamas in Gaza, assets in Syria. These are not just political allies, These are pre-positioned military capabilities Iran can activate without firing a single missile from Iranian soil. Israel did real damage to Hezbollah’s command structure and arsenal in 2024 and 2025, and that’s worth acknowledging directly. But degrading a node in a network isn’t the same as collapsing the network. Iran’s demonstrated response to losing a piece is to absorb it, adapt, and rebuild, not to negotiate from weakness. We are already seeing the damage and distraction that both Hezbollah and the Houthis have created by starting new fronts against the US and its allies. It is unclear how capable either force is or how long those forces can commit to further support. It is the unknown that makes the situation unpredictable. And is a reason to be thoughtful in our approach.

6. The sixth is that there is no ready-made replacement. One of the quiet lessons of Iraq and Libya is that regime change requires someone to hand power to. In Iraq there was at least a political infrastructure of exiled opposition parties. In Libya there were rebel militias with territorial control. In Iran the opposition is fractured, largely in exile, ideologically diverse. The opposition ranges from monarchists to secular liberals to the MEK, which is widely despised inside Iran and has zero military capacity inside the country. Without a credible successor, military strikes may not produce an acceptable regime change. These attacks could produce chaos, and chaos in a country of ninety million people with a sophisticated weapons program is far more dangerous than the regime itself. And, any successor viewed as a puppet of America will fail. The Persian culture will reject someone imposed on it. The people will have to broadly support any new political leadership. And, that has not happened. There are many reasons we do not see large numbers of Iranians trying to seize the momentum and overthrow the regime. It doesn’t matter. For this reason alone - lack of a popular uprising and rally behind a clear replacement, the regime is unlikely to change. And, Iranians were never going to accept a new leader picked by the United States and Israel. It has to be organic.

The honest historical lesson is this: the US has never successfully engineered lasting regime change in a country with these characteristics. Not through sanctions, not through airstrikes, not through proxy support. The question isn’t only whether the US has destroyed Iran’s nuclear program with these attacks, it almost certainly has degraded it significantly. The question is what comes after, and on that, history offers very little comfort. Which is why it appears this administration has not prescribed what will happen next preferring to keep all options on the table. If, as Trump encouraged in his public addresses, the population rises up and overthrows the clerical ruling class, then regime change will have been achieved and the follow-on becomes a test of who is the new regime and what kind of deal can the US reach with the new leaders. If the population fails to rise up and the regime, despite being damaged, survives (the most likely outcome), the option list gets very short, very fast. The best option is to reach a negotiated deal that keeps the Straight of Hormuz open while insuring Iran does not develop nor acquire nuclear weapons.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Taking a Stand on Adversaries’ Influence in the Western Hemisphere

THE BLUF: The January 3rd Operation Absolute Resolve ousted Venezuelan Dictator Nicholas Maduro but the full consequences of the US operation continue to play out. With that move, the subsequent Shield of America’s coalition, and apparent blockade of Cuba, the Trump administration has made one message clear to the world and that is that the US is pushing back on adversaries’ influence in the western hemisphere. This is a vast change from the last twenty or so years where we watched US influence in the region, especially Venezuela, wane amid an increase in Chinese, Russian, and Iranian influence. The US administration’s 2025 National Security strategy forewarned of this policy change with the call for the US to renew the Monroe Doctrine which the last administration put aside. The 1823 doctrine says the United States would reject other countries’ influence in Latin America.

Strategic Competition

Over the last twenty years or so, China has made the most inroads in Latin America. China started enhancing its relationships in the region through trade and infrastructure building which many dismissed as just global economics. Over time, China branched out to other fields to include selling weapons systems, buying minerals, allegedly building spying stations in Cuba, building regional infrastructure to include communications, and strengthening diplomatic ties.

China started its run for dominance in the region by acquiring the ports at either end of the Panama Canal and later, by acquiring the largest freight port in the hemisphere in the Bahamas.

China’s largest nondomestic space facility is located in Argentina’s Patagonian Desert. In February 2026, the House Select Committee on China reported that their investigation uncovered that China has developed an extensive network of dual-use space ground stations and telescopes across Latin America and uses this network to collect intelligence and boost the PLA's warfighting capacity. The investigation found at least eleven China-linked space facilities established across Argentina, Venezuela, Bolivia, Chile, and Brazil.

In December 2025, China released a new LATAM Policy paper that underscored the significance of the region to China and laid out new programs for closer cooperation on all fronts.

With the exception of Venezuela and Cuba, Russia has had less success in building influence in the region. However, its military-to-military relationship with Venezuela prior to the US extracting Maduro in January was robust.

Russian Su-30MK2 fighter jets were a key part of the Venezuelan Air Force. Venezuela also had Russian S-300VM (Antey-2500) battalions, Pantsir-S1, and Buk-M2E.

According to Reuters, Wagner Group members were in Caracas in 2019 to provide security for President Maduro following protests against his regime. Members of the group also trained elite combat units in Venezuela and were spotted in Venezuela as recently as 2024.

The 2025 Joint Strategic Partnership Initiative between Russia and Venezuela reaffirmed their intent to coordinate under the OPEC+ framework, avoid predatory competition, and jointly stabilize global energy markets, coordinate on communications and counterterrorism. The document also envisaged closer cooperation between Russia and Venezuela at the United Nations and other international organizations and in the area of arms control, along with joint opposition to the imposition of unilateral sanctions.

In October 2025, Maduro himself said publicly that Venezuela had more the 5,000 IGLA-S surface to air missiles positioned around the country.

Iranian influence in the region is less robust than that of the other adversaries and focused on evading sanctions and financial support to its proxy groups, especially Hizballah.

Petkaap III fast attack boat, CM-90 anti-ship missiles, GPS jammers, and passive detection systems are the most visible aspects of Venezuela’s ties with Iran.

In the past two decades, Venezuela and Iran deepened their ties with increasing industrial, economic, and military cooperation that includes fast-attack boats, anti-ship missiles, drones, and even a Hizballah presence.

Iranian-made drones were reportedly being produced in Venezuela, and Iranian-designed fast-attack naval vessels have also appeared. Caracas began with the “Arpía-001” surveillance UAV in early 2012 and quickly graduated, with Iranian help, to the EANSA assembly line beside El Libertador Air Base. Imagery and leaked purchase orders indicate a yearly output of approximately 50 Mohajer-2 derivatives (ANSU-100) and sub-kits for the stealthier Shahed-171 clone (ANSU-200).

In 2023, Brazil’s “Operation Trapiche” exposed a Hezbollah cell planning attacks against Jewish sites in São Paulo, with agents trained in Lebanon and employing local criminals for plausible deniability.

In 2024, Peruvian authorities arrested an Iranian Quds Force officer, Majid Azizi, for planning assassinations of Israeli citizens during a summit in Lima.

Why it Matters

Throughout the Soviet period, the US was aware of the Soviet Union’s Active Measures campaign in the Western Hemisphere and sometimes clashed with the Soviets over it. The two superpowers played proxy wars for influence throughout the region, funding political parties, sending in arms, and in some cases, inciting revolutions. With the breakup of the Soviet Union, the US ignored the ongoing competition in its own hemisphere and US primacy faded.

With increased awareness of the grey zone and cognitive warfare activity against the US worldwide, there is renewed interest in securing this hemisphere. Our ability to establish secure borders depends on having strong and friendly neighbors. To do this we need a combination of good trade, diplomacy, and a persistent intelligence capability that will alert the US and our neighbors as to what our adversaries are doing in the grey zone.

Conclusion

Multiple US administrations have turned a blind eye to our adversaries gaining influence into this hemisphere. Historically, we have ignored their activities or explained them away as merely open trade. This has resulted in security threats near our borders. We have allowed these adversaries to compromise our supply lines, our communications, and our transportation routes. This puts them in position to both gather important information and cutoff our accesses if they choose. This post Absolute Resolve moment gives the US the opportunity to put our adversaries on notice that the US will not stand by and allow them to infiltrate the US through its neighbors.

We know that the US can be a better partner than its adversaries. We need to double down and prove that to our neighbors while standing firm that we will not allow those adversaries to infringe on our resource and supply routes. It will take more than might to bring our neighbors around but steady diplomatic interaction and partnering will ensure that the US redevelops the robust relationships that should be our primary focus in the Western Hemisphere.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Iran Is Building the Disinformation Architecture of the Future

OPINION — Iran is the right place to start. Not because it is the most sophisticated adversary in disinformation—but because it is the most instructive. It has built a working infrastructure. It is using it in a live conflict. And it is showing us exactly what AI will make possible over the next five years.

This is not a future problem. The architecture is already under construction.

Within hours of the February 28, 2026 U.S.-Israeli strikes, AI-generated images of a burning USS Abraham Lincoln were circulating on Telegram and X—reaching millions of views before CENTCOM had drafted its first denial. Prime Minister Netanyahu was forced to post live video of his own hands to prove he was alive. AI-manipulated satellite imagery triggered a Pentagon response. The system moved faster than any government could react.

The goal is never to make people believe the lie. The goal is to make them uncertain enough about the truth that they question everything.

You cannot deter an adversary whose population believes you are losing. You cannot sustain a coalition when allied publics believe the conflict is a Western atrocity. Cognitive security is the war within the war.

What Iran Does Well Today

Five capabilities define Iran’s current playbook.

Speed. Iran wins the first news cycle. Producing a convincing false image takes minutes; verifying and rebutting it takes days. They don’t need to win the fact-check—only the first 24 hours.

Encryption. Fabricated battle footage seeded into WhatsApp and Telegram bypasses platform moderation entirely. These are primary news sources in the regions Iran targets—and they are effectively uncontested.

Proxy deniability. Networks like Houthi media ecosystems publish aligned narratives with no visible link to Tehran. Strategic impact, no attribution.

Narrative proxies. Iran amplifies existing frames—Palestinian solidarity, anti-Western sentiment—embedding its messaging inside movements it did not create.

The liar’s dividend. Once synthetic content floods the environment, all content becomes suspect—including the truth.

An easy way to remember Iran’s approach is to think of it as SPEAR: Speed (first-mover advantage), Proxies (deniability through networks), Encryption (closed-channel distribution), Amplification (narrative piggybacking), Relativism (liar’s dividend / truth erosion)

What AI Changes are Ahead

What comes next is not an evolution of this model. It is a step-change.

Agentic deepfake pipelines will compress production cycles to minutes, allowing synthetic battle footage to appear before real events are confirmed. Fact-checking becomes structurally irrelevant.

Voice cloning at WhatsApp scale will enable fabricated battlefield admissions or casualty reports—delivered in the voice of trusted leaders and distributed through personal networks where no platform intervention is possible.

AI-built persona networks will maintain credible, year-long digital histories before activation, eliminating the detection signals platforms rely on today.

Blockchain-hosted content will make disinformation permanent and immune to takedown. Domain seizures become obsolete.

Personalized deepfakes will target individuals directly—delivered in local dialects, referencing familiar places, increasing believability beyond broadcast media.

LLM-driven agents will build real relationships online, embedding influence within communities rather than broadcasting at them.

AI-generated media ecosystems will produce entire news infrastructures—sites, journalists, commentary—at global scale and near-zero cost.

Narrative flooding at scale will generate thousands of conflicting explanations simultaneously, overwhelming audiences and collapsing shared reality.

Precision-targeted persuasion will tailor messaging to specific identities, beliefs, and behaviors with unprecedented effectiveness.

Self-optimizing amplification systems will continuously refine timing, targeting, and distribution—turning disinformation into a persistent, learning system rather than a campaign.

The Strategic Picture

We are moving toward a world where detection is nearly impossible in the early stages, narrative creation collapses from hours to minutes, scale expands from thousands to millions simultaneously (and becomes more precise) and cost of entry falls to near zero.

Small, under-resourced actors will have the ability to shape global perception on a continual basis. No limits.

The future of AI-driven innovation also has a model for us to remember.

Think of AIMS - Automation (agentic systems), Individualization (personalized deepfakes),

Multiplication (scale, narrative flooding, media generation), Self-optimization (learning systems, amplification)

We know where to focus. We know what to do. In fact, much of the innovation is being built in our own ecosystem.

The requirement, however, is constant innovation: a perpetual red-team mindset—testing, adapting, and outpacing adversaries who are already compressing time, expanding scale, and targeting the world’s cognitive infrastructure.

This is not a media problem. It is a battlespace. One we are prepared to excel in.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Can the U.S. Win the Critical Minerals Competition?

What U.S. national security interest binds Greenland, Argentina, the Congo, and the Cook Islands? What was the impetus for the recent “strategic resilience” bill in Congress? And as Washington retreats from many global alliances, what’s the issue driving a U.S. push for closer ties with more than 50 nations?

The answer to all three questions involves critical minerals – integral elements in everything from smartphones to cars to major weapons systems, and an issue that has surged in strategic importance as China weaponizes its advantages in the minerals supply chain.

“For years, China has leveraged its dominance of critical minerals by manipulating global markets and supply chains,” Senator Todd Young (R-Ind.), a co-sponsor of the “strategic resilience” measure, told The Cipher Brief. “These materials are used in everything from fighter jets and submarines to missile systems and drones, and China’s monopolization has created a significant vulnerability.”

Experts agree: the competition for these minerals poses one of the most important strategic challenges of our time, and the U.S. faces a long and uphill struggle to counter China’s advantage. Critical minerals are often referred to as “the new oil”; one leading expert calls them “America’s most dangerous dependence.”

The push to reduce that dependence has been in the works for more than a decade, but only recently has the U.S. begun implementing an industrial and diplomatic strategy of its own, aimed at diversifying the supply chain and at least denting China’s near-monopoly on the supply and refining of these minerals.

“This is the culmination of looking at every single tool in the toolbox and the broader strategic issues,” Fabian Villalobos, Senior Engineer at RAND and Professor at the RAND Graduate School of Public Policy, told The Cipher Brief. “The U.S. is moving from analysis and into operations. There’s a point when you stop doing analysis and you start doing something about it.”

China’s Big Head Start

China’s path to dominance in the critical minerals space – like many aspects of its rise to global superpower – has been a long time coming. Since the 1990s, Beijing has tightly controlled the mining, processing, and export of critical minerals, backing its state-owned companies, restricting foreign investment, and consolidating production.

Today, China isn’t just a prolific miner of minerals; it dominates the ecosystem that brings them to market. The 2025 USGS Mineral Commodity Summary reads like a litany of China’s hold on the supply chain: The U.S. is completely dependent on imports for 12–13 minerals on its list of critical minerals; China is the leading supplier for 24 minerals for which the U.S. import reliance exceeds 50%; and for 19 of the 20 minerals that the U.S. rates as most strategically important, China refines at least 70% of the global supply – and more often well beyond 90%.

China’s chokehold wouldn’t matter much if U.S.-China relations were on a smooth path; they aren’t, of course, and last year the issue made headlines because China played its “minerals card” to great effect. Following President Trump’s imposition of tariffs against China in April, Beijing responded by tightening export controls on rare earths and magnets, and six months later it expanded the restrictions, targeting minerals essential for the U.S. defense sector. A Trump-Xi summit led to an easing of the restrictions, but the message had been sent: on a vital issue for U.S. economic and national security, China has the U.S. over a barrel.

Villalobos said that as important as China’s grip on the minerals supply chain is its industrial policy – a package of state financing, price manipulation, and export controls that aims for dominance in key high-tech sectors.

“Xi Jinping has directed components within China to create a world dependent on its industry,” Villalobos told The Cipher Brief. “And China wants to dominate the industry of the future – whether that’s electric vehicles, batteries, robots or high-tech weapons.” He cited the example of gallium, a mineral used in semiconductors for solar panels and LED screens. By imposing export restrictions on gallium, he said, Beijing has driven some foreign companies to house manufacturing in China. “What China does is incentivize technology into their country.”

Meanwhile, China has extended its supply advantage by striking deals with mineral-rich nations in Latin America and Africa. The result? A near-stranglehold over the global supply chain.

On the Home Front: “Project Vault” and a “Strategic Resilience Reserve”

Successive U.S. administrations have been working on the minerals issue for more than a decade. The Obama Administration’s Department of Energy issued a Critical Minerals Strategy in 2010; since 2020, the Pentagon has spent more than $439 million to establish a domestic rare earth element supply chain; and the Biden Administration established the 14-nation Minerals Security Partnership (MSP) in 2022.

The second Trump administration has “turned it up a notch,” as Villalobos said, with a flurry of measures on the domestic and global fronts.

On February 2, President Trump announced “Project Vault,” a $12 billion plan to build a U.S. stockpile of critical minerals, spur domestic production and insulate producers from future supply shocks. The project is backed by a $10 billion loan from the Export-Import Bank of the United States (by far the largest outlay in the bank’s history), along with $2 billion in private funding. The stockpile – which Trump likened to the U.S. Strategic Petroleum Reserve – would ensure a 60-day emergency supply for manufacturers. As President Trump put it, “We don’t want to ever go through what we went through a year ago”—that is, when China imposed the export controls.

Observers note that Trump is taking a China-style approach – leveraging the state’s economic and political power to secure supply. As laid out, Project Vault would employ many of Beijing’s tactics – state financing, partial government ownership of mining firms (most notably a multibillion-dollar public-private partnership with MP Materials), and strategic stockpiling to support domestic producers.

“The Trump administration has proven willing not only to convene these initiatives but to back them with significant taxpayer resources,” Michael Froman, president of the Council on Foreign Relations, wrote in February. “In the past six months, the administration has announced plans to deploy tens of billions of dollars in public capital—taking equity stakes in and extending credit to strategic firms—in an effort to reengineer entire global supply chains.”

Prior to the “Project Vault” announcement, Senator Young and three other members of Congress – a bipartisan group – introduced the SECURE Minerals Act, which would establish a $2.5 billion “Strategic Resilience Reserve” (SRR) for critical minerals, support domestic industry, create storage facilities to warehouse supplies of key materials, and “act as a market stabilizer against price manipulation.”

“To grow our independence and protect our national security,” Sen. Young told The Cipher Brief, “we need to ensure the United States has a secure and accessible supply of critical minerals.”

Mahnaz Khan, Vice President of Policy for Critical Supply Chains at Silverado Policy Accelerator, co-authored a recent Council on Foreign Relations report on countering China’s advantage. “What is emerging under the Trump Administration,” Khan told The Cipher Brief, “is a new American industrial playbook for critical minerals.” The overall approach, she said, “is about rebuilding and reshoring an entire rare earths sector to reduce decades of dependence on China.”

On the Global Stage: A Hunt for Allies

Experts and policymakers agree that the U.S. cannot replicate China’s 30-year head start in mining and refining – at least not anytime soon. With that in mind, the Trump Administration is turning to other parts of the world for help.

On February 4, Secretary of State Marco Rubio hosted leaders from more than 50 countries in a gathering “to reshape the global market for critical minerals and rare earths.” The meeting served as a launch for the Forum on Resource Geostrategic Engagement initiative (FORGE), which the U.S. pitched as a coalition of nations that would work as a counterweight to China. The State Department said FORGE would demonstrate “the benefits of working together…to strengthen diversified, resilient, and secure critical minerals supply chains.”

It was a striking show of multilateralism for an administration that has taken a hardline approach to many longstanding alliances.

One week later, the Trump administration sent the largest-ever U.S. delegation to Africa’s biggest mining conference – a nod to that continent’s rich supply of critical minerals, and another example of engagement in a part of the world the Trump Administration had neglected.

Meanwhile, the U.S. has pursued a slew of bilateral deals; as Axios put it, “President Trump is bringing his prospector’s pick to nearly every corner of the globe — including Ukraine, Venezuela and Greenland — in a push to boost the U.S. supply of minerals.”

On the day of the 54-nation minerals meeting, the State Department announced critical minerals frameworks or MOUs with Argentina, Morocco, the Philippines, the United Arab Emirates, Great Britain and a half dozen other countries. These followed larger-scale agreements: a multibillion-dollar deal with Australia that officials said could provide up to 40 of the 50 minerals the U.S. deems essential; a U.S.-Saudi Arabia agreement to develop a refinery in the kingdom; and a U.S.-Japan trade agreement that includes Japanese investment in a Georgia-based plant that produces synthetic diamond grit – a mineral used in advanced manufacturing and semiconductors. Last year the U.S. signed a minerals deal with Ukraine, and Trump has acknowledged that rare earths are a part of his interest in gaining control over mineral-rich Greenland.

“It’s got to come from somewhere,” Villalobos said of the wide-ranging push for more global supply. “The harder piece is where you put up non-Chinese refineries.”

When it comes to convincing other nations to sign on to an anti-China minerals coalition, the U.S. may face headwinds. Many U.S. allies have bristled at American tariffs and threats and ridicule from Trump and his top aides. As Politico noted, “Some will be skeptical about America’s new-found zeal for cooperation on this issue.”

“In the aftermath of a year of disruptive diplomacy, culminating most recently with the tension over Greenland with the rest of NATO, many have asked how willing other countries are to work with us,” Froman said. “Other countries have domestic politics, too, and based on many of their recent statements, our goodwill is diminishing.”

“Leapfrogging” China – and Other Out-of-the-Box Ideas

Some experts have argued that given the urgency of the issue and China’s huge head start, out-of-the-box thinking will be required.

A report published this month by the Council on Foreign Relations and Silverado Policy Accelerator argues that the U.S. should aim to “leapfrog” China’s dominance by “scaling disruptive innovation, recovery, and recycling” rather than striving to “out-mine, out-process, or out-fund China.”

“The United States will not secure its critical mineral future through traditional mining and processing alone,” the report said. “The most promising way to leapfrog China’s entrenched position is for the U.S. government to maximize breakthrough materials engineering, advanced extraction and processing technologies, waste recovery and recycling.”

In a similar vein, a study published in Science said that the U.S. could meet most of its critical mineral needs by recovering metals from existing mining waste. Researchers at the Colorado School of Mines analyzed waste from 54 active U.S. mines and concluded that “byproduct recovery” could supply sufficient amounts of copper, lithium, nickel, rare earths and other materials; for 15 minerals, including gallium and germanium, the report claimed that recovering less than 1% of waste could replace all imports; for another 11, including lithium, 1–10% recovery would suffice.

Villalobos is skeptical that “leapfrogging” China is possible anytime soon. While he supports greater investment and innovation in domestic mining, he said real impact would take years. On the recycling front, he and others noted that China has a head start there as well – given that EV battery producers have built-in recycling departments, and that it may be difficult to make American recycling and recovery economically viable. “It doesn’t mean we shouldn’t be doing these things,” he said, “but it’s just part of a long-term strategy.”

Then there’s the prospect of deep-sea mining – which is where the Cook Islands come in. Last year the U.S. announced bilateral cooperation with the 15-island nation, located between New Zealand and Hawaii, on seabed mineral exploration within the islands’ Exclusive Economic Zone. That’s a vast area that is rich in cobalt, nickel, titanium, and other critical minerals. The announcement followed an April Trump administration executive order – “Unleashing America’s Offshore Critical Minerals and Resources” – that would allow for deep-sea resource exploration in international waters. A RAND report found that “the emergence of a seabed mining industry would introduce a new source of supply for critical minerals,” but RAND and others have noted that deep-sea mining is highly controversial from an environmental standpoint, and that China has been aggressively pursuing deals with the Cook Islands and other Pacific island nations as well.

Further “out of the box,” some hi-tech leaders believe AI and quantum computing could be part of the solution, by helping to design synthetic substitutes and alloys. Speaking at this year’s World Economic Forum, SandboxAQ CEO Jack Hidary said these tools could compress decades of material development into a few years, thus bypassing China’s near-monopoly on refining.

Experts stress that in the critical minerals competition, it’s not a choice between domestic innovation and global diplomacy and out-of-the-box ideas; the U.S. should be trying all of these measures – and more.

“A long-term strategy must take an all-of-the-above approach,” Farwa Aamer, Director of South Asia Initiatives at the Asia Society, wrote in a recent report. “It must build capacity in the United States and among trusted partners, while also supporting research into alternatives and substitution technologies.”

A Long Road Ahead

President Trump has already claimed that victory in the minerals competition is on the horizon. “About a year from now, we’ll have so much critical mineral and rare earths that you won’t know what to do with them,” Trump said at a signing ceremony for the U.S.-Australia minerals agreement.

Experts have a different view – noting that new mines and refineries will take a decade or more to come online, some would-be allies may be reluctant to join the U.S. coalition, and the Trump administration’s recent funding pledges may face political challenges as well.

The domestic policy “is not without risk,” Froman said. “The U.S. government has announced more than $30 billion of direct funding commitments…related to critical minerals. In a number of cases, the government is taking direct equity stakes in private companies, pushing the envelope of industrial policy into the realm of state capitalism. The taxpayer stands to lose a great deal if these investments and loans go south.”

The Nikkei Asia Review surveyed experts after the “Project Vault” announcement and said that overall, the U.S. faces a “decade-long” road to loosening China’s grip on rare earths” – with refining representing the principal challenge.

Meanwhile, China isn’t standing still. Beyond the lever of export controls, Beijing has moved to build a global minerals alliance of its own, and it continues to challenge U.S. efforts on the world stage. Experts note China’s recent success in gaining control of a major Tanzanian rare-earth mine, which for years had been held by an Australian company and seen as a model for creating a China-free supply of rare-earth minerals. According to Benchmark Mineral Intelligence, Beijing now stands to receive all the rare earths flowing from Tanzania, one of the world’s major emerging sources of the elements, by 2029.

Can the U.S. still “win” the critical minerals competition? Experts say the answer is Yes, if winning means reducing vulnerability and building a coalition strong enough to blunt Chinese coercion. Put differently, success would mean that China cannot use its minerals advantage to shut down U.S. defense or tech production.

“Winning in critical minerals means reducing net import reliance by scaling mining and processing at home and with trusted partners,” Silverado’s Khan said, “so that China can no longer use these critical minerals as leverage in trade conflicts, securing U.S. economic and national security for the long term.”

Villalobos said the most important challenge is ensuring a price floor for minerals, one that lasts and exists for more than one company at a time (at the moment only the MP deal has such a provision). “If you can get a price floor that applies to the whole industry and that’s global in scale, that’s victory. After that it’s just a waiting game.”

But if winning is defined as replacing China as the world’s dominant minerals power, and doing so anytime soon, then it would appear the answer is “No.” And even in the best-case scenario, much will be needed for a “win”: a consistent stream of domestic investments – likely running north of $100 billion; effective cooperation with allies; far greater refining capacity; and innovation in domestic mining, recycling and possible alternatives to existing minerals. Again, an all-of-the-above approach – along with a measure of patience.

“Do I believe that the U.S. has a chance?” Villalobos said. “The answer is yes. The reality of the ‘yes’ is that it’s going to take a while.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Iran Exposed a New Reality for U.S. Air Power

OPINION — For thirty years, American wars have contained a quiet assumption: that the skies were uncontested. From Grenada and Panama, through Desert Storm, Afghanistan, Iraq, and Libya - the US could reliably achieve air superiority very quickly, almost a preordained fighting condition. Operation Epic Fury, however, has challenged that assumption, marking the first time in a generation the US has been forced to establish air superiority. And though air superiority was achieved over Iran in less than 100 hours, that superiority required a massive, multi-layered effort that contrasts with three decades of precedent.

For a generation, US policymakers and military planners have taken air superiority as a starting condition of war. No adversary, not since Korea or Vietnam, has had the capacity to challenge US warplanes for control of the skies. Panama for example, during Operation Just Cause, had neither fighter jets nor surface-to-air missiles (SAMs), and had to rely on small arms fire to thwart American air power. In Afghanistan, during Operation Enduring Freedom, the Taliban’s air force featured a handful of Cold War relic aircraft and MANPADS, left over from the Soviet-Afghan War, against which US forces could operate with impunity. Even during Operation Desert Storm, the US leveraged electronic warfare and stealth aircraft to destroy Saddam’s French-built, centralized “KARI” Integrated Air Defense System (IADS) in a concentrated effort, establishing air superiority rapidly. And again, in Serbia, NATO was able to dominate the air by effectively bypassing Serbia’s capable, yet fragmented, SAMs. On different continents, in different decades, against different adversaries—the outcome was always the same: the US expected to achieve air superiority and did so quickly.

But Iran offered the US a different kind of challenge. Tehran, long hampered by sanctions, understanding they could never achieve parity with the US, didn’t try to build an equivalent air force. Instead, Tehran spent decades building a defensive system that could complicate access, making the establishment of air superiority costly and uncertain. Rather than invest in cutting-edge fighters that could go toe-to-toe with the F-22, Iran invested in IADS, including layered SAMs, radar networks, ballistic missiles, drones, and hardened infrastructure. The result was a patch of airspace that the US would need to fight to dominate.

Iran’s air defenses fell quickly, too, in just four days, but it was only after the execution of a massive, multi-domain campaign that relied on unprecedented intelligence sharing from a regional partner; unlike recent conflict that leaned heavily on limited air assets, Iran required a coordinated multi-domain effort across cyber, space, and air. Phase one featured the blinding and spoofing of Iranian defenses with cyber, space, and electronic warfare systems. Phase two featured the Suppression of Enemy Air Defenses (SEAD), the destruction of Iranian radars and missiles with stealth aircraft (i.e., the B-2 Spirit) and standoff missiles (i.e., Tomahawk, PrSM). And phase three, penetration, with full strike operations and heavy bombers dropping guided bombs. In all, more than a thousand targets were struck. The point being: that even for the world’s most capable air force, dismantling Iran’s IADS required an enormous and coordinated effort; air superiority was achieved - but it was far from automatic.

Ultimately, American and Israeli forces needed just four days to establish air superiority over Iran, whose airspace now, more than one month into the conflict, is essentially permissive. And while the four-day timeline suggests a rapid collapse, the speed of victory masks the exertion that was needed to achieve air superiority, and what that exertion suggests about future wars.

Iran is formidable only by regional standards; their IADS is modest when compared to the air defense networks of major powers like Russia or China who can boast dense IADS, long-range missiles, layered air defenses, and distributed networks. And the major powers, no doubt taking notes on the hindering effects of Iran’s IADS, will likely be inclined to continue bolstering their own IADS networks. From the American perspective the problem here is clear: if dismantling Iran’s system required such a massive opening campaign, the challenge of gaining air superiority against a near-peer will certainly be far greater. Epic Fury may well have established a new precedent, setting the tone for the next generation of US warfighting, in which control of the air is no longer a default starting point, but rather the first objective.

For thirty years, American military power has operated under an assumption gained through the Cold War’s end: that the skies are ours. Operation Epic Fury suggests the first meaningful counter to that assumption. And though the US maintains a technological advantage in the air, the next generation of war could require the US to once again fight for control of the skies.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Close the Iran War Came to a Nuclear Disaster

OPINION — “Nuclear facilities on both [the Iranian and Israeli] sides have been targeted. That’s where we are in this war, and that’s how far it’s escalated. If a nuclear reactor like [Iran’s] Bushehr [nuclear power plant] were hit there’s a significant risk of a meltdown and leaks of extremely dangerous radioactive materials that would affect all countries in the [Middle East] region, and, of course millions of people including Americans and American service members.”

That was Rep. Joaquin Castro (D-Texas) speaking last Tuesday at a House Foreign Affairs Committee meeting on “Securing the Future: Arms Control and International Security for the Modern Age,” where Thomas G. DiNanno, Under Secretary of State for Arms Control and International Security was the only witness.

As the U.S./Israeli air attacks have increased and Iranian missile and drone strikes continued, Rep. Castro’s concern was echoed by International Atomic Energy Agency (IAEA) Director General Rafael Mariano Grossi.

At the hearing, Rep. Castro called attention to Iran claiming that on March 17, a projectile hit a structure about 1,000 feet from Iran’s Bushehr nuclear power plant. IAEA’s Grossi called it “the reddest line of nuclear safety.”

On March 21, Iran missiles attacked two southern Israeli cities including Dimona, which is about 8 miles from Israel’s Shimon Peres Negev Nuclear Research Center. This Israeli research center contains a secretive nuclear reactor, plutonium reprocessing facilities, and laboratories -- and was where Israel first developed nuclear weapons in the 1960s.

During last week’s House committee hearing, Castro and DiNanno tangled over Israel’s nuclear weapons program, but I will deal with that below.

Iran’s March 21, ballistic missiles that struck Dimona, injured more than 20 people, but for the first time penetrated Israeli air defenses near what is Israel's main nuclear research facility. Iran said explicitly it was targeting the Negev nuclear research center in retaliation for U.S./Israeli attacks on Iran’s Natanz enrichment facility only a day earlier.

So ten days ago, Iran demonstrated its ability to reach Israel’s most sensitive nuclear-related sites, despite President Trump and Prime Minister Benjamin Netanyahu claiming earlier that Iran’s missile capabilities had been “destroyed.”

On the evening March 24, hours after the above-mentioned House hearing, Iran claimed a U.S. missile struck the premises of the Bushehr Nuclear Power Plant, but there was no damage to the nuclear reactor, no injuries to staff, and the plant continued to operate normally with radiation levels stable. That was the second such attack at Bushehr in just over a week.

A third attack in the vicinity of Bushehr took place last Friday when Israeli planes struck the Shahid Khondab Heavy Water Complex in Arak, a key plutonium production site for possible use in making nuclear weapons. Israel also hit a uranium processing facility in the Iranian city of Yazd, where they extract raw materials essential to the uranium enrichment process. Again, the reports were there were no radiation leaks.

Al Jazeera reported from Tehran that these recent strikes on two major Iranian nuclear-related facilities could prompt the Iran military to target Israeli nuclear sites in Dimona again, as it did on March 21. At the same time, IAEA Director General Grossi reiterated his call for “military restraint to avoid any risk of a nuclear accident."

At the March 24, House hearing, Rep. Castro asked Under Secretary of State for Arms Control DiNanno, “What is the [Trump] administration’s assessment of the risk of nuclear escalation or radiological disaster in this war and what steps is the United States taking to prevent it?”

DiNanno initially replied that “operational questions would rest with [U.S. Central Command’s Commander] Adm. [Charles] Cooper,” and that “all resources that the [State Department] Nonproliferation Bureau [has] would be made available and are available should they want it.”

DiNanno quickly added, “I’ve had conversations with my colleagues in the War Department specifically to this issue and operationally the War Department would address the type of things.”

Asked by Castro if he could share any information he had received, DiNanno replied, “Admiral Cooper would be the decision-maker on how that would be, any hypothetical situation would be, addressed.”

Castro then asked a series of questions about Israel’s nuclear weapons that put DiNanno in a difficult situation, but one that has a complicated history which I will explain below.

Castro said, “I don't believe that you've adequately addressed the nuclear risks here. So, let's take a step back and establish some basic facts. The [Trump] administration has said that Iran is, or was, close to developing nuclear weapons, but they haven't discussed what Israel's capacity or capabilities are. So, I want to ask you, does Israel have nuclear weapons?”

DiNanno answered, “I'm not prepared to comment on that.”

“You’re not prepared to comment on that,” Castro said, and then went on, “It’s a very basic question. We are with an ally, conducting a war against Iran. We all know what American capabilities are; the U.S. Government has spoken what Iran’s capabilities are. Can you tell us what Israel's capabilities are? The consequences, as you know, are grave. This war continues to escalate tell us something as Congress, as the oversight body what is Israel's nuclear capability in terms of weapons?

“I can't comment on that specific question,” DiNanno said, “I'd have to refer you to the Israelis on that.”

“Does that mean you don’t know?” Castro asked.

DiNanno responded, “I can’t comment on that sir.”

I have to point out that Under Secretary DiNanno was following an historic, classified Executive Branch directive which for decades has forced U.S. officials into what’s been called “implausible deniability,” when it comes to the question of Israel’s nuclear weapons arsenal.

Books have been written about how Israel secretly began a nuclear weapons development program in the late 1950s and with the help of some French and American manufacturers by 1967 had built a few nuclear bombs with radioactive material from a nuclear reactor near Dimona.

Aware of the Israeli activity, U.S. Presidents John Kennedy and Lyndon Johnson tried to halt the program but, according to Israeli-American historian Avner Cohen, in 1969 an unwritten agreement was apparently reached between President Richard Nixon and Israeli Prime Minister Golda Meir.

The agreement was that Israel would not confirm it had nuclear weapons nor test any; the U.S. would not push Israel to give them up nor join the Non-Proliferation Treaty. In addition, the U.S. Government adopted as policy that Israel’s possession of nuclear weapons remain a classified secret.

That official U.S. Government policy has continued since 1969, and as a result there is limited public discussion and press coverage of Israel’s nuclear weapons. The Stockholm International Peace Research Institute in 2025 estimated Israel possesses approximately 90 nuclear warheads, but others suggest numbers as high as 200 with nuclear warheads on ballistic and cruise missiles and well as nuclear bombs.

Nonetheless, there is coverage not just in the American press, but also in the Israeli press.

For example, back in June 2002, I wrote in The Washington Post a story that began, “Israel has acquired three diesel submarines that it is arming with newly designed cruise missiles capable of carrying nuclear warheads, according to former Pentagon and State Department officials, potentially giving Israel a triad of land-, sea- and air-based nuclear weapons for the first time.”

In 2016, the Times of Israel, using a standard attribution “according to foreign reports” as a way of not violating their country’s secrecy, described those same Israeli submarines as “capable of delivering a nuclear payload.”

One reason Iran’s hardliners want a nuclear weapon is because Israel, their nearby neighbor, has had them for decades.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Telling China's Story Well: The PRC's Strategic Narrative as an Instrument of National Power

Executive Summary

Since President Xi Jinping's 2013 directive to "tell the story of China well" (讲好中国古事), the People's Republic of China has developed a systematic thirteen-year strategy treating "discourse power" (话语权) as a core component of Comprehensive National Power (CNP). This approach has enabled measurable influence gains, demonstrating that narrative power is not supplementary propaganda but a strategic weapon comparable to hard power.

Introduction

‘Chinamaxxing’ is a 2026 viral trend where non-Chinese social media users are sharing videos of themselves “learning to be Chinese” by adopting Chinese lifestyle and wellness behaviors. This trend is a recent example of the PRC’s growing soft power and influence around the world. As the U.S.’ soft power declines, China is swiftly catching up, narrowing its gap to only 1.5 points according to BrandFinance’s 2026 Global Soft Power Index.

China’s influence has been growing due to a long-term, concerted effort to “tell the story of China well” (讲好中国古事), a phase which President Xi introduced in 2013, elevating strategic narrative to a core priority of Chinese statecraft. In 2021, he elaborated on this directive, instructing Party members to "work hard to cultivate a trustworthy, loveable, and respectable image of China" (努力塑造可信、可爱、可敬的中国形象) in order to “expand China’s circle of friends”.

Theoretical Foundation

China's strategic narrative derives from Sun Tzu's principle of subduing enemies through persuasion rather than force. Chinese strategic documents explicitly position discourse power alongside territory, population, and military capability as determinants of national strength. The "Yellow Book of International Politics" places discourse power in the outer ring of CNP factors, while Xi's 2021 elaboration called for cultivating a "trustworthy, loveable, respectable" (可信、可爱、可敬) Chinese image.

Unlike Western diplomacy that treats communications as supplementary to policy, China elevates soft power to strategic equivalence with hard power—a fundamental departure with significant implications for great power competition.

The Four Pillars Framework

The PRC organizes its strategic messaging around four thematic pillars:

The Party: Narratives like "Rural Revival" and "Peaceful Pluralism" (Xinjiang content) demonstrate CCP benevolence and governance capability.

The Dream: Stories of deliverymen-poets and young scientists portray China as a meritocracy where aspirations flourish.

The Culture: "Cosmopolitan Cool" (viral cyberpunk Chongqing content) and "Heritage Glam" position Chinese civilization as ascendant and globally relevant.

The Cooperation: Belt and Road Initiative infrastructure and peacekeeping narratives frame China as a responsible global power.

These pillars are substantiated by $962.1 billion channeled through BRI across 126 countries since 2013, with Southeast Asia ($237.7 billion) and Africa ($230.4 billion) as primary recipients.

Precision Propaganda Methodology

The PRC employs a sophisticated three-tier targeting system:

Classification segments countries by relationship type. Competitors like the United States receive passive, data-driven messaging. Partnership-open nations receive "soft stories" emphasizing cultural connection. BRI members receive proactive development and poverty alleviation content.

Stratification differentiates elite versus mass audiences. Political elites receive messaging emphasizing commonality. Academic elites receive logic-driven, research-based content. Mass audiences are subdivided by age—younger audiences via internet slang and new media; traditional audiences via conventional channels.

Grouping targets individual characteristics including gender, religion, age, and interests, with particular emphasis on cultivating internet influencers. Beijing has hosted American influencers on curated trips designed to generate organic positive content.

Measurable Impact

The strategy is delivering quantifiable results. The Lowy Institute Southeast Asia Influence Index shows China leading the United States across most ASEAN nations with an aggregate regional score of China 65 versus US 25—a 40-point advantage. China holds significant leads in Myanmar (+37), Laos (+34), Cambodia (+20), and Singapore (+22). The US leads only in the Philippines (+13) and Timor-Leste (+40).

The ISEAS State of Southeast Asia Survey 2025 reveals Southeast Asians choosing the United States over China dropped from 61.1% in 2023 to 49.5% in 2024—an 11.6 percentage point decline in one year. The BrandFinance 2026 Global Soft Power Index shows the US-China soft power gap narrowed to just 1.5 points.

Beyond influence metrics, the strategy has enabled direct interference operations. In April 2025, Philippine security officials revealed China's state-sponsored campaign to influence midterm elections through Chinese Embassy payments to local firms hiring "keyboard warriors."

Strategic Recommendations

Five imperatives emerge for US and allied policymakers:

1. Recognize the system: China's narrative architecture is coherent strategy requiring equally systematic responses.

2. Address counter-narrative gaps: The US lacks an equivalent positive narrative framework; American messaging remains reactive criticism rather than proactive aspiration.

3. Link economic and narrative strategy: BRI's $962 billion creates narrative infrastructure; debt relationships generate dependency translating into discourse power.

4. Develop precision capabilities: Allied nations require granularity in audience segmentation matching PRC's elite/mass stratification.

5. Treat ASEAN as bellwether: Southeast Asia demonstrates China is winning the influence competition; it offers both warning and laboratory for broader competition.

Conclusion

Xi Jinping's directive to "tell China's story well" has evolved into a comprehensive strategic narrative system that treats persuasion as power. Through the Four Pillars framework, precision propaganda methodology, and sustained investment across policy, pop culture, and personality channels, the PRC has achieved measurable influence gains in critical regions. The strategic implication is clear: in an era where discourse power contributes to comprehensive national power, nations that fail to proactively assert their own narratives will find themselves playing roles assigned by others. The contest for the future will be won not only by those with the strongest economies and militaries, but by those who tell the most compelling stories.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Chalk Mark Still Matters: Russian Espionage Handling in the Modern Era

KREMLIN FILES: A brush of a hand against a park bench with chalk; or, a piece of electrical tape left on a mailbox. Sometimes it’s a coded phrase buried in a routine email with an encrypted picture. This is what Russian intelligence tradecraft looks like: subtle, disciplined, and built on signals most people would never notice. With the campaign of Russian hybrid war taking place across the European continent, it is more important than ever for NATO’s intelligence services and the general public to be mindful of Russian espionage tradecraft. That same tradecraft is also shared – at least in part-- with some of our other adversaries, including Chinese intelligence, Iranian IRGC (Revolutionary Guard) or other elements, and even terrorist groups. There has never been a better time for Americans to exercise vigilance regarding our adversaries and their intelligence services.

For the Russian intelligence services (RIS), over a century of experience-- from the Cheka to the KGB and today’s SVR and GRU-- has helped refine the art of handling agents in what they consider hostile foreign environments. While technology advances, the fundamental principles remain largely unchanged: compartmentalization, deniability, patience, and psychological control. The early Bolshevik revolutionaries had to understand spy tradecraft because they were leading a major conspiracy against the Tsar. They were enemies of the state, traveling under false passports and following what they called the “rules of conspiracy” to carry out their revolution.

Some aspects of Russian agent handling have evolved, but others remain the same. In my upcoming book on Russian intelligence tradecraft (out with Naval Institute Press, April 2026), I have a chapter devoted to Russian “street tradecraft” or how they handle their recruited agents. CIA calls this practice “sticks and bricks.” The RIS train on this heavily at their intelligence academies, including surveillance/countersurveillance techniques, agent signaling and handling, and the use of operational technology in agent communications. These tactics have evolved as well over the years to include satellite- and computer/encrypted-based “covert communications,” or what the Russians commonly call “spets-svyaz.”

Studying these techniques and their patterns is more important than ever with Russia unleashing a wave of covert action and sabotage operations against NATO and the West. Invariably, among those operations, there will be handling of espionage penetrations of NATO countries and their governments. And when they have highly placed agents, or even those placed in the media, companies, or NGO’s, the SVR, GRU, and FSB will use the following types of tradecraft to handle them.

Russian Agent Signaling and Handling Practices

Signaling is fundamental to any agent-handling operation (recall that the Russians, like U.S. services, do not refer to their officers as agents—the term agent is reserved for the asset, or foreign spy, being handled). Before any message is exchanged, agents and handlers must confirm that it is safe to communicate and then signal that the material exchange has been successful. Russians use what we often like to call “urban geography,” meaning telephone poles, mailboxes, park benches, or signs. Things that won’t typically move but are part of our everyday life and can be easily described to an agent, while still being distinct.

For example, the KGB used telephone and utility poles to mark signals and packages for the recruited cryptographic spy John Walker in the 1980s, while he was betraying the U.S. Navy in the case that became known as the “Walker Family of Spies.” The utility poles had the advantage, as the KGB noted, of each bearing a specific metal plate or identifier, which Walker could verify before dropping his reels of photographed documents, often concealed among various pieces of garbage (such as photographic reels placed in empty soda cans).

Dead drops, or what our British colleagues call “dead letter boxes,” are equally fundamental to Russian agent handling. They call them “tainiki,” meaning “concealed” or “secret place.” The Russians will use sealed and concealed containers — magnets under bridges, hollowed-out stones, or waterproof capsules (sometimes just double-wrapped trash bags) set in quiet locations or buried shallow in parks. These dead drops allow material to be exchanged without face-to-face contact. The method minimizes exposure: no meeting, no surveillance photographs, no conversations to intercept, and no risk of the FBI, British BSIS, or other foreign counterintelligence services following the agent or the Russian intelligence officer (RIO) to the meeting, thereby compromising the op.

And then there are communications protocols. Historically, this meant one-time pads and burst radio transmissions used by Russian agents throughout the Cold War. All of the Russian illegals who were arrested in the “Ghost Stories” case publicized in 2010 were trained and utilized to some extent or another in these systems. They involve encrypted messaging apps, laptops wired for covert exchanges, steganography in digital images, or covert Wi-Fi exfiltration from public spaces.

With all these practices, the same rules endure from the early days of the Bolshevik Chekists: assume compromise is inevitable, and design for resilience and redundancy in agent communications.

Surveillance Operations Abroad

Abroad, the SVR and GRU use surveillance more selectively than at home. Russia is indeed a modern surveillance state, but abroad, the RIS are the hunted and watched. The FSB operates less abroad than its foreign intelligence service and military counterparts, but it has made more forays into foreign work than ever, particularly in special operations and so-called “wet work.” The goal with surveillance, for all three services, is to monitor adversarial services (i.e., all diplomats from NATO and other countries that Russia considers adversaries—a list that is growing), protect their own officers, and, sometimes, use it to find kompromat—compromising material to intimidate potential recruits via extortion.

The SVR and GRU each have dedicated surveillance teams that can deploy abroad under the guise of illegal or other official or non-official covers. But more often than not, they employ their own IO (intelligence officer/staff officers) from Residencies already abroad in order to conduct “pick-up” teams to surveil targets of interest. This is not a best practice, but one they are forced into by the PNGs (declaration persona non grata), or expulsions, of hundreds of their intelligence officers from NATO and other countries in recent years. The RIS no longer have the staffing they once did under official cover at embassies abroad.

Naruzhka, as the Russians term the surveillance art, is never just about “following.” It supports countersurveillance, ensuring GRU and SVR officers are not under adversarial monitoring before a meeting or dead drop. Also, for the various acts of operational security with meetings, Russians use surveillance detection routes, which they call “marshrut proverki” or MP’s. When they have the resources to do so, just as in Russia, the SVR, GRU, and sometimes even the FSB map the routines of foreign officials or business leaders. Their goal is to determine whether those targets are viable recruits or potential targets for other operations, like their “direct action” and assassination attempts abroad.

Lessons Learned and Forgotten, From the Cold War

Good counterintelligence isn’t about chasing cinematic spy stories, but about recognizing patterns: subtle signaling behaviors or unusual compartmentation requests. These can be seemingly low-value contacts that, over time, map a network. U.S. and allied services have disrupted sophisticated networks run by the RIS over the years, many times over. Still, the operating environment has unfortunately only become more permissive for spying as methods using technical resources expand.

Global mobility, digital platforms, academic openness, and venture capital ecosystems create frictionless access points that hostile services exploit patiently and methodically. That means counterintelligence tradecraft must be just as disciplined. Allied services need to employ pattern analysis, cross-domain collaboration, and data integration. Defensive briefings need to be practical, not paranoid or meant to intimidate employees. Early anomaly detection inside sensitive programs is important. And above all, we need to exercise our collective institutional memory: understanding that these methods are not new, only repackaged.

Companies, universities, research centers, and startups sit on the front lines, whether they realize it or not. Talent recruitment, joint research proposals, conference networking, investment offers, and data partnerships can all be legitimate, or occasionally something else. The RIS and their Chinese allies understand that long-term access is preferable to short-term theft. They cultivate relationships, not just sources, and they play on ego, especially with academics, diplomats, and businesspeople. The Chinese recruitment of former CIA officer Kevin Mallory is a case in point—recruited and contacted by the Chinese through a job-hunting social media platform.

We are targets — both in the United States and with all of our European allies. We are so, not because of paranoia, but because of capability and innovation that are the envy of Russia. That and our democracy, which Putin fears. He can’t afford for the Russian people to have the benefit of democracy and the freedoms we enjoy. If he allowed it, his reign could not have lasted as long as the longest of the Tsars.

The Russians still use the term “GP” (glavnii protivnik) to refer to the U.S. as the main adversary. Ask any RIO, and they will quickly state that the UK, Germany, and all our NATO allies rank 2,3,4 etc. We need to be aware, actively collaborate, and remain constantly vigilant. The brush of a hand against a bench. A benign LinkedIn message. A visiting scholar with a narrowly defined question set. Tradecraft hasn’t disappeared, but has adapted. Vigilance, transparency, and informed skepticism aren’t overreactions. They are the modern equivalent of checking the lampposts and utility poles for chalk marks.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Blockade by Permission: How Iran Determines Who Gets Through Hormuz

For roughly two weeks, the Karachi, a Pakistani-flagged Aframax tanker loaded with crude at Das Island in Abu Dhabi, sat waiting for a signal that never came through official channels. When it finally moved, it did not take the standard shipping lane.

It hugged the Iranian coast, threading through the narrow gap between the islands of Larak and Qeshm, a route mariners are normally advised against, before tracking out into the Gulf of Oman. The tanker’s AIS transponder was broadcasting throughout, as if Tehran wanted the world to watch. The message was unmistakable: Iran was not simply closing the Strait of Hormuz. It was deciding, vessel by vessel, who had earned the right to pass.

Since Operation Epic Fury began on February 28, just 21 tankers have transited the strait, according to S&P Global Market Intelligence, compared with more than 100 ships daily before the conflict. The strait typically handles 21 million barrels of oil per day during normal operations, according to the IEA’s March 2026 assessment.

By this month, global oil supply had fallen by approximately 8 million barrels per day — a reduction the IEA has characterized as the largest oil supply disruption in history. Brent crude surged above $119 a barrel on March 19, the morning after Iran struck Qatar’s Ras Laffan gas field, before settling back above $105 at week’s end, more than 40 percent higher than before the war began.

What is emerging from the wreckage of normal transit is something more strategically dangerous than a closed strait: a permission economy, run entirely out of Tehran.

On March 5, the IRGC announced that Iran would keep the strait closed only to ships from the United States, Israel, and their Western allies. The declaration formalized what ship-tracking data had already begun to reveal. Yet, a growing number of ships have been rerouting via Iran’s territorial waters, suggesting Tehran is allowing permission-based transits to friendly nations, Iran’s Foreign Minister Abbas Araghchi confirmed the architecture in plain terms, saying the strait was “open, but closed to our enemies” — a formulation he repeated across multiple statements that week as Iran’s selective passage policy hardened into a deliberate framework.

According to a United States intelligence source, speaking to The Cipher Brief on background, the process is more transactional than diplomatic: a vessel requests permission directly from the IRGC, and if clearance is granted, it passes missile and drone-free. Those permissions, the source said, come at a price: vessels must pay a fee for the privilege of passage.

The beneficiaries have been carefully chosen.

Iran’s ambassador to India, Mohammad Fathali, confirmed that Tehran had allowed some Indian vessels to pass. Two Indian-flagged tankers carrying liquefied petroleum gas bound for ports in western India crossed early one morning, according to Rajesh Kumar Sinha, special secretary at India’s Ministry of Ports, Shipping and Waterways.

A Turkish-owned ship was also allowed to transit after Ankara received permission from Tehran; earlier, the Panama-flagged but Turkish-owned LPG tanker Bogazici had broadcast via AIS that it was a Muslim vessel under Turkish operation before successfully crossing.

Moreover, Pakistan’s passage was confirmed through a combination of Iranian clearance and direct naval coordination. A military source told Reuters that Pakistani naval officials had been in contact with Iranian counterparts. “No escort was needed, being Pakistani vessels,” the source said. The Pakistan Navy nonetheless provided maritime security to the vessel throughout its journey, according to Pakistan’s Express Tribune.

Jim Krane, energy research fellow at Rice University’s Baker Institute, tells The Cipher Brief that Iran is taking a page directly out of the Houthis’ playbook.

“They’re using Hormuz restrictions as a form of targeted economic sanctions on countries and firms with links to the U.S. and Israel,” he says. The Houthis did the same thing in the Bab al-Mandeb and the Red Sea. ‘Friendly’ cargoes were allowed to proceed, and those with connections to Israel, the United States, and Europe were denied passage.”

The logic is deliberate. Turkey is a NATO member but has maintained independent ties to Tehran. India has not joined any coalition against Iran and continues to import significant volumes of Iranian crude. China, which receives around 45 percent of its oil imports via the strait, was the first country Iran signaled it would favor, with reports emerging on March 4 that Tehran would initially allow only Chinese vessels to pass, citing Beijing’s supportive stance since the conflict began.

The architecture of the selective passage

The vessels that have made it through have not had an easy transit. Even routes shadowing the Iranian coast carry risk. On March 12, a China-owned container vessel called Source Blessing, operating under the Hapag-Lloyd and Maersk Gemini Alliance and broadcasting “China Owner” via AIS, was struck by falling debris while sailing toward Jebel Ali in the United Arab Emirates — not in the strait itself, but close enough to unsettle Chinese shipowners who have since largely avoided the route, according to Lloyd’s List Intelligence.

The attacks have followed no discernible pattern, making planning nearly impossible because operators cannot determine the rationale for targeting one ship rather than another. On March 11, a Thai-flagged bulk carrier, the Mayuree Naree, was struck by two projectiles while transiting the strait, setting fire to the engine room and forcing 20 of its 23 crew to abandon ship. Three crew members remained missing and believed trapped below. By March 6, the IMO Secretary-General confirmed at least six seafarers had lost their lives in attacks on vessels since the war began.

GPS and AIS interference has intensified sharply, affecting more than 1,650 vessels as of March 7 and concentrating spoofed positions near Fujairah and the Gulf of Oman, according to Windward. Some captains have gone dark deliberately — India’s maritime fusion center noted a rise in vessels conducting “dark transits” with AIS disabled to obscure their positions.

Roughly 400 vessels were spotted in the Gulf of Oman, a massive backlog waiting near the chokepoint, according to satellite intelligence from mid-March. About 22 vessels carrying crude, LPG, and liquefied natural gas remained anchored in the strait itself, awaiting confirmation of safe passage.

Skip York, a nonresident fellow at Rice University’s Baker Institute for Public Policy, tells The Cipher Brief that Iran’s closure is ultimately a one-time card.

“It works in the short-term because there are no easy bypass options for all Gulf exports, especially LNG,” he says, but stresses that it accelerates the very supply diversification it seeks to prevent and “runs the risk that shipments out of the Gulf can be seen as unreliable — thus encouraging diversification to oil and gas supplies from other regions.”

Krane is blunter about the path back to open transit.

“Hard to see the U.S. and Israelis bombing their way to an open strait,” he underscores. “Either we invade Iran with ground troops, or we call off the war.”

A fracturing coalition response

The military pressure campaign escalated sharply on March 19, when Joint Chiefs Chairman Gen. Dan Caine announced at a Pentagon press briefing that A-10 Warthog aircraft had entered the fight. “The A-10 Warthog is now in the fight across the southern flank and is hunting and killing fast-attack watercraft in the Straits of Hormuz,” Caine said, adding that AH-64 Apache helicopters from both American forces and regional allies had joined to handle Iranian one-way attack drones.

United States Central Command subsequently published footage of American strikes destroying Iranian naval assets threatening international shipping in and near the strait. Iran, despite the sustained pressure, retains significant asymmetric capabilities — mobile missile launchers, drones, and small boats that can be rapidly deployed from hidden coastal bases.

The coalition picture, meanwhile, remained fractured. At an EU summit in Brussels on March 19, European leaders doubled down on their refusal to join the American and Israeli military campaigns. EU foreign policy chief Kaja Kallas had made clear days earlier that there was “no appetite” among member states to expand the Aspides naval mission from the Red Sea to the Strait of Hormuz, and the summit produced no change in that position.

Germany’s Chancellor Friedrich Merz drew a clear line at the Brussels summit, saying his country would engage only after hostilities ceased.

“We can and will commit ourselves only when the weapons fall silent,” Merz said of potential German military support to secure shipping lanes in the Strait of Hormuz. “We can then do a great deal, up to opening sea lanes and keeping them clear, but we’re not doing it during ongoing combat operations.”

France, Germany, Italy, the Netherlands, the United Kingdom, and Japan issued a joint statement calling on Iran to “cease immediately” its drone and missile attacks and its other attempts to block the strait and expressing readiness to “contribute to appropriate efforts” to ensure safe passage — but stopping well short of deploying combat assets. NATO Secretary General Mark Rutte, meanwhile, acknowledged the urgency without offering specifics.

“Everybody agrees this strait cannot stay closed. It has to open up again as soon as possible. This is crucial for the world’s economy,” Rutte said. “I am confident that allies, as always, will do everything in support of our shared interests. So we will find a way forward.”

York’s near-term menu is narrow. Military pressure is one option, but he sees mediators as the more realistic path. Before Iran struck Ras Laffan on March 18, Qatar’s foreign ministry had said communications with different parties were ongoing — though Doha drew a hard line: no formal talks until Iran stopped attacking its neighbors.

Nothing like the broad convoy operations of the 1980s Tanker Wars — something tighter, more selective, and politically viable given how few allies have been willing to show up.

Read one way, Tehran’s approvals are nothing more than pure coercion. Read another, they are the unwritten beginnings of a framework, terms that exist in practice before anyone has put them on paper.

“This is in many ways positive news, as it indicates that Iran recognizes the need to allow shipping through and that it is open to such negotiations,” Christian Bueger, a maritime security scholar at the University of Copenhagen and the United Nations Institute for Disarmament Research, tells The Cipher Brief, adding that it could “potentially open up possibilities for a more structured and effective approach, initially only for a number of states.”

Moving from passage-by-passage to a rules-based system, he argues, would require “a sort of clearinghouse and coordination mechanism that also involves the shipping industry.”

The yuan gambit and what comes next

Reports have emerged that Iranian authorities floated the idea of allowing limited tanker traffic on the condition that oil transactions be conducted in Chinese yuan. Analysts are split on how much it matters. York’s view is that the dollar’s grip on global energy markets is structural, not symbolic.

“Chinese bond markets are relatively closed, yuan convertibility is restricted, and hedging instruments are thin compared to dollar markets,” he points out.

Krane, however, is similarly skeptical, observing that Iran already settles oil exports in yuan and that it is “not a major share of the market.”

Bueger frames it differently — as deliberate provocation rather than viable policy, “an attempt to undermine U.S. dollar centrality” that Iran will ultimately struggle to enforce.

The math is brutal. More than 75 percent of global spare production capacity is in Middle Eastern countries that ship through the strait, blunting whatever relief emergency reserves can offer. The IEA’s release of 400 million barrels, the largest in its history, covers roughly 20 days of normal Hormuz flows at best.

Under new Supreme Leader Mojtaba Khamenei, the strait continues to serve as Iran’s primary lever. As recently as March 20, he issued a written statement declaring that the “security” of Iran’s enemies “must be taken away” — a formulation that left the definition of enemy, as always, entirely to Tehran. The permission-economy Iran is now running is not a crisis to be managed in the short term, so much as a new geopolitical architecture being stress-tested in real time.

“The war with Iran is so unpopular globally that the sanctions strategy might work, because it allows opponents of the war to signal their displeasure with the U.S. and Israel,” Krane adds. “The countries that get rewarded are the ones willing to make small concessions to Iran — and in return, they gain access to important cargoes via the strait.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump’s Cyber Strategy Is a Strong Playbook, but It’s All in the Execution

OPINION — The White House is making a significant effort toward putting the nation’s cyber house in order. A newly released National Cyber Strategy represents a big step in the right direction for U.S. national security policy — advocating for the aggressive defense of our national infrastructure.

While the strategy includes important goals for the administration — streamlining regulation, developing the cyber workforce, defending federal networks, and partnering with the private sector — how the administration proceeds will determine whether it achieves the goals the strategy outlines. Across the strategy’s six pillars, the administration needs to clarify its arguments, refine its implementation plans, and improve its articulation of the challenge we face.

Defending U.S. national interests in cyberspace requires understanding the threat to our national security. Despite the prioritizing efforts to shape adversary behavior in the first of the strategy’s six pillars, it falls short of identifying America’s most aggressive adversaries — Russia and China. Both countries have repeatedly targeted American critical infrastructure without a meaningful response from the United States. It fails to mention China’s operational preparation of the battlefield on U.S. soil through its Volt Typhoon campaign against national critical infrastructure or Russia’s targeting of networking devices. Shaping adversary behavior in cyberspace requires identifying who the adversary is.

Pillar One provides a strong, effective argument for developing the offensive cyber capabilities and operations which are critical to enable success in today’s warfare. This White House showed its willingness to use these cyber capabilities in both Venezuela and Iran. There is an ongoing debate as to whether private companies should be allowed more agency to “hack back” against attackers, and the administration is reportedly considering an expanded role for the private sector. While the government should work with the private sector to develop these offensive capabilities, this should be limited to tool building and network defense rather than the actual conduct of offensive operations. If private companies conduct offensive cyber operations, the government risks losing control over escalation in conflict.

Pillar Two prioritizes streamlined regulations. Data and cybersecurity regulations help ensure companies have safe and secure practices. The proliferation of cyberattacks, however, has caused an explosion of cyber-related regulations. The federal government should work with the private sector to ensure that these regulations are comprehensive without being an unnecessary burden on the private sector.

Pillar Three focuses on the important goal of securing federal networks and modernizing procurement. The strategy wisely mentions post-quantum cryptography, zero-trust architecture, and cloud transition. To account for this emerging technology, the government must refine procurement processes to enable continuous improvement of federal networks.

Pillar Four calls for building strong private-public collaboration to defend critical infrastructure. This is a noble goal, but most of former Secretary of Homeland Security Kristi Noem’s work over the past year contradicted this goal. She eviscerated the cyber defense agency’s workforce — reducing it by nearly 40 percent — and disrupted cybersecurity grant programs, weakening the agency’s efforts to support state and local governments and public utilities. She cancelled the Critical Infrastructure Partnership Advisory Council, effectively gutting the federal government’s authority to engage private companies collectively to advance cyber defense.

The Trump administration can reverse this disastrous trend and get the United States on the right track to cyber defense of critical infrastructure. Noem’s replacement should start by rejuvenating and resourcing the Cybersecurity and Infrastructure Security Agency (CISA).

Pillar Five prioritizes American superiority in critical and emerging technologies — a necessary priority for ensuring U.S. success in cyberspace. Executing this strategy requires investment in the research centers that are the driving force for consistent improvement and development of critical and emerging technologies.

A key element of the new cyber strategy is in Pillar Six — its continued commitment to building America’s capability to develop talent in cyberspace. Without a strong cyber workforce in the government, the military, and the private sector, the nation is at risk of falling behind. The administration can validate this pillar with continued support to programs like the CyberCorps: Scholarship for Service which provides scholarships for cyber-related degrees in exchange for government service after graduation.

Because of the administration’s workforce cuts and hiring freezes, the program has faced challenges in the past year with maintaining funding and placing participants. The administration should support and expand funding for the program and prioritize hiring for participants. President Donald Trump should also establish a new military service for cyber, a U.S. Cyber Force, which would create a better mechanism for generating a military cyber workforce sufficient in size and skill to fulfill America’s strategic goals.

Trump would be wise to put the plan into action through additional executive orders (EOs) to implement the stated goals — presidentially signed orders task the federal agencies with discrete deliverables while White House strategic documents lack enforcing power. These EOs should prioritize support for CISA, cyber workforce development, and an organizational construct for taking aggressive action against U.S. adversaries. Taking the “ends” of the strategy and equipping them with “ways” and “means” via EOs will enable continued American superiority in cyberspace.

The six “Pillars of Action” in the new strategy have the potential to guide the United States toward success in cyberspace. That success will depend on whether the administration takes the necessary action to back up the sound rhetoric.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why the ‘Day After’ Is The Most Important Day in the Iranian Conflict

OPINION — The countries that get held up as models for this kind of US led attack are worth looking at closely, because they’re instructive in the wrong direction.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

From Kyiv’s Skies to the Persian Gulf: How Ukraine’s Drone Technology Is Reshaping Global Defense

As Iranian-designed Shahed drones struck critical infrastructure across the Persian Gulf in early March, military planners in Washington confronted an uncomfortable reality. The weapons that have terrorized Ukrainian cities for four years were now exposing gaps in some of the world’s most advanced air defense networks. Gulf states burned through expensive Patriot interceptors at alarming rates, with each four-million-dollar missile destroying drones costing a fraction of that amount. The solution might come from an unlikely source: Ukrainian defense technology companies offering combat-proven systems forged in modern warfare.

The Brave1 Ukrainian Defense Tech USA Roadshow brought 17 companies to Washington recently, showcasing how rapidly the geopolitical landscape has shifted. These aren’t theoretical capabilities. They’re systems that have faced hundreds of Russian drones nightly for years, refined through trial and error on an active battlefield.

“You have the opportunity to talk with promising companies that are looking for joint partnerships in the US and looking for investors,” Iryna Zabolotna, Chief Operating Officer of Brave1, tells The Cipher Brief at a packed press conference at the Ukrainian Embassy.

Behind her, executives from companies like General Cherry, Unwave, SkyFall, and The Fourth Law represent an ecosystem that has scaled from near-nonexistence to producing millions of drones annually. The question now is whether that expertise can translate beyond Ukraine’s borders.

The numbers tell a stark story. According to Gulf defense ministries, more than 1,000 Iranian drones were detected over the United Arab Emirates alone in the first days of March, with similar waves hitting Qatar, Bahrain, Kuwait, and Saudi Arabia. Traditional air defense systems weren’t designed for saturation attacks. Each Patriot PAC-3 interceptor costs roughly $4 million. The Shahed drones they’re destroying cost between $30,000 and $100,000. Ukrainian companies offer different economics. Sergiy Orlov, Director of International Cooperation at General Cherry, explains that his company produces between 60,000 and 70,000 drones monthly, including 10,000 drone interceptors.

“This is an extremely efficient solution which allows us to defend our civilians, our cities, our country and defend on the front line,” Orlov tells The Cipher Brief. “And it’s extremely cost-effective. We are talking about a solution with a cost of four or five thousand US dollars per intercept.”

The interceptor drones work differently from traditional systems. Operated by pilots using first-person-view goggles, they physically pursue and destroy incoming threats by colliding with them. It’s an approach Ukraine developed when advanced Western systems arrived too slowly.

“If you think of electronic warfare solutions, there are jamming systems, there are amplifiers, and a lot of other things that originally were bought in China,” Yurii Shelmuk, CEO of Unwave, tells The Cipher Brief. “Right now it’s fully, 100 percent, local production in Ukraine.”

Beyond Hardware: The Knowledge Gap

The technology represents only part of what Ukraine offers. The real value is operational knowledge from years of desperate innovation.

“It would normally take years and months to prepare the armed forces of any country around the world to at least get like one-third of the knowledge our Ukrainian armed forces and companies have,” explains Ambassador Olga Stefanishyna. “And by the time they will complete their training, they will have to start over, because things are really changing very, very rapidly.”

This expertise gap became apparent when Russian drones based on Iranian designs struck Poland in September, breaching NATO airspace despite advanced fighter jets and Patriot systems. Poland discovered what Ukraine already knew: responding to mass drone attacks requires more than sophisticated equipment.

Yaroslav Azhniuk, CEO of The Fourth Law, which develops AI-powered autonomy for drones, frames it differently.

“Systems that work not in the cloud, not ChatGPT-like, but systems that work on board on the edge of the drones, I would argue that Ukraine has some of the world’s most advanced systems of that kind,” Azhniuk says.

Before the war, he spent six years in Silicon Valley building Petcube. Now he applies that expertise to weapons.

“That is extremely unique and impossible to replicate anywhere else in the world but in Ukraine, because the current strategic advantage that Ukraine has on the global stage is that it has been in a war with Russia for 12 years,” Azhniuk underscores.

The software represents a less visible but potentially more significant innovation. These systems absorb battlefield experience in ways that can’t be replicated in peacetime training. They’ve adapted to Russian electronic warfare and evolved countermeasures to operate in the most contested electromagnetic spectrum on Earth.

The Supply Chain Dilemma

Beneath the successes lies a challenge: dependence on Chinese components. When Ukraine’s drone industry exploded in 2023, most components came from China. As the sector matured, manufacturers worked to localize production. Azhniuk notes that many drones now use 80-90% Ukrainian-made first-level components.

But second-level components, components used to make components, remain problematic. Thermal camera sensors and battery cells still flow from Chinese manufacturers. This creates both a strategic vulnerability and an intelligence leak.

“When we are localizing or not localizing component production, we are also sharing or not sharing the know-how that is specific to how our warfighters use these drones,” Azhniuk explains.

The scale of demand makes complete independence difficult. Ukraine plans to produce more than seven million drones in 2026. A quadcopter requires four motors, meaning the industry needs 28 million motors annually — roughly 77,000 per day. Azhniuk’s company is now considering building a semiconductor fabrication plant in the United States to manufacture thermal camera sensors.

“We received significant interest from parties in the United States,” he points out. “It’s crucial for the defense of the free world to build this internal capability for the whole supply chain.”

The Political Calculation

The roadshow arrives amid delicate negotiations. President Trump previously announced a drone deal with Ukraine, but months passed without visible progress. Ambassador Stefanishyna acknowledges the arrangement hasn’t produced a formal memorandum but insists a real partnership has developed. Ukrainian companies have been selected for Army-led drone innovation programs, and delegations have conducted exchanges with the Pentagon.

The Iranian attacks changed the conversation. President Zelenskyy confirmed that Ukraine will deploy equipment and experts to Jordan at the American request, though operational details remain classified. This highlights Ukraine’s leverage: it possesses both the technology and trained personnel to operate these systems in combat.

This creates opportunity. Ukraine desperately needs PAC-3 missiles for Patriot systems to defend against Russian ballistic missiles — the one threat its interceptor drones cannot address. Gulf states need interceptor drones to preserve their Patriot stocks. Zelenskyy has publicly floated exchanges.

“For the future, of course, we will consider the ways we could engage on a basis that would really not undermine our own efforts but also will enable the companies,” Stefanishyna observes. “Because you see here the representatives of the companies, these are private entities. These are not state-owned companies, so we’re just happy to share the platform with them.”

The private sector nature of these companies complicates matters. Ukraine banned weapons exports after Russia’s invasion in 2022. Any sales to foreign governments require explicit authorization and are likely to involve complex arrangements between military channels rather than direct commercial transactions.

Scaling Global Ambitions

Beyond immediate Middle East needs, Ukrainian companies harbor larger ambitions. Artem Moroz, Head of Investor Relations at Brave1, describes the roadshow as part of building Ukraine’s “Defense Tech Valley”— an ecosystem modeled on Silicon Valley. The Brave1 investment community now includes more than 400 investors, with nearly 200 million dollars invested.

The roadshow spans multiple American cities through mid-March, with demo days in Washington, New York, Austin, and San Francisco. Events have drawn interest from defense contractors, venture capital firms, technology companies, and congressional representatives. Ukraine is also establishing joint grant programs with Norway, France, and other NATO countries.

“You have Silicon Valley. We would like to have a Defense Tech Valley in Ukraine,” Zabolotna says.

It’s an audacious vision for a country still fighting for survival, yet grounded in demonstrated capability. Ukrainian companies have moved from concept to mass production in months. They’ve iterated designs through actual combat rather than theoretical exercises.

“We were under pressure. We were under threat,” Zabolotna continues. “And definitely, the Ukrainian ecosystem would like to create solutions that can protect us. The main idea is that many Ukrainian companies that are now in defense — previously, before the full-scale invasion — worked more like private entities, such as civil or dual-use, and nobody was eager to create a defense ecosystem in Ukraine. I think it’s pressure and our brave hearts that Ukrainians would like to protect our land and our citizens, whatever we should do.”

In essence, the wartime pressure transformed Ukraine’s civilian tech sector into a defense innovation powerhouse driven by existential necessity and national survival.

The Replication Challenge

Whether Ukraine’s model can be replicated or exported at scale remains uncertain. The companies acknowledge that hardware represents only part of the solution. Training pilots takes at least weeks. SkyFall, one of Ukraine’s largest UAV manufacturers with drones deployed in more than two million missions, runs its own academy. The company has developed the capability to remotely pilot drones, potentially allowing operations in the Gulf to be controlled from Ukraine.

The tactical knowledge poses an even greater challenge. Russian forces continuously adapt their Shahed deployment strategies, recently implementing swarm tactics with “mothership” drones managing dozens of smaller units. Only Ukrainian military units that have experienced these evolving tactics understand how to counter them. Orlov emphasizes that effective deployment requires “mutual cooperation between us as a private company and, for sure, the state which can supply this knowledge.”

The competitive landscape is also evolving. Other countries have begun developing low-cost interceptor programs. The Pentagon has established squadrons using drones reverse-engineered from captured Iranian Shaheds. But Ukraine maintains an advantage: its systems are already in mass production and combat-proven.

As the Washington roadshow continues, Ukrainian companies face questions about whether they can scale production to serve both domestic military needs and export markets. Orlov suggests his company could double its monthly production of 10,000 interceptors within weeks. But broader supply chain constraints make rapid global expansion challenging.

The Middle East crisis has created an unexpected opportunity for Ukraine to translate battlefield necessity into geopolitical leverage. Whether that translates into sustainable partnerships will depend on political will, export controls, and the evolving dynamics of conflicts in both Eastern Europe and the Middle East.

For now, the message from the Ukrainian delegation is straightforward: they’ve solved problems others are just beginning to understand.

“You’ll actually be surprised how many countries woke up already,” Shelmuk stresses, “and you’ll be even more surprised how many expressed interest.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why Hasn’t Iran Buckled Under U.S.-Israeli Pressure?

EXPERT Q&A -- There are more questions than answers around the reported delivery of a U.S. 15-point plan presented to Iranian officials via a Pakistani interlocutor, with the intention to end the war, including whether the plan has been outright rejected by Iran.

It’s not clear for example, whether Israel is onboard with the proposal, as airstrikes continue, and it is unclear how open Iran would be to any kind of deal after weeks of bombings and days of conflicting messages about whether negotiations are really underway.

Despite U.S. and Israeli air superiority and a significant degradation of Iran’s missile capabilities, Iran still has a number of ways that it is fighting back.

The Cipher Brief spoke with former senior CIA Executive Dave Pitts, who is the co-founder of The Cipher Brief’s Gray Zone Group, about what Iran’s surprising resilience in the face of the U.S. – Israeli led attacks, tells us about what we should expect next.

Pitts: Iran’s staying power and effective asymmetric response despite sustained U.S. and Israeli strikes has surprised analysts and frustrated Western and regional officials. By conventional metrics, Tehran should have crumbled or sued for peace under the sustained pressure of two of the world’s strongest militaries dominating its skies. Instead, decades of gray zone operations - gray warfare - prepared Iran for this moment.

The gray zone is the geopolitical space between peace and war, where nations take action to advance their own national interests, attack and undermine their adversaries, and set the conditions for a future war without triggering an armed response. In other words, operations below the threshold of war calculated to gain a strategic advantage and to limit deterrence and discourage a persuasive response.

Gray warfare and asymmetric warfare function as counterparts along the spectrum of conflict - one below the threshold, the other above. The same tools allowed Iran to transition rapidly from the gray zone to asymmetric warfare against superior conventional forces. How asymmetric warfare exposes the limitations of traditional military power is a topic for separate discussion.

Iran’s preparation was extensive: building surrogate armies, stockpiling concealable stand-off munitions, honing capabilities to disrupt maritime shipping, expanding the IRGC’s ability to coerce and intimidate its neighbors, conducting influence operations against Israel and the U.S., and forging transactional ties with Russia and China. These efforts produced forces and capabilities with depth, dispersion, and autonomy, shrouded in ambiguity and propagandized as undefeatable.

Today, rather than surrender or collapse, Iran is waging a deliberate asymmetric campaign relying on drones and missiles, that has destabilized the region, forced evacuations, closed airspace, and injected volatility into global energy markets. Its objective is not a military victory but cognitive and political effect: to stoke fears of a broader regional war, erode public and political will, and influence decisions that will force an end to the war on terms favorable to Tehran.

Iran’s response is not a new military development. It is the predictable outcome of years spent waging gray warfare against the West. Washington and its allies should see this as the culmination of long-term gray zone strategy, not an aberration, to avoid strategic surprise with other adversaries.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Romania Pays the Cyber Price for Backing Ukraine. Where is the EU?

OPINION – When ransomware groups hit Romania’s national water agency, its largest coal-fired power producer and oil pipeline operator all in recent months, it would have been easy to file each incident under “criminal nuisance” and move on. But the ransomware gangs targeting the national critical infrastructure, including groups like Qilin and Gentlemen, are not merely profit-driven criminals operating in a vacuum. They are key vectors of Russian hybrid warfare in Europe.

In a recent interview with Recorded Media, Romania’s top cybersecurity official Dan Cimpean highlights that these frequent cyber-attacks are not merely operations performed by non-state actors looking for extracting financial benefits. These attacks, Cimpean argues, are systematic and geopolitically timed, often coinciding with Romanian political decisions tied to support for Ukraine. As observed in the Kremlin-sponsored interference campaign targeting Romania’s presidential elections in 2024, Russia is “trying to destabilize our social, political, and economic life”.

Romania, which has NATO’s largest land border with Ukraine, is not an outlier. Polish energy infrastructure was recently hit by Moscow-linked actors. Moldovan parliamentary elections in 2025 were accompanied by cyber and disinformation operations amplified by artificial intelligence. Dutch intelligence has warned that Russian cyberattacks, sabotage, and cover influence campaigns across Europe are intensifying. The pattern is clear and so is the trajectory: fearing military loss in Ukraine, Russia attempts to destabilize Kyiv’s most supportive European partners. What is less clear is why the European Union is not acting for increasing the costs for these cyberattacks, especially since EU leaders like Emmanuel Macron and Friedrich Merz claimed earlier at the Munich Security Conference that they must take action for becoming geopolitically robust given U.S.’s ambiguity towards European engagement, coupled with Russia’s growing assertiveness.

The European Union does, in fact, possess a meaningful tool that could be deployed in cases like Romania’s: its cyber sanctions framework, established in 2019 under the Cyber Diplomacy Toolbox. This instrument was used sparingly to designate individuals and entities responsible for significant cyberattacks. In the 7 years since it was established, only 17 individuals and 4 entities were sanctioned under this cyber sanctions’ framework, despite the increasing number of offensive cyber operations in Europe in the range of thousands. Given the scale and frequency of Russian-aligned cyber operations across the continent, the EU’s restraint is not strategic patience - it is negligence and an invitation for Russian-connected ransomware groups to continue offensive operations targeting European energy, telecommunications, and water infrastructure.

The EU deploying cyber sanctions more aggressively would carry more than the symbolic value of a more strategically autonomous Europe. Sanctions create costs for the adversary. They are designed to disrupt financial flows to ransomware operators who depend on the international banking infrastructure, cryptocurrency exchanges with European exposure, and front companies operating in permissive jurisdictions. Designating ransomware groups like Qilin, Gentlemen, and their known affiliates, along with the broader ecosystem of bulletproof hosting providers, money launderers, and initial access brokers that sustain them would not outline eliminate ransomware overnight. It would, however, raise the cost to ransomware groups doing business with Russia and, at the same time, send an unambiguous political signal that the EU is treating cyber operations targeting critical infrastructure as acts of aggression, not just cybercrime.

The EU must pursue these sanctions not in isolation, but as part of a broader attribution effort including member states and candidate countries. Attribution is often a hard political choice rather than a technical operation, and Russia is actively exploiting the EU’s difficulty in making hard political decisions. The evidentiary threshold for sanctions does not require the certainty of a criminal conviction. The standard is reasonable grounds, and between national cyber agencies, Europol, ENISA, and intelligence-sharing partnerships, Europe has more than enough to build credible designation cases. Formats like the recently launched trilateral cyber alliance between Romania, Moldova, and Ukraine could be used not only for sharing threat intelligence and aligning standards for cyber hygiene, but also for crystallizing broader continental support for the EU cyber sanction’s framework.

But even stronger political will may not be enough without a structural reform of the EU cyber sanctions regime. Under the current legal framework, decisions on cyber sanctions designations require unanimity in the EU Council, implying that a single member state can veto a cyber designation, however well-evidenced. This is not a theoretical problem, it’s an operational gap that Russia understands and exploits through its sympathetic EU governments, like Hungary and Slovakia. Through the advocacy of states that are in the front line of exposure to Russian hybrid warfare, the EU must pursue qualified majority voting for cyber designations.

The argument that foreign and security policy must remain unanimously agreed is understandable in contexts where member state interests genuinely diverge. Protecting European critical infrastructure from a hostile state’s hybrid operations is not one of these contexts - it should be common ground. Moving towards quality majority voting for cyber sanctions would also help speed the pace of these decisions. The EU sanctioned people for the NotPetya campaign three years after the attack, and for the Bundestag hack five years after it occurred. This delay severely dilutes the impact of the sanctions and signals Europe's weakness.

The European Union must also look inward, at the corporate negligence that makes these cyberattacks against vital infrastructure so effective. The jarring truth is that the Russian-sponsored ransomware campaigns targeting critical infrastructure succeed not primarily because of Russian sophisticated offensive capabilities, but because of poor cyber hygiene. Unpatched systems, poor identity management practices, weak network segmentation and insufficient red teaming create the perfect storm in which these ransomware gangs operate to weaken European economies. European critical infrastructure sites are not breached because operators like Qilin are sophisticated, but because the bar is low enough to clear. The EU’s NIS2 Directive, which came into force in 2023, was supposed to change this status quo. It expanded the scope of critical sectors to mandatory cybersecurity standards and tightened reporting obligations and management-level accountability. Member states, however, have been very slow to transpose NIS2 into national law and even slower to enforce it meaningfully.

The EU must advance toward a model where entities in critical sectors that suffer a significant breach face real regulatory scrutiny as a reasonable standard. Companies that cannot demonstrate minimum cyber hygiene should face graduated financial penalties and those responsible for critical systems, whether power grids, water utilities, or pipeline operators, should face enhanced obligations and more aggressive oversight.

The moment to act is not after the next power outage, the next hospital system locked down or the next election disruption. Romania’s top cybersecurity official has warned that even if the guns in Ukraine fall silent, Russia will continue to operate in cyberspace, and the European Union must be prepared to act. Preparation does not imply reinventing the wheel, but actively using the tools already on the shelf, such as the underutilized European cyber sanctions regime for whose activation Romania needed to advocate.

The legal framework exists and the dots of Russian hybrid warfare can be connected for the political establishment to deliberate and act. Europe's continued inaction against Russian-connected offensive cyber operations targeting critical infrastructure carries real costs - ones that undermine the ideal of a geopolitically robust EU and push European elites further from their stated objective of making the continent more economically competitive.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump Is Getting His Way in Caracas — But It’s Complicated

In 2017, Marco Rubio, then Florida’s junior senator, was assigned a Capitol Police security detail because the U.S. received unverified but alarming intelligence that Venezuelan strongman Nicolás Maduro’s feared chief enforcer was sending a hit man to assassinate him.

Today, in an epic irony, Rubio, now Secretary of State, and his boss, President Donald Trump, have turned to that same enforcer – Diosdado Cabello, whose official title is Minister of Interior, Justice, and Peace – to calm the nation in the wake of the U.S. Special Forces raid that ripped Maduro out of his bed on Jan. 3 and deposited him in a Brooklyn lockup on federal narcoterrorism charges. The administration’s aim, Rubio told Congress, is a “friendly, stable, prosperous Venezuela…objective number one was stability.” U.S. oil majors and other potential investors have told Trump and his team that they won’t return to get Venezuela's vast but neglected oil fields pumping again until the country is rid of troublemakers, from homegrown street crooks to hardline Cuban Marxists to malign players from distant shores.

“The restoration of Venezuela will not be complete without the expulsion of the Cubans, the Iranians, and by extension, Hezbollah, the Iranian’s proxy in Venezuela, as well as really curtailing the activities of the Chinese and the Russians in Venezuela,” David Shedd, formerly acting director of the Defense Intelligence Agency, told The Cipher Brief. To clear out all those dangerous characters, Shedd, a Cipher Brief expert, said that for now, the Trump team has no choice but to collaborate with Cabello and other unsavory remnants of the Maduro regime. “The levers of power still rest with people like [acting president] Delcy Rodriguez, her brother Jorge Rodriguez, who's the head of the National Assembly, along with Diosdado Cabello at the head of the intelligence services and Vladimir Padrino, head of the military,” he said. “All very corrupt individuals, all individuals that need to go eventually. However, they have the levers of power. It's within their power to do these expulsions.”

Critics will call it a deal with the devil. But so far, it’s working. Interim president Delcy Rodriguez, once a hardcore leftist idealogue, has turned out to be a survivor with a pragmatic side. Last month, she ordered Cuban security advisers and doctors out of Venezuela, according to Reuters. Last Wednesday (Mar. 18) she sacked Defense Minister Gen. Vladimir Padrino Lopez who had held that post for more than 11 years. Named for Russian revolutionary Vladimir Lenin and educated in part at Fort Benning’s School of the Americas, Padrino was indicted for narcotics trafficking in federal court in Washington, D.C. in 2019 for allegedly facilitating Colombian cocaine traffickers who were using Venezuela as a trampoline to the U.S. and Europe. The State Department is offering a $15 million reward for his arrest. If extradited to the U.S, he could make a plea deal with federal prosecutors to testify against Maduro.

Another potential witness, Colombian-Venezuelan billionaire Alex Saab, Maduro’s chief money mover, fixer and point man for dealing with Iran and Russia, may turn up in the U.S. in handcuffs soon. As Maduro’s alleged bagman, he is believed to have detailed knowledge of how the strongman looted his country’s treasury. Saab was indicted in Miami in 2019 in a DEA bribery/money laundering case that involved, among other schemes, allegedly moving $350 million in Venezuelan government funds meant for the poor to his offshore accounts. In 2020, he was detained in Cape Verde on a DEA red notice as his private plane was refueling on his way to Tehran. The following year, he was extradited to the U.S. to face charges. He denied wrongdoing. In 2023, President Joe Biden pardoned him as part of a prisoner exchange with the Maduro government. He was sent back to Caracas, where Maduro appointed him Minister of industry and National Production. Last month, according to the Miami Herald and New York Times, he was reportedly detained by Cabello’s agents working with the FBI. Negotiations are under way for his extradition to the U.S., based on a new, still-sealed indictment.

Trump rarely misses a chance to boast about the changes he has wrought in Caracas – and how they serve as his model for pressuring other nations to bend to U.S. demands. Yesterday (March 24), speaking with reporters about his efforts to change the regime in Tehran to one friendlier to U.S. interests, he gushed, “Look at Venezuela, how well that's working out! We are doing so well in Venezuela with oil and with the relationship between the president-elect [Rodriguez] and us. Maybe we find somebody like that in Iran.”

Yet Cabello, a swaggering onetime military officer who poses for photos brandishing a cartoonish spiked cudgel and patrols the streets with scowling thugs, remains in power. Back in 2017, Cabello adamantly denied a Miami Herald and CBS News report that he had initiated a “potentially grave” threat against Rubio, but the pair carried on a heated verbal duel in the news pages and social medium with Cabello calling Rubio a “fool” and “Narco Rubio,” and Rubio labeling Maduro an “unhinged dictator” and Cabello “the Pablo Escobar of Venezuela,”

Actually, Cabello is so much more. Escobar never attained public office in Colombia. Cabello has loomed large in Venezuelan power circles since as a young Army lieutenant, he joined leftist strongman Hugo Chavez in an attempted coup in 1992. When Chavez was elected to the presidency in 1998, Cabello climbed rapidly. As interior minister since 2024, Cabello has been nicknamed Diostodo, God Almighty, because he commands the police, the dreaded internal security agency SEBIN, (for Servicio Bolivariano de Inteligencia Nacional) and the colectivos, civilian militias that prowl neighborhoods, enforce regime dictates and crush dissent. He was indicted in New York in 2020 and again this year for narcoterrorism conspiracy. He has a $25 million State Department bounty on his head, second only to the $50 million bounty offered for Maduro. Since his indictment, instead of going to ground as Escobar did, Cabello has made himself a constant media presence in Caracas, using Instagram accounts and his state-run TV show, “Bringing Down the Hammer,” to promote his brand of brutality.

Cabello has repeatedly denied involvement in the international drug trade. A former Venezuelan official who tells another story is disgraced former Venezuelan general Hugo Armando Carvajal Barrios, once head of his country’s military intelligence arm, who has been indicted at least four times in the U.S. for narcotics trafficking conspiracy, starting in 2011, Carvajal was extradited from Spain in 2023, pleaded guilty last June and is now incarcerated in the U.S. while awaiting sentencing. According to documents filed in federal court, after making a plea deal, Carvajal told federal prosecutors that he was in a pivotal high-level meeting in 2008 when Venezuelan leader Hugo Chavez personally ordered Cabello to lead a project working with Colombia’s leftist FARC guerillas to “flood” the U.S. with cocaine. At the time, the guerillas were manufacturing tons of cocaine in the Colombian jungle, near the border with Venezuela and wanted to partner with the Venezuelan military, which controlled the country’s air and seaports, to move the lucrative product to market in the States and Europe. After Chavez died of cancer in 2013 and Maduro succeeded him, Carvajal claimed, according to the documents, Cabello continued to oversee FARC cocaine shipments and to provide arms to FARC.

These charges have yet to be tested in U.S. courts. Everything Carvajal says will be challenged, because he has admitted his own corrupt involvement with the FARC’s cocaine-production arm, dating back to 1999 and the early days of Chavez’ rule. Still, as head of his country’s Directorate of Military Intelligence, DIM, from 2004 to 2014, he has been in a position to know a lot about Chavez, Maduro, Cabello and other senior figures in the leftist regime. Last December, Carvajal sent a letter from federal prison charging extensive Venezuelan government involvement, not only in narcotics trafficking and organized crime but also in intelligence operations against the U.S. According to the Miami Herald, he claimed that Russian and Cuban intelligence services were using Venezuela as a forward staging base to run joint operations against the U.S. and that Venezuelan and Cuban intelligence agencies had placed spies inside the U.S. “for decades.” Allegations that Russian and Cuban spies have infiltrated the U.S. are hardly new, and it’s far from clear whether Carvajal’s charges are specific and can be corroborated. Still, given his access to regime secrets, Carvajal’s account, coupled with those of other former Venezuelan officials who want to make deals with the U.S., underscores the risky nature of the Trump administration’s decision to leave Chavez-Maduro loyalists in power, even temporarily.

None of the regime holdovers are more hazardous to Trump’s plans than Cabello, who remains uniquely positioned to make or break Trump’s vision to restore Venezuela as a welcoming place for American business, especially Big Oil, as a Feb. 12 State Department policy statement, entitled “Actions to Implement President Trump’s Vision for Venezuelan Oil,” makes plain. It declares that as in the post-Maduro era, “U.S. firms will play a critical role in repairing and upgrading Venezuela’s oil and gas infrastructure for the benefit of the Venezuelan people…With renewed cooperation and sound economic stewardship, Venezuela can reemerge as a stable, prosperous partner whose citizens benefit from its vast natural wealth and strengthened ties with the United States.”

Cabello and the colectivos he controls could interfere with that vision. According to Reuters, before the Special Forces operation to seize Maduro, the Trump team delivered a blunt message to Cabello that if he ordered his goon squads to attack opposition activists or unleash chaos, he would suffer the same fate as Maduro and wind up in a grim cell in Brooklyn. Cabello wavered briefly, according to the Miami Herald, sending voicemail messages to military officers and regime loyalists that urged, ”Let’s go to the streets, as much as we can, in the states, mobilize our people.” Then he reversed course and fell in line with the U.S. demand, posting a torrent of social media messages showing happy citizens and proclaiming that his country was stable and safe. His Valentine’s Day post boasted, There isn’t a single place in the Americas that has better security numbers than Venezuela.” By numbers, he meant the street crime rate.

But street crime was never the issue for U.S. national security experts and federal investigators, who have been far more worried about less visible threats posed by transnational organized crime, foreign terrorism, espionage and, potentially, hybrid warfare, using Venezuela as a base from which to attack U.S. physical and cyber infrastructure and other interests vital to American and regional security.

“Venezuela has essentially been run as a narco-state, or as a vast organized crime network, for the past 20 years,” Sandalio Gonzalez, who initiated the DEA’s criminal case against Maduro and his top lieutenants, told The Cipher Brief. As a DEA agent in Caracas from 2006 to 2010 and later a senior agent in the elite DEA Special Operations Division, Gonzalez and his partners started out investigating the Chavez regime’s connections with Colombia’s FARC guerillas. They thought they were pursuing a straightforward drug corruption case, but, says Gonzalez, “During the course of the next several years, we became deeply concerned that an important country like Venezuela had become allied with our adversaries. Venezuela ought to be America’s partner and ally in stabilizing and unifying our hemisphere, not advancing the anti-American and anti-democratic interests of our adversaries.”

Others in the DEA were equally alarmed. “Venezuela is sitting on the biggest oil reserves in the world, but it had become a haven for countries and movements that were against U.S. interests, such as the Russians, Chinese, and Hezbollah,” Paul Craine, DEA’s regional director for Mexico and Central America from 2013 to 2017, told The Cipher Brief. “Different terrorist elements had safe haven in Venezuela. And obviously, the Maduro regime was in direct collusion with Russia and supporting Cuba. The Venezuelan secret police are very closely aligned with the Cuban secret police.”

Once the Trump White House and Pentagon started making plans to remove Maduro, Craine, like other experts on the Latin American criminal and terrorist underground became concerned that he would be replaced by other corrupt, duplicitous figures from the Venezuelan power elite.

“You can't leave these major criminals who have blood on their hands and who have been agents of suppression to continue to be there, or be part of the government,” Craine said.

Unraveling the Caracas-Havana connection will take a while. “I recognize that it won’t be easy,” Rubio told the Senate Foreign Relations Committee in January. “I mean, look, at the end of the day we are dealing with people over there that have spent most of their lives living in a gangster paradise, so it’s not going to be like from one day to the next we’re going to have this thing turn around overnight. But I think we’re making good and decent progress.”

For the U.S. national security community, the Caracas-Beijing connection is more subtle and even more important over the long run. On January 2, the day before Delta Force launched into Caracas to take custody of Maduro, a Chinese delegation led by Qiu Xiaoqi, the Chinese government’s special representative for Latin American affairs, was at the Miraflores Presidential Palace, meeting with Maduro. China was getting deeply discounted oil from Venezuela, was Venezuela’s second-largest trading partner after the U.S. and was selling Venezuela billions of dollars’ worth of military equipment, according to a January 2026 report by the U.S.-China Economic and Security Review Commission.

“China is a big loser in the Maduro rendition,” said Shedd, whose new book, The Great Heist, examines China’s theft of U.S. technology and intellectual property. “China has invested nearly $5 billion over the past two-plus decades in Venezuela, primarily focusing on energy projects which under Phase 2 of the transition in Venezuela will go to U.S. oil companies with first rights of refusal. How can China not lose?”

During the Chavez and Maduro regimes, Shedd said, “China has increasingly been involved in weapons sales, back-door-enabled Huawei and ZTE telecommunications networks, and dual-use tech related sales” to Venezuela. “In addition, the PRC has had an interest in – if not an actual hand in – enabling some intelligence/security capabilities in Venezuela that help Venezuela’s security apparatus, SEBIN, spy on and disrupt the political opposition. Anything that curtails Chinese influence, which is by its nature antithetical to U.S. interests, is a good outcome.”

Rubio has insisted it would be physically impossible for the U.S. military to remove all of the allies of China, Iran, Cuba and other malign influences in one or two raids. “Land within three minutes, kick down [Maduro’s] door, grab him, put him in handcuffs, read him his rights, put him in a helicopter and leave the country without losing any American or any American assets – that’s not an easy mission,” Rubio said on Face the Nation last January. “And you’re asking me why didn’t we do that in five other places at the same time? I mean, that’s absurd.”

Since that time, Washington has not demanded that Rodríguez hand over Cabello, Padrino López and other current and former senior officials indicted in the U.S. and instead has pressed Rodriguez for a more gradual transition, removing potential troublemakers from power one by one. According to the Miami Herald. Cabello has tried to stave off his own exit from power by leveraging his influence as a security insider and by asking for a guarantee that the popular opposition leader María Corina Machado won’t return to Venezuela. His eventual fate is a subject of intense speculation, but facts are scarce.

So far, the Trump administration appears to be running a charm offensive. Trump regularly praises Rodriguez and says he wants to visit Caracas at some future date. Meanwhile, the administration has dispatched a steady stream of senior American officials to get to know Rodriguez and other Venezuelan holdovers still in power, impress them with Washington’s seriousness of purpose and, as the fictional Michael Corleone counseled, keep them very close.

For instance, last month (Feb. 18) Marine Gen. Frank Donovan, a former special operations leader, now commander of the U.S. Southern Command, made a surprise visit to Caracas and met with Rodriguez, Cabello and Padrino Lopez, before he was removed. The agenda, according to Rodriguez’ X feed, was predictable, if ironic – drug trafficking, terrorism and migration, covering all the bad acts federal prosecutors and Trump have attributed to Maduro and his cronies.

In an interview with The Cipher Brief, Renee Novakoff, a former deputy director of intelligence for sensitive activities and programs at the Pentagon, described Donovan’s visit as “a historic event, even if it was a confusing one.”

“The U.S. military just forcefully removed the country's President and U.S. officials met with indicted criminals to discuss cooperation on the issues they are indicted for and for which their President is awaiting trial in the U.S.,” Novakoff said. “The U.S. continues to sink drug trafficking boats, killing those on board. The Venezuelans are saying that diplomacy is the right way forward but ....is this diplomacy or is it continued pressure on Venezuela? Usually, the first trip by the COCOM Commander is to a partner nation. The actions and the words are perplexing."

Yesterday (March 23), apparently undaunted by the deepening U.S. presence, Cabello led a protest march through the streets of Caracas, defiantly demanding an end to U.S. sanctions and restoration of some socialist policies. According to Spanish-language news reports, he promised, “We will return to the highest wage system in America. We will return to an education with everyone; we will give quality of life to Venezuelans."

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

While Washington Looks to Iran, Putin Gains Ground

OPINION - After the joint U.S. - Israeli strikes against Iran’s nuclear program last June and after the spectacular raid that resulted in the capture of Venezuelan dictator Nicolas Maduro, U.S. President Donald Trump must have begun to feel like the ruler of the world.

“For he was ruler of the world and he knew not what to do. But he would think of something.”

—Arthur C. Clarke, 2001: A Space Odyssey

He then thought of something to do: unite again with Israel and finish the job with Iran. This time, the end result is not yet clear and the result could end up looking a lot more like Iraq than Venezuela.

It’s not that the Iranian regime didn’t have it coming. The heinous regime led by Ayatollah Khamenei has been the sponsor of terrorism and regional instability in the Middle East for decades. The leadership of the Islamic Republic of Iran was unrepentantly hostile to the U.S. and Israel, the latter a target of Iran for extermination. It also had a program intent on developing a nuclear weapon, despite Iranian statements to the contrary.

It is also well and good that Maduro is in prison in the U.S. and Iran’s capability to build a nuclear weapon and engage in regional and global terrorism is being diminished and perhaps ultimately eliminated. But the opportunity cost of this is significant in that the operation against Iran has diverted resources that could have been available to support Ukraine, which is effectively, the front line of the defense of Europe and the main bulwark against the expansionist ambitions of the man at the center of a global effort against the U.S. and the West.

The reality is that the other presumed ruler of the world - at least in his own mind - Russian President Vladimir Putin - is seeing his world get smaller and smaller. The system of alliances he so carefully nurtured as he tried to re-claim for Russia a place at the rank of superpower, has shrunk materially. This alliance was given the ambitious label of the “Axis of Resistance.”

The authors of that label were apparently not too familiar with the fate of the last major “Axis,” Germany, Italy, and Japan. The fate of some members of the current axis has already been decided, with Syria’s Assad in exile in Moscow, Ayatollah Khamenei deceased, and the Islamic Republic under concentrated assault from the U.S. and Israel. Putin and Russia embarrassingly, remain on the sidelines.

In addition to the strategic setbacks Putin’s Ukraine invasion has caused the Russian Federation, (Sweden and Finland joining NATO and that organization having been given new purpose and vision) the invasion has cost Russia a staggering number of casualties estimated by some at approaching 1.5 million soldiers killed, wounded, captured or missing. An example of which is the reportedly 8,700 casualties last week alone as the price of capturing roughly 28 kilometers of Ukrainian territory.

These losses are the early cost of Russia’s Spring-Summer offensive which is expected to include mobilized troops as Putin is no longer able to buy enough volunteers to fill the depleted ranks of the Russian army.

For its part, Ukraine seems to be militarily holding its own, even recapturing some territory during counteroffensives in southern Ukraine as well as continuing to demonstrate the ability through missile or drone attacks to strike military and economic targets deep in the territory of the Russian Federation.

There is increasing evidence that things on the domestic front are becoming more difficult for the “moth” as Putin is quietly and derisively called in some circles in Russia. Russia has had to resort to conscription on a year round system and has significantly increased the penalties for draft evasion and although Russian law prevents the deployment of untrained conscripts to war zones, draftees are pressured to sign contracts for service in Ukraine.

Closer to Moscow, another Russian general, this time a commander of the Russian Air Force, Sergei Kobylash, died after falling out of a window in early 2026. His was the latest in a series of mysterious deaths of senior Russian military officers in recent years. Also to be noted, is the shooting in Moscow of the Deputy Head of Russian military intelligence (GRU) Lt. Gen. Vladimir Alekseyev in a residential building in Moscow.

Alekseyev was allegedly involved in the attack on Sergei Skripal in the UK and he was one of the officials who negotiated with Yevgeny Prigozhin after the latter’s Wagner Group mutiny. If you are a senior Russian military official, one would think you would be starting to wonder about the direction your President is taking your country or, more personally, if you will be the next to fall out of a window or be shot when leaving your apartment building.

If there is going to be regime change in Russia, it likely needs to come from these ranks.

Even some formerly ardent supporters of Putin and his invasion of Ukraine are starting to speak out against the regime. Ilya Remesto, a well known Russian blogger, propagandist, and lawyer who was in part responsible for the persecution and conviction of Alexei Navalny, suddenly published a Telegram post titled: “Five reasons why I stopped supporting Vladimir Putin.” He has since reportedly been hospitalized at a Psychiatric Hospital in St. Petersburg. One might hope he has a room on the ground floor.

The circle of advisors around Putin was also reduced with the resignation last September of Dmitri Kozak, the Deputy Chief of Staff of the Kremlin, due to his opposition to the war in Ukraine, and the very recent retirement for health reasons, of former Minister of Defense and long time Putin associate Sergey Ivanov.

Two other recent developments of note in assessing the state of play at the center of the Kremlin: Vladimir Putin’s public appearances have been dramatically reduced in recent weeks with several absences of longer than a week having been noted. There is speculation the absences are health related but there is also increasing speculation in Russia and abroad that Putin is concerned for his own security taking extra precautions. This could be similar to Putin’s seeming paranoia during the COVID crisis.

The second is the shutting down of the internet in Moscow and elsewhere in the Russian Federation for “security reasons.” This shutdown has had meaningful economic consequences in the Moscow region and has caused understandable social discontent. A reflection of that could be the appearance on Russian state television of satires about how life is better without the internet.

Here’s my issue with where we are today. As a former Intelligence Officer, I’m seeing signals that the President of the U.S. does not seem to recognize who the guiding forces are in the global effort to undermine the U.S. politically and economically. If he did, there would be much more pressure applied to the leaders of the Axis: Vladimir Putin and Chinese President Xi Jinping.

It is the former who has taken the lead in efforts to attack the U.S. and Europe, unleashing at various times, Russian intelligence operatives to conduct assassination and sabotage operations in Europe and elsewhere, as well as cyber probing and attacks on U.S. infrastructure and election integrity.

Putin is at the very center of the web. His economy was starting to seriously feel the effects of sanctions, low oil prices and more concerted efforts to crack down on sanctions evasion and Russia’s “shadow fleet” of tankers carrying oil in violation of U.S. sanctions.

The Iran conflict has led to concerns about oil supply and a rise in the price of crude oil. Unfortunately, instead of seeking to keep the pressure on Moscow, the President decided to lift some sanctions on Russian energy, resulting in a windfall of resources for the Russian dictator which will certainly be used to support his continued aggression in Ukraine.

Kyiv, on the other hand, having survived devastating attacks against its energy infrastructure during the coldest winter in eastern Europe in decades, has stepped up to provide expertise and anti drone technology to assist the efforts by the U.S. to restore shipping through the Strait of Hormuz.

This from a country that according to the U.S. President “had no cards.” Now Ukrainian anti-drone drones are the single most effective system in place to protect vital shipping lanes from Iranian drone attacks. At the same time, there are reports that Russia is providing intelligence to assist Iran in targeting U.S. forces in the region.

The U.S. president and his national security team need to focus more energy on the real enemy and architect of the effort to undermine the U.S. and the West, Vladimir Putin. A near term first step might be rejecting Putin’s ridiculous offer to stop aiding Iran if the U.S. ceases aid to Ukraine. The president should also immediately re-impose the sanctions that were recently relaxed on Russian energy. Perhaps next, the president should message Russian elites and the Russian people about regime change. Maybe he will have better luck than he has with the Iranians. It’s certainly worth a try.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

National Security Starts at Home — Not on the Battlefield

OPINION – The current conflict with Iran highlights a longstanding, core premise that national security comes from visible instruments of power - weapons. While hard power will always be critical to national security, national security is not created by accumulated hard power. It is created by enduring internal capacity that prevents the need to rely on hard power. This enduring internal capacity is the critical but overlooked and undervalued foundation of national security.

Traditional security models are not sufficient for the world we live in today. These models - hard power, Powell Doctrine, containment, deterrence - conflate a tool with an outcome, and they rely on assumptions that no longer hold or are increasingly strained: stable institutions, a cohesive society, reliable decision-making, and political continuity. National strategy is constantly changing, which shrinks planning horizons, compresses and degrades decision making, and increases the cost to prepare for and execute new priorities. Ultimately, this environment is a reactive system, and reactive systems narrow the set of good options.

Chronically reactive systems benefit adversaries who can exploit institutional fatigue, political volatility, divided populations, and cognitive overload. Adversaries do not need to out-invest or out-build us - they only need to exploit the cracks in the foundation.

I offer an updated definition and framework for national security. First, national security is a nation’s enduring capacity to protect and advance its interests, deter and mitigate threats, and sustain power and legitimacy over time. If national security is enduring capacity, strategic continuity is significant. Repeated strategic resets, electoral and leadership transitions, and compressed decision timelines destabilize institutional readiness, shorten planning cycles, and undermine the enduring capacity and stability that national security requires.

This framework focuses on the internal capacity variables that determine whether power can be generated, sustained, and effectively applied. That enduring capacity rests on four interdependent variables:

National Security is created and sustained through decision quality, institutional performance, societal resilience, and innovation and adoption capacity. If any one of these variables degrades, overall national security capacity declines - regardless of material advantage.

NS = DQ + IP + SR + IA

DQ (Decision Quality): The ability to make sound, timely choices under stress.

IP (Institutional Performance): The ability to execute strategy consistently and adapt over time.

SR (Societal Resilience): The level of trust, cohesion, and foundational stability that prevents internal fracture from becoming an external vulnerability.

IA (Innovation & Adoption Capacity): The ability to integrate emerging technologies into functioning systems at scale.

I also want to offer a note on resilience in anticipation of an argument that these variables fall under resilience rather than national security. The government defines resilience narrowly as the ability to absorb kinetic shock. Modern competition targets cognitive stability, institutional trust, and social cohesion long before kinetic thresholds are crossed. Thus, these are core elements of a proactive, preventive national security posture as well as requirements for withstanding gray zone and kinetic action.

Decision Quality

National security is high stakes, and personal psychology and leadership determine more than we acknowledge (even within the Intelligence Community, leadership analysts are viewed as a “nice to have.”) Modern geopolitical competition and gray zone conflict require leaders and institutions to make sound choices under stress and frequently without all the data. An individual leader’s psychology and temperament – a person’s root operating system that shapes the way they view the world and approaches decision making – often determine a decision before the following two critical factors for high decision quality: objective intelligence gathering and analysis and positive leadership dynamics (including access to advisors that are experienced, encouraged to debate, and present diverse recommendations). High decision quality comes from grounded leadership, objective intelligence, and trusted advisers. If these factors are not present, decision quality degrades as options and choices are made based on faulty or incomplete intelligence, personal desires, or group think, and capability does not translate into strategic success.

Institutional Performance

Government organizations must be capable, trusted, resourced, and agile as they plan and execute strategy over time. Strong institutional performance comes from workforce stability, strategic continuity, adequate resourcing, and technology adoption capacity. Organizational psychology and leadership dynamics can have significant influence on whether an institution can execute and meet expectations. Staff need to feel secure, supported, and respected in their roles and have trust in the leadership, mission, and vision. Strategic continuity supports short- and long-term planning and reduces costs associated with constantly changing mission priorities. Resources are a core requirement to ensure organizations can execute, and technology adoption can drastically optimize organizational performance.

Institutional performance also affects societal resilience. People need to believe government institutions are capable, responsive, and supportive of their needs. Without responsive organizations, societal trust and cohesion erode.

Societal Resilience

“United we stand. Divided we fall.” Social cohesion, trust, and stability prevent internal division and protect the population from becoming an external vulnerability. Likewise, having a population that is well-educated and healthy with opportunities for upward mobility generates individual strength and resilience, creating stronger immunity and resistance to adversary operations. These are not social add-ons; each is a structural input into resilience, legitimacy, and institutional effectiveness. Human flourishing is a competitive advantage: nations that invest in people generate the talent, trust, and institutional capacity that innovation and ultimately power depends on.

Societal resilience is crucial in an age of cognitive warfare: propaganda, deepfakes, mis- and disinformation, information operations, and sophisticated cyber capabilities. What is the ground truth? How do people verify what they are seeing, reading, and/or hearing are true? Adversaries can create powerful narratives that can influence and bias a population against supporting its government, divide it amongst itself, or convince a population to take/not take action that directly benefits the adversary.

Can we resist influence operations; Can we maintain social cohesion under narrative pressure; Can we sustain legitimacy during prolonged competition or conflict; Can we prevent internal fracture from being exploited externally? Ultimately, trust + cohesion + opportunity = resistance to manipulation.

Innovation & Adoption Capacity

If technology cannot be integrated effectively, innovation amplifies dysfunction rather than being an advantage. Innovation and adoption capacity are longstanding challenges within the government. More investment and innovation occur in the private sector now, and public-private partnerships are critical to translating emerging technology into tangible improvements in operations and mission outcomes. However, the core challenge remains the ability to integrate emerging technologies into existing systems at scale. The rapid development and deployment of AI across the public and private sectors right now is an excellent example of a game-changing technology struggling to be adopted and implemented effectively at scale.

Innovation and adoption capacity also support decision quality, societal resilience, and institutional performance by providing tools that enhance decision making, improve the effectiveness and efficiency of our institutions, and give us the tools to identify and counter adversary activities. Technology innovation and adoption are critical to provide the US with a strategic, asymmetric technical advantage should kinetic conflict occur.

What does this new definition and framework mean for hard power and deterrence? They remain necessary but are instruments rather than the source of national security or a strategy unto themselves. Deterrence is not strictly a function of visible military capability. Deterrence is also a function of credible execution, decision coherence, institutional reliability, political and social stability, technology integration, and escalation absorption. Enduring internal capacity determines whether hard power is credible and sustainable.

Adversaries will ask: Can they sustain; Can they respond coherently; Is their society stable; Will political volatility constrain action;Can they absorb escalation; For how long?

Security in the 21st century is not defined by what we can destroy. It is defined by what we can sustain. National security is not primarily created by accumulated military capability. It is created by durable internal capacity that prevents vulnerability from emerging in the first place. Hard power deters. Capacity endures.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Quiet Expansion of Trump’s War on Cartels

OPINION — “The [narco-trafficking] boat strikes [in the Caribbean and Eastern Pacific] aren't the answer. What we're moving for right now might be an extension of [Operation] Southern Spear, really a counter [narcotics] cartel campaign process that puts total systemic friction across this [drug] network.”

That was Marine Corps Gen. Francis Donovan, Commander of U.S. Southern Command (SOUTHCOM), testifying last Thursday before the Senate Armed Services Committee about the expanded Trump military campaign against Western Hemisphere drug cartels.

With most public attention focused on the Iran War, I decided to look at this hearing, which also received testimony from Air Force Gen. Gregory Guillot, Commander of U.S. Northern Command (NORTHCOM), who, as I will discuss below, made clear that talks are moving ahead with Greenland and Denmark and that there was little behind President Trump’s talk of invading that Arctic island.

Just months ago, the Trump administration’s repeated destruction of narco-trafficking boats and Presidential talk of taking Greenland were front page stories, causing Americans to wonder where the President was taking the country militarily, particularly after the initial one-day June 2025 bombing of Iran nuclear sites and the later January 2026 successful seizure of Venezuelan President Nicolas Maduro.

Trump’s military action appetite has clearly grown so I believe it worth using last week’s testimony to see where his earlier efforts have led.

Since September 2, 2025, when Trump first told reporters about the initial strike against a narco-trafficking boat and later published a dramatic video of the operation on Truth Social, there have been 45 more such attacks in the Caribbean and Eastern Pacific along with the killing of 159 individuals whom Trump or his officials have described as terrorists or narco-traffickers.

Last week, after Gen. Donovan told the Senators directly, “The boat strikes aren't the answer,” he later referred to creation of what has been called the Americas Counter Cartel Coalition or the Shield of the Americas.

Donovan described it as 17 Western Hemisphere countries along with the U.S. establishing on March 7. what he called “a coalition that will have a military aspect to it. When I say military, it's really partners that are willing to join with us to move forward against the cartels with different degrees based on what they can bring.”

In his prepared statement for the committee, Donovan described how the U.S. Embassy in Bogota, Colombia, has what is called an Embassy Intelligence Fusion Cell which, in partnership with Colombian officials, works to stop drugs “by committing airborne ISR [intelligence surveillance and reconnaissance] and fostering a holistic intelligence sharing effort. We [the U.S.] provide timely, critical information on cocaine labs, production and departure zones, and top FTO [foreign terrorist organization] leaders to enable Colombian security forces to take action.”

In answering a Senator’s question, Donovan said, “We just recently established an Ecuador fusion cell and with the Ecuadorian minister of defense, because they are leading the way.”

The SOUTHCOM Commander did not mention to the Senators that earlier this month he and Rear Admiral Mark A. Schafer, head of U.S. Special Operations-South, visited Quito and held talks with Ecuadorian President Daniel Noboa. The Ecuadorian president's office said in a statement that the three discussed plans for the sharing of information and operational coordination at airports and seaports.

Along with Ecuador, Donovan said, “The other nation that is really is stepping forward is Paraguay.” He said it recently signed a SOFA (status of forces) agreement with the United States which allows us to operate much more closely together with FMS (foreign military sales) of radars coming down it will increase the air domain awareness in Paraguay.

At one point Donovan said of the Americas Counter Cartel Coalition, “Putting that together, I believe actually kinetic [boat] strikes will be one of the many tools and probably not the most effective tool when we actually look at it as more of a campaign approach.”

One matter raised several times during the hearing focused on questions about the legality of the military killing of persons as alleged narco-traffickers without any trial or proof they in fact are traffickers.

Donovan more than once said he could talk about the intelligence involved in a closed session. But when asked about the targeting criteria to approve strikes in international waters Donovan replied they are using “near reasonable certainty, reasonable certainty, near certainty to make the final decision.”

Sen. Tammy Duckworth (D-Ill.), however, raised questions about terms used to by the Trump administration to describe those on the boats. She asked at one point, “What guidance have you received or issued for how to treat associates of a group differently from a confirmed direct member of a group?”

Her question implied that among those being killed are individuals “associated” with a drug cartel and she further pointed out “the administration in their legal justifications are calling these folks associates, but it's different from being a confirmed direct member of a group.”

In answering, Donovan further complicated the situation by saying, “We have a definition of affiliates tied to that classified definition. In a closed setting. I would like to share word-for-word what that definition is, Senator.”

Duckworth responded, “I'm concerned about the looseness of the term that SOUTHCOM has been using to publicly to report an individual we killed, specifically affiliate or associate. Those are the two words that were used, which implies an even weaker association with any concerning threat.”

Just before the session closed, Sen. Jack Reed (D-R.I.), ranking Democrat on the committee, raised questions about the “exords” related to the boat attacks, meaning the execute orders to initiate the military action.

Reed said, “There is a legal requirement for the [Defense] Department to provide those exords to the committee which you [Committee Chairman Sen. Roger Wicker (R-Miss.)] and I have requested multiple times…The [Defense] Secretary [Pete Hegseth] has not fulfilled this legal requirement and your testimony General Donovan further confirms in my mind that we need these documents to understand and oversee. That's our role -- oversee these operations.”

The takeover of Cuba has been on President Trump’s mind for some time. Most recently, during an Oval Office meeting March 17, he told reporters, “We'll be doing something with Cuba very soon." A day earlier, the President talked of "taking Cuba in some form," adding, “Whether I free it, take it, I think I could do anything I want with it."

Donovan, asked, “Are we currently conducting any military rehearsals that involve seizing, occupying, or otherwise asserting control over Cuba?” replied, “U.S. Southern Command is not,” and he added he knew of no other command that was.

To a subsequent question of seizing Cuba, Donovan said, “The number of forces required, we have general ideas, but the focus right now is purely on securing Guantanamo Bay and the U.S. embassy to protect American personnel. That is the only facts and figures and planning we have underway at this time.”

As for Greenland and Denmark, NORTHCOM’s Gen. Guillot said, they both had been “very cooperative… very eager to discuss ways to move forward to improve our defense capabilities.”

He said, “We are pursuing with Denmark expansion on the defense areas which are allowed under the 1951 agreement…We don't really need a new treaty. It's very comprehensive and it and it's frankly very favorable to our operations or potential operations in Greenland.

One area Guillot mentioned was expanding “the [Greenland] defense areas from Pituffik Space Force Base, where we are now, into these other areas, which would help our homeland defense mission.”

He added that the Pentagon “challenges in the Arctic start with…ports and the ability to navigate freely through the harsh conditions of the Arctic both in maritime, land and air. So I'm working with our department and others to try to develop more [sea]ports, more airfields which leads to more options for our [Defense Department] secretary and for the President should we need them up in the Arctic…that is from Alaska all the way across through Canada and into Greenland.”

Guillot said he specifically wanted “the resources and the force projection capability along that avenue of approach to North America [from Russia], which you know through the Arctic is the shortest route. So therefore, in many ways our most vulnerable route. We're very well established in Canada and Alaska and having more capability along what I call the 2:00 [o’clock] approach would be key.”

He also said, referring to Trump’s Golden Dome missile defense proposal, “the ability to launch fighters and tankers to get be the first line of defense against cruise missiles that could be launched from the Arctic [part of Greenland].” Also, Guillot mentioned, “Port presence for our our Navy, which also gives us [logistic support for] Golden Dome and [therefore] ballistic missile defense capability.”

Trump apparently was never serious about seizing Greenland; his war on Western Hemisphere drug cartels is a work in progress, as is Venezuela, although the capture of Maduro was a well-carried out special operation.

Common to the above Trump actions has been surprise, and lack of preparing the public or Congress for what was going to take place.

Attacking Iran was and has become a much bigger and more dangerous move, and as we have seen -- again undertaken without preparing the public or Congress and in this case paying attention to its worldwide economic and diplomatic longer-term implications.

Trump will pay a domestic political price for Iran, but so will the U.S. when it comes to continued world leadership.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

When Deepfakes Become Doctrine

OPINION — Since U.S. and Israeli strikes began against Iranian military and nuclear infrastructure in late February, two wars have been running simultaneously. One is kinetic. The other involves something the world has not fully reckoned with: the systematic use of artificial intelligence to manufacture reality, at scale, in real time, during active armed conflict.

Within days of the opening strikes, AI-generated video of missile impacts on the USS Abraham Lincoln was spreading across TikTok. Fabricated footage of downed U.S. fighter jets circulated on Facebook and Instagram. Tehran Times published what appeared to be satellite imagery of a U.S. radar base in Qatar showing structural damage from the strikes. BBC Verify confirmed the image was AI-generated, built from genuine satellite data of a different location and manipulated using Google AI tools. None of it was real. All of it spread.

The social media intelligence firm Cyabra documented more than 145 million views of Iranian-linked disinformation content in under two weeks. The New York Times identified over 110 unique deepfakes promoting pro-Iran narratives in the same window. These are not the crude influence operations of a decade ago. They are the product of an adversary that has been building this capability methodically and has now deployed it at wartime scale.

Understanding why this matters requires a short detour through what Iranian propaganda actually used to look like.

During the Iran-Iraq War, Tehran’s media strategy relied on radio broadcasts and print. Its efforts to persuade Iraqi Shia populations to shift allegiances were largely unsuccessful. Limited reach, poor targeting, no feedback loop. During the 1991 Gulf War, Iraq’s disinformation was described by scholars as extreme exaggerations easily ridiculed in the Western press. Baghdad claimed it had shot down dozens of allied aircraft. The press verified it had not. That was the cycle.

The digital era brought sock puppets and recycled footage. These operations required significant human labor and were detectable with basic verification tools. An account posting video from the 2015 Syrian conflict while presenting it as something current could be caught by reverse image search in minutes. The barrier to debunking was low.

December 2023 marked the first real break. Iran’s IRGC-linked group Cotton Sandstorm hijacked streaming services in the UAE, UK, and Canada and broadcast a deepfake newscast. An AI-generated anchor delivered Tehran’s narrative on the Gaza conflict to viewers who believed they were watching legitimate news. Microsoft, analyzing the operation afterward, called it the “first Iranian influence operation where AI played a key component” and a “fast and significant expansion” of Iranian capabilities.

June 2025 accelerated the model. The European Digital Media Observatory documented the 12-day Israel-Iran conflict as “The First AI War,” the first time in a major conflict that more misinformation was created through generative AI than through traditional methods. The three most-viewed fake videos collectively amassed over 100 million views.

March 2026 builds on that precedent, at significantly greater scale, with meaningful tactical innovations added.

The first is coordinated architecture. Cyabra’s forensic analysis found tens of thousands of inauthentic accounts distributing identical AI-generated assets simultaneously across every major platform, with synchronized posting windows and coordinated hashtag clusters pointing to centralized production. And it became clear that a notable percentage of accounts amplifying the campaign were inauthentic. The content was not organic. It was engineered.

The second is what journalist Craig Silverman has called “forensic cosplay”: the fabrication of technical-looking verification tools designed to discredit authentic evidence. In one documented case, fabricated heatmap visualizations were deployed to label photographs taken by credentialed photojournalists at a strike site in eastern Tehran as AI-generated. AI forensics experts who reviewed the heatmaps found them semantically incoherent. The thread nonetheless reached hundreds of thousands of views before corrections could follow. In a second case, a fake “Empirical Research and Forecasting Institute” published fabricated Error Level Analysis of a New York Times photograph, conducting the analysis on a screenshot of an Instagram post rather than the original image. That methodological error renders the output meaningless. The false conclusion still attracted over 600,000 views on X.

This is a different category of operation from making false things look real. It is making real things look false. The verification infrastructure itself becomes the target.

The third element is the amplification model. Iran does not operate alone. The Foundation for Defense of Democracies documented what it calls an “authoritarian media playbook” in which Russian bot networks launder Iranian content while Chinese state-aligned media echoes anti-U.S. narratives. No centralized coordination is required. Each actor pursues its own anti-Western objectives, and the compounding effect across the global information environment far exceeds what any single actor could achieve independently. In June 2025, Cyabra documented an Iranian bot network in the UK that had been spreading pro-Scottish independence and anti-Brexit content. It went completely silent for sixteen days following the military strikes on Iran, then returned with explicitly pro-Iran messaging. State-directed, clearly. Deniable, carefully.

What is most consequential here is not the volume of Iranian deepfakes. It is the underlying strategic logic of what they are designed to accomplish.

Traditional propaganda is built to persuade audiences toward specific false beliefs. Iranian AI operations in this conflict appear calibrated to achieve something more durable: the destruction of the shared evidentiary foundation that makes accountability possible at all. When any image can plausibly be AI-generated, when forensic tools can be fabricated, and when platforms cannot distinguish authentic from synthetic at scale, the machinery of verification collapses. You do not need to win arguments about what happened. You only need audiences to conclude that nothing can be known.

Law scholars Danielle Citron and Robert Chesney named this the “Liar’s Dividend” in 2018: as deepfake awareness grows, actors gain the ability to dismiss genuine evidence as fabricated. Empirical research published in the American Political Science Review in 2025 confirmed the hypothesis. False claims of misinformation do generate statistically significant increases in public support for political actors facing accountability. This was largely centered on text-based scandals at the time, and with the dramatic improvements in synthetic images and video since that time, one can speculate that a similar effect plays out today on our screens. Iran has operationalized this principle. By circulating enough obviously synthetic content to seed generalized skepticism, it creates cover for dismissing authentic documentation of what actually occurred.

That logic runs in two directions at the same time. Abroad, Iran deploys deepfakes to project military capability and deny accountability for strikes it conducts. At home, the same operation insulates the regime from documentation of its own conduct toward its citizens. Internet connectivity in Iran fell to approximately one percent of normal levels by early March, per NetBlocks. That near blackout creates an information vacuum. Deepfakes and fabricated forensic analysis fill that vacuum while simultaneously rendering authentic protest documentation dismissible as synthetic. The regime does not need to suppress every image from the January crackdown. It only needs to ensure that any image is plausibly deniable.

At the same time, detection has not kept pace. Danny Citrinowicz, a senior researcher at Tel Aviv University’s Institute for National Security Studies, stated this January: “There is no ability today to systematically identify AI-driven influence campaigns.” Meta’s Oversight Board formally ruled its deepfake detection “not robust or comprehensive enough” for the velocity of misinformation during armed conflicts. The EU AI Act’s labeling requirements for AI-generated content do not become enforceable until August 2026. This conflict began months before that.

The U.S. is in the middle of restructuring how it organizes the counter-influence mission. The debate over the appropriate scope of that work (including concerns about whether some previous approaches crossed into domestic speech territory) has been sincere, and it crosses political lines. And the debate is important, as we navigate delicate issues that will test the boundaries of free speech. But the timing is important as well. A new institutional architecture for this important mission is still being designed. And Iran’s campaign is not pausing while the debates continue.

Wherever U.S. policy lands on the question of combatting disinformation and deepfakes, three things will be true about this conflict when it is eventually analyzed in full.

The primary strategic objective of Iran’s information campaign is epistemic disruption, the deliberate degradation of the audience’s capacity to form reliable beliefs, not persuasion toward specific false conclusions. That is a materially different problem from countering traditional propaganda, and it requires different institutional responses.

The Russia-China-Iran amplification model is a template, not an anomaly. Future conflicts involving any permutation of those actors, or their proxies, will employ variants of this architecture. Convergent anti-Western interests are sufficient to drive convergent behavior. Coordination is optional.

Detection tools are now themselves a weapons category. The fabrication of forensic verification tools to discredit authentic evidence represents a qualitative escalation. Provenance infrastructure, not detection algorithms alone, will be required to address it.

The gap between adversary capability and institutional response is real and measurable. Deepfake incidents through Q1 2025 had already exceeded all of 2024’s total. Bot traffic surpassed human web activity at 51 percent. The information environment is, in a measurable sense, majority-synthetic. Building the cognitive security architecture to operate in that environment is not a platform moderation problem. It is a national security imperative, and it deserves to be treated as one.

Views expressed here are the author’s alone and do not represent the positions or policies of the U.S. Government or the Central Intelligence Agency.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

NATO’s Fractures Are Not Its End

OPINION — For much of its history, the North Atlantic Treaty Organization (NATO) has been portrayed as a unified military bloc bound by common values and collective defense. In reality, NATO has always been closer to a pragmatic partnership, an alliance shaped as much by disagreement and national interests as by solidarity. While current headlines suggest an alliance on the brink, NATO’s history reveals that institutional friction is not a sign of failure, but the very mechanism of its adaptation.

Arguments over defense spending, doubts about American commitment, and diverging political priorities across the Atlantic are causing some leaders to question whether NATO is nearing its end. History suggests otherwise. NATO has repeatedly endured crises that appeared existential at the time, only to adapt and continue. Recent tensions are more likely an indicator that the alliance is continuing to evolve, moving away from a post-Cold War era of European reliance on American protection toward a more balanced, albeit tense, partnership necessitated by a volatile international environment.

The lesson is simple: NATO still has a role to play, but sustaining it will require renewed commitment and investment on both sides of the Atlantic. NATO’s endurance rests less on shared sentiment and more on the reality that, in an increasingly dangerous world, the cost of fragmentation far outweighs the burden of disagreement.

Europe’s Strategic Complacency

While NATO has historically utilized institutional friction as a mechanism for adaptation, the current era of Strategic Complacency presents a unique challenge to this pattern of survival. For decades following the Cold War, European allies operated under a security guarantor model, drastically shrinking defense budgets under the assumption of indefinite American protection. This was clearly illustrated by Sweden’s transition from a global air power to a scaled-down posture.

This reliance has not only diminished American patience but has resulted in a fragmented industrial base ill-equipped for the high-intensity conflicts exposed by the war in Ukraine. The pragmatic partnership described at the alliance's outset is now being tested by a critical gap: while the diplomatic victory of a 5% GDP spending target has been established, the actual pace of military modernization and investment continues to lag behind a rapidly deteriorating threat environment.

Washington has increasingly grown less interested in the alliance. Efforts to reshape defense commitments have been impacted by disputes with countries such as Poland (over the Nobel Prize), Denmark (over Greenland), and most recently President Trump’s comments on the lack of NATO support for Iran.

These tensions are not new. NATO defense spending has declined since the 1960s, throughout the Cold War. After the Soviet Union collapsed, many European states dramatically reduced their military capabilities. Even traditionally neutral countries followed this trend. Sweden, for example, once maintained the world 4th largest Air Force but gradually scaled down its defense posture.

The United States also adjusted its military spending over time affected by conflicts such as the Vietnam War and the Global War on Terror, but defense spending cuts stabilized around 3-4 percent of GDP. American pressure led allies to commit to an increase of each country's defense spending to 5%, but this victory was hard won.

An illprepared alliance

Security officials in several European countries, including Estonia and Sweden, warn that the threat environment is changing rapidly and that a confrontation with Russia could occur within the coming years. Such warnings have not yet translated into rapid military investment. Defense spending remains politically sensitive in many democracies, and elections could reverse recent commitments.

Perhaps more concerning than defense budgets is the slow pace of military adaptation. Recent conflicts have reshaped modern warfare through the widespread use of drones, autonomous systems, long-range missiles, and electronic warfare. Recent exercises between Ukraine and NATO forces shows that NATO is not learning and modernizing fast enough. Sweeping doctrinal reforms or procurement changes are needed, with less focus on traditional concepts or local manufacturing. While spending is the cornerstone of modernization, a mindset shift is arguably more critical.

NATO Has Faced Worse

If today’s disagreements appear alarming, they are far from unprecedented. NATO’s history is filled with crises that once seemed capable of breaking the alliance.

In 1952, NATO expanded to include two long-standing rivals: Türkiye and Greece. Their membership strengthened the alliance’s southern flank but did not resolve their tensions. Those tensions erupted during the Cyprus crisis of 1974, when a coup attempted to unite Cyprus with Greece. Türkiye responded with a military intervention. The crisis prompted Greece to withdraw from NATO’s integrated military command structure, though it remained politically within the alliance until returning in 1980.

Another major shock came during the 1956 Suez Crisis, when Britain and France launched a military operation against Egypt after the nationalization of the Suez Canal. The United States opposed the invasion and used economic and diplomatic pressure to force its allies to withdraw, exposing deep divisions within the alliance.

France further complicated NATO politics in 1966 when President Charles de Gaulle withdrew the country from NATO’s integrated military command, insisting on sovereignty over French forces. France did not fully reintegrate until 2009.

Later disputes emerged during the Vietnam War, which many European governments believed diverted American attention from Europe’s security. Another rupture came in 2003 when the U.S.-led invasion of Iraq divided the alliance politically, with Germany and France strongly opposing the operation.

Under the new administration the Greenland Crisis was the first time NATO saw a United States president threaten a NATO ally over land, and more diplomatic work is needed to regain trust. The war with Iran has shown a mixed reaction by NATO allies, ranging from tardiness, refusing US access to airforce bases, but also cautious support.

Signs of Renewal

Despite disagreements, there are reasons for cautious optimism.

The war in Ukraine has served as a wake-up call causing European governments to recognize that the strategic environment has changed. Europe relies heavily on American technology and industrial capacity, but defense spending across the continent is rising and several countries are rebuilding capabilities and innovation hubs.

To be clear, the NATO alliance is symbiotic: a strong, capable NATO benefits America as much as Europe. The NATO Secretary General provided a pragmatic assessment of this interdependence during his remarks at the World Economic Forum in Davos.

One possible indicator is the fact that NATO is expanding. Finland joined the alliance in 2023 after decades of neutrality, dramatically extending NATO’s border with Russia. Sweden’s problematic relationship with NATO did not prevent it from joining in 2024 after a lengthy political process, strengthening NATO’s northern flank.

Parallel Alliances

Europe is also exploring additional security arrangements alongside NATO.

The European Union’s President von der Leyen held a speech that described a more formal defense role for the Union, including deeper military coordination among member states. Regional partnerships are emerging. The Joint Expeditionary Force, including the United Kingdom, Netherlands and Nordic and Baltic countries, is designed to deploy forces rapidly during crises. Another potential is a Nordic Plus alliance, built around protection of Finland's eastern border.

Other alliances are created in the European hemisphere. Since 2010 Israel, Cyprus and Greece have entered an alliance that was reaffirmed in 2025, focused on joint Mediterranean security.

There are also discussions about expanding nuclear deterrence arrangements within Europe. Germany and France are exploring deeper cooperation, while Poland has expressed interest in hosting U.S. nuclear weapons as part of NATO’s deterrence framework.

The most capable potential partner is Ukraine. Years of intense warfare have produced the most experienced European Army, particularly in areas such as drone warfare and air defense, capable of supporting current US operations in the Middle East and potentially in the Pacific. In fact, Ukraine’s offer of air defense support has inspired foreign policy experts, namely Admiral (Retired) Mark Montgomery, to refer to them as a “Model Ally.”

A Durable Alliance

NATO’s history proves it is a 'pragmatic partnership' born of necessity, not a social club built on shared sentiment. Its future will not be defined by the absence of disagreement, but by the ability of its members to trade 'strategic complacency' for a balanced, symbiotic burden-sharing. If Europe can transition from a protected ward to a modernized, innovative partner—exemplified by the battle-hardened experience of new and potential allies like Sweden and Ukraine—the alliance will do what it has always done: outlast the crises that were meant to break it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Zelensky Plays His Hand

As Iran’s explosive-laden drones wreak havoc in the Persian Gulf and beyond, a wartime leader in another part of the world says he can help.

“What is happening around Iran today is not a faraway war for us because of the cooperation between Russia and Iran,” Ukrainian President Volodymyr Zelensky said in London last week. “And we do not believe we have the right to be indifferent.”

Zelensky has offered counter-drone weapons and technical knowledge to the U.S. and its allies in the Middle East and he has already dispatched more than 200 Ukrainian military experts to the region to help defend against Iran’s drone attacks.

“We are working with several other countries - agreements are already in place,” Zelensky said, noting that Ukraine’s counter-drone weapons were “far more cost effective” than the interceptors that Gulf states are using. “We do not want this terror of the Iranian regime against its neighbors to succeed.”

It’s a notable offer from a leader still fighting a war of his own. It’s also a logical and strategic play: Zelensky is seeking to leverage Ukraine’s hard-won expertise and defense capabilities to curry favor and get more support in return.

“The Ukrainians are offering to be part of the solution here,” Lt. Gen. Ben Hodges (Ret.), a former commander of U.S. Army Europe, told The Cipher Brief. “And it shows that the Russian narrative – that Russian victory is inevitable – is clearly not the case. If Ukraine is willing and able to export expertise and capability to help the Gulf states, that undermines the narrative that somehow the Ukrainians are on the verge of collapse.”

As the Iranian strikes continue – its drones hit critical oil infrastructure in three Gulf countries last week – some of the world’s richest nations are taking Ukraine up on its offer. It’s a turning of the tables that illustrates Ukraine’s evolution from battered nation to a defense technology juggernaut.

“It's a very generous offer from Ukraine to offer aid while they themselves remain under daily attack,” Kori Schake, Director of Foreign and Defense Policy at the American Enterprise Institute, told The Cipher Brief. “It's also a demonstration that Ukraine wants to contribute to the security of partner states and not just receive help.”

Iran’s drone war

While the U.S. and Israel say they have decimated Iran’s ballistic missile capability, Iranian drones continue to threaten U.S. military installations, Gulf oil facilities and critical shipping lanes.

Iran has launched more than 3,000 drones since the war began. Its Shahed drones were used in attacks on the U.S. embassies in Iraq and Saudi Arabia, and in a strike that killed six U.S. service members in Kuwait. Last week, Iranian drones damaged oil infrastructure in Qatar, Kuwait, Saudi Arabia and the United Arab Emirates, and struck two vessels in the Persian Gulf.

“They’ve hit oil and gas infrastructure, they’ve hit hotels, they’ve hit embassies, they went after a data center,” Stacie Pettyjohn, Director of the Defense Program at the Center for a New American Security, told The Cipher Brief. “They’re attacking the premise of these states’ economies, which are built on trying to attract investment and infrastructure to the region.”

Experts are divided as to how long Iran can sustain its drone operations. Prewar estimates of Iran’s drone arsenal ranged from several thousand to as many as 80,000. Gen. Dan Caine, chairman of the Joint Chiefs of Staff, told reporters on March 10 that Iranian launches of “one-way attack drones have decreased 83 percent since the beginning of the operation,” but analysts say that doesn’t mean the arsenal itself has been heavily degraded.

“Treating that change in behavior as evidence that Iran’s drone capacity has been destroyed risks creating a misleading picture of how much of the threat has actually been eliminated,” Kelly Grieco, a senior fellow with the Reimagining U.S. Grand Strategy Program at the Stimson Center recently wrote. She said the drop in cadence might reflect a “tactical recalibration,” during which Iran is stockpiling and strategizing for future attacks.

“Moscow is reportedly sharing with Tehran drone tactics developed in Ukraine, including coordinated routing strategies designed to evade air defenses, as well as overhead satellite imagery to improve targeting,” Grieco said. “Tehran could be using this time to learn, adapt, and refine its strategy and tactics.”

Whatever the case, it’s clear that Iran can cause havoc for the region and the global economy with even a low rate of drone strikes. And the economic advantages of Iran’s drone warfare are clear; a single Shahed-136 costs between $20,000 and $50,000, and while the U.S. and its allies in the region possess some of the world’s most sophisticated air defense technologies – in particular the THAAD and Patriot systems – those are expensive interceptors designed to take out ballistic missiles. A single Patriot PAC-3 MSE, which Persian Gulf states have used against Iran’s Shaheds, costs approximately $3.8 million.

“You absolutely do not want to be using a Patriot interceptor against a Shahed drone,” Lt. Gen. Hodges said. “The Patriot cannot be the only means of defending…You save your Patriot for a ballistic missile.”

Ukraine’s “Shahed-killer”

Since the early days of its full-scale war against Ukraine, Russia has used Iranian Shahed drones to devastating effect, and manufactured its own version of the Shahed with Iranian help. Russia often launches hundreds of these drones at Ukrainian territory in a single day.

The necessity to survive has sparked Ukraine’s rapid pace of military innovation – including the development of an unparalleled ability to counter Shahed drones. Ukraine now produces a range of systems that have knocked Shaheds out of the sky at a high rate, and are much cheaper than other missile interceptors; many of the Ukrainian models cost between $1,000 and $2,000 apiece.

“Innovation happens when militaries have urgent problems to solve,” the AEI’s Schake said. “Ukraine is fighting for its life, and they've done a brilliant job of developing a domestic defense industry when we failed to give them weapons of the abilities and numbers they need. We're lagging behind because we haven't directed our defense industry with urgency.”

There are more than a dozen Ukrainian counter-drone systems, including the Merops, a high-end model funded in part by former Google CEO Eric Schmidt that includes AI-driven autonomy and comes at a higher price than the others – $15,000, still vastly cheaper than a Patriot missile.

“They’re just different ways of shooting drones out of the sky that are cheaper than the really expensive missiles,” Pettyjohn said of the Ukraine-made interceptors. “And they all afford you protection.”

Perhaps the best-known of these systems is the “Sting” interceptor drone, developed by the Ukrainian manufacturer Wild Hornets. The Sting is a high-speed FPV interceptor drone designed specifically to hunt and destroy the Shaheds in flight, and it has earned a reputation embedded in its nickname: “Shahed-killer.”

“They're working incredibly well in Ukraine, where the adaptation cycle is measured in weeks, which speaks to their great value,” Schake said. “As high-end U.S. air defenses begin to get scarce, they'll be incredibly valuable.”

Ukraine plays its card

As President Zelensky understands more than most, this isn’t just about Ukraine showing off its successful innovation; the Iran war has handed his country a strategic opportunity – a chance to showcase and leverage a suddenly in-demand technology in its relations with the U.S. countries in the Middle East.

One week into the war, Reuters reported that the U.S. and Qatar were in early-stage talks to acquire Ukrainian interceptor drones as a cheap alternative to its Patriot missiles. Another Ukrainian delegation traveled to Abu Dhabi, and Zelensky confirmed that the U.S. had asked Kyiv for "specific support" to defend against Shahed strikes against American targets in the Middle East.

“I have instructed that the necessary resources be provided and that Ukrainian specialists be present to ensure the necessary security," Zelensky said of the Qatar arrangement. He also proposed swapping Ukrainian interceptor drones for U.S. Patriots — which Kyiv has been running critically short of for months.

The U.S. interest in Ukraine’s interceptors predates the war with Iran. In late February, Pentagon officials visited Kyiv to study Ukraine’s counter-drone operations. Brig. Gen. Matt Ross, director of Joint Interagency Task Force 401, said the aim was to learn from Ukraine’s experience in beating back the Shaheds. “I did it to understand the TTPs — the tactics, techniques and procedures that they’re employing very effectively,” Ross said.

Meanwhile, Axios reported that Zelensky had offered its drone interceptors to President Trump last August – in a White House presentation that included a map of the Middle East and a suggestion that Ukraine and the U.S. collaborate to create "drone combat hubs" in Turkey, Jordan and the Persian Gulf states. The Trump administration reportedly dismissed the offer.

"Somebody decided not to buy it," an unnamed U.S. official told Axios. "If there's a tactical error or a mistake we made leading up to this [war in Iran], this was it" the official said.

A White House spokesperson dismissed that criticism, referring to the unnamed sources as “outside looking in”, adding that "Iranian retaliatory attacks are down by 90% because their ballistic missile capabilities are being totally demolished."

A strategic win for Kyiv?

Now, as Ukrainian technology and experts arrive in the Middle East, Zelensky is trying to take maximal advantage of the moment.

Beyond pitching the value of the Sting and other Ukraine-made interceptors, he has highlighted Russia’s aid to Iran – calling the two countries “brothers in hatred” – and warned that as the war in the Middle East strains U.S. missile supplies, that may create problems for Ukraine’s defense against Russia.

For all these reasons, Zelensky has asked for financial compensation and technological help from the U.S. and others in exchange for sharing Ukraine’s expertise.

“The Trump administration has been very transactional on how it approaches a lot of different countries,” Pettyjohn said. “For Ukraine, having something that the U.S. wants instead of just being a recipient and always asking for support, is an important step, and a way to show that there’s value that can flow back…They can use [the drone interceptors] as a bargaining chip to fill in some other types of support that are more critical.”

One year ago, Zelensky endured an Oval Office lecture from President Trump, including the now-infamous admonition: “You don’t have the cards.”

Last week in Kyiv, as Zelensky was pitching his drone defense technology, a journalist asked him, “Do you think Ukraine has the cards now?”

“Now everyone understands, we have them,” Zelensky replied. “It’s a good feeling. This is thanks to our soldiers, our talented people, and the many industries that we have developed since the start of the war. We have reached a high level now.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Europe’s Strategic Complacency

An illprepared alliance

NATO Has Faced Worse

Signs of Renewal

Parallel Alliances

A Durable Alliance

Back to top