The Cipher Brief

Welcome to The Iron Triangle, the Cipher Brief column serving Procurement Officers tasked with buying the future, Investors funding the next generation of defense technology, and the Policy Wonks analyzing its impact on the global order.

COLUMN/EXPERT PERSPECTIVE — This issue explores the massive, simultaneous shifts in Counter-Unmanned Aerial Systems (C-UAS) authorities, funding, and technological requirements. Pentagon Procurement Officers are realizing that the drone market is evolving so rapidly that buying isolated, legacy C-UAS systems is a strategic liability. Policy wonks are watching the fundamental shift in legal and operational frameworks governing domestic and military airspace from a defensive, heavily restricted posture to a proactive one. For investors, the recent shifts mean there are unprecedented market opportunities driven by hard deadlines.

For Procurement Officers: The Death of Standalone Electronic Warfare

Traditional technologies such as Electronic Warfare (EW) aren’t going to do the job. In complex or urban environments, traditional EW suffers several technical challenges (multipath propagation, electromagnetic clutter) and is dangerous (interfering with civilian emergency channels). Furthermore, EW probably won’t work against modern drones. Many are increasingly equipped with tech that enables autonomous operation, often without RF emissions, rendering simple jamming useless.

Because of varying rules of engagement and collateral damage risks, C-UAS must be a spectrum of responses. This includes non-kinetic (cyber interference, GNSS spoofing) and kinetic (directed-energy, interceptors) options seamlessly controlled by a single architecture. Everything from detection and airspace deconfliction, to UAS defeat must be fast, precise, and integrated. No pressure.

Teaming between multiple complementary defense technology companies should be highly encouraged, if not required, to reduce or remove the burden of innovation from the government client. Procurement can then pivot to integrated, end-to-end architectures. No single vendor can create a system able to counter the entirety of today’s threats, much less the threats that emerge before your next sam.gov solicitation can get published. Shifting toward rapid procurement mechanisms and away from long-term, winner-take-all contracts will help quickly replace any technologies that fail to perform as advertised.

Do you have deep experience in national security and something to say? Drop us a note at info@thecipherbrief.com.

For Policy Wonks: The Bureaucratic Shackles Are Off

The Department of War's (DoW) December 2025 policy lets commanders go lethal fast. The policy represents a massive culture shift, explicitly empowering commanders to extend defensive actions beyond the physical fence line of military installations. Redundant engagement zones have been simplified into just Zones 1 and 2, giving wider decision-making space based on the totality of circumstances rather than overly prescriptive engagement criteria that would otherwise delay responses and increase risk.

Executive actions have recognized that the UAS threat is no longer a foreign battlefield problem; it is a homeland security crisis driven by cartels smuggling fentanyl, criminals surveilling law enforcement, and foreign actors targeting critical infrastructure.

To combat this, the White House has mandated the FAA to provide automated, real-time access to personal identifying information associated with UAS remote identification signals to both federal and local agencies, breaking down long-standing privacy and jurisdictional silos. Yes, the government is watching you, Mr. UAS pilot.

For Investors: A Massive, Time-Sensitive Market Expansion

There are multiple, complementary catalysts for C-UAS spending, representing a windfall of opportunities for viable technologies.

The White House has mandated that federal grant programs be opened up to allow State, Local, Tribal, and Territorial agencies to purchase UAS detection and tracking equipment. This instantly expands the C-UAS customer base beyond the Pentagon to thousands of local police departments and municipal governments.

The federal government is establishing a National Training Center for Counter-UAS specifically to build capacity for major upcoming events like the 2026 FIFA World Cup and the 2028 Summer Olympics.

On the military side, the DoW is not waiting for an incident; they have mandated that installation commanders issue new, aggressive installation-specific operating procedures within 60 days, forcing immediate assessments of vulnerabilities and driving urgent procurement.

Investment firms should hire due diligence teams who know what they’re looking at. Defense technology companies aren’t usually being purposefully deceptive about their solution’s efficacy; they are convinced they can make it work like their pitch decks claim. Finally, be sure your due diligence team sees the technology perform before the boss wires the money.

Conclusion

The unrestricted C-UAS era has arrived, and the "Iron Triangle" of procurement, policy, and investment must move in lockstep to meet it. With the Department of War slashing bureaucratic red tape and the White House opening federal coffers to local agencies, the market is no longer just expanding, it’s exploding (pun intended). Whether you are a commander securing a base or an investor vetting the next interceptor, the mandate is to move fast, integrate everything, and prioritize results over pitch decks. Success in this new landscape requires a proactive posture and a healthy dose of skepticism toward standalone solutions.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Where crime and terror meet: Australia’s illicit tobacco market

OPINION – The unearthing of IRGC’s involvement in Australia’s firebombing incidents in 2025 has subsequently brought into question - the extent by which overseas terrorist groups and Australian domestic organized crime are in sinister collaboration. Although the firebombings occurred in 2025, the facilitation of terrorist financing by the efforts of criminal proceeds have long been understood. With illicit tobacco being a staple and incredibly lucrative commodity in the Australian criminal underworld, spurred by the nation’s expensive excise tax, its profound role in terrorist financing is a pressing issue for Australia to further investigate, especially in light of the IRGC discovery.

From late 2024, Australia experienced a series of arson attacks against Jewish-affiliated enterprises, of which two were linked to the IRGC by the Australian Security Intelligence Organization (ASIO) in August 2025. The first incident involved a firebomb attack on the Lewis Continental Kitchen in Sydney in October 2024 coordinated by Sayed Mohammad Moosawi, a former chief of the Nomads motorcycle gang. The second incident involved a firebomb attack on Adass Israel Synagogue in December 2024, which resulted in over $20 million in damages.

In response, ASIO head Mike Burgess pinned the attacks on the IRGC, attesting that the group utilized proxies to operationalize these attacks. Previously, the IRGC has been listed as a terrorist entity by other Western states, namely Canada and the United States. While the attacks did not ultimately result in terrorism charges in Australia, the IRGC’s involvement would shed light on the looming crime-terror nexus, the symbiotic relationship between terrorism and organized crime that is festering in the nation. Understanding this interplay of crime and terror is crucial for counterterrorism efforts in Australia to proactively deter the future threat of terrorism on their soil.

In recent years, the illicit tobacco market has been a rampant issue in Australia, with an economy of approximately $10 billion annually. The market is propagated by the nation’s expensive excise tax on tobacco which compels users to turn to illegal avenues to procure the commodity, ultimately driving the lucrative underground market even further. At A$1.49 per 0.8 gram stick, increased in September 2025 or A$40, or US$26 for a pack of 20 cigarettes, the prices of tobacco is exorbitant compared to other Western countries such as Canada at an excise duty rate of CAD$0.19 per stick and an “average” pack costing between CAD$15.36 to $19.75 as of April 2025. In addition to an estimated loss of $7 billion in excise revenue, this illicit market is known to facilitate terrorist financing operations, being listed as a substantial financier to offshore terrorist groups by the Australia Criminal Intelligence Commission (ACIC). In relation to the firebombing attacks, the discovered crime-terror ties is a warning for Australian stakeholders to address the nation’s excise tax policy which would, in turn, strategically cripple terrorist financing.

Further linkage between illicit tobacco and terrorist financing has been discovered by Australian authorities. Prior to the two firebomb attacks between 2024 and 2025, Australia had already been experiencing a long string of firebomb attacks, linked to illicit tobacco kingpin, Kazem “Kaz” Hamad. Hamad, who was deported from Australia to Iraq in 2023, was believed to be involved with 150 arson attacks targeting tobacco shops across Melbourne. Notably, he was linked to the arson attack on the Lux nightclub in November 2024 where perpetrators of the incident drove a blue Volkswagen Golf. According to a joint report by the Australia Federal Police (AFP), the ASIO, and the Victoria Police, the same vehicle was allegedly used in the Adass Israel synagogue firebombing and a shooting in Bundoora, both of which happened on the same night. Given this linkage, the IRGC may be a key benefactor to the Hamad’s affluent illicit tobacco trade while members of his criminal network will commit violence to appease this overseas client of theirs. By leveraging these networks, the IRGC can employ an outsourcing approach to inflict damage on adversaries while maintaining a guise of plausible deniability.

The IRGC’s methodology, which is a form of hybrid, or asymmetrical, warfare, is a staple in the organization’s playbook which has been observed before in its plan to attack targets in Sri Lanka and the United States in 2024. The IRGC utilized drug trafficker Farhad Shakeri, who held a strong network of organized criminals in both Sri Lanka and the U.S. Shakeri planned to use his criminal contacts to bomb the Israel consulate in Colombo and Arugam Bay, assassinate Israeli tourists in both locations, and also assassinate President Donald Trump in the U.S simultaneously during the first anniversary of Hamas’ 7 October 2023 attack on Israel. However, his plans were later thwarted by law enforcement and intelligence communities of both Sri Lanka and the U.S.

Following the discovery of the IRGC involvement, the Albanese government removed the Iranian ambassador from the country along with the suspension of its embassy in August 2025 while finally listing the IRGC as a terrorist entity. Operationally, this new designation may bolster the Five Eyes’ information sharing with Australia while granting the nation a legal framework to pursue terrorism charges against IRGC-affiliated activity. Additionally, Australia has ramped up its law enforcement efforts to dismantle the illicit tobacco market. New sets of laws have been implemented in 2025 by Queensland and New South Wales to tackle illicit tobacco operations along with drug busts such as in Operation Xray Modred which led to the seizure of approximately $53.8 million worth of tobacco across 17 different storage facilities. The operation is regarded as one of the largest busts in Queensland history. Overall, Australia’s stringent measures and due diligence in crippling the illicit tobacco market demonstrates its strong commitment to reduce criminality and terrorism alike.

However, while enforcement efforts are effective, it is paramount for Australia to consider policy changes to tobacco excise to not only reduce user dependence on illegal sources but cull domestic terrorist financing operations. One policy option that has been discussed by the nation’s largest tobacco wholesalers was to temporarily freeze the increase in tobacco prices. Doing so would create a window for government and law enforcement to deliberate on viable solutions while preventing the situation from worsening. Reduction of excise may lead to complications such as a potential drop in fiscal budget. However, given the tremendous loss of revenue due to the black market as discussed, conversion of illegitimate users to legitimate users as a result of improved policy may create fiscal opportunities for the Australian government instead.

Moreover, preventing tobacco use may contribute to the reduction of the illicit market which does not require touching excise tax. Through a whole-of-society approach such as anti-tobacco education or promotion of healthy lifestyles, Australia may minimize the demand for illegitimate procurement of the product, thus inadvertently mitigating the terrorist financing problem.

Conclusion

The IRGC’s asymmetrical operations in the Australian firebombing incidents emphasize the ever-present need for counterterrorism and national security stakeholders to employ criminological perspectives to unravel the crime-terror nexus. It must be understood that terrorism does not begin with an attack, but rather an established logistical and financial foundation before that. Given organized crime groups’ vast access to lucrative contraband such as illicit tobacco in the case of Australia, terrorist organizations will utilize them for financing opportunities. Given this, restricting distribution of illicit markets will result in considerable mileage in counterterrorism efforts. As crime and terror become a conjoined threat, law enforcement and national security efforts must be just as, if not more, collectivized to counteract them. Australia must not only rely on domestic enforcement efforts and foreign policy decisions to cripple the capability of nefarious actors, but also curb the demand for the rampant illicit tobacco market by changing to its excise tax policies and discouraging product usage. By accomplishing this, the nation can remain optimistic as it positions itself to strategically fight against both crime and terrorism.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Revisionist History – Aliens, Secrets and Conspiracies

OPINION – Over a decade ago, I was a public official and was at one of our commission meetings on the coast of California. A fellow commissioner and I decided to take a long lunchtime walk along the coast. As we chatted, we realized we had both worked on several of the same very classified programs. His involvement was in acquisition and finance, while mine was more deeply connected to the engineering development of the project and hands-on with the operators on site.

We Got Our Advanced Technology From Aliens
While we both were discreet about not talking about specifics, we recognized the projects we had worked on. So you can imagine my surprise when he turned to me and casually said, “You know this technology came from aliens.” I laughed, thinking that obviously he must be joking. But as we continued walking he continued on, claiming, “You know the equipment you worked on and stuff that followed came from our secret alien investigation site at Wright Patterson Air Force Base. All we did was reverse engineer Alien technology.” This time I stopped in my tracks and looked at him to see if he was smiling. I was puzzled as he looked dead serious. He explained that there was no possible way we could be doing what we were doing using existing technology. Before I changed the subject I asked him how he knew this, he replied with absolute sincerity, “I was head of acquisition on the program. I was briefed on the project. That’s what they told us and they swore us to secrecy.“

I really didn’t know how to process this. He was really a smart and level-headed guy. In fact he was the mayor at the time of Rancho Palos Verde. It took me a mile or two into our walk to rethink everything I knew about the project (even then it had been in decades past), including having sat with a few of the engineers (some strange, but not aliens) as they were designing the system (with me trying to keep up with the revised blueprints in document control), and then watching the system being built and assembled. While it had required incredibly creative engineering, and applying technology on a scale so massive no commercial company could afford it, this system was built by smart people with no aliens involved. But he was equally convinced they were. Over our time together on the commission we took more walks, had lots more to talk about, but we never broached the subject again.

Every once in a while, for the next few years, I puzzled on how he could have been so sure of something that I was sure was completely wrong.

We Did Tell Them It Was Aliens
Fast forward 15 years, and my world view of that conversation was upended when I read in the Wall Street Journal that the Department of Defense had been running a disinformation campaign, briefing finance and acquisition people that the technology for these classified programs was coming from aliens. (Take a minute and read the article.)

All of a sudden our coast-side conversation from a decade and a half ago made sense to me. Most of our most compartmentalized programs have different levels of what was called “need to know.” I never paid much attention as I was read all the way into the technical and operational details of these programs. I vaguely knew that others got fewer details, but as I was just discovering, others had received active disinformation. In a few cases, security officers were even using fake photos and documents to create the Alien cover-story for secret-weapons programs.

It turns out my fellow commissioner had been briefed by the U.S. government that it was Aliens, and he went to his grave believing it so.

Are you going to believe me or your lying eyes?
What’s interesting is what happened after the news came out that the Alien story was government disinformation. A large percentage of people who were briefed, now “doubled down” and believed “we got the technology from Aliens” even more strongly – believing the new information itself was a coverup. Many dismissed the facts by prioritizing how they felt over reality, something we often see in political or religious contexts. (“Are you going to believe me or your lying eyes?”)

I wondered how my friend would have reacted.

Secrecy, Disinformation, and a Higher Power
While on its face this is an amusing story about secrecy, it’s really about the intersection of the secrecy’s impact on society and its role in misinformation, manipulation, the creation of cynicism and mistrust, and our need to believe in a higher power.

Manipulation
An example of secrecy used for manipulation in the 20th century was when the National Security Agency Venona project unmasked Soviet spies in the U.S. Even though this was one of the nation’s most secret programs, the FBI leaked its findings to Joe McCarthy and Richard Nixon. They used this classified knowledge to manipulate the American public, fueling McCarthyism and Richard Nixon’s career. 50 years later, when Venona was made public historians substantively revised the history of U.S. Cold War politics.

In the 21st century Social Media misinformation (e.g. Chinese and Russian influence campaigns, Qanon conspiracies) will look like toys next to the AI-driven manipulation that’s about to come.

Cynicism and mistrust
Secrecy created 75 years of cynicism and mistrust, when the U.S. began launching highly classified reconnaissance balloons (story here), and later the U-2 and SR-71 spy planes. These top secret projects gave rise to decades of UFO sightings. Instead of acknowledging these sightings were from classified military projects the Department of Defense issued cover stories (“you saw weather balloons”) that weren’t believable.

Governments and companies have always kept secrets and used misinformation and manipulation. However, things stay secret way too long – for many reasons – some reasonable (we’re still using the same methods – reconnaissance technology, tradecraft, or, it would harm people still alive – retired spies, etc) or not so reasonable (we broke U.S. or international laws – COINTELPRO, or it would embarrass us or our allies – Kennedy assassination, or the Epstein files).

Secrecy increases the odds of conspiracy beliefs. Because evidence can’t be checked, contradictions can’t be audited, a government “cover-up” becomes a plausible explanation. People don’t tolerate “I don’t know” for long when stakes are high (stolen elections, identity, national crises, the meaning of life, or what happens when we die). That vacuum gets filled by the most emotionally satisfying model: a hidden “higher power” concealing information and controlling events.

Summary
Just as social media replaced traditional news sources, AI-driven summaries of current events are likely to replace our understanding of the world around us. What happens to trust when AI manipulates human’s tendency to embrace conspiracy theories? Who will define the truth in the brave new world?

And by the way, I’m still pretty sure we didn’t get it from Aliens.

This piece was originally published by Steve Blank here.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Who's reading this? 500K+ dedicated national security professionals. Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

Why Russia’s War Effort Signals Strategic Decline

OPINION — “Despite claims of battlefield momentum in Ukraine, the data shows that Russia is paying an extraordinary price for minimal gains and is in decline as a major power. Since February 2022, Russian forces have suffered nearly 1.2 million casualties, more losses than any major power in any war since World War II…After seizing the initiative in 2024, Russian forces have advanced at an average rate of between 15 and 70 meters per day in their most prominent offensives, slower than almost any major offensive campaign in any war in the last century. Meanwhile, Russia’s war economy is under mounting strain, with manufacturing declining, slowing growth of 0.6 percent in 2025, and no globally competitive technology firms to help drive long-term productivity.”

That’s a quote from Russia’s Grinding War in Ukraine, a Center for Strategic and International Studies (CSIS) analysis brief by Seth G. Jones and Riley McCabe, released January 27, which says that “a close look at the data suggests that Russia is hardly winning [its war against Ukraine],” and, even more interestingly, that “Russia is increasingly a declining power.”

Jones, President of CSIS’ Defense and Security Department, and McCabe, Associate Fellow in CSIS’, Warfare, Irregular Threats, and Terrorism Program, not only assess that “Russia’s overall progress on the battlefield, especially in the last two years, fall decisively short of Moscow’s goal to militarily conquer Ukraine,” but also that “Russia’s economy is showing signs of strain, and long-term productivity looks bleak.”

Let’s start with the Jones/McCabe analysis of the military situation and below look at their view of Moscow’s economic situation.

While saying assessing casualties and fatalities in wartime is difficult and imprecise, and various sides have incentives to inflate or shrink the numbers for political purposes, Jones/McCabe write that “According to CSIS estimates, Russian forces suffered nearly 1.2 million battlefield casualties, which include killed, wounded, and missing, between February 2022 and December 2025…There were roughly 415,000 Russian casualties in 2025 alone, with an average of nearly 35,000 casualties per month. In addition, there were roughly 275,000 to 325,000 Russian battlefield fatalities between February 2022 and December 2025.”

Compared to the past, the CSIS analysis showed, “Russian battlefield fatalities in Ukraine are more than 17 times greater than Soviet fatalities in Afghanistan during the 1980s, 11 times greater than during Russia’s First and Second Chechen Wars in the 1990s and 2000s, respectively, and over five times greater than all Russian and Soviet wars combined since World War II.”

The CSIS team attributes the high Russian casualties and fatalities to such things as “Russia’s failure to effectively conduct combined arms and joint warfare, poor tactics and training, corruption, low morale, and Ukraine’s effective defense-in-depth strategy in a war that favors the defense.”

Specifically the CSIS analysis says, “Russia’s attrition strategy has accepted the costs of high casualties in hopes of eventually wearing down Ukraine’s military and society. On the battlefield, Russia has utilized dismounted infantry to wear down and attrit Ukrainian lines, along with small first-person view (FPV) drones, artillery, glide bombs, and other stand-off weapons. Russian units have routinely conducted advances using small squads of troops, often poorly trained, that are supported by armored vehicles or light mobility vehicles. Higher Russian headquarters frequently order these forces to advance toward Ukrainian positions to conduct reconnaissance by drawing fire. If Ukrainian positions are positively identified, Russian soldiers may be sent forward to attack positions, which are further mapped and then targeted with artillery, FPV drones, and glide bombs. These tactics have led to high fatalities and casualties.”

The Ukraine side is also given credit for “their defense-in-depth strategy in a war that has largely favored the defender. Ukraine has used trenches, dragon’s teeth (anti-tank obstacles), mines, and other barriers—along with artillery and drones—to attrit advancing Russian soldiers and vehicles. The eastern front line, for instance, continues to be saturated with drones. As a result, vehicle movement is difficult within 15 kilometers of the front line. Infantry soldiers must instead march to their positions for 10 to 15 kilometers.”

One result has been Russia’s slow rate of advance. According to the CSIS analysis, “Russia’s gains since it took the initiative in January 2024 are far smaller than the large territorial shifts seen earlier in the war. At the peak of the initial invasion in March 2022, Russian forces seized roughly 115,000 square kilometers in less than five weeks, but by April 2022, Ukraine had retaken more than 35,000 square kilometers. By November 2022, Ukraine had retaken approximately 75,000 square kilometers, including through successful counteroffensives around [the Ukraine cities] Kharkiv and Kherson.”

Although the Russian economy has held up better than expected following U.S. and other Western country sanctions imposed after Russia’s invasion of Ukraine in February 2022, strain on its economy is starting to show.

The CSIS analysis says, “In 2025, Russian manufacturing declined at its fastest rate since March 2022, with contractions in output and new orders, a rising labor shortage, and a decrease in input buying.Overall, Russian manufacturing suffered seven consecutive months of contraction in 2025, with production levels declining for ten consecutive months. In addition, consumer demand weakened and inflation was high.”

Jone/McCabe write there is also a labor crunch, a drop in oil revenues with lower global prices, with 2025 economic growth slowing to 0.6 percent, while the International Monetary Fund estimates that Russia’s growth would remain slow, at 0.8 percent, in 2026.

The CSIS team also says Russia faces a capital problem. Unable to borrow on international markets, the Kremlin has borrowed at home and raised taxes to finance the Ukraine war. Roughly half its budget is spent on the armed forces, the military-industrial complex, domestic security, and debt service.

“While the war sustains jobs and industrial activity,” the CSIS team says, “it produces few lasting assets or productivity gains. Higher taxes burden the civilian economy, which is already suffering from double-digit interest rates and significant labor shortages. Tank factories are working overtime, but automobile producers have cut shifts.” Ammunition, uniforms, and fortifications contribute to current GDP, but they do not improve long-term welfare or capital formation.

According to Jones/McCabe, “Russia also faces one of the most severe demographic challenges among major economies, with a shrinking and aging population, low birth rate, high mortality rate (especially among working-age men), and high rate of emigration among skilled workers.”

One example where the CSIS analysis finds Russia falling behind is in Artificial Intelligence (AI). It points out that Russian President Vladimir Putin once predicted, “Artificial intelligence is the future not only of Russia but of all of mankind. . . . Whoever becomes the leader in this sphere will become the ruler of the world.”But it then states, “Russia today is a bottom-tier AI power. It ranks 28 of 36 countries in the overall strength and development of its AI ecosystem—or AI ‘vibrancy’ -- according to Stanford University. The top-performing Russian AI model trails even older iterations of OpenAI’s ChatGPT and Google’s Gemini.”

Even worse, not a single Russian company is among the top 100 technology companies in the world by market capitalization, while the U.S. leads the pack.

As for the space race, where Russia was once a leader, Roscosmos, the state corporation in charge of the Russian space program, carried out only 17 orbital launches in 2025, according to the CSIS analysis. That compares to 193 U.S. orbital launches and 92 by China. Russia’s space industry also suffered an accident in December 2025 that caused severe damage to the launch pad Russia uses for sending astronauts and cargo to the International Space Station. In addition, a 2018 Soyuz rocket carrying two astronauts failed as it headed to space; the emergency abort system carried the two to safety.

There has also been a decline inside Russia in popular support inside Russia for the war. According to polls cited by CSIS, in May 2023, 57 percent of Russians believed that most people in their inner social circle supported the war, compared to 39 percent who opposed the war. By October 2025, 55 percent of Russians in their inner social circle opposed the war, compared to 45 who supported the war.

All thi, however, has not appeared to have affected Putin, who, according to the Jones.McCabe analysis “remains undeterred by the high casualty and fatality rates, and Russia’s economic downturn is unlikely to bring the Kremlin to the negotiating table—at least on terms that would be acceptable to Ukraine or Europe.” They say, “Putin may be willing to accept the high casualty and fatality numbers because most of these soldiers are from such regions as the Far East and North Caucasus—and not politically vital areas for him, such as Moscow and St. Petersburg.”

In addition, the Jones/McCabe analysis finds, “President Putin and the Russian government have been adept in conducting an aggressive disinformation campaign that has convinced some policymakers, including in Washington, that Russian victory is inevitable, despite substantial evidence to the contrary.”

The CSIS team attributes that to Russia having “boosted its funding for state-run media in 2026 by roughly 54 percent, indicating a commitment to intensified information warfare. The Kremlin’s propaganda machine is designed to sustain domestic support for the regime and its war against Ukraine, as well as to convince key foreign audiences that the war has been successful and needs to continue.”

Building the Talent Pipeline for America’s Security Future

OPINION – Public service, at its core, is bigger than government service alone. Serving one’s country takes many forms, and in a time when the federal workforce is shrinking, recognizing the breadth of these opportunities is critical.

In my roles as an adjunct at Texas A&M’s Bush School, an alumni council member at the University of Denver’s Korbel School, and a contributing alumnus at the University of Southern California’s Global Policy Institute, I find myself fielding an increasing number of students who are grappling with how to navigate the future.

We have been here before. After the Cold War, the so-called “peace dividend” led to reductions across government, yet the need for talented, dedicated individuals remained. Today, too, the demand is high, and the pool of students and young professionals aspiring to serve their country is deep. The three universities that have invested in me also continue to invest in carving paths for students to serve in a wide range of roles.

Government itself is the most traditional route. Agencies may be smaller than in the past, yet as the senior generation transitions out, opportunities abound. Indeed, a cursory look reveals many are hiring. Working at the state and local level opens the aperture even wider; I worked for the state of Colorado and interned for the state of California well before I landed at the CIA.

Teaching, at any level, is an invaluable public service. Educators cultivate the next generation of thinkers, leaders, and professionals, shaping civic knowledge and analytic capacity that are foundational to democratic governance and national security. By equipping students with “deeper learning,” such as reasoning, problem-solving, and even persistence, teachers cultivate civic-mindedness and ensure that public service endures across generations.

Nonprofits also play a vital role. Whether focused on development, security, human rights, environmental protection, or public health, these organizations employ millions of people to perform roles that neither the market nor the government can fulfill. Serving in the nonprofit sector often requires ingenuity, resourcefulness, and a commitment to mission-driven work—traits that translate well into national security challenges.

International organizations provide a global platform for public service. From the United Nations to regional alliances, these institutions facilitate cooperation, conflict resolution, humanitarian response, and development programs. Working in such settings develops core skills, including diplomacy, cross-cultural communication, and policy expertise, all of which are transferable to domestic roles.

Think tanks offer another avenue for impactful service. Analysts and researchers at these institutions produce rigorous, evidence-based insights that influence government policy, public debate, and strategic planning, particularly in national security and foreign affairs. Think tanks combine scholarship with real-world impact, allowing professionals to shape the discourse on pressing issues.

Industry provides opportunities that are increasingly essential to national security. Since joining Leidos as a Director and Account Manager in our Intelligence Sector, I have been humbled by colleagues who dedicate their careers to advancing technology and capabilities that the government cannot, and should not, develop on its own. Furthermore, public-private partnerships are critical to maintaining US technological and security advantages.

Multiple Attributes Open the Way

Our emerging professionals should cultivate a combination of skills, knowledge, and character to pave the way for any of these careers. Excellence, deep expertise, and technology acumen are pillars, particularly as workplace challenges grow more complex and technologically driven. While opinions vary on the most critical traits for young professionals entering public service, I have consistently found a core set of skills and behaviors that open doors to careers. I call them the Five Cs.

Critical Thinking is perhaps the most foundational skill. Critical thinking is learnable, and educational research shows that structured analysis and disciplined writing are among the most effective ways to develop it. A well-reasoned, well-substantiated paper forces the author to evaluate evidence, challenge assumptions, and construct persuasive arguments—exactly the habits that public service demands.

Communication, both written and oral, is inseparable from professional effectiveness. Studies consistently demonstrate that strong communication skills correlate with leadership, policy influence, and organizational success.13 Today, AI tools can assist with drafting, but understanding what makes communication compelling remains a human responsibility—one that requires being able to explain why something works, not merely that it does.

Creativity enables professionals to solve novel and ill-structured problems. Research on innovation in public organizations shows that creative thinking improves adaptability and problem-solving in complex environments, including national security contexts. Future public servants can nurture creativity through interdisciplinary exposure, experimentation, and tolerance for intellectual risk.

Curiosity drives learning, adaptability, and sustained professional growth. Educational and cognitive research links curiosity to deeper knowledge acquisition, improved performance, and long-term expertise development. In a field defined by evolving threats, curiosity is not optional—it is a professional obligation.

Collaboration is essential in environments where no single individual or institution holds all the answers. Organizational research consistently shows that collaborative teams outperform individuals when addressing complex, high-stakes problems. Collaboration transforms individual competence into collective effectiveness, a cornerstone of public service.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Cognitive Battlefield is Now Decisive Terrain

OPINION -- Senior policymakers, military leaders, technologists and narrative strategists had one thing on their minds as they gathered in a Reston conference room last week - how decision advantage, psychological leverage, and narrative dominance are increasingly capable of determining strategic outcomes. Cognitive warfare - once treated as an adjunct to cyber or information operations - is becoming a primary instrument of power and the implications are profound.

Clausewitz wrote that the center of gravity in war is the source of an adversary’s strength. In today’s environment, that center of gravity is increasingly ideological and psychological. Unity and will - both domestic and allied - are strategic assets. Information is not merely a supporting function. It’s a weapon.

The contest unfolding in the gray zone is fundamentally about narrative. Not propaganda in the blunt Cold War sense, but sustained, cumulative influence campaigns that shape how populations interpret reality. These efforts operate across media, social platforms, text messaging networks, gaming environments, and increasingly, AI-driven platforms.

Subtle Corrosion Beats Spectacular Attack

One of the most important insights shared last week centered on the cycle of desensitization. Consider the steady drumbeat of cyber intrusions attributed to China or Russia. Each incident sparks temporary outrage, but repetition normalizes the activity. Over time, the public and sometimes policymakers, stop reacting. Strategic corrosion sets in.

This is cognitive attrition. It does not rely on a single catastrophic blow. Instead, it leverages small, atmospheric messages that accumulate. A fabricated report of a measles outbreak in Ukraine, spread via text messages. Repeated claims that Western institutions are corrupt or incompetent. False narratives injected into local conversations. Individually trivial. Collectively transformative.

The cumulative effect resembles what some participants described as a “cognitive supply chain”- disinformation introduced through multiple channels, actors, and devices over time, reinforcing itself until it feels like truth. In this environment, the question is not simply whether a narrative is false. It is whether the repetition of that narrative alters perception faster than truth can catch up.

If traditional principles of war emphasize mass and maneuver, today’s information battlefield demands speed, scale, and persistence. Speed, because narratives form quickly and harden fast. Scale, because digital transport layers allow messages to reach millions instantly. Persistence, because influence is cumulative. It rewards actors willing to repeat, reinforce, and adapt.

Military leaders are increasingly recognizing that communications is not a peripheral function, it is a commander’s business. Every action or inaction is an information operation. Tone, repetition, and secondary amplification matter as much as initial statements. And dominating that narrative requires dominating the transport layers that carry it. That includes terrestrial networks, undersea cables, satellite infrastructure, and increasingly, space-based assets. Space is not peripheral to information warfare; it is foundational.

Another critical component to consider is that of attribution. In the cyber domain, attackers benefit from ambiguity. If malicious actors can hide behind plausible deniability or if governments can shield them, deterrence collapses. Credible attribution raises costs. It narrows safe havens. It signals resolve.

Some countries are beginning to codify this posture. Latvia, for example, has criminalized election-related fake news and deepfakes, recognizing that information manipulation is not abstract speech but a direct threat to democratic integrity. The United States faces a harder question: are our legal and institutional structures optimized for cognitive deterrence? Or are they still calibrated for a previous era of warfare?

The Rise of Agentic Systems

If the cognitive domain is decisive, technology will be central.

The next frontier is not simply artificial intelligence, but agentic architecture - systems capable of augmenting commander decision-making in real time. The goal is not automation for its own sake. It is better recommendations. Faster synthesis. Clearer visibility.

Architecture matters and open, modular systems are essential. Black boxes are strategically dangerous. Defense institutions need plug-and-play capabilities that allow integration of new tools as threats evolve.

Reliability, not feature proliferation, should guide procurement – think more Amazon.com rather than bespoke. Outcome-based acquisition must replace programmatic inertia. A culture of velocity must supplant a culture of compliance.

In Afghanistan, smaller, foreign terrorist organizations were easier to degrade than deeply embedded, locally rooted movements like the Taliban. Structure mattered. Networks with widespread local integration were far more resilient. The same principle applies to narrative ecosystems. Loosely connected but culturally embedded influence networks are harder to disrupt than centralized propaganda hubs.

If adversaries build durable cognitive infrastructure across diaspora communities, digital platforms, and local influencers, countering them requires more than takedowns. It requires building alternative narratives and actions with comparable persistence and legitimacy. Cognitive advantage requires a network of networks approach (think private-public), operating at the intersections of shared security interests.

Cultural Terrain Is Strategic Terrain

Perhaps the most underappreciated shift in today’s information environment is cultural. Gaming now plays a role similar to Hollywood’s influence after World War II. Streaming platforms dominate storytelling. Media consumption patterns are fragmented and algorithmically curated. Stories remain, as one speaker observed, “the fuel of the human soul.”

For decades, institutions like Voice of America succeeded because audiences sought out American content. The positive narrative of opportunity and possibility carried weight. In today’s environment, focusing solely on countering adversaries may be insufficient. Affirmative narratives about democratic resilience, economic opportunity, and alliance strength remain strategic assets. If the center of gravity is ideological, then cultural confidence is not soft power. It is core power.

None of this is executable without human capital. Building a cognitive arsenal requires building a cognitive workforce - professionals who are fluent in AI, media ecosystems, psychology, geospatial intelligence, and policy. Upskilling is not optional. Institutions must cultivate interdisciplinary talent capable of integrating technology and narrative strategy. They must also accelerate collaboration across government, private sector, and research institutions. And Government is looking to the private sector for training, skill development, and use of advanced technology, methods and applications. The adversary does not operate in stovepipes. Neither can we.

The most important question raised at that conference in Reston may have been the simplest: Are we structured to enact our own strategy?

The United States possesses extraordinary technological and intellectual advantages. But advantages unrealized are advantages lost. If cognitive warfare is indeed the new frontier of power, then institutional adaptation- not incremental reform - will determine success. Speed, modularity, reliable attribution, cultural fluency, and decision-centric AI must move from theory to practice. Because in this domain, the battlefield is not a distant theater. It is perception itself. And perception, once shifted, is far harder to reclaim than territory.

The Pinnacle Conference was hosted by The Information Professionals Association, The National Center for Narrative Intelligence and The Cipher Brief at the Carahsoft Conference & Collaboration Center

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Killing Mencho

CIPHER BRIEF REPORTING — Exactly who tracked El Mencho, the world’s most wanted and feared drug lord, to a heavily armed safe house in a remote Sierra Madre town is a secret, for now. The Mexican government has revealed only that its air force and special forces commandos descended on a safe house in the quaint Sierra Madre town of Tapalpa early yesterday, encountered gunfire and returned it, killing four cartel gunmen.

El Mencho, whose real name is Nemesio Rubén Oseguera Cervantes, is the 59-year-old founder and leader of the Cartel de Jalisco Nueva Generación (CJNG). Oseguera was wounded in the exchange of gunfire, loaded onto a Mexican military aircraft and flown to Mexico City. According to officials, he didn’t survive the flight.

Officials announced that they seized “various weapons and armored vehicles… including rocket launchers capable of shooting down aircraft and destroying armored vehicles” as a result of the raid. Such heavy military-grade weapons don’t just materialize without somebody knowing about them. A lot of people, in fact. Who sold them to Mencho’s paramilitary organization? Where did they originate? Are there others? Officials won’t have the opportunity to interrogate Oseguera about the influential people who were on his payroll as he grew his ultra-violent cartel into a global powerhouse.

But according to DEA intelligence, his cartel is worth billions and has a presence in all 50 American states and 40 countries. Some American agents believe the Mexican government never wanted to take him alive. In fact, for most of his career, as he was consolidating his power, Mexican leaders have told the U.S. that their forces were unable to find and arrest him. What changed? Experts believe at least two things.

First, Mexican leaders finally got fed up with El Mencho’s blood-soaked reign. “The CJNG was public enemy number one” for President Claudia Sheinbaum’s administration, Michael Chavarria, formerly the Drug Enforcement Administration’s senior leader in Guadalajara, the Mexican cartels’ original base of operations, told The Cipher Brief. “It’s the one cartel out of favor with President Claudia Sheinbaum, especially as it was responsible for the attempt on the life of Security Secretary Omar Garcia Harfuch, just prior to Sheinbaum’s election.”

Garcia Harfuch, an aggressive, outspoken crime-fighter considered to be Mexico’s second most powerful official, survived a cartel assassination attempt in 2020, when he was Mexico City’s police chief. He became the CJNG’s implacable nemesis.

Second, under pressure from President Donald Trump and the U.S. Congress, Sheinbaum and other top officials started collaborating openly with the U.S. military and intelligence community, an unthinkable event just a few years ago. But that changed with the election of Donald Trump.

The U.S. Navy’s Seal Team 2 arrived in Mexico around Feb. 16, ostensibly for a training exercise with Mexican military counterparts aimed at interdicting Chinese shipments of chemical precursors used to make the deadly opioid fentanyl, which has killed hundreds of thousands of Americans. The timing is noteworthy. According to U.S. officials, Navy SEALs trained elite Mexican navy special forces units that captured, among others, infamous drug kingpins Joaquin “El Chapo” Guzman in 2016 and Rafael Caro Quintero in 2022.

For those operations and many others, DEA agents posted to Mexico and along the border provided intelligence gleaned from scores of paid informants recruited over decades. Many operations failed, apparently because they were compromised, but enough succeeded to convince President Trump, who declared drug trafficking and illegal migration top national security threats, to order the CIA and other U.S. intelligence agencies to step up their intelligence collections aimed at the Mexican underworld. The CIA reportedly added more drone surveillance flights over the border region as a result.

But sharing intelligence with the Mexican government has always been a fraught enterprise. Some plans were slow walked. For others, operational security was compromised by corruption at every level of the Mexican government. Sheinbaum’s predecessor, leftist Andrés Manuel López Obrador, openly disdained U.S. anti-drug efforts and famously said he would treat the crime cartels with “hugs, not bullets.”

“The CJNG established a nation-wide network of corrupt alliances among federal, state, and local police and regional military – sufficient to afford them a degree of protection,” Chavarria told us. The DEA had recruited plenty of human sources inside Mexico over the decades, but agents complained. The problem was getting the Mexican government to use that intelligence to take action against key cartel lieutenants.

Do you have deep experience in national security and something to say? Drop us a note at info@thecipherbrief.com.

In December 2024, as the CJNG’s power inside Mexico and around the world expanded precipitously, the Biden administration raised the reward for El Mencho from $10 million to $15 million.

As soon as he took office for the second time, Trump designated the CJNG and other Mexican cartels as foreign terrorist organizations. Trump himself repeatedly pressed Sheinbaum to allow the U.S. military to mount anti-cartel operations deep in Mexican territory. She always refused. Trump and her team were warned that such incursions would inflame Mexican politicians and likely backfire, damaging Sheinbaum’s ability to work with the U.S.

The compromise seems to have been that all boots visible on the ground and all triggers pulled would be strictly Mexican, while, behind the scenes, U.S. law enforcement, military and intelligence community personnel would provide “intelligence support,” as White House spokesperson Karoline Leavitt posted yesterday on X.

Even though El Mencho has been declared dead, U.S. security experts say the war on the cartels is not even close to being over.

“He died like a dog,” Rep. Dan Crenshaw, R-Tex., a Navy SEAL veteran who has led Congressional anti-cartel initiatives, posted on X yesterday. “Cause for celebration – absolutely - but not a victory lap. Now, more than ever, it is critical to keep the pressure on the Mexican cartels.”

DEA veterans say that El Mencho will be quickly replaced by one of his key lieutenants, probably his stepson, Juan Carlos Valencia Gonzalez, 41, known as El R-3, El JP, Tricky Tres or simply 03. He inherits narco DNA, not just from Mencho, a farm boy-turned-enforcer but, even more importantly from the Valencia clan, who are narco royalty.

“El Mencho married into the Valencia family, taking Rosalinda Gonzalez Valencia as his wife,” says Chavarria, an expert on the Valencias and author of the book Junior, about a DEA penetration of the cartels. “This is a common practice among drug trafficking families – designed to solidify loyalty and to protect against betrayal. Narco intermarriages were and are regularly encountered in Mexico’s underworld.”

“The operation against Mencho is more about cracking the idea that powerful cartel leaders operate with impunity than bringing about the downfall of a cartel,” says Carlos Olivo, formerly DEA’s agent in charge in Guadalajara and assistant agent in charge in the key border city of El Paso. “Mencho had near absolute control in that area of Jalisco and for that to be penetrated and successful shows us that a willing partner can indeed turn the tide in Mexico,” he told The Cipher Brief.

Olivo, an ex-Marine who led a DEA team hunting Mencho until recently and is now writing a book about the CJNG, warns that taking down the kingpin and his successors is “just one pillar. Corrupt politicians and banking and business sectors must be next.”

With the stakes in the billions and powerful, respected families involved in the country’s politics, banking and business sectors, and cleaning up Mexico’s institutions will take more than firepower and good intelligence.

“For us Americans, reality won’t change,” says Chavarria. “Same drugs coming across, because of our demand. Same violence in Mexico. Wash, rinse, repeat. It is a small skirmish victory in a prolonged drug war. There will be more Menchos. On a positive note, however, no kingpin can last forever. They can run but they cannot escape their eventuality. Kingpins fall.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Tracing the Evolution of Russian Hybrid Warfare

KREMLIN FILES/ANALYSIS: Russia’s full-scale invasion of Ukraine in February 2022 did not emerge from a strategic vacuum. It was the culmination of over a decade of experimentation in hybrid warfare, and of increasingly rigid assumptions inside Russia’s intelligence services.

From Crimea and the Donbas in 2014, through Syria and a series of covert and deniable operations across Europe and the Middle East, Moscow refined a model of conflict built on scripted roles for its security services and their proxies. Yet the same intelligence culture that enabled early gains with hybrid war in Georgia, Ukraine and elsewhere, also fostered deeply flawed prognostications about the utility of force and Russia’s ability to project power.

This is the second in a two-part series on Russian gray zone, or hybrid warfare. In the first article, Wiswesser analyzes the evolution of hybrid warfare and its practice in the decades leading up to Russia’s intervention in Ukraine in 2014.

Russia’s errors ultimately propelled it into a catastrophic all-out war in Ukraine in 2022. This article, which continues a study of Russia’s path to and through the Gray Zone, argues that tracing the evolution of Russian hybrid warfare through the lens of its intelligence services and their miscalculation is not merely an exercise in post-mortem analysis but a critical step toward more effectively deterring future Russian aggression.

With the intervention in Ukraine in 2014, Russia’s so-called “non-contact” or gray warfare doctrine had its first major operational test for Russia, marking it’s most significant use of hybrid warfare. From their perspective, the Russian intelligence services (RIS) and its military succeeded in stunting the actions of Europe and the U.S. when Russia took large portions of the Donbas and Crimea utilizing “little green men." These were Russian GRU (military intelligence elite units), other Russian military units, and intelligence proxies acting in the interests of the state.

For Russian strategists, non-contact war was effective, and these conflicts laid the groundwork for the planning of Putin’s siloviki and “organs” of power—the FSB, GRU, and Russian Armed Forces - for a much larger invasion of Ukraine just 8 years later. Studying the run-up to Russia’s full-scale invasion in 2022, and its hybrid war plan, can help better prepare NATO for the subsequent potential Russian aggression against the Baltics or elsewhere.

2014-2015: Donbas, Crimea, and Syria

In the second decade of this century, as Russia’s debates over non-contact warfare continued within its military and intelligence agencies, planning started to counter what Russia viewed as undue influence from the West in the Caucasus, Central Asia, and most notably, Ukraine. It was the latter that Russia and Putin always considered unfinished business. Russian planners—initially a small group of Kremlin Siloviki and their staff from various ministries—were aware that their military was not prepared for a full-scale war with NATO and the West. Nevertheless, Moscow believed they controlled the narrative and that gaps in reforms of their military and air force could be offset by the RIS conducting sabotage, subversion, cyber warfare, and recruiting key defectors within the Ukrainian government.

The Ukraine interventions and insurgencies of 2014 carried out by Russia in the Donbas and Crimea were classic non-contact operations using reflexive control and malicious influence through the media. Russia’s narrative was circulated among sympathetic European politicians and elsewhere. The story of little green men and whether they “were or weren’t Russian troops” was propagated through active measures. This and other false stories about supposed Ukrainian fascism and atrocities gained significant traction, especially within Central Asian countries and among Russia’s allies. The narrative effectively prevented any unified response by the West and Europe until the occupation of Crimea and large parts of the Donbas became a fait accompli. For Russia, it was a major success.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

At the same time, with a major deployment to Syria to support and back President Assad, the Russian Aerospace Forces (renamed the VKS in 2015) gained valuable experience for its combat squadrons. In Syria, they practiced precision strikes, a key part of non-contact warfare, and demonstrated greater precision (than in Georgia) in the use of air power during strikes. Additionally, in Syria, RIS units like GRU Spetsnaz conducted operations embedded with various factions and partners on the ground.

This deployment gained momentum on the heels of the 2014 Ukrainian operations. It was a classic blend of gray zone operations between intelligence and military units. Syria was also seen as a chance for Russia to bleed green units in preparation for larger wars to come.

In Africa during this same period, Putin’s former cook, then an oligarch, Yevgenniy Prigozhin, used the Wagner Group, a private army, to prop up regimes friendly to Russia. Wagner was one of dozens of private military companies, also known as non-state actors, that Russia was using and continues to use to achieve strategic aims. They acted as mercenaries to repress citizens and dissent, intervening as henchmen for hire across Africa.

Still, there was one overarching strategic goal that Putin and all his services focused on—Ukraine. For Russia and its intelligence services in particular, Ukraine remained unfinished business.

Ukraine War Plans: Prepping the Battlefield

As Russia prepared in the years leading up to the full-scale invasion in 2022, it relied on its version of hybrid warfare, its doctrine of non-contact warfare, and all that it involved: active measures, cyber operations, and efforts to influence the media through reflexive control. In planning, they aimed to combine these measures with a limited air campaign and a significant ground invasion that appeared sufficient on paper but lacked professional soldiers, trained units, and the crucial 3-to-1 (or more) force ratio needed to succeed against Ukraine’s professional military.

Russia’s thinking was enabled by and reinforced from decades of theory on non-contact war, their successes in both Georgia and Ukraine in 2014, and their belief they could pull off an occupation of and complete overthrow of the democratic government of Ukraine. Faulty prognostications by the RIS made Putin sure it would all work.

In the lead-up to the Ukraine invasion in 2022, all three of Russia's main intelligence agencies—the FSB, SVR, and GRU—played prominent roles in Putin's planning and execution of the invasion. These agencies always viewed Ukraine and other former Soviet republics, which they call the “near abroad,” as extensions of Russia. The RIS never accepted its independence and couldn't see Ukraine, in particular, as a separate nation.

The FSB, despite primarily being an internal agency, played an outsized role in planning the "special military operation"—the term they later used to describe the full invasion of Ukraine. The FSB Fifth Service was responsible for “operational information” and was prominent in both 2014 and the invasion eight years later. As the main source of intelligence analysis for President Putin, the FSB Fifth Service provided him with a steady flow of inaccurate reports, which he readily accepted. Many of those same FSB officers were infamously reported in the Russian blogosphere as having “picked out their apartments" in Kyiv before the invasion.

The FSB believed Russia could win in Ukraine. To weaken the battlefield, the FSB used influence operations across Russian-language and international media, working alongside their SVR/GRU colleagues. They were confident it could be effective because, to some extent, they succeeded in 2014 in muddying the waters about the nature of that conflict and how the international community should respond (or unfortunately, not). The West and NATO appeared hesitant to act and were unprepared. For the RIS, they thought it was a "win" they could replicate.

The FSB planned a continuation of these tactics in 2022, aiming to confuse the international focus long enough to ensure a quick victory and regime change in Ukraine. U.S. intelligence sharing and increased NATO awareness thwarted this, at least in part. The Foreign Service (the SVR) supplemented these active measures with its own networks of cooperative journalists, corrupt parties or politicians abroad, and what the SVR calls "useful idiots," whom it could employ as witting or unwitting accomplices to help spread the Russian narrative.

Some experts in the West bought into this narrative, commenting across many media outlets on Russia’s “overwhelming force ratios” along the main axes of advance. Western generals and experts echoed Moscow’s position, repeatedly stating that “unfortunately, Ukraine can’t win.” Early in the war, Russian messaging worked in its favor once again.

Russia’s Military/Intelligence Failures in Ukraine

After practicing Russian military maneuvers in “Zapad” (West in Russian) exercises for several years, in early 2022, Zapad 2022 became the cover for the gathering of forces for the full-scale invasion. But this time, the West—Europe and the U.S.-- were better prepared. U.S. intelligence was shared directly with NATO and Ukraine. Ukraine was readied, and Russia was put on notice that it would not succeed in another gray war followed by an invasion.

This time, and unlike many negative predictions even in the West, the Ukrainians would fight, and Russia would bleed. When the Russians were forced to fight, they fought terribly, incompetently, and it has cost them over a million casualties as the war neared its fourth year.

There are important lessons to learn from Russia’s numerous failures in its operations in Ukraine. This article mainly focuses on intelligence services and hybrid warfare. For the Russian army, however, the widespread use of conscripts and their poor integration into battalion tactical groups with “kontraktniki” (contract soldiers) meant the BTGs were largely effective only on paper. Huge convoys showcasing significant “force ratios” were intended to intimidate Ukraine. Still, their equipment was not ready for combat deployment (for example, the many stories of underinflated tires and trucks running out of gas). The Russian Aerospace Forces lacked sufficient combat-trained pilots with the necessary experience in air campaigns to sustain a prolonged engagement.

For the intelligence services, Ukraine would starkly reveal their shortcomings. Russian Military Intelligence, the GRU planned for substantial roles in what they thought would be a quick victory in 2022. GRU Spetsnaz, or special operations units, were used in the 2022 invasion to a fault, thrown into frontal assaults for which these (claimed) elite elements were not designed. They became cannon fodder literally when the Russian battalion tactical groups (BTGs) could not carry out their planned roles.

Along with other infamous units, the GRU’s Unit 29155 distinguished itself with assassinations and attempted ones, not only in Ukraine but across Europe. They were also behind the 2018 attack on defector Sergey Skripal. But most of their early operations, including attempts allegedly to carry out a fast coup to overthrow President Zelensky, failed. RIS hit squads and teams from the GRU and FSB were sent in to stage what they planned as a coup, following an airborne assault--which also failed--at Hostomel airport outside Kyiv.

Other such operations in the Donbas were thwarted by Ukrainian intelligence. There were special operations units from the FSB deployed throughout Ukraine, including their teams "Alpha" and "Vympel." These FSB units and others were particularly active in the occupied East. Their crimes, including assassinations of local Ukrainian leaders, atrocities against civilians, and torture, are well documented and continue to the present.

The FSB, SVR, and GRU all promised Putin and his planners that they could conduct successful cyber operations to stun and disrupt the Ukrainian response in early 2022. These attacks were blunted primarily by the Ukrainians' own cyber defense capabilities and by early intelligence warnings from the West about the invasion. One example of attempted but failed Russian gray-zone ops is the FSB's Center 16, which is broadly responsible for signals intelligence and intercept operations.

Center 16 hires criminal hackers for the state, an example again of non-state actors (NSAs). The FSB and other RIS units believed they could bring Ukraine to its knees with heavy cyber attacks on the government, and that these NSAs could play a significant role, including Russian organized crime groups. The planned cyber and criminal-assisted coup against Ukraine, like the broader invasion, failed. The RIS's predictions of success were again overly optimistic.

Conclusions: New Gray Zone War Without End

Since 2022, the Ukrainians have fought heroically and successfully defended their nation. Western support has played a key role, and that support should continue. But studying why Russia thought it could win and their doctrine and experience on the same, is key for our country and our allies preparing for the next war.

Understanding the basis for the 2022 invasion, which includes Russia’s doctrine and history, is crucial. Russian war plans relied on the same concepts developed by figures like Sliphchenko, Gareev, and Chief of Staff Valeriy Gerasimov regarding non-contact warfare (as detailed in the first article of this series): a permanent front engaged in information warfare, sabotage, and other actions just below the threshold of actual war.

In the West, we should study our Russian adversaries in their own language, their military writings, culture, and traditions, so we can better counter them. Herein lie the lessons of Russian non-contact warfare, their understanding of hybrid tactics, and why they believed they could win—and still do. These lessons are critically important to prevent the next aggression by Russia. A recent study by the Center for European Analysis highlights that Russia’s strategy involves constant escalation against Europe and the U.S.

A Russian victory—or even a frozen conflict on Moscow’s terms—would validate a decade-long experiment in revisionism by stealth and force. It would signal to allies and adversaries alike that escalation works, that borders are negotiable, and that democratic societies lack the endurance to defend the order they claim to lead. Helping Ukraine prevail is therefore not an act of charity or sentiment; it is a strategic necessity.

For the United States and its allies, the lesson is clear. Supporting Ukraine through to a just and durable outcome is inseparable from preparing for the next evolution of the Russian gray zone. That means investing in deterrence across domains, hardening democratic institutions against subversion, confronting malign influence early rather than episodically, and abandoning the illusion that stability can be purchased through restraint. A nation founded on the belief that freedom is an inalienable right cannot afford strategic ambiguity about whether it will defend those who fight for the same principle.

The gray zone is already contested terrain. The question is not whether conflict will continue, but whether the West is prepared to meet it with clarity, resolve, and the will to win.

---------

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Alliances, Ukraine, and China’s Growing Challenge

EXPERT Q&A — Evelyn Farkas has spent decades working at the center of U.S. national security and transatlantic defense policy. A former Deputy Assistant Secretary of Defense for Russia, Ukraine, and Eurasia, she now serves as Executive Director of the McCain Institute, where she focuses on strengthening democratic alliances and confronting authoritarian threats.

Farkas spoke with The Cipher Brief’s Suzanne Kelly from the Munich Security Conference, where global leaders gathered amid continued war in Ukraine, uncertainty about U.S. commitments abroad, and growing concern over China’s long-term ambitions.

Below are highlights from the conversation, lightly edited for length and clarity.

OUR INTERVIEW

Kelly: With everything going on right now from the Middle East to Ukraine to technology and AI and how that’s going to impact global security overall, what is top of mind for you there in Munich?

Farkas: I think it’s the state of the transatlantic alliance and then beyond that really all U.S. alliances. For me, that’s the thing that matters most. And I think that’s what Europeans and others, even those outside of Europe, especially our Asian allies, are going to be listening for. Are we still united?

Kelly: Secretary Marco Rubio is expected to deliver a message here. What are you hoping to hear from him?

Farkas: I’m hoping he gives a speech more like the one Secretary Gates gave when he was exhorting Europeans to do more to carry the burden of our collective defense. Obviously now it’s urgent. Russia is conducting kinetic attacks on European territory every week. Europeans need to step up.

But beyond that, I hope he reasserts the U.S. commitment to the alliance because it’s in the U.S. interest. It undergirds our way of life, our democracy, our security, and our economic prosperity.

Kelly: Are you seeing any shift in how Europeans are thinking about the alliance?

Farkas: I think there’s a bifurcation. The working-level cooperation is still happening. We’re all working together, whether in government or out.

But at the same time, Europeans are much more distrustful of America. They’re not sure whether they can rely on us, and they don’t understand why our president has taken an approach that has at times been quite hostile rhetorically toward the allies.

Kelly: How are you thinking about the Russia-Ukraine war from Munich?

Farkas: Everything depends on us getting this right, meaning the world community. The Ukrainians are fighting and will continue to fight. They have won this war strategically—it’s just a question of when and at what cost.

Russia cannot conquer and rule Ukraine. They’re weak economically and politically. Their military machine is being squeezed and needs to be squeezed more.

We need increased sanctions on Russia, but we also need to sanction China more because China is allowing Russia to continue the war, not just by buying oil but by providing technological dual-use capabilities.

Kelly: How is Europe thinking about China?

Farkas: I’m a little bit concerned. The Japanese have taken a very strong approach. They’re maintaining deterrence and not pretending they share values with China.

But in Europe, we’re seeing leaders travel to Beijing and hedge. Europeans need to be careful because China is not their friend. China will eat their lunch in a minute, and China is not a democracy. You don’t want to be aligned with that kind of government.

Kelly: Looking ahead, what are the most critical issues to get right now?

Farkas: The most important thing is helping Ukraine bring the message home to the Russian elite and the Russian people that they cannot win militarily and that Ukraine will maintain its sovereignty.

Deterring China is equally important. China is pushing the envelope, and we need to maintain our strength against both adversaries.

Kelly: Final thoughts?

Farkas: We must help Ukraine win and maintain sovereignty, and we must deter China. Those are the defining strategic challenges right now.

Read more expert insights into national security in The Cipher Brief. And find out more about The Cipher Brief HONORS Awards happening March 13 in Washington D.C.

Washington’s Venezuelan Gamble: The Old Guard’s Continued Grip on Power

DEEP DIVE — More than six weeks after United States special forces extracted Nicolás Maduro from Caracas, Venezuela remains under the control of the same intelligence apparatus that ran the regime’s torture networks. Acting President Delcy Rodríguez, who oversaw the feared Bolivarian intelligence service under Maduro, now negotiates sanctions relief with Washington while security hardliners who detained political prisoners coordinate their release.

For much of the U.S. intelligence community, however, it is not about whether Venezuela’s system can be repaired, but rather whether the Trump administration has enough leverage to prevent the old guard from rebranding.

Rather than triggering immediate elections as Venezuelan law requires, the Supreme Court declared Maduro’s capture a temporary absence, allowing Rodríguez to govern indefinitely without a popular mandate.

“The regime used a legal mechanism to maintain institutional control while avoiding an immediate electoral process,” Mauricio Vaquero, country coordinator for María Corina Machado’s Vente Venezuela party in Colombia, tells The Cipher Brief. “The Supreme Court decided she would assume as interim president, but a Chavista Supreme Court, not the democratic legal one.”

In other words, the same loyalist judges who helped Maduro stay in power are now using constitutional loopholes to keep his inner circle in charge.

The Intelligence Network Remains Intact

The security apparatus that sustained Maduro’s authoritarian rule continues operating largely unchanged. Interior Minister Diosdado Cabello, still wanted by American authorities on a $25 million bounty for narco-terrorism charges, controls Venezuela’s coercive forces and armed collectives. His role in coordinating political prisoner releases illustrates the paradox of the current transition.

Foro Penal, Venezuela’s leading human rights organization that has provided pro bono legal assistance to victims of arbitrary detention since 2002, estimates that approximately 711 political prisoners are detained as of mid-February. Releases often come with severe restrictions. When opposition politician Juan Pablo Guanipa was freed on February 8 after eight months of detention, armed men abducted him hours later. He is now under house arrest with an ankle monitor.

“They were released, they reunited with their families, until the enlightened stupidity of some politicians led them to believe they could do whatever they wanted and stir up trouble in the country,” Cabello stated after Guanipa’s re-arrest.

Luis Bustos, the Bogotá-based spokesperson for the Venezuelan opposition party Primero Justicia, tells The Cipher Brief that his party alone has 61 members imprisoned as political prisoners.

“There is still a high risk of getting arrested if authorities are aware that you are happy about the situation,” Bustos continues.

In Caracas and popular zones, armed collectives demonstrate the regime’s ability to maintain social control outside of formal state structures.

“After Maduro’s arrest, a circular went out saying that opposition supporters would be captured and obviously alluding to actions of justice by these groups,” Vaquero insists. “So repression itself has not diminished, not in a constant way, not in a sustainable way.”

Elections: A Constitutional Impossibility

Venezuelan opposition figures and Washington officials increasingly acknowledge that legitimate elections cannot take place in the near term. The electoral system’s corruption under Chavismo extends beyond fraudulent vote counting to fundamental issues of voter registry manipulation and military involvement.

“This government put deceased people to vote,” Vaquero claims. “This government gave identity cards indiscriminately to Cubans, to Russians, to Chinese, to people from FARC, to people from ELN.”

María Corina Machado, the Nobel Peace Prize laureate leading Venezuela’s unified opposition, estimated in early February that transparent elections using manual voting could take place within 9 to 10 months. However, National Assembly President Jorge Rodríguez, Delcy’s brother and key regime interlocutor with Washington, ruled out elections in the near future, citing the need for stabilization.

White House Press Secretary Karoline Leavitt has echoed the administration’s reluctance to commit to an electoral timeline. When pressed on when elections might be held, Leavitt stated: “It’s too premature and too early to dictate a timetable for elections in Venezuela right now.” She emphasized that the administration has “maximum leverage over the interim authorities in Venezuela,” and that “their decisions are going to continue to be dictated by the United States of America.”

The constitutional framework technically allows Acting President Rodríguez to serve 90 days, with a possible ninety-day extension if approved by the Chavista-controlled National Assembly. Temporary absence provisions, however, are interpreted creatively by the Supreme Court, which effectively eliminates any firm deadlines.

A U.S. intelligence official focused on Latin America issues, speaking on background to The Cipher Brief, estimates that credible elections extend well beyond constitutional requirements. The source highlights that comprehensive electoral reform requires dismantling power structures that are still firmly entrenched.

Bustos also underscores that elections might realistically occur as early as next year.

“We need first of all to get a country more stable,” he says. “We need to put our institutions on stronger foundations.”

Without functioning democratic institutions, independent electoral authorities, or international oversight mechanisms in place, any rushed election would ratify the status quo. Under current conditions, elections would not be free or fair because the regime controls voters’ registries and ballots. As long as the same power structure is still in place, cosmetic reforms cannot address this fundamental barrier.

Leverage and Limitations

Despite these obstacles, the Trump administration can drive genuine change by maintaining pressure through its military presence and negotiations over sanctions relief. It appears, however, that the regime is trying to outlast Washington’s attention by complying tactically with American demands while maintaining fundamental power structures.

Paola Salazar, director for Medellín and Antioquia state at Colombia’s government migration agency, Migración Colombia, tells The Cipher Brief that pendular migratory flows between Colombia and Venezuela have remained stable since January 3, suggesting Venezuelans are not yet convinced conditions have fundamentally changed.

Moreover, Alejandro Méndez Hernández, a Venezuelan community organizer in Bogotá, tells The Cipher Brief that trust is still absent, hence migrants are not returning despite Maduro’s removal.

“We have a huge amount of Venezuelans being arrested as political prisoners, who haven’t been released until today, so it’s not building trust,” he continues.

Acting President Rodríguez told NBC News earlier this month that she would hold free and fair elections but declined to commit to a timeline, stating that the schedule would be determined through political dialogue. When pressed about Machado, Rodríguez said she would face legal scrutiny upon any return for calling for military intervention and sanctions.

Secretary of State Marco Rubio has publicly outlined a three-phase approach for Venezuela’s future — stability, recovery, and transition to democracy — though he has declined to provide a specific timeline. During his January 28 Senate Foreign Relations Committee testimony, Rubio emphasized that “the end state here is we want a friendly, stable, prosperous Venezuela, and democratic, in which all elements of society are represented in free and fair elections.”

However, Rubio acknowledged the complexity of the timeline, stating, “We’re not going to get there in three weeks. It’s going to take some time.” In subsequent remarks to reporters, he added that the transition “can’t take forever” and acknowledged there must be progress within several months. However, he cautioned that “this is not a campaign to leave in place the systems currently in place.”

The Diosdado Factor

Interior Minister Cabello represents the most significant obstacle to a genuine transition. With control over security forces, intelligence services, and armed collectives, he possesses the coercive apparatus necessary to maintain regime control independent of formal governmental structures.

“Diosdado Cabello has a price imposed by the United States,” Vaquero explains. “He controls the coercive apparatus and all the internal loyalties. We’ve seen him lately. Every time he appears in Venezuelan media, he looks scared.”

The U.S. intelligence source identifies Cabello as the key figure whose removal or neutralization would be necessary for an authentic democratic opening. As long as Cabello maintains control of security forces, any political transition will be cosmetic rather than substantive.

His control extends beyond formal military and police to encompass armed civilian collectives that intimidate opposition supporters and maintain social control, operating with impunity while allowing the regime to claim official restraint.

Foreign Influence and Regional Implications

The regime’s historical relationships with Iran, Hezbollah, Russia, and China complicate transition planning. Despite keeping a low profile after Maduro’s removal, these actors continue to threaten American national security.

Bustos stresses that the presence of Hezbollah and Iranian-linked entities necessitates an extended transition period.

“The United States certainly knows about it,” he says. “I think that it’s not possible to get them out of the country really quickly.”

The re-extradition of Colombian-Venezuelan businessman Alex Saab in early February, designated by the United States as a key financial operator for Maduro, demonstrates some cooperation from regime elements with American law enforcement.

Saab’s arrest represents a significant test of cooperation with Washington. U.S. authorities accused Saab of moving approximately $350 million out of Venezuela through corrupt contracts, making him central to understanding how the regime financed itself under sanctions. His potential extradition signals Rodríguez is willing to sacrifice even Maduro’s closest financial operatives to maintain Washington’s support.

Nearly 9 million Venezuelans in the diaspora are reassessing their return prospects, yet few are making immediate plans to return. The combination of continued repression, economic uncertainty, and the presence of the same officials who forced their exile creates a wait-and-see dynamic.

Venezuelan passports cost approximately $700 on the black market when available, complicating both legal status abroad and potential return. Embassies and consulates are largely non-functional, creating a documentation crisis that traps Venezuelans in limbo regardless of whether they wish to return home or establish permanent residence elsewhere.

Strategic Implications

There is a fundamental question for Washington intelligence planners: Does the current arrangement represent a genuine transition, or is it simply the regime’s survival under American pressure? Continuing imprisonment of opposition figures and constitutional maneuvers to avoid elections suggest the former.

The official from the U.S. intelligence community notes the regime is maintaining strategic control while ensuring tactical compliance. In the absence of sustained military and economic pressure and clear benchmarks, the current government will likely continue to drag its feet on reforms for as long as possible.

The prisoner release pattern is illustrative. While hundreds have been freed, the process is opaque, reversible, and controlled entirely by Cabello’s interior ministry. As well as gag orders, those released are subject to re-arrest for hypothetical “political activity.”

Meanwhile, Defense Minister Vladimir Padrino’s presentation of a golden baton to Rodríguez at a military parade in February symbolized the armed forces’ continued allegiance to Chavista structures rather than any new democratic order.

Venezuela’s situation tests the Trump administration’s approach to authoritarian transitions. Government policy toward Venezuela currently reflects a calculated preference for energy security over democratic reform. Washington views maintaining regional stability and securing oil access as more pressing strategic priorities than the unpredictable outcomes of rapid political reforms.

The Trump administration’s stated objectives for Venezuela emphasize democratic transition. Rubio told the Senate that Washington seeks “free and fair elections” where “all elements of society are represented,” noting pointedly that “you can have elections all day,” but without media access for opposition and the ability for opposition candidates to run freely, “those aren’t free and fair elections.”

Yet the administration’s actions reveal a calculated preference for energy security over rapid political reform. In the same testimony, Rubio prioritized Venezuela becoming “a friendly, stable, prosperous” partner and ending threats from “Hezbollah and Iran in our own hemisphere.”

Washington views maintaining regional stability and securing oil access as more pressing strategic priorities than the unpredictable outcomes of immediate democratic reforms. This pragmatism risks legitimizing a rebranded authoritarianism, retaining the repressive mechanisms of Maduro’s regime.

However, observers caution that this pragmatism may come at a cost in the long run. By prioritizing energy and migration management, the U.S. risks legitimizing a rebranded authoritarianism that retains the repressive mechanisms of Maduro’s regime.

Former U.S. Ambassador to Venezuela James Story assessed that Rodríguez will play for time, doing “just enough to make it look as if they are complying” while waiting for U.S. focus to shift.

Venezuela’s post-Maduro transition ultimately reveals limitations of decapitation strategies against entrenched authoritarian systems. While removing Maduro eliminated the regime’s symbolic figurehead, the intelligence and security apparatus is intact.

Elections cannot occur in the short term, at least not elections meeting minimal standards of freedom and fairness. There is corruption in the electoral infrastructure, arrests of opposition figures for political activities, and the ability and leadership of those who would suppress genuine democratic opening is intact.

While the current arrangement provides tactical benefits, it also leaves strategic vulnerabilities regarding oil access and preventing a migration surge. The same figures wanted on U.S. criminal charges coordinate government functions. The same security services that tortured political prisoners manage their conditional release. The same armed collectives that intimidated voters patrol neighborhoods.

“Where Diosdado Cabello has been, obviously repression has not disappeared,” Vaquero adds. “It materializes with collectives, with social pressure, with selective judicialization. And obviously, while Diosdado remains in power, there won’t be profound change but rather tactical changes.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

Defending the Homeland: Pentagon Shifts Strategy on Drone Threats

OPINION — “This memorandum consolidates approximately ten separate outdated memoranda that were inadequate to address the current, complex unmanned aircraft system (UAS) threat environment. The new guidance affects a culture shift by empowering commanders to unambiguously apply their authority to mitigate threat UAS. Our message is clear, Department of War (DoW) airspace is off limits, and our commanders on the ground have the discretion to defend our airspace against all manner of UAS threats…Expanding the Defensive Perimeter : Grants commanders the authority to extend defensive actions beyond the physical ‘fence line’ of an installation; allows for the adequate protection of covered facilities, fixed assets, and mobile assets; placing trust in the commander and maximizing their flexibility to defend facilities and assets.”

That’s a quote from last Tuesday’s Defense Department (DoD) press release, Fact Sheet: C-UAS [counter unmanned aircraft systems] Policy in the U.S. Homeland. It was issued just hours before the Federal Aviation Agency (FAA) temporarily closed airspace within an 11-mile radius of El Paso International Airport, but after Customs and Border Protection (CBP) personnel on the day before [Monday, February 9] used a classified Pentagon laser system on nearby Fort Bliss Air Base, to shoot down what they thought were drug cartel UAS systems [drones], but turned out to be metallic party balloons.

According to the Wall Street Journal, Defense Secretary Pete Hegseth last month had approved lending the 20-kilowatt directed-energy LOCUST [laser] weapon to CBP for use on the Fort Bliss installation, whose fence line is on the Mexican border.

The CBP test was not coordinated with the FAA and the resultant uproar, which subsequently involved the White House and Congress, marks only the beginning of what I believe will be a series of similar episodes related to homeland protection against suspect UAS drone systems.

An interesting sidelight to last week’s events: The Senate Armed Services Committee was scheduled to have a meeting last Thursday morning with two Pentagon drone experts, Owen O. West, DoD Senior Advisor for Drone Dominance, and Travis Metz, Drone Dominance Program Manager. It was called off at the last minute.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

Drones are becoming smarter, more autonomous and more widespread, and as their uses grow the lines get blurry between legitimate and illegitimate, secure and not secure, particularly in metropolitan areas. There are strict FAA rules that govern drones over 55 pounds or any flown for non-recreational purposes. There are even some FAA requirements for outdoor flying of smaller drones for personal pleasure.

Back on June 6, 2025, President Trump issued an Executive Order (EO) called Restoring American Airspace Sovereignty that dealt primarily with UAS. It said of them, “criminals,

terrorists, and hostile foreign actors have intensified their weaponization of these technologies, creating new and serious threats to our homeland. Drug cartels use UAS to smuggle fentanyl across our borders, deliver contraband into prisons, surveil law enforcement, and otherwise endanger the public. Mass gatherings are vulnerable to disruptions and threats by unauthorized UAS flights. Critical infrastructure, including military bases, is subject to frequent — and often unidentified — UAS incursions. Immediate action is needed to ensure American sovereignty over its skies and that its airspace remains safe and secure.”

Trump’s June 2025 EO also said that the United States must have a secure and strong domestic UAS industrial base and that relying on UAS produced in foreign countries as well as foreign-made UAS critical components pose unacceptable national security risks to the U.S.

As one response, the June EO called for, “The Attorney General, in coordination with the Secretary of Defense; the Secretary of Transportation, acting through the Administrator of the FAA; the Secretary of Homeland Security; the Director of OMB; and the Chairman of the Federal Communications Commission, shall promptly take all appropriate steps…with regard to the creation of the National Training Center for Counter-Unmanned Aircraft Systems (Center), and, upon establishment of the Center, focus initial training provided by the Center on development of Federal and SLTT [State, Local, Tribal, and Territorial] capabilities to secure major upcoming national and international sporting events held in the United States, such as the FIFA World Cup 2026 and the 2028 Summer Olympics.”

By December 2025, the FBI had established the National Counter-UAS Training Center (NCUTC) at Redstone Arsenal in Huntsville Alabama where the Bureau already had cybersecurity, intelligence, and forensic training. Ever since, the NCUTC has been training officers from state, local, tribal, and territorial agencies on how to detect drones using radar, radio frequency sensors, and related technologies. More important, they are trained how to identify whether a drone is authorized or hostile, assess threats, and coordinate responses across various agencies.

During training, the FBI emphasizes that offensive actions against drones only occur when legally authorized, but the rules are complex. The FAA website, to assist law enforcement personnel responding to drone incidents, has created a three-part video series that covers the basics of drone regulations.

An additional response to the Trump June 2025 EO was Defense Secretary Pete Hegseth’s establishment in August 2025 of Joint Interagency Task Force 401 (JIATF 401) to replace the Pentagon’s then existing Joint C-sUAS Office. Operating under the Secretary of the Army, Hegseth’s order said, “JIATF 401 will be a joint activity and established as a jointly manned organization. The Military Services will support JIATF 401 with timely joint manning…This

new task force is empowered with broader authorities, funding flexibility, and rapid acquisition capabilities. Its mission is to strengthen U.S. airspace sovereignty, protect personnel and facilities, and outpace adversaries’ growing drone threats. With joint manning, interagency collaboration, and streamlined governance, JIATF 401 is designed to deliver innovative, mission-ready solutions at speed.”

As an example of cooperation, last Thursday, Army Brig. Gen. Matt Ross, JIATF 401 Director, visited the FBI's NCUTC in Huntsville yesterday. He met with Mike Torphy, FBI acting assistant section chief for UAS and counter-UAS, and discussed security preparations for this summer's soccer FIFA World Cup activities. Ross and Torphy also met with expert instructors who are teaching a specialized course for local law enforcement in each of the soccer tournament's eleven host cities across the nation.

One of the more unusual steps underway in the drone security field was announced by the Federal Communications Commission (FCC) last December 21. It referred to “a [White House] National Security Determination regarding the unacceptable risks posed by UAS and UAS critical components that are produced in foreign countries.”

It added that, “U.S. cybersecurity and critical infrastructure guidance has repeatedly highlighted how foreign manufactured UAS can be used to harvest sensitive data, used to enable remote unauthorized access, or disabled at will via software updates.”

As a result, the FCC has updated its so-called Covered List, which identifies foreign-made communications equipment and services that pose unacceptable risks to U.S. national security, and thus cannot be imported for sale or use in the U.S. The action, taken by the FCC last December 22, prohibited the future imports of both foreign-made UAS and UAS components, but does not affect any previously-purchased drone, nor does it prevent retailers from continuing to sell, import, or market foreign drone models or parts approved earlier in 2025.

I found one of the best descriptions of the drone security dilemma was in a sales brochure entitled Countering UAV Threats, produced by BAE Systems, a leading defense contractor.

The BAE brochure said, “Detecting small and inexpensive UAVs remains one of the most persistent operational challenges facing today’s militaries. These platforms possess small radar cross-sections, produce minimal acoustic and thermal signatures, and often operate at low altitudes within ground clutter. Many are capable of autonomous flight with little or no radio frequency (RF) emission, making traditional detection methods unreliable. Urban and vegetated terrain further complicate detection, as buildings and foliage create blind spots and signal reflections that mask UAV movement. Adverse weather, restricted lines of sight and interference from birds or civilian activity introduce additional uncertainty.”

Then brochre went on, “A connected challenge is distinguishing between hostile and civilian UAVs. Attribution and intent are major challenges, as it is often unclear who controls a UAV and for what purpose it is being used, particularly in grey-zone or proxy scenarios. The compressed decision timelines of UAV operations further complicate matters, as engagements frequently occur in seconds, leaving little room for deliberation.”

Needless to add, last week the Air Force Life Cycle Management Center, Eglin Air Force Base, Florida awarded BAE a cost-plus-fixed-fee $145 million contract for the development, manufacturing, and delivery of Counter Unmanned Aerial Systems weapon systems.

Along with everything else, the drone problem is worth keeping an eye on.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

How Cuba's Infrastructure Crisis Is Opening the Door to Foreign Intelligence Networks

DEEP DIVE — On February 13, nighttime light emissions across major Cuban cities had dropped as much as 50 percent compared to historical averages — the latest chapter in a crisis that has seen the island's grid collapse multiple times over the past year.

As desperate citizens in half the country waited in the dark, something else was accelerating along the island's few electrified corridors. Chinese technicians continued installing telecommunications equipment, Russian engineers maintained radar stations, and intelligence operatives from both nations embedded themselves deeper into Cuba's crumbling infrastructure.

Just 90 miles from Florida, Cuba's energy crisis has metastasized from an economic catastrophe into a national security vulnerability. Although Havana struggles to maintain the lights, Beijing and Moscow have come to Cuba's aid not as charitable donors but as strategic opportunists seeking to expand their intelligence-collection capabilities.

The State Department warned just one day after the latest outage that "scheduled power cuts occur daily, and unscheduled outages persist throughout Cuba." The island's thermoelectric plants, many dating back decades, now operate at barely 34 percent of their capacity. In February, five of eight Turkish-leased floating power plants departed Cuban ports after Havana failed to meet payment obligations.

The crisis has intensified dramatically as Cuba's oil lifelines have been severed. Following the U.S. seizure of control over Venezuelan oil operations in early January, Mexico had become Cuba's primary supplier, shipping nearly 20,000 barrels per day through September 2025. Yet, under mounting pressure from the Trump administration, which threatened tariffs on any country supplying Cuba with oil, Mexican President Claudia Sheinbaum announced in late January that shipments had been at least temporarily halted.

The figure had already plummeted to about 7,000 barrels per day, leaving Cuba essentially without oil imports for the first time in years.

The breakdown has created an opening that America's strategic competitors are exploiting with alarming sophistication. From this vantage point, intelligence services can monitor U.S. military installations across the Southeast, track Space Force launches from Cape Canaveral, intercept communications from Southern Command headquarters in Florida, and observe naval movements throughout the Atlantic and Gulf of Mexico.

For Beijing and Moscow, Cuba's desperation has become an important windfall.

Beijing's Digital Footprint Expands

China's presence in Cuba has grown exponentially, particularly in telecommunications and digital infrastructure. In testimony before Congress last May, national security analysts confirmed that satellite imagery identifies at least four Chinese-linked signals intelligence facilities across Cuba — Bejucal, Wajay, and Calabazar near Havana, plus a newly constructed site at El Salao near Santiago de Cuba.

"Cuba's proximity to the homeland continues to make the island an attractive intelligence platform for U.S. adversaries," Connor Pfeiffer, senior director of government relations at Foundation for the Defense of Democracies Action, tells The Cipher Brief. "Within 400 miles of Havana sit the headquarters of the U.S. combatant commands for Latin America and the Middle East, U.S. Special Operations Command, and air bases that regularly host advanced U.S. fighter aircraft."

As Cuban telecommunications companies struggle with outdated Soviet-era equipment and chronic power failures, Chinese firms, particularly Huawei and ZTE, have positioned themselves as the only viable solution. These companies aren't simply selling hardware; they're installing the very networks through which Cuba's limited internet traffic flows.

"Because of this proximity, intelligence outposts in Cuba provide signals intelligence and other capabilities that are invaluable to Beijing and Moscow," Pfeiffer explains.

The El Salao site features a circularly disposed antenna array, a configuration highly effective at determining the origin and direction of incoming high-frequency signals. These installations can track signals up to 9,300 miles, providing Beijing with unprecedented visibility into U.S. military communications and operations.

Meanwhile, MacDill Air Force Base in Tampa, home to U.S. Central Command and Special Operations Command, sits less than 300 miles from Cuban shores. Naval Station Mayport in Jacksonville, Naval Air Station Key West, and dozens of other sensitive military installations across Florida, Georgia, and Alabama all operate within easy range. The advantage over satellite surveillance is stark.

"By contrast to what can be obtained from overhead satellite images and other collection from satellites in low earth orbit whose time passing overhead can be anticipated, the ELINT facilities in Cuba are a constant presence with line of sight to key U.S. facilities," Evan Ellis, research professor of Latin American Studies at the U.S. Army War College Strategic Studies Institute, tells The Cipher Brief.

The infrastructure crisis has made Cuba more dependent on Chinese technical expertise. In February 2025, Chinese Ambassador Hua Xin and Cuban President Miguel Díaz-Canel announced China would construct 55 solar plants by the end of 2025, with an additional 37 planned by 2028. If completed, the network would add over 2,000 megawatts of capacity. However, this dependency gives Chinese intelligence services unprecedented access to Cuban government communications, military installations, and infrastructure systems.

"During the present U.S. military operations in the Caribbean, and in a future U.S. conflict in the Indopacific involving U.S. deployment from bases on the Atlantic seaboard and transit through the Caribbean, the Chinese electronic intelligence gathering facilities in Cuba are well positioned to capture not only things like radio transmissions, but the emissions from U.S. facilities, and the signatures of U.S. ships and other forces," Ellis underscores.

In simpler terms: China's Cuban listening posts can intercept not just what U.S. forces communicate, but the electronic fingerprints of their equipment, from radar emissions to communications arrays and ship propulsion systems. By using these signatures, adversaries can identify specific vessels and aircraft, track their movements, and potentially develop countermeasures to defeat U.S. military technology.

Moscow's Renewed Military Presence

Russia's intelligence footprint in Cuba never entirely disappeared after the Cold War, yet Moscow's activities have intensified dramatically. In March 2025, Russia and Cuba signed a military cooperation agreement that Russian lawmakers ratified in October. Ukrainian intelligence estimates that between 6,000 and 7,000 Cubans are currently fighting as mercenaries in Russia's war against Ukraine — the second-largest foreign contingent after North Korea's approximately 12,000 troops.

Rather than operating out of a single massive facility like the Soviet-era Lourdes complex, Russian intelligence has embedded personnel and equipment within ostensibly civilian infrastructure projects. Russian engineers arrive whenever Cuba's power grid requires emergency maintenance, bringing more than just technical skills. When radar systems at Cuban air defense installations fail, Russian specialists provide upgrades with built-in collection capabilities.

Russia has also leveraged Cuba's energy crisis to deepen military cooperation through increasingly frequent naval port calls in Havana; visits that allow Russian intelligence personnel to rotate in and out without scrutiny.

Not everyone in the intelligence community shares the alarm. Critics argue the threat is being overblown by voices eager to justify increased defense spending or maintain hardline Cuba policies that have failed for six decades. Some policy experts argue the infrastructure crisis actually presents an opportunity. If Washington eased sanctions and provided assistance to Cuba's energy sector, Havana would have less incentive to accommodate Chinese and Russian intelligence requirements.

Yet Ellis rejects the notion that Cuba could credibly reduce its ties to Beijing and Moscow in exchange for U.S. economic relief.

"Although U.S. economic coercion, taking advantage of Diaz-Canel's currently desperate economic state, could facilitate a deal in which Cuba promises to reduce its Cuban or Russian presence, Cuba will promise to comply to the degree that it can without truly breaking those ties to China and Russia, which for it are both ideological allies and partners in its survival," he continues.

The regime's dependency, Ellis stresses, runs too deep.

"Not until there is a sincerely democratic pro-US regime in Cuba will the U.S. be truly secure from the type of extra-hemispheric threats that Cuba, like Venezuela, can host in the Caribbean," he asserts.

The desperation-dependence cycle gives Beijing and Moscow leverage that extends beyond traditional espionage. Cuban officials are not in a position to demand transparency when Chinese technicians install new telecommunications equipment. Moreover, when Russian engineers service radar installations in Havana, the government lacks leverage to refuse requests for expanded intelligence cooperation.

"Without Venezuelan oil aid, the Cuban regime faces acute energy shortages and reduced inflows of much-needed foreign currency," Pfeiffer says.

The Trump administration's successful pressure on Mexico to halt oil shipments represents a calculated gamble—one that leverages Mexico's vulnerability during upcoming trade agreement negotiations. The complete severance could accelerate the regime's collapse—or drive it even more desperately into Chinese and Russian arms.

Strategic Vulnerabilities

The intelligence implications extend far beyond passive eavesdropping.

"The data that could be collected could allow the Chinese to capture particular intelligence transmitted in an imperfectly secure or decipherable fashion, but also just from the signatures, have an idea regarding the composition and state of activity of U.S. forces, their location, and signatures that could allow them to more effectively locate and defeat U.S. systems in combat," Ellis points out.

The worst-case scenarios involve cyber weapons pre-positioned in critical infrastructure, electronic warfare systems that could interfere with U.S. military communications during a crisis, or intelligence networks that could support hostile operations on America’s doorstep. The geographic proximity compounds every vulnerability.

Yet not everyone views American intervention as the solution.

Leon Valencia, a former ELN rebel commander and director of the Bogota-based think tank Fundación Paz y Reconciliación, offers a Colombian perspective that reflects broader Latin American sentiment.

"We do see Cuba more as a victim," Valencia tells The Cipher Brief. "Throughout several peace negotiations, Cuba has been a very important part. For example, the peace agreements with the FARC rebels, signed back in 2016, were negotiated in Cuba. Cuba has always kept its doors open towards us. We are thankful to Cuba, but we wouldn't get involved in military actions; there would be a protest."

Yet Valencia and other regional analysts increasingly believe change in Cuba may be inevitable. Enrique Serrano, a Colombian political analyst specializing in Latin American authoritarianism, sees the current crisis as potentially terminal.

"It's very unlikely that the government in Cuba might survive this year," Serrano tells The Cipher Brief. "I think finally we can change, and especially because Venezuela failed too, and even I think Nicaragua will fail to. Those authoritarian governments like Venezuela, Nicaragua and Cuba, what they try to do in real life is to gain time. They will disappear earlier or later."

Washington's Dilemma

The expansion of Chinese and Russian intelligence capabilities in Cuba presents Washington with a challenge that defies easy solutions.

According to Pfeiffer, "continued U.S. pressure will make it difficult for China or Russia to assist the Cuban regime in getting out of this crisis of their own making."

The infrastructure crisis complicates any potential diplomatic opening. A government desperate to keep the lights on may prove more willing to accommodate Chinese and Russian intelligence requirements than it would under less dire circumstances.

The intelligence collection capabilities that Beijing and Moscow are establishing in Cuba will persist long after the current blackouts end. Once installed, telecommunications infrastructure operates for years or decades. Every blackout pushes Havana closer to Beijing, every grid failure necessitates Moscow's help; each represents an incremental expansion of foreign intelligence capabilities on American soil.

"The opportunities stemming from Cuba's military and political alignment with the PRC, longstanding working relationship with its military and other personnel, geographical proximity, and other benefits, both before and during war, are hard to overstate," Ellis adds.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

Media Literacy Isn’t Enough Anymore

OPINION — For years, media literacy has been treated as the solution to misinformation. I've advocated that position as well.

Teach people to question headlines. Encourage them to check sources. Help them recognize bias and emotional manipulation.

All of that still matters. In fact, it matters more than ever. I often encourage people to think like intelligence analysts when they encounter information online. Pause. Ask who benefits. Look for what is missing. Compare across sources. Pay attention to emotion. Those skills are essential. They are part of being an informed citizen in a digital world. And yet, they are no longer sufficient on their own.

The information environment has changed in ways that place unprecedented strain on individual judgment. AI-generated content now moves at a scale and speed no human can comfortably keep up with. Synthetic images, audio, and video are increasingly realistic. Recommendation engines quietly shape what we see first, what we see repeatedly, and what we never see at all.

Even people who are informed and motivated can feel overwhelmed. Not because they lack critical thinking, but because the environment itself is engineered for constant engagement and reaction. Volume replaces deliberation. Speed crowds out reflection. This creates a subtle but important shift in responsibility.

When every individual is expected to function as a full-time analyst, constantly verifying and filtering, fatigue sets in. Naturally, people disengage. Or they rely on shortcuts. Familiar narratives feel safer. Emotion becomes a guide. Over time, trust erodes, not only in information, but in the idea that careful judgment is even possible.

This is where the conversation needs to broaden. Individual literacy and critical thinking remain necessary. We should continue to teach people how to evaluate information and resist online manipulation. At the same time, we have to recognize that resilience cannot rest entirely on individual effort.

Healthy societies depend on environments that support human cognition. Spaces that allow for pause. Systems that introduce friction in high-risk moments instead of eliminating it. Norms and designs that make room for judgment rather than constantly competing for attention. Freedom has always depended on those moments when humans decide what matters, rather than being swept along by momentum.

In a world optimized for speed and engagement, protecting those moments may be one of the most important things we can do.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

From the Monroe Doctrine to Maduro: The Precedent Problem in U.S.

OPINION — In 1895, Secretary of State Richard Olney sent a diplomatic note to Britain that contained one of the most remarkable sentences in American foreign policy history: "The United States is practically sovereign on this continent, and its fiat is law upon the subjects to which it confines its interposition." The line was not a boast. It was a warning — directed at London during a boundary dispute in Venezuela, designed to end the conversation before it began. Britain, to the surprise of many, stood down. What Olney had asserted as doctrine, Elihu Root would spend the next two decades trying to discipline. As both Secretary of War and Secretary of State under Theodore Roosevelt, Root understood that a nation capable of issuing such a fiat faced a problem more dangerous than weakness: the temptation to use power simply because it could.

That project matters again. In January, the Trump administration carried out an operation that resulted in Venezuelan President Nicolás Maduro being taken into U.S. custody and transferred to Florida to face federal narcoterrorism charges. The action was legally defensible under existing statutes and drew intense attention at home, dividing domestic opinion. It was also the kind of operation Root would have recognized as dangerous; not because it violated the law, but because it normalized the use of military force as an instrument of policy once legal justification could be established.

Root's concern was not with Olney's outcome. Britain had backed down, arbitration followed, and the crisis resolved without war. The problem was what Olney's success licensed. A tool used effectively once becomes a template, and the lesson absorbed from 1895 was not that American power required discipline, but that assertion worked. Root understood this danger in part because he had helped institutionalize it. The Monroe Doctrine, as originally conceived in 1823, was framed as a barrier against European intervention in the Western Hemisphere. It was defensive in character. The Roosevelt Corollary, which Root helped construct in 1904, transformed that posture into an assertion of U.S. authority to intervene whenever Washington judged instability intolerable — Olney's logic formalized and given permanent address. In practice, this produced a system of ongoing intervention that stopped short of formal empire while exercising many of its functions: military occupations in Haiti and the Dominican Republic, repeated interventions in Nicaragua and Cuba, and coercive diplomacy justified in the language of order and stability.

Root spent the latter part of his career attempting to correct what he had helped build. He argued for international arbitration, multilateral institutions, and legal frameworks that would constrain American power even as the country grew stronger. In 1914, before the American Society of International Law, he offered a deliberately narrow redefinition of the Monroe Doctrine — not a declaration of hemispheric sovereignty, but a statement that certain foreign acts would be regarded as injurious to American peace and safety. The contrast with Olney was implicit but unmistakable. Root never named him. He didn't need to. He simply offered a different reading of the same doctrine — more disciplined, more defensible over time — and let the contrast speak. He won the Nobel Peace Prize in 1912 for that broader project. But his warning proved easier to admire than to heed. Over time, his diagnosis of American dominance flattened into justification and extended well beyond its original hemispheric frame.

I recognize the appeal of that logic because I once believed in it. In my twenties, working in Washington on national security issues at the end of the Cold War and into the early 2000s, I believed that the freedoms we enjoyed in the United States were a privilege that should not be exclusive, and that American power could and should be used to defend and extend the political conditions that made those freedoms possible. I sometimes imagined an America less burdened by the expectation that every use of power required a moral narrative alongside it — more openly transactional, less apologetic. I was a neocon before it mattered, and perhaps even MAGA before it was born. Iraq forced a reckoning, in part because it revealed how easily power justified by necessity could outrun foresight, legitimacy, and responsibility for what followed.

In the Maduro case, the debate in Washington quickly narrowed to whether the seizure could be defended legally. That question is necessary, but incomplete. The rule of law is the foundation of democratic authority, yet legality alone cannot carry the weight of wise judgment. A government can act within the law and still act unwisely, weakening the norms it depends on once power alone is no longer sufficient. American power should be used to confront injustice, and non-military tools are often preferable to force. The question is not whether to act, but how routinely power is applied once legality becomes its own justification.

The Maduro episode is unlikely to be the last application of this logic. Attention inside the administration has already shifted toward Cuba, where Washington is applying pressure through fuel interdiction, secondary sanctions, and emergency authorities framed as enforcement rather than intervention. These measures are calibrated, legally grounded, and short of war. They represent controlled intervention rather than unconstrained power.

That distinction matters — but it does not resolve the underlying risk. The Caracas operation involved the direct use of military force against a sitting head of state. Cuba involves economic pressure and interdiction. Root would have recognized the difference. He also would have understood how the former creates permission structures that make escalation from the latter more likely. The logic that validates measured coercion in Cuba is the same logic that justified seizing Maduro. Each action establishes precedent for the next. The question is not whether any single measure crosses a line, but whether the accumulation of incremental steps creates a system in which restraint becomes optional rather than structural.

There is a deeper tension at work. If the United States treats spheres of influence as an acceptable norm in its own hemisphere, it becomes harder to reject similar claims elsewhere. Vladimir Putin's arguments about near-abroad authority rest on a logic the United States weakens when it asserts special prerogatives rooted in power rather than principle. The cases are not morally equivalent. Putin's interventions in Ukraine and Georgia involve territorial conquest and the erasure of sovereignty in ways American actions in the hemisphere do not. But the structure of the argument is similar enough that adversaries will exploit the parallel and allies will notice the inconsistency.

Root understood that sovereignty without discipline invites decay. The question before us is not whether America can act this way. Clearly, it can. The question is whether doing so strengthens the order it claims to lead or erodes it through accumulated precedent. Power exercised without restraint rarely remains exceptional.

Root's warning was never about weakness. It was about the difference between authority and dominance, between leadership that endures and power that exhausts itself. A century later, we are testing that distinction again.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

Inside the High-Stakes U.S. Pressure Campaign on Iran

EXPERT INTERVIEW – U.S. officials say a second aircraft carrier will be deployed to the Middle East amid the administration’s efforts to pressure Iran to agree to restrictions on its nuclear program. The USS Gerald R. Ford is expected to join the USS Abraham Lincoln in a significant build-up of U.S. military force in the region.

President Trump said this week that he does believe the U.S. will be able to reach a deal with Tehran but warns that if talks fail, the outcome could turn far more severe.

After meeting with the president in Washington this week, Israeli Prime Minister Benjamin Netanyahu is less optimistic about a deal, telling reporters on Thursday that “...I expressed general skepticism about any agreement with Iran, but I said that if an agreement is reached, it must include the elements that are important to Israel: not only the nuclear program, but also the ballistic missiles, and also the Iranian proxies.”

Meanwhile, Iran’s national security chief Ali Larijani is warning that Tehran would strike U.S. bases in the region if it is attacked.

The Cipher Brief spoke with former National Intelligence Manager for Iran at ODNI Norm Roule about what is likely to come next. Roule, who is also a Cipher Brief Expert, travels regularly to the region for meetings with senior leaders. We spoke with him in this exclusive interview about the risks and opportunities facing the U.S. with regard to Iran and what he believes Iran is likely to do first if the U.S. does launch a military attack.

Norman T. Roule

Norman Roule is a geopolitical and energy consultant who served for 34 years in the Central Intelligence Agency, managing numerous programs relating to Iran and the Middle East. He also served as the National Intelligence Manager for Iran (NIM-I)\n at ODNI, where he was responsible for all aspects of national intelligence policy related to Iran.

THE INTERVIEW

The Cipher Brief: The U.S. is continuing to deploy military assets to the Middle East. How are you assessing the opportunities given where talks with Tehran are at the moment? What do you see as realistic U.S. objectives?

Roule: You’re correct to start with a focus on objectives. This will give us targets to assess risks and opportunities, as well as the report card against which the success of any strategy must be judged.

A number of these are included in the Trump Administration’s December 2025 National Security Strategy: avoid involvement in a costly regional war or nation-building, ensure that regional sea lanes and choke points remain open, and maintain stable energy markets.

Regarding the Islamic Republic, every Administration – indeed the entire international community – has agreed that Tehran must cease the oppression of its people, must not be allowed to develop a nuclear weapon, its missile programs must be constrained, and its malign regional adventurism and support for terrorism must end. This latter set of ambitions has been part of not only this administration’s Iran strategy but also of the first Trump administration's strategy. Former Secretary of State Mike Pompeo’s May 2018 Twelve-Point Speech on Iran highlighted each of these goals.

However, the current approach addresses areas where there are different views on the balance between nonproliferation and broader regional issues, and on whether to resolve the nuclear issue first and address other issues later, or to handle them together.

Former Secretary of State Condoleezza Rice once famously reminded a group that policymaking is done in a reality where we must remember that we are a country and not an NGO. National interests, security, and power drive foreign policy.

Humanitarian goals will be important in our policies, but they won’t be the primary driver. Ours is not the first generation to face the challenge of how far we should go to encourage and militarily support those who courageously stand against tyrants.

Woodrow Wilson faced this dilemma as White Russian armies fought the Bolsheviks in 1918-1920. Several presidents were pressed to respond as Germans, Czechs, Hungarians, and other protestors valiantly stood up against heavily armed Soviet occupiers in the 1940s, 50s, and 60s. It’s easy to say we should do more, but these decisions are never clear. In this case, there have been many calls for military action, and it is easy to understand the rationale, watching the regime’s cruelty against the courage of Iranian protestors. But it is also unclear exactly what we are to attack, for how long, how we would measure success, whether the results would justify the ramifications of dealing with Iran’s military retaliation and lastly, whether the moment for such action has passed. Every presidential advisor would try to address these questions.

But if policy choices regarding Iran involve profound risks, the events of this month show that kicking the can down the road is no less dangerous. Inevitably, the can gets heavier with every kick and the road gets shorter. There is absolutely nothing regarding the Iran threat today that hasn’t been predicted for years. The international community refused to risk the price of hard actions against Iran, and elected to use repeated attempts at diplomacy, corrosive sanctions (which were effective in limiting Iranian capabilities) and until June 2025, increasingly empty threats of military action to constrain Iran.

In terms of opportunities, the Administration has been consistent in its focus on four priorities with regard to Iran. The most recent has been humanitarian and involves the U.S. threat of military action against the regime if it continues using widespread murderous force against Iranian protestors. No one can deny the horrific and bloody crimes committed by this regime during the recent unrest. The violence has subsided along with the protests, albeit widespread arrests and detentions continue. The President has claimed that his threats of military action limited Iran’s use of violence and stopped Iran from hanging large numbers of protestors. Some certainly argue that we should have used military action to aid the protesters, but this raises the question I mentioned earlier and related issues about whether we had sufficient assets in the area to address potential “Day After” consequences. This is a question with no single clear answer. However, our use of diplomatic, economic, and military pressure to prevent regime violence against protesters is appropriate and consistent with our national values.

The Cipher Brief: The White House is now focused on Iran’s nuclear, missile, and regional threats. Talk to us about why this is a priority and whether the current moment is an opportunity.

Roule: Let’s start with Iran’s nuclear program. The June 2025 Twelve-Day War severely degraded – at least for now – Iran’s nuclear weapons capability. But that capability can be rebuilt, and if Iran has any enrichment capacity, especially one not under international supervision, they can try to produce weapons-grade enriched uranium. But if Iran doesn’t agree diplomatically not to rebuild these capabilities and to provide the International Atomic Energy Agency with the access it requires, we should steel ourselves to the requirement that the Israelis or we will need to repeat the June 2025 military strikes when Iran chooses to rebuild.

Next, we have the Iranian ballistic missile threat. The unclassified May 2025 Defense Intelligence Assessment stated that Iran’s space-launch vehicle program could give it the capability to build as many as sixty intercontinental ballistic missiles (ICBMs) by 2035.

Iran’s repeated use of ballistic missiles against multiple countries makes it reasonable for Israel to be concerned about the long-term size and direction of this program as well. Iran’s missile program is not currently a threat to Western Europe. If Iran builds ICBMs, this, of course, changes. The idea that anyone would allow a country with Iran’s political, military, and nuclear history to build dozens of potentially nuclear-tipped ICBMs within nine years should not be acceptable. It would also be too easy to imagine a scenario in which Iran and North Korea joined forces to threaten the U.S. Homeland. So, we either compel Iran to change the course of its ballistic missile program, work with Europe to build a costly missile shield, or destroy that program militarily now.

Last, Iran’s Quds Force remains operational and has begun to repeat what will be a several-year campaign to reconstitute its regional proxy program. This is not the first time the Quds Force has been required to rebuild a regional program amid great risk to the regime. In fact, it’s the third time since 2003.

By any traditional measure, the Islamic Republic represents a failed revolutionary state ruling a disillusioned and angry population. In many ways, it resembles the final years of the Soviet Union: an ossified regime whose ideology is dismissed even by its most ardent supporters. The regime retains power through repression, coercion, corruption, and a multi-layered system of lucrative patronage that its most potent supporters would lose in any reformed government.

The administration’s rhetoric and actions make a reasonable case that the current moment should be tested to see whether, with further pressure – which could include military action – the regime would sacrifice these malign activities in exchange for sanctions relief that would allow the Islamic Republic to survive. This won’t satisfy those who seek regime change, but it does parallel Washington’s approach to Venezuela.

The Cipher Brief: How would you assess Iran’s losses to date?

Roule: By any measure, Iran’s losses have been extraordinary, consequential, and unprecedented in modern history for a country of its size, regional influence, and global economic impact in the energy market. The last two years have been crowded with examples of the collapse of its political, economic, and national security architecture.

In terms of leadership, the regime has endured the death of President Ebrahim Raisi, who was highly likely to be Supreme Leader Khamenei’s choice. His passing was followed by a historic low turnout in elections that led to the Pezeshkian presidency. Pezeshkian failed to deliver on his economic promises. His tenure has included the dismissal or resignation of two vice presidents, two cabinet officials, and other senior officials. He spends much of his time apologizing to the Iranian people for the government's failures, hoping this tactic will win him popular support. It’s somewhat understandable in that the economic complaints that ignited Iran’s recent nationwide unrest occurred in a country that has endured months of shortages of water, electricity, natural gas, and refined products, which forces the repeated closure of schools, government offices, and businesses.

The World Bank estimates that one-third of Iranians (25-26 million) are below the poverty line. Annual inflation reached 43 percent in December 2025. The rial, which fell to 1.43 million to the dollar before the unrest, just reached 1.63 million to the dollar and appears to have no bottom. U.S. Secretary of the Treasury Scott Bessent’s comments on recent U.S. expanded sanctions in response to Iran’s handling of protests underscores Washington’s intent to use whatever economic tools it can to pressure Tehran.

The Cipher Brief: If you’re looking at this in terms of Iran’s own national security, how does it look?

Roule: In terms of national security, the picture is bleak. Over the past two years, Israel killed the commanders of Iran’s primary proxy partners and destroyed the group's strategic capacity. Russia and China proved to be of no help in the June War, nor could they stop the reimposition of United Nations Security Council Sanctions.

The loss of Syria and Venezuela cost Iran its closest external allies, reducing its regional and global political reach. The June War was a profound defeat for Iran’s air defenses and intelligence services. Israel and the U.S. easily destroyed key elements of Iran’s hugely expensive nuclear program, an effort that has cost billions of dollars and for which Iran has endured decades of political and economic isolation. The conflict cost Tehran many of its most experienced military and nuclear personnel, and left Iran with billions of dollars in damage to its nuclear and missile infrastructure.

Finally, Iran’s murderous killing of protestors and internet shutdown starkly illustrated that the most successful aspect of the regime’s national security investments remains its tools of oppression.

The Cipher Brief: Many have described Tehran today as weak. Yet the regime keeps surviving protests. Its missile programs are considered a potential threat, and policymakers are worried about its capacity to threaten the Strait of Hormuz, impacting energy markets. What’s your take on this?

Roule: The regime is weaker in many areas, but it is more accurate to say that the regime has never been more fragile and is strategically weaker than it has been in decades. All of this is known to Iran’s Supreme National Security Council. But they can also list strengths they believe will help them survive. I would rather not list these publicly but suffice it to say that key elites and security elements remain unified, disciplined, and responsive.

If the government’s deep national unpopularity is a fact, it can’t be ignored, as a substantial portion of the population remains uncommitted to its overthrow, and some are committed to its survival rather than supporting the opposition. Externally, it may have no reliable state allies, but nor does it face an international coalition. The U.S. is its primary adversary. What it achieves against Washington will shape its relations with the world.

Iran may not be able to compete with the U.S. militarily, but that has always been the case. Its leaders know that they must be able to threaten an asymmetric response: regional and global economic destruction by missile, drones, and cyber-attacks will immediately begin should the U.S. attack Iran.

This list should leave your readers with the sense that these men believe the best days of the regime are ahead. That would imply stupidity, which is not a characteristic that gets one through Iran’s national security shark pool of political and policy challenges.

They wake every morning, knowing that their domestic political and economic realities make another cycle of nationwide anti-regime unrest inevitable. The Supreme Leader will be 87-years old on April 19. His eventual passing will trigger the final transition to the regime’s post-revolutionary generation and they have had years to prepare for this moment. But his passing, which could occur at any time, could create a new crisis. And of course, if an actual military conflict with the U.S. takes place, the survival of the regime, and the personal survival of those in Iran’s leadership could be in question.

The Cipher Brief: How are you assessing the impact of the Trump administration’s approach right now?

Roule: The structure of the Trump administration’s strategy remains strategically conventional. The administration’s primary goal is a diplomatic outcome that avoids a conventional war or an episode that leaves Iran empowered and U.S. credibility damaged. Hence, the likelihood of a dramatically powerful military attack on Iran remains high.

The administration has made no secret of its buildup of one of the most powerful offensive air, missile, and air defense capabilities in history. Israel has also threatened military action. The President is also reportedly considering dispatching another aircraft carrier task force to augment his offensive capabilities further. The way this force has been deployed thus far shows that it is part of the pressure campaign and that the President has not yet authorized military operations. Of course, this last point could change at any time.

The administration has deployed a senior diplomatic team and urged regional partners to press Iran to engage with the U.S. to reach a deal. The administration has loudly announced new economic pressure on Iran and of course, deployed a massive military force. All of this is meant to pressure Iran’s leaders into making concessions.

This brings us to the subject of timelines. This current process is likely to last until the president and his advisors believe they have exhausted diplomacy. If the administration continues to believe it must strategically change Iran’s nuclear, missile, and Qods Force, then military action becomes a very high probability.

Predicting this timeline is impossible as it is shaped by Iran’s decisions, partner input, U.S. political conditions, and even unexpected events, such as a sudden spike in unrest within Iran, the sudden death of the Supreme Leader, etc.

The Cipher Brief: What about Iran’s response?

Roule: Iran needs to conduct multiple actions simultaneously to reduce the pressure on the regime and improve its chance of long-term survival. These steps include ending the protests, improving its military capabilities, and developing a diplomatic strategy to delay a U.S. military strike. But in the near term, Tehran remains unlikely to give Washington what it wants.

Domestically, Tehran must ensure and demonstrate leadership and unity among security forces. The country’s leadership will continue to comprise a spectrum of trusted actors. Security forces will aggressively seek to locate and detain anyone believed to have been part of the recent unrest and anyone who they believe has engaged in unauthorized contact with Western opposition or media, and expedite trials to show that the regime’s control remains strong. The regime will seek opportunities to project an atmosphere of normalcy and, as we have already seen, organize pro-regime rallies and events to show that it has its own base of support.

Externally, the regime will seek to project defiance and confidence. Its primary diplomatic goal will be to buy time and prevent coalitions from forming, so it will seek negotiations, indirectly whenever possible, and will always focus on the most complicated issue: the nuclear program. Its public comments on the talks will be positive and vague. This has been its usual practice because doing so has a positive impact on the value of the rial to the dollar and supports the regime’s propaganda on diplomacy.

We should expect Tehran to maintain oil production and maybe even try to increase floating storage on shadow-fleet assets in Asia to allow it to meet contracts during any short-term conflict with the U.S. If it feels it needs to close the Strait of Hormuz, it has multiple ways of doing so, but we shouldn’t be surprised if the U.S. military has multiple options for dealing with that.

At the same time, it will prepare missile and cyber operations both to signal deterrence and to survive any U.S. and possibly combined U.S.-Israel attack. In the absence of a credible air defense, its deterrence rests on a public diplomacy narrative that it stands ready to launch broad attacks against every U.S. base in the region, Israel, and to close the Strait of Hormuz and perhaps attack oil export facilities, damaging the international oil market, if the U.S. attacks. Iran hopes these statements will spark debate in the U.S. and diplomatic pressure from the international community against Washington over an attack.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Confidence, Interoperability, and the Limits of U.S. Decision Systems

OPINION — In recent months, U.S. policy debates have increasingly acknowledged that the decisive contests of the 21st century will not be fought primarily on conventional battlefields. They will be fought in the cognitive domain, through influence, perception, legitimacy, and decision velocity. This recognition is important and depends on an adequate technical and institutional layer to deliver durable strategic advantage. Cognitive advantage cannot be declared. It must be engineered.

Today, the United States does not lack data, expertise, or analytic talent. What it lacks is decision-shaping architecture capable of producing consistently high-confidence strategic judgment in complex, adaptive environments. The result is a persistent gap between how confident U.S. decisions appear and how reliable they are - especially in Gray Zone conflicts where informal networks, narrative control, and societal resilience determine outcomes long before failure becomes visible. Afghanistan was not an anomaly. Nor will it be the last warning.

The Confidence Illusion

In U.S. national security discourse, the phrase “high confidence” carries enormous weight. It signals authority, rigor, and analytical closure. Yet extensive research into expert judgment, including studies of national-security professionals themselves, shows that confidence is routinely mis-calibrated in complex political environments.

Judgments expressed with 80–90 percent confidence often prove correct closer to 50–70 percent of the time in complex, real-world strategic settings. This is not a marginal error. It is a structural one.

The problem is not individual analysts. It is how institutions aggregate information, frame uncertainty, and present judgment to decision-makers. While pockets of analytic under confidence have existed historically, recent large-scale evidence shows overconfidence is now the dominant institutional risk at the decision level.

Recent U.S. experience from Iraq to Afghanistan suggests that institutional confidence is often declared without calibration, while systems lack mechanisms to enforce learning when that confidence proves misplaced. In kinetic conflicts, this gap can be masked by overwhelming force. In Gray Zone contests, it is fatal.

Afghanistan: Studied Failure Without Learning

Few conflicts in modern U.S. history have been studied as extensively as Afghanistan. Over two decades, the U.S. government produced hundreds of strategies, assessments, revisions, and after-action reviews. After the collapse of 2021, that effort intensified: inspector general reports, departmental after-action reviews, congressional investigations, and now a congressionally mandated Afghanistan War Commission.

The volume of analysis is not the problem. The problem is that these efforts never coalesced into a unified learning system. Across reports, the same lessons recur misjudged political legitimacy, overestimated partner capacity, underestimated informal power networks, ignored warning indicators, and persistent optimism unsupported by ground truth. Yet there is no evidence of a shared architecture that connected these findings across agencies, tracked which assumptions repeatedly failed, or recalibrated confidence over time.

Lessons were documented, not operationalized. Knowledge was archived, not integrated. Each new plan began largely anew, informed by memory and narrative rather than by a living system of institutional learning. When failure came, it appeared suddenly. In reality, it had been structurally prepared for years.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Reports Are Not Learning Systems

This distinction matters because the U.S. response to failure is often to commission better reports. More detailed. More comprehensive. More authoritative. But reports - even excellent ones - do not learn. Learning systems require interoperability: shared data models, common assumptions, feedback loops, and mechanisms that measure accuracy over time. They require the ability to test judgments against outcomes, update beliefs, and carry lessons forward into new contexts. Absent this architecture, reports function as historical records rather than decision engines. They improve documentation, not confidence. This is why the United States can spend decades studying Afghanistan and still enter new Gray Zone engagements without demonstrably higher confidence than before.

Asking the Wrong Questions

The confidence problem is compounded by a deeper analytic flaw: U.S. systems are often designed to answer the wrong questions. Many contemporary analytic and AI-enabled tools optimize for what is verifiable, auditable, or easily measured. In the information domain, they ask whether content is authentic or false. In compliance and due diligence, they ask whether an individual or entity appears in a registry or sanctions database. In governance reform, they ask whether a program is efficient or wasteful. These questions are not irrelevant, but they are rarely decisive.

Gray Zone conflicts hinge on different variables: who influences whom, through which networks, toward what behavioral effect. They hinge on informal authority, narrative resonance, social trust, and the ability of adversaries to adapt faster than bureaucratic learning cycles.

A video can be authentic and still strategically effective as disinformation. An individual can be absent from any database and still shape ideology, mobilization, or legitimacy within a community. A system can appear efficient while quietly eroding the functions that sustain resilience. When analytic systems are designed around shallow questions, they create an illusion of understanding precisely where understanding matters most.

DOGE and the Domestic Mirror

This failure pattern is not confined to foreign policy. Recent government efficiency initiatives-often grouped under the banner of “Department of Government Efficiency” or DOGE - style reforms - illustrate the same analytic tendency in domestic governance. These efforts framed government primarily as a cost and efficiency problem. Success was measured in budget reductions, headcount cuts, and streamlined processes.

What they largely did not assess were system functions, hidden dependencies, mission-critical resilience, or second-order effects. Independent reviews later showed that efficiency gains often disrupted oversight and weakened essential capabilities - not because reform was misguided, but because the wrong questions were prioritized. DOGE did not fail for lack of data or ambition. It failed because it optimized what was measurable while missing what was decisive. The parallel to national security strategy is direct.

Why Gray Zone Conflicts Punish Miscalibration

Gray Zone conflicts are unforgiving environments for miscalibrated confidence. They unfold slowly, adaptively, and below the threshold of overt war. By the time failure becomes visible, the decisive contests - over legitimacy, elite alignment, and narrative control - have already been lost.

Adversaries in these environments do not seek decisive battles. They seek to exploit institutional blind spots, fragmented learning, and overconfident decision cycles. They build networks that persist through shocks, cultivate influence that survives regime change, and weaponize uncertainty itself. When U.S. decision systems cannot reliably distinguish between what is known, what is assumed, and what is merely believed, they cede cognitive advantage by default.

What “90 Percent Confidence” Actually Means

This critique is often misunderstood as a call for predictive omniscience. It is not. According to existing standards, No system can achieve near-perfect confidence in open-ended geopolitical outcomes. But research from forecasting science, high-reliability organizations, and complex systems analysis shows that high confidence is achievable for bounded questions - if systems are designed correctly.

Narrowly scoped judgments, explicit assumptions, calibrated forecasting, continuous feedback, and accountability for accuracy can push reliability toward 90 percent in defined decision contexts. This is not theoretical. It has been demonstrated repeatedly in domains that take learning seriously. What the U.S. lacks is not the science or the technology. It is the architecture.

Cognitive Advantage Requires Cognitive Infrastructure

The central lesson of Afghanistan, Gray Zone conflict, and even domestic governance reform is the same: data abundance without learning architecture produces confidence illusions, not advantage.

Cognitive advantage is not about thinking harder or collecting more information. It is about building systems that can integrate knowledge, test assumptions, recalibrate confidence, and adapt before failure becomes visible.

Until U.S. decision-shaping systems are redesigned around these principles, the United States will continue to repeat familiar patterns - confident, well-intentioned, and structurally unprepared for the conflicts that matter most.

The warning is clear. The opportunity remains with Yaqin.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

A Path to Understanding Autonomy in Defense Technology

Welcome to The Iron Triangle, the Cipher Brief column serving procurement officers tasked with buying the future, Investors funding the next generation of defense technology, and policy wonks analyzing its impact on the global order.

COLUMN/EXPERT PERSPECTIVE -- In its purest sense, autonomy is the condition of self-government. When we overlay that concept onto military machines and armed drones, the immediate fear is that we are outsourcing the moral weight of life and death to an algorithm. I’ve seen the Terminator series, so I know what you’re thinking. No, you don’t need to learn how to make a pipe bomb. It’s not as bad as you think… maybe.

However, the reality of military command is more nuanced. To understand autonomy in defense technology, I want to first be clear about how the military defines command.

Command is composed of three elements: authority, responsibility, and decision-making. Authority is the delegated power to make decisions and use resources. Responsibility is the legal and ethical obligation for everything a unit does or fails to do. And decision-making is the process of translating high-level intent into actionable orders.

Autonomy does not replace the commander; it enables the commander to aggregate and disaggregate aspects of Command and Control (C2). Specifically, autonomy allows a commander to delegate control to a machine while maintaining command. However simple this sounds, it is a monumental mindset shift for many commanders. To be successful, this will require reshaping some commanders’ understanding of technology.

To use autonomous systems appropriately, the commander assigns a framework of authority. This authority might be a benign task, such as "Conduct intelligence, surveillance, and reconnaissance in order to identify the enemy within [defined area]."

On the opposite end of the spectrum, such as in high-intensity, peer-conflict scenarios where there is no civilian presence, "Identify and destroy targets in [defined area]." The authorities a commander assigns to autonomous systems will depend heavily on their risk calculations and dozens of other factors.

The Rewards: Why Accept the Risk?

Remember that all responsibility for the mission remains with the commander. Given the potential risks outlined above, why would a commander accept responsibility for an autonomous system’s performance? Because autonomous systems will be required not only for survival, but to fight and win on a modern, transparent battlefield.

Operational Tempo (OPTEMPO). Autonomy denies the adversary the ability to reset during what would otherwise be natural lulls in combat operations. It enables a constant and consistent pressure campaign that human operators, limited by fatigue, cognitive bandwidth, and resources, cannot sustain.

Force Protection and Attrition. We must shift our thinking toward lifecycle protection. Autonomy allows us to project power and achieve effects without putting a human in the loop–where they are most vulnerable.

Cognitive Decoupling. By reducing the pilot-to-platform ratio from 1:1 to 1:Many, autonomy frees the commander’s mind to focus on the strategic rather than the tactical, effectively reducing cognitive load.

The Implications: The Path Forward

To move autonomy to battlefield reality, we must address three critical pillars:

Low-Cost Near-Exquisite Systems: Commanders cannot get comfortable with autonomy if they are afraid to lose their assets. We must continue to move away from high-cost platforms toward mass-producible, near-exquisite systems that allow for the thousands of training iterations required to build trust.

Interoperability: A quadcopter built in a Florida garage must immediately work cohesively with a bespoke system from a big defense prime. If autonomous systems cannot operate across-domains, if they aren’t vendor-agnostic, and if they can’t operate as one element of a swarm ecosystem, they aren’t force multipliers; they are a logistics burden.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

End Vendor Lock-In: Continuous innovation is the only defense against adversarial countermeasures, and rigid multi-year contracts stifle technology iteration. We need a development operations model for hardware, where field feedback is transferred directly to engineers, rapid improvements are made, and systems are re-fielded. Vendors need to be held accountable–by losing profitable contracts–when they fail against this standard.

For the procurement officer: Stop buying platforms and start buying ecosystems that support delegated authority, scalability, and innovation. Establish criteria for continuously evaluating technology and hold companies accountable. I commend the Department of Defense for acknowledging this need with more flexible contract mechanisms, but more can be done. There are many small, innovative technologies that might make a substantive difference if they are given an opportunity.

For the investor: Look for companies whose technology is not dependent on specific hardware, and for those who are open to rapidly partnering with other OEMs to overcome technical limitations. There are an unprecedented number of small defense technology firms in today’s ecosystem and there will be a consolidation within two-to-five years. If a company insists that every capability is vertically integrated, there is a strong likelihood that they will be outpaced by an up-and-comer or a conglomeration who is more flexible.

For the policy wonk: The debate isn't about whether machines will make decisions, but how we legally and ethically define the authority we give them. Setting conditions that promote and reward innovation will de-risk this transition now. We also need to think about the resources we provide the services for training, and how rules of engagement stack against those of our adversaries. This will all lead to better outcomes when it counts.

The coming years will be a period of creative destruction for the defense industry. The era of proprietary technology is ending, replaced by an ecosystem where the only constant is change. We must reward the agile and hold the stagnant accountable. Whether it’s a garage-born startup or a legacy prime, the winners will be those who embrace the DevOps of hardware and the radical transparency of interoperable swarms. Autonomy is the catalyst; how we choose to fund, buy, and govern it will determine who leads the global order for the next century.

Joey Gagnard is a Cipher Brief columnist who regularly shares his perspective on national security and technology via his Iron Triangle column.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

Standing Up to a Spy: My Run-In with Aldrich Ames

OPINION — I had an unpleasant episode with Aldrich Ames which taught me some life lessons.

I was a mid-level CIA analyst working Caucasus and Central Asian issues in the 1990s. My job responsibilities then included reviewing agency participation in conferences located in that part of the world, helping assure the environment was conducive to the type of gathering being proposed and identifying any threats there might be. The reviews were usually noncontroversial and proforma, perfectly suited for a mid-level analyst.

Sometime, though, in mid 1993, a memo came across my desk from a desk officer in the CIA’s Counter Narcotics Center (CNC) proposing a senior level CNC conference in that part of the world that I worked. I felt strongly there were security risks associated with the gathering that did not justify agency participation. I was also concerned that the host country could not adequately address the conference logistics. I documented my concerns, did not sign off, and moved on, without giving the subject any additional thought.

The following day, as I was reading through my cables, I looked up from my computer to find a very unkempt individual, about 20 years my senior with bushy eyebrows and a dirty, wispy looking mustache hovering over me, in essence, violating my personal space. He introduced himself as Aldrich Ames, the individual planning the conference which I had refused to sign off on the day before. He demanded to know how I had the gall to stand in the way of this important conference. I explained to this aggressive individual that I saw no upside to holding such a conference where he had proposed and explained to him my security and logistics concerns. He continued by berating me for not understanding the former Soviet Union.

Sure, I was in the earlier stages of my career but by then I had an undergraduate and graduate degree in Soviet Studies. I studied in Moscow and St. Petersburg. I wrote my master’s thesis on the role of women in Uzbek politics, participated in several summer workshops at Harvard University and other universities focused on Ukraine and Central Asia, had published articles in academic journals on Central Asia, had spoken on many conference panels regarding Soviet and Former Soviet Union politics, and had just completed a year as part of the CIA Director’s Exceptional Analyst Program studying the history and culture of Azerbaijan and Azeri language.

I stood my ground with Aldrich Ames and politely invited him to leave. Not to be deterred, Ames came back to my desk a few times. I was not there and my cubicle-mates alerted me to the fact that the unkempt man from the CNC was looking for me. He found me at my desk a few weeks later. By then, he was even more surly and patronizing. He told me that he was a senior operations officer and that I was thwarting important operations. I told him to get the Department of Operations to sign off and then come back to me. He then complained to my boss about the stupid analyst. She had my back but as a fairly young analyst, I was shaken by his demeanor and his threats.

Months later I heard that the CNC Conference was happening but maybe somewhere else.

Mr. Ames was arrested for espionage on his way to this relocated conference shortly thereafter.

I later came to know that Mr. Ames may have shared my analysis with the Russians. But, I was not in harm's way. More importantly, I remember the families and loved ones of those executed due to Ames’ betrayals and pay tribute to them and the colleagues whose careers he sidetracked.

This is just another ugly, though inconsequential story in the Aldrich Ames saga. What I learned as an analyst who unwittingly stood up to a spy is to trust your instincts, stand your ground, expertise matters, and that ultimately bad people cannot disguise that they are bad people. And Mr. Ames should have taken my advice.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

Russia’s Promises of Security Lead to Ukraine's Frontlines

DEEP DIVE — Moscow has spent nearly four years burning through human resources in Ukraine, and now they’ve found a new way to fill the gaps of loss: exploiting the Global South. Russia is luring in thousands of men with promises of ‘work’ or ‘security,’ only to hand them a rifle. When these guys eventually head home, their own governments are going to be left dealing with the fallout of having thousands of war-hardened veterans they never asked for.

Ukraine’s military intelligence has identified more than 18,000 foreigners from 128 countries who have fought or are currently fighting for Russian forces. At least 3,388 of these fighters have been killed, according to Ukrainian officials. The death toll includes citizens from Cuba, Nepal, India, Kenya, and across Central Asia — men who often arrived in Russia seeking construction jobs or warehouse work, only to find themselves thrust into Ukraine’s grinding war of attrition with minimal training and false promises.

“Russia has no choice but to attempt to continue its foreign recruitment model given Russian military casualties and political realities of a significant mobilization in President Putin’s political bases in Moscow and Saint Petersburg,” Alex Plitsas, nonresident senior fellow with the Middle East Programs at the Atlantic Council, tells The Cipher Brief.

For Washington, the pipeline carries implications beyond the immediate battlefield. Combat-hardened fighters from regions where the United States competes with Russia for influence, particularly across Africa and Latin America, will eventually return home potentially equipped with drone warfare expertise, small arms proficiency, and tactical knowledge gained in Europe’s most technologically advanced land war since 1945.

Former AFRICOM commander General Stephen Townsend warned in 2019 that Russia’s meddling in Africa comprises the “second biggest threat to US security interests” after terrorism.

The Architecture of Exploitation

Moscow has effectively turned its migration system into a trap, routinely building military recruitment offices right beside immigration facilities where beatings and freezing cells are used to coerce signatures. Detention or military service are often the only options for migrants in legal limbo.

Incentives are also used to exploit poverty. Nepali recruits receive 75,000 to 200,000 rubles monthly, or $750 to $2,000, dwarfing local earnings but representing only a fraction of Russian compensation. Cuban networks promise citizenship and generous payments.

The Human Trafficking Pipeline

Several governments now describe these recruitment tactics as outright human trafficking. In Kenya, an investigation revealed that citizens were promised stable jobs only to find themselves on drone assembly lines in active war zones. India has documented a similar pattern, with at least 35 of its nationals sent to the front lines against their will.

Nepal perhaps serves as the most stark example of this human cost. Officially, 14 Nepalis are confirmed dead, but estimates suggest as many as 2,000 may have enlisted in Russian forces. The subsequent outrage in Kathmandu led to Russia and Ukraine’s work permits being denied in early 2024. This proved effective, at least temporarily, as only one known Nepali citizen had signed a contract in the first ten months of 2025.

The situation, however, is harrowing on the ground. Foreign recruits are deployed to frontline assaults after just a week of training, according to Ukrainian prisoners of war. Despite promises of non-combat roles, some of these men signed Russian-language contracts they couldn’t even read.

“The foreign recruits have proven to be less effective as a result of the minimal amount of training and poor equipment that they receive upon joining,” says Plitsas. “Russia is throwing bodies at the problem, so to speak, in terms of trying to fortify the front lines and replacing fallen Russian troops.”

Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.

The political calculus is deliberate. Plitsas highlights that there are far fewer political ramifications for losing foreign fighters than for Russian citizens.

“Many see these foreigners as having volunteered, so if they die in combat, it doesn’t have a significant reflection within Russian society,” he continues.

Central Asian migrants face particular vulnerability.

Moscow has increasingly turned its attention to the four million Central Asian migrants living within its borders to solve its mounting personnel shortages. Since the legal shifts in September 2022, the Kremlin has effectively tied residency and citizenship to military service.

Uzbeks and Tajiks working in Russia face a forced choice: enlist or lose their legal status. It is common for new arrivals’ residency applications to be stalled unless they sign a military contract, making them a prime target for Russian recruiters.

The Manpower Calculus

Moscow’s reliance on foreign recruits reflects an acute strain on its ability to sustain combat operations. Western estimates suggest Russia has suffered approximately 1.2 million casualties — killed and wounded — since February 2022. The UK Ministry of Defense reported Russia lost approximately 415,000 personnel in 2025 alone, the second-deadliest year of the conflict. December 2025 averaged 1,130 casualties daily, marking four consecutive months of rising losses.

The Kremlin maintains a monthly recruitment rate of roughly 30,000 to 40,000 contract soldiers, approximately matching battlefield attrition rates. This pace requires exploiting every available demographic, with provincial governments pressured to meet quotas.

Yet debate exists over the scale’s significance.

“The Russian army does not depend critically on foreign mercenaries,” Oleg Ignatov, Senior Analyst for Russia at the Crisis Group, tells The Cipher Brief. “The exact number of foreign mercenaries in the Russian army is unknown, but it is small compared to the total number of troops.”

Independent estimates hover around 1,500, while Russian officials claim 30,000 total — a fraction of Russia’s roughly 700,000 troops in Ukraine.

“Overall, there is no evidence that foreign mercenaries stand out among Russian soldiers and suffer significant losses compared to other soldiers,” Ignatov insists, noting North Korean forces initially suffered heavy losses because “they were not adapted to the realities of war in Ukraine.”

“All other foreigners serve in Russian units and suffer the same losses as all other servicemen in these units,” he says.

The pattern reflects a broader strategic reality.

According to Ignatov, “both Russia and Ukraine are experiencing a shortage of manpower for this type of war, which explains their efforts to recruit foreigners.”

“In addition, Russia needs to maintain its manpower advantage on the front lines, which it gained by the end of 2023-early 2024,” he points out.

Plitsas frames the imperative more starkly.

That political risk became clear more than three years ago. Moscow remains wary of the domestic fallout that followed the September 2022 mobilization. The Kremlin thus relies on foreign recruitment to maintain frontline numbers.

The Security Aftermath

The long-term security implications of Russia’s foreign recruitment extend far beyond the battlefield. Combat veterans returning to impoverished home countries bring specialized military skills from Europe’s largest land war since 1945. Historical precedent from Afghanistan, Syria, and Iraq demonstrates that even small percentages can destabilize regions.

“Foreign fighters returning home often suffer from the same types of combat-related stress disorders as troops but given that they were working for a foreign military, they do not get benefits when they return to their home country,” Plitsas cautions. “They also have sufficient training to be able to conduct attacks at home, even if they are simplistic, involving only small arms.”

The psychological and practical risks compound.

“There is always a risk in having a population of combat-experienced fighters who lack access to benefits and treatment for combat-related issues and their susceptibility to domestic causes that could be problematic for their home governments,” Plitsas underscores, pointing to Syria. “Many foreign fighters returned from Iraq with combat experience and helped to form the base of the armed factions that overthrew the Assad regime.”

Beyond physical combat skills, the technological knowledge poses distinct dangers.

“One concern is that foreign fighters will accelerate the proliferation of drone technologies and tactics used in Ukraine to nefarious groups around the world, some of which have already started adopting them,” John Hardie, deputy director of the Russia Program at the Foundation for Defense of Democracies, tells The Cipher Brief.

Ukraine has become a laboratory for drone warfare. Veterans returning with hands-on experience could rapidly advance militant and criminal capabilities from Latin America to Southeast Asia.

Some nations are trying, or tried, to push back.

Kazakhstan opened a record 709 criminal cases in 2025 against citizens who joined Russian formations, with sentences ranging from 4.5 to 5 years. Kyrgyzstan’s attempt to set a legal precedent, however, fell flat when the Kremlin stepped in with pressure to drop charges.

In spite of the death toll of more than 120 Uzbek, Tajik, and Kyrgyz fighters by late 2024, accountability remains nonexistent. It is common for recruits to hide behind new Russian passports, which legally place them beyond the reach of their home governments. The real worry now isn’t just the dead, but the survivors; men who stay in Russia with specialized combat training and no clear path except drifting into the criminal margins.

For Cuba, which joined the Russian-led BRICS bloc, estimates suggest up to 20,000 Cubans recruited since 2022, with 200 to 300 killed. El País reported that 40 percent had previously served in the Cuban Armed Forces, suggesting state awareness. Due to the high percentage of active military personnel and ex-military personnel fighting under the Russian banner, Cuba’s government may be tacitly permitting the recruitment pipeline.

Unlike Nepal or India’s aggressive crackdowns, Havana’s muted response raises questions about quid pro quo arrangements with Moscow, particularly as Cuba faces a severe economic crisis and depends heavily on Russian support.

“Travel bans and efforts by governments to stop their citizens from volunteering will have some impact, though the overall numbers are still small in general terms,” Plitsas observes. “Augmenting Russian troops with foreign troops has also proven to be efficient, though poor training and equipment limit overall effectiveness.”

The offensive exploits global inequality while exporting costs to nations with limited pushback capacity. While Moscow claims foreign recruits demonstrate international support for the war, the reality is much bleaker: it’s a trafficking operation that targets the poor and desperate. The same thing happened in Syria and Iraq, demonstrating to the international community that a handful of combat-hardened veterans can destabilize an entire country.

When these men return to Africa or South Asia with expertise in drone strikes and urban warfare, they often don’t just go back to civilian life; they become a ready-made kit for insurgencies or criminal groups.

“Foreign governments have taken some steps to try to stem the flow of foreign fighters supporting Russia, but the populations involved have been relatively small, and it hasn’t been seen as a significant enough problem for home governments to take more significant action to date,” Plitsas explains.

He identifies structural challenges.

“Many of the fighters come from countries that are friendly to Russia, and so banning travel, or things of that nature, becomes more difficult given the status of the relationship between the countries,” Plitsas continues. “Also, when you’re traveling abroad and need a visa, the country you are traveling to has to grant it to you. Russia is incentivized to allow the flow to continue, as the burden is on Russia to grant the visa, not the home country. It makes policing the effort very difficult.”

As battlefield casualties mount and domestic constraints prevent mobilization, foreign recruitment provides a crucial release valve for Moscow. As a result, thousands of people have been channeled into war under false pretenses, leaving survivors scarred and equipped with military skills posing long-term security risks.

Yet Ignatov pushes back against the alarmist framing.

“War is a serious trauma, and all soldiers need psychological help. But I don’t think there are any risks of radicalization beyond this problem,” he contends. “There is no radical ideology in Russia that poses a threat of global spread.”

Whether ideological or not, the pattern is clear: Russia’s manpower crisis shows no sign of abating.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

After New START: America Weighs a New Nuclear Strategy

OPINION — “Militarily, the expiration [last Thursday] of New START [2010 Treaty with Russia] enables the United States to take parallel steps. We will complete our ongoing nuclear modernization programs that were initiated while New START entered into force. The United States also retains non-deployed nuclear capacity [some 1,900 stored nuclear warheads and bombs] that can be used to address the emerging security environment, if directed by the President. Such actions include expanding current forces, diversifying our capabilities, developing and fielding new theater-range nuclear forces, and adapting our extended deterrence posture as necessary.”

That was Under Secretary of State for Arms Control and International Security Thomas DiNanno speaking in Geneva last Friday at the United Nations Conference on Disarmament in Geneva.

One day earlier, in a post on Truth Social, President Trump offered this arms control idea: “Rather than extend ‘NEW START’ (A badly negotiated deal by the United States that, aside from everything else, is being grossly violated), we should have our Nuclear Experts work on a new, improved, and modernized Treaty that can last long into the future. Thank you for your attention to this matter! PRESIDENT DONALD J. TRUMP”

Having written about nuclear weapons and covered arms control efforts over the past 60+ years, I thought I would join with others to offer some ideas on where we are now and where we ought to be headed. But rather than doing it alone, I thought I would include some matters raised by former U.S. government nuclear weapons and arms control experts who testified last Tuesday before the Senate Arms Services Committee during a hearing on the post-New START treaty environment.

Let’s start with who is at Trump’s future negotiating table. Trump and other U.S. officials have said China along with Russia has to be there, although so far the Chinese have refused to discuss their nuclear programs. Russian President Vladimir Putin, in response to the Chinese participating idea, said he would then want the United Kingdom and France, two other nuclear powers, also included.

At last week’s Senate Armed Services hearing, Rose Gottemoeller, the lead U.S. negotiator for New START and now Lecturer at Stanford University and Research Fellow at the Hoover Institute, gave what I believe would be the best ideas for the way forward.

She said, “I do not support trying to do a trilateral negotiation. I believe that these negotiations [with Russia and China] should be done in parallel. We have 50 plus years of experience limiting and reducing nuclear weapons with the Russians. We can continue that kind of process [to include tactical and hypersonic nuclear weapons] with them.”

Gottemoeller added, “And by the way, I agree that non-strategic nuclear weapons [should be included]. We did not constrain non-strategic nuclear weapons in the New START treaty. It was not designed for that purpose. So to fault it for not controlling those weapons is a bit bizarre, but nevertheless, I agreed with the Trump administration during the first term when they said we need an all-warhead limit in the next negotiation. I think that is definitely the priority we need to proceed on with the Russians.”

Gottemoeller also said, “It's been my recent experience working with them [the Chinese] in track two [non-U.S. Government] settings that they seem very interested in trying to figure out ways to begin a conversation with the United States about nuclear risks… developing better communications, links with them at the strategic level, hotline arrangements, these types of things. I think they are valuable to begin a conversation about the necessity of controlling nuclear weapons at the negotiating table and [for the Chinese] not being so un-transparent about what they're doing with their modernization. That has to be the first and foremost objective talking to them about what their intentions are.”

She added, “I've already spoken about the Chinese. I think they are willing to talk to us now, but it is about risk reduction and the beginning of more predictability and transparency about their nuclear objectives,” matters that up-to-now they have refused to discuss.

Picking up Gottemoeller’s idea for China at the Senate hearing was another witness, retired-Adm. Charles A. Richard, former commander of the U.S. Strategic Command (STRATCOM), and incoming chief executive officer of the Institute for Defense Analysis.

Richard told the Senators, “I think that is an excellent starting point for a conversation with China. There are terms like confidence building and transparency that I would certainly endorse. But fundamentally it comes back to how do you responsibly operate weapon systems with this magnitude of destructive potential. That is to everyone's benefit including China. And I think that makes an excellent starting point for diplomacy.”

The Gottemoeller/Richard approach reminded me of discussions I had had back in the early 1970s with Paul Nitze when he was part of the Nixon team negotiating SALT I. Nitze told me the Soviet negotiators who were Foreign Office diplomats had little knowledge about nuclear weapons thereby leaving most of the negotiations to the Russian hard-line military. As a result, the Americans had to educate the Soviet diplomats about the destructive power of these weapons to get them more active in the negotiations.

Under Secretary DiNanno in his Friday Disarmament Conference Geneva speech said future discussions meant “taking into account all Russian nuclear weapons [strategic and tactical], both novel and existing strategic systems.” DiNanno specifically mentioned Russia’s “nuclear-powered Skyfall cruise missile and its doomsday Poseidon [nuclear strategic] torpedo. New START constrained neither of these systems and Russia has successfully tested both within the last few months.”

Faced with Russia and China, two potentially peer nuclear powers, both Gottemoeller and Richard agreed about the need for the U.S. to increase its nuclear forces.

Gottemoeller said, “I actually agree with the notion that we need to think carefully about the threat that is presented by two nuclear peers by China and by the Russian Federation going forward. And we need to make judicious choices juxtaposed against the other demands on our defense budget. And I mentioned the conventional force posture, but also the new technologies that are coming our way and must be judiciously incorporated into our new weapon systems as well as the whole arena of cyber threats and how we are going to contest the Russians and the China Chinese in that space.”

Richard was much more specific. He said, “I think that the United States needs to immediately start taking steps, steps that are currently precluded by the New START treaty…to include uploading [currently stored U.S. nuclear] warheads to our intercontinental ballistic missiles, removing covers off the four [launch] tubes on our Trident [strategic] submarines that are currently empty [of strategic nuclear sea-launched ballistic missiles], and several other posture steps that should be taken now, and not a year from now.”

At Geneva Friday, Under Secretary DiNanno raised questions about “Russian and Chinese nuclear testing in violation of their respective moratoria on yield-producing nuclear tests.” He said, “The annual U.S. compliance report has previously assessed that Russia has failed to maintain its testing moratorium by conducting supercritical nuclear weapons tests.”

DiNanno also disclosed, “Today, I can reveal that the U.S. Government is aware that China has conducted nuclear explosive tests, including preparing for tests with designated yields in the hundreds of tons…China has used decoupling – a method to decrease the effectiveness of seismic monitoring – to hide their activities from the world. China conducted one such yield producing nuclear test on June 22 of 2020.”

However, at the Senate hearing, Sen. Jacky Rosen (D-Nev.), talked about the Nevada National Security Sites where the U.S. has carried out its nuclear testing saying, “Today the site's underground laboratory is undergoing major mining and construction to provide enhanced capabilities for sub-critical experiments [that are allowed because they don’t involve a nuclear yield] and it will host in the near future two of the most capable weapons radiographic systems in the world.”

Rosen added, “Together with other efforts, these machines will provide greater certainty and data about the performance of the U.S. nuclear stockpile. Far better data, experts say, than the information that could be gleaned if the U.S. were to break the [1992] moratorium [on underground nuclear testing] and conduct an explosive nuclear test, as the President [Trump] and some in his orbit have advocated.”

Rosen then got ret.-Adm. Richard to agree that while he was STRATCOM commander four years ago, U.S. sub-critical experiments and robust computer modeling provided data that led him to certify the military effectiveness of our stockpile without the need to resume explosive testing.

Gottemoeller added, “President Putin himself said that they would only resume testing on a

reciprocal basis with the United States. So, I would expect that to be the outcome. And I do expect that it would disadvantage us, you know, because we conducted more explosive nuclear tests than any nuclear weapon state. We have more data available to us with which we are able to do a massive amount of calculation and other activities in order to assure our stockpile is safe,

secure and effective.”

Gottemoeller and Richard both delivered their own views on the advantages of arms control.

“Stable deterrence is driven by predictability and nuclear negotiations done right deliver predictability,” Gottemoeller said. She added, “The effect comes about because restraints on our opponents reached through agreement bolster predictability which in turn supports our nuclear forces in their drive for reliable, stable and effective deterrence. Lack of predictability by contrast feeds uncertainty about the status of the nuclear forces among our adversaries, which means we may end up spending more than we have to on nuclear weapons and their delivery vehicles.”

Richard said, “Our entire nuclear deterrence posture is designed to, by threat of escalation, convince your opponent -- have a perception in your opponent's mind -- that restraint, inaction is their least bad course of action. And that has been successful for over 60 years in deterring not only nuclear attack on the United States and our allies, but has made a great contribution to the deterrence of great power war.”

I want to close with a reminder that I often use when discussing nuclear weapons. That is to remind readers the original handful of nuclear weapons were built by U.S. scientists, including Dr. J. Robert Oppenheimer, as terror weapons, to kill as many people as possible to end a war – not to fight one.

And as ret.-Adm. Richard noted above, despite the much too large a number of both tactical and strategic nuclear weapons that have since been built and exist today, none has been used in a war situation since two were used in 1945, and they did end a war.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

The Former Head of NSA on the Future of U.S. Cybersecurity

EXPERT INTERVIEW -- General Paul Nakasone (ret.) has spent a career at the very center of America's most invisible battlefields. He has served as both director of the National Security Agency and commander of U.S. Cyber Command, two roles that sit at the intersection of intelligence, technology, and modern warfare. During his tenure, cyber operations moved from the shadows into daily strategic competition as the United States confronted persistent threats from China, Russia, Iran, and criminal networks operating at a nation state scale.

General Nakasone prioritized a doctrine of persistent engagement, challenging adversaries continuously in cyberspace rather than reacting to incidents after the fact. It was a shift that reshaped how the U.S. thinks about deterrence, escalation, and defense in a digital age. It feels even more important today, as artificial intelligence accelerates decision-making and blurs the lines between peace and conflict.

Since retiring, General Nakasone is continuing his mission as the founding director of Vanderbilt University's Institute of National Security. He also serves as a board member and advisor to some of the world's leading technology companies. General Nakasone is also being recognized with this year’s Impact in Cyber Award, being presented at The Cipher Brief Honors Dinner in Washington in March.

I spoke with General Nakasone on Friday for the State Secrets Podcast. Below are highlights from the conversation, lightly edited for length and clarity. You can also listen to the full interview of the State Secrets podcast available wherever you listen to podcasts.

General Paul Nakasone (Ret.)

General Paul Nakasone (Ret.) served as Director of the National Security Agency (NSA) and Commander of the U.S. Cyber Command from May 2018 to February 2024.

THE INTERVIEW

Kelly: You've argued that persistent engagement really changed the cyber battlefield. Looking back, where do you think it succeeded beyond expectations and where did it fall short against adversaries like China and Russia?

Gen. Nakasone: I think when we think about cyber, remember, this is a very dynamic environment. When I took over as both the commander and director in 2018, we were coming out of the 2016 elections. And one of the guidance points from President Trump and the secretary of defense was that we can't let this happen again. We cannot have a foreign nation attempt to influence our elections.

We looked at what we had done and what had occurred and we came to the realization that this is not an episodic event where we can just come and do our business and then leave. We must be engaged every single day. And so this idea of persistently engaging with our adversaries was born. It worked quite well in terms of the security of the 2018, 2020, 2022 and 2024 elections. It's worked against a series of different adversaries, Iran, Russia and China. But I think the point is that the environment is dynamic. To your point, as we look at greater scale and scope of adversaries like the Chinese, persistent engagement must also change. We need new partners, new techniques and new technologies. Those are things that we must be able to look at and be able to practice every single day.

Kelly: Midterm elections are coming up later this year. There is certain to be a lot of politics and political messaging around those elections. What are you focused on strictly from a cybersecurity awareness perspective when it comes to securing the midterms?

Gen. Nakasone: As a private citizen, I'm very, very interested in what foreign adversaries might try to do to influence our election. That's what the National Security Agency and U.S. Cyber Commander focused outside of the United States. I want to make sure that there is no nation that can influence what goes on in our electoral processes. That was what I was doing as a military member, and that's what I'm focused on now as a private citizen.

Kelly: Is there more that you can do from the private sector side in terms education? What are you trying to do at Vanderbilt?

Gen. Nakasone: We're really trying to do three things at the Institute of National Security. First, we’re building the next generation of national security leaders. Whether those leaders are in the private sector or the public sector - it's very, very important that we're able to do that.

The second thing we're trying to do is to provide pragmatism to theory. This is one of the things that Vanderbilt and our Institute takes great pride in by saying, ‘Hey, there's a lot of theory out there, but let's make a pragmatic approach to securing the critical infrastructure or looking at new ways in terms of being able to identify and solve hard problems.’

And the third thing we do is we educate. I mean, that's what great universities do. That's what Vanderbilt does. Whether we’re educating our students or whether we’re educating our faculty or whether we’re educating the broader public, that's what we're trying to do at the Institute of National Security.

Kelly: Cyber deterrence is an issue that comes up a lot. Is cyber deterrence something that exists today or are we still stuck in this model of continuous contact without any clear red lines?

Gen. Nakasone: I don't think cyber deterrence is the same thing as nuclear deterrence. Certainly, that's not an analogy I would use. But here's what I would use: we need to be very, very proactive in what we do to be able to secure the domain that we utilize for so many things every single day. And so again, this idea of persistent engagement, I would tell you that that's the right way we've got to approach it. But we need greater partnerships, we need greater technology with greater scope. And I think there are new ideas that need to come to fruition here. So, as the national cyber director gets ready to release his national strategy, I look forward to what he's going to say about how we involve academia or the private sector or private citizens in terms of what we can do to secure this domain that's so important to our nation.

Kelly: There's a whole lot of breath holding over when that national strategy will be released. What are some of the key components of the new strategy that you hope to see?

Nakasone: I'm hopeful to see a very, very strong focus on partnerships. What is it that the government does best? What is it that the private sector does best? What do we, as private citizens need to be able to do? I'm also looking for a component of, ‘How do we look at this and look at our threats differently?’ There's a broad range of threats that we face in cyber states, nation states, non-nation states, criminals. These are all different areas that need different approaches. I'm looking for a strategy that can take care of all of that. And any great strategy should motivate us, should make us think, ‘Wow, this is exactly the way we want to be able to do things and to conduct ourselves to solve these tough problems.’

Kelly: You talk a lot about partnerships. I'm proud to say that Sir Richard Moore, who just recently stepped down as the chief of MI6, is also a fellow honoree at this year's Cipher Brief Honors Awards for his impact through alliances, because alliances and partnerships are so critical. Can you talk a little bit more about how you see partnerships evolving in the future given how dramatically technology is changing the battlefield in cyber?

Gen. Nakasone: Before I talk about that, let me just take a step back and congratulate my fellow honorees, Gilman Louie and Sir Richard Moore and Janet Braun and David Ignatius. These are true giants of what has gone on. I think to be mentioned in this same category of honorees, is really very humbling. I congratulate each one of them. And I'm really looking forward to the HONORS dinner on the 13th of March.

With regards to partnerships, we just had the honor of hosting Sir Richard Moore at Vanderbilt University for a talk. And one of the things that we both agree on very strongly is that we're much better together than we are separately. What I'm always trying to emphasize in partnerships is that we can do things much better collectively than we can alone. As you take a look at what Richard Moore has done throughout his entire life, it's been a series of incredible partnerships that he's been able to foster. I feel the same way. This partnership needs to expand, it needs to be broader and it needs to be inclusive of more nations, more technologies, more industries that can help us be even more secure in the future.

Kelly: Let’s talk about China. What do think Beijing has learned from Russia's performance in Ukraine and do you think anything surprised them?

Gen. Nakasone: I think the first thing that they probably were surprised at is how much the United States intelligence community knew about what was going to take place on the 24th of February 2022. And the administration released that information publicly. I'm sure that shocked the Chinese.

The second thing I think they learned is that the Russians were not that good. And what has occurred over the past three plus years of seeing the loss of life and the loss of equipment, that must have really provided a pause to the Chinese as they think about the future.

The third thing that they've clearly demonstrated is that they've learned they cannot stop supporting Russia. They are the number one supporter of what Russia has been able to do in Ukraine - and continues to do. And even with that, they have not been able to overcome the Ukrainians. Those are the three lessons that I think the Chinese probably have thought about as they look back on the three plus years of this conflict.

Kelly: Do you think China is more likely to use cyber operations as a prelude to any kind of kinetic conflict with Taiwan?

Gen. Nakasone: One of the things that I think the department and certainly I have agreed with is that probably the first shots of any future conflicts are going to take place in cyber and space. And I would include space in that as well. Space is a competitive advantage for our nation, just as cyber is. But as any adversary looks to the future, I don't think they say, ‘Hey, let's go ahead and just wait for this conflict to take place. Let's make sure if we're going to take on the United States that we nullify their competitive advantages’ and the competitive advantages begin with space and cyber.

Kelly: Kevin Mandia, whom you’ve worked with over the course of your career, told how incredibly good Russia is in cyber. They once sort of dominated the cyber conversation. Do you think they're still a top tier cyber adversary? Or has the war in Ukraine exposed a lot of their structural weaknesses?

Gen. Nakasone: I would agree with Kevin that they are a top power in terms of their cyber capabilities, but they're not the best power. Of our adversaries, clearly, it's the Chinese. In the sense of their scale and their scope of what they're able to do, it's much different than what the Russians can do. But there's no one, none of our adversaries today can replace what the Russians are able to do in the information operations space. They are masters at it. And I think that's one of the ways I think about vigilance in the future. I think about how we protect ourselves from that.

Kelly: Let's talk about technology. You focus so much on this. AI is rapidly changing, intelligence collection and analysis also. What do you think is the most dangerous misconception that policymakers have about AI's role in national security right now?

Gen. Nakasone: If we're going to talk about AI, the first thing we need to do is return to the advent of ChatGPT in November of 2022. What have we seen in terms of change? And this is one of the things that I think is important for all of us to realize in what a little over three years, we have seen prompts go to text, to video, to recordings, to reasoning, to deep research. And now to agents. This is the landscape upon which we see AI operating today. I think one of the great misconceptions about artificial intelligence is believing we can just go ahead and put in a prompt and that’s all that’s going to occur. It's not that simple. It still requires a human component to what you're going to do. If you want to be a power in AI, you need four things. You need chips, you need data, you need energy. And the final thing is you need talent. And those are the four components that I think most people don't think about when they think about artificial intelligence.

Kelly: At what point do you think AI stops being an enabler and starts becoming a vulnerability, especially inside military and intelligence decision-making loops?

Nakasone: Artificial intelligence is just like cyber. It’s really just like any capability. It has both its strengths and weaknesses. If we focus on agents, they will able to do all of these things for us. But you're going to want to understand what they're doing, and then protect those agents from those that may try to make the agents do something they shouldn't be doing. One of the things that artificial intelligence shows us is that there are great capabilities here. But there are also incredible challenges with regard to being able to have visibility on them, have control over them, protect them, and then be able to truly understand what they've done.

Kelly: Should the U.S. be willing to accept less explainability in AI systems in exchange for speed and advantage?

Gen. Nakasone: Whenever we talk about a technology, there must be transparency of that technology. We must have a degree of security and feeling of safety that this technology is going to be utilized and that it comports with our norms and values - that it does things we want it to do. This is important. When I think about that, speed is an incredibly important capability of artificial intelligence. But I would also say security is the other ‘S’ that we can't ever forget.

Kelly: What does the next five or ten years look like to you?

Gen. Nakasone: One of the things we don't talk a lot about that I'm very excited about is being able to use artificial intelligence in an enterprise manner, being able to use these models to take a look at code and correct bad code, that is really the responsibility for the vast majority of weaknesses in our cybersecurity posture and is one of the things that we should be able to correct immediately.

The second thing is, wouldn't it be wonderful if we can continue to use artificial intelligence to discover new cures, new medicines for diseases that we have not been able to be able to address in our lifetimes? And the final thing I'm really excited about is using artificial intelligence for education - being able to look at a broad classroom of users – both the smartest and those that are struggling – and giving them the same ability to advance given the fact that this artificial intelligence is almost like a tutor to those students. That's a fairly heady thing that I think about when I think about the next five years.

Kelly: You also sit on several boards and serve as an advisor to a number of companies. I'm wondering from that position, do you see the cyber landscape any differently than you did when you were serving in government?

Gen. Nakasone: One of the things I’ve certainly realized, and I realized it to a degree as the director of NSA and as commander of U.S. Cyber Command, but that I realize even more fully now, is the power of ingenuity within our private sector. If you look at what is being done in places like Silicon Valley and Austin and Seattle and Boston and in Nashville and other places throughout the United States, it's truly amazing. And I say that as we look at our future, one of the things that I always emphasize to audiences is that our government should be focused on the things that we have competitive advantage in. And everything else - we should have our partners do. So, I'll bring that back to the National Security Agency.

No one breaks code or makes code better than the NSA. Everything else, we should have partners with. That's a little bit of my realization as I've made the journey from military officer to private citizen.

Kelly: Now that you’re in the private sector, how do you feel about the dual-hatted role over NSA and Cyber Command?

Gen. Nakasone: My thoughts on the dual hat really haven't changed since I was the commander and the director for six years. And that is within a domain of cyberspace where speed, agility and unity of effort really matter. Having one person that directs both organizations, one that has all of the authorities to do what we need to do to defend and to provide offensive capabilities in cyberspace, and one that has the intelligence components and capabilities that are second to none in the intelligence community, is important. Having one person direct that and say, this is what we need to focus on, is an advantage to the nation, particularly when we have a series of adversaries that at times have larger components than what we do. I think that this is really the secret sauce for what we do in cyberspace.

Kelly: What lessons have you learned from that model?

Gen. Nakasone: I want to share two lessons that I think are relevant for those that are in the private sector. The first is among the best pieces of advice I received early on in my tenure. It was from a retired four-star who said to me, ‘Paul, these two jobs are easy.’ And it was like, you know, day three of my tenure and I could barely find my desk. And he said something that I never forgot. He said, ‘What is it that only you can do that the organizations depend on you to do? And once you figure that out, you'll focus your time on those things.’ It took me a little while to really understand truly what it was that only I could do as both the head of NSA and of Cyber Command. But once I did, that's what I focused on. And that really allowed me to be able to shine a light on the areas that we had to and to get after and understand better the challenges to our nation.

The second piece of advice I received was also really important. And that was that you must be able to communicate. You must be able to talk to a number of different audiences; Congress or the White House or the Secretary of Defense or your own workforce. I really learned very early on that being able to communicate was one of the things that I had to do effectively. And being able to communicate not only with those in government, but also the public sector and for someone who spent his life in the intelligence community, talking in a room of people who were listening and asking questions was something that I had to become comfortable with.

Kelly: NSA is going through a shift since the former commander was dismissed last year and don’t have a confirmed leader yet.

Gen. Nakasone: I'm really excited that Josh Rudd now has been to his confirmation hearings. I would anticipate that he's been voted out of committees, that he'd be confirmed very, very soon. And having a confirmed leader of both organizations is really the true good news story here moving forward. We need to look forward, not in the rear-view mirror, and being able to think about what are the things that he's going to need to have from a broad area of partners to help him be successful. I think about anything that we can do to make his tenure even more successful.

Kelly: When you held those roles, there was really an evolution in the partnerships between the private sector and government. Do you see that evolving under the next director as well?

Gen. Nakasone: I think it must. If you're going to look at having capacity and capability in cyberspace, you must have a series of partnerships with the private sector. And that includes both the National Security Agency and U.S. Cyber Command. But I think the partnerships don't start there. It's also international partners that I think that are really important. I think that there's a series of academic partners. Certainly, we at Vanderbilt University look forward to being a great partner to the new commander and director. But I also think there are a series of partnerships today that perhaps we haven't even thought about. Partnerships with perhaps non-government organizations or partnerships with other entities that have placement and stature within cyberspace that can assist us.

Kelly: You've worked for multiple administrations and you've done a tremendous job remaining very apolitical. In an era of election interference, of deepfakes and information warfare, how do you think the military stays neutral while defending the system? This is something that's on everyone's mind in Washington and you really seem to be very successfully navigating a difficult space.

Gen. Nakasone: First, I think that that the U.S. military and our military officers need to remember what has been an incredibly successful civil-military partnership. And remember that we work for our elected leaders. And I think it's important that we're very, very conscious of anything that we say, whether we're in uniform or out of uniform, that can be construed as being critical or being supportive or anything like that with regards to our political leaders. We have a mission to defend the Constitution.

We also have a focus outside the United States and being able to continue to do that is something that's very, very important to us. And continued civil discourse is one of the things that I really hope continues to improve and being able to listen to people and understand that they may have a radically different opinion than your own. Listening is the first part of understanding. I think that would be one of the things that I hope our future leaders continue to remember.

Kelly: Let’s close with what’s happening outside the U.S. If you had to describe to the average American how serious the threat is from China, how would describe it?

Gen. Nakasone: I think when you consider China or any adversary, one of the things you should measure is what their capabilities are in terms of their military, their economic stature, their informational powers, and even their diplomatic capabilities.

If you look at China today, think about their economy. Fifty years ago, when President Nixon went to China, they had a gross domestic product of $114 billion. Today, it's approaching $18 trillion. And to give you perspective, our gross domestic product in the United States is about $25 trillion. There's been incredible, incredible growth in their economy. Today, they're the number one manufacturer in the world. The next nine countries cannot equal the percentage of manufacturing that takes place in China every single day. Militarily, they have the largest Navy in the world - not the best - but the largest.

If you look at their information capabilities, think about TikTok. Over 60 % of the United States clicks on TikTok every single day to get their news. And then if you look at their diplomatic prowess, they've been able to establish a series of partnerships through the Belt and Road Initiative and being able to obviously bring on several partners that were never ever available to them in the past. This is a nation that has increasing capabilities and has designs not just on being a regional power but being a global power.

That's something that we as Americans need to think very hard about. And if you look at our values and what we stand for, they are dramatically different than what China stands for.

Kelly: Is there anything on your mind that I didn't ask you?

Gen. Nakasone: Let me just come back to what I do as my focus and my passion right now, which is continuing to educate the next generation of young people that are going to be part of our national security apparatus. People ask me whether I’m positive about our future. I would tell you, I am extremely positive about our future because I get to work with some of the smartest young people in America at Vanderbilt University every single day. When I look at the 18 to 20-year-olds, 22-year-olds that are thinking about the opportunities and challenges that face them, this is truly one of the things that I think provides a great dynamism to our nation.

As we close today, I would tell you that I'm incredibly optimistic as I look to the future with the young people who are coming up and I look forward to seeing what they're going to do in their lifetimes.

Read more expert insights into national security in The Cipher Brief. And find out more about The Cipher Brief HONORS Awards happening March 13 in Washington D.C.

Xi Jinping Tightens Grip as China’s Military Purge Deepens

OPINION — In China, the Chinese Communist Party (CCP) “commands the gun”, and Chinese President Xi Jinping controls the one million members of the CCP. In October 2022, Mr. Xi was elected to an unprecedented third term as Secretary General of the CCP and President of the People’s Republic of China.

Mr. Xi succeeded Hu Jintao as Secretary General in November 2012 and immediately proceeded to expel Politburo member Bo Xilai from the CCP and Zhou Yongkang in 2014, responsible for China’s security services and one of nine-members of the powerful Standing Committee of the Politburo. This was the beginning of Mr. Xi’s anti-corruption campaign – and the removal of political rivals.

The anti-corruption campaign continues, with over 115 senior officials investigated in 2025 and reportedly over 60 punished.

But what got the public’s attention was the removal of defense ministers Wei Feng he and Li Shangfu in October 2023 and June 2024. Then in 2025 the removal of General He Wei Dong, Vice Chairman of the nine-member Central Military Commission (CMC), for “serious violations of Party discipline” and Admiral Miao Hua, Director of the CMC’s Political Work Department.

Also removed from the CCP in October 2025 were eight additional senior military officials, to include Lin Xiangyang, former commander of the Eastern Theatre Command responsible for Taiwan; Wang Houbin, former commander of the Rocket Force, responsible for China’s nuclear and missile programs and Wang Chunning, former commander of the People’s Armed Police.

During the 1970s and 80s, both General He Weidong and Admiral Miao Hua were assigned to the 31 Group Army in Fujian Province, responsible for any potential military operations against Taiwan.

And now, in January 2026, Mr. Xi continued with his purge of the military, with the removal of General Zhang Youxia, senior Vice Chairman of the CMC and China’s most senior general and General Liu Zhenli, Chief of CMC’s Joint Staff Department responsible for planning and operations. Both generals are accused of committing severe violations of party discipline and state laws.

General Zhang is also a member of the Politburo and a close associate of Mr. Xi. Their fathers fought together in the Chinese civil war with Mao Zedong’s forces that eventually prevailed in 1949. For Mr. Xi to purge a fellow “princeling” – descendants of revolutionary elders – must have shocked senior officials in Beijing wondering when does this hollowing-out of seniors in the military stop, and if they’re next.

General Zhang. as vice chairman of the CMC, had direct responsibility for military strategies concerning Taiwan. He was responsible for planning for potential conflict with Taiwan. General Zhang was an outspoken proponent of forceful unification, saying the military would “show no mercy” if Taiwan declared independence.

In late December 2025, China’s military conducted large-scale drills around Taiwan – “Justice Mission 2025.” This was the sixth major exercise since 2022, simulating a full blockade of Taiwan, with naval vessels and aircraft testing joint operational capabilities; deploying warships, bombers, and fighter jets to encircle Taiwan. The exercise was designed to test China’s ability to seal off Taiwan’s major ports, while simulating strikes on land and sea targets.

These “gray zone” tactics were meant to intimidate the public and exhaust Taiwan’s defense resources.

It is quite possible that Mr. Xi removed generals Zhang Youxia, He Wei Dong and Liu Zhenli, all members of the 7-member CMC designed for rapid decision-making and China’s highest military command, with Mr. Xi as its chairman, due to disagreements over Taiwan. All these generals, and general Lin Xiangyang, former commander of the Eastern Theatre Command responsible for Taiwan, were responsible for military operations against Taiwan.

Mr. Xi demands loyalty from all CCP and military colleagues. It’s possible that Mr. Xi’s military colleagues were pushing for a kinetic move against Taiwan in 2027, a date that Mr. Xi said China would have the military capability to kinetically move against Taiwan.

It appears to me that Mr. Xi was not prepared for a kinetic move against Taiwan, despite what his military generals were strongly advocating. And when Mr. Xi got push back from his generals, he removed them. In China, the CCP controls the gun, and Mr. Xi controls the CCP.

The author is the former Associate Director of National Intelligence. All statements of fact, opinion or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S government authentication of information or endorsement of the author’s views.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

From Secrets to Sensors: Why Open Source Data Must Drive Modern Intelligence

THE BLUF / COLUMN — The Department of Defense is on a tear to revamp technology for warfighters. Secretary Hegseth signed an AI strategy on 9 January. Prior to that he called for an Enterprise Command and Control Program Office that would provide a real time battlespace picture for military commanders, something that has been talked about for years but never completed. The urgency is clear. The intelligence community must play a large part in this Department of Defense technology transformation if it wants to remain relevant to the warfighter and decision makers. Key for the intelligence community will be to fundamentally rethink its relationship with open-source data. To be most useful for the decision makers and operators, the intelligence community must rebuild itself on the backbone of open-source data and commercial technology.

Not only is data important but because of the volume and complexity of that data, so is the technology that can sift through the data. Public domain data must be the first place to gather trends and threat warnings that feed the many watch centers across the department of defense and intelligence community which should be the basis of the enterprise command and control picture. Much of the technology already exists for sifting through the data; fusing it into one picture will be a feat. The intelligence community, however, must make cultural changes first to accept the importance of the technology and public data, and secondly to acquire the technology and data on a timely basis.

Need for Change

The intelligence community has struggled with adopting the reality that to remain relevant, it must embrace publicly and commercially available data into its threat and warning process and use the powerful technologies that the commercial world is developing to sift through that data. There has been much work in this area across the intelligence community and some of it has been groundbreaking but the work has not been comprehensive, integrated, or fast. There are boutique enterprises that have developed their own high-tech way forward but when it comes to scaling such technology across the intelligence community or within the Defense Intelligence Enterprise, the hurdles are huge. Each intelligence agency claims its own security issues and erects fences against cross intelligence technology modernization. Even organizations like the Defense Innovation Unit or IN-Q-TEL focus on discreet requirements, not the wholesale cultural change needed to bring in the latest commercial technology that can support warning and security. Neither the Director of National Intelligence nor the Office of the Secretary of Defense for Intelligence and Security have been able to lead the intelligence community to making this cultural and technology change a key priority. As the largest part of the intelligence community, the Defense Intelligence Enterprise needs to lead the way in developing a high tech, open source, data rich environment for its customer base. Military commanders need a real-time, complete, and high-quality battlespace picture to quickly make informed decisions, take direct actions, and assess the high volume of potential targets and threats.

The capabilities that are available for plugging into this warning and targeting picture are endless. For example:

Warning Against Biological Events: Technical sensors and human sensors worldwide record biological events and provide data on disease upticks and hazardous environments. Environmental & Biosensors are global and are critical tools for detecting, quantifying, and interpreting dynamic changes in environmental or biological systems. There are multiple crowd sourced disease outbreak platforms. Biosensors, local reporting, and crowdsourcing technologies monitor everything from air and water quality to metabolic and cellular activity in real time. Technology can combine these complex platforms and sensors to read the data and provide intelligence analysts a real time global map of trends ad anomalies, that once fused with other intelligence could lead to early detection of a pandemic, an industrial or environmental bio event, or development of a WMD. Such a real time platform, based on open source data would also support military and clandestine operations by providing information to the operator about the environment they will encounter. Such maps are currently available either through a subscription or to the public but not one that fuses all this data.

Humans as Sensors: Combing through social media to provide on the ground sentiment analysis can help intelligence analysts provide warning of threats or instability or to provide information on how populations are responding to real time events. This commercial tool, used heavily by marketing firms, can augment State Department and other reporting on in country sentiments and provide insights into socio cultural priorities and concerns.

BLOCK Chain Intelligence: Blockchain intelligence can enable proactive disruption and analysis of adversaries by providing data on how they are using virtual assets for revenue generation. This process allows provides a high-level overview of a country's cryptocurrency usage, which could provide valuable insights into the nation’s overall economic health and strategy. It also provides detailed information on an individual or entity’s financial activities that can illuminate patterns and processes. The importance of blockchain analysis was underscored in 2024 when the US Senate Committee on Armed Services recommended that the Department of Defense (DOD) explore blockchain technology to potentially revolutionize national security. In the committee’s 2025 National Defense Authorization Act (NDAA), they instructed the Secretary of Defense to investigate and test potential blockchain applications for DoD.

As the Department of Defense has made clear, commercial solutions for trend analysis, finding anomalies, and providing data for decision makers are abundant. The intelligence community already has some of these abilities. What is missing is the fusion of this data into one picture and the ability to use the tools at scale.

Starting with Cultural Change

In order to provide the intelligence needed for an increasingly complex world, we need to fundamentally change the practice of intelligence to accept the importance of publicly available and commercially available data. Additionally, the intelligence cycle needs to change. The intelligence cycle needs to start with open source information and data. This means that the intelligence community also needs to incorporate the technology and the algorithms that will allow today’s intelligence professionals to see trends, anomalies, and threats in that data. This data then should be fused with intelligence collected by the traditional intelligence disciplines to provide decisionmakers and operators with all the information they need to perform their jobs.

Further, to demonstrate the importance of harnessing the publicly and commercially available data, the intelligence community must develop an open source center that brings together the myriad open source/PAI/CAI and data sifting technologies that industry currently is building. The high-tech center would be the first step for intelligence analysts of all types in building threat and warning analysis and targeting. This center would be a place where the US and its allies could share data and techniques to build a global warning picture. It would be the intelligence community’s beginning of the Enterprise Command and Control picture or the Common Intelligence Picture.

We will need creativity and leadership to move forward with this generational change in how the intelligence community does business. If this major shakeup does not begin soon, the US will lose its edge and remarkable, intelligence driven operations like Absolute Resolve will become amazing stories of American glory that we recount to our grandchildren. The change can happen now

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

The Kremlin Files: Russian Double Agents and Operational Games

THE KREMLIN FILES / COLUMN — There are similarities among intelligence agencies worldwide. All professional services rely on tradecraft to recruit and manage assets. They all operate within bureaucratic systems and ultimately answer to political leaders. At a basic level, espionage tradecraft is a common professional language. However, Russian intelligence services (RIS) differ significantly from their Western counterparts in several key aspects. First, their primary mission is not to serve the interests of the Russian people, nor to protect the country's constitution; instead, their loyalty is to the regime and Putin’s personal political survival. And secondly, in terms of tradecraft, they differ from the CIA and other Western services in their approach and tactics. One of the most important—and often misunderstood—aspects of Russian intelligence is their use of double agents, known in Russian intelligence doctrine as operational games (operativnye igry).

For Russian intelligence, operational games are not just niche skills or occasional counterintelligence tactics. They are fundamental. Double agent operations are central to how Russian agencies define success, justify their importance, and maintain their institutional identity. Whether other collection methods succeed or fail, the RIS reliably and continually default back to operational games. Therefore, understanding how and why the RIS use double agents is essential to understanding Russian intelligence itself.

Before examining how these operations work, it is important to get the terminology right, and something that even experienced national security reporters, espionage writers, and analysts in the West frequently get wrong. The term double agent is often misapplied to describe penetrations of one intelligence service by another. In reality, these are two very different phenomena.

A penetration is an agent who betrays their own service to spy for a foreign power. Aldrich Ames, who recently passed away three decades after he was arrested, was a traitor and a penetration of the CIA by Russian intelligence. He was not a double agent.

A double agent, by contrast, is an intelligence asset who is knowingly and deliberately directed by one service to engage another in espionage. The controlling service uses that agent to feed information (called feed material) —true, false, or mixed—to the adversary. They do so to simultaneously study the adversary’s tradecraft, collection priorities, and decision-making.

In the Russian system, double agents also serve a bureaucratic function: they generate statistics, “success stories,” and operational narratives that demonstrate effectiveness to political overseers and ultimately to Putin himself. Putin knows this; after all, he was a Lieutenant Colonel in the KGB Second Chief Directorate (responsible for Counterintelligence for the USSR), and he later headed the FSB himself.

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Double agents are used in the West and by the U.S. services, but we don’t lie to our government about the origins of the cases or pretend they are real counterintelligence successes when they reach their conclusion. The distinction is not academic. It lies at the heart of how Russian intelligence thinks about espionage. Every year, the FSB publishes an annual report and claims statistics on hundreds of alleged spies it has caught. The vast majority of them are invented, manufactured, or the FSB’s own double agents. In other words, they are not real cases.

Russian services employ multiple varieties of double agents and operational games. They have many names, including the initsiativnik, which is a false volunteer who often “walks in” to an embassy. Also used is the podstava, or dangle, in which Russian services will use the routine of an intelligence officer, diplomat, or journalist and insert the “dangle” right in front of the target at a gym, reception, or other function to appeal to the target. There are still more different varieties and names for other types of double agents.

These operations are not limited to targeting foreign intelligence services. They are also used against businesspeople, journalists, diplomats, nongovernmental organizations, and even Russian citizens themselves. The objective is often not solely intelligence collection, but also control, as the Russians say, to have the target “pod kontrolem,” or under 100% operational control and influence. That is why the Russians prefer, though not exclusively, to carry out double agent operations on Russian soil. Abroad, they are less confident that the SVR or GRU can fully control their double agent during meetings with the adversary.

The end goal is to ensnare, compromise, manipulate, arrest, or extort targets for recruitment and long-term exploitation. A few examples from history help illustrate Russian intelligence’s fixation on double agents, dating back to its earliest institutional roots.

The Cheka and later the NKVD/OGPU perfected operational games in the 1920s through landmark deceptions such as Operation TRUST. With the TRUST operation, the OGPU (Soviet counterintelligence at the time, another forerunner of the KGB) created a fictitious anti-Bolshevik underground to lure in Western intelligence services and Russian émigrés. TRUST sent intelligence officers to the West, or cooptees, who they intimidated to pose as members of this fake organization that claimed to stand against the Bolsheviks.

The operation ran for years, successfully feeding disinformation to multiple foreign services while identifying, neutralizing, or recruiting their agents. They often lured Russians home to “help in operations” only to have them arrested, interrogated, and usually shot in the back of the head in a Chekist-style vyshaya mera (highest measure) execution. The TRUST culminated in the capture of the famous British intelligence officer Sidney Reilly, one of the most celebrated spies of the era, who was executed in a similar fashion.

That double-agent tradition continued throughout the Cold War, when Soviet intelligence used double agents not merely to mislead adversaries but also to validate its own competence. Kim Philby, while often remembered in the West as a Soviet penetration of British intelligence, was also used as part of broader operational games to shape Western threat perceptions and protect other Soviet assets. Scores of Western intelligence officers or special operations team members were wrapped up in the Soviet Union or Eastern Europe immediately after World War II, the victims of KGB and OGPU/GRU operational games Philby had detailed to the USSR. Most were eventually executed.

In later decades, the KGB ran controlled double agents against Western services to exaggerate Soviet capabilities, mask vulnerabilities, and manipulate counterintelligence priorities. The Soviet KGB ran a wave of double-agents at the CIA in the late 1980s with false feed material to explain the 1985 U.S. intelligence losses. Rick Ames volunteered and compromised a dozen agents working for the CIA and FBI (Ames was not arrested till 1994). The KGB and later SVR used these operational games and false volunteers to protect him, trying to give CIA and the broader U.S. IC reasons why the compromise may have happened (Circle of Treason is a classic read on this period and all the various games the KGB was playing to protect Ames with false feeds to CIA and the FBI).

These operations reinforced an internal belief that intelligence success could be measured by how convincingly one could influence the enemy’s perception of reality. In Russian intelligence culture, the double agent is not an exception — it is the ideal. In today’s FSB, however, as well as their foreign counterparts, the SVR, the double agent too often is used to justify their very own existence, instead of paying dividends in terms of tradecraft learned or secrets protected. Operations like TRUST are mostly a relic of the past. Today, the FSB is too busy entrapping innocent foreigners like basketball players, teachers, and NGO workers.

The U.S. IC and our Western allies have learned over the decades that the FSB/SVR and GRU have presented double-agent cases to their political leadership as if they were genuine agents caught and arrested, all the while the case was simply that they were double agents. They feed statistics from the FSB each year about exaggerated intelligence operations—more than all the services in the world could carry out against Russia—and also claim to have thwarted all of them. These reports reach Putin and the Presidential Administration to justify larger budgets, which in turn breed more corruption and line the pockets of senior and middle managers.

This is not unique to Russia; it is often the case across the former Soviet countries of Central Asia, where many of the services remain close and subservient to the Russian FSB and SVR. These services, often serving despotic regimes, swear by double agent operations because, in many cases and over many years, the only “spies” they can really uncover are those they falsely created under a double agent operation. They use them against a range of unwitting foreign citizens, including in legitimate business practices, to extort them and their companies for money when brought up on false charges.

The practice has been expanded in recent years by the Russian FSB, particularly its counterintelligence division, DKRO (the Department of Counterintelligence Operations), which uses double agents against journalists, businesspeople, and others to trap them and hold them hostage for exchanges with the West. DKRO was responsible for the false arrest and imprisonment of Wall Street Journal reporter Evan Gershkovich before his 2024 swap with the West.

In sum, operational games and the double agents associated with them allow Russian intelligence to shape narratives, manufacture threats, and create the appearance of omnipresence. They are dirty tricks elevated to doctrine. And they remain one of Moscow’s most effective tools for compensating for broader institutional weaknesses.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

EU Takes Aim at Tehran: IRGC Terror Listing Opens New Front in Europe’s Iran Policy

OPINION — On January 29, Europe found its voice against Iran’s apparatus of terror. The European Union (EU) announced that it is adding Iran’s Islamic Revolutionary Guards Corps (IRGC) to its list of designated terrorist entities. The EU spent years mulling this step and taking half measures. Now, the EU and its member states must use this new much-needed tool broadly and effectively. The EU’s designation should mark the start of Europe’s campaign against the IRGC, not its end.

Formally listing the IRGC will give Europe important new authorities to limit Iranian attacks and plotting on their soil. The EU’s move also has major symbolic value, particularly at a time when the Iranian regime is under pressure at home and abroad.

The EU previously sanctioned some of the IRGC’s branches, leaders, and operatives. But EU member states resisted taking action against the IRGC in its entirety for several reasons, including European fears of Tehran’s reaction. Iran has long been vocal in its opposition to an IRGC designation, warning in recent days that an EU label would have “destructive consequences.” The U.S. unwillingness to lift its own Foreign Terrorist Organization listing of the IRGC was reportedly a key reason why U.S.-Iran negotiations fell apart during the Biden administration.

The EU designation comes on the heels of the Iranian regime’s bloody crackdown against its own outraged people. The EU’s decision—reached by consensus among its 27 member states—lends Europe’s united voice to the Iranian protestors’ indignation against their oppressors.

The EU action also sends a powerful message to Tehran that it should refrain from conducting attacks on European soil against its perceived enemies, particularly Iranian dissidents and Israeli and Jewish targets. European security officials express great concern about that risk now. Both the IRGC’s deadly Quds Force and Iran’s notorious Ministry of Intelligence and Security (MOIS) have conducted numerous terrorist plots in recent years in Europe, including in Sweden, Germany, Cyprus, and Belgium. Individual European governments have disrupted and prosecuted these networks and issued statements condemning Iranian behavior, but this is the most unified and strongest European stance to date.

With the EU designation, any IRGC assets in Europe are now subject to an asset freeze. It is now illegal to provide the group with funds or resources. The designation also requires EU member states to increase police and judicial cooperation on IRGC-related criminal matters. And the EU will impose a travel ban on IRGC members hoping to visit Europe.

The Europeans should now aim to use these tools vigorously. The IRGC has historically had near global reach, not only with its terrorist cells but with its procurement and financial networks. Uncovering and disrupting the IRGC’s networks and freezing their assets would weaken the corps’ capabilities to rearm, profit, and funnel materiel and finances to its proxies.

Europe can and should do much more to maximize the impact of the designation and impose real costs on the IRGC and its overlords. The EU’s 2013 designation of Hezbollah’s so-called “military wing” offers a good model for how an EU designation can empower both the EU and its member states.

First, the EU should ensure that Europol – the EU’s umbrella police agency – gets a key role in coordinating and supporting IRGC-related investigations across Europe, as Europol has done with Hezbollah. Before the EU’s designation, Europol’s ability to police the IRGC’s operatives in Europe was greatly limited. The IRGC’s many European plots often have a consistent modus operandi, including using criminal actors not associated with Iran to carry out attacks and thus offer Tehran a figleaf of deniability. Europol is uniquely positioned to see the whole picture and share relevant information with all EU member states.

For one model, look to Europol’s involvement in the complex multi-jurisdictional investigation of the Hezbollah financier Mohamad Nourredine, which involved multiple European governments as well as several U.S. law enforcement agencies. In 2018, he was convicted in a French court on multiple charges and sentenced to seven years in prison as part of a multi-country investigation codenamed “Operation Cedar.” Europol could use provide similar support in international investigations against IRGC operatives.

Since 2014, Europol has also played an integral role, along with the United States, in the Law Enforcement Coordination Group, the sole international body dedicated to countering Hezbollah’s terrorist and illicit activity. The EU should empower Europol to do likewise for the U.S.-led Countering Transnational Terrorism Forum, which focuses on Iran-linked terrorism.

Second, European governments must follow up on the EU’s actions and impose their own national bans and designations. Many European countries did just this against Hezbollah, including Germany, Slovenia, Austria, the United Kingdom, and the Baltics.

Take Germany, which shows how national-level actions can strengthen law enforcement and build on Brussels’s actions. In May 2020, Germany formally banned Hezbollah and conducted near simultaneous raids on several Hezbollah-linked organizations in the country. Germany is now prosecuting a Lebanese national allegedly tied to Hezbollah for procuring drone components for the terrorist group – a scheme that also took place in the U.K. and Spain.

The EU’s IRGC designation won’t tip the balance of power within Iran in favor of the protestors, but it can still help reduce Iran’s ability to stage vicious attacks abroad. The EU and its member states must robustly implement these new authorities for them to have the desperately needed effect.

Michael Jacobson, a senior fellow in The Washington Institute’s Reinhard Program on Counterterrorism and Intelligence, formerly served as director of strategy, plans, and initiatives in the State Department’s Counterterrorism Bureau.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

Should Western Tech Giants Partner With Pro-Hamas Network Al Jazeera?

OPINION — A few weeks ago, Al Jazeera named Google Cloud as its primary technology provider for “The Core,” a sweeping program designed to integrate generative artificial intelligence (AI) throughout its production process. The move, which further deepened the relationship between the two companies, should sound alarm bells for policymakers and anyone concerned with the accuracy, credibility, and transparency of the news media and information space, which impacts nearly every aspect of society.

The Core enables more efficient reporting and even drafts scripts that humans generally would otherwise write. Reporters can pull archival material in seconds, generate compelling data visualizations — visual stories — and synthetic images at planetary scale, and automate story planning, all through AI platforms built by Google.

However, it’s not the innovation that’s the problem but rather its use to generate and amplify adversarial state-funded and directed news with no warning labels to its global audience.

The Qatari state funds and oversees Al Jazeera, shaping editorial output. Because of its shared ideology with the Muslim Brotherhood, Al Jazeera’s content often reflects the lens of the Muslim Brotherhood, three branches of which the United States just designated as a terrorist organization. The Qatari outlet also has a history of producing content that glorifies terrorism. Tech companies that help Al Jazeera amplify its content using algorithms, AI, or other methods, advance Qatari foreign policy rather than reflecting independent media assessments on a wide range of worldviews.

Part of the Al Jazeera-Google program is “AJ-LLM,” described as the editorial brain of the system that will be trained on Al Jazeera’s archives and connected to Gemini Enterprise, according to the companies. Al Jazeera is already very prominently cited in large language models (LLMs) like ChatGPT and Claude in questions about the Gaza war, and Gemini could very well follow that trajectory with this expanded partnership.

While one reason Al Jazeera features prominently in LLM answers is because it has no paywall, new partnerships, including Google’s major expansion with Al Jazeera, may fuel its presence even more.

Al Jazeera assures there will be sufficient human oversight in the process. However, Al Jazeera’s current and historic content, with its anti-Western bias that amplifies the likes of Hamas, loaded into its LLM platform, will churn out faster, flashier versions of the same editorial product, in countless formats.

Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.

When users worldwide ask LLM’s about the conflict, they are frequently fed content from a media company that celebrates Hamas terrorist attacks and frames Israeli self-defense as aggression. Because these AI systems operate as black boxes with limited transparency, audiences may receive algorithmically amplified narratives that systematically favor Hamas and Muslim Brotherhood perspectives while appearing to be the product of neutral technological systems.

In May 2025, Google partnered with the Qatari Government Communications Office and the Al Jazeera Media Institute to train journalists in building digital-focused newsrooms. Participants included news directors, journalists, and representatives from various media organizations across Qatar’s media landscape.

What kind of messages do Al Jazeera trainers convey to journalists and diplomats who take their courses? The case of Muhammed Khamaiseh from the Al Jazeera Media Institute is instructive. In 2018, Khamaiseh posted, “Jews have been known for centuries to be cunning thinkers, and currently, the entire global economic system is under their control.” Khamaiseh had previously celebrated Hamas rocket attacks on Israeli civilians in 2014 and offered affection for Hamas after its kidnapping and murder of three Israeli teenagers. “This is why we love Hamas :D,” he wrote. Ironically, Khamaiseh is the author of “A Guide Avoiding Discrimination and Hate Speech in the Media, published by the Al Jazeera Media Institute.”

Qatar is an authoritarian nation, whose stringent media laws prohibit any criticism of Qatari leadership or policy, making Al Jazeera’s output anything but independent. The Department of Justice has determined that Al Jazeera is owned and directed by a foreign government. Congress has asked Justice to review whether the Qatari government should be required to register under the Foreign Agents Registration Act. DOJ has already required Al Jazeera’s AJ+ to register but the Qatari network has failed to do so.

Egypt, Jordan, Saudi Arabia, the United Arab Emirates, and Iraq are among the countries that have placed bans on Al Jazeera. Some bans remain on the Qatari channel. In addition, despite Al Jazeera posing as a savior of Palestinians, prominent Palestinians have long expressed concerns that Al Jazeera has stirred up regional hostilities and fomented violence, a problem that would be amplified if Al Jazeera’s cleverly designed content is recast as neutral algorithmic outputs. News consumers would be hard-pressed to find examples of Al Jazeera criticizing Hamas’s atrocities.

U.S. regulators should regard AI partnerships with foreign state-directed authoritarian media as they would regard sensitive technologies. They should trigger formal risk assessments. Congress should require companies with AI products to disclose the extent to which foreign state-directed media sources are used in training data, retrieval systems, or generated outputs. Absent such transparency, lawmakers and the public cannot evaluate the scale of foreign state influence embedded in AI-driven information systems.

Google should also require clear labeling when AI-generated news summaries or analytical outputs rely on content from foreign state-directed media organizations. Users should not be left to assume neutrality.

Preventing Americans and the global community from being manipulated by the Qatari state’s anti-Western, pro-extremist Al Jazeera content, even though it may be cloaked in high-tech flash, should be a top priority for both technology companies and policymakers. It’s time to pull back the curtain.

Toby Dershowitz is a senior advisor at the Foundation for Defense of Democracies, where Asher Boiskin is an intern. Follow them on X @TobyDersh and @asherboiskin.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

Inside the $35 Billion Plan to Track Hypersonic Missiles from Space

OPINION — “The Department of Defense’s Space Development Agency (SDA) is developing a new space-based architecture comprised of a large constellation of at least 300-500 satellites in low Earth orbit (LEO) to detect and track potential missile threats. This system will complement other space systems currently providing this capability. SDA is developing this new system in part in response to peer and near-peer competitors that are designing strategic and tactical hypersonic weapons that are not easily detected, identified, or tracked by current space-based missile warning systems.”

That’s a quote from a Government Accountability Office (GAO) report sent to Congress last Wednesday entitled MISSILE WARNING SATELLITES, Space Development Agency Should Be More Realistic and Transparent About Risks to Capability Delivery.

I’ve chosen to write about this report because it contains not only the best description of how complicated and costly just one aspect of missile defense has become, but also it provides the most understandable history of what’s been done up to now, along with the threats we face.

Known within the Defense Department (DoD) as the Proliferated Warfighter Space Architecture (PWSA) – and started in 2020 -- the plan, according to the GAO report, is “intended to provide space surveillance and communications for persistent, timely, global awareness [of missile threats] that is designed to operate in an increasingly contested space environment.”

DoD so far has committed nearly $11 billion to this effort, which is programmed to cost near $35 billion through fiscal year 2029.

While the PWSA deals with tracking an already launched missile and its warhead, there are two other elements of a missile warning system: Detecting the launch and communicating information within elements of the system.

Traditionally, missile threats have been detected and tracked because they are launched using powerful rocket boosters which produce heat and light making them easy to initially see and follow and predict their ballistic trajectories. Infrared sensors on space satellites can detect heat from launched missiles and booster plumes against Earth’s background

In 1970, DoD put in place the first Defense Support Program satellites, which used infrared sensors. These first satellites with infrared sensors, and the infrared systems that have followed, have operated from geosynchronous Earth orbits (GEO), which allow those satellites to stay fixed over a single, longitudinal spot located about 22,000 miles above Earth. This results in each GEO satellite maintaining constant observation of a specific area of the globe and collectively monitoring the entire planet.

In the mid-1990s, DoD developed the Space Based Infrared System (SBIRS) to replace and provide significantly more robust data than the Defense Support Program.

Wednesday’s GAO report said, “In recent years, DoD has identified emerging threats that these [SBIRS] systems may be unable to effectively warn or defend against. For example, Russia and China have successfully demonstrated hypersonic missile capabilities. In addition to new missile threats posed by potential adversaries, DoD has also publicly acknowledged emerging threats to our space assets. For example, DoD reported that China is developing additional counterspace capabilities including directed energy weapons, electronic warfare, and other anti-satellite weapons.”

According to the GAO, “U.S. missile warning satellites currently operating in GEO may be particularly vulnerable to these emerging threats because there are relatively few of them -- making them high-value targets -- and their location above Earth is effectively stationary and predictable.”

Approximately three DSP satellites of the original 23 DSP system remain in orbit with one maybe still operational. In addition, beginning in 2011 there have been six SBIR satellites put in orbit and SBIRS sensors placed on four additional host satellites.

The GAO report said, “SBIRS will soon be followed by the Next Generation Overhead Persistent Infrared (Next Gen OPIR) system, designed as an upgraded replacement for SBIRS, with sensors that are expected to have even greater sensitivity than current SBIRS sensors. While providing some enhanced capabilities, such as greater sensitivity, the Next Gen OPIR system is built around an architecture similar to existing systems now in GEO orbit.

DoD is also developing space-based laser communications technology to support large constellations of satellites for missions, including missile warning and data transport. However, a February 2025 GAO report found that DoD had “made progress in developing this technology, but it also faced delays and other issues -- and hasn't fully demonstrated that it works in space. Despite these challenges, DOD plans to continue to develop and launch hundreds of satellites worth billions of dollars that require the use of laser communications.”

DoD’s plan for the new PWSA missile satellites in LEO, internally referred to as the Tracking Layer, will complement the Next Gen OPIR satellites for what is termed missile warning/missile tracking (MW/MT) functions, and will use laser technology to communicate.

Because satellites in LEO are much closer to Earth than those in GEO, many more satellites are needed in a LEO-based constellation to achieve the same coverage as a single one in GEO.

The missile tracking satellites in LEO are traveling much faster relative to Earth’s surface and therefore each satellite can only observe a small section of Earth’s surface for a short time -- only about 10 minutes. This makes constellation development more complicated if constant global coverage is required.

“Some DoD officials say having a greater number of satellites performing MW/MT in LEO will result in greater resiliency for the constellation as a whole and the capability it provides,” the GAO report says, adding, “For example, if one satellite in a proliferated constellation is damaged -- whether intentionally or by natural environmental effects -- the constellation’s capability is degraded by a smaller margin than if the entire constellation was made up of only a handful of satellites.”

The current plan has been to develop a large constellation of tracking satellites in LEO, along with data transport layer satellites forming a communications network to provide mission data directly that will enable advanced missile tracking from LEO to ground stations.

A tracking satellite, according to the GAO report, is “comprised of a spacecraft – referred to as a bus -- plus other components such as infrared sensors, on-board mission data processors, and communication payloads, together with a ground segment to manage the constellation and receive and process track data to send to the wider DoD and intelligence community.”

There will be some 600 satellites in all, with plans then to replenish each tranche every two years in perpetuity, along with associated ground systems, according to the GAO report. As the LEO-orbiting tracking satellites approach the end of their life, “SDA will deorbit them,” the report says.

SDA has been acquiring tranches of both tracking and data transport layer satellites beginning with a demonstration tranche, called Tranche 0 (T0) that was launched in April 2023. Of the 27 satellites in T0, 19 performed data transport and communications, while eight did missile warning. One additional satellite remained on the ground as a test bed.

Tranche 0 was designed to be a “warfighter immersion” tranche, giving service members the opportunity to work with the systems, understand their capabilities, and to develop operational concepts for their use.

An SDA official told the GAO T0 demonstrated “the ability to track a short-range ballistic missile throughout its flight and into its terminal phase and then transmit raw data to the ground from space.” It also connected the tactical data link network used by NATO, from space to specific ships and military airplanes and established the first satellite-to-satellite demonstration of optical links between two of the four T0 contractors.

In September 2025, Tranche 1 of the PWSA program, put 21 tracking satellites into orbit, followed the next month by another 21 data transport layer satellites. Overall, Tranche 1 is scheduled to consist of 128 satellites for the Transport Layer and 26 for the Tracking Layer.

SDA said back in October 2025, “Beginning in 2027, T1 will provide an initial warfighting capability through the PWSA to deliver regional persistence for tactical military data channels…along with advanced missile tracking and missile warning, and beyond-line-of-sight targeting.”

Wednesday’s GAO report said, “According to SDA, T1 will establish the PWSA ground and operations baseline, or the foundation upon which SDA plans to add capabilities in future tranches. To reduce risk, SDA is taking an incremental approach to delivering these ground operations.”

However the next T1 satellite launches have been delayed to sometime this year.

Wednesday’s GAO report raised significant issues in the ongoing PWSA program.

For example, it said, “SDA had planned to allow the warfighter to provide feedback on capabilities prior to a larger SDA investment in T1 and future tranches, but officials from combatant commands we spoke to told us that they have not been asked to provide feedback on T0 MW/MT demonstrations.”

In a broader sense, the GAO said, “SDA has not taken steps to understand the range of risks to delivering MW/MT capabilities by assessing the technological maturity -- such as by conducting a technology readiness assessment -- of critical technology elements included in its satellite development given required modifications and use in new environments. Absent such assessments, SDA remains overly reliant on technology maturity estimates provided by contractors and lacks key insights to better develop realistic development timelines.”

In short, as with many needed highly-technical and complex defense systems, this new space-based, large constellation of satellites in low Earth orbit to detect and track potential missile threats appears to be developing higher costs and a delay before it is fully operational.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The U.S.-China Economic Cold War Is No Longer Silent

OPINION — For decades, the United States (U.S.) operated under a fatal delusion that free trade with China would liberalize its politics and that the global market was a neutral playing field. We were profoundly wrong. In 2000, the U.S. controlled 37% of global semiconductor fabrication. Today, we control less than 12%, while China is on track for 40% by 2030. While we played by the rules of Adam Smith, Beijing played by the rules of Sun Tzu.

We are now in the midst of a silent asymmetric economic war. China does not have a private sector in the American sense. Under its strategy of Civil Military Fusion, every ByteDance algorithm and every ton of refined lithium is a dual use asset of the Chinese Communist Party. Meanwhile, the U.S. encouraged the atrophy of its industrial base by prioritizing short term profits from outsourcing to China instead of securing our own economic and national security future. The West created this irrational strategic vulnerability where Beijing now controls 80% of refined rare earth supplies and more than 60% of the magnets in actuation systems for the F35.

Recognizing that economic security is national security, the Trump administration has installed a genuine war cabinet for economic conflict. This includes the Treasury and Commerce Secretaries, but the pivot is most visible at the Department of War. There the Deputy Secretary, is a battle- tested private equity leader who left his firm in order to bring his skills to fight and has operationalized a new offensive strategy to link private sector dynamism with state imperatives.

The tip of this spear is the newly chartered Economic Defense Unit or EDU.

Directly overseen by the Deputy Secretary of War and run by another private equity industry specialist in industrial consolidation, the EDU is not another regulator. It functions as an internal merchant bank designed to bypass the Pentagon’s notoriously slow procurement cycles. The EDU has replaced compliance- based bureaucracy with commercial first financing. Its mandate is to generate investable demand signals using the government balance sheet to de-risk private capital investment in the defense industrial base.

Instead of vague promises, the EDU now utilizes Advance Market Commitments. These are binding contracts to purchase critical technologies such as solid rocket motors or autonomous drones before the factories are even built. This transforms government contracts into bankable assets that companies can use to secure private loans. Furthermore, the EDU has restructured acquisition management, replacing narrow Program Executive Officers with Portfolio Acquisition Executives who are authorized to move capital rapidly across capability sets much like a private equity managing partner.

Complementing this is the transformed Office of Strategic Capital or OSC. Once merely an advisory body, the OSC has been re codified by the FY2026 NDAA into a direct capital allocator. It is aggressively bridging the valley of death not just for software but for heavy manufacturing. By offering direct loans and guarantees specifically for equipment finance, the OSC ensures that American companies can afford the high capital machinery needed to onshore production of semiconductors and batteries.

This architecture represents a total departure from the status quo. We are moving from a system that audits costs to a system that finances outcomes. The Army parallel initiative to grant Direct Commissions to Silicon Valley engineers further reinforces this culture shift – destroying the wall between the Pentagon and Palo Alto.

The message to the American private sector is clear. The era of neutrality is over. There is no free market left to win if China ends up owning the building blocks of every major industry. Wall Street and Silicon Valley must partner with the USG not out of charity, but out of necessity.

The administration has built the financial and policy architecture for economic sovereignty. American capital now faces the simplest decision in its history, which is to deploy here and own the 21st century, or deploy elsewhere and become its tenant.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

Greenland’s Worth a Fight and Russia’s Trying to Start One

EXPERT PERSPECTIVE — The “quickest way for Russia to penetrate our naval defenses is steaming from the Arctic to the North Atlantic.” The Greenland-Iceland-United Kingdom (GIUK) Gap is the last place allied forces “have any hope of detecting a Russian sub before it’s in the vast Atlantic barreling toward New York.” These insightful comments were spoken not by President Donald Trump but by fictional President Grace Penn in Netflix’s The Diplomat. By contrast Trump’s rhetoric and attempts to gain leverage on Denmark have been appalling and unhelpful. But Trump and “President Penn” are both right about one thing — although the Arctic island is remote, Greenland’s location makes it fundamental to U.S. and NATO naval intelligence and missile defense missions.

Russia knows this as well and is using the Trump-inspired kerfuffle to drive a disinformation narrative intended to further weaken Euro-Atlantic relations. Kremlin-aligned sources have been circulating social media posts suggesting that Western aid to Ukraine has weakened European countries and that weaponry committed to Kyiv may be redistributed to Greenland. A deepfake of a Danish newscaster stating that Denmark plans to recall all F-16s given to Ukraine to be redeployed to Greenland was circulated by Russian influence accounts and received over 45.3K views on X.

Another video, which received over 254.3K views on X, imitated the Institute for the Study of War and claimed that Europeans siding with Ukraine in 2022 is costing them Greenland now and that NATO will be destroyed soon, thereby forcing Europeans to align with Moscow. This Russian tactic of riffing off legitimate think tanks and news channels to validate Russian lies is essential to making their false pro-Kremlin narratives appear more credible and increase the likelihood of their posts spreading across social media.

Moscow is trying to use the divide between the United States and Europe to sow confusion, degrade support for Ukraine, and rupture NATO. What Putin forgets is that disagreements between allies are common and constructively overcoming them builds stronger relationships. The strategic importance of Greenland demands the alliance work through its disagreement.

There are significant reasons why Russia is trying so hard to split NATO over Greenland. Nuuk holds significant naval intelligence value. Moscow’s Northern Fleet and nuclear submarine HQ are on the Kola Peninsula, located near the Russia-Finland border. For Russian (RU) forces to reach the North and Baltic Seas, and beyond into the North Atlantic Ocean, RU submarines must transit through the GIUK Gap; making the two stretches of water critical for monitoring RU subsea activity, just as “President Penn” demonstrated.

Moreover, the growing partnership between Beijing and Moscow in the Arctic and China’s increasing interest in the region over the past decade should raise red flags for NATO. In 2018, China released their first Arctic white paper, in which they called themselves a “near-Arctic state” and detailed a desire to establish a “polar silk road.” Since then, China and Russia have performed numerous joint air and naval patrols in Arctic waters. Coordination between U.S. adversaries in the High North places an even higher value on NATO Arctic maritime intelligence capabilities.

Greenland is also strategically important for missile defense operations. Nuuk is a prime location for American early warning systems to track intercontinental ballistic missiles (ICBMs) with trajectories that arch over the High North. The Pentagon currently operates a variety of early warning radars and communications systems at Pituffik Space Base in Greenland. These radars work in tandem with systems in Alaska and Canada to provide essential early warning capabilities for U.S. missile defense.

ICBMs launched by Moscow can reach the United States in approximately 40 minutes, offering the Pentagon’s command and control centers, and the president himself, extremely limited time to detect, decide, and respond. This mission set will expand as Russia develops long-range conventional hypersonic missiles that will also use a High North flight route.

Prioritizing and expanding U.S. military radar and communication systems in Greenland will certainly be part of the “underlayer” elements of the Golden Dome missile defense effort, allowing for Russian missiles of all varieties to be detected earlier and provide U.S. and Canadian warfighters additional reaction time.

Russia will always be a malevolent actor and adversary in the High North, and the Kremlin will utilize any advantage and division among Arctic allies to sow disinformation, destabilize alliance efforts, and advance its own interests. Although the political particularities of Nuuk lie in the hands of Greenland, Denmark, and the United States, the geostrategic and deterrence value of the island is shared among all NATO allies; and should be a factor that unifies and strengthens the alliance, not something that divides Western partners and advances adversarial interests.

Rear Admiral Mark Montgomery (U.S. Navy, ret.) is the Senior Director of the Center on Cyber and Technology Innovation and Senior Fellow at the Foundation for Defense of Democracies (FDD), where Emmerson Overell is a project coordinator.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

Export Controls Backfire: The China Innovation Paradox

DEEP DIVE — When the Biden administration rolled out its semiconductor export restrictions in October 2022, the logic seemed airtight: cut off Beijing’s access to advanced AI chips, and you’d put the brakes on China’s tech ambitions. Three years on, that bet looks a lot shakier than anyone in Washington expected.

Instead of paralyzing China’s AI sector, these controls have promoted domestic self-reliance. With no choice but to develop indigenous workarounds and architectural innovations, Chinese businesses are rapidly decoupling AI progress from sheer hardware volume. U.S. policies have undoubtedly bought time, but they have also ushered in a parallel innovation ecosystem totally independent of Western influence.

Now the Trump administration is trying a different tack. By allowing conditional chip exports to approved Chinese customers, complete with revenue-sharing arrangements, the White House appears to be hedging its bets. The strategy banks on maintaining some leverage through controlled access rather than outright denial. Yet critics caution this could backfire spectacularly: American companies might be financing the very Chinese AI capabilities designed to render them obsolete.

Both strategies, it seems, lead to uncomfortable places.

The DeepSeek Shock and Algorithmic Efficiency

A year ago, DeepSeek’s new R1 model sent tremors through Silicon Valley and Washington. The Chinese startup demonstrated AI reasoning capabilities closely mirroring those of OpenAI’s ChatGPT o1, without access to cutting-edge chips restricted by U.S. export controls.

“Algorithmic efficiency is a useful technique that enables developers to achieve reasonable performance compared to frontier models through inference-time optimization—essentially adapting the achievements of others for your own purposes,” Martijn Rasser, Vice President of Tech Leadership at the Special Competitive Studies Project, tells The Cipher Brief. “DeepSeek’s engineering is genuinely impressive, and this ‘fast follower’ strategy is very attractive for price-sensitive, commoditized AI applications.”

By optimizing inter-chip memory bandwidth on less sophisticated H800 chips, DeepSeek achieved competitive performance through algorithmic efficiency rather than brute force. According to the MIT Technology Review, Chinese startups are responding to export restrictions by prioritizing efficiency, resource pooling, and collaboration, thereby gaining an edge over competitors.

The breakthrough, however, should not be overinterpreted, Rasser warns.

“Algorithmic efficiency and raw compute aren’t substitutes at the frontier — you need both,” he says. “Training next-generation foundation models, achieving breakthroughs in areas like protein folding or materials science, and developing the most advanced autonomous systems all require massive compute that efficiency gains alone cannot replicate.”

Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.

Other analysts see the dynamic playing out along different timelines.

“AI progress is shaped by two concurrent trends: pushing the capability frontier requires ever-greater computing power, yet over time, reaching any given capability level requires less and less computing power,” James Sanders, Research Associate at the Center for a New American Security, tells The Cipher Brief.

While American AI companies continue advancing along the compute-intensive frontier, Chinese firms constrained by chip shortages focus instead on the lower-cost, lower-capability portion of the market.

“If the U.S. continues to maintain its computational dominance, China will likely continue to play a role as a fast follower, rather than leader, in AI capabilities,” Sanders explains.

Smuggling Networks and Systematic Circumvention

Aside from inventiveness under constraints, Chinese companies have also shown remarkable versatility by smuggling goods through shell companies and elaborate smuggling operations. The procurement of chips for Huawei’s Ascend 910 AI processor is one of the most dramatic examples.

According to Congressional testimony, Huawei used shell companies to deceive Taiwan Semiconductor Manufacturing Company into manufacturing approximately 2 million computer chiplets.

In 2024, a smuggling ring operating under the company name “Luxuriate Your Life” reportedly purchased $390 million worth of servers from Dell and Supermicro containing banned Nvidia graphics processing units, then smuggled them into Malaysia for ultimate delivery to Chinese customers. Hundreds of controlled chips have subsequently been sold in Shenzhen markets as vendors trade restricted AI technology.

The dramatic scale of smuggling operations thus raises fundamental questions about enforceability.

“No export control regime is 100% leakproof,” Rasser acknowledges. “But the goal should be making evasion costly, risky, and limited in scale rather than expecting perfect enforcement.”

He contends that the most effective approach is drawing a clear line: semiconductors exceeding certain performance thresholds should not be sold to end users in countries of concern at all, regardless of stated end use.

Sanders takes a more optimistic view.

“America has the ability to reduce AI chip smuggling to negligible levels if it wanted to. It only requires the political will to do so,” he says.

Technology that verifies a chip’s location could reduce smuggling to negligible levels, Sanders argues, noting that Nvidia has reportedly built such a capability and several congressional bills have proposed mandating location verification for exports.

“Even with the level of smuggling we see today, export controls on advanced AI chips are still effective,” Sanders insists. “They impose a large differential cost on China’s AI development and make it much harder for these chips to be obtained and used by adversaries.”

The Self-Sufficiency Acceleration

Perhaps most significantly for long-term strategic competition, export controls have supercharged China’s decades-long quest for semiconductor self-sufficiency. At a February 2025 meeting between Chinese Communist Party Chairman Xi Jinping and technology executives, Huawei founder Ren Zhengfei reported that his previous concerns about domestic advanced semiconductor production had eased due to recent breakthroughs.

A CSIS analysis underscores that Ren stated he is leading a network of more than 2,000 Chinese companies working collectively to ensure that China achieves self-sufficiency of more than 70 percent across the entire semiconductor value chain by 2028.

Rasser is skeptical of the ambitious timeline.

“This timeline is not credible for leading-edge semiconductors,” Rasser observes. “If he means trailing-edge components and packaging, 2028 might be achievable. But if he means the advanced logic chips that power AI training and high-performance computing, it isn’t.”

Chinese firms still can't build the ultra-precise manufacturing equipment needed to produce chips at the most advanced nodes, he points out. But that hasn't stopped Beijing from doubling down. Overall chip investment dipped slightly in early 2025, yet spending on semiconductor equipment jumped more than 53 percent, a clear signal that China is dead serious about building out a complete domestic supply chain.

The Chinese government has channeled well over $150 billion into semiconductor development from 2014 through 2030, according to Semiconductor Industry Association analysis — an investment equivalent to the U.S. CHIPS Act virtually every year since 2014.

The Bifurcation Dilemma

The unintended consequence of U.S. export controls may be accelerating the bifurcation of global technology ecosystems into incompatible, competing supply chains.

Consequently, we are faced with a strategic paradox: Does a China that relies on Western chips but is constrained by American controls pose a lower long-term risk than one that operates in a technologically autonomous fashion beyond American eyesight?

“A technologically autonomous China certainly poses a greater risk of strategic surprise,” Rasser concedes. “But the alternative framing — that we could maintain Chinese dependency on Western technology indefinitely—isn’t realistic. It ignores history, Chinese strategy, decades of mercantilist industrial policy, and the inherent difficulty of controlling technology diffusion over long time horizons.”

The better frame, he suggests, is that export controls buy time.

“The question is what we do with that time,” Rasser continues. “Years of constrained Chinese progress are years during which the United States and allies can extend their own technological lead, build more resilient supply chains, strengthen alliances with key semiconductor nations, and shape the trajectory of AI governance.”

Sanders echoes this assessment.

“China is determined to develop a fully domestic AI chip industry, and will likely eventually be able to do so,” he notes. “The real question is whether we equip China to compete with American AI leadership today.”

The fundamental constraint on Chinese domestic AI chip production, Sanders points out, isn’t the lack of logic chips but access to advanced manufacturing equipment.

“Strengthening and fully enforcing current export restrictions on semiconductor manufacturing equipment is the most important step in preventing China from developing an AI chip industry that could outcompete America’s,” he says.

Yet the competitive landscape extends beyond manufacturing capacity alone.

The Supply Chain War

Leland Miller, co-founder and CEO of China Beige Book, who serves on the U.S.-China Economic and Security Review Commission, however, sees the entire framework shifting.

“The trade war is dead,” he tells The Cipher Brief. “This is a supply chain war. Beijing wants to weaponize supply chains for leverage. Tariffs are background noise now.”

Miller notes that China has advantages in data, talent, energy, and scale. Their weakness remains computing — advanced chips and lithography.

“That’s why H100s matter so much,” he says, referring to Nvidia’s high-end processors. On open-source AI platforms like Hugging Face, Chinese dominance is already evident. “Seventeen of the top 20 models are Chinese,” Mike Kuiken, Vice Chair of the U.S.-China Economic and Security Review Commission, tells The Cipher Brief. “Software plus enough hardware can close gaps. That’s why this moment is dangerous.”

The Trump administration’s December 2025 decision to allow conditional exports of Nvidia H200 chips to approved Chinese customers in exchange for a 25 percent revenue stake represents recognition that absolute denial may be neither achievable nor desirable. Yet Beijing has reportedly discouraged state-linked firms from adopting these chips, while Chinese companies like Huawei and Alibaba continue to advance domestic AI alternatives.

The controls have bought time — China’s AI development has slowed, and the U.S. still holds the edge in cutting-edge tech. The more complex question is whether Washington can consolidate that lead before Beijing circumvents the restrictions entirely, potentially causing an even bigger crisis.

“The goal isn’t perpetual dependency, it’s ensuring that when China does achieve greater autonomy, the strategic balance still favors us,” Rasser concludes.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Norman T. Roule

General Paul Nakasone (Ret.)

Back to top