The Cipher Brief

OPINION — “Nuclear facilities on both [the Iranian and Israeli] sides have been targeted. That’s where we are in this war, and that’s how far it’s escalated. If a nuclear reactor like [Iran’s] Bushehr [nuclear power plant] were hit there’s a significant risk of a meltdown and leaks of extremely dangerous radioactive materials that would affect all countries in the [Middle East] region, and, of course millions of people including Americans and American service members.”

That was Rep. Joaquin Castro (D-Texas) speaking last Tuesday at a House Foreign Affairs Committee meeting on “Securing the Future: Arms Control and International Security for the Modern Age,” where Thomas G. DiNanno, Under Secretary of State for Arms Control and International Security was the only witness.

As the U.S./Israeli air attacks have increased and Iranian missile and drone strikes continued, Rep. Castro’s concern was echoed by International Atomic Energy Agency (IAEA) Director General Rafael Mariano Grossi.

At the hearing, Rep. Castro called attention to Iran claiming that on March 17, a projectile hit a structure about 1,000 feet from Iran’s Bushehr nuclear power plant. IAEA’s Grossi called it “the reddest line of nuclear safety.”

On March 21, Iran missiles attacked two southern Israeli cities including Dimona, which is about 8 miles from Israel’s Shimon Peres Negev Nuclear Research Center. This Israeli research center contains a secretive nuclear reactor, plutonium reprocessing facilities, and laboratories -- and was where Israel first developed nuclear weapons in the 1960s.

During last week’s House committee hearing, Castro and DiNanno tangled over Israel’s nuclear weapons program, but I will deal with that below.

Iran’s March 21, ballistic missiles that struck Dimona, injured more than 20 people, but for the first time penetrated Israeli air defenses near what is Israel's main nuclear research facility. Iran said explicitly it was targeting the Negev nuclear research center in retaliation for U.S./Israeli attacks on Iran’s Natanz enrichment facility only a day earlier.

So ten days ago, Iran demonstrated its ability to reach Israel’s most sensitive nuclear-related sites, despite President Trump and Prime Minister Benjamin Netanyahu claiming earlier that Iran’s missile capabilities had been “destroyed.”

On the evening March 24, hours after the above-mentioned House hearing, Iran claimed a U.S. missile struck the premises of the Bushehr Nuclear Power Plant, but there was no damage to the nuclear reactor, no injuries to staff, and the plant continued to operate normally with radiation levels stable. That was the second such attack at Bushehr in just over a week.

A third attack in the vicinity of Bushehr took place last Friday when Israeli planes struck the Shahid Khondab Heavy Water Complex in Arak, a key plutonium production site for possible use in making nuclear weapons. Israel also hit a uranium processing facility in the Iranian city of Yazd, where they extract raw materials essential to the uranium enrichment process. Again, the reports were there were no radiation leaks.

Al Jazeera reported from Tehran that these recent strikes on two major Iranian nuclear-related facilities could prompt the Iran military to target Israeli nuclear sites in Dimona again, as it did on March 21. At the same time, IAEA Director General Grossi reiterated his call for “military restraint to avoid any risk of a nuclear accident."

At the March 24, House hearing, Rep. Castro asked Under Secretary of State for Arms Control DiNanno, “What is the [Trump] administration’s assessment of the risk of nuclear escalation or radiological disaster in this war and what steps is the United States taking to prevent it?”

DiNanno initially replied that “operational questions would rest with [U.S. Central Command’s Commander] Adm. [Charles] Cooper,” and that “all resources that the [State Department] Nonproliferation Bureau [has] would be made available and are available should they want it.”

DiNanno quickly added, “I’ve had conversations with my colleagues in the War Department specifically to this issue and operationally the War Department would address the type of things.”

Asked by Castro if he could share any information he had received, DiNanno replied, “Admiral Cooper would be the decision-maker on how that would be, any hypothetical situation would be, addressed.”

Castro then asked a series of questions about Israel’s nuclear weapons that put DiNanno in a difficult situation, but one that has a complicated history which I will explain below.

Castro said, “I don't believe that you've adequately addressed the nuclear risks here. So, let's take a step back and establish some basic facts. The [Trump] administration has said that Iran is, or was, close to developing nuclear weapons, but they haven't discussed what Israel's capacity or capabilities are. So, I want to ask you, does Israel have nuclear weapons?”

DiNanno answered, “I'm not prepared to comment on that.”

“You’re not prepared to comment on that,” Castro said, and then went on, “It’s a very basic question. We are with an ally, conducting a war against Iran. We all know what American capabilities are; the U.S. Government has spoken what Iran’s capabilities are. Can you tell us what Israel's capabilities are? The consequences, as you know, are grave. This war continues to escalate tell us something as Congress, as the oversight body what is Israel's nuclear capability in terms of weapons?

“I can't comment on that specific question,” DiNanno said, “I'd have to refer you to the Israelis on that.”

“Does that mean you don’t know?” Castro asked.

DiNanno responded, “I can’t comment on that sir.”

I have to point out that Under Secretary DiNanno was following an historic, classified Executive Branch directive which for decades has forced U.S. officials into what’s been called “implausible deniability,” when it comes to the question of Israel’s nuclear weapons arsenal.

Books have been written about how Israel secretly began a nuclear weapons development program in the late 1950s and with the help of some French and American manufacturers by 1967 had built a few nuclear bombs with radioactive material from a nuclear reactor near Dimona.

Aware of the Israeli activity, U.S. Presidents John Kennedy and Lyndon Johnson tried to halt the program but, according to Israeli-American historian Avner Cohen, in 1969 an unwritten agreement was apparently reached between President Richard Nixon and Israeli Prime Minister Golda Meir.

The agreement was that Israel would not confirm it had nuclear weapons nor test any; the U.S. would not push Israel to give them up nor join the Non-Proliferation Treaty. In addition, the U.S. Government adopted as policy that Israel’s possession of nuclear weapons remain a classified secret.

That official U.S. Government policy has continued since 1969, and as a result there is limited public discussion and press coverage of Israel’s nuclear weapons. The Stockholm International Peace Research Institute in 2025 estimated Israel possesses approximately 90 nuclear warheads, but others suggest numbers as high as 200 with nuclear warheads on ballistic and cruise missiles and well as nuclear bombs.

Nonetheless, there is coverage not just in the American press, but also in the Israeli press.

For example, back in June 2002, I wrote in The Washington Post a story that began, “Israel has acquired three diesel submarines that it is arming with newly designed cruise missiles capable of carrying nuclear warheads, according to former Pentagon and State Department officials, potentially giving Israel a triad of land-, sea- and air-based nuclear weapons for the first time.”

In 2016, the Times of Israel, using a standard attribution “according to foreign reports” as a way of not violating their country’s secrecy, described those same Israeli submarines as “capable of delivering a nuclear payload.”

One reason Iran’s hardliners want a nuclear weapon is because Israel, their nearby neighbor, has had them for decades.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Telling China's Story Well: The PRC's Strategic Narrative as an Instrument of National Power

Executive Summary

Since President Xi Jinping's 2013 directive to "tell the story of China well" (讲好中国古事), the People's Republic of China has developed a systematic thirteen-year strategy treating "discourse power" (话语权) as a core component of Comprehensive National Power (CNP). This approach has enabled measurable influence gains, demonstrating that narrative power is not supplementary propaganda but a strategic weapon comparable to hard power.

Introduction

‘Chinamaxxing’ is a 2026 viral trend where non-Chinese social media users are sharing videos of themselves “learning to be Chinese” by adopting Chinese lifestyle and wellness behaviors. This trend is a recent example of the PRC’s growing soft power and influence around the world. As the U.S.’ soft power declines, China is swiftly catching up, narrowing its gap to only 1.5 points according to BrandFinance’s 2026 Global Soft Power Index.

China’s influence has been growing due to a long-term, concerted effort to “tell the story of China well” (讲好中国古事), a phase which President Xi introduced in 2013, elevating strategic narrative to a core priority of Chinese statecraft. In 2021, he elaborated on this directive, instructing Party members to "work hard to cultivate a trustworthy, loveable, and respectable image of China" (努力塑造可信、可爱、可敬的中国形象) in order to “expand China’s circle of friends”.

Theoretical Foundation

China's strategic narrative derives from Sun Tzu's principle of subduing enemies through persuasion rather than force. Chinese strategic documents explicitly position discourse power alongside territory, population, and military capability as determinants of national strength. The "Yellow Book of International Politics" places discourse power in the outer ring of CNP factors, while Xi's 2021 elaboration called for cultivating a "trustworthy, loveable, respectable" (可信、可爱、可敬) Chinese image.

Unlike Western diplomacy that treats communications as supplementary to policy, China elevates soft power to strategic equivalence with hard power—a fundamental departure with significant implications for great power competition.

The Four Pillars Framework

The PRC organizes its strategic messaging around four thematic pillars:

The Party: Narratives like "Rural Revival" and "Peaceful Pluralism" (Xinjiang content) demonstrate CCP benevolence and governance capability.

The Dream: Stories of deliverymen-poets and young scientists portray China as a meritocracy where aspirations flourish.

The Culture: "Cosmopolitan Cool" (viral cyberpunk Chongqing content) and "Heritage Glam" position Chinese civilization as ascendant and globally relevant.

The Cooperation: Belt and Road Initiative infrastructure and peacekeeping narratives frame China as a responsible global power.

These pillars are substantiated by $962.1 billion channeled through BRI across 126 countries since 2013, with Southeast Asia ($237.7 billion) and Africa ($230.4 billion) as primary recipients.

Precision Propaganda Methodology

The PRC employs a sophisticated three-tier targeting system:

Classification segments countries by relationship type. Competitors like the United States receive passive, data-driven messaging. Partnership-open nations receive "soft stories" emphasizing cultural connection. BRI members receive proactive development and poverty alleviation content.

Stratification differentiates elite versus mass audiences. Political elites receive messaging emphasizing commonality. Academic elites receive logic-driven, research-based content. Mass audiences are subdivided by age—younger audiences via internet slang and new media; traditional audiences via conventional channels.

Grouping targets individual characteristics including gender, religion, age, and interests, with particular emphasis on cultivating internet influencers. Beijing has hosted American influencers on curated trips designed to generate organic positive content.

Measurable Impact

The strategy is delivering quantifiable results. The Lowy Institute Southeast Asia Influence Index shows China leading the United States across most ASEAN nations with an aggregate regional score of China 65 versus US 25—a 40-point advantage. China holds significant leads in Myanmar (+37), Laos (+34), Cambodia (+20), and Singapore (+22). The US leads only in the Philippines (+13) and Timor-Leste (+40).

The ISEAS State of Southeast Asia Survey 2025 reveals Southeast Asians choosing the United States over China dropped from 61.1% in 2023 to 49.5% in 2024—an 11.6 percentage point decline in one year. The BrandFinance 2026 Global Soft Power Index shows the US-China soft power gap narrowed to just 1.5 points.

Beyond influence metrics, the strategy has enabled direct interference operations. In April 2025, Philippine security officials revealed China's state-sponsored campaign to influence midterm elections through Chinese Embassy payments to local firms hiring "keyboard warriors."

Strategic Recommendations

Five imperatives emerge for US and allied policymakers:

1. Recognize the system: China's narrative architecture is coherent strategy requiring equally systematic responses.

2. Address counter-narrative gaps: The US lacks an equivalent positive narrative framework; American messaging remains reactive criticism rather than proactive aspiration.

3. Link economic and narrative strategy: BRI's $962 billion creates narrative infrastructure; debt relationships generate dependency translating into discourse power.

4. Develop precision capabilities: Allied nations require granularity in audience segmentation matching PRC's elite/mass stratification.

5. Treat ASEAN as bellwether: Southeast Asia demonstrates China is winning the influence competition; it offers both warning and laboratory for broader competition.

Conclusion

Xi Jinping's directive to "tell China's story well" has evolved into a comprehensive strategic narrative system that treats persuasion as power. Through the Four Pillars framework, precision propaganda methodology, and sustained investment across policy, pop culture, and personality channels, the PRC has achieved measurable influence gains in critical regions. The strategic implication is clear: in an era where discourse power contributes to comprehensive national power, nations that fail to proactively assert their own narratives will find themselves playing roles assigned by others. The contest for the future will be won not only by those with the strongest economies and militaries, but by those who tell the most compelling stories.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Chalk Mark Still Matters: Russian Espionage Handling in the Modern Era

KREMLIN FILES: A brush of a hand against a park bench with chalk; or, a piece of electrical tape left on a mailbox. Sometimes it’s a coded phrase buried in a routine email with an encrypted picture. This is what Russian intelligence tradecraft looks like: subtle, disciplined, and built on signals most people would never notice. With the campaign of Russian hybrid war taking place across the European continent, it is more important than ever for NATO’s intelligence services and the general public to be mindful of Russian espionage tradecraft. That same tradecraft is also shared – at least in part-- with some of our other adversaries, including Chinese intelligence, Iranian IRGC (Revolutionary Guard) or other elements, and even terrorist groups. There has never been a better time for Americans to exercise vigilance regarding our adversaries and their intelligence services.

For the Russian intelligence services (RIS), over a century of experience-- from the Cheka to the KGB and today’s SVR and GRU-- has helped refine the art of handling agents in what they consider hostile foreign environments. While technology advances, the fundamental principles remain largely unchanged: compartmentalization, deniability, patience, and psychological control. The early Bolshevik revolutionaries had to understand spy tradecraft because they were leading a major conspiracy against the Tsar. They were enemies of the state, traveling under false passports and following what they called the “rules of conspiracy” to carry out their revolution.

Some aspects of Russian agent handling have evolved, but others remain the same. In my upcoming book on Russian intelligence tradecraft (out with Naval Institute Press, April 2026), I have a chapter devoted to Russian “street tradecraft” or how they handle their recruited agents. CIA calls this practice “sticks and bricks.” The RIS train on this heavily at their intelligence academies, including surveillance/countersurveillance techniques, agent signaling and handling, and the use of operational technology in agent communications. These tactics have evolved as well over the years to include satellite- and computer/encrypted-based “covert communications,” or what the Russians commonly call “spets-svyaz.”

Studying these techniques and their patterns is more important than ever with Russia unleashing a wave of covert action and sabotage operations against NATO and the West. Invariably, among those operations, there will be handling of espionage penetrations of NATO countries and their governments. And when they have highly placed agents, or even those placed in the media, companies, or NGO’s, the SVR, GRU, and FSB will use the following types of tradecraft to handle them.

Russian Agent Signaling and Handling Practices

Signaling is fundamental to any agent-handling operation (recall that the Russians, like U.S. services, do not refer to their officers as agents—the term agent is reserved for the asset, or foreign spy, being handled). Before any message is exchanged, agents and handlers must confirm that it is safe to communicate and then signal that the material exchange has been successful. Russians use what we often like to call “urban geography,” meaning telephone poles, mailboxes, park benches, or signs. Things that won’t typically move but are part of our everyday life and can be easily described to an agent, while still being distinct.

For example, the KGB used telephone and utility poles to mark signals and packages for the recruited cryptographic spy John Walker in the 1980s, while he was betraying the U.S. Navy in the case that became known as the “Walker Family of Spies.” The utility poles had the advantage, as the KGB noted, of each bearing a specific metal plate or identifier, which Walker could verify before dropping his reels of photographed documents, often concealed among various pieces of garbage (such as photographic reels placed in empty soda cans).

Dead drops, or what our British colleagues call “dead letter boxes,” are equally fundamental to Russian agent handling. They call them “tainiki,” meaning “concealed” or “secret place.” The Russians will use sealed and concealed containers — magnets under bridges, hollowed-out stones, or waterproof capsules (sometimes just double-wrapped trash bags) set in quiet locations or buried shallow in parks. These dead drops allow material to be exchanged without face-to-face contact. The method minimizes exposure: no meeting, no surveillance photographs, no conversations to intercept, and no risk of the FBI, British BSIS, or other foreign counterintelligence services following the agent or the Russian intelligence officer (RIO) to the meeting, thereby compromising the op.

And then there are communications protocols. Historically, this meant one-time pads and burst radio transmissions used by Russian agents throughout the Cold War. All of the Russian illegals who were arrested in the “Ghost Stories” case publicized in 2010 were trained and utilized to some extent or another in these systems. They involve encrypted messaging apps, laptops wired for covert exchanges, steganography in digital images, or covert Wi-Fi exfiltration from public spaces.

With all these practices, the same rules endure from the early days of the Bolshevik Chekists: assume compromise is inevitable, and design for resilience and redundancy in agent communications.

Surveillance Operations Abroad

Abroad, the SVR and GRU use surveillance more selectively than at home. Russia is indeed a modern surveillance state, but abroad, the RIS are the hunted and watched. The FSB operates less abroad than its foreign intelligence service and military counterparts, but it has made more forays into foreign work than ever, particularly in special operations and so-called “wet work.” The goal with surveillance, for all three services, is to monitor adversarial services (i.e., all diplomats from NATO and other countries that Russia considers adversaries—a list that is growing), protect their own officers, and, sometimes, use it to find kompromat—compromising material to intimidate potential recruits via extortion.

The SVR and GRU each have dedicated surveillance teams that can deploy abroad under the guise of illegal or other official or non-official covers. But more often than not, they employ their own IO (intelligence officer/staff officers) from Residencies already abroad in order to conduct “pick-up” teams to surveil targets of interest. This is not a best practice, but one they are forced into by the PNGs (declaration persona non grata), or expulsions, of hundreds of their intelligence officers from NATO and other countries in recent years. The RIS no longer have the staffing they once did under official cover at embassies abroad.

Naruzhka, as the Russians term the surveillance art, is never just about “following.” It supports countersurveillance, ensuring GRU and SVR officers are not under adversarial monitoring before a meeting or dead drop. Also, for the various acts of operational security with meetings, Russians use surveillance detection routes, which they call “marshrut proverki” or MP’s. When they have the resources to do so, just as in Russia, the SVR, GRU, and sometimes even the FSB map the routines of foreign officials or business leaders. Their goal is to determine whether those targets are viable recruits or potential targets for other operations, like their “direct action” and assassination attempts abroad.

Lessons Learned and Forgotten, From the Cold War

Good counterintelligence isn’t about chasing cinematic spy stories, but about recognizing patterns: subtle signaling behaviors or unusual compartmentation requests. These can be seemingly low-value contacts that, over time, map a network. U.S. and allied services have disrupted sophisticated networks run by the RIS over the years, many times over. Still, the operating environment has unfortunately only become more permissive for spying as methods using technical resources expand.

Global mobility, digital platforms, academic openness, and venture capital ecosystems create frictionless access points that hostile services exploit patiently and methodically. That means counterintelligence tradecraft must be just as disciplined. Allied services need to employ pattern analysis, cross-domain collaboration, and data integration. Defensive briefings need to be practical, not paranoid or meant to intimidate employees. Early anomaly detection inside sensitive programs is important. And above all, we need to exercise our collective institutional memory: understanding that these methods are not new, only repackaged.

Companies, universities, research centers, and startups sit on the front lines, whether they realize it or not. Talent recruitment, joint research proposals, conference networking, investment offers, and data partnerships can all be legitimate, or occasionally something else. The RIS and their Chinese allies understand that long-term access is preferable to short-term theft. They cultivate relationships, not just sources, and they play on ego, especially with academics, diplomats, and businesspeople. The Chinese recruitment of former CIA officer Kevin Mallory is a case in point—recruited and contacted by the Chinese through a job-hunting social media platform.

We are targets — both in the United States and with all of our European allies. We are so, not because of paranoia, but because of capability and innovation that are the envy of Russia. That and our democracy, which Putin fears. He can’t afford for the Russian people to have the benefit of democracy and the freedoms we enjoy. If he allowed it, his reign could not have lasted as long as the longest of the Tsars.

The Russians still use the term “GP” (glavnii protivnik) to refer to the U.S. as the main adversary. Ask any RIO, and they will quickly state that the UK, Germany, and all our NATO allies rank 2,3,4 etc. We need to be aware, actively collaborate, and remain constantly vigilant. The brush of a hand against a bench. A benign LinkedIn message. A visiting scholar with a narrowly defined question set. Tradecraft hasn’t disappeared, but has adapted. Vigilance, transparency, and informed skepticism aren’t overreactions. They are the modern equivalent of checking the lampposts and utility poles for chalk marks.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Blockade by Permission: How Iran Determines Who Gets Through Hormuz

For roughly two weeks, the Karachi, a Pakistani-flagged Aframax tanker loaded with crude at Das Island in Abu Dhabi, sat waiting for a signal that never came through official channels. When it finally moved, it did not take the standard shipping lane.

It hugged the Iranian coast, threading through the narrow gap between the islands of Larak and Qeshm, a route mariners are normally advised against, before tracking out into the Gulf of Oman. The tanker’s AIS transponder was broadcasting throughout, as if Tehran wanted the world to watch. The message was unmistakable: Iran was not simply closing the Strait of Hormuz. It was deciding, vessel by vessel, who had earned the right to pass.

Since Operation Epic Fury began on February 28, just 21 tankers have transited the strait, according to S&P Global Market Intelligence, compared with more than 100 ships daily before the conflict. The strait typically handles 21 million barrels of oil per day during normal operations, according to the IEA’s March 2026 assessment.

By this month, global oil supply had fallen by approximately 8 million barrels per day — a reduction the IEA has characterized as the largest oil supply disruption in history. Brent crude surged above $119 a barrel on March 19, the morning after Iran struck Qatar’s Ras Laffan gas field, before settling back above $105 at week’s end, more than 40 percent higher than before the war began.

What is emerging from the wreckage of normal transit is something more strategically dangerous than a closed strait: a permission economy, run entirely out of Tehran.

On March 5, the IRGC announced that Iran would keep the strait closed only to ships from the United States, Israel, and their Western allies. The declaration formalized what ship-tracking data had already begun to reveal. Yet, a growing number of ships have been rerouting via Iran’s territorial waters, suggesting Tehran is allowing permission-based transits to friendly nations, Iran’s Foreign Minister Abbas Araghchi confirmed the architecture in plain terms, saying the strait was “open, but closed to our enemies” — a formulation he repeated across multiple statements that week as Iran’s selective passage policy hardened into a deliberate framework.

According to a United States intelligence source, speaking to The Cipher Brief on background, the process is more transactional than diplomatic: a vessel requests permission directly from the IRGC, and if clearance is granted, it passes missile and drone-free. Those permissions, the source said, come at a price: vessels must pay a fee for the privilege of passage.

The beneficiaries have been carefully chosen.

Iran’s ambassador to India, Mohammad Fathali, confirmed that Tehran had allowed some Indian vessels to pass. Two Indian-flagged tankers carrying liquefied petroleum gas bound for ports in western India crossed early one morning, according to Rajesh Kumar Sinha, special secretary at India’s Ministry of Ports, Shipping and Waterways.

A Turkish-owned ship was also allowed to transit after Ankara received permission from Tehran; earlier, the Panama-flagged but Turkish-owned LPG tanker Bogazici had broadcast via AIS that it was a Muslim vessel under Turkish operation before successfully crossing.

Moreover, Pakistan’s passage was confirmed through a combination of Iranian clearance and direct naval coordination. A military source told Reuters that Pakistani naval officials had been in contact with Iranian counterparts. “No escort was needed, being Pakistani vessels,” the source said. The Pakistan Navy nonetheless provided maritime security to the vessel throughout its journey, according to Pakistan’s Express Tribune.

Jim Krane, energy research fellow at Rice University’s Baker Institute, tells The Cipher Brief that Iran is taking a page directly out of the Houthis’ playbook.

“They’re using Hormuz restrictions as a form of targeted economic sanctions on countries and firms with links to the U.S. and Israel,” he says. The Houthis did the same thing in the Bab al-Mandeb and the Red Sea. ‘Friendly’ cargoes were allowed to proceed, and those with connections to Israel, the United States, and Europe were denied passage.”

The logic is deliberate. Turkey is a NATO member but has maintained independent ties to Tehran. India has not joined any coalition against Iran and continues to import significant volumes of Iranian crude. China, which receives around 45 percent of its oil imports via the strait, was the first country Iran signaled it would favor, with reports emerging on March 4 that Tehran would initially allow only Chinese vessels to pass, citing Beijing’s supportive stance since the conflict began.

The architecture of the selective passage

The vessels that have made it through have not had an easy transit. Even routes shadowing the Iranian coast carry risk. On March 12, a China-owned container vessel called Source Blessing, operating under the Hapag-Lloyd and Maersk Gemini Alliance and broadcasting “China Owner” via AIS, was struck by falling debris while sailing toward Jebel Ali in the United Arab Emirates — not in the strait itself, but close enough to unsettle Chinese shipowners who have since largely avoided the route, according to Lloyd’s List Intelligence.

The attacks have followed no discernible pattern, making planning nearly impossible because operators cannot determine the rationale for targeting one ship rather than another. On March 11, a Thai-flagged bulk carrier, the Mayuree Naree, was struck by two projectiles while transiting the strait, setting fire to the engine room and forcing 20 of its 23 crew to abandon ship. Three crew members remained missing and believed trapped below. By March 6, the IMO Secretary-General confirmed at least six seafarers had lost their lives in attacks on vessels since the war began.

GPS and AIS interference has intensified sharply, affecting more than 1,650 vessels as of March 7 and concentrating spoofed positions near Fujairah and the Gulf of Oman, according to Windward. Some captains have gone dark deliberately — India’s maritime fusion center noted a rise in vessels conducting “dark transits” with AIS disabled to obscure their positions.

Roughly 400 vessels were spotted in the Gulf of Oman, a massive backlog waiting near the chokepoint, according to satellite intelligence from mid-March. About 22 vessels carrying crude, LPG, and liquefied natural gas remained anchored in the strait itself, awaiting confirmation of safe passage.

Skip York, a nonresident fellow at Rice University’s Baker Institute for Public Policy, tells The Cipher Brief that Iran’s closure is ultimately a one-time card.

“It works in the short-term because there are no easy bypass options for all Gulf exports, especially LNG,” he says, but stresses that it accelerates the very supply diversification it seeks to prevent and “runs the risk that shipments out of the Gulf can be seen as unreliable — thus encouraging diversification to oil and gas supplies from other regions.”

Krane is blunter about the path back to open transit.

“Hard to see the U.S. and Israelis bombing their way to an open strait,” he underscores. “Either we invade Iran with ground troops, or we call off the war.”

A fracturing coalition response

The military pressure campaign escalated sharply on March 19, when Joint Chiefs Chairman Gen. Dan Caine announced at a Pentagon press briefing that A-10 Warthog aircraft had entered the fight. “The A-10 Warthog is now in the fight across the southern flank and is hunting and killing fast-attack watercraft in the Straits of Hormuz,” Caine said, adding that AH-64 Apache helicopters from both American forces and regional allies had joined to handle Iranian one-way attack drones.

United States Central Command subsequently published footage of American strikes destroying Iranian naval assets threatening international shipping in and near the strait. Iran, despite the sustained pressure, retains significant asymmetric capabilities — mobile missile launchers, drones, and small boats that can be rapidly deployed from hidden coastal bases.

The coalition picture, meanwhile, remained fractured. At an EU summit in Brussels on March 19, European leaders doubled down on their refusal to join the American and Israeli military campaigns. EU foreign policy chief Kaja Kallas had made clear days earlier that there was “no appetite” among member states to expand the Aspides naval mission from the Red Sea to the Strait of Hormuz, and the summit produced no change in that position.

Germany’s Chancellor Friedrich Merz drew a clear line at the Brussels summit, saying his country would engage only after hostilities ceased.

“We can and will commit ourselves only when the weapons fall silent,” Merz said of potential German military support to secure shipping lanes in the Strait of Hormuz. “We can then do a great deal, up to opening sea lanes and keeping them clear, but we’re not doing it during ongoing combat operations.”

France, Germany, Italy, the Netherlands, the United Kingdom, and Japan issued a joint statement calling on Iran to “cease immediately” its drone and missile attacks and its other attempts to block the strait and expressing readiness to “contribute to appropriate efforts” to ensure safe passage — but stopping well short of deploying combat assets. NATO Secretary General Mark Rutte, meanwhile, acknowledged the urgency without offering specifics.

“Everybody agrees this strait cannot stay closed. It has to open up again as soon as possible. This is crucial for the world’s economy,” Rutte said. “I am confident that allies, as always, will do everything in support of our shared interests. So we will find a way forward.”

York’s near-term menu is narrow. Military pressure is one option, but he sees mediators as the more realistic path. Before Iran struck Ras Laffan on March 18, Qatar’s foreign ministry had said communications with different parties were ongoing — though Doha drew a hard line: no formal talks until Iran stopped attacking its neighbors.

Nothing like the broad convoy operations of the 1980s Tanker Wars — something tighter, more selective, and politically viable given how few allies have been willing to show up.

Read one way, Tehran’s approvals are nothing more than pure coercion. Read another, they are the unwritten beginnings of a framework, terms that exist in practice before anyone has put them on paper.

“This is in many ways positive news, as it indicates that Iran recognizes the need to allow shipping through and that it is open to such negotiations,” Christian Bueger, a maritime security scholar at the University of Copenhagen and the United Nations Institute for Disarmament Research, tells The Cipher Brief, adding that it could “potentially open up possibilities for a more structured and effective approach, initially only for a number of states.”

Moving from passage-by-passage to a rules-based system, he argues, would require “a sort of clearinghouse and coordination mechanism that also involves the shipping industry.”

The yuan gambit and what comes next

Reports have emerged that Iranian authorities floated the idea of allowing limited tanker traffic on the condition that oil transactions be conducted in Chinese yuan. Analysts are split on how much it matters. York’s view is that the dollar’s grip on global energy markets is structural, not symbolic.

“Chinese bond markets are relatively closed, yuan convertibility is restricted, and hedging instruments are thin compared to dollar markets,” he points out.

Krane, however, is similarly skeptical, observing that Iran already settles oil exports in yuan and that it is “not a major share of the market.”

Bueger frames it differently — as deliberate provocation rather than viable policy, “an attempt to undermine U.S. dollar centrality” that Iran will ultimately struggle to enforce.

The math is brutal. More than 75 percent of global spare production capacity is in Middle Eastern countries that ship through the strait, blunting whatever relief emergency reserves can offer. The IEA’s release of 400 million barrels, the largest in its history, covers roughly 20 days of normal Hormuz flows at best.

Under new Supreme Leader Mojtaba Khamenei, the strait continues to serve as Iran’s primary lever. As recently as March 20, he issued a written statement declaring that the “security” of Iran’s enemies “must be taken away” — a formulation that left the definition of enemy, as always, entirely to Tehran. The permission-economy Iran is now running is not a crisis to be managed in the short term, so much as a new geopolitical architecture being stress-tested in real time.

“The war with Iran is so unpopular globally that the sanctions strategy might work, because it allows opponents of the war to signal their displeasure with the U.S. and Israel,” Krane adds. “The countries that get rewarded are the ones willing to make small concessions to Iran — and in return, they gain access to important cargoes via the strait.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump’s Cyber Strategy Is a Strong Playbook, but It’s All in the Execution

OPINION — The White House is making a significant effort toward putting the nation’s cyber house in order. A newly released National Cyber Strategy represents a big step in the right direction for U.S. national security policy — advocating for the aggressive defense of our national infrastructure.

While the strategy includes important goals for the administration — streamlining regulation, developing the cyber workforce, defending federal networks, and partnering with the private sector — how the administration proceeds will determine whether it achieves the goals the strategy outlines. Across the strategy’s six pillars, the administration needs to clarify its arguments, refine its implementation plans, and improve its articulation of the challenge we face.

Defending U.S. national interests in cyberspace requires understanding the threat to our national security. Despite the prioritizing efforts to shape adversary behavior in the first of the strategy’s six pillars, it falls short of identifying America’s most aggressive adversaries — Russia and China. Both countries have repeatedly targeted American critical infrastructure without a meaningful response from the United States. It fails to mention China’s operational preparation of the battlefield on U.S. soil through its Volt Typhoon campaign against national critical infrastructure or Russia’s targeting of networking devices. Shaping adversary behavior in cyberspace requires identifying who the adversary is.

Pillar One provides a strong, effective argument for developing the offensive cyber capabilities and operations which are critical to enable success in today’s warfare. This White House showed its willingness to use these cyber capabilities in both Venezuela and Iran. There is an ongoing debate as to whether private companies should be allowed more agency to “hack back” against attackers, and the administration is reportedly considering an expanded role for the private sector. While the government should work with the private sector to develop these offensive capabilities, this should be limited to tool building and network defense rather than the actual conduct of offensive operations. If private companies conduct offensive cyber operations, the government risks losing control over escalation in conflict.

Pillar Two prioritizes streamlined regulations. Data and cybersecurity regulations help ensure companies have safe and secure practices. The proliferation of cyberattacks, however, has caused an explosion of cyber-related regulations. The federal government should work with the private sector to ensure that these regulations are comprehensive without being an unnecessary burden on the private sector.

Pillar Three focuses on the important goal of securing federal networks and modernizing procurement. The strategy wisely mentions post-quantum cryptography, zero-trust architecture, and cloud transition. To account for this emerging technology, the government must refine procurement processes to enable continuous improvement of federal networks.

Pillar Four calls for building strong private-public collaboration to defend critical infrastructure. This is a noble goal, but most of former Secretary of Homeland Security Kristi Noem’s work over the past year contradicted this goal. She eviscerated the cyber defense agency’s workforce — reducing it by nearly 40 percent — and disrupted cybersecurity grant programs, weakening the agency’s efforts to support state and local governments and public utilities. She cancelled the Critical Infrastructure Partnership Advisory Council, effectively gutting the federal government’s authority to engage private companies collectively to advance cyber defense.

The Trump administration can reverse this disastrous trend and get the United States on the right track to cyber defense of critical infrastructure. Noem’s replacement should start by rejuvenating and resourcing the Cybersecurity and Infrastructure Security Agency (CISA).

Pillar Five prioritizes American superiority in critical and emerging technologies — a necessary priority for ensuring U.S. success in cyberspace. Executing this strategy requires investment in the research centers that are the driving force for consistent improvement and development of critical and emerging technologies.

A key element of the new cyber strategy is in Pillar Six — its continued commitment to building America’s capability to develop talent in cyberspace. Without a strong cyber workforce in the government, the military, and the private sector, the nation is at risk of falling behind. The administration can validate this pillar with continued support to programs like the CyberCorps: Scholarship for Service which provides scholarships for cyber-related degrees in exchange for government service after graduation.

Because of the administration’s workforce cuts and hiring freezes, the program has faced challenges in the past year with maintaining funding and placing participants. The administration should support and expand funding for the program and prioritize hiring for participants. President Donald Trump should also establish a new military service for cyber, a U.S. Cyber Force, which would create a better mechanism for generating a military cyber workforce sufficient in size and skill to fulfill America’s strategic goals.

Trump would be wise to put the plan into action through additional executive orders (EOs) to implement the stated goals — presidentially signed orders task the federal agencies with discrete deliverables while White House strategic documents lack enforcing power. These EOs should prioritize support for CISA, cyber workforce development, and an organizational construct for taking aggressive action against U.S. adversaries. Taking the “ends” of the strategy and equipping them with “ways” and “means” via EOs will enable continued American superiority in cyberspace.

The six “Pillars of Action” in the new strategy have the potential to guide the United States toward success in cyberspace. That success will depend on whether the administration takes the necessary action to back up the sound rhetoric.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why the ‘Day After’ Is The Most Important Day in the Iranian Conflict

OPINION — The countries that get held up as models for this kind of US led attack are worth looking at closely, because they’re instructive in the wrong direction.

Iraq fell in twenty-one days in 2003, but Saddam Hussein was running a hollow state. His military had been gutted by a decade of sanctions, the 1991 Gulf War, and the no-fly zones. There was no grassroots ideological loyalty to the man — people obeyed out of fear, not faith. The moment the fear lifted, the structure dissolved. What followed was twenty years and trillions of dollars trying to hold the country together. Regime change worked militarily in three weeks and failed politically for two decades. Libya was a one-man personality cult held together by oil money and tribal patronage with no real institutional military and no ideology beyond Gaddafi himself. Remove the man and there was nothing underneath. The result wasn’t a democracy. It’s been a failed state ever since. Venezuela is a different category altogether because it hasn’t actually undergone regime change but rather the leader of the regime changed.

Iran is categorically different, and there are six reasons why that’s worth taking seriously and explains why the Trump Administration’s goals have shifted from Regime Change to Negotiating a Deal.

1. The first is that the regime is the ideology. The Islamic Republic isn’t just a government. It’s a theocratic revolutionary project that has spent nearly forty-seven years fusing religion, nationalism, and anti-imperialism into a single identity. For tens of millions of Iranians, particularly the rural poor, the deeply religious, and the Revolutionary Guard apparatus, the regime isn’t just who’s in power. It’s who they are. Saddam had fear. Gaddafi had tribal patronage. Khamenei has true believers. Unfortunately, you can’t bomb an ideology out of existence.

2. The second is the IRGC, and this is probably the most under-appreciated part of the whole conversation. Most coverage treats the Revolutionary Guard as a military institution, which it is, but that framing misses what actually makes it so durable. These are people who control ports, construction contracts, telecommunications infrastructure, black market oil exports. In fact, it controls somewhere between a third and forty percent of the entire Iranian economy. Before the conflict started, the IRGC had its own navy, air force, ground forces, intelligence apparatus, and foreign legion in the Quds Force. It’s not only ideology holding the institution together. It's an enormous class of people with enormous personal financial stakes in the continuation of the current arrangement. When you kill a general in Iraq, the army wobbles. When you kill an IRGC commander, the institution absorbs it and hardens. Israel killed multiple top commanders in 2024 and 2025. The organization did not collapse. It adapted. There are some who think the IRGC’s recent comments indicated it has is following Venezuela’s lead; has seized power and wants to make peace with the US.

3. The third is geography and strategic depth. Iran is roughly four times the size of Iraq and three times the size of Libya. It covers one point six million square kilometers of mountains, deserts, and dispersed population centers. Critical military and nuclear infrastructure is buried under mountains, in tunnels reinforced with concrete and hundreds of feet of rock. Fordow was designed specifically to survive a nuclear strike. It is difficult to fully decapitate a regime that is geographically dispersed, has hardened underground command structures, and has spent forty years preparing for exactly this scenario. The ability of disparate groups to control vast swaths and for the country to degenerate into civil war is high. This administration seems to be cognizant of that risk and with total air supremacy has made substantial progress towards irreversible damage to the regime but there are challenges in what can be accomplished by air power alone.

4. The fourth is that the population is complicated in ways that get lost in Western coverage. Yes, there have been significant protests. Yes, millions of Iranians, particularly urban, educated, younger Iranians, despise the regime. But the assumption tends to be that they experience their government the way Iraqis experienced Saddam which was something purely imposed, something they’d shake off the moment an outside force gave them the opening. Iran fought the bloodiest war since World War II largely without allies, against an Iraq the West was quietly supporting. That experience left a scar that runs across ideological lines. You can find Iranians who genuinely despise the mullahs and who would still recoil from a US military intervention on Iranian soil. This stems not out of loyalty to the regime, but out of something older and harder to dislodge than political preference. They identify as Persian. A foreign airstrike doesn’t read as liberation in that context. It reads as confirmation of everything the regime has been saying since the 1970s. And Persians view themselves as the conquerors, not the conquered. Compare that to Iraq in 2003, where significant portions of the Shia and Kurdish populations welcomed the invasion, or Libya where rebels were already fighting in the streets asking for NATO intervention.

5. The fifth is the proxy architecture. Iran has spent decades building what it calls the Axis of Resistance which is a network of proxy forces spread across seven countries specifically designed so that Iran never has to absorb a full military attack alone. Hezbollah in Lebanon, the Houthis in Yemen, Shia militias in Iraq, Hamas in Gaza, assets in Syria. These are not just political allies, These are pre-positioned military capabilities Iran can activate without firing a single missile from Iranian soil. Israel did real damage to Hezbollah’s command structure and arsenal in 2024 and 2025, and that’s worth acknowledging directly. But degrading a node in a network isn’t the same as collapsing the network. Iran’s demonstrated response to losing a piece is to absorb it, adapt, and rebuild, not to negotiate from weakness. We are already seeing the damage and distraction that both Hezbollah and the Houthis have created by starting new fronts against the US and its allies. It is unclear how capable either force is or how long those forces can commit to further support. It is the unknown that makes the situation unpredictable. And is a reason to be thoughtful in our approach.

6. The sixth is that there is no ready-made replacement. One of the quiet lessons of Iraq and Libya is that regime change requires someone to hand power to. In Iraq there was at least a political infrastructure of exiled opposition parties. In Libya there were rebel militias with territorial control. In Iran the opposition is fractured, largely in exile, ideologically diverse. The opposition ranges from monarchists to secular liberals to the MEK, which is widely despised inside Iran and has zero military capacity inside the country. Without a credible successor, military strikes may not produce an acceptable regime change. These attacks could produce chaos, and chaos in a country of ninety million people with a sophisticated weapons program is far more dangerous than the regime itself. And, any successor viewed as a puppet of America will fail. The Persian culture will reject someone imposed on it. The people will have to broadly support any new political leadership. And, that has not happened. There are many reasons we do not see large numbers of Iranians trying to seize the momentum and overthrow the regime. It doesn’t matter. For this reason alone - lack of a popular uprising and rally behind a clear replacement, the regime is unlikely to change. And, Iranians were never going to accept a new leader picked by the United States and Israel. It has to be organic.

The honest historical lesson is this: the US has never successfully engineered lasting regime change in a country with these characteristics. Not through sanctions, not through airstrikes, not through proxy support. The question isn’t only whether the US has destroyed Iran’s nuclear program with these attacks, it almost certainly has degraded it significantly. The question is what comes after, and on that, history offers very little comfort. Which is why it appears this administration has not prescribed what will happen next preferring to keep all options on the table. If, as Trump encouraged in his public addresses, the population rises up and overthrows the clerical ruling class, then regime change will have been achieved and the follow-on becomes a test of who is the new regime and what kind of deal can the US reach with the new leaders. If the population fails to rise up and the regime, despite being damaged, survives (the most likely outcome), the option list gets very short, very fast. The best option is to reach a negotiated deal that keeps the Straight of Hormuz open while insuring Iran does not develop nor acquire nuclear weapons.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

From Kyiv’s Skies to the Persian Gulf: How Ukraine’s Drone Technology Is Reshaping Global Defense

As Iranian-designed Shahed drones struck critical infrastructure across the Persian Gulf in early March, military planners in Washington confronted an uncomfortable reality. The weapons that have terrorized Ukrainian cities for four years were now exposing gaps in some of the world’s most advanced air defense networks. Gulf states burned through expensive Patriot interceptors at alarming rates, with each four-million-dollar missile destroying drones costing a fraction of that amount. The solution might come from an unlikely source: Ukrainian defense technology companies offering combat-proven systems forged in modern warfare.

The Brave1 Ukrainian Defense Tech USA Roadshow brought 17 companies to Washington recently, showcasing how rapidly the geopolitical landscape has shifted. These aren’t theoretical capabilities. They’re systems that have faced hundreds of Russian drones nightly for years, refined through trial and error on an active battlefield.

“You have the opportunity to talk with promising companies that are looking for joint partnerships in the US and looking for investors,” Iryna Zabolotna, Chief Operating Officer of Brave1, tells The Cipher Brief at a packed press conference at the Ukrainian Embassy.

Behind her, executives from companies like General Cherry, Unwave, SkyFall, and The Fourth Law represent an ecosystem that has scaled from near-nonexistence to producing millions of drones annually. The question now is whether that expertise can translate beyond Ukraine’s borders.

The numbers tell a stark story. According to Gulf defense ministries, more than 1,000 Iranian drones were detected over the United Arab Emirates alone in the first days of March, with similar waves hitting Qatar, Bahrain, Kuwait, and Saudi Arabia. Traditional air defense systems weren’t designed for saturation attacks. Each Patriot PAC-3 interceptor costs roughly $4 million. The Shahed drones they’re destroying cost between $30,000 and $100,000. Ukrainian companies offer different economics. Sergiy Orlov, Director of International Cooperation at General Cherry, explains that his company produces between 60,000 and 70,000 drones monthly, including 10,000 drone interceptors.

“This is an extremely efficient solution which allows us to defend our civilians, our cities, our country and defend on the front line,” Orlov tells The Cipher Brief. “And it’s extremely cost-effective. We are talking about a solution with a cost of four or five thousand US dollars per intercept.”

The interceptor drones work differently from traditional systems. Operated by pilots using first-person-view goggles, they physically pursue and destroy incoming threats by colliding with them. It’s an approach Ukraine developed when advanced Western systems arrived too slowly.

“If you think of electronic warfare solutions, there are jamming systems, there are amplifiers, and a lot of other things that originally were bought in China,” Yurii Shelmuk, CEO of Unwave, tells The Cipher Brief. “Right now it’s fully, 100 percent, local production in Ukraine.”

Beyond Hardware: The Knowledge Gap

The technology represents only part of what Ukraine offers. The real value is operational knowledge from years of desperate innovation.

“It would normally take years and months to prepare the armed forces of any country around the world to at least get like one-third of the knowledge our Ukrainian armed forces and companies have,” explains Ambassador Olga Stefanishyna. “And by the time they will complete their training, they will have to start over, because things are really changing very, very rapidly.”

This expertise gap became apparent when Russian drones based on Iranian designs struck Poland in September, breaching NATO airspace despite advanced fighter jets and Patriot systems. Poland discovered what Ukraine already knew: responding to mass drone attacks requires more than sophisticated equipment.

Yaroslav Azhniuk, CEO of The Fourth Law, which develops AI-powered autonomy for drones, frames it differently.

“Systems that work not in the cloud, not ChatGPT-like, but systems that work on board on the edge of the drones, I would argue that Ukraine has some of the world’s most advanced systems of that kind,” Azhniuk says.

Before the war, he spent six years in Silicon Valley building Petcube. Now he applies that expertise to weapons.

“That is extremely unique and impossible to replicate anywhere else in the world but in Ukraine, because the current strategic advantage that Ukraine has on the global stage is that it has been in a war with Russia for 12 years,” Azhniuk underscores.

The software represents a less visible but potentially more significant innovation. These systems absorb battlefield experience in ways that can’t be replicated in peacetime training. They’ve adapted to Russian electronic warfare and evolved countermeasures to operate in the most contested electromagnetic spectrum on Earth.

The Supply Chain Dilemma

Beneath the successes lies a challenge: dependence on Chinese components. When Ukraine’s drone industry exploded in 2023, most components came from China. As the sector matured, manufacturers worked to localize production. Azhniuk notes that many drones now use 80-90% Ukrainian-made first-level components.

But second-level components, components used to make components, remain problematic. Thermal camera sensors and battery cells still flow from Chinese manufacturers. This creates both a strategic vulnerability and an intelligence leak.

“When we are localizing or not localizing component production, we are also sharing or not sharing the know-how that is specific to how our warfighters use these drones,” Azhniuk explains.

The scale of demand makes complete independence difficult. Ukraine plans to produce more than seven million drones in 2026. A quadcopter requires four motors, meaning the industry needs 28 million motors annually — roughly 77,000 per day. Azhniuk’s company is now considering building a semiconductor fabrication plant in the United States to manufacture thermal camera sensors.

“We received significant interest from parties in the United States,” he points out. “It’s crucial for the defense of the free world to build this internal capability for the whole supply chain.”

The Political Calculation

The roadshow arrives amid delicate negotiations. President Trump previously announced a drone deal with Ukraine, but months passed without visible progress. Ambassador Stefanishyna acknowledges the arrangement hasn’t produced a formal memorandum but insists a real partnership has developed. Ukrainian companies have been selected for Army-led drone innovation programs, and delegations have conducted exchanges with the Pentagon.

The Iranian attacks changed the conversation. President Zelenskyy confirmed that Ukraine will deploy equipment and experts to Jordan at the American request, though operational details remain classified. This highlights Ukraine’s leverage: it possesses both the technology and trained personnel to operate these systems in combat.

This creates opportunity. Ukraine desperately needs PAC-3 missiles for Patriot systems to defend against Russian ballistic missiles — the one threat its interceptor drones cannot address. Gulf states need interceptor drones to preserve their Patriot stocks. Zelenskyy has publicly floated exchanges.

“For the future, of course, we will consider the ways we could engage on a basis that would really not undermine our own efforts but also will enable the companies,” Stefanishyna observes. “Because you see here the representatives of the companies, these are private entities. These are not state-owned companies, so we’re just happy to share the platform with them.”

The private sector nature of these companies complicates matters. Ukraine banned weapons exports after Russia’s invasion in 2022. Any sales to foreign governments require explicit authorization and are likely to involve complex arrangements between military channels rather than direct commercial transactions.

Scaling Global Ambitions

Beyond immediate Middle East needs, Ukrainian companies harbor larger ambitions. Artem Moroz, Head of Investor Relations at Brave1, describes the roadshow as part of building Ukraine’s “Defense Tech Valley”— an ecosystem modeled on Silicon Valley. The Brave1 investment community now includes more than 400 investors, with nearly 200 million dollars invested.

The roadshow spans multiple American cities through mid-March, with demo days in Washington, New York, Austin, and San Francisco. Events have drawn interest from defense contractors, venture capital firms, technology companies, and congressional representatives. Ukraine is also establishing joint grant programs with Norway, France, and other NATO countries.

“You have Silicon Valley. We would like to have a Defense Tech Valley in Ukraine,” Zabolotna says.

It’s an audacious vision for a country still fighting for survival, yet grounded in demonstrated capability. Ukrainian companies have moved from concept to mass production in months. They’ve iterated designs through actual combat rather than theoretical exercises.

“We were under pressure. We were under threat,” Zabolotna continues. “And definitely, the Ukrainian ecosystem would like to create solutions that can protect us. The main idea is that many Ukrainian companies that are now in defense — previously, before the full-scale invasion — worked more like private entities, such as civil or dual-use, and nobody was eager to create a defense ecosystem in Ukraine. I think it’s pressure and our brave hearts that Ukrainians would like to protect our land and our citizens, whatever we should do.”

In essence, the wartime pressure transformed Ukraine’s civilian tech sector into a defense innovation powerhouse driven by existential necessity and national survival.

The Replication Challenge

Whether Ukraine’s model can be replicated or exported at scale remains uncertain. The companies acknowledge that hardware represents only part of the solution. Training pilots takes at least weeks. SkyFall, one of Ukraine’s largest UAV manufacturers with drones deployed in more than two million missions, runs its own academy. The company has developed the capability to remotely pilot drones, potentially allowing operations in the Gulf to be controlled from Ukraine.

The tactical knowledge poses an even greater challenge. Russian forces continuously adapt their Shahed deployment strategies, recently implementing swarm tactics with “mothership” drones managing dozens of smaller units. Only Ukrainian military units that have experienced these evolving tactics understand how to counter them. Orlov emphasizes that effective deployment requires “mutual cooperation between us as a private company and, for sure, the state which can supply this knowledge.”

The competitive landscape is also evolving. Other countries have begun developing low-cost interceptor programs. The Pentagon has established squadrons using drones reverse-engineered from captured Iranian Shaheds. But Ukraine maintains an advantage: its systems are already in mass production and combat-proven.

As the Washington roadshow continues, Ukrainian companies face questions about whether they can scale production to serve both domestic military needs and export markets. Orlov suggests his company could double its monthly production of 10,000 interceptors within weeks. But broader supply chain constraints make rapid global expansion challenging.

The Middle East crisis has created an unexpected opportunity for Ukraine to translate battlefield necessity into geopolitical leverage. Whether that translates into sustainable partnerships will depend on political will, export controls, and the evolving dynamics of conflicts in both Eastern Europe and the Middle East.

For now, the message from the Ukrainian delegation is straightforward: they’ve solved problems others are just beginning to understand.

“You’ll actually be surprised how many countries woke up already,” Shelmuk stresses, “and you’ll be even more surprised how many expressed interest.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why Hasn’t Iran Buckled Under U.S.-Israeli Pressure?

EXPERT Q&A -- There are more questions than answers around the reported delivery of a U.S. 15-point plan presented to Iranian officials via a Pakistani interlocutor, with the intention to end the war, including whether the plan has been outright rejected by Iran.

It’s not clear for example, whether Israel is onboard with the proposal, as airstrikes continue, and it is unclear how open Iran would be to any kind of deal after weeks of bombings and days of conflicting messages about whether negotiations are really underway.

Despite U.S. and Israeli air superiority and a significant degradation of Iran’s missile capabilities, Iran still has a number of ways that it is fighting back.

The Cipher Brief spoke with former senior CIA Executive Dave Pitts, who is the co-founder of The Cipher Brief’s Gray Zone Group, about what Iran’s surprising resilience in the face of the U.S. – Israeli led attacks, tells us about what we should expect next.

Pitts: Iran’s staying power and effective asymmetric response despite sustained U.S. and Israeli strikes has surprised analysts and frustrated Western and regional officials. By conventional metrics, Tehran should have crumbled or sued for peace under the sustained pressure of two of the world’s strongest militaries dominating its skies. Instead, decades of gray zone operations - gray warfare - prepared Iran for this moment.

The gray zone is the geopolitical space between peace and war, where nations take action to advance their own national interests, attack and undermine their adversaries, and set the conditions for a future war without triggering an armed response. In other words, operations below the threshold of war calculated to gain a strategic advantage and to limit deterrence and discourage a persuasive response.

Gray warfare and asymmetric warfare function as counterparts along the spectrum of conflict - one below the threshold, the other above. The same tools allowed Iran to transition rapidly from the gray zone to asymmetric warfare against superior conventional forces. How asymmetric warfare exposes the limitations of traditional military power is a topic for separate discussion.

Iran’s preparation was extensive: building surrogate armies, stockpiling concealable stand-off munitions, honing capabilities to disrupt maritime shipping, expanding the IRGC’s ability to coerce and intimidate its neighbors, conducting influence operations against Israel and the U.S., and forging transactional ties with Russia and China. These efforts produced forces and capabilities with depth, dispersion, and autonomy, shrouded in ambiguity and propagandized as undefeatable.

Today, rather than surrender or collapse, Iran is waging a deliberate asymmetric campaign relying on drones and missiles, that has destabilized the region, forced evacuations, closed airspace, and injected volatility into global energy markets. Its objective is not a military victory but cognitive and political effect: to stoke fears of a broader regional war, erode public and political will, and influence decisions that will force an end to the war on terms favorable to Tehran.

Iran’s response is not a new military development. It is the predictable outcome of years spent waging gray warfare against the West. Washington and its allies should see this as the culmination of long-term gray zone strategy, not an aberration, to avoid strategic surprise with other adversaries.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Romania Pays the Cyber Price for Backing Ukraine. Where is the EU?

OPINION – When ransomware groups hit Romania’s national water agency, its largest coal-fired power producer and oil pipeline operator all in recent months, it would have been easy to file each incident under “criminal nuisance” and move on. But the ransomware gangs targeting the national critical infrastructure, including groups like Qilin and Gentlemen, are not merely profit-driven criminals operating in a vacuum. They are key vectors of Russian hybrid warfare in Europe.

In a recent interview with Recorded Media, Romania’s top cybersecurity official Dan Cimpean highlights that these frequent cyber-attacks are not merely operations performed by non-state actors looking for extracting financial benefits. These attacks, Cimpean argues, are systematic and geopolitically timed, often coinciding with Romanian political decisions tied to support for Ukraine. As observed in the Kremlin-sponsored interference campaign targeting Romania’s presidential elections in 2024, Russia is “trying to destabilize our social, political, and economic life”.

Romania, which has NATO’s largest land border with Ukraine, is not an outlier. Polish energy infrastructure was recently hit by Moscow-linked actors. Moldovan parliamentary elections in 2025 were accompanied by cyber and disinformation operations amplified by artificial intelligence. Dutch intelligence has warned that Russian cyberattacks, sabotage, and cover influence campaigns across Europe are intensifying. The pattern is clear and so is the trajectory: fearing military loss in Ukraine, Russia attempts to destabilize Kyiv’s most supportive European partners. What is less clear is why the European Union is not acting for increasing the costs for these cyberattacks, especially since EU leaders like Emmanuel Macron and Friedrich Merz claimed earlier at the Munich Security Conference that they must take action for becoming geopolitically robust given U.S.’s ambiguity towards European engagement, coupled with Russia’s growing assertiveness.

The European Union does, in fact, possess a meaningful tool that could be deployed in cases like Romania’s: its cyber sanctions framework, established in 2019 under the Cyber Diplomacy Toolbox. This instrument was used sparingly to designate individuals and entities responsible for significant cyberattacks. In the 7 years since it was established, only 17 individuals and 4 entities were sanctioned under this cyber sanctions’ framework, despite the increasing number of offensive cyber operations in Europe in the range of thousands. Given the scale and frequency of Russian-aligned cyber operations across the continent, the EU’s restraint is not strategic patience - it is negligence and an invitation for Russian-connected ransomware groups to continue offensive operations targeting European energy, telecommunications, and water infrastructure.

The EU deploying cyber sanctions more aggressively would carry more than the symbolic value of a more strategically autonomous Europe. Sanctions create costs for the adversary. They are designed to disrupt financial flows to ransomware operators who depend on the international banking infrastructure, cryptocurrency exchanges with European exposure, and front companies operating in permissive jurisdictions. Designating ransomware groups like Qilin, Gentlemen, and their known affiliates, along with the broader ecosystem of bulletproof hosting providers, money launderers, and initial access brokers that sustain them would not outline eliminate ransomware overnight. It would, however, raise the cost to ransomware groups doing business with Russia and, at the same time, send an unambiguous political signal that the EU is treating cyber operations targeting critical infrastructure as acts of aggression, not just cybercrime.

The EU must pursue these sanctions not in isolation, but as part of a broader attribution effort including member states and candidate countries. Attribution is often a hard political choice rather than a technical operation, and Russia is actively exploiting the EU’s difficulty in making hard political decisions. The evidentiary threshold for sanctions does not require the certainty of a criminal conviction. The standard is reasonable grounds, and between national cyber agencies, Europol, ENISA, and intelligence-sharing partnerships, Europe has more than enough to build credible designation cases. Formats like the recently launched trilateral cyber alliance between Romania, Moldova, and Ukraine could be used not only for sharing threat intelligence and aligning standards for cyber hygiene, but also for crystallizing broader continental support for the EU cyber sanction’s framework.

But even stronger political will may not be enough without a structural reform of the EU cyber sanctions regime. Under the current legal framework, decisions on cyber sanctions designations require unanimity in the EU Council, implying that a single member state can veto a cyber designation, however well-evidenced. This is not a theoretical problem, it’s an operational gap that Russia understands and exploits through its sympathetic EU governments, like Hungary and Slovakia. Through the advocacy of states that are in the front line of exposure to Russian hybrid warfare, the EU must pursue qualified majority voting for cyber designations.

The argument that foreign and security policy must remain unanimously agreed is understandable in contexts where member state interests genuinely diverge. Protecting European critical infrastructure from a hostile state’s hybrid operations is not one of these contexts - it should be common ground. Moving towards quality majority voting for cyber sanctions would also help speed the pace of these decisions. The EU sanctioned people for the NotPetya campaign three years after the attack, and for the Bundestag hack five years after it occurred. This delay severely dilutes the impact of the sanctions and signals Europe's weakness.

The European Union must also look inward, at the corporate negligence that makes these cyberattacks against vital infrastructure so effective. The jarring truth is that the Russian-sponsored ransomware campaigns targeting critical infrastructure succeed not primarily because of Russian sophisticated offensive capabilities, but because of poor cyber hygiene. Unpatched systems, poor identity management practices, weak network segmentation and insufficient red teaming create the perfect storm in which these ransomware gangs operate to weaken European economies. European critical infrastructure sites are not breached because operators like Qilin are sophisticated, but because the bar is low enough to clear. The EU’s NIS2 Directive, which came into force in 2023, was supposed to change this status quo. It expanded the scope of critical sectors to mandatory cybersecurity standards and tightened reporting obligations and management-level accountability. Member states, however, have been very slow to transpose NIS2 into national law and even slower to enforce it meaningfully.

The EU must advance toward a model where entities in critical sectors that suffer a significant breach face real regulatory scrutiny as a reasonable standard. Companies that cannot demonstrate minimum cyber hygiene should face graduated financial penalties and those responsible for critical systems, whether power grids, water utilities, or pipeline operators, should face enhanced obligations and more aggressive oversight.

The moment to act is not after the next power outage, the next hospital system locked down or the next election disruption. Romania’s top cybersecurity official has warned that even if the guns in Ukraine fall silent, Russia will continue to operate in cyberspace, and the European Union must be prepared to act. Preparation does not imply reinventing the wheel, but actively using the tools already on the shelf, such as the underutilized European cyber sanctions regime for whose activation Romania needed to advocate.

The legal framework exists and the dots of Russian hybrid warfare can be connected for the political establishment to deliberate and act. Europe's continued inaction against Russian-connected offensive cyber operations targeting critical infrastructure carries real costs - ones that undermine the ideal of a geopolitically robust EU and push European elites further from their stated objective of making the continent more economically competitive.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump Is Getting His Way in Caracas — But It’s Complicated

In 2017, Marco Rubio, then Florida’s junior senator, was assigned a Capitol Police security detail because the U.S. received unverified but alarming intelligence that Venezuelan strongman Nicolás Maduro’s feared chief enforcer was sending a hit man to assassinate him.

Today, in an epic irony, Rubio, now Secretary of State, and his boss, President Donald Trump, have turned to that same enforcer – Diosdado Cabello, whose official title is Minister of Interior, Justice, and Peace – to calm the nation in the wake of the U.S. Special Forces raid that ripped Maduro out of his bed on Jan. 3 and deposited him in a Brooklyn lockup on federal narcoterrorism charges. The administration’s aim, Rubio told Congress, is a “friendly, stable, prosperous Venezuela…objective number one was stability.” U.S. oil majors and other potential investors have told Trump and his team that they won’t return to get Venezuela's vast but neglected oil fields pumping again until the country is rid of troublemakers, from homegrown street crooks to hardline Cuban Marxists to malign players from distant shores.

“The restoration of Venezuela will not be complete without the expulsion of the Cubans, the Iranians, and by extension, Hezbollah, the Iranian’s proxy in Venezuela, as well as really curtailing the activities of the Chinese and the Russians in Venezuela,” David Shedd, formerly acting director of the Defense Intelligence Agency, told The Cipher Brief. To clear out all those dangerous characters, Shedd, a Cipher Brief expert, said that for now, the Trump team has no choice but to collaborate with Cabello and other unsavory remnants of the Maduro regime. “The levers of power still rest with people like [acting president] Delcy Rodriguez, her brother Jorge Rodriguez, who's the head of the National Assembly, along with Diosdado Cabello at the head of the intelligence services and Vladimir Padrino, head of the military,” he said. “All very corrupt individuals, all individuals that need to go eventually. However, they have the levers of power. It's within their power to do these expulsions.”

Critics will call it a deal with the devil. But so far, it’s working. Interim president Delcy Rodriguez, once a hardcore leftist idealogue, has turned out to be a survivor with a pragmatic side. Last month, she ordered Cuban security advisers and doctors out of Venezuela, according to Reuters. Last Wednesday (Mar. 18) she sacked Defense Minister Gen. Vladimir Padrino Lopez who had held that post for more than 11 years. Named for Russian revolutionary Vladimir Lenin and educated in part at Fort Benning’s School of the Americas, Padrino was indicted for narcotics trafficking in federal court in Washington, D.C. in 2019 for allegedly facilitating Colombian cocaine traffickers who were using Venezuela as a trampoline to the U.S. and Europe. The State Department is offering a $15 million reward for his arrest. If extradited to the U.S, he could make a plea deal with federal prosecutors to testify against Maduro.

Another potential witness, Colombian-Venezuelan billionaire Alex Saab, Maduro’s chief money mover, fixer and point man for dealing with Iran and Russia, may turn up in the U.S. in handcuffs soon. As Maduro’s alleged bagman, he is believed to have detailed knowledge of how the strongman looted his country’s treasury. Saab was indicted in Miami in 2019 in a DEA bribery/money laundering case that involved, among other schemes, allegedly moving $350 million in Venezuelan government funds meant for the poor to his offshore accounts. In 2020, he was detained in Cape Verde on a DEA red notice as his private plane was refueling on his way to Tehran. The following year, he was extradited to the U.S. to face charges. He denied wrongdoing. In 2023, President Joe Biden pardoned him as part of a prisoner exchange with the Maduro government. He was sent back to Caracas, where Maduro appointed him Minister of industry and National Production. Last month, according to the Miami Herald and New York Times, he was reportedly detained by Cabello’s agents working with the FBI. Negotiations are under way for his extradition to the U.S., based on a new, still-sealed indictment.

Trump rarely misses a chance to boast about the changes he has wrought in Caracas – and how they serve as his model for pressuring other nations to bend to U.S. demands. Yesterday (March 24), speaking with reporters about his efforts to change the regime in Tehran to one friendlier to U.S. interests, he gushed, “Look at Venezuela, how well that's working out! We are doing so well in Venezuela with oil and with the relationship between the president-elect [Rodriguez] and us. Maybe we find somebody like that in Iran.”

Yet Cabello, a swaggering onetime military officer who poses for photos brandishing a cartoonish spiked cudgel and patrols the streets with scowling thugs, remains in power. Back in 2017, Cabello adamantly denied a Miami Herald and CBS News report that he had initiated a “potentially grave” threat against Rubio, but the pair carried on a heated verbal duel in the news pages and social medium with Cabello calling Rubio a “fool” and “Narco Rubio,” and Rubio labeling Maduro an “unhinged dictator” and Cabello “the Pablo Escobar of Venezuela,”

Actually, Cabello is so much more. Escobar never attained public office in Colombia. Cabello has loomed large in Venezuelan power circles since as a young Army lieutenant, he joined leftist strongman Hugo Chavez in an attempted coup in 1992. When Chavez was elected to the presidency in 1998, Cabello climbed rapidly. As interior minister since 2024, Cabello has been nicknamed Diostodo, God Almighty, because he commands the police, the dreaded internal security agency SEBIN, (for Servicio Bolivariano de Inteligencia Nacional) and the colectivos, civilian militias that prowl neighborhoods, enforce regime dictates and crush dissent. He was indicted in New York in 2020 and again this year for narcoterrorism conspiracy. He has a $25 million State Department bounty on his head, second only to the $50 million bounty offered for Maduro. Since his indictment, instead of going to ground as Escobar did, Cabello has made himself a constant media presence in Caracas, using Instagram accounts and his state-run TV show, “Bringing Down the Hammer,” to promote his brand of brutality.

Cabello has repeatedly denied involvement in the international drug trade. A former Venezuelan official who tells another story is disgraced former Venezuelan general Hugo Armando Carvajal Barrios, once head of his country’s military intelligence arm, who has been indicted at least four times in the U.S. for narcotics trafficking conspiracy, starting in 2011, Carvajal was extradited from Spain in 2023, pleaded guilty last June and is now incarcerated in the U.S. while awaiting sentencing. According to documents filed in federal court, after making a plea deal, Carvajal told federal prosecutors that he was in a pivotal high-level meeting in 2008 when Venezuelan leader Hugo Chavez personally ordered Cabello to lead a project working with Colombia’s leftist FARC guerillas to “flood” the U.S. with cocaine. At the time, the guerillas were manufacturing tons of cocaine in the Colombian jungle, near the border with Venezuela and wanted to partner with the Venezuelan military, which controlled the country’s air and seaports, to move the lucrative product to market in the States and Europe. After Chavez died of cancer in 2013 and Maduro succeeded him, Carvajal claimed, according to the documents, Cabello continued to oversee FARC cocaine shipments and to provide arms to FARC.

These charges have yet to be tested in U.S. courts. Everything Carvajal says will be challenged, because he has admitted his own corrupt involvement with the FARC’s cocaine-production arm, dating back to 1999 and the early days of Chavez’ rule. Still, as head of his country’s Directorate of Military Intelligence, DIM, from 2004 to 2014, he has been in a position to know a lot about Chavez, Maduro, Cabello and other senior figures in the leftist regime. Last December, Carvajal sent a letter from federal prison charging extensive Venezuelan government involvement, not only in narcotics trafficking and organized crime but also in intelligence operations against the U.S. According to the Miami Herald, he claimed that Russian and Cuban intelligence services were using Venezuela as a forward staging base to run joint operations against the U.S. and that Venezuelan and Cuban intelligence agencies had placed spies inside the U.S. “for decades.” Allegations that Russian and Cuban spies have infiltrated the U.S. are hardly new, and it’s far from clear whether Carvajal’s charges are specific and can be corroborated. Still, given his access to regime secrets, Carvajal’s account, coupled with those of other former Venezuelan officials who want to make deals with the U.S., underscores the risky nature of the Trump administration’s decision to leave Chavez-Maduro loyalists in power, even temporarily.

None of the regime holdovers are more hazardous to Trump’s plans than Cabello, who remains uniquely positioned to make or break Trump’s vision to restore Venezuela as a welcoming place for American business, especially Big Oil, as a Feb. 12 State Department policy statement, entitled “Actions to Implement President Trump’s Vision for Venezuelan Oil,” makes plain. It declares that as in the post-Maduro era, “U.S. firms will play a critical role in repairing and upgrading Venezuela’s oil and gas infrastructure for the benefit of the Venezuelan people…With renewed cooperation and sound economic stewardship, Venezuela can reemerge as a stable, prosperous partner whose citizens benefit from its vast natural wealth and strengthened ties with the United States.”

Cabello and the colectivos he controls could interfere with that vision. According to Reuters, before the Special Forces operation to seize Maduro, the Trump team delivered a blunt message to Cabello that if he ordered his goon squads to attack opposition activists or unleash chaos, he would suffer the same fate as Maduro and wind up in a grim cell in Brooklyn. Cabello wavered briefly, according to the Miami Herald, sending voicemail messages to military officers and regime loyalists that urged, ”Let’s go to the streets, as much as we can, in the states, mobilize our people.” Then he reversed course and fell in line with the U.S. demand, posting a torrent of social media messages showing happy citizens and proclaiming that his country was stable and safe. His Valentine’s Day post boasted, There isn’t a single place in the Americas that has better security numbers than Venezuela.” By numbers, he meant the street crime rate.

But street crime was never the issue for U.S. national security experts and federal investigators, who have been far more worried about less visible threats posed by transnational organized crime, foreign terrorism, espionage and, potentially, hybrid warfare, using Venezuela as a base from which to attack U.S. physical and cyber infrastructure and other interests vital to American and regional security.

“Venezuela has essentially been run as a narco-state, or as a vast organized crime network, for the past 20 years,” Sandalio Gonzalez, who initiated the DEA’s criminal case against Maduro and his top lieutenants, told The Cipher Brief. As a DEA agent in Caracas from 2006 to 2010 and later a senior agent in the elite DEA Special Operations Division, Gonzalez and his partners started out investigating the Chavez regime’s connections with Colombia’s FARC guerillas. They thought they were pursuing a straightforward drug corruption case, but, says Gonzalez, “During the course of the next several years, we became deeply concerned that an important country like Venezuela had become allied with our adversaries. Venezuela ought to be America’s partner and ally in stabilizing and unifying our hemisphere, not advancing the anti-American and anti-democratic interests of our adversaries.”

Others in the DEA were equally alarmed. “Venezuela is sitting on the biggest oil reserves in the world, but it had become a haven for countries and movements that were against U.S. interests, such as the Russians, Chinese, and Hezbollah,” Paul Craine, DEA’s regional director for Mexico and Central America from 2013 to 2017, told The Cipher Brief. “Different terrorist elements had safe haven in Venezuela. And obviously, the Maduro regime was in direct collusion with Russia and supporting Cuba. The Venezuelan secret police are very closely aligned with the Cuban secret police.”

Once the Trump White House and Pentagon started making plans to remove Maduro, Craine, like other experts on the Latin American criminal and terrorist underground became concerned that he would be replaced by other corrupt, duplicitous figures from the Venezuelan power elite.

“You can't leave these major criminals who have blood on their hands and who have been agents of suppression to continue to be there, or be part of the government,” Craine said.

Unraveling the Caracas-Havana connection will take a while. “I recognize that it won’t be easy,” Rubio told the Senate Foreign Relations Committee in January. “I mean, look, at the end of the day we are dealing with people over there that have spent most of their lives living in a gangster paradise, so it’s not going to be like from one day to the next we’re going to have this thing turn around overnight. But I think we’re making good and decent progress.”

For the U.S. national security community, the Caracas-Beijing connection is more subtle and even more important over the long run. On January 2, the day before Delta Force launched into Caracas to take custody of Maduro, a Chinese delegation led by Qiu Xiaoqi, the Chinese government’s special representative for Latin American affairs, was at the Miraflores Presidential Palace, meeting with Maduro. China was getting deeply discounted oil from Venezuela, was Venezuela’s second-largest trading partner after the U.S. and was selling Venezuela billions of dollars’ worth of military equipment, according to a January 2026 report by the U.S.-China Economic and Security Review Commission.

“China is a big loser in the Maduro rendition,” said Shedd, whose new book, The Great Heist, examines China’s theft of U.S. technology and intellectual property. “China has invested nearly $5 billion over the past two-plus decades in Venezuela, primarily focusing on energy projects which under Phase 2 of the transition in Venezuela will go to U.S. oil companies with first rights of refusal. How can China not lose?”

During the Chavez and Maduro regimes, Shedd said, “China has increasingly been involved in weapons sales, back-door-enabled Huawei and ZTE telecommunications networks, and dual-use tech related sales” to Venezuela. “In addition, the PRC has had an interest in – if not an actual hand in – enabling some intelligence/security capabilities in Venezuela that help Venezuela’s security apparatus, SEBIN, spy on and disrupt the political opposition. Anything that curtails Chinese influence, which is by its nature antithetical to U.S. interests, is a good outcome.”

Rubio has insisted it would be physically impossible for the U.S. military to remove all of the allies of China, Iran, Cuba and other malign influences in one or two raids. “Land within three minutes, kick down [Maduro’s] door, grab him, put him in handcuffs, read him his rights, put him in a helicopter and leave the country without losing any American or any American assets – that’s not an easy mission,” Rubio said on Face the Nation last January. “And you’re asking me why didn’t we do that in five other places at the same time? I mean, that’s absurd.”

Since that time, Washington has not demanded that Rodríguez hand over Cabello, Padrino López and other current and former senior officials indicted in the U.S. and instead has pressed Rodriguez for a more gradual transition, removing potential troublemakers from power one by one. According to the Miami Herald. Cabello has tried to stave off his own exit from power by leveraging his influence as a security insider and by asking for a guarantee that the popular opposition leader María Corina Machado won’t return to Venezuela. His eventual fate is a subject of intense speculation, but facts are scarce.

So far, the Trump administration appears to be running a charm offensive. Trump regularly praises Rodriguez and says he wants to visit Caracas at some future date. Meanwhile, the administration has dispatched a steady stream of senior American officials to get to know Rodriguez and other Venezuelan holdovers still in power, impress them with Washington’s seriousness of purpose and, as the fictional Michael Corleone counseled, keep them very close.

For instance, last month (Feb. 18) Marine Gen. Frank Donovan, a former special operations leader, now commander of the U.S. Southern Command, made a surprise visit to Caracas and met with Rodriguez, Cabello and Padrino Lopez, before he was removed. The agenda, according to Rodriguez’ X feed, was predictable, if ironic – drug trafficking, terrorism and migration, covering all the bad acts federal prosecutors and Trump have attributed to Maduro and his cronies.

In an interview with The Cipher Brief, Renee Novakoff, a former deputy director of intelligence for sensitive activities and programs at the Pentagon, described Donovan’s visit as “a historic event, even if it was a confusing one.”

“The U.S. military just forcefully removed the country's President and U.S. officials met with indicted criminals to discuss cooperation on the issues they are indicted for and for which their President is awaiting trial in the U.S.,” Novakoff said. “The U.S. continues to sink drug trafficking boats, killing those on board. The Venezuelans are saying that diplomacy is the right way forward but ....is this diplomacy or is it continued pressure on Venezuela? Usually, the first trip by the COCOM Commander is to a partner nation. The actions and the words are perplexing."

Yesterday (March 23), apparently undaunted by the deepening U.S. presence, Cabello led a protest march through the streets of Caracas, defiantly demanding an end to U.S. sanctions and restoration of some socialist policies. According to Spanish-language news reports, he promised, “We will return to the highest wage system in America. We will return to an education with everyone; we will give quality of life to Venezuelans."

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

While Washington Looks to Iran, Putin Gains Ground

OPINION - After the joint U.S. - Israeli strikes against Iran’s nuclear program last June and after the spectacular raid that resulted in the capture of Venezuelan dictator Nicolas Maduro, U.S. President Donald Trump must have begun to feel like the ruler of the world.

“For he was ruler of the world and he knew not what to do. But he would think of something.”

—Arthur C. Clarke, 2001: A Space Odyssey

He then thought of something to do: unite again with Israel and finish the job with Iran. This time, the end result is not yet clear and the result could end up looking a lot more like Iraq than Venezuela.

It’s not that the Iranian regime didn’t have it coming. The heinous regime led by Ayatollah Khamenei has been the sponsor of terrorism and regional instability in the Middle East for decades. The leadership of the Islamic Republic of Iran was unrepentantly hostile to the U.S. and Israel, the latter a target of Iran for extermination. It also had a program intent on developing a nuclear weapon, despite Iranian statements to the contrary.

It is also well and good that Maduro is in prison in the U.S. and Iran’s capability to build a nuclear weapon and engage in regional and global terrorism is being diminished and perhaps ultimately eliminated. But the opportunity cost of this is significant in that the operation against Iran has diverted resources that could have been available to support Ukraine, which is effectively, the front line of the defense of Europe and the main bulwark against the expansionist ambitions of the man at the center of a global effort against the U.S. and the West.

The reality is that the other presumed ruler of the world - at least in his own mind - Russian President Vladimir Putin - is seeing his world get smaller and smaller. The system of alliances he so carefully nurtured as he tried to re-claim for Russia a place at the rank of superpower, has shrunk materially. This alliance was given the ambitious label of the “Axis of Resistance.”

The authors of that label were apparently not too familiar with the fate of the last major “Axis,” Germany, Italy, and Japan. The fate of some members of the current axis has already been decided, with Syria’s Assad in exile in Moscow, Ayatollah Khamenei deceased, and the Islamic Republic under concentrated assault from the U.S. and Israel. Putin and Russia embarrassingly, remain on the sidelines.

In addition to the strategic setbacks Putin’s Ukraine invasion has caused the Russian Federation, (Sweden and Finland joining NATO and that organization having been given new purpose and vision) the invasion has cost Russia a staggering number of casualties estimated by some at approaching 1.5 million soldiers killed, wounded, captured or missing. An example of which is the reportedly 8,700 casualties last week alone as the price of capturing roughly 28 kilometers of Ukrainian territory.

These losses are the early cost of Russia’s Spring-Summer offensive which is expected to include mobilized troops as Putin is no longer able to buy enough volunteers to fill the depleted ranks of the Russian army.

For its part, Ukraine seems to be militarily holding its own, even recapturing some territory during counteroffensives in southern Ukraine as well as continuing to demonstrate the ability through missile or drone attacks to strike military and economic targets deep in the territory of the Russian Federation.

There is increasing evidence that things on the domestic front are becoming more difficult for the “moth” as Putin is quietly and derisively called in some circles in Russia. Russia has had to resort to conscription on a year round system and has significantly increased the penalties for draft evasion and although Russian law prevents the deployment of untrained conscripts to war zones, draftees are pressured to sign contracts for service in Ukraine.

Closer to Moscow, another Russian general, this time a commander of the Russian Air Force, Sergei Kobylash, died after falling out of a window in early 2026. His was the latest in a series of mysterious deaths of senior Russian military officers in recent years. Also to be noted, is the shooting in Moscow of the Deputy Head of Russian military intelligence (GRU) Lt. Gen. Vladimir Alekseyev in a residential building in Moscow.

Alekseyev was allegedly involved in the attack on Sergei Skripal in the UK and he was one of the officials who negotiated with Yevgeny Prigozhin after the latter’s Wagner Group mutiny. If you are a senior Russian military official, one would think you would be starting to wonder about the direction your President is taking your country or, more personally, if you will be the next to fall out of a window or be shot when leaving your apartment building.

If there is going to be regime change in Russia, it likely needs to come from these ranks.

Even some formerly ardent supporters of Putin and his invasion of Ukraine are starting to speak out against the regime. Ilya Remesto, a well known Russian blogger, propagandist, and lawyer who was in part responsible for the persecution and conviction of Alexei Navalny, suddenly published a Telegram post titled: “Five reasons why I stopped supporting Vladimir Putin.” He has since reportedly been hospitalized at a Psychiatric Hospital in St. Petersburg. One might hope he has a room on the ground floor.

The circle of advisors around Putin was also reduced with the resignation last September of Dmitri Kozak, the Deputy Chief of Staff of the Kremlin, due to his opposition to the war in Ukraine, and the very recent retirement for health reasons, of former Minister of Defense and long time Putin associate Sergey Ivanov.

Two other recent developments of note in assessing the state of play at the center of the Kremlin: Vladimir Putin’s public appearances have been dramatically reduced in recent weeks with several absences of longer than a week having been noted. There is speculation the absences are health related but there is also increasing speculation in Russia and abroad that Putin is concerned for his own security taking extra precautions. This could be similar to Putin’s seeming paranoia during the COVID crisis.

The second is the shutting down of the internet in Moscow and elsewhere in the Russian Federation for “security reasons.” This shutdown has had meaningful economic consequences in the Moscow region and has caused understandable social discontent. A reflection of that could be the appearance on Russian state television of satires about how life is better without the internet.

Here’s my issue with where we are today. As a former Intelligence Officer, I’m seeing signals that the President of the U.S. does not seem to recognize who the guiding forces are in the global effort to undermine the U.S. politically and economically. If he did, there would be much more pressure applied to the leaders of the Axis: Vladimir Putin and Chinese President Xi Jinping.

It is the former who has taken the lead in efforts to attack the U.S. and Europe, unleashing at various times, Russian intelligence operatives to conduct assassination and sabotage operations in Europe and elsewhere, as well as cyber probing and attacks on U.S. infrastructure and election integrity.

Putin is at the very center of the web. His economy was starting to seriously feel the effects of sanctions, low oil prices and more concerted efforts to crack down on sanctions evasion and Russia’s “shadow fleet” of tankers carrying oil in violation of U.S. sanctions.

The Iran conflict has led to concerns about oil supply and a rise in the price of crude oil. Unfortunately, instead of seeking to keep the pressure on Moscow, the President decided to lift some sanctions on Russian energy, resulting in a windfall of resources for the Russian dictator which will certainly be used to support his continued aggression in Ukraine.

Kyiv, on the other hand, having survived devastating attacks against its energy infrastructure during the coldest winter in eastern Europe in decades, has stepped up to provide expertise and anti drone technology to assist the efforts by the U.S. to restore shipping through the Strait of Hormuz.

This from a country that according to the U.S. President “had no cards.” Now Ukrainian anti-drone drones are the single most effective system in place to protect vital shipping lanes from Iranian drone attacks. At the same time, there are reports that Russia is providing intelligence to assist Iran in targeting U.S. forces in the region.

The U.S. president and his national security team need to focus more energy on the real enemy and architect of the effort to undermine the U.S. and the West, Vladimir Putin. A near term first step might be rejecting Putin’s ridiculous offer to stop aiding Iran if the U.S. ceases aid to Ukraine. The president should also immediately re-impose the sanctions that were recently relaxed on Russian energy. Perhaps next, the president should message Russian elites and the Russian people about regime change. Maybe he will have better luck than he has with the Iranians. It’s certainly worth a try.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

National Security Starts at Home — Not on the Battlefield

OPINION – The current conflict with Iran highlights a longstanding, core premise that national security comes from visible instruments of power - weapons. While hard power will always be critical to national security, national security is not created by accumulated hard power. It is created by enduring internal capacity that prevents the need to rely on hard power. This enduring internal capacity is the critical but overlooked and undervalued foundation of national security.

Traditional security models are not sufficient for the world we live in today. These models - hard power, Powell Doctrine, containment, deterrence - conflate a tool with an outcome, and they rely on assumptions that no longer hold or are increasingly strained: stable institutions, a cohesive society, reliable decision-making, and political continuity. National strategy is constantly changing, which shrinks planning horizons, compresses and degrades decision making, and increases the cost to prepare for and execute new priorities. Ultimately, this environment is a reactive system, and reactive systems narrow the set of good options.

Chronically reactive systems benefit adversaries who can exploit institutional fatigue, political volatility, divided populations, and cognitive overload. Adversaries do not need to out-invest or out-build us - they only need to exploit the cracks in the foundation.

I offer an updated definition and framework for national security. First, national security is a nation’s enduring capacity to protect and advance its interests, deter and mitigate threats, and sustain power and legitimacy over time. If national security is enduring capacity, strategic continuity is significant. Repeated strategic resets, electoral and leadership transitions, and compressed decision timelines destabilize institutional readiness, shorten planning cycles, and undermine the enduring capacity and stability that national security requires.

This framework focuses on the internal capacity variables that determine whether power can be generated, sustained, and effectively applied. That enduring capacity rests on four interdependent variables:

National Security is created and sustained through decision quality, institutional performance, societal resilience, and innovation and adoption capacity. If any one of these variables degrades, overall national security capacity declines - regardless of material advantage.

NS = DQ + IP + SR + IA

DQ (Decision Quality): The ability to make sound, timely choices under stress.

IP (Institutional Performance): The ability to execute strategy consistently and adapt over time.

SR (Societal Resilience): The level of trust, cohesion, and foundational stability that prevents internal fracture from becoming an external vulnerability.

IA (Innovation & Adoption Capacity): The ability to integrate emerging technologies into functioning systems at scale.

I also want to offer a note on resilience in anticipation of an argument that these variables fall under resilience rather than national security. The government defines resilience narrowly as the ability to absorb kinetic shock. Modern competition targets cognitive stability, institutional trust, and social cohesion long before kinetic thresholds are crossed. Thus, these are core elements of a proactive, preventive national security posture as well as requirements for withstanding gray zone and kinetic action.

Decision Quality

National security is high stakes, and personal psychology and leadership determine more than we acknowledge (even within the Intelligence Community, leadership analysts are viewed as a “nice to have.”) Modern geopolitical competition and gray zone conflict require leaders and institutions to make sound choices under stress and frequently without all the data. An individual leader’s psychology and temperament – a person’s root operating system that shapes the way they view the world and approaches decision making – often determine a decision before the following two critical factors for high decision quality: objective intelligence gathering and analysis and positive leadership dynamics (including access to advisors that are experienced, encouraged to debate, and present diverse recommendations). High decision quality comes from grounded leadership, objective intelligence, and trusted advisers. If these factors are not present, decision quality degrades as options and choices are made based on faulty or incomplete intelligence, personal desires, or group think, and capability does not translate into strategic success.

Institutional Performance

Government organizations must be capable, trusted, resourced, and agile as they plan and execute strategy over time. Strong institutional performance comes from workforce stability, strategic continuity, adequate resourcing, and technology adoption capacity. Organizational psychology and leadership dynamics can have significant influence on whether an institution can execute and meet expectations. Staff need to feel secure, supported, and respected in their roles and have trust in the leadership, mission, and vision. Strategic continuity supports short- and long-term planning and reduces costs associated with constantly changing mission priorities. Resources are a core requirement to ensure organizations can execute, and technology adoption can drastically optimize organizational performance.

Institutional performance also affects societal resilience. People need to believe government institutions are capable, responsive, and supportive of their needs. Without responsive organizations, societal trust and cohesion erode.

Societal Resilience

“United we stand. Divided we fall.” Social cohesion, trust, and stability prevent internal division and protect the population from becoming an external vulnerability. Likewise, having a population that is well-educated and healthy with opportunities for upward mobility generates individual strength and resilience, creating stronger immunity and resistance to adversary operations. These are not social add-ons; each is a structural input into resilience, legitimacy, and institutional effectiveness. Human flourishing is a competitive advantage: nations that invest in people generate the talent, trust, and institutional capacity that innovation and ultimately power depends on.

Societal resilience is crucial in an age of cognitive warfare: propaganda, deepfakes, mis- and disinformation, information operations, and sophisticated cyber capabilities. What is the ground truth? How do people verify what they are seeing, reading, and/or hearing are true? Adversaries can create powerful narratives that can influence and bias a population against supporting its government, divide it amongst itself, or convince a population to take/not take action that directly benefits the adversary.

Can we resist influence operations; Can we maintain social cohesion under narrative pressure; Can we sustain legitimacy during prolonged competition or conflict; Can we prevent internal fracture from being exploited externally? Ultimately, trust + cohesion + opportunity = resistance to manipulation.

Innovation & Adoption Capacity

If technology cannot be integrated effectively, innovation amplifies dysfunction rather than being an advantage. Innovation and adoption capacity are longstanding challenges within the government. More investment and innovation occur in the private sector now, and public-private partnerships are critical to translating emerging technology into tangible improvements in operations and mission outcomes. However, the core challenge remains the ability to integrate emerging technologies into existing systems at scale. The rapid development and deployment of AI across the public and private sectors right now is an excellent example of a game-changing technology struggling to be adopted and implemented effectively at scale.

Innovation and adoption capacity also support decision quality, societal resilience, and institutional performance by providing tools that enhance decision making, improve the effectiveness and efficiency of our institutions, and give us the tools to identify and counter adversary activities. Technology innovation and adoption are critical to provide the US with a strategic, asymmetric technical advantage should kinetic conflict occur.

What does this new definition and framework mean for hard power and deterrence? They remain necessary but are instruments rather than the source of national security or a strategy unto themselves. Deterrence is not strictly a function of visible military capability. Deterrence is also a function of credible execution, decision coherence, institutional reliability, political and social stability, technology integration, and escalation absorption. Enduring internal capacity determines whether hard power is credible and sustainable.

Adversaries will ask: Can they sustain; Can they respond coherently; Is their society stable; Will political volatility constrain action;Can they absorb escalation; For how long?

Security in the 21st century is not defined by what we can destroy. It is defined by what we can sustain. National security is not primarily created by accumulated military capability. It is created by durable internal capacity that prevents vulnerability from emerging in the first place. Hard power deters. Capacity endures.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Quiet Expansion of Trump’s War on Cartels

OPINION — “The [narco-trafficking] boat strikes [in the Caribbean and Eastern Pacific] aren't the answer. What we're moving for right now might be an extension of [Operation] Southern Spear, really a counter [narcotics] cartel campaign process that puts total systemic friction across this [drug] network.”

That was Marine Corps Gen. Francis Donovan, Commander of U.S. Southern Command (SOUTHCOM), testifying last Thursday before the Senate Armed Services Committee about the expanded Trump military campaign against Western Hemisphere drug cartels.

With most public attention focused on the Iran War, I decided to look at this hearing, which also received testimony from Air Force Gen. Gregory Guillot, Commander of U.S. Northern Command (NORTHCOM), who, as I will discuss below, made clear that talks are moving ahead with Greenland and Denmark and that there was little behind President Trump’s talk of invading that Arctic island.

Just months ago, the Trump administration’s repeated destruction of narco-trafficking boats and Presidential talk of taking Greenland were front page stories, causing Americans to wonder where the President was taking the country militarily, particularly after the initial one-day June 2025 bombing of Iran nuclear sites and the later January 2026 successful seizure of Venezuelan President Nicolas Maduro.

Trump’s military action appetite has clearly grown so I believe it worth using last week’s testimony to see where his earlier efforts have led.

Since September 2, 2025, when Trump first told reporters about the initial strike against a narco-trafficking boat and later published a dramatic video of the operation on Truth Social, there have been 45 more such attacks in the Caribbean and Eastern Pacific along with the killing of 159 individuals whom Trump or his officials have described as terrorists or narco-traffickers.

Last week, after Gen. Donovan told the Senators directly, “The boat strikes aren't the answer,” he later referred to creation of what has been called the Americas Counter Cartel Coalition or the Shield of the Americas.

Donovan described it as 17 Western Hemisphere countries along with the U.S. establishing on March 7. what he called “a coalition that will have a military aspect to it. When I say military, it's really partners that are willing to join with us to move forward against the cartels with different degrees based on what they can bring.”

In his prepared statement for the committee, Donovan described how the U.S. Embassy in Bogota, Colombia, has what is called an Embassy Intelligence Fusion Cell which, in partnership with Colombian officials, works to stop drugs “by committing airborne ISR [intelligence surveillance and reconnaissance] and fostering a holistic intelligence sharing effort. We [the U.S.] provide timely, critical information on cocaine labs, production and departure zones, and top FTO [foreign terrorist organization] leaders to enable Colombian security forces to take action.”

In answering a Senator’s question, Donovan said, “We just recently established an Ecuador fusion cell and with the Ecuadorian minister of defense, because they are leading the way.”

The SOUTHCOM Commander did not mention to the Senators that earlier this month he and Rear Admiral Mark A. Schafer, head of U.S. Special Operations-South, visited Quito and held talks with Ecuadorian President Daniel Noboa. The Ecuadorian president's office said in a statement that the three discussed plans for the sharing of information and operational coordination at airports and seaports.

Along with Ecuador, Donovan said, “The other nation that is really is stepping forward is Paraguay.” He said it recently signed a SOFA (status of forces) agreement with the United States which allows us to operate much more closely together with FMS (foreign military sales) of radars coming down it will increase the air domain awareness in Paraguay.

At one point Donovan said of the Americas Counter Cartel Coalition, “Putting that together, I believe actually kinetic [boat] strikes will be one of the many tools and probably not the most effective tool when we actually look at it as more of a campaign approach.”

One matter raised several times during the hearing focused on questions about the legality of the military killing of persons as alleged narco-traffickers without any trial or proof they in fact are traffickers.

Donovan more than once said he could talk about the intelligence involved in a closed session. But when asked about the targeting criteria to approve strikes in international waters Donovan replied they are using “near reasonable certainty, reasonable certainty, near certainty to make the final decision.”

Sen. Tammy Duckworth (D-Ill.), however, raised questions about terms used to by the Trump administration to describe those on the boats. She asked at one point, “What guidance have you received or issued for how to treat associates of a group differently from a confirmed direct member of a group?”

Her question implied that among those being killed are individuals “associated” with a drug cartel and she further pointed out “the administration in their legal justifications are calling these folks associates, but it's different from being a confirmed direct member of a group.”

In answering, Donovan further complicated the situation by saying, “We have a definition of affiliates tied to that classified definition. In a closed setting. I would like to share word-for-word what that definition is, Senator.”

Duckworth responded, “I'm concerned about the looseness of the term that SOUTHCOM has been using to publicly to report an individual we killed, specifically affiliate or associate. Those are the two words that were used, which implies an even weaker association with any concerning threat.”

Just before the session closed, Sen. Jack Reed (D-R.I.), ranking Democrat on the committee, raised questions about the “exords” related to the boat attacks, meaning the execute orders to initiate the military action.

Reed said, “There is a legal requirement for the [Defense] Department to provide those exords to the committee which you [Committee Chairman Sen. Roger Wicker (R-Miss.)] and I have requested multiple times…The [Defense] Secretary [Pete Hegseth] has not fulfilled this legal requirement and your testimony General Donovan further confirms in my mind that we need these documents to understand and oversee. That's our role -- oversee these operations.”

The takeover of Cuba has been on President Trump’s mind for some time. Most recently, during an Oval Office meeting March 17, he told reporters, “We'll be doing something with Cuba very soon." A day earlier, the President talked of "taking Cuba in some form," adding, “Whether I free it, take it, I think I could do anything I want with it."

Donovan, asked, “Are we currently conducting any military rehearsals that involve seizing, occupying, or otherwise asserting control over Cuba?” replied, “U.S. Southern Command is not,” and he added he knew of no other command that was.

To a subsequent question of seizing Cuba, Donovan said, “The number of forces required, we have general ideas, but the focus right now is purely on securing Guantanamo Bay and the U.S. embassy to protect American personnel. That is the only facts and figures and planning we have underway at this time.”

As for Greenland and Denmark, NORTHCOM’s Gen. Guillot said, they both had been “very cooperative… very eager to discuss ways to move forward to improve our defense capabilities.”

He said, “We are pursuing with Denmark expansion on the defense areas which are allowed under the 1951 agreement…We don't really need a new treaty. It's very comprehensive and it and it's frankly very favorable to our operations or potential operations in Greenland.

One area Guillot mentioned was expanding “the [Greenland] defense areas from Pituffik Space Force Base, where we are now, into these other areas, which would help our homeland defense mission.”

He added that the Pentagon “challenges in the Arctic start with…ports and the ability to navigate freely through the harsh conditions of the Arctic both in maritime, land and air. So I'm working with our department and others to try to develop more [sea]ports, more airfields which leads to more options for our [Defense Department] secretary and for the President should we need them up in the Arctic…that is from Alaska all the way across through Canada and into Greenland.”

Guillot said he specifically wanted “the resources and the force projection capability along that avenue of approach to North America [from Russia], which you know through the Arctic is the shortest route. So therefore, in many ways our most vulnerable route. We're very well established in Canada and Alaska and having more capability along what I call the 2:00 [o’clock] approach would be key.”

He also said, referring to Trump’s Golden Dome missile defense proposal, “the ability to launch fighters and tankers to get be the first line of defense against cruise missiles that could be launched from the Arctic [part of Greenland].” Also, Guillot mentioned, “Port presence for our our Navy, which also gives us [logistic support for] Golden Dome and [therefore] ballistic missile defense capability.”

Trump apparently was never serious about seizing Greenland; his war on Western Hemisphere drug cartels is a work in progress, as is Venezuela, although the capture of Maduro was a well-carried out special operation.

Common to the above Trump actions has been surprise, and lack of preparing the public or Congress for what was going to take place.

Attacking Iran was and has become a much bigger and more dangerous move, and as we have seen -- again undertaken without preparing the public or Congress and in this case paying attention to its worldwide economic and diplomatic longer-term implications.

Trump will pay a domestic political price for Iran, but so will the U.S. when it comes to continued world leadership.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

When Deepfakes Become Doctrine

OPINION — Since U.S. and Israeli strikes began against Iranian military and nuclear infrastructure in late February, two wars have been running simultaneously. One is kinetic. The other involves something the world has not fully reckoned with: the systematic use of artificial intelligence to manufacture reality, at scale, in real time, during active armed conflict.

Within days of the opening strikes, AI-generated video of missile impacts on the USS Abraham Lincoln was spreading across TikTok. Fabricated footage of downed U.S. fighter jets circulated on Facebook and Instagram. Tehran Times published what appeared to be satellite imagery of a U.S. radar base in Qatar showing structural damage from the strikes. BBC Verify confirmed the image was AI-generated, built from genuine satellite data of a different location and manipulated using Google AI tools. None of it was real. All of it spread.

The social media intelligence firm Cyabra documented more than 145 million views of Iranian-linked disinformation content in under two weeks. The New York Times identified over 110 unique deepfakes promoting pro-Iran narratives in the same window. These are not the crude influence operations of a decade ago. They are the product of an adversary that has been building this capability methodically and has now deployed it at wartime scale.

Understanding why this matters requires a short detour through what Iranian propaganda actually used to look like.

During the Iran-Iraq War, Tehran’s media strategy relied on radio broadcasts and print. Its efforts to persuade Iraqi Shia populations to shift allegiances were largely unsuccessful. Limited reach, poor targeting, no feedback loop. During the 1991 Gulf War, Iraq’s disinformation was described by scholars as extreme exaggerations easily ridiculed in the Western press. Baghdad claimed it had shot down dozens of allied aircraft. The press verified it had not. That was the cycle.

The digital era brought sock puppets and recycled footage. These operations required significant human labor and were detectable with basic verification tools. An account posting video from the 2015 Syrian conflict while presenting it as something current could be caught by reverse image search in minutes. The barrier to debunking was low.

December 2023 marked the first real break. Iran’s IRGC-linked group Cotton Sandstorm hijacked streaming services in the UAE, UK, and Canada and broadcast a deepfake newscast. An AI-generated anchor delivered Tehran’s narrative on the Gaza conflict to viewers who believed they were watching legitimate news. Microsoft, analyzing the operation afterward, called it the “first Iranian influence operation where AI played a key component” and a “fast and significant expansion” of Iranian capabilities.

June 2025 accelerated the model. The European Digital Media Observatory documented the 12-day Israel-Iran conflict as “The First AI War,” the first time in a major conflict that more misinformation was created through generative AI than through traditional methods. The three most-viewed fake videos collectively amassed over 100 million views.

March 2026 builds on that precedent, at significantly greater scale, with meaningful tactical innovations added.

The first is coordinated architecture. Cyabra’s forensic analysis found tens of thousands of inauthentic accounts distributing identical AI-generated assets simultaneously across every major platform, with synchronized posting windows and coordinated hashtag clusters pointing to centralized production. And it became clear that a notable percentage of accounts amplifying the campaign were inauthentic. The content was not organic. It was engineered.

The second is what journalist Craig Silverman has called “forensic cosplay”: the fabrication of technical-looking verification tools designed to discredit authentic evidence. In one documented case, fabricated heatmap visualizations were deployed to label photographs taken by credentialed photojournalists at a strike site in eastern Tehran as AI-generated. AI forensics experts who reviewed the heatmaps found them semantically incoherent. The thread nonetheless reached hundreds of thousands of views before corrections could follow. In a second case, a fake “Empirical Research and Forecasting Institute” published fabricated Error Level Analysis of a New York Times photograph, conducting the analysis on a screenshot of an Instagram post rather than the original image. That methodological error renders the output meaningless. The false conclusion still attracted over 600,000 views on X.

This is a different category of operation from making false things look real. It is making real things look false. The verification infrastructure itself becomes the target.

The third element is the amplification model. Iran does not operate alone. The Foundation for Defense of Democracies documented what it calls an “authoritarian media playbook” in which Russian bot networks launder Iranian content while Chinese state-aligned media echoes anti-U.S. narratives. No centralized coordination is required. Each actor pursues its own anti-Western objectives, and the compounding effect across the global information environment far exceeds what any single actor could achieve independently. In June 2025, Cyabra documented an Iranian bot network in the UK that had been spreading pro-Scottish independence and anti-Brexit content. It went completely silent for sixteen days following the military strikes on Iran, then returned with explicitly pro-Iran messaging. State-directed, clearly. Deniable, carefully.

What is most consequential here is not the volume of Iranian deepfakes. It is the underlying strategic logic of what they are designed to accomplish.

Traditional propaganda is built to persuade audiences toward specific false beliefs. Iranian AI operations in this conflict appear calibrated to achieve something more durable: the destruction of the shared evidentiary foundation that makes accountability possible at all. When any image can plausibly be AI-generated, when forensic tools can be fabricated, and when platforms cannot distinguish authentic from synthetic at scale, the machinery of verification collapses. You do not need to win arguments about what happened. You only need audiences to conclude that nothing can be known.

Law scholars Danielle Citron and Robert Chesney named this the “Liar’s Dividend” in 2018: as deepfake awareness grows, actors gain the ability to dismiss genuine evidence as fabricated. Empirical research published in the American Political Science Review in 2025 confirmed the hypothesis. False claims of misinformation do generate statistically significant increases in public support for political actors facing accountability. This was largely centered on text-based scandals at the time, and with the dramatic improvements in synthetic images and video since that time, one can speculate that a similar effect plays out today on our screens. Iran has operationalized this principle. By circulating enough obviously synthetic content to seed generalized skepticism, it creates cover for dismissing authentic documentation of what actually occurred.

That logic runs in two directions at the same time. Abroad, Iran deploys deepfakes to project military capability and deny accountability for strikes it conducts. At home, the same operation insulates the regime from documentation of its own conduct toward its citizens. Internet connectivity in Iran fell to approximately one percent of normal levels by early March, per NetBlocks. That near blackout creates an information vacuum. Deepfakes and fabricated forensic analysis fill that vacuum while simultaneously rendering authentic protest documentation dismissible as synthetic. The regime does not need to suppress every image from the January crackdown. It only needs to ensure that any image is plausibly deniable.

At the same time, detection has not kept pace. Danny Citrinowicz, a senior researcher at Tel Aviv University’s Institute for National Security Studies, stated this January: “There is no ability today to systematically identify AI-driven influence campaigns.” Meta’s Oversight Board formally ruled its deepfake detection “not robust or comprehensive enough” for the velocity of misinformation during armed conflicts. The EU AI Act’s labeling requirements for AI-generated content do not become enforceable until August 2026. This conflict began months before that.

The U.S. is in the middle of restructuring how it organizes the counter-influence mission. The debate over the appropriate scope of that work (including concerns about whether some previous approaches crossed into domestic speech territory) has been sincere, and it crosses political lines. And the debate is important, as we navigate delicate issues that will test the boundaries of free speech. But the timing is important as well. A new institutional architecture for this important mission is still being designed. And Iran’s campaign is not pausing while the debates continue.

Wherever U.S. policy lands on the question of combatting disinformation and deepfakes, three things will be true about this conflict when it is eventually analyzed in full.

The primary strategic objective of Iran’s information campaign is epistemic disruption, the deliberate degradation of the audience’s capacity to form reliable beliefs, not persuasion toward specific false conclusions. That is a materially different problem from countering traditional propaganda, and it requires different institutional responses.

The Russia-China-Iran amplification model is a template, not an anomaly. Future conflicts involving any permutation of those actors, or their proxies, will employ variants of this architecture. Convergent anti-Western interests are sufficient to drive convergent behavior. Coordination is optional.

Detection tools are now themselves a weapons category. The fabrication of forensic verification tools to discredit authentic evidence represents a qualitative escalation. Provenance infrastructure, not detection algorithms alone, will be required to address it.

The gap between adversary capability and institutional response is real and measurable. Deepfake incidents through Q1 2025 had already exceeded all of 2024’s total. Bot traffic surpassed human web activity at 51 percent. The information environment is, in a measurable sense, majority-synthetic. Building the cognitive security architecture to operate in that environment is not a platform moderation problem. It is a national security imperative, and it deserves to be treated as one.

Views expressed here are the author’s alone and do not represent the positions or policies of the U.S. Government or the Central Intelligence Agency.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

NATO’s Fractures Are Not Its End

OPINION — For much of its history, the North Atlantic Treaty Organization (NATO) has been portrayed as a unified military bloc bound by common values and collective defense. In reality, NATO has always been closer to a pragmatic partnership, an alliance shaped as much by disagreement and national interests as by solidarity. While current headlines suggest an alliance on the brink, NATO’s history reveals that institutional friction is not a sign of failure, but the very mechanism of its adaptation.

Arguments over defense spending, doubts about American commitment, and diverging political priorities across the Atlantic are causing some leaders to question whether NATO is nearing its end. History suggests otherwise. NATO has repeatedly endured crises that appeared existential at the time, only to adapt and continue. Recent tensions are more likely an indicator that the alliance is continuing to evolve, moving away from a post-Cold War era of European reliance on American protection toward a more balanced, albeit tense, partnership necessitated by a volatile international environment.

The lesson is simple: NATO still has a role to play, but sustaining it will require renewed commitment and investment on both sides of the Atlantic. NATO’s endurance rests less on shared sentiment and more on the reality that, in an increasingly dangerous world, the cost of fragmentation far outweighs the burden of disagreement.

Europe’s Strategic Complacency

While NATO has historically utilized institutional friction as a mechanism for adaptation, the current era of Strategic Complacency presents a unique challenge to this pattern of survival. For decades following the Cold War, European allies operated under a security guarantor model, drastically shrinking defense budgets under the assumption of indefinite American protection. This was clearly illustrated by Sweden’s transition from a global air power to a scaled-down posture.

This reliance has not only diminished American patience but has resulted in a fragmented industrial base ill-equipped for the high-intensity conflicts exposed by the war in Ukraine. The pragmatic partnership described at the alliance's outset is now being tested by a critical gap: while the diplomatic victory of a 5% GDP spending target has been established, the actual pace of military modernization and investment continues to lag behind a rapidly deteriorating threat environment.

Washington has increasingly grown less interested in the alliance. Efforts to reshape defense commitments have been impacted by disputes with countries such as Poland (over the Nobel Prize), Denmark (over Greenland), and most recently President Trump’s comments on the lack of NATO support for Iran.

These tensions are not new. NATO defense spending has declined since the 1960s, throughout the Cold War. After the Soviet Union collapsed, many European states dramatically reduced their military capabilities. Even traditionally neutral countries followed this trend. Sweden, for example, once maintained the world 4th largest Air Force but gradually scaled down its defense posture.

The United States also adjusted its military spending over time affected by conflicts such as the Vietnam War and the Global War on Terror, but defense spending cuts stabilized around 3-4 percent of GDP. American pressure led allies to commit to an increase of each country's defense spending to 5%, but this victory was hard won.

An illprepared alliance

Security officials in several European countries, including Estonia and Sweden, warn that the threat environment is changing rapidly and that a confrontation with Russia could occur within the coming years. Such warnings have not yet translated into rapid military investment. Defense spending remains politically sensitive in many democracies, and elections could reverse recent commitments.

Perhaps more concerning than defense budgets is the slow pace of military adaptation. Recent conflicts have reshaped modern warfare through the widespread use of drones, autonomous systems, long-range missiles, and electronic warfare. Recent exercises between Ukraine and NATO forces shows that NATO is not learning and modernizing fast enough. Sweeping doctrinal reforms or procurement changes are needed, with less focus on traditional concepts or local manufacturing. While spending is the cornerstone of modernization, a mindset shift is arguably more critical.

NATO Has Faced Worse

If today’s disagreements appear alarming, they are far from unprecedented. NATO’s history is filled with crises that once seemed capable of breaking the alliance.

In 1952, NATO expanded to include two long-standing rivals: Türkiye and Greece. Their membership strengthened the alliance’s southern flank but did not resolve their tensions. Those tensions erupted during the Cyprus crisis of 1974, when a coup attempted to unite Cyprus with Greece. Türkiye responded with a military intervention. The crisis prompted Greece to withdraw from NATO’s integrated military command structure, though it remained politically within the alliance until returning in 1980.

Another major shock came during the 1956 Suez Crisis, when Britain and France launched a military operation against Egypt after the nationalization of the Suez Canal. The United States opposed the invasion and used economic and diplomatic pressure to force its allies to withdraw, exposing deep divisions within the alliance.

France further complicated NATO politics in 1966 when President Charles de Gaulle withdrew the country from NATO’s integrated military command, insisting on sovereignty over French forces. France did not fully reintegrate until 2009.

Later disputes emerged during the Vietnam War, which many European governments believed diverted American attention from Europe’s security. Another rupture came in 2003 when the U.S.-led invasion of Iraq divided the alliance politically, with Germany and France strongly opposing the operation.

Under the new administration the Greenland Crisis was the first time NATO saw a United States president threaten a NATO ally over land, and more diplomatic work is needed to regain trust. The war with Iran has shown a mixed reaction by NATO allies, ranging from tardiness, refusing US access to airforce bases, but also cautious support.

Signs of Renewal

Despite disagreements, there are reasons for cautious optimism.

The war in Ukraine has served as a wake-up call causing European governments to recognize that the strategic environment has changed. Europe relies heavily on American technology and industrial capacity, but defense spending across the continent is rising and several countries are rebuilding capabilities and innovation hubs.

To be clear, the NATO alliance is symbiotic: a strong, capable NATO benefits America as much as Europe. The NATO Secretary General provided a pragmatic assessment of this interdependence during his remarks at the World Economic Forum in Davos.

One possible indicator is the fact that NATO is expanding. Finland joined the alliance in 2023 after decades of neutrality, dramatically extending NATO’s border with Russia. Sweden’s problematic relationship with NATO did not prevent it from joining in 2024 after a lengthy political process, strengthening NATO’s northern flank.

Parallel Alliances

Europe is also exploring additional security arrangements alongside NATO.

The European Union’s President von der Leyen held a speech that described a more formal defense role for the Union, including deeper military coordination among member states. Regional partnerships are emerging. The Joint Expeditionary Force, including the United Kingdom, Netherlands and Nordic and Baltic countries, is designed to deploy forces rapidly during crises. Another potential is a Nordic Plus alliance, built around protection of Finland's eastern border.

Other alliances are created in the European hemisphere. Since 2010 Israel, Cyprus and Greece have entered an alliance that was reaffirmed in 2025, focused on joint Mediterranean security.

There are also discussions about expanding nuclear deterrence arrangements within Europe. Germany and France are exploring deeper cooperation, while Poland has expressed interest in hosting U.S. nuclear weapons as part of NATO’s deterrence framework.

The most capable potential partner is Ukraine. Years of intense warfare have produced the most experienced European Army, particularly in areas such as drone warfare and air defense, capable of supporting current US operations in the Middle East and potentially in the Pacific. In fact, Ukraine’s offer of air defense support has inspired foreign policy experts, namely Admiral (Retired) Mark Montgomery, to refer to them as a “Model Ally.”

A Durable Alliance

NATO’s history proves it is a 'pragmatic partnership' born of necessity, not a social club built on shared sentiment. Its future will not be defined by the absence of disagreement, but by the ability of its members to trade 'strategic complacency' for a balanced, symbiotic burden-sharing. If Europe can transition from a protected ward to a modernized, innovative partner—exemplified by the battle-hardened experience of new and potential allies like Sweden and Ukraine—the alliance will do what it has always done: outlast the crises that were meant to break it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Zelensky Plays His Hand

As Iran’s explosive-laden drones wreak havoc in the Persian Gulf and beyond, a wartime leader in another part of the world says he can help.

“What is happening around Iran today is not a faraway war for us because of the cooperation between Russia and Iran,” Ukrainian President Volodymyr Zelensky said in London last week. “And we do not believe we have the right to be indifferent.”

Zelensky has offered counter-drone weapons and technical knowledge to the U.S. and its allies in the Middle East and he has already dispatched more than 200 Ukrainian military experts to the region to help defend against Iran’s drone attacks.

“We are working with several other countries - agreements are already in place,” Zelensky said, noting that Ukraine’s counter-drone weapons were “far more cost effective” than the interceptors that Gulf states are using. “We do not want this terror of the Iranian regime against its neighbors to succeed.”

It’s a notable offer from a leader still fighting a war of his own. It’s also a logical and strategic play: Zelensky is seeking to leverage Ukraine’s hard-won expertise and defense capabilities to curry favor and get more support in return.

“The Ukrainians are offering to be part of the solution here,” Lt. Gen. Ben Hodges (Ret.), a former commander of U.S. Army Europe, told The Cipher Brief. “And it shows that the Russian narrative – that Russian victory is inevitable – is clearly not the case. If Ukraine is willing and able to export expertise and capability to help the Gulf states, that undermines the narrative that somehow the Ukrainians are on the verge of collapse.”

As the Iranian strikes continue – its drones hit critical oil infrastructure in three Gulf countries last week – some of the world’s richest nations are taking Ukraine up on its offer. It’s a turning of the tables that illustrates Ukraine’s evolution from battered nation to a defense technology juggernaut.

“It's a very generous offer from Ukraine to offer aid while they themselves remain under daily attack,” Kori Schake, Director of Foreign and Defense Policy at the American Enterprise Institute, told The Cipher Brief. “It's also a demonstration that Ukraine wants to contribute to the security of partner states and not just receive help.”

Iran’s drone war

While the U.S. and Israel say they have decimated Iran’s ballistic missile capability, Iranian drones continue to threaten U.S. military installations, Gulf oil facilities and critical shipping lanes.

Iran has launched more than 3,000 drones since the war began. Its Shahed drones were used in attacks on the U.S. embassies in Iraq and Saudi Arabia, and in a strike that killed six U.S. service members in Kuwait. Last week, Iranian drones damaged oil infrastructure in Qatar, Kuwait, Saudi Arabia and the United Arab Emirates, and struck two vessels in the Persian Gulf.

“They’ve hit oil and gas infrastructure, they’ve hit hotels, they’ve hit embassies, they went after a data center,” Stacie Pettyjohn, Director of the Defense Program at the Center for a New American Security, told The Cipher Brief. “They’re attacking the premise of these states’ economies, which are built on trying to attract investment and infrastructure to the region.”

Experts are divided as to how long Iran can sustain its drone operations. Prewar estimates of Iran’s drone arsenal ranged from several thousand to as many as 80,000. Gen. Dan Caine, chairman of the Joint Chiefs of Staff, told reporters on March 10 that Iranian launches of “one-way attack drones have decreased 83 percent since the beginning of the operation,” but analysts say that doesn’t mean the arsenal itself has been heavily degraded.

“Treating that change in behavior as evidence that Iran’s drone capacity has been destroyed risks creating a misleading picture of how much of the threat has actually been eliminated,” Kelly Grieco, a senior fellow with the Reimagining U.S. Grand Strategy Program at the Stimson Center recently wrote. She said the drop in cadence might reflect a “tactical recalibration,” during which Iran is stockpiling and strategizing for future attacks.

“Moscow is reportedly sharing with Tehran drone tactics developed in Ukraine, including coordinated routing strategies designed to evade air defenses, as well as overhead satellite imagery to improve targeting,” Grieco said. “Tehran could be using this time to learn, adapt, and refine its strategy and tactics.”

Whatever the case, it’s clear that Iran can cause havoc for the region and the global economy with even a low rate of drone strikes. And the economic advantages of Iran’s drone warfare are clear; a single Shahed-136 costs between $20,000 and $50,000, and while the U.S. and its allies in the region possess some of the world’s most sophisticated air defense technologies – in particular the THAAD and Patriot systems – those are expensive interceptors designed to take out ballistic missiles. A single Patriot PAC-3 MSE, which Persian Gulf states have used against Iran’s Shaheds, costs approximately $3.8 million.

“You absolutely do not want to be using a Patriot interceptor against a Shahed drone,” Lt. Gen. Hodges said. “The Patriot cannot be the only means of defending…You save your Patriot for a ballistic missile.”

Ukraine’s “Shahed-killer”

Since the early days of its full-scale war against Ukraine, Russia has used Iranian Shahed drones to devastating effect, and manufactured its own version of the Shahed with Iranian help. Russia often launches hundreds of these drones at Ukrainian territory in a single day.

The necessity to survive has sparked Ukraine’s rapid pace of military innovation – including the development of an unparalleled ability to counter Shahed drones. Ukraine now produces a range of systems that have knocked Shaheds out of the sky at a high rate, and are much cheaper than other missile interceptors; many of the Ukrainian models cost between $1,000 and $2,000 apiece.

“Innovation happens when militaries have urgent problems to solve,” the AEI’s Schake said. “Ukraine is fighting for its life, and they've done a brilliant job of developing a domestic defense industry when we failed to give them weapons of the abilities and numbers they need. We're lagging behind because we haven't directed our defense industry with urgency.”

There are more than a dozen Ukrainian counter-drone systems, including the Merops, a high-end model funded in part by former Google CEO Eric Schmidt that includes AI-driven autonomy and comes at a higher price than the others – $15,000, still vastly cheaper than a Patriot missile.

“They’re just different ways of shooting drones out of the sky that are cheaper than the really expensive missiles,” Pettyjohn said of the Ukraine-made interceptors. “And they all afford you protection.”

Perhaps the best-known of these systems is the “Sting” interceptor drone, developed by the Ukrainian manufacturer Wild Hornets. The Sting is a high-speed FPV interceptor drone designed specifically to hunt and destroy the Shaheds in flight, and it has earned a reputation embedded in its nickname: “Shahed-killer.”

“They're working incredibly well in Ukraine, where the adaptation cycle is measured in weeks, which speaks to their great value,” Schake said. “As high-end U.S. air defenses begin to get scarce, they'll be incredibly valuable.”

Ukraine plays its card

As President Zelensky understands more than most, this isn’t just about Ukraine showing off its successful innovation; the Iran war has handed his country a strategic opportunity – a chance to showcase and leverage a suddenly in-demand technology in its relations with the U.S. countries in the Middle East.

One week into the war, Reuters reported that the U.S. and Qatar were in early-stage talks to acquire Ukrainian interceptor drones as a cheap alternative to its Patriot missiles. Another Ukrainian delegation traveled to Abu Dhabi, and Zelensky confirmed that the U.S. had asked Kyiv for "specific support" to defend against Shahed strikes against American targets in the Middle East.

“I have instructed that the necessary resources be provided and that Ukrainian specialists be present to ensure the necessary security," Zelensky said of the Qatar arrangement. He also proposed swapping Ukrainian interceptor drones for U.S. Patriots — which Kyiv has been running critically short of for months.

The U.S. interest in Ukraine’s interceptors predates the war with Iran. In late February, Pentagon officials visited Kyiv to study Ukraine’s counter-drone operations. Brig. Gen. Matt Ross, director of Joint Interagency Task Force 401, said the aim was to learn from Ukraine’s experience in beating back the Shaheds. “I did it to understand the TTPs — the tactics, techniques and procedures that they’re employing very effectively,” Ross said.

Meanwhile, Axios reported that Zelensky had offered its drone interceptors to President Trump last August – in a White House presentation that included a map of the Middle East and a suggestion that Ukraine and the U.S. collaborate to create "drone combat hubs" in Turkey, Jordan and the Persian Gulf states. The Trump administration reportedly dismissed the offer.

"Somebody decided not to buy it," an unnamed U.S. official told Axios. "If there's a tactical error or a mistake we made leading up to this [war in Iran], this was it" the official said.

A White House spokesperson dismissed that criticism, referring to the unnamed sources as “outside looking in”, adding that "Iranian retaliatory attacks are down by 90% because their ballistic missile capabilities are being totally demolished."

A strategic win for Kyiv?

Now, as Ukrainian technology and experts arrive in the Middle East, Zelensky is trying to take maximal advantage of the moment.

Beyond pitching the value of the Sting and other Ukraine-made interceptors, he has highlighted Russia’s aid to Iran – calling the two countries “brothers in hatred” – and warned that as the war in the Middle East strains U.S. missile supplies, that may create problems for Ukraine’s defense against Russia.

For all these reasons, Zelensky has asked for financial compensation and technological help from the U.S. and others in exchange for sharing Ukraine’s expertise.

“The Trump administration has been very transactional on how it approaches a lot of different countries,” Pettyjohn said. “For Ukraine, having something that the U.S. wants instead of just being a recipient and always asking for support, is an important step, and a way to show that there’s value that can flow back…They can use [the drone interceptors] as a bargaining chip to fill in some other types of support that are more critical.”

One year ago, Zelensky endured an Oval Office lecture from President Trump, including the now-infamous admonition: “You don’t have the cards.”

Last week in Kyiv, as Zelensky was pitching his drone defense technology, a journalist asked him, “Do you think Ukraine has the cards now?”

“Now everyone understands, we have them,” Zelensky replied. “It’s a good feeling. This is thanks to our soldiers, our talented people, and the many industries that we have developed since the start of the war. We have reached a high level now.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Iran’s Long Record of Terror and a Long-Delayed Response

OPINION – Over the years, Iran has been responsible for killing hundreds of Americans and, most recently, for the killing of thousands of Iranians. After years of futile negotiations, the U.S. – and Israel -- attacked Iran on February 28, 2026.

U. S. courts and the Intelligence Community had assessed that Iran trained, supported and approved terrorist attacks that killed hundreds of Americans and foreign nationals.

In April 1983, a suicide truck bomb destroyed the U.S. Embassy in Beirut, killing 63 people, including 17 Americans. In October 1983, two suicide truck bombs struck the U.S. Marine barracks in Beirut, killing 241 Americans and 58 French paratroopers. This is one of the deadliest terrorist attacks against U.S. forces. U.S. investigations concluded that Hezbollah, backed by Iran, were responsible.

In January 1984, the U.S. Department of State designated Iran as a state sponsor of terrorism, resulting in sanctions and a ban on defense exports and sales.

In June 1996, a massive truck bomb hit U.S. Air Force housing in Dhahran, Saudi Arabia, killing 19 U.S. service members, with hundreds injured. The U.S. said Iranian officials inspired, supported, and supervised the attackers, with a U.S. federal court ruling in 2006 that Iran financed and directed the attack and owed damages to the victims. Evidence cited the Islamic Revolutionary Guard Corps (IRGC) as the organization that trained, funded, and provided explosive training to the perpetrators.

These are a few of the more prominent cases of terrorism perpetrated against the U.S. by the government of Iran. Indeed, war as a tragic necessity could have been declared after any of these bombings, to check Iran’s savagery and suffering of the innocent.

The government of Iran brutally killed Iranian protesters in 2009, 2022 and 2026.

The 2009 Iranian election protests (the Green Movement) range from dozens to over 100 killed, with many more missing or arrested. The security forces and the Basij paramilitaries brutally cracked down on demonstrations following the re-election of Mahmoud Ahmadinejad, despite widespread support to opposition leader Mir Hossein Mousavi.

And in September 2022, Jina Mahsa Amini, a 22-year-old Kurdish-Iranian died in police custody, after being arrested for improperly wearing her head scarf. Eyewitnesses reported that she was severely beaten and died due to police brutality. This sparked mass protests, resulting in the killing of at least 476 Iranians, according to Iran Human Rights.

Amini’s death gave rise to the global “Women Life Freedom” movement in Iran.

And in February 2026, over 30,000 Iranians reportedly were killed protesting for an end to clerical rule in Iran, driven by a severe economic collapse – inflation and currency devaluation -- and widespread state repression. The IRGC and Basij reportedly took the lead in brutally responding to these demonstrations.

Since 1979, this is the Iran we have been dealing with. A state sponsor of terrorism that has killed hundreds of Americans – and others – and thousands of Iranians. An Iran that had an active nuclear weapons program until 2003, and since then has been enriching uranium at 20% or 60% purity, weeks away from the 90% purity needed for nuclear weapons. The June 2026 bombing of their nuclear sites at Natanz, Fordow and Isfahan had set their nuclear program back a few years. However, these and other nuclear sites were being reconstituted prior to the current U.S. and Israeli bombing of Iran.

And Iran’s short-range and medium-range ballistic missile programs were concerning, given their impressive capabilities – solid fuel propulsion, enhanced guidance and counter defenses with hypersonic capabilities. Progress on a long-range ballistic missile, capable of targeting Europe and the U.S. was a likely goal of Iran’s leadership.

Hopefully, the new leadership in Iran will eschew terrorism and cease supporting Lebanese Hezbollah, Yemen’s Houthi movement, Hamas and various Iraqi/Syrian militias. This would result in the lifting of international sanctions and the removal of Iran’s pariah status in the international community. The millions of dollars Iran has spent on its nuclear and missile programs should go to repairing its battered economy and providing a better life to the people of Iran.

Pope Leo XIV had expressed “deep concern” regarding the war with Iran and urged an end to the “spiral of violence”, advocating for “diplomacy to regain is role to prevent wider tragedy.” Indeed, this is a time for Pope Leo XIV to help negotiate an end to the war in Iran and help to convince the new leadership in Iran that they must protect and care for its people. Supporting international terrorism and building weapons of mass destruction are threats to regional and international stability.

The author is a former associate director of national intelligence. All statements of fact, opinion or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication of information or endorsement of the author’s views.

This article was originally published by The Washington Times and is republished here with permission.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

America’s Drone Future

OPINION — America is entering a future with millions of drones in our airspace. As the federal government works to determine how to manage what will become the most crowded skies in human history, we believe state and local governments will face significant challenges in addressing this issue, regardless of what federal authorities ultimately establish. As with most public safety incidents, the first response to drone-related events—crashes, unsafe or suspicious flights, interference with emergency operations, or calls from concerned citizens—will fall to state and local first responders.

We are both investors who have managed portfolios of UAS (Unmanned Aircraft Systems) and C-UAS (Counter-Unmanned Aircraft Systems) companies. What’s top of mind for us as we consider the challenges and opportunities this new market presents? Here are five quick thoughts from conversations we had over coffee this past weekend.

1. The Growing Gap Between Drone Proliferation and Local Airspace Awareness

The FAA estimates nearly 2 million drones could be operating in U.S. airspace within the next few years—yet the United States has no broadly available, affordable solution for comprehensive low-altitude airspace monitoring accessible to state and local governments.

Federal efforts to address this are underway. The FAA’s proposed Part 108 regulations, expected to be finalized this year, attempt to address this gap through Unmanned Traffic Management (UTM) systems and Automatic Dependent Surveillance Broadcasts (ADS-B). But existing detection capabilities remain fragmented: there is no widely adopted, comprehensive, real-time network capable of tracking drones over most of the country. Unlike traditional air traffic control, smaller low-altitude drone operations lack the management infrastructure required for safe, high-density operations. And critically, it is also worth noting that while federal regulatory frameworks may succeed in shaping the behavior of cooperative, law-abiding operators, bad actors are under no obligation to comply.

The gap is felt most acutely at the local level. For a small-town police department, limited authority, limited airspace awareness, and limited counter-drone capabilities often mean that the most law enforcement can do when a drone is operating where it shouldn't is attempt to locate the pilot and ask them to land.

The technology to do more does exist—RF sensors, acoustic systems, radar, and EO/IR cameras are all available—but deploying them at scale demands personnel, training, maintenance, and infrastructure integration. Even so-called "affordable" systems carry substantial operational burdens. For many local governments facing constrained budgets and competing priorities, procuring and sustaining such systems is simply out of reach.

We believe there is a clear and largely unmet need for affordable, scalable airspace awareness and management platforms that can be deployed for safety, security, operational visibility, and situational awareness.

2. Legal and Resource Barriers Facing Local Drone Enforcement

Local governments face significant limitations in enforcing drone regulations—and the scale of the problem is likely underestimated. For instance, hundreds of drone incursions over correctional facilities are publicly reported each year, yet most go uncontested, suggesting the true volume may be orders of magnitude higher when accounting for incidents that go unnoticed or unreported.

Most agencies simply lack the funding, trained personnel, and technical infrastructure needed to respond meaningfully to drone threats at high-risk sites. A patchwork of state-level regulations further complicates enforcement. Several states require search warrants for drone surveillance, while other aspects of drone law vary widely across jurisdictions. Costs compound these challenges—detection systems range from roughly $10,000 for basic equipment to several million dollars for advanced tracking and jamming capabilities, a spectrum that puts even entry-level solutions out of reach for many municipalities.

These converging legal, operational, and financial constraints point to a clear and underserved market across several opportunity areas we see as compelling: Counter-UAS as a Service, training and certification programs, contracted subject matter experts, automated CUAS monitoring platforms, and more. Each model offers a distinct way to address the capability gaps facing local agencies.

3. The Growing Divide Between Federal Authority and Local Capability

While state and local authorities remain resource-limited, the federal government is moving quickly to expand counter-drone authorities—highlighting what we see as a growing imbalance.

Earlier this year, the U.S. Department of War announced updated homeland counter-UAS guidance through its Joint Inter-Agency Task Force 401 (JIATF-401). The guidance expands installation commanders’ authority under 10 U.S. Code §130i, removes prior “fence-line” limitations, and treats unauthorized drone surveillance as a threat before an aircraft crosses a perimeter. Commanders are now empowered to act based on the totality of circumstances, share sensor and tracking data across DHS and DOJ, and employ trained contractor personnel to operate counter-UAS systems.

This shift reflects an important reality: the federal government is acknowledging that low-cost, weaponizable drones are already being used and that waiting for a physical breach is no longer acceptable. At the same time, this expanded authority introduces an additional concern—counter-drone operations may now occur over populated areas.

But this progress also underscores the widening gap between federal and local capabilities. While military installations gain expanded authorities, local authorities remain restricted in their ability to intercept or mitigate drones.

4. The 250-Gram Decision Hiding Millions of Drones from FAA Oversight

In an attempt to manage and regulate the rise of drones, the FAA requires all commercial drones and any recreational drones over 250 grams to be registered with them for the purposes of accountability, operator identification, and to support regulatory compliance and law enforcement. Drones at or above this threshold must also be marked with a unique identifier and—under the FAA’s Remote ID rule—broadcast their location and identity in real time during flight. Sub-250g drones escape all of these requirements entirely, meaning there is no reliable way to know how many small drones exist or operate in the U.S. today.

This exemption has created a significant blind spot. Manufacturers intentionally design capable, camera-equipped drones to weigh just under the 250-gram threshold—and it’s not difficult to imagine the many ways a bad actor could exploit these unregistered small drones, whether deployed individually or as part of a larger fleet.

The scale of the problem should not be underestimated. The gap between registered drones and actual ownership suggests the unregistered population may be three to five times larger than the registered fleet—meaning a significant number of sub-250g drones are operating in U.S. airspace today, effectively invisible to FAA tracking systems and other oversight mechanisms. We see this as one of the most urgent vulnerabilities in the current regulatory framework.

What’s needed is not necessarily more regulation, but smarter solutions: new technologies and platforms for localized airspace management, as well as privacy protection coupled with safety monitoring for these smaller, unregistered aircraft.

5. Geography Is Driving A Drone Divide

When a farmer in rural Missouri launches an industrial drone to survey 3,000 acres of corn while a Brooklyn resident calls 911 to report a suspicious aircraft hovering near their apartment, we are witnessing two fundamentally different relationships with the same technology.

In rural America, agricultural drone registrations are rising. Farmers report productivity gains, local entrepreneurs are launching spraying businesses, and even first responders are using drones to cover terrain that would be impossible to patrol on foot. In these communities, drones are seen as practical tools that make difficult work safer and more efficient. Researchers have found that agricultural drone adoption has spread faster than nearly any farming technology in history.

Urban America, by contrast, is pushing back. Incidents like the New Jersey drone sightings, which triggered thousands of calls and temporary airspace restrictions, highlight deep concerns about privacy and surveillance. Many major cities now require permits for drone flights in public spaces, reflecting heightened sensitivity to their presence.

Rural and urban America are distinct markets with different risks and opportunities.

The challenges we face today are not just a drone problem—they represent the defining infrastructure challenge for the future of urban aviation. The coming wave of Urban Air Mobility vehicles and other advanced aircraft, for instance, will depend on the same robust low-altitude airspace awareness infrastructure. As millions of drones enter American airspace, success will require aligning federal authority, local capability, public trust, and the technical systems needed to keep our skies safe and secure.

Note: The authors of this article are affiliated with Brave Capital and MVA (MilVet Angels). They have invested in national security companies like Anduril Industries, Shield AI, Aetherflux, Erebor, Castelion, Hermeus, Ursa Major, and others.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Next Battlefield Is Perception, Not Territory

OPINION – The Gray Zone is no longer a peripheral space between war and peace. It has become the primary arena in which strategic advantage is tested and miscalculation is manufactured.

For decades, competition below the threshold of armed conflict relied on political signaling, economic leverage, proxy actors, and selective information operations. Artificial intelligence is accelerating this model. It compresses the distance between signal and reaction. It amplifies narratives at machine speed. It introduces synthetic inputs into analytical systems that were designed for slower environments.

The consequence is not simply faster influence operations. It is a structural shift in how states perceive and respond to one another.

At moments of rising geopolitical tension, the speed at which narratives form and harden can shape escalation as decisively as military posture.

The next phase of competition is unfolding not on contested territory, but in the contested space between perception and decision.

Compression and Amplification

AI does not create rivalry. It intensifies it.

Machine learning systems can generate persuasive narratives, simulate public sentiment, refine messaging, and identify cognitive vulnerabilities within target audiences. Large language models can draft diplomatic arguments, social commentary, and policy assessments at scale. Synthetic media can blur the line between authentic and fabricated signals.

Yet the most consequential impact is not public-facing propaganda.

It is the reinforcement of internal confidence.

When machine-generated outputs consistently align with preexisting assumptions - about an adversary’s weakness, cohesion, or intent, they can gradually harden analytical certainty. In AI-mediated rivalry, the danger is not simply deception - it is the gradual construction of analytical certainty around manipulated inputs.

That risk is universal.

Speed, repetition, and algorithmic coherence can create the appearance of clarity. When strategic communities begin reacting to synthetic or selectively amplified signals, escalation thresholds shift - sometimes without deliberate intent.

AI lowers the cost of narrative production. It also lowers the cost of strategic error.

Converging Models of Competitive Statecraft

Across major powers, variations of AI-enabled competition are already visible.

China has integrated data ecosystems into governance at scale, aligning state messaging, technological development, and strategic signaling. Narrative discipline and industrial capacity reinforce one another.

Russia has demonstrated adaptive information maneuver - rapidly recalibrating messaging across audiences, testing reactions, and exploiting ambiguity in fluid environments.

Iran has refined asymmetric information resilience - blending surveillance, digital monitoring, and calibrated external messaging to sustain regime durability under prolonged pressure.

These models differ in structure and scale, but they converge in one respect: influence is continuous, not episodic; perception management is strategic, not peripheral.

Artificial intelligence accelerates this convergence. It enables persistent probing, iterative testing of narratives, and the shaping of strategic tempo without conventional escalation.

Technology, however, does not determine outcomes on its own.

Engineered Confidence and Strategic Risk

The most underexamined vulnerability in this environment is not exposure to adversarial messaging. It is self-generated overconfidence.

AI systems optimize for pattern recognition and coherence. They surface correlations and reinforce trends. But coherence is not necessarily truth. Patterns can be engineered. Correlations can be induced.

When decision-makers operate within data environments shaped - even subtly - by manipulated or selectively amplified inputs, they risk constructing internally consistent but externally fragile assessments.

This is the new geometry of competition: not simply influence over others, but influence over one’s own analytical processes.

Under sustained cognitive pressure, institutions can drift toward accelerated judgment. The appearance of clarity can displace disciplined skepticism. Strategic tempo can outpace strategic reflection.

The enduring advantage will not belong to the state that perfects narrative control, but to the one that preserves analytical discipline even under sustained cognitive pressure.

Managing Uncertainty in an AI-Accelerated Era

The United States retains structural advantages: institutional depth, diverse intelligence streams, open innovation ecosystems, and alliance networks that introduce friction against uniform narratives. That friction is not weakness. It is strategic ballast.

But these advantages must be deliberately protected.

First, analytical friction must be strengthened. AI-assisted intelligence should be routinely stress-tested through adversarial review loops designed to detect synthetic amplification, data poisoning, and pattern distortion.

Second, signal authentication architecture must become a strategic priority. Verification protocols - technical and human - are essential to reduce susceptibility to manipulated inputs across military, diplomatic, and public domains.

Third, calibrated ambiguity should be preserved in response frameworks. In accelerated environments, rigid predictability invites exploitation. Clarity of intent does not require mechanical response.

Finally, alliance cohesion in the information domain must be treated as integral to deterrence. Perception gaps between partners create exploitable seams. Shared situational awareness and coordinated messaging are now as consequential as traditional interoperability.

These measures are not reactive. They are stabilizing.

Endurance in the Cognitive Arena

The next phase of competition will not be decided by territorial gains or military demonstrations alone. It will be shaped in the contested space between perception and reaction.

Artificial intelligence is not merely a tool of surveillance or propaganda. It is an instrument of cognitive pressure.

The states that endure will not be those that eliminate uncertainty, but those that manage it - deliberately, patiently, and without believing their own reflections.

In the coming decade, advantage will not belong to the state that generates the most data or the most persuasive narrative. It will belong to the one that resists the temptation to confuse engineered coherence with strategic reality.

Strategic maturity - not technological spectacle - will define advantage.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

While the World Watches the Middle East, War Is Brewing in South Asia

OPINION — For decades, strategists have warned that the most dangerous flashpoint in South Asia lies between India and Pakistan. The reasoning appeared straightforward: two nuclear-armed rivals with a long history of crises and wars. That perception only hardened last year when the two countries exchanged missile strikes during the 88-hour conflict that brought them to the brink of another major conflict.

As global attention remains fixed on US–Israeli joint military operations in the Middle East, a far more destabilizing conflict is quietly unfolding elsewhere. On March 16, a Pakistani airstrike struck a drug rehabilitation center in Kabul that reportedly killed nearly 400 civilians, marking a dramatic escalation in weeks of intensifying military confrontation between Pakistan and Afghanistan along the 2,600-kilometer Durand Line. This is not an isolated incident, but part of a broader shift in South Asia’s security landscape. The region’s most volatile fault line no longer lies along the Line of Control in Kashmir, but along the increasingly militarized frontier separating Pakistan and Afghanistan. If Western governments continue to treat this conflict as peripheral, they risk overlooking a war that could fundamentally reshape regional stability and generate consequences far beyond the subcontinent.

The “Open War” Along the Durand Line

In recent weeks, tensions between Islamabad and Kabul have escalated into what Pakistani leaders refer to as an “open war.” Pakistan has launched multiple airstrikes inside Afghan territory, while Afghan Taliban forces have retaliated by targeting Pakistani military installations along the border. In several instances, Taliban fighters have captured Pakistani forward posts and reportedly shot down a Pakistani fighter aircraft. These confrontations mark the most serious clashes between the two states since the Taliban returned to power in Afghanistan in 2021. Yet the strategic significance of the escalation is receiving surprisingly little attention outside the region.

For years, Western policymakers have viewed South Asian instability primarily through the lens of India-Pakistan rivalry. That framework, however, no longer captures the region’s most volatile dynamic. Since the Taliban’s takeover of Kabul, relations between Afghanistan and Pakistan have steadily deteriorated. Islamabad accuses the Taliban government of harboring militants from the Tehrik-e-Taliban Pakistan (TTP), the insurgent group responsible for a surge of attacks inside Pakistan. Kabul rejects these allegations and argues that Pakistan’s internal security crisis is a domestic problem rather than an Afghan conspiracy. The resulting tensions have steadily escalated into open confrontation. According to United Nations estimates, more than 100,000 people have already been displaced by fighting between Afghan and Pakistani forces. In addition to the airstrike targeting a rehabilitation center in Kabul, Pakistani airstrikes have struck other populated areas inside Afghanistan, killing dozens of civilians, including women and children. This suggests that Pakistan’s “open war” is not driven by actionable intelligence to conduct precision strikes but is designed to impose collective punishment on a population already under severe distress under the Taliban rule.

This violence is not merely the byproduct of cross-border militancy. It reflects a deeper strategic struggle over the future balance of power in the region. For decades, Pakistan’s military establishment has viewed Afghanistan through the doctrine of “strategic depth,” a Cold War-era concept that envisioned Afghanistan as a friendly rear base in the event of conflict with India. When the Taliban regained power in 2021, many in Islamabad believed that this objective had finally been achieved. Instead, relations between the two governments have deteriorated sharply. The Taliban leadership has resisted Pakistani pressure and refused to subordinate Afghan interests to Islamabad’s security demands. Faced with growing militant violence at home and an increasingly independent government in Kabul, Pakistan has turned to military coercion in an attempt to reassert its influence. The result is a conflict that is steadily reshaping the security dynamics of South Asia.

A Growing Humanitarian and Regional Crisis

The consequences of this confrontation extend far beyond the battlefield. Pakistan’s policies toward Afghanistan are now producing a severe humanitarian crisis that risks destabilizing the region further. Over the past two years, Pakistan has carried out one of the largest forced repatriation campaigns in recent history, expelling millions of Afghan refugees who had lived in the country for decades. In many cases, Afghan families were forced to leave behind homes, businesses, and property accumulated over generations. These deportations are taking place at the same time as cross-border violence is intensifying, creating a dangerous combination of displacement and instability. Refugees expelled from Pakistan are returning to a country already suffering from economic collapse, international isolation, and fragile governance under the hardliner Taliban government. The sudden influx of returnees is placing immense pressure on Afghanistan’s limited resources while fueling resentment toward Islamabad.

The humanitarian implications extend far beyond Afghanistan itself. Large-scale displacement from the country has historically produced migration flows that eventually reach the Middle East and Europe. Western governments, therefore, have a direct interest in preventing the situation from deteriorating further. More broadly, Pakistan’s escalating confrontation with Afghanistan risks transforming a bilateral dispute into a wider regional crisis. The timing of the conflict makes it particularly dangerous. With global attention concentrated on the Middle East, South Asia’s shifting security landscape is receiving relatively little scrutiny. This distraction creates an environment in which Islamabad’s aggressive policies can proceed with minimal international oversight.

Pakistan’s Strategic Calculations

Pakistan’s approach toward Afghanistan reflects a broader pattern in its regional strategy. For decades, Pakistan’s security establishment has relied on militant proxies, terrorists, and asymmetric warfare as instruments of foreign policy. While Western governments have often viewed Pakistan as an indispensable counterterrorism partner, Islamabad’s regional priorities have frequently diverged from those of its Western allies. The current confrontation with Afghanistan illustrates this divergence clearly. Rather than pursuing sustained diplomatic engagement with the Taliban government, which once relied on Pakistani funding and operational support, Islamabad has increasingly relied on military force to impose its preferred security arrangements along the Durand Line. The underlying objective appears to be the restoration of strategic leverage in Afghanistan and the reassertion of influence that Pakistan’s military once exercised during earlier phases of the Afghan conflict.

At the same time, Pakistan’s broader regional conduct raises serious questions about its reliability as a partner. Recent incidents have exposed significant gaps in Islamabad’s willingness or ability to uphold its international responsibilities. In one case, armed protesters in Karachi breached the security perimeter outside the US consulate following the death of former Iranian supreme leader Ali Khamenei, forcing US Marines to intervene to secure the facility. Similarly, despite establishing mutual defense ties with Saudi Arabia, Pakistan has shown little willingness to support Gulf security in the face of Iranian threats. These actions suggest that Pakistan’s strategic decisions are shaped primarily by domestic political calculations and regional ambitions rather than by alignment with Western security priorities.

The Risk of Strategic Neglect

If Pakistan is allowed to pursue aggressive military operations in Afghanistan without meaningful diplomatic pressure, the conflict could evolve into a prolonged war with severe regional consequences. Such a scenario would not only destabilize Afghanistan but also reinforce a pattern of coercive state behavior that undermines international norms. For a region already grappling with insurgencies, fragile states, and nuclear-armed rivalries, the implications would be profound. More importantly, a destabilized Afghanistan-Pakistan frontier could once again become fertile ground for terrorist organizations seeking to reconstitute and rearm. The collapse of security along the Durand Line would risk recreating the conditions that once allowed extremist groups to operate freely across the region.

For Western policymakers, the lesson is clear. The conflict between Pakistan and Afghanistan can no longer be treated as a secondary concern overshadowed by crises elsewhere. At a moment when Washington and its allies are attempting to dismantle global terrorist networks and maintain stability across multiple regions, they cannot afford to allow another state actor to exploit global distraction in order to reshape the strategic balance in South Asia. Ignoring the war along the Durand Line today could mean confronting a far larger crisis tomorrow.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

China’s Military Purges Were Larger Than We Thought

In China, the generals keep losing their jobs. On February 26, nine senior officers of the People’s Liberation Army (PLA) – five generals, one lieutenant general, and three major generals – were stripped of membership in China's top legislature, in the latest episode of a purge that has eviscerated the leadership of the PLA and raised questions about its readiness for a possible invasion of Taiwan.

The move came less than a week before the opening of China’s most important annual political gathering, the “Two Sessions,” and just one day after the release of a report showing that Xi’s purges have been far more sweeping than was previously known. The report, which was published by the China Power Project at the Center for Strategic and International Studies (CSIS), represents the first systematic assessment of the purges, which began in 2022 and culminated in last month’s removal of two of China’s most senior and experienced generals.

The report chronicles an "unprecedented purge of China’s military” that has swept all service branches and jettisoned more than half of the PLA’s senior officers.

Retired Rear Admiral Mike Studeman, a former Commander of the Office of Naval Intelligence, said the purges were greater in scale and scope than any in the nearly eight-decade history of the People's Republic of China.

“Xi Jinping has gone beyond even Mao’s purges,” Adm. Studeman told The Cipher Brief, referring to Mao Zedong’s elimination of the PLA high command in the early 1970s. “And he has fundamentally reshaped the way that the military is going to be led.”

The report found that the purges – carried out in the name of ridding the PLA of corruption – have led to a drop in the number and size of major military exercises, and raised questions about the PLA’s current capacity for complex operations.

“In the near term, given the significant vacancies, it would be incredibly difficult for China to launch large military campaigns against Taiwan,” Bonny Lin, the director of the China Power Project, wrote in an assessment of the report’s findings. “Even below that threshold, there is evidence that the purges have negatively impacted China’s exercises around Taiwan in 2025.”

“This is not the command that Xi Jinping wants to go to war with,” Brian Hart, the China Power Project’s Deputy Director and one of the report’s authors, told The Cipher Brief. “You don’t choose to go to war with half of your commanders missing.”

Mapping a Crackdown

The new report includes a database of China’s military leadership and identifies those officers who have been removed – including several with critical portfolios: the PLA’s head of military training; a general who commanded forces preparing for possible operations against Taiwan; and the two top officers dismissed in January – General Zhang Youxia, China’s most senior military official and by many accounts Xi’s most trusted military aide, and General Liu Zhenli, who headed the Joint Staff Department. Zhang and Liu were members of the Central Military Commission (CMC), China’s highest-level military body. As The Cipher Brief reported in January. Xi’s campaign has now claimed all but two of the CMC’s six leaders (one of whom is Xi himself); experts said the U.S. equivalent would be the firing of all but one member of the Joint Chiefs of Staff, along with dozens of other high-ranking generals.

In all, the China Power Project’s report found that 36 generals and lieutenant generals have been ousted since 2022; another 65 officers are listed as missing or “potentially purged”; and taken together, 101 of 176 officers in the PLA’s highest ranks — general or lieutenant general — are no longer at their posts. All five of China’s military theaters have seen their leaders ousted, and 56 deputy theater commanders have lost their positions as well.

Lyle Morris, a Senior Fellow at the Asia Society’s Center for China Analysis, said he had followed the purges for years but was startled by their scope.

“Beyond the four-star general level, you have the three-, two-, one-stars and all their underlings who appear to have been fully purged or in the process of being removed,” Morris, who formerly served as Country Director for China at the Office of the Secretary of Defense (OSD), told The Cipher Brief. “This has ramifications for the leadership, trust, and execution of training and missions of the PLA.”

Some of the military leaders have been fired, others placed under “investigation” – typically a career-ending proposition for a PLA officer – and others have simply vanished from public view. The report also documents a recent escalation; more than 60 top figures were removed from their posts in the last year alone. And experts believe the cleansing may not be over.

“I think we’re likely to see more purges,” Hart said. “This is not the end.”

Rebuilding the PLA

The report’s authors and several outside experts said that in the wake of the disruption – whenever it ends – Xi will face enormous challenges in rebuilding the world’s largest military.

“Having gutted the PLA’s leadership, Xi Jinping will have to turn to reconstituting the military high command in the coming years,” the report found. “Depending on what Xi intends to do, this could take years or even longer to see the full transformation.”

Experts stressed that when it comes to elevating officers to top positions, Xi will have to balance two key factors – political loyalty and competence.

“I think he’s more focused on getting it right than he is on doing it quickly,” Hart said, and he and others suggested that loyalty would be paramount. “Xi Jinping’s top priority in reconstructing the leadership is not the competence of his commanders. That’s very important, but his top priority is political loyalty to him and to the party.”

Some experts said that the full “transformation” is unlikely to be complete until late 2027, when the next Congress of the Chinese Communist Party is set to convene. In the interim, as newly-minted leaders are brought in, they may be less willing than their predecessors to present unvarnished assessments to Xi.

“The general sense is that anybody that’s going to be freshly appointed is going to be far more dependent on Xi, who has accelerated that person into the higher ranks,” Adm. Studeman said. “There will likely be more ‘yes men’ that have more to fear by crossing Xi Jinping.”

The Asia Society’s Morris concurred. The new leaders “are going to be much more accommodating to what Xi wants to do,” he said. “They’re not going to be giving bad news because that would mean the end of their careers. So for example, they’re going to be the folks who say, ‘Yes, sir, the PLA invasion plans are ready,’ even if they know internally they’re not ready.”

The Taiwan impact

You don’t need to be a China expert to grasp the potential impact of the purges – at least in the short term – when it comes to conducting major military operations, against Taiwan or anywhere else. At every level of the PLA – from top war planners to the generals who would execute those plans to lower-level officers in the Eastern Theater (the relevant command for a Taiwan operation) – multiple key positions are now vacant.

Morris said that having reviewed the scope and scale of the purges, he wouldn’t “lose any sleep” this year or in 2027 over a possible invasion of Taiwan.

“I think [Xi] and everyone in the party now knows that 2027 is not a good time to invade Taiwan,” he said. “You have to have the institutional leadership in place to give commands across the services, up through the CMC, and all of those relationships are now frayed or in disarray. I’m not sure how the PLA could actually execute it with so many senior leaders gone.”

Experts stressed that smaller-scale operations – basic training exercises, or dealing with minor skirmishes in the South China Sea – are unlikely to be affected by the purges, and that the PLA would not hesitate to respond to a crisis or engage in a war of necessity. But a conflict in the Taiwan Strait would be a large-scale and highly complex military operation, requiring the mobilization of all of China’s military services and forces – and for Beijing, it would be a war of choice.

For all those reasons, a half dozen experts interviewed by The Cipher Brief were unanimous in thinking that the 2027 time frame – which was widely reported to be the deadline Xi had given the PLA to be prepared to act against Taiwan – was no longer operative.

“If Xi had plans for 2027, I think they’re delayed,” said Dennis Wilder, a former senior CIA official and top White House adviser on China, in an interview conducted prior to the report’s publication. “There's no way that they're ready to take on a major military confrontation in these circumstances.”

“You’ve got to say this is not going to happen [by 2027],” Ambassador Joseph DeTrani, a former CIA Director of East Asia Operations, told The Cipher Brief. “I just don't see how Xi Jinping could feel even remotely confident that China’s military would be prepared, or is prepared, to use kinetic means to take over Taiwan.”

Adm. Studeman said Xi may have carried out the purges now because he never intended to move against Taiwan until 2028 or later – given the fact that a late-2027 Party gathering will determine whether he gains a fourth term as leader.

“Typically when a leader wants to get another term they need the backing of the PLA,” Studeman said. “If in fact the senior leadership in the PLA thought that Xi Jinping was being over aggressive [regarding Taiwan], then they might not be willing to cast our full support behind Xi.

“Xi Jinping may have thought, ‘I’m tired of the resistance, I want to move forward and I also need more yes men to be able to ensure an endorsement when it comes time for my fourth term.’”

The long view

Several experts said that the effects of Xi’s purges should be understood in two distinct time frames – short- and longer-term – and that for all the warnings about near-term readiness, a stronger, less corrupt and more effective PLA may ultimately emerge. They also noted that China’s military modernization and spiralling defense spending are likely to continue.

“Short term, it’s bad in many ways [for China],” Morris said. “But I think in the medium- and long-term it’s probably better, assuming – a big assumption – that they are less corrupt and cleaner, having gone through what will likely be an especially stringent vetting process.”

Meanwhile, the purges are unlikely to alter U.S. preparations for China conflict contingencies. As Morris put it, “IndoPacom [the U.S. Indo-Pacific Command] is not going to rest any easier, because their job is to prepare for worst-case scenarios.”

And while some suggested that the PLA turmoil would benefit the U.S. because it would buy time for preparations – “You've got a wonderful opportunity [with] a longer timeline,” Wilder said – others argued that the upheaval actually creates greater urgency for the U.S. and Taiwan.

Adm. Studeman made that case, warning that with more pliant leaders likely entering the PLA’s top echelons, there would be a greater need to demonstrate resolve and support for Taiwan.

“If anything, we need to impress upon these people coming into the CMC or taking some of these positions that despite their boss’ desires and hopes to solve these things through coercion, that there’s likely to be a very strong reaction that they may not be able to handle,” Studeman said. “It’s even more important, if you get somebody that’s more inclined to be rash, to ensure that they see what the consequences could be, and that means putting more material forward, strengthening the alliance system, and communicating support for Taiwan.”

In other words, while Gen. Zhang and other long-serving officers had combat experience and were willing to warn Xi Jinping of the perils of a major Pacific war, their replacements may need to be shown just what those perils are.

“That’s a way to keep the peace,” Studeman said. “To show the consequences and the dramatic effects of what could occur.”

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Our interview has been lightly edited for clarity. You can also watch the interview and other conversations with Cipher Brief Experts by subscribing to The Cipher Brief’s Digital Channel on YouTube.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Down But Not Out: Iran’s Axis of Resistance

OPINION — When HAMAS attacked Israel on 7 October 2023, Iran and its partners around the Middle East—collectively known as the Axis of Resistance—were riding high. Iran’s Islamic Revolutionary Guard Corps (IRGC) armed, funded, and trained HAMAS, Hizballah, the Huthis, and Iraqi Shia militias to help project Iranian power throughout the region. These groups were bound to Tehran by their Shia faith, shared antipathy toward the US and Israel, and support for fighting what they see as Israel’s illegal occupation of Palestinian lands. Now, however, after two-and-a-half years of conflict, the Axis looks more like a collection of disparate groups pursuing their own ends than a unified Shia force destabilizing the region for Iran’s benefit. Nonetheless, pronouncing the Axis dead risks missing the persistent threat these groups pose to US interests.

Since 7 October, Israel has severely degraded HAMAS and Hizballah, decimating their senior ranks and military capabilities. After the horrors of HAMAS’s attack, Israel was determined to neutralize both groups and began an unrelenting series of attacks and daring operations that have killed their most experienced leaders and commanders and destroyed many of their weapons. In Hizballah’s case, the fall of the al-Asad regime in Syria in December 2024 compounded the group’s woes by disrupting critical overland supply routes from Iran. As a result, neither group helped Iran when the US and Israel struck in June 2025. In the current war, HAMAS has remained on the sidelines. Hizballah, however, mounted a large rocket attack against Israel to retaliate for its killing Supreme Leader Ali Khamenei on 28 February. By attacking Israel and breaking a cease-fire that had largely held since November 2024, Hizballah signaled its loyalty to Iran, but also gave Israel the pretext it had been waiting for to resume the war, take (and possibly hold) territory in southern Lebanon, and try to destroy or forcibly disarm the group.

Perhaps the most surprising of Iran’s Axis partners have been the Huthis, which responded to Israel’s offensive in the Gaza Strip with regular missile and drone attacks against Israeli territory and a campaign against maritime shipping that caused disruptions that reverberated worldwide. Before 2023, the group considered Saudi Arabia its main enemy and alternately fought and negotiated with the Kingdom while consolidating control at home. Once the war in Gaza began, though, the Huthis became a persistent threat to the Israel, bleeding its supply of interceptors by launching routine attacks, and holding shipping in the Red Sea at risk in the name of the Palestinian cause, stopping only during cease-fires in Gaza. In June 2025, the Huthis made a token display of solidarity with Iran by lobbing a few missiles at Israel as it pummeled Iran, but did not materially come to Tehran’s aid. In the current war, the Huthis have held fire so far, but Huthi leader Abd al-Malik al-Huthi on 7 March publicly warned that his forces were ready to escalate militarily, which is more likely to happen the longer the war lasts. Unlike other Axis members who have suffered leadership losses and seen their arsenals devastated, the biggest brake on the Huthis’ getting involved is their responsibility for governing their own impoverished state—a burden none of the other Axis partners face. One al-Jazeera commentator posited this month that the group is particularly concerned about the potential threat from the internationally recognized Yemeni Government, which beat back secessionists in December 2025 and might be eyeing gains in Huthi-controlled Yemen next.

Like their partners in the Axis, some of the Iraqi Shia militias are prioritizing domestic political ambitions over militancy. The legislative election in Iraq in November 2025 led some of the Shia militias to focus more on winning votes than advancing Iran’s aims. Not only did the militias fear reprisals if they attacked the US or Israel, they also most likely feared the Iraqi public would blame them for violence and instability in Iraq if the militias themselves provoked US or Israeli strikes in Iraq. This calculation led them to sit out the war in June 2025, opting to hold rallies in Iraq rather than launch attacks in Iran’s defense. Several of the militias also signaled openness to disarming in December 2025, underscoring their shift from militancy to politics. At the same time, other groups, such as US-designated Kataib Hizballah (KH), the most capable of Iran’s partners in Iraq, have rejected calls to disarm and waded into the current conflict by attacking US interests. This month, KH spearheaded attacks against US facilities and personnel in Iraq, particularly in Iraqi Kurdistan and against the US Embassy in Baghdad, in response to the US and Israeli offensive in Iran. Indeed, the group publicly reaffirmed its solidarity with Iran, intent to avenge Supreme Leader Ali Khamenei’s death, and commitment to driving the US out of Iraq.

Although Iran’s Axis of Resistance is not the cohesive, potent force it was before 7 October, its members remain allied with Iran and staunchly opposed to the US and Israel. As they increasingly pursue their own ends—ranging from simply surviving to strengthening their political clout at home—they are likely to be less predictable. There are a number of factors that are likely to shape their trajectory, including:

•The extent to which new Supreme Leader Mojtaba Khamenei sees the Axis as a valuable collective that helps Tehran project power. His decision to reinvest and recommit to the Axis, particularly if he invoked the memory of his martyred father, would help reinforce ties between Iran and its partners.

•Whether the IRGC continues to fund and arm the groups. If Tehran cannot bankroll and arm its partners as it did in the past, these groups will be ever-less responsive to Iranian requests as they seek new sponsors or move away from militancy.

•To what degree groups, especially the Iraqi Shia militias, see politics as a better means to achieving their aims than militancy. If the Shia militias conclude that they can end the US presence in Iraq through negotiations rather than attacks, for example, or that they are better able to deliver economic benefits to the Iraqi Shia community by wielding political power than weapons, they will be more inclined to pursue politics than violence.

•Whether host governments or powerful neighbors curb the groups’ activities. Baghdad’s and Beirut’s ability and willingness to rein in nonstate actors like the Iraqi Shia militias and Hizballah, respectively, will be a significant brake on their ability to threaten the US or Israel. Similarly, Riyadh's success in finding a modus vivendi with the Huthis that boosts the economy in Huthi-controlled Yemen will give the group incentive to stop attacks to ensure its continued grip on power.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

GPS Denied: Time to Upgrade

OPINION — The Global Positioning System (GPS) is arguably the greatest dual-use technology ever developed. It saves us trillions of dollars in wasted fuel and inefficient logistics. However, our modern world is built on a system that is terrifyingly fragile, highly vulnerable to jamming, spoofing, and the existential threat of anti-satellite weapons.

Recent events prove this vulnerability. On February 28, ships navigating the Strait of Hormuz started appearing on tracking screens in places they couldn't possibly be. They appeared to be sitting on airport runways, parked on Iranian land, and clustered at nuclear power plants. More than 1,100 commercial vessels had their navigation systems scrambled in a single day following US-Israeli airstrikes on Iran, bringing a waterway that handles a fifth of the world's oil exports to a halt.

A similar crisis unfolded months earlier in the Caribbean. During a U.S. standoff with Venezuela, jammed signals caused commercial flights to experience severe GPS problems, resulting in a near-collision for a JetBlue pilot and forcing a cruise ship to navigate by charts and landmarks for three hours.

These are no longer isolated incidents. Today, anyone can pull up independent tracking sites like gpsjam.org—which aggregates aircraft data to visualize daily GPS disruptions worldwide—and view a heat map of the globe bleeding red with active interference.

But conflict zones aren't the only risk. In 2013, a truck driver with a $100 jammer accidentally knocked Newark Liberty International Airport's GPS offline just to hide from his employer's vehicle tracker. This system is used by over 6 billion people, yet it can be blinded by cheap gadgets.

The Invisible Metronome

GPS was designed for military position, navigation, and timing in the 1960s and 70s. Its signals travel 20,000 kilometers from space, arriving 100,000 times weaker than ambient noise. This makes them easily overwhelmed by low-cost eBay jammers emitting stronger radio noise on the same frequency.

Crucially, GPS isn't just a map; it is the invisible metronome for the modern world. The atomic clocks on GPS satellites synchronize cellular networks, timestamp billions of financial transactions, and regulate power grids. Lose the timing signal, and our global digital infrastructure fundamentally breaks down. We've wired the heartbeat of the global economy to a whispering radio signal from space.

Diverging Strategies: U.S. vs. China

The U.S. government has focused its response almost entirely on advancing military resilience measures like encrypted M-code signals and anti-jam antennas. This does nothing for commercial pilots or global logistics networks navigating denied environments. The U.S. defends GPS purely as a military asset.

Meanwhile, China has taken a radically different approach. It has poured state investment into the BeiDou satellite system, which achieved full global coverage in 2020 and surpasses the U.S. network in size. In parallel, China has built a deep bench of geospatial experts and backed BeiDou with a layered terrestrial architecture that includes a 20,000-kilometer fiber network and a national eLoran system. By actively exporting BeiDou through the Belt and Road Initiative and achieving full-stack autonomy in domestic navigation chips, China is building an ecosystem with commercial and strategic leverage that will matter as GPS-denied environments become the norm.

Moving Beyond GPS 2.0

The private sector is beginning to field alternative positioning systems, but competing against “free” will require game-changing innovation, not just incremental improvement. Inertial navigation systems are expensive and drift over time. Satellite constellations that simply move GPS-like spacecraft closer to Earth carry many of the same vulnerabilities as the system they’re meant to replace.

Commercial alternatives must go beyond GPS 2.0 to address both resilience and new use cases that justify adoption on their own merits. Remarkable new startups like EarthTraq aim to fill these gaps by providing new purpose-built constellations paired with low-cost, low-powered devices not dependent on any GPS constellations. Other companies are actively using computer vision or radar to automatically determine positions with what I call "artificial intelligence dead reckoning." Powerhouse companies like Vantor and Niantic Spatial are going big on high fidelity photogrammetric digital models of the world for precision navigation in denied environments. Other examples, Skyline Nav AI uses computer vision and deep learning to determine a vehicle's location in real time based solely on its surroundings. Similarly, European startup Vydar uses onboard AI to match live camera feeds of the ground with offline maps, computing highly accurate coordinates even during a complete GPS blackout. Daedalean AI is taking a complementary approach, building visual positioning systems that integrate seamlessly with radar and inertial sensors to operate in challenging conditions like fog or darkness. All of these alternatives offer mission performance that GPS cannot and have great promise to supplement or replace it in a denied environment.

We’re all going to have to get used to a world without GPS. The era of implicit trust in a single vulnerable satellite network is over. If we want to safely operate autonomous systems and AI in the real world, we must develop higher-fidelity methods of positioning within the eternal

reference frame that cannot be defeated by cheap eBay jammers.

Follow Mark Munsell on LinkedIn.

America Is Digitally Fragile — and Our Adversaries Know It

OPINION — America has entered a moment in which it is fundamentally more vulnerable than at any point in modern history. For the first time, the systems that underpin economic prosperity, social stability and military power are not merely digitally enabled — they are digitally dependent and tightly interconnected. At the same time, our principal adversaries have developed the capability and commitment to penetrate those systems, remain hidden and pre-position for future crises, while the United States remains organized for episodic offense and reactive defense.

Adversary cyber operations no longer aim merely to steal information or cause disruption. They are designed to control the environment before conflict begins, constrain U.S. options, and raise the domestic cost of action. The recent intrusions by Chinese malicious cyber actors — commonly known as Volt Typhoon and Salt Typhoon — clearly illustrate this challenge. These campaigns targeted water, energy, telecommunications, and ports — the industrial plumbing of American life — to establish persistent footholds in the systems modern society depends on and remain embedded there until the moment to exploit them arrives. Disturbingly, much of that access has proven extremely difficult to fully eradicate.

The uncomfortable truth is that the U.S. is perilously digitally fragile. Our economic strength, military readiness and social stability all rest on a digital nervous system that remains poorly understood, inadequately protected and insufficiently maintained. We behave as if these systems are strong and resilient. In reality, they are exposed and increasingly vulnerable. And the convergence of interconnected infrastructure, machine-speed operations, and artificial intelligence means failure can now cascade across sectors faster than leaders and operators can respond.

Imagine a crisis over Taiwan. Before the first U.S. aircraft takes off in response, power flickers, hospital software freezes, water treatment falters and banking slows. For most Americans, it would not feel like war — it would feel like everyday life coming apart. Meanwhile, the U.S. military would confront a sobering reality: its ability to mobilize and sustain operations depends on these same systems. Even the world’s most capable force can be delayed or degraded if the digital terrain beneath it cracks.

This is not fear-mongering. It is foresight. We are not merely under digital attack — we are amplifying the danger through our own unwillingness to accept how fundamentally the world has already changed.

For years, leaders hoped cyber deterrence would take hold. That hope has not been borne out. Below the threshold of armed conflict, cyber operations are cheap, deniable and consistently rewarded. Intellectual property theft, infrastructure mapping and covert pre-positioning generate enormous strategic returns at minimal risk. There has proven to be little incentive for adversaries to stop.

Further, the United States still treats intrusions as isolated incidents rather than continuous campaigns. Private reporting is voluntary and inconsistent. Government responders often learn of attacks only after the damage is visible. Offensively, U.S. cyber operations are highly capable but episodic — powerful actions without sustained strategic effect. Our adversaries play the long game; we respond in bursts.

We can and must do better. The way forward begins with establishing a national objective: Digital Dominance, the process of organizing the nation to lead and define the global digital environment. Digital Dominance is first a whole-of-society posture. Cybersecurity cannot be left to government specialists alone. Businesses, local governments, federal agencies, academia and individual users all operate on the same terrain and share responsibility for strengthening it. We must increasingly work together as teammates in the active defense of the nation.

But Digital Dominance also means ensuring that American digital capabilities — especially advanced semiconductors, large-scale compute, cloud infrastructure and artificial intelligence — become the preferred global standards. When U.S. technologies and architectures set the pace, we reinforce economic competitiveness, shape international rules and give our military the interoperable digital foundation it needs to maintain operational advantage. The future of national power will be decided across the entire ecosystem that designs, deploys, operationalizes and defends digital systems.

Further, achieving Digital Dominance requires the Department of War to pursue Analytic Superiority — the ability to sense, understand, predict and act faster than adversaries, while denying them the ability to do the same. The United States must fuse real-time data, AI-enabled analysis and machine-speed decision-making, while simultaneously disrupting and confusing adversary sensing, data pipelines and AI models/decision systems.

In modern conflict, the side that understands what’s happening first — and acts faster — drives the outcomes. Artificial intelligence makes that possible. It allows networks to spot problems early, connect the dots and respond in seconds rather than minutes or hours. AI isn’t a luxury in cyber operations; it’s the engine that makes conflict-winning speed possible. If we do not fully embrace the operationalization of AI, we will be reduced to playing catch-up with our adversaries.

These realities should also force prioritization. When everything is labeled critical, nothing truly is. The United States currently designates sixteen sectors as “critical infrastructure,” but there are five that really form the backbone of national stability: power, water, telecommunications, finance, and healthcare/emergency services. These sectors are so interdependent that failure in one can cascade rapidly into others. For them, the federal government must receive anonymized, real-time cyber data — not after incidents occur, but continuously. Reactive defense cedes initiative. True resilience requires anticipatory awareness and preemptive action.

However, defensive actions alone are not enough. Locks matter — but so does stopping burglars before they strike. The United States must shift to persistent cyber campaigning: continuous operations that disrupt adversary planning, degrade military capabilities, drain resources, put opponents on the defensive and pre-position our forces in case of conflict. But the government cannot successfully scale this mission on its own. The depth of cyber talent and technical innovation needed to compete with adversaries like China largely resides in the private sector.

A National Cyber Operations Team would integrate that talent directly into operational cyber missions using a “team-of-teams” model, with private-sector operators working under the oversight and command and control of U.S. Cyber Command. Participation would require meeting the Command’s rigorous training, certification, and security standards. This approach dramatically expands capacity while preserving unity of command, discipline, and operational accountability. Just as important, it taps into one of America’s greatest strategic advantages: our fast-moving, innovative technology ecosystem. By connecting that innovation directly to operational needs — rather than burying it inside years of contracting and acquisition bureaucracy — the United States can adapt faster than its adversaries and sustain the initiative in the digital domain.

Some will say these actions are ambitious. They are. But the alternative is far costlier: allowing adversaries persistent leverage over the systems that underpin daily life, economic strength, and national defense. Digital conflict does not resemble the wars we remember. It looks like everyday life suddenly coming to a halt — and with it, the erosion of the advantages that have long sustained American national power.

The U.S. is digitally fragile. We can choose to become digitally strong.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

At the Center of the World’s Most Dangerous Chokepoint

EXPERT INTERVIEW – Amid escalating tensions in the Middle East and growing concerns about the security of global energy supplies, the Strait of Hormuz is perhaps the world’s most consequential geopolitical flashpoint. As Iranian threats to disrupt shipping through the narrow waterway - a vital artery for nearly a fifth of the world’s oil – continue, fears of broader economic and military ripple effects across the region are rising.

Roughly 20 percent of the world’s oil normally flows through the Strait of Hormuz, and even limited disruptions can send shockwaves through global energy markets and supply chains. Energy markets are already reacting. With attacks on commercial vessels and threats to shut down the strait slowing tanker traffic and raising fears of wider conflict, global oil prices are surging, adding a new component of political pressure for President Donald Trump.

This is happening as Washington struggles to assemble an international coalition to help secure the vital shipping lane. U.S. officials have urged countries that rely heavily on Gulf energy exports to contribute naval forces to protect commercial shipping, but diplomatic efforts have been uneven as some governments hesitate to become directly involved in a rapidly escalating confrontation with Iran. Meanwhile, insurers have increased war-risk premiums for vessels transiting the strait and Gulf producers are exploring alternative export routes as tensions mount.

I sat down with energy expert and former National Intelligence Manager for Iran at ODNI, Norm Roule to talk about the strategic stakes surrounding the Strait of Hormuz, and the ripple effects being felt around the world. Our interview has been lightly edited for length and clarity.

Norman T. Roule

Norman Roule is a geopolitical and energy consultant who served for 34 years in the Central Intelligence Agency, managing numerous programs relating to Iran and the Middle East. He also served as the National Intelligence Manager for Iran (NIM-I)\n at ODNI, where he was responsible for all aspects of national intelligence policy related to Iran.

Kelly: Give us a sense of what you're thinking about the Strait of Hormuz today as we see what's happening there and what do you anticipate are the ripple effects from this moving forward?

Roule: The U.S. military has been paying attention to this problem set for many years. I’ve read a lot of articles about Iran's capabilities in the region, and they are genuine. They're serious. But our military has studied this for a number of years, and they have plans and capabilities. These capabilities must be arrayed in a specific fashion. They can't be rushed. As you can tell, I'm talking around things and that's appropriate.

I also believe this is something best done as a team. The Strait of Hormuz is an international body of water. It's not owned by the United States. Something that I think is terrifically negative right now is that you have some countries contacting the Iranians, in essence, negotiating the right to pass through the Strait of Hormuz. That's a terrible thing.

The Iranians are on one side of the Strait of Hormuz. The Musandam Peninsula, the tip of which is controlled by the Omanis, is on the other side. The Omanis don't control the Strait of Hormuz. The Strait is an international body of water, which means you would want - in theory - a global coalition led by the United States. And that would be consistent with the December 2025 Trump National Security Strategy to operate some sort of coalition to free that for international commercial trade.

This would take a fair amount of resources so burden sharing would be important. And also by having many flags there, it would require that the Iranians in essence, fire upon the world when they attack any tankers or container ships going through.

The strait is also important for Iran. And this is sometimes forgotten. About 28% of Iran's GDP is derived from the traffic that comes from the port. Food, wheat, and other grains arrive through the Strait. So, Iran can sustain a closure for a short period of time, but the Iranian people need to be sustained by an open port, an open Strait of Hormuz.

Right now, if you're the U.S. Navy, you would want to do several things. First, you're going to make sure that you have reduced Iran's capacity to the largest degree possible to fire missiles, to deploy mines, and to deploy swarm speedboats and submarines. Then, once that's done, you're going to want to develop a convoy with the appropriate security capacity to move commercial shipping up and down through the Strait into the Persian Gulf and to ensure that that convoy is protected from drones.

Now, that last point is important because the drone and missile firings by the Iranians has been significantly and dramatically reduced over the last several days, but the numbers are still high for a convoy. You wouldn't want to have a container ship or an oil tanker face 40 or 50 drones at any one time. So, I think it's entirely prudent of the U.S. Navy to say, hypothetically, I don't know this, but I would assume, ‘Mr. President, we're getting ourselves lined up, but we'd like to spend more time reducing Iran's drone capacity. and spending more time making sure there are no more mine laying vessels or mine caches on Iran's shore. And then once we have that taken care of and perhaps put together a coalition, we will begin operations.’

You've seen in the president's recent social media, even an allusion to an international coalition. So, I think something is being developed and it may not be made apparent to the American people, but war plans aren't something that you usually put into the open press. So, we need to have some patience and understanding and confidence in our very effective, very well-led American military CENTCOM and our naval forces.

Kelly: OK, but let's take stock for just a moment of what's been achieved over the past couple of weeks. A lot of Iran's missile program has been decimated. They do still have drones, as you point out. They still have mines in the strait. They still have the Quds Force, how are you assessing the threat still posed by Iran today?

Roule: You're correct. We have dramatically reduced Iran's missile program. Iran is now finding out that there is no such thing as a subterranean storage location that we cannot attack and collapse. It just takes a while for us to work through that with the Israelis, hence their missiles, their launchers, and their missile personnel are being significantly degraded.

And the drones, similarly, mobile launchers and mobile drones that are systems that are above ground are taking a longer period of time, as you would expect. It takes a while to locate those and that becomes a problem.

For the Quds Force and the IRGC, you have two different issues going on. First, the United States has, and the Israelis reportedly, have destroyed a large number of these facilities in Tehran and throughout the country. Now, this has done several things. First, it's destroyed large numbers of buildings. Now one would expect that prior to this conflict - which people knew was coming - that they probably got out of those buildings. But in any case, their headquarters buildings have been destroyed, files have been destroyed, structures have been damaged. They're probably dispersed throughout cities now and in the countryside, so the efficiency of the organizations is significantly degraded. The least degraded would probably be their cyber capacity because that was already dispersed throughout the country and even sometimes, out of the country.

But nonetheless, this has meant that the capacity of the Revolutionary Guard, the law enforcement forces, even some of the police elements that were oppressive elements against the population have been reduced to some extent. To what extent? It's not known because of the information blackout. The U.S. government probably knows but that would obviously be classified.

Iran’s capacity to oppress its people has also been reduced. What I think would be most interesting is if you are a revolutionary guard or a ministry of intelligence or a security official abroad, you're probably not getting a lot of instructions from home. You may not even be getting paid. You may not even have a home, which makes it unclear as to what sort of capacity for terrorism, for operational work you have abroad, which is important if we have concerns about their ability to conduct terrorism - terrorism abroad and threats against American or American interests elsewhere. But these operations are important, although of course, they do require air assets, and they take time and capabilities from other targets.

Kelly: What should we expect from this new governing structure, which assumedly, is going to continue to be targeted by the U.S. and Israel for some time?

Roule: There really are very few surprises here. The personnel who are around the table, if they are able to meet in this turbulent and dangerous environment, are pretty much the same people who were around the table prior to the conflict, albeit they were further down in the pecking order and they've replaced individuals who were killed in the conflict. The head of the Revolutionary Guard, Ahmad Vahidi, is a longtime Revolutionary Guard officer. He was born I think, around 1956 and joined the Revolutionary Guard in 1979.

He led the Quds Force prior to Qassem Soleimani, a very dark and dangerous individual. He is wanted by Interpol for his involvement in the AMIA terrorist bombing. He was a previous Deputy Defense Minister, Deputy Commander of the Revolutionary Guard. But you can, he's a long-time career Revolutionary Guard individual. These people been around for a very long time. And of course, the new supreme leader, Mujtaba Khamenei was a member of the Revolutionary Guard as a young man. He fought at the tail end of the Iran-Iraq War. He is known to have hardline views, likely supports Iran's acquisition of a nuclear weapon, supports Iran's revolutionary role in the region. He is an individual who believes in the militaristic role of the Revolutionary Guard. And what I mean by that also is the role of the Revolutionary Guard in Iran's economy.

So, you don't have a change in the system. And of course, I should also say he ran the campaign and helped put then-candidate Ahmadinejad in power. He is not a lightweight. He's not an intellectual lightweight. He's not a religious heavyweight, but I don't think that's the intention of this regime. What you're looking at is the next phase of leadership.

If you look at this in terms of the previous regime saying, ‘Well you know he's not the same guy as his father. He's not a senior religious official. He's not speaking like his father. He doesn't have the same titles. He doesn't have the same education,’ that’s the wrong view. This is the new generation. This is the post-revolutionary generation. This is the evolution of Iran's government to a new world where they are maybe more engaging of the world, more aggressive, more assertive, but they're not tied to the revolution. We have a world where there more women in Iran's parliament than clerics. That's fine with them. They don't need to have someone who has the same religious bearing as the predecessor. And I'm not quite sure that we have ingested that in our analysis in the West.

Where do I see this going? Their job now is not only survival of the regime, but survival period. At the end of this conflict, my sense is that they're going to want to do two things.

First, put out a bellicose rhetoric to claim that they have survived, won, defeated the United States, could defeat the United States again, can damage the region. But more so, they need to make sure that they're alive in six weeks or six months or six years, because as history has shown over the last couple of years, quite a few Iranian leaders and Iranian proxy leaders have had a rather short lifespan or a rather sudden departure from this earth and I think they're going to want to have some kind of a shift in that dynamic.

Here's the challenge. If they achieve that, if they achieve some sort of agreement where there is a ceasefire that doesn't mean they're going to stop building a nuclear weapon or they're going to stop building a missile program that moves toward an ICBM - or that the Quds force is going away and they're going to stop building good proxies in the region. So, there is a challenge for the region and for the United States in dealing with this government in the future.

Kelly: What are some of the things that you believe that the U.S. government should be paying close attention to when they're planning for how this new Iranian leadership may evolve and how it may be more aggressive and how it may go back to that nuclear issue with a renewed sense of purpose?

Roule: With the Iranian government, two factors just need to be kept in mind, in my view. The first is that they need to know that we're always watching.

The world has changed in terms of the tools that are on the table. For many years, the West would state all options are on the table. That was our position. That was Europe's position. But we watched as multiple red lines turned pink. And the Iranians violated an endless array of them, killing American servicemen in Iraq, building and having a nuclear weapons program, Tehran’s proliferation of missiles, shutting down the Red Sea with missiles - I mean, just an astonishing list that includes attempting to kill Americans in the United States, attempting to kill a presidential candidate. It's an extraordinary list.

They need to know if we see it, we're going to respond and it's likely going to be a military response and we're not going to waste time. If they believe that, that our intelligence programs will remain heavily resourced, active and successful, and our military focus will be immediate and robust, I think that will contain them and constrain them. But the moment that either of those slip, I think the Iranians will, at the very, very least, seek to test whether the red lines again, are turning pink.

Kelly: Do the Israelis have a different set of metrics in order to determine what victory looks like in Iran?

Roule: The United States and Israel have a very different geographic location. For the Israelis, they're sitting much closer to a country that writes ‘Death to Israel’ in perfect Hebrew on its missiles. They're sitting next to a country that has launched hundreds of missiles against Israel. Now, remember Israel has, according to press reports, a nuclear weapons program, and that hasn't stopped Iran from attacking it on multiple occasions.

Iran has attacked Israelis and Israeli officials and Israeli nationals on multiple occasions around the world, successfully and unsuccessfully over the years. It is a serious, mortal, and potentially existential threat to Israel. So, their barrier for what they need is going to inherently be higher than ours. But in the end, our goals are parallel.

What it comes down to is going to be what their requirements are on - we'll call it the technical oversight - the technical demands, the requirements to make sure that Iran’s nuclear program isn't being developed and perhaps clarity around guarantees of joint action or the capability that the Israelis might want to have to independently act to ensure their capacity to do this if they see on their own that something is being done. So, they're not compelled to rely upon us if our politics don't allow us to act on our own. Because again, they're in a very different world.

Kelly: Israel has exquisite intelligence on what's happening inside Iran and with Iran's nuclear program. They have launched campaigns in the past that have taken out Tehran’s nuclear scientists. What do you think the likelihood is that Iran’s new regime won't double down on redeveloping their nuclear program?

Roule: In many ways, the United States was offering a pretty good deal to the Iranian government and was asking the Iranians for very little in return. The Iranians do not have an enrichment program at present. It was largely destroyed in the June war. You can call it obliterated or severely degraded, whatever variation you want to use.

The medium-range ballistic missile program needs to be constrained at some point, and we need to stop the proliferation of missiles to the Houthis and other countries. And last, of course, the terrorism program - militia building of the Quds forces - something everyone in the region and in the world would agree, is a terrible thing.

I don't know anyone in the world that would say the United States isn't asking for something reasonable. And in return, we would lift sanctions largely on Iran, and Iran could normalize its relations with the region and build a great energy program. The Iranians refused. It just makes it seem like these aren't reasonable people. It does sound as if they are aiming for something dangerous. So that enrichment program does appear to be something that we're going to have to focus on to ensure that Iran does not have a program, even if it's under heavy international supervision.

Kelly: We'll be looking for whether the U.S. will take a stand and declare victory on some level over the next few days and weeks. What are you looking for in the short term, let's say over the next two to three weeks?

Roule: The continued collapse of missile and drone firings from Iran; the development of any international naval force as a potential regarding the Strait of Hormuz; the potential departure from this earth of any Iranian leader.

I would worry about any catastrophic success that the Iranians may have with any of their missiles or drone attacks. We have seen extraordinary defense by our Gulf partners and we haven't talked about that, but I'd like to spend a couple of moments on that if I may.

Our Israeli partners have done magnificent work on air defense. They've got a lot of experience, a lot of great well-trained people and a lot of good technology. They've got a lot of motivation. You would expect this and they're doing just wonderfully at this. But the Gulf nations don't have a lot of history of combat and air defense, and they have faced an unprecedented, just for any country in the world, number of missile, drone, and cyberattacks simultaneously to a degree that would challenge any country in this world.

I urge all of your readers just to look at the statistics and to look at how well these countries have performed. This is a testimony to their leadership, to their investment over many years, to their training, largely using Western American technology.

This tells you about the private sector and the companies that have been working with them for many years, and how well those relationships have evolved. When you look at how the economies have continued to run while these countries are under attack, so that the Emirates, who for the longest time, were taking the largest number of hits, that tells you just how extraordinarily well that society is running with its population.

The Emirates and Saudi Arabia have managed to produce vast amounts of oil to keep the world economies going. They've defended against hundreds of drones and missiles, and they've done this amid thousands of cyberattacks. And the cyberattacks don't get much publicity. I think there's a tremendous story.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Defining Victory in the Iran War

OPINION — Two weeks ago, in the first hours of the war, I listed several possible scenarios for the outcome. No one can confidently know where this is going for all the reasons I listed then -- as the war has shown, a decision to employ violence without pre-planning for all contingencies sets off an unpredictable chain of events. This said, I sense that the administration is approaching the point where the temptation will be overwhelming to define as victory wherever things stand at the moment – even if this includes the survival of a weakened version of the Iranian regime.

The pressure to do that comes from the piling up of second and third order consequences, most of which seem not to have been anticipated. This list is growing.

There is closure or clogging of the Strait of Hormuz, leading to rising oil prices and the knock-on pressures in all associated fields – a trend beneficial to oil-rich Russia as its aggression in Ukraine continues. The Iranian attacks on the Gulf states, while deepening their animus toward Iran, have almost certainly diminished any enthusiasm on their part for continuing conflict. Then there is the US public’s confusion about the war; polling is not conclusive, but it looks like only 4 in 10 Americans think it a good idea and a higher percentage are simply uncertain about the objectives. The MAGA base is not enthused and prominent influencers such as Joe Rogan find it out of line with the president’s campaign promises. And the 2026 mid-terms loom as judgment time for all of this.

Although the logic of the conflict is starting to call for a way out, there are some major hurdles in the way.

The first is that the US has not met at least three of the headline objectives the administration mentioned at the outset -- eliminating any Iranian nuclear material, banishing the revolutionary regime, and inspiring a popular uprising. Thanks to the US military’s professionalism, US effort on another objective -- degrading Iran’s war machine -- has fared better. Although not yet complete, the administration could cite progress on that as a basis for declaring victory.

A second problem is that Israel does not seem prepared to stop. It is clearly bent on regime change and on destroying anyone who could preserve a form of the old one.

So, if the administration does want to declare victory and be done, it will have to finesse these two sets of problems. One way would be through a set of talks in which the US tries to use the threat of renewed military attack to dominate the bargaining table. But at this point, the Iranians are giving no sign, at least publicly, that they are looking for a cease fire or feel pressure yet to sit down and talk.

You can also follow Cipher Brief Expert and former Acting Director of CIA John McLaughlin on Substack.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Inside Trump’s Thinking on the Iran War

OPINION — “Remember this: We're being nice. I [President Trump] could take out [Iran’s] things within the next hour, we could hang up [this telephone interview] and within one hour you’d be reading about [the U.S. military] taking out [Iranian] nuclear power plants or power plants that create the electricity, that create the water -- they have desalinization all over the place. We could do things that would be so bad they [the Iranian leadership] could literally never rebuild as a nation again. And we're trying to be nice about it.”

That was President Trump during a 33-minute telephone interview that took place early Wednesday evening with Fox News’ Brian Kilmeade. Sections of that interview were later broadcast on Thursday morning during part of the three-hour Brian Kilmeade Show.

The whole interview, as originally recorded by Fox News, covered a range of subjects and listening to it all together provided a sense of Trump thinking one doesn’t get from hearing separate sound bites and video clips generally provided the public.

For example, Trump, having said the above about destroying Iran’s infrastructure, he then talks more about not doing it.

“We’re not doing it,” Trump said, “Now they'll [the Iranians] go around and shoot civilians all over the place, but we don't do that. But we could take out elements of what they have in terms of infrastructure. They would virtually never be able, time wouldn't matter, never be able to reproduce it, and so far, we've chosen not to do that."

Let’s go through what I believe are some of the more interesting elements of the interview.

Early on, Kilmeade noted Trump had talked of the 1,700 Iranians former-President Biden had let into the U.S. and some 700 were still here. Kilmeade added, “You [Trump] mentioned the other day that you believe you know where the sleeper cells are, these Iranian sleeper cells. If you know where they are, can we start going offensively after them legally?”

“We'll watch them very carefully,” Trump replied, adding, “Gotta be a little bit careful in a lot of ways…that's the problem, is you've got a lot of good [Iranian] people, but we're watching them very, very carefully. We have them under watch. Now, when you say that, uh, you say 1700, could be a lot more than that came in, but nobody knows because you had so many.”

Kilmeade did not follow up by asking Trump who is watching these Iranians “very carefully,” but the assumption has to be the FBI.

Minutes later Kilmeade asked Trump about reports about alleged planned Iranian drone attacks on California. “Is that real or is that verified? Did that cross your desk, is that a legitimate concern?” said Kilmeade.

Trump’s response: “Well, the first we heard about it was from Gavin Newsom, the incompetent governor of California.” Kilmeade asked, “He [Newsome] told you so?”

Trump then replied, “No, he announced it. It came out from him or his office. That's where we heard at first, he was talking about it.” Trump then went on to attack Newsom saying, “But he has learning disabilities, so I don't know, maybe he doesn't know, you know. He, he admitted he had learning disabilities. Somebody said, "Well, what's wrong with that?" I said, "That's okay, but not for the president." You know, [Laughs].

In fact, the day before, Wednesday March 11, ABC News disclosed the FBI published a February alert that there were unverified reports that Iran might possibly send drones to hit California. After that, on Wednesday, the FBI published its version of the February notice on social network X. Also last Wednesday, Governor Newsom, during a webinar on another issue, did speak about the FBI drone alert, but that drew no national mention.

More relevant, however, was that last Wednesday evening, Trump upon arriving at Joint Base Andrews, was asked about the ABC News and FBI social message of the possibility of drones hitting California and he responded, “It’s being investigated, but you have a lot of things happening. All we can do is take ’em as they come.”

So it appears to be that Trump was made aware of the California Iranian drone story the day before he attributed his own knowledge of the matter to Newsom, but it did give him the opening to attack the Californian.

Kilmeade asked about the U.S. escorting oil tankers through the Strait of Hormuz and Trump replied, “Well, we would do it if we needed to, but we would do it if we needed to. But, you know, hopefully, things are gonna go very well. We're going to see what happens.”

When Kilmeade followed up asking, “But does it concern you that these tankers aren't getting through, and the one that did get through made its way to China? I would think that maybe we'd be stopping these tankers that got through.”

Trump replied: “Well, you'll have to see what happens over the next, you know, this just began. This is their new strategy. So you're going to have to watch, Brian, what's going to be happening over the next few days, and we'll see. We'll see how successful they are. But they're doing this as a last-ditch effort.”

That Trump reply gives support to those critics who have said the President, at least, was not prepared for Iran blocking the Strait of Hormuz, to cut world oil supplies, which most Iran experts knew was Tehran’s main card to play. Trump’s current thrashing around to get other

countries to supply warships to escort oil tankers is another sign of lack of U.S. preparation for this most obvious Iranian move.

On talk about mounting a complex military operation to seize what Kilmeade described as “the uranium that Steve Witkoff talked about, that they said they have over 400 kilograms of it? Is there some type of operation in place to grab it?”

Trump, for whom preventing Iran from having a nuclear weapon was the first goal, replied, “No, not at all, and we're not focused on that. But at some point, we might be. Right now, we're focused on knocking the hell out of their missiles and their drones.”

This may not be a firm answer, and the recent plan to introduce a 2,500-person Marine expeditionary unit into the area of operations will give Trump yet another option to stop Iran from having material for a nuclear weapon. But Trump’s reply also shows the unpredictability of the course of the war.

When Kilmeade asked, “Are you thinking about taking Kharg Island where 90% of the [exported] Iranian oil goes through?” Trump replied, “Brian, I can't answer a question like that. You should, and you shouldn't ask it. Yeah, you shouldn't be even asking it. Uh, it's one of so many different things. It's not high on the list, but it's one of so many different things.”

“Okay,” said Kilmeade, but then Trump quickly added, “And I can change my mind in seconds. But, you know, if you'd ask a question, who would answer a question like that?”

Trump went on, “I mean, you're asking me a question, Kharg Island, okay, I think, who would ask a question like that? And what fool would answer it, okay? Let's say I was gonna do it, or let's say I wasn't gonna do it. What would I say to you?”

I look at that Trump response and think the President is thinking of taking over Kharg Island, but cannot make up his mind about doing it.

Kilmeade asked the ultimate question about the Iran war, “When are you going to know when it's over?”

Trump’s first response, “When I feel it -- I feel it in my bones.”

Kilmeade then asked, “Will you ask anybody in particular, would that be some of these, a joint decision?”

Trump replied, “Well, I deal with people. I have great people, you know? I have [Joint Chiefs Chairman] General Raizin Caine, I have [Defense Secretary] Pete [Hegseth]. Pete's turned out to be a star. [Secrtery of State Rubio] Marco's great, [Vice President] J.D. [Vance]. I've got all good people. I've got, we've got a great group.”

Can that be the inner circle for the war in Iran?

“Are people speaking up and speaking their minds?” Kilmeade asked.

“They do,” Trump said. “I let them speak their mind, and they do. And we have some differences, but they, they never end up being much. I convince them all to, let's do it my way.”

That, I’m afraid, tells us all we want to know.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

China's Military: Five Lessons from the Iran War

It may seem early to be drawing lessons from the U.S.-Israeli war against Iran, but one of the world’s most powerful militaries has already reached some conclusions.

China’s People's Liberation Army (PLA) has published a list on social media under the heading "Five Lessons From U.S.-Israeli Strikes On Iran" – ranging from what it called the "coldest reality" of "superior firepower" to the need for "self-reliance," the dangers of "blind faith in peace" and the "deadliest threat" of an "enemy within." Experts said the unusual public message was likely intended for multiple audiences – the PLA rank and file, the domestic public in China, and for the U.S. and the West as well.

“I was surprised that China would put something like this out there for the public’s edification – usually they keep things very close to the vest,” Ambassador Joseph DeTrani, a former CIA director of East Asia Operations, told The Cipher Brief. “The messages are clear: we’re taking care of the ‘enemy within’ — anyone who disagrees with us inside – and we see the ‘superior firepower’ of the U.S. and the perils of a ‘blind faith’ in peace. So we’d better get our act together.”

The Cipher Brief asked several experts on China and its military to assess the broader meaning of the PLA’s “lessons” – and what they may portend for Taiwan and other contingencies.

“It’s kind of a revelation of what they’re thinking and feeling, and I think the objective is to alarm internally,” Orville Schell, Director of the Asia Society’s Center on U.S.-China Relations, told The Cipher Brief. “It’s surprising that they’ve articulated these publicly, in such a stark way.”

The five lessons

The “Five Lessons” were posted by “China Military Bugle," a multimedia messaging system run by the PLA News Media Center. The Bugle posts to domestic platforms in China and to global sites including X, Facebook, Instagram, and YouTube. The post was presented as a graphic with text in both English and Mandarin Chinese, and in its entirety, it amounted to a mere 27 words:

Deadliest Threat: The Enemy Within
Costliest Miscalculation: Blind Faith in Peace
Cruelest Paradox: The Illusion of Victory
Coldest Reality: The Logic of Superior Firepower
Ultimate Reliance: Self-Reliance

Taken together, experts said the lessons serve simultaneously as a critique of the U.S., a warning against complacency within PLA ranks and in Chinese society generally, and a message for the rest of the world: Don’t underestimate China’s strength and resolve.

“There are many messages here, in these ‘lessons,'” Shen Dingli, a Shanghai-based international relations expert, told The Cipher Brief. “One message is that the writer thinks Chinese have to be very realistic and trust nobody. Another is, let Chinese be serious about the lethality of the American weapons. And the writer thinks that as Chinese people, they should not be so innocent to believe that America is peace-loving.”

Experts said the “blind faith in peace” was a reference to Iran’s ill-fated negotiations with the U.S., and the “logic of superior firepower” an acknowledgement of the ferocity of the U.S.-Israel attacks.

The war against Iran began just two months after U.S. forces removed the leader of Venezuela, another ally of China, and experts said that the two seismic events – different as they are – may have prompted the PLA post.

“The lessons sound more like a message for China itself rather than for others,” Yun Sun, Director of the China Program at the Stimson Center, told The Cipher Brief. “The implied message is a hardline position on the U.S. and a criticism of the American fake promise of peace. The PLA is using this line to indoctrinate its own armed forces about the constant need to prepare for war and not to trust Americans.”

“What they’re basically saying is, we can’t be weak,” Amb. DeTrani said. “They’re saying, unless there’s strict discipline, unless we all march to the same tune and we all understand the importance of protecting our vital issues, we will be abused.”

Schell and DeTrani both noted that China has a history of closely studying other nation’s wars for such lessons, often hunting for clues as to how a future U.S.–China conflict, likely centered on Taiwan, might unfold.

No specific military theaters are mentioned in the PLA “lessons,” but experts said any messaging about war and military preparedness from Beijing carries meaning for Taiwan. In this context, the five “lessons” can be read as a warning against overconfidence within the PLA (“Illusion of Victory”); a reminder that any U.S.–China negotiations won’t necessarily preclude sudden military action (“Blind Faith in Peace”); and acknowledgment of the power and high-tech sophistication of the U.S. military (“Logic of Superior Firepower”).

“The message for the PLA is, ‘Yes we can dialogue with people, and we can dialogue them to death – but don’t for one minute think that you’re going to get anywhere,” Schell said. “And a second message is, ‘they’re out to get us and we have to be reliant on ourselves in every way possible.’”

The “deadliest threat”

Perhaps the most interesting – and cryptic – of the PLA “lessons” was the first, which read in full, “Deadliest Threat: The Enemy Within.”

It’s a concern that experts say is reflective of a longstanding fear of dissent within China – and heightened by evidence that betrayals in Iran had allowed for infiltration by the Central Intelligence Agency and Israel’s Mossad.

“Clearly Israel has taken advantage of people inside Iran who are willing to betray their country,” Shen said. “There must have been traitors inside Iran. This was an ‘enemy within.’ So that is a lesson for China.”

Yun Sun echoed the point. “The ‘enemy from within’ refers to the many traitors willing to work with the Israelis,” she said. “That’s also a reference against any dovish illusion within China about the U.S.”

Sun and other experts also noted that the PLA “lessons” were posted in the midst of Xi Jinping’s unprecedented purge of senior military officers – a years-long campaign that has recently gutted the highest echelons of PLA leadership.

“I immediately thought of Xi Jinping and the purges that are ongoing in the People's Liberation Army and beyond,” Amb. DeTrani said. “To Xi and to China, that’s an ‘enemy within.’ The message is that unless we are united, unless we all march to the same tune, unless we’re in sync, we will be vulnerable…‘Enemy within’ speaks to some of the logic behind the purges.”

“In the People’s Liberation Army, there are so many corrupt officials, and our leader keeps cleansing them,” Shen said. “But the fear is, how can the leaders be sure that corrupt people will not sell secrets to China's enemies? How can this country be sure it does not also have an ‘enemy within’?”

The U.S. – not a “paper tiger”

Experts told The Cipher Brief that two elements of the Iran war have likely surprised China the most: The fact that it was launched while negotiations were underway; and the ferocity of the joint U.S.-Israeli operations.

“I think they are surprised by the war,” Schell said. “They’re used to America being more wishy-washy, and not going so quickly to the gun.”

DeTrani agreed that attacking during a negotiation likely surprised Beijing, as did Trump’s bravado in taking out two foreign leaders – Venezuela’s Nicolas Maduro and Iran’s Supreme Leader Ayatollah Ali Khamenei – in less than two months.

“I think they may have been surprised with that, and also some of the statements from the president saying that we will have a hand in deciding what the new leadership will look like…and that we’re looking for unconditional surrender,” Amb. DeTrani said. “These things probably surprised China, and made them wonder: is there a message for issues that are close to them, like Taiwan and the South China Sea?”

A clear takeaway, Shen Dingli said, was that the U.S. isn’t a “paper tiger,” as some Chinese officials have suggested. “President Trump says he doesn’t want war, and that he has settled 8 conflicts, and he wants the Nobel Peace Prize,” Shen said. “This is one side. But he has another side – he can ruthlessly execute a war. He can send a Delta Force to Venezuela. He bombed Iran last June. And he bombed Iran again. So in China, after seeing such frequent use of deadly weapons, one has to have a serious look at the superior force of the U.S. The U.S. is a real tiger. Not a paper tiger.”

The PLA’s “Illusion of Victory” lesson, Shen said, is a warning against complacency within the PLA.

“If the U.S. can so easily target the Iranian leader [Ali] Khamenei, would the U.S. know where all the Chinese leaders are?” he said. “This could be a sensitive concern – the intelligence, and also the military capability to penetrate deep sites – with its earth-penetrating, bunker-busting weapons.”

A message for Washington

If the PLA’s lessons carry a message for the U.S., it may be that American policymakers shouldn't be overconfident either – despite their strength and the upheaval underway in China’s military.

“The external message – and it’s interesting that it comes in advance of the Trump summit with Xi – is that there are elements in the government that want to go on record that they are not going to be easily convinced of our good intentions,” Schell said. “I think it’s a warning also – a ‘Don’t tread on me’ kind of warning to the West.”

The message to the U.S., Amb. DeTrani said, is clear: “We’re united, we’re militarily strong, you will not be able to abuse us any longer. We are ensuring that we’re all in sync – we know what our objectives are and what our national security interests are.”

Beyond the five lessons, experts say the war brings both challenges and potential benefits to China. One “win” for China may come if the U.S. gets bogged down in the region, and expends more of its military resources.

“The US is depleting its shrinking arsenal in the Middle East,” American Enterprise Institute senior fellow Dan Blumenthal wrote on Wednesday. “The fact that, four years into the Russia-Ukraine war, the U.S. faces munitions shortages for weapons systems that matter in a potential China-Taiwan scenario—from air and missile defense interceptors to Tomahawk cruise missiles—is nothing short of scandalous.”

But Blumenthal also noted that the war may unnerve Beijing. “It will enhance their concerns that Trump is an unpredictably ruthless power broker,” he said. “Xi Jinping will view him as a force to be reckoned with who is not signing on to the idea that America is declining or will back away from a fight.”

Or, as the PLA might put it, China must respect the “logic of superior firepower” – and avoid “blind faith in peace.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

How GEOINT Can Sustain US Advantages in Africa

OPINION — Africa presents a range of security, economic, and humanitarian challenges to US national security that the Intelligence Community must stay ahead of even as Washington looks to refine its strategy for the region. Creative use of geospatial intelligence (GEOINT) is one way to make this happen. Commercial remote sensing and geospatial analytics have significantly expanded coverage and revisit rates across the African continent, enabling sustained monitoring of infrastructure development, environmental stress, and security-relevant activity even in areas with limited physical access.

Complex African Undercurrents

Africa watchers know well that a core complication in following the continent with few resource commitments is that challenges and opportunities are persistent, geographically dispersed, and rarely confined to a single subregion.

North Africa and the Sahel—from the Atlantic to the Mediterranean to the Red Sea—illustrate how African dynamics create a complex nexus of US security and commercial concerns that intersect with Europe and the Middle East. Extremism, maritime chokepoints, energy infrastructure, and military modernization hold implications beyond the continent itself.

Central and Southern Africa are at the heart of the increasing US focus on critical minerals. This includes the recent US deal with Congo on mineral access—Congo produces more than 70 percent of the world’s cobalt—and the sustained US investment in the Lobito corridor, a critical infrastructure project spanning 1,300 kilometers from Zambia to Angola. Most recently, the US proposed a critical mineral trade bloc, which would include key producers from the region.

Eastern Africa is host to the largest US military base on the continent, located in Djibouti—also home to China’s only major overseas military base—where US forces carry out operations across the Red Sea and sustained military strikes in Somalia. Kenya, meanwhile, is a Major Non-NATO Ally and in December signed a $2.5 billion health cooperation framework with the US, a cornerstone of Washington’s more than $11 billion commitment to overhauling how it awards assistance to African countries.

African Dynamics Require Agility

These realities reinforce a long-standing requirement: sustaining continental-scale awareness and early warning during periods when Africa is not a top policy priority, while preserving the ability to re-engage quickly when conditions change. Importantly, we must achieve this without falling into a defeatist trap of “settling for less because it just feels easier—not because it is strategically sound.” We must know when to ramp up and when to ratchet back.

For example, even while the National Security Strategy offers a concise priority list on Africa, our ability to ameliorate conflict and foster mutually beneficial trade relationships is subject to strategic competition around weapons procurement, energy and resource projects, and foreign infrastructure development—including civilian infrastructure repurposed for military use—all of which are observable and assessable through GEOINT without requiring persistent on-the-ground presence.

Environmental stress across the Sahel, Horn of Africa, and North Africa is ever-present. The resulting population movements, economic plight, and conflict dynamics often emerge gradually rather than through sudden shocks, a sweet spot for GEOINT. For example, while desertification and drought are longstanding areas of focus for Africa watchers, persistent flooding that we can monitor from space creates mass displacement–4 million displaced in 2025 alone—and destruction of agriculture and healthcare facilities, hindering the very self-help approaches Washington is encouraging across Africa.

Intelligence Community findings have pointed to African security challenges that are broadly demographics-based and develop incrementally below the threshold of sustained international attention. This increases the risk of surprise and compressed response timelines. In this context, GEOINT becomes less a surge capability and more a continuity mechanism, enabling awareness with resources such as human geography mapping to keep tabs on possible conflict hotspots.

Africa at Scale: A Continental-Sized Intelligence Gathering Chore

Africa's enormity makes staying abreast of threats and opportunities a daunting task, even when resources are most abundant. GEOINT helps to provide the US with the ability to discriminate in our coverage by choosing where and when we need information. Even with GEOINT as a tool, the continent makes up 1/5th of the globes land area, making it a big task.

This file is made available under the Creative Commons CC0 1.0 Universal Public Domain Dedication

Implications for US Government and Industry Partners – Finding Resilience with GEOINT

GEOINT is not a silver bullet, but it does offer a relatively low-resource opportunity for persistent, baseline awareness. National Geospatial-Intelligence Agency (NGA) officers are exceedingly enterprising in their ability to task the constellation of imagery assets in a way that is not an extra tax on the system but instead piggybacks on planned areas of coverage. As NGA augments its capabilities with AI, automation provides increasing windows to create intelligence insights at cost savings. Below is a sampling for the general reader and touches just the basics of what GEOINT can offer.

GEOINT enables ongoing monitoring of agreements, insecurity, infrastructure, and environmental trends across Africa without forward deployment, expanded aid programs, or sustained senior-level engagement, making it well suited to periods of constrained attention. Indeed, the US Embassy in Kinshasa last year noted intelligence sharing as a core area of focus for monitoring implementation of the US-brokered peace accord in eastern Congo, a clear opening for GEOINT.

GEOINT creates rapid knowledge discovery between periods of focus. This function is resource-efficient because it allows policymakers to develop context and targets quickly when fast-moving requirements emerge in areas not typically covered with other intelligence sources. For example, the US in 2025 for the first time conducted precision strikes against ISIS-aligned militants in northwest Nigeria; the US Commander of AFRICOM subsequently confirmed US Intelligence Surveillance and Reconnaissance cooperation with Nigeria.

Innovations in GEOINT can help us prepare for unexpected requirements. NGA’s ongoing efforts to build a Foundation Digital Twin “will allow users to immerse themselves in a 3D representation of the operational environment and interact with geospatial mission data in the software package of their choice.” Even as we move forward with less presence in tough- to-reach African outposts, this evolving technology can provide clarity for operational success, such as with recent Embassy evacuations on the continent.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Future of War Is Now: What Washington Needs to Hear from the Battlefield

OPINION — The February snow was over a week old but still piled heavy on the roads and sidewalks of Independence Avenue, the kind of stubborn Washington winter that refuses to yield to DC’s imperium, turning the capital's marble grandeur into a grey, grimy obstacle course of frozen slush and ice-crusted curbs. We had back-to-back meetings on the Hill, the kind where you wear a suit and choose your words carefully and try to translate the chaos of a modern battlefield into something a Senate staffer can fit onto a one-pager. Later that afternoon I was due to speak at the Veterans Forum for the 5th Annual Ukrainian Week, another room full of people trying to bridge the distance between policy and new realities.

I have been working in Ukraine since 2019, first as an active Green Beret advising in an official capacity, then after leaving that service, directing special operations on the ground and more recently carrying hard-won lessons back to NATO before they are forgotten or overtaken by the next news cycle. That is what brought me to Washington, and it is what this article is about. I write it alongside friends from the humanitarian and policy world who came to the same fight from very different directions. We come from different backgrounds and often speak with different vocabularies, but common cause in Ukraine forged a shared set of concerns and a purpose. DC has been threaded through this work for all of us in ways I never anticipated, but I will be honest: moving through it in a blazer instead of body armor never quite feels right. My natural habitat is not a briefing room. It is not a Hollywood set, where I spent time advising filmmakers like Sean Penn on how war actually looks and sounds and smells. It is not a think tank conference room or a war journalist's interview chair, and it is certainly not the back of a cab crawling past the Capitol.

And yet there I was, wedging myself out of a DC taxi in front of the Rayburn House Office Building, my service dog Mad Max bounding out ahead of me into the slush, when I heard the unmistakable sound of dress pants surrendering under pressure. The seam goes. Completely. Standing on Capitol Hill in a split suit, cold air rushed in where composure once lived and the surrealism of the last few years landed all at once. But our meetings wouldn't wait. And that surrealism belies the dire urgency which brought me here with like-minded friends and colleagues: the future of war is now, the time to prepare was yesterday, and the clock is running fast.

The urgency is not theoretical. In a wargame run last May called Hedgehog, ten Ukrainian drone operators running Delta (the Ukrainian equivalent of the US military's battlefield management platform ATAK) defeated two NATO battalions in a matter of hours, an outcome that would take a conventional NATO peer force weeks to accomplish, if it could be accomplished at all. The United States was not there to witness it firsthand.

Those of us who have been there in Ukraine for years have been trying to close that distance. In August 2025, a drone pilot and former US Special Operator from my team, writing under the callsign "Xen," warned in The Cipher Brief that drone warfare has already rendered Western military doctrine obsolete, and that without urgent restructuring of how the US military trains, procures, and integrates autonomous systems, America risks being catastrophically outpaced. Last fall, our team provided security and frontline access to humanitarian and fact-finding delegations whose reports carried the alarm further. Dr. Douglas Davis, Bert Watson, and Mike Hightower, writing from the rubble of a Shahed strike in Dnipro, laid out the tactical urgency — a narrow window to supply critical material before Russian pincer operations sever the Donbas — while warning that a horizontally linked axis of China, Iran, North Korea and other proxies is out-innovating Western procurement at every level. A companion piece in the Kyiv Post by Dr. Davis argued the broader strategic case: that Ukraine's military-technology ecosystem and decentralized clandestine network position it to actively degrade China's global proxy architecture in ways the US legally and diplomatically cannot. All three pieces arrive at the same conclusion: supporting Ukraine decisively is not charity, not regionalism, and not a distraction from the China threat. It is the most cost-effective security investment America can make against the very network of adversaries that underwrites Russia's war and drives the broader contest between authoritarianism and the free world. And the window to make that investment and to reap our dividends is closing.

I’ve assisted colleagues in developing these pieces in part because Western media coverage has often lacked accurate, timely, and complete reporting on these issues. I’ve also given interviews to a handful of journalists committed to illuminating these gaps, including David Kirichenko. His reporting, informed by extensive frontline experience, is among the few efforts that accurately and comprehensively document the doctrinal changes unfolding in real time, from the soldier-as-engineer reality at Chasiv Yar to Ukraine’s evolving “drone wall,” and the AI-enabled and fiber-optic systems now reshaping the battlefield.

The numbers tell the story. Ukrainian aerial and naval drones costing hundreds or thousands of dollars are destroying Russian systems worth millions. At Avdiivka, Ukrainian units averaged one Russian killed every 6.5 minutes, while persistent drone surveillance , defense and strike capabilities stripped Moscow of meaningful aerial freedom along much of the frontline. The result is a battlefield that in many ways looks less like modern maneuver warfare and more like World War I: dense surveillance, constant attrition, and lethal exposure to anything that moves.

Meanwhile Kyiv has scaled drone production into the millions, demonstrating that battlefield advantage now flows less from exquisite platforms and more from rapid innovation, mass production, and real-time doctrinal adaptation. Countermeasures will inevitably emerge, but the structural advantage favors the side that can iterate fastest, produce at scale, and absorb those doctrinal shifts as they happen.

The implications for NATO should be impossible to ignore. Ukraine is rewriting the playbook of modern warfare in real time, while most Western militaries still train and equip themselves as if the sky is largely empty and the battlefield permissive. It isn’t, as has become clear over the past week as Iranian Shahed drones saturate the skies of the Middle East. The next war will belong to the side that can produce cheaper autonomous systems at scale, adapt doctrine at the speed of software, and treat every soldier not just as a warfighter, but as an operator, engineer, and innovator on a battlefield saturated with drones.

But we did not come to Washington to warn about alarms already sounded. We came to propose solutions. Our adversaries in Russia, Iran, China, and their proxies have already internalized these lessons. Here is what we’ve proposed.

Why What Exists Is Not Enough

The drone training that currently exists in the American military and law enforcement pipeline touches almost exclusively on how to fly and arm a drone. These are Level One tasks or the equivalent of a flat-range rifle qualification course. They test one individual skill and stop there. What they do not teach is planning, full mission profiles, field craft, or the combined arms understanding of how a drone interoperates with the broader fight around it.

Consider the rifle as an analogy. Qualifying on a flat range validates marksmanship, one key task. But it does not teach a soldier how to employ that weapon in combat. Stalking into position, camouflage on movement and in position, movement techniques, barrier usage, target effects, rates of fire, suppressive versus sustained fire, target selection, bounding techniques: these are the individual tasks that collectively determine whether a rifle is carried to the fight or actually used in it. Marksmanship alone is the beginning, not the end.

The same logic applies to drones, and the gap between where training currently stops and where it needs to go is vast. An FPV drone is now as common in the hands of a Ukrainian infantryman as an M4 carbine is in the hands of an American one. Drone employment can no longer be treated as a strategic-level asset or a specialist skill set. It must be incorporated into doctrine at every level, from the individual soldier to the theater commander.

The point at which a soldier effectively employs a weapon system in combat requires mastery of three things in combination: individual core soldier skills, technical proficiency with the system, and battle drills. A battle drill is a collective action rapidly executed without applying a deliberate decision-making process, the kind of deeply rehearsed, muscle-memory response that kicks in when there is no time to think. React to Contact. Squad Attack. These are drilled into every infantryman's subconscious through grinding repetition. They work because everyone in the element knows their role, knows the SOP, and has trained to the point where the action is automatic.

Most SOPs, however, are written in blood. Combat lessons are only truly learned on a two-way range, where the outcome of one force against another can be accurately assessed. Training field hypotheses are not battlefield truths. NATO's Hedgehog wargame in Estonia last spring demonstrated this with devastating clarity. America and NATO are currently disconnected from real-world battlefield truths in drone warfare, and without a program designed to extract and transmit those lessons continuously, there is no way to close that gap.

What We Are Doing About It

We are learning modern drone warfare techniques in real time, through the blood sacrifices of the Ukrainian front. With a constant pulse on the front line and joint operations with Ukrainian SOF units, we continuously extract current tactics/techniques/procedures (TTPs), SOP developments, and technology validation from a live, evolving fight against a near-peer adversary. Our instructors rotate in and out of theater on a continuous cycle: deploy, extract lessons, return stateside to instruct American SOF and law enforcement, take leave, return to Ukraine. Repeat. In doing so, we have already proven the only model which can keep pace with the monthly-evolving modern drone warfare environment.

The Full Spectrum of What Modern Drone Warfare Requires

To train for modern drone warfare, instruction must cover the full spectrum of the fight. That means understanding drones by type (FPVs, quadcopters, hexacopters, heavy lift platforms, fixed wing, bombers versus kamikazes, ISR variants) and knowing which system delivers which effect under which conditions. It means understanding how drone sectors of fire interlock, how systems can be dual-tasked, and what the limiting factors are when they are. It means understanding combined arms drone warfare: how to mass firepower and tasking, how ISR feeds targeting, how battlefield assessment informs maneuver.

It means planned employment, the operator techniques and TTPs required to move a system within range of a target, employ it effectively, and retrograde. It means react-to-contact drills for unplanned engagements. It means understanding communication systems across fiber, radio, SATCOM, and autonomous navigation, and knowing the real-world limitations of each. It means thermal mitigation, electronic warfare, and signals intelligence awareness: understanding your own signal footprint, capturing enemy video feeds, and knowing how signals security measures create either vulnerability or protection.

A brief example illustrates the depth of what is available. FPV drones are sacrificial kamikaze systems, not designed for ISR or sustained intelligence gathering. They work best in combination with another platform. A heavy lift bomber, with a robust stabilized camera, longer loiter time, and higher operating altitude, provides a complementary attack method if the FPV fails, a battle damage assessment platform following engagement, and a persistent intelligence-gathering asset that monitors both enemy and friendly maneuver and front-line trace. Pairing an FPV with a second FPV is a less preferred option, limited by the sacrificial camera quality and reduced loiter time, but viable in a react-to-contact scenario.

A react-to-contact battle drill built around these systems looks like this: return fire, get down, seek cover, get online with the soldiers left and right, call the three D's: distance, direction, description. The rear element, not decisively engaged, immediately deploys two FPVs: one hunter, one spotter. The spotter confirms the reported information and maintains awareness of friendly front line trace and maneuvering elements. The hunter finds targets of opportunity and selects an attack angle. Spotter and hunter work in conjunction to assess battle damage, with a standing task of conducting a follow-on attack if required.

That is one battle drill. One grain of sand in a desert of untapped battlefield experience.

Tailoring the Lesson to the Audience

Effective instruction must also be audience-specific. What applies to a Marine platoon's doctrine does not translate directly to Army maneuver warfare. What a conventional infantry unit needs is not what a Special Forces team preparing for unconventional warfare in a denied environment requires.

For Green Berets deploying worldwide to train and advise partner forces, the calculus shifts substantially. Foreign weapon systems become central to the curriculum. Low-cost drones available on the open market that can achieve desired combat effects become invaluable knowledge. Resistance warfare will incorporate drones from this point forward. Chinese, Russian, Iranian and Ukrainian technology will be present in future conflicts around the globe regardless of scale. Questions that matter in that context are different: What is available now? How is it employed? How do you defend against it? How do you operate in a small team, in a denied country, in airspace you do not control?

Staffing a former Green Beret as team leader on each rotation into theater addresses this directly. It brings language proficiency, cultural awareness, an unconventional warfare trained mind, and a leader experienced in building programs of instruction for both American and foreign forces.

Regular overlapping rotations of a nine-person instructor team, drawn from combat arms veterans across all branches of the military, is the most efficient mechanism available for digesting battlefield-learned information and translating it into doctrine-aligned, audience-specific instruction. That is not a claim made lightly. It is the product of years of doing exactly this work, on the front lines where the lessons are being written in real time. And properly funded, at a cost amounting to less per annum than a handful of Patriot missiles, it could be paradigm shifting. But it is only the start.

The problem is buy-in, scale, and consistent support. A handful of dedicated volunteers cannot revolutionize the entire US military alone. We have thus far moved faster than contracts or legislation could keep up with, and the inconsistency of that support has its own cost: volunteers burn out, move on, and take their hard-won knowledge with them, decoupling the gains made and resetting the clock. The bidirectional lane between US and Ukrainian industry and military is in urgent need of widening, not closing. Policymakers, senior military officers, lobbyists, and defense technology experts must push hard to make efforts like ours official. Given that there is no political will to deploy hundreds or thousands of uniformed advisors and liaisons into Ukraine, contracting is not a workaround. It is the only viable path to ensuring America does not fall further behind.

The clock is running, as is evident today with the unfolding escalations in and around Iran. 3 American F-15s were just shot down by friendly fire in Kuwait in part due to skies saturated with cheap long range Iranian drones. Across what were once considered “safe zones” in the Middle East, embassies and high-rises are beginning to look more like scenes from Kyiv than the calm rear areas they once were.

So today, that cold February air rushing through the split seam in my suit on Capitol Hill just weeks ago now feels less like metaphor than diagnosis. We are not approaching a crisis. We are already standing in one, pants down, exposed, our adversaries long through the door while we are still fumbling with the handle. The second hand keeps moving. But it is no longer counting down to a warning. It is counting the seconds of our indictment.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Europe’s Strategic Complacency

An illprepared alliance

NATO Has Faced Worse

Signs of Renewal

Parallel Alliances

A Durable Alliance

Norman T. Roule

Back to top