The Cipher Brief

The Hormuz Standoff: Global Energy Flow Severs After 'Epic Fury' Strikes

As tensions in and around Iran proliferate, the narrow waterway between Iran and Oman has become the pressure point where geopolitics meets global energy security.

The Strait of Hormuz is a geographic choke point where global energy security rests on a razor's edge. At its narrowest, the waterway spans just 21 miles, forcing roughly 20 million barrels of oil, nearly a fifth of global daily consumption, through shipping lanes only two miles wide. It is the world's most vital artery, and as of this weekend, it has been severed.

(Photo by Bedirhan Demirel/Anadolu via Getty Images)

Following the launch of Operation Epic Fury on February 28, tankers have been forced to drop anchor in the Gulf of Oman, paralyzing nearly 20% of the world's petroleum supply. Operation Epic Fury — a massive, high-stakes gamble by U.S. and Israeli forces — ripped through a target list spanning from the industrial hubs of Isfahan to the core of Tehran. The strikes targeted the compound where Supreme Leader Ayatollah Ali Khamenei was killed. By early Saturday, the IRGC had hijacked maritime radio frequencies, broadcasting threats that turned the shipping lanes into a dead zone.

Though Iran's Foreign Minister later stated there was no plan to close the Strait completely, shipping data showed maritime traffic largely paused, and an oil tanker was attacked off Oman's coast Sunday.

The threat calculation has grown more urgent as U.S. intelligence assessments indicate Tehran maintains between 5,000 and 6,000 naval mines, with the capability to seed the Strait at rates up to 100 mines per day through its fleet of submarines. A handful of deployed mines would paralyze the Strait. Global insurers will pull coverage the moment ordnance is confirmed, forcing tankers to drop anchor or turn back. For Gulf producers, storage tanks will reach capacity within days, likely forcing a total cap on well production by the end of the week.

"The IRGC has naval bases to the North and South of the Strait of Hormuz that could deploy sea mines in a matter of hours," Iranian military analyst John Wood tells The Cipher Brief.

But whether Iran's sea mine arsenal proves to be a potent threat to United States forces and global interests in Hormuz is yet to be seen.

During the 1988 Tanker War, Iran deployed approximately 150 mines in the Strait of Hormuz. One of which nearly sank the USS Samuel B. Roberts, a guided-missile frigate. The mine that struck the Roberts was World War I vintage, demonstrating that naval mines need not be sophisticated to prove effective. Since 1950, mines have inflicted 77 percent of U.S. ship casualties, a higher damage rate than any other weapon system.

The challenge for Tehran, however, lies not in the mines themselves but in deployment. Iran operates only three Kilo-class submarines capable of laying the more complex EM-52 rising mines, and its fleet of approximately 20 Ghadir-class midget submarines. Each carries just four mines via torpedo tubes and has a relatively short range when operating in stealth mode.

Iranian commanders aren't necessarily looking for a traditional naval standoff in the Strait. Instead, they've rigged an economic tripwire. The goal isn't to sink the U.S. Fifth Fleet but to make the price of any confrontation too high for the global market to stomach.

A mine-clearing operation would require at least a month to establish a safe corridor, during which Gulf oil production would halt, storage facilities would fill, and producers would be forced to cap wells.

The Global Energy Chokepoint

Approximately 21 percent of global petroleum liquids pass through the Strait of Hormuz, making it the world's most critical oil transit chokepoint. Saudi Arabia, the UAE, Kuwait, and Iraq depend on the Strait for virtually all their seaborne crude exports.

"There are over 150 tankers bottled up to the North of the Strait of Hormuz," Wood explains, referring to tankers unable to transit. "Insurance companies are canceling policies altogether. If you sink a fully loaded VLCC, that could be up to an approximate $40 million loss."

A Very Large Crude Carrier can transport up to 2 million barrels of oil, enough to supply a medium-sized refinery for weeks. At current market prices, a single loaded vessel represents a cargo value exceeding $140 million, making the insurance exposure catastrophic if even a handful of ships are damaged or sunk.

If the IRGC manages to seed the lanes, the resulting supply shock won't be measured in days but in weeks. The Navy maintains a limited fleet of dedicated mine countermeasure vessels, a force structure analysts consider insufficient for the scale of potential mining operations in waters where Iran could sustain deployment campaigns for up to six months using its mine stocks and submarine fleet. Tehran's strategic advantage lies in asymmetry: deploying mines requires minimal resources at rates of up to 100 per day, while clearing them demands painstaking work under fire from coastal anti-ship missiles, swarm boats, and drone strikes.

Norm Roule, who served as the National Intelligence Manager for Iran at the Office of the Director of National Intelligence and spent 34 years with the Central Intelligence Agency, tells The Cipher Brief that, despite concerns, contingencies have been in place for decades.

"Do you think Donald Trump is going to sit back and let the Iranians mine the Persian Gulf? I don't," Roule says. "If anybody splashes something in the water, we'll open all the gates of hell on them."

Any Iranian attempt to physically deploy mines would likely trigger immediate U.S. military retaliation against Tehran's naval assets and coastal infrastructure before a minefield could be established.

Roule emphasizes the intelligence dimension: distinguishing between defensive mine deployments in Iranian territorial waters and offensive operations targeting international shipping lanes becomes critical, as striking mines within Iran's waters could constitute an act of war regardless of their intended purpose.

"You need intelligence on what they're dropping," he says. "If they deploy something in their own waters, are they defensive or offensive mines? If you attack them in their waters, you're starting a war."

Current Military Posture

Yet the window for Iranian mine deployment may already be closing as U.S. forces maintain round-the-clock surveillance and strike capabilities positioned to interdict any large-scale mining attempt. Roule dismisses concerns about American response capabilities, noting American naval forces maintain a substantial forward presence with two carrier strike groups supported by more than 150 aircraft and dozens of warships.

"They're already there," he insists. "Aircraft can take off from the USS Abraham Lincoln and be over targets within minutes. Our geospatial assets are almost certainly monitoring for unusual Iranian activity."

That surveillance appears to have already shaped operational targeting: the initial wave of U.S.-Israeli strikes targeted not only nuclear and leadership sites but also Iranian naval infrastructure, with President Trump stating the operation aimed to "destroy the country's navy." This suggests Washington sought to neutralize mine-laying capabilities before they could be deployed.

Should Iran deploy mines despite U.S. interdiction efforts, the Navy would need to send minesweepers through the narrow shipping lanes, demonstrating safe passage to reassure commercial traffic and insurers.

Iranian Calculations

Yet Tehran faces its own constraints in executing a Strait closure, as halting energy flows would inflict economic damage on Iran itself and key trading partners whose support the regime cannot afford to lose.

The oil market's immediate response has reflected both fear and hedging: at least 150 tankers have dropped anchor in open Gulf waters beyond the Strait of Hormuz rather than risk transit. Despite the disruption, oil prices remain below $100 per barrel, and neither the United States nor major Asian consumers have tapped strategic petroleum reserves.

Gulf producers had anticipated potential disruptions: Saudi Arabia maximized throughput on its East-West pipeline to Red Sea ports, while the UAE pushed additional volumes through its Fujairah terminal on the Gulf of Oman, bypassing the Strait entirely.

"Short term, oil could jump $10–$15 as markets react," Roule projects. "But unless tankers are sunk, or there are major hits on infrastructure like Kharg Island or Abqaiq, this is likely temporary. Oil might remain in the high $60s or low $70s, with a short-term bump."

Tehran's strategic logic centers on economic leverage rather than military victory: forcing a disruption severe enough that global pressure on Washington to de-escalate outweighs the costs Iran absorbs from halted oil exports. The gambit depends on speed, inflicting maximum economic pain before the U.S. can establish alternative supply routes or before domestic Iranian shortages undermine regime stability.

"If I'm Iran and I shut it down, I'm doing it to hurt the U.S. and the global economy so that the world pressures Washington to ease up," Roule asserts.

The tankers currently anchored in Gulf waters face a bureaucratic obstacle: insurance underwriters have either pulled coverage entirely or raised premiums by 50-60 percent, while administrative processing could mean vessels remain idle for a week or more, even if military tensions ease.

"I'm not sure Iran has the time to create the strategic impact it wants," Roule surmises. "What people overlook is the tremendous amount of food and commodities that keep the region's economies going. If the Iranians shut the Strait of Hormuz, they're choking not only their oil economy but also their broader economy: iron, basic materials, things they need to keep industries running."

China's role complicates Tehran's calculus. In 2025, China bought over 80% of Iran's crude exports, with a quarter of its entire national energy supply currently funneling through the Strait. A deep freeze on transit forces a brutal trade-off: Beijing must either double down on its Tehran partnership or pivot to save the manufacturing engines that prevent a domestic crash.

This creates a high-stakes "economic veto." Chinese refineries and factories can't weather a long-term shutdown, and Tehran's economy — stripped of other buyers by sanctions — has no pulse without Chinese cash. This shared vulnerability tethers Iran. They can only push the West so far before they sever the very lifeline keeping the regime solvent.

The Escalation Threshold

Washington's willingness to strike preemptively rather than wait for mines to be deployed marks a fundamental shift in decades of deterrence doctrine. Roule places current tensions within a broader historical framework: multiple U.S. administrations prepared military options against Iran, yet consistently chose restraint. Trump represents the first president willing to execute those strikes.

U.S. intelligence detected Iranian forces loading naval mines during the June 2025 conflict, though the mines were never deployed. This suggests Washington's surveillance capabilities and demonstrated willingness to strike preemptively may deter Tehran from attempting large-scale mining operations.

The compressed geography of the Strait, shipping lanes just two miles wide flanked by Iranian coastal batteries and missile sites, means response times are measured in minutes, placing a premium on the extensive training U.S. naval forces have conducted for this scenario.

"It's a small area," Roule adds. "When something is fired, there's not a lot of time. Our Navy has practiced this extensively. There's a lot of experience there."

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

After the Strikes: Is Iran on the Brink?

EXPERT INTERVIEW – U.S. and Israeli forces intensified their unprecedented military campaign against Iran over the weekend, striking strategic military, political and leadership targets deep inside Iranian territory in what officials are calling a coordinated effort to degrade Tehran’s war-fighting capabilities and disrupt its regional influence. The offensive, involving long-range missiles, fighter jets and precision airstrikes, followed days of escalating tensions and marks one of the most dramatic expansions of military action in the Middle East in years.

Iran’s Supreme Leader Ayatollah Ali Khamenei and multiple senior commanders were reportedly killed in the initial phase of the strikes, a development confirmed by Iranian state media and acknowledged by U.S. and Israeli leaders. The death of Iran’s paramount authority has thrust Tehran into political uncertainty, even as the campaign rolls on with bombardments of ballistic missile sites, naval facilities and command infrastructure.

Tehran has launched retaliatory missile and drone attacks against Israeli and U.S. military bases throughout the region, resulting in casualties on both sides and raising fears of a broader, protracted conflict. The Pentagon has confirmed American service member deaths, and Israeli officials report civilian casualties from Iranian strikes.

The flurry of military operations has drawn global attention, with world powers urging restraint even as regional allies recalibrate their defense postures. Against this backdrop of war and strategic jockeying, Cipher Brief COO & Executive Editor Brad Christian spoke with former National Intelligence Manager for Iran, ODNI Norm Roule about what else we need to keep in mind on the heels of the U.S. and Israeli strikes. Their conversation has been lightly edited for length and clarity. You can also watch the entire interview on The Cipher Brief’s YouTube Channel.

Norman T. Roule

Norman Roule is a geopolitical and energy consultant who served for 34 years in the Central Intelligence Agency, managing numerous programs relating to Iran and the Middle East. He also served as the National Intelligence Manager for Iran (NIM-I)\n at ODNI, where he was responsible for all aspects of national intelligence policy related to Iran.

Christian: What are you not seeing right now that's top of mind for you?

Roule: That's a great question. That's the intelligence officer's question because what's in the news is something that everyone talks about, but what's not in the news is what a good intelligence officer looks at. So, first things that we're not seeing right now. What we're not seeing yet would be any efforts by the Iranians to attack energy targets in the Gulf. We've seen some efforts by Iran to disrupt flows of transportation in the Strait of Hormuz. There have been some announcements by the IRGC, but they have not undertaken mining operations, speedboat operations, submarine operations. So, the Iranians appear to be, as of now at least, interested in maintaining the flow of oil and the food and other supplies upon which they and the other Gulf states depend through the Strait of Hormuz. So that's number one.

We're not seeing Europe stand with the United States in the same way that it has in the past. And this is important because in many ways, what the United States is doing is in Europe's interest. It's not just that the nuclear negotiations have been something that Europeans have focused on for many years, but the progression of Iran's missiles would obviously threaten Western Europe. The improvements of MRBMs [Medium-range Ballistic Missile] would threaten Germany, France, and England. Terrorism through the Quds Force has impacted Europe far more often than the United States, but the proliferation of ballistic missiles to the Houthis has severely impacted the trade of the Mediterranean states in the Red Sea.

The United States Navy has done exceptional work in pushing back on the Houthis, but you've not seen France, Germany or the United Kingdom stand up and support the United States. In some ways, this is similar to what Chancellor [Friedrich] Mertz reportedly stated regarding Israel last year, in that Israel was doing Germany's dirty work or Europe's dirty work regarding Iran. The Europeans are focused on whether this is a legal operation under international rules and I do worry that following this, maybe people will look back and ask whether Europe was standing with the United States appropriately during this event.

Christian: Retired Admiral Jim Stavridis said this weekend that if the Iranian regime feels that it's at the end of its rope, and I'm paraphrasing, “I expect them to go big in terms of their response”. Is the fact that you're not seeing some of the things that you mentioned indicative of the fact that the regime may not feel that it's at the end of its rope, or how should we interpret that?

Roule: A great question. Let's look at some of the missile attacks that are being fired on the GCC [Gulf Cooperation Council] and the drone attacks. Iran fires missiles against the GCC for two reasons. First, it's hoping to strike Americans and kill as many Americans as possible to create a political problem for the president with the American people.

Second, it hopes to damage as much of GCC property and kill GCC personnel so that the GCC countries themselves will press the United States to end the conflict. But the number of attacks that have been conducted by the Iranians against the GCC have been comparatively few thus far. That could change. The Iranians have used missiles and we've seen a number of Shahed drones used against civilian targets in Bahrain and in the Emirates. We've seen attacks in Saudi Arabia against Riyadh, the eastern province, that have been repelled - by the Emirates, Qatar, Kuwait, as I mentioned Bahrain - all the GCC states save for Oman itself. But you would have expected to see a more intensive attack against those countries. If Iran was indeed going all out, they would have gone for saturation attacks. They would have gone for a combination of missiles, drones, and cyberattacks all at once against those targets to really have a destructive impact for that final end of the world message. That's not occurred.

There could be two reasons for this. The first is that the United States has destroyed launchers, personnel, command and control, and has prevented them from conducting attacks with the intensity that the Iranians might wish.

The second is that the Iranians are trying to extend these attacks over a period of time so that they can maintain psychological pressure against the United States, Israel, and the GCC over the course of this conflict. It's possible there's even a mixture of these two things. The only problem with that second theory is that if you're the Iranians, that's a pretty gutsy move to think that you're going to be able to retain missile launchers, missile capacity, and that the United States and the Israeli aircraft - hunting for these things right now is not going to destroy these in the next 15 minutes. So, this is not just a stranded asset. This is probably a use or lose moment for the regime. I think what we're looking at in this regard is that if the Iranians thought they were going to go out, they might try to do something in a significant way. But the absence of that activity could be reflective of what the U.S. has done to prevent that thus far with its attacks on command and control and the launchers, etc.

Christian: There's a lot of talk about what the possibility of regime change, however that is defined, and how that could take shape. The president has issued a message to the IRGC, imploring them to lay down in their arms and receive immunity. He issued a message to the Iranian people saying, in effect, that when we're done with this operation, this is gonna be your chance, perhaps the only chance for generations to take over your country. What are you going to be looking for, assuming that there has to have been some sort of messaging, cooperation, organization with Iranian resistance or a group that might be supported to sort of move into a leadership position, should the government as we know it fall?

Roule: Let's talk about a couple of different things. First, regime change can only be accomplished by the Iranians themselves, especially in an air campaign. What we can do is we can degrade the coercive tissue that constrains the Iranian people, and then they themselves have to act against that system if they choose to do so as their capabilities permit. There is another issue here, and that is that it's going to be counterintuitive. You need to retain some sort of discipline and structure within the IRGC because if you were to, and I'm just throwing out a number, if you were to remove the top 10% or 500 personnel in the IRGC, you have thousands of hardline personnel who would be capable of inflicting horrific violence against unarmed protesters and you need someone to exert control and discipline over these personnel, to keep them in their barracks, keep their weapons under control. So, you need structure on the Revolutionary Guard itself to remain intact. Now in terms of groups, I'm unaware of a group that has sufficient control and influence over the entire country that it would be able to on day

one after the supreme leader left this earthly veil and Iran's president would step in and suddenly command the popular support of the Iranian people. That individual needs to stand up and you need to then see how the street responds. That's a crowd action that needs to appear. And that won't be known until it's known. That's something that you just need to see that the people need to come out. And that can't be measured in advance. There's no polling that will show that. That's not an intelligence question. That's a mystery for the Iranians themselves, even for the people themselves, because at the moment that happens, they're going to have to judge their personal security and how they feel about the individual at that time. When that occurs, that's going to be a test of the remaining security structure and how they respond to that person.

There's another challenge here. The Iranians have to have agency. They have to have their own fate in their own hands. That's not the U.S.'s responsibility. We are to help them whenever possible, stand up and remove the coercion. You have to ask such questions. Would we provide air cover if the military continued to attack them? Would we provide air cover if the

military conducted bloodbaths? Would we attack military units in the long term? I mean these are questions that might come down the road, but if not, this is an internal issue and it may be messy, it may even be unpleasant. Politics is this way and we want to we hope it doesn't become another Libya situation but that is up to the Iranian people to choose their fate.

Christian: Following the U.S. military operation to remove Nicolas Maduro from Venezuela, we've seen a rather unique approach that the U.S. has taken towards working with the former regime of Venezuela in ways that probably were unthinkable before that. mean, It’s certainly drawn a lot of criticism from people who say we left a repressive regime in place, but the United States is working with them and has sent top officials including CIA Director John Ratcliffe to Venezuela. Is it possible that there are lessons that may be applied from how we're working with Venezuela in a future Iran scenario?

Roule: Absolutely, and indeed it's not unique to the Trump administration. Former Secretary of State Dr. Condoleezza Rice has stated famously, that we are not an NGO, we are a country. Our interests in Iran as laid out in the Trump administration's 2025 national security strategy are uniform across administrations. We want to make sure they don't have a nuclear weapon, that they're not threatening their neighbors and ourselves with missiles, terrorism, proliferation of militias, destabilization of maritime choke points, such as the Strait of Hormuz and the Babel Mandab. These are things that touch our core national security interests and those of our partners. Beyond that, we start getting into nation building, which the Trump administration certainly will eschew and deeply oppose anyone who suggests that we spend any time on that.

At the same time, as we look at dealing with that country, you will have individuals such as the Obama administration who would say, look, if we have a nuclear deal with these people and lift sanctions, that's the first step to show maybe we can be trusted and then we'll build into something else. And then as sanctions are lifted, maybe that will allow the people to gradually become a kinder, gentler entity.

Well, why can't that work with sanctions being lifted by the Trump administration in a deal with a post-attack government as well? Following this issue in a hypothetical scenario, where the government says, we're not going to rebuild the nuclear program, we're not going to expand our missiles, we're not going to proliferate militias and terrorists, and the Trump administration

says we're going to provide you with substantial sanctions relief - well, that would be far more than the Obama and Biden administrations could have ever hoped to have achieved under JCPOA and JCPOA-like agreements. And then it would, in essence, have been the same process.

We hope this leads to a reform of the government over time, and it would be tested and it could apply. We could see the addition of new sanctions and we would heavily monitor it and we would have an ability to watch their behavior and respond with sanctions or other diplomatic pressures as we see fit if they fall back. So, there is a process here, just as we could apply that process to Venezuela, where the commander of Southcom has also visited and the secretary of energy. So, we have a process that is building up. And remember, under JCPOA, we had Secretary of State John Kerry meet with his Iranian counterpart on Syria to see if cooperation could work there. It didn't work, but we tried. Cooperation on hostage exchanges. Some would say it worked or didn't, depending on your position, but we tried. Well, the Trump administration is trying in Venezuela. We could try the same thing in this situation.

Christian: What do you think we’re looking at here in terms of a timeline? Do you think this is going to be something that is a very short operation?

Roule: A British prime minister was once asked after giving his plans for his foreign policy, what might stand in the way of those plans. And he famously responded, events, dear boy, events. That's the challenge we face now. What we've seen so far is that the United States military and the Israeli military have performed superbly. We clearly have exquisite intelligence, extraordinary technical capability, magnificently trained personnel who have performed with courage and with great skill, and we have significantly damaged Iran and achieved what you would hope to achieve in that initial foray into a country - suppressed air defense. I think the next phase is the hammer against a variety of different types of targets.

How the Iranians respond after that will be a weird science of how the political dynamic plays out with remaining personnel. So that's a chemistry of different people, personalities, where they're located, how they interact, what psychological pressures exist. You're going to have the issues of what enormous events occur, what buildings are taken out, unrest that may occur or not occur, what military units respond or don't respond. These types of things are going to change the dynamic. In any case, we're looking at days, certainly. I'm certain the Trump administration does not want to see this turn into weeks or a timeframe beyond that.

I expect as this goes forward, the Gulf partners - who have historically had superb relations with multiple levels of Iran's polity and society - will be able to engage individuals as communications are reestablished with Iran. They will find out whether anyone wants to engage and see if anyone of substance rises from the ashes and is able to say, ‘I'm in charge and I'm willing to make a deal. I'm willing to be reasonable’.

The trick is that person is going to have to prove one thing: they're going to have to prove they have authority and a capacity to influence events. There are plenty of people who will say, ‘I am the person who can make things happen and I need nothing - Long pause - except a squadron of F-18s, $500 million and 600 American passports.’ It's the person that you can turn to and say, ‘Okay, so tomorrow, what can you make happen in Tehran at three o'clock?’

Now, when some gulf leader or someone can come up and say, this entity, this person, this group, this structure has risen and they can do this to, they've shown this and they want to make a deal. That's where you start seeing a conclusion come forward or at least the prospect of a conclusion. But it's impossible to make that prediction. And if someone says they can do that, they should start predicting lottery numbers.

Secretary Colin Powell was quite a brilliant and an extraordinary man. I enjoyed working under him and around him. I learned so much from him. I did disagree with him on one famous point. He often said, “If you break it, you own it.” I disagree.

If you break it, there's nothing to own. There's nothing here to own. There will be no structure and we need to know that going in here we won't own anything. There will be nothing there. We'll have to build the structure - or they'll have to find some kind of structure.

The second is how do you want this to end? Don’t go in unless you have an end game confirmed. I think that's an admirable goal. I don't think that's achievable. And I think that's often now used as a way of saying that you can't do this because you can never guarantee that Iran will never have this perfect thing set up in advance. All we can guarantee is that we're going to defeat our adversary, defend our personnel, defend our partners, and have in place a team and an architecture that's able to structure through the inevitable moments when the plan fails the first contact of battle.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Breaking Down our "Red October" Moment for AI

OPINION -- In the climax of the 1990 movie “The Hunt for Red October”, the Soviet captain of the V.K. Konovalov makes a fatal error. Intent on destroying the defecting Red October submarine, he orders his crew to deactivate the safety features on his own torpedoes to gain a tactical edge. When the torpedoes miss their American target, they do exactly what they were programmed to do: they find the nearest large acoustic signature. Because the "safeties" were off and the weapon was no longer "fit for its purpose," it turned back and destroyed the very ship that launched it.

As the Department of War (DoW) moves to integrate "frontier" AI models into the heart of national security, we are approaching a "Red October" moment. The recent debate over Anthropic’s engagement with the Pentagon isn't just about corporate ethics - it's about whether we are handing our warfighters tools with the strategic safeties off.

As the former Chief AI Officer of the National Geospatial-Intelligence Agency (NGA), I believe the greatest risk we face is the lack of a sophisticated, mission-aligned framework to judge these models before they reach the field.

To avoid the fate of the Konovalov, we must transition to "fit-for-purpose" evaluation, a commitment to rigorous existing standards, and the realization that in national security, high quality is the only true form of safety.

The Fallacy of the General-Purpose Model

In the commercial sector, a model that "hallucinates" a legal citation or generates a slightly off-brand image is a nuisance. In a theater of operations, those same errors are lethal. We must stop judging AI in the abstract and start judging it based on its specific intent.

While generalist models might be suitable for orchestrating workflow, the work should be performed by "expert" agents, or better yet, functions and APIs that only do what you ask and have been tested and accredited for that function.

Both the creators of these models and the DoW must co-develop a Test and Evaluation (T&E) framework that moves beyond general "alignment" and into statistical reality. This framework must; statistically score quality and accuracy against the specific variables of a mission environment and accredit models for specific use cases rather than granting a blanket "safe for government" seal of approval.

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

We should not expect a general frontier model to perform perfectly in autonomous targeting if it wasn't trained for it. We need precision instruments for precision missions. The government’s primary duty is to ensure that the warfighter is handed a tool that has been subjected to rigorous, transparent, and statistically sound evaluation before it ever enters a kinetic environment.

The Standard Already Exists

We do not need to invent a new philosophy of governance for AI; we simply need to apply the high-bar standards the DoD has already established for autonomous systems. The benchmark is DoD Directive 3000.09, "Autonomy in Weapon Systems."

The directive is explicit in its requirement for human agency, stating:

"Autonomous and semi-autonomous weapon systems will be designed to allow commanders and operators to exercise appropriate levels of human judgment over the use of force."

This is the standard. It requires that any system—whether a simple algorithm or a complex neural network - undergo "rigorous hardware and software verification and validation (V&V) and realistic system developmental and operational test and evaluation (OT&E)."

Avoiding the WOPR Scenario

We have seen the fictional version of a failure to follow this standard before. In the 1983 classic movie “War Games”, the military replaces human missile silo officers with the WOPR (War Operation Plan Response) supercomputer because the humans "failed" to turn their keys during a simulated nuclear strike. By removing the human in the loop to increase efficiency, the creators nearly triggered World War III when the AI couldn't distinguish between a game and reality.

Join us March 13 in Washington D.C. as we present The Cipher Brief HONORS Awards to former NSA and Cyber Command Director General Paul Nakasone (ret.), former Chief of MI6 Sir Richard Moore, former Senior CIA Officer Janet Braun, former IQT CEO and Investor Gilman Louie and Washington Post Columnist David Ignatius.

We should view the National Security Memorandum (NSM) on AI, published in 2024 as the modern guardrail against this cinematic nightmare. The NSM’s explicit prohibition against AI-controlled nuclear launches is not a new rule, but rather the 3000.09 standard applied to the most extreme case. If our standards work for our most consequential strategic assets, they must be the baseline for accrediting frontier models in any mission-critical capacity.

The Law is Not Optional

As we lean into this new technological frontier, we must remind ourselves that the Law of Armed Conflict (LOAC) remains our North Star. The principles of distinction, proportionality, and military necessity are absolute. AI is not an "alternative" to these laws; it is a tool that must be proven to operate strictly within them. We follow the law of armed conflict today, and the AI we build must be engineered to do the same - without exception.

Good AI is Safe AI

There is a common misconception that AI safety and AI performance are at odds and that we must "slow down" performance to ensure safety. This is a false dichotomy.

Good AI - high-quality, high-performing AI - is the safest AI.

A model that achieves the highest standards of accuracy and reliability is the model that best safeguards the user. By insisting on a statistical "fit-for-purpose" accreditation rooted in DoDD 3000.09, we ensure our warfighters are equipped with systems that reduce error, minimize collateral risk, and provide the mission assurance they deserve. In the high-stakes world of national security, "good enough" is a liability. Only the highest-standard AI can truly protect the mission and the men and women who carry it out.

I do believe the "Super-Human" computer is on the way, and as smart as that model will be, we should never give it keys to the silos.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Purpose-Built or Perilous: Congress Faces a Critical FBI Headquarters Decision

OPINION – Congress is weighing a decision with critical National Security implications for generations to come: where to locate the next FBI headquarters? The current headquarters, the Hoover Building, is long past its sell-by date, and there is general agreement it needs to be replaced.

The new headquarters, wherever it is located, must deal with a fundamental threat. It will inevitably be a high-priority target for terrorists, spies, and cyber criminals. That means the single most important consideration must be the safety of the men and women who work there; secondarily, the security of highly sensitive investigative and national security data held inside; lastly, the security of adjacencies - both human and physical. That kind of security requires more than a strong building. It requires a safe location to meet current and evolving threats.

Unfortunately, the frontrunner for the new headquarters fails those crucial considerations. We can do better--much better--than refurbishing the Ronald Reagan Building and International Trade Center. The vulnerabilities have been known for over two decades.

The April 19, 1995 bombing of the Murrah Federal Office Building in Oklahoma City prompted new security measures for federal office buildings. Independent security consultants warned that the Reagan Building’s sprawling 11-Acre complex, mixed-use design, convention space, vast underground parking garage left it vulnerable to terrorist attacks. The September 11, 2001 terrorist attacks confirmed that the FBI needed a new headquarters complex - one that satisfied Interagency Security Committee (ISC) Level V protocols - the highest security standards for nonmilitary federal facilities.

A retrofit of the 30-year-old Reagan Building will fail to meet the physical and cybersecurity requirements of Level V.

The Reagan Building is a quasi-public building in the heart of downtown Washington, DC, designed as a center for international events and public use. Its architecture is antithetical to Level V due to features such as a one-acre glass atrium roof, famed sky lights, and open access to surrounding buildings and Metro.

The urban density of the Reagan Building surroundings creates permanent vulnerabilities that will never satisfy Level V Security. The Reagan Building is in the DC core, which exacerbates security risks to itself and adjacent federal and civilian activity: the District’s Wilson Building, Department of Commerce, Willard Hotel, Freedom Plaza, 14^th Street artery and in closer proximity to the White House. No amount of retrofitting will change these physical adjacencies.

Nearby high-rise buildings provide clear vantage points for hostile actors. The required standoff distances from blast threats can never be met. Nor can the Reagan Building adequately be shielded from line-of-sight surveillance, infrared detection, or electronic signal collection. And, the one acre of glass in the atrium skylight provides an easy drone threat.

A pedestrian tunnel under 14th Street, a popular food court, Metro access, and public garage connectivity undermine perimeter control, as well. Additionally, the Reagan Building cannot provide the square footage for the redundant power infrastructure mandated for a national security headquarters, including a separate utility plant and multiple independent grid connections. Moving FBI here shows a grave disregard for the safety and security of federal personnel, citizens, and national intelligence.

The Real Tab: GSA’s FY 2026 prospectus estimates roughly $1.4 billion for design, construction, and FBI fit-out, but omit the costs of: temporary housing during construction, maintaining Level V-compliant interim facilities, and the likelihood of future leased space if full consolidation proves impossible within the fixed footprint of the Reagan Building. Outdated estimates and assumptions do not reflect the complexity of Level V security or the rapid evolution of cyber and surveillance threats.

The Time to Act is Now: Congress needs to remove the Reagan Building from consideration and insist on a purpose-built solution. The FBI needs a campus-style headquarters with adequate standoff distance, full perimeter control, redundant power and communications, and infrastructure flexible to adapt to evolving threats. Over 23 years ago, a bipartisan report was issued, using the attacks on the Murrah Building and World Trade Center as background, as well as GAO, DOJ/OIG, and Independent Security reports with similar conclusions. But nothing has happened.

Since our first article appeared in The Hill, Frank Keating, Oklahoma Governor at time of the Murrah Building Bombing, responded to us with, “The Murrah tragedy was a wake-up call. Now, thirty years later it doesn’t look like any lessons were learned.” A former Ambassador shared, “The State Department's post Benghazi worldwide building requirements are very unfriendly to retrofitting buildings for occupation by State personnel whether or not a SCIF is involved. The Bureau will be the target like the Marines in Beirut.”

If lawmakers want to ensure the FBI remains the world’s premier law enforcement and counterterrorism organization, they should demand a headquarters that is purposefully built from a national security perspective, not a retrofit of a building never intended to be a secured facility. Let’s, finally, do this right

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Transparency Challenge: Europe’s Defense Supply Chain Blind Spot—and Why the Pentagon Went to War Footing

EXPERT PERSPECTIVE — In this issue we will discuss how the security of the defense industrial base (DIB) has moved from a logistics concern to a Tier-1 strategic threat. While the U.S. has transitioned to an interventionist model to decouple defense supply chains from Chinese control, the European defense ecosystem remains opaque. For investors and procurement officers, European discounts are no longer about market fragmentation; they are a reflection of material insolvency.

Welcome to The Iron Triangle, the Cipher Brief column serving Procurement Officers tasked with buying the future, Investors funding the next generation of defense technology, and the Policy Wonks analyzing its impact on the global order.

Let’s examine trends in European defense technologies and how one misstep shaped U.S. policy.

The Transparency Crisis: A "Black Box" in European Procurement

A critical friction point for policy wonks is the data asymmetry within the European Union. Unlike the U.S., where the Defense Production Act (DPA) and Section 232 investigations provide the Pentagon with deep visibility, European authorities are struggling with Prime Opacity.

Major European defense Primes are systematically under-reporting their reliance on critical materials for defense technologies, namely refined Gallium, Germanium, and Antimony. Reporting these dependencies risks forced redesigns that threaten profit margins on multi-decade contracts, creating hidden debt for investors. A European drone startup may look attractive on paper, but its entire production line may be one Chinese export license away from total seizure.

European procurement officers are awarding contracts to firms that cannot guarantee material provenance, creating systemic vulnerabilities. For example, in June 2025, a series of high-performance drone components—deployed with NATO-enhanced Forward Presence (eFP) battlegroups—relied on high-purity Dysprosium and Terbium magnets from China. Procurement Officers accepted European-made certifications from Tier-1 contractors who had simply assembled components in the EU. These firms had not disclosed that their suppliers were purchasing 92% of their high-spec magnets from Chinese state-owned entities.

When Beijing introduced its Second Wave of export restrictions in April 2025 (retaliating against U.S. tariffs), it selectively halted licenses for the specific magnet grades required for these systems. By July, production lines stalled across Germany and France. More critically, the NATO units on the eastern flank had the platforms, but no spare parts or replacement units for the systems meant to deter Russian hybrid incursions.

It was a supply-chain betrayal: Europe discovered 'Made in the EU' was sometimes just 'Assembled in the EU,' like rare-earth IKEA kits. This chilling operational lesson immediately clarified the Pentagon's decision to shift from a global Free Market posture to one of State-Directed Resilience.

The American "War Footing" Model

As of early 2026, the Pentagon and the White House are executing a three-pillar approach designed to decouple the DIB from Chinese control.

Pillar 1: Components, Not Capabilities (Mid-Stream Reshoring)

While previous strategies focused on final capabilities, the new pillar, led by the Office of Strategic Capital (OSC), focuses on chokepoint components that enable those capabilities. Instead of just buying more hypersonic missiles, the U.S. is using DPA Title III to subsidize the mid-stream processing of materials that go into them. By controlling the bottom of the supply chain, the U.S. ensures that even if a startup develops a brilliant AI decision-aid, it isn't forced to use Chinese-refined precursors to build the hardware it runs on.

Pillar 2: Finance, Not Innovation (The "Sovereignty" Moat)

The second pillar shifts the government's role from a customer to a strategic investor. The U.S. has recognized that innovation is plentiful, but China-free capital is scarce. For example, the SBICCT Initiative, a partnership between the DoD and the Small Business Administration, provides low-cost, government-backed credit to private investment funds that agree to invest only in Sovereign-Cleared technology. This creates a financial safe harbor, allowing defense tech startups to scale without having to accept venture capital from Chinese-linked entities, which would disqualify them from sensitive programs under the 2025 Decoupling Acts.

Pillar 3: Lending, Not Spending (Industrial Scalability)

The final pillar replaces one-off innovation grants (which often fail to bridge the Valley of Death) with long-term debt and loan guarantees for industrial infrastructure. In late 2025, the OSC launched its first direct loan products for defense-related manufacturing, allowing companies to build the China-free factories needed for mass-producing sensitive technologies without diluting their equity. By acting as a lender of last resort for high-risk manufacturing infrastructure, the U.S. government ensures that the Golden Dome is built in American foundries using American machines, rather than relying on globalized supply chains that remain vulnerable to Beijing’s export licenses.

Fast-Track Domestic Permitting

Finally, Policy wonks should note the success of the FAST-41 initiative, which, as of late 2025/early 2026, aggressively fast-tracked more than 50 critical mineral projects. By categorizing lithium, antimony, and rare earth mines as covered projects, the U.S. is compressing the time it takes to get domestic minerals into the defense supply chain—often moving from application to groundbreaking in under three years, compared to the 10-15 year timelines still seen in Europe. This allows U.S.-based startups to source compliant materials at a predictable cost, a luxury their European peers do not have.

My Take. This is the section where I get to discuss what excites me about this topic or technology.

It is unfortunate that some European defense technology companies misled buyers into believing that their supply chains were China free. With Russian gray zone activities, namely drone incursions, at an all time high the impetus for prioritizing production over provenance was strong. If I can be a narcissistic American, our government’s insistence that Europe takes responsibility for their security may have driven companies to new heights of urgency.

It seems likely that most European defense technology companies continue working to break dependence on China while also accurately reporting continuing dependencies. Readers must understand that many of the materials which would enable China free manufacturing are simply not yet available.

The short-term pain that U.S. restrictions are causing inside our own defense ecosystem is having a disproportionately negative short-term impact on the domestic sprint for advanced capabilities, especially drones. Fortunately, this is happening at a time when we are not engaged in great power conflict–when advanced capabilities would be more critical.

Conclusion

The Transparency Challenge is the new Tier-1 strategic threat, where Europe's reliance on opaque supply chains—exposed by the catastrophic failure of "Assembled in the EU" drone components—inspired the Pentagon to abandon a Free Market posture for a State-Directed Resilience model. This American "War Footing" is successfully building a China-free foundation by prioritizing mid-stream component processing, creating a "Sovereignty Moat" of capital, and providing long-term debt for industrial scalability, all while fast-tracking compliant domestic mineral sources—a luxury their European peers still lack. The U.S. government is solidifying a systematic pathway toward defense technology dominance, perhaps based on lessons learned by our EU counterparts. But the core question remains: Can this pathway break China’s near total monopoly before the advanced technologies it enables become absolutely critical?

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Where crime and terror meet: Australia’s illicit tobacco market

OPINION – The unearthing of IRGC’s involvement in Australia’s firebombing incidents in 2025 has subsequently brought into question - the extent by which overseas terrorist groups and Australian domestic organized crime are in sinister collaboration. Although the firebombings occurred in 2025, the facilitation of terrorist financing by the efforts of criminal proceeds have long been understood. With illicit tobacco being a staple and incredibly lucrative commodity in the Australian criminal underworld, spurred by the nation’s expensive excise tax, its profound role in terrorist financing is a pressing issue for Australia to further investigate, especially in light of the IRGC discovery.

From late 2024, Australia experienced a series of arson attacks against Jewish-affiliated enterprises, of which two were linked to the IRGC by the Australian Security Intelligence Organization (ASIO) in August 2025. The first incident involved a firebomb attack on the Lewis Continental Kitchen in Sydney in October 2024 coordinated by Sayed Mohammad Moosawi, a former chief of the Nomads motorcycle gang. The second incident involved a firebomb attack on Adass Israel Synagogue in December 2024, which resulted in over $20 million in damages.

In response, ASIO head Mike Burgess pinned the attacks on the IRGC, attesting that the group utilized proxies to operationalize these attacks. Previously, the IRGC has been listed as a terrorist entity by other Western states, namely Canada and the United States. While the attacks did not ultimately result in terrorism charges in Australia, the IRGC’s involvement would shed light on the looming crime-terror nexus, the symbiotic relationship between terrorism and organized crime that is festering in the nation. Understanding this interplay of crime and terror is crucial for counterterrorism efforts in Australia to proactively deter the future threat of terrorism on their soil.

In recent years, the illicit tobacco market has been a rampant issue in Australia, with an economy of approximately $10 billion annually. The market is propagated by the nation’s expensive excise tax on tobacco which compels users to turn to illegal avenues to procure the commodity, ultimately driving the lucrative underground market even further. At A$1.49 per 0.8 gram stick, increased in September 2025 or A$40, or US$26 for a pack of 20 cigarettes, the prices of tobacco is exorbitant compared to other Western countries such as Canada at an excise duty rate of CAD$0.19 per stick and an “average” pack costing between CAD$15.36 to $19.75 as of April 2025. In addition to an estimated loss of $7 billion in excise revenue, this illicit market is known to facilitate terrorist financing operations, being listed as a substantial financier to offshore terrorist groups by the Australia Criminal Intelligence Commission (ACIC). In relation to the firebombing attacks, the discovered crime-terror ties is a warning for Australian stakeholders to address the nation’s excise tax policy which would, in turn, strategically cripple terrorist financing.

Further linkage between illicit tobacco and terrorist financing has been discovered by Australian authorities. Prior to the two firebomb attacks between 2024 and 2025, Australia had already been experiencing a long string of firebomb attacks, linked to illicit tobacco kingpin, Kazem “Kaz” Hamad. Hamad, who was deported from Australia to Iraq in 2023, was believed to be involved with 150 arson attacks targeting tobacco shops across Melbourne. Notably, he was linked to the arson attack on the Lux nightclub in November 2024 where perpetrators of the incident drove a blue Volkswagen Golf. According to a joint report by the Australia Federal Police (AFP), the ASIO, and the Victoria Police, the same vehicle was allegedly used in the Adass Israel synagogue firebombing and a shooting in Bundoora, both of which happened on the same night. Given this linkage, the IRGC may be a key benefactor to the Hamad’s affluent illicit tobacco trade while members of his criminal network will commit violence to appease this overseas client of theirs. By leveraging these networks, the IRGC can employ an outsourcing approach to inflict damage on adversaries while maintaining a guise of plausible deniability.

The IRGC’s methodology, which is a form of hybrid, or asymmetrical, warfare, is a staple in the organization’s playbook which has been observed before in its plan to attack targets in Sri Lanka and the United States in 2024. The IRGC utilized drug trafficker Farhad Shakeri, who held a strong network of organized criminals in both Sri Lanka and the U.S. Shakeri planned to use his criminal contacts to bomb the Israel consulate in Colombo and Arugam Bay, assassinate Israeli tourists in both locations, and also assassinate President Donald Trump in the U.S simultaneously during the first anniversary of Hamas’ 7 October 2023 attack on Israel. However, his plans were later thwarted by law enforcement and intelligence communities of both Sri Lanka and the U.S.

Following the discovery of the IRGC involvement, the Albanese government removed the Iranian ambassador from the country along with the suspension of its embassy in August 2025 while finally listing the IRGC as a terrorist entity. Operationally, this new designation may bolster the Five Eyes’ information sharing with Australia while granting the nation a legal framework to pursue terrorism charges against IRGC-affiliated activity. Additionally, Australia has ramped up its law enforcement efforts to dismantle the illicit tobacco market. New sets of laws have been implemented in 2025 by Queensland and New South Wales to tackle illicit tobacco operations along with drug busts such as in Operation Xray Modred which led to the seizure of approximately $53.8 million worth of tobacco across 17 different storage facilities. The operation is regarded as one of the largest busts in Queensland history. Overall, Australia’s stringent measures and due diligence in crippling the illicit tobacco market demonstrates its strong commitment to reduce criminality and terrorism alike.

However, while enforcement efforts are effective, it is paramount for Australia to consider policy changes to tobacco excise to not only reduce user dependence on illegal sources but cull domestic terrorist financing operations. One policy option that has been discussed by the nation’s largest tobacco wholesalers was to temporarily freeze the increase in tobacco prices. Doing so would create a window for government and law enforcement to deliberate on viable solutions while preventing the situation from worsening. Reduction of excise may lead to complications such as a potential drop in fiscal budget. However, given the tremendous loss of revenue due to the black market as discussed, conversion of illegitimate users to legitimate users as a result of improved policy may create fiscal opportunities for the Australian government instead.

Moreover, preventing tobacco use may contribute to the reduction of the illicit market which does not require touching excise tax. Through a whole-of-society approach such as anti-tobacco education or promotion of healthy lifestyles, Australia may minimize the demand for illegitimate procurement of the product, thus inadvertently mitigating the terrorist financing problem.

Conclusion

The IRGC’s asymmetrical operations in the Australian firebombing incidents emphasize the ever-present need for counterterrorism and national security stakeholders to employ criminological perspectives to unravel the crime-terror nexus. It must be understood that terrorism does not begin with an attack, but rather an established logistical and financial foundation before that. Given organized crime groups’ vast access to lucrative contraband such as illicit tobacco in the case of Australia, terrorist organizations will utilize them for financing opportunities. Given this, restricting distribution of illicit markets will result in considerable mileage in counterterrorism efforts. As crime and terror become a conjoined threat, law enforcement and national security efforts must be just as, if not more, collectivized to counteract them. Australia must not only rely on domestic enforcement efforts and foreign policy decisions to cripple the capability of nefarious actors, but also curb the demand for the rampant illicit tobacco market by changing to its excise tax policies and discouraging product usage. By accomplishing this, the nation can remain optimistic as it positions itself to strategically fight against both crime and terrorism.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Revisionist History – Aliens, Secrets and Conspiracies

OPINION – Over a decade ago, I was a public official and was at one of our commission meetings on the coast of California. A fellow commissioner and I decided to take a long lunchtime walk along the coast. As we chatted, we realized we had both worked on several of the same very classified programs. His involvement was in acquisition and finance, while mine was more deeply connected to the engineering development of the project and hands-on with the operators on site.

We Got Our Advanced Technology From Aliens
While we both were discreet about not talking about specifics, we recognized the projects we had worked on. So you can imagine my surprise when he turned to me and casually said, “You know this technology came from aliens.” I laughed, thinking that obviously he must be joking. But as we continued walking he continued on, claiming, “You know the equipment you worked on and stuff that followed came from our secret alien investigation site at Wright Patterson Air Force Base. All we did was reverse engineer Alien technology.” This time I stopped in my tracks and looked at him to see if he was smiling. I was puzzled as he looked dead serious. He explained that there was no possible way we could be doing what we were doing using existing technology. Before I changed the subject I asked him how he knew this, he replied with absolute sincerity, “I was head of acquisition on the program. I was briefed on the project. That’s what they told us and they swore us to secrecy.“

I really didn’t know how to process this. He was really a smart and level-headed guy. In fact he was the mayor at the time of Rancho Palos Verde. It took me a mile or two into our walk to rethink everything I knew about the project (even then it had been in decades past), including having sat with a few of the engineers (some strange, but not aliens) as they were designing the system (with me trying to keep up with the revised blueprints in document control), and then watching the system being built and assembled. While it had required incredibly creative engineering, and applying technology on a scale so massive no commercial company could afford it, this system was built by smart people with no aliens involved. But he was equally convinced they were. Over our time together on the commission we took more walks, had lots more to talk about, but we never broached the subject again.

Every once in a while, for the next few years, I puzzled on how he could have been so sure of something that I was sure was completely wrong.

We Did Tell Them It Was Aliens
Fast forward 15 years, and my world view of that conversation was upended when I read in the Wall Street Journal that the Department of Defense had been running a disinformation campaign, briefing finance and acquisition people that the technology for these classified programs was coming from aliens. (Take a minute and read the article.)

All of a sudden our coast-side conversation from a decade and a half ago made sense to me. Most of our most compartmentalized programs have different levels of what was called “need to know.” I never paid much attention as I was read all the way into the technical and operational details of these programs. I vaguely knew that others got fewer details, but as I was just discovering, others had received active disinformation. In a few cases, security officers were even using fake photos and documents to create the Alien cover-story for secret-weapons programs.

It turns out my fellow commissioner had been briefed by the U.S. government that it was Aliens, and he went to his grave believing it so.

Are you going to believe me or your lying eyes?
What’s interesting is what happened after the news came out that the Alien story was government disinformation. A large percentage of people who were briefed, now “doubled down” and believed “we got the technology from Aliens” even more strongly – believing the new information itself was a coverup. Many dismissed the facts by prioritizing how they felt over reality, something we often see in political or religious contexts. (“Are you going to believe me or your lying eyes?”)

I wondered how my friend would have reacted.

Secrecy, Disinformation, and a Higher Power
While on its face this is an amusing story about secrecy, it’s really about the intersection of the secrecy’s impact on society and its role in misinformation, manipulation, the creation of cynicism and mistrust, and our need to believe in a higher power.

Manipulation
An example of secrecy used for manipulation in the 20th century was when the National Security Agency Venona project unmasked Soviet spies in the U.S. Even though this was one of the nation’s most secret programs, the FBI leaked its findings to Joe McCarthy and Richard Nixon. They used this classified knowledge to manipulate the American public, fueling McCarthyism and Richard Nixon’s career. 50 years later, when Venona was made public historians substantively revised the history of U.S. Cold War politics.

In the 21st century Social Media misinformation (e.g. Chinese and Russian influence campaigns, Qanon conspiracies) will look like toys next to the AI-driven manipulation that’s about to come.

Cynicism and mistrust
Secrecy created 75 years of cynicism and mistrust, when the U.S. began launching highly classified reconnaissance balloons (story here), and later the U-2 and SR-71 spy planes. These top secret projects gave rise to decades of UFO sightings. Instead of acknowledging these sightings were from classified military projects the Department of Defense issued cover stories (“you saw weather balloons”) that weren’t believable.

Governments and companies have always kept secrets and used misinformation and manipulation. However, things stay secret way too long – for many reasons – some reasonable (we’re still using the same methods – reconnaissance technology, tradecraft, or, it would harm people still alive – retired spies, etc) or not so reasonable (we broke U.S. or international laws – COINTELPRO, or it would embarrass us or our allies – Kennedy assassination, or the Epstein files).

Secrecy increases the odds of conspiracy beliefs. Because evidence can’t be checked, contradictions can’t be audited, a government “cover-up” becomes a plausible explanation. People don’t tolerate “I don’t know” for long when stakes are high (stolen elections, identity, national crises, the meaning of life, or what happens when we die). That vacuum gets filled by the most emotionally satisfying model: a hidden “higher power” concealing information and controlling events.

Summary
Just as social media replaced traditional news sources, AI-driven summaries of current events are likely to replace our understanding of the world around us. What happens to trust when AI manipulates human’s tendency to embrace conspiracy theories? Who will define the truth in the brave new world?

And by the way, I’m still pretty sure we didn’t get it from Aliens.

This piece was originally published by Steve Blank here.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Who's reading this? 500K+ dedicated national security professionals. Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

Why Russia’s War Effort Signals Strategic Decline

OPINION — “Despite claims of battlefield momentum in Ukraine, the data shows that Russia is paying an extraordinary price for minimal gains and is in decline as a major power. Since February 2022, Russian forces have suffered nearly 1.2 million casualties, more losses than any major power in any war since World War II…After seizing the initiative in 2024, Russian forces have advanced at an average rate of between 15 and 70 meters per day in their most prominent offensives, slower than almost any major offensive campaign in any war in the last century. Meanwhile, Russia’s war economy is under mounting strain, with manufacturing declining, slowing growth of 0.6 percent in 2025, and no globally competitive technology firms to help drive long-term productivity.”

That’s a quote from Russia’s Grinding War in Ukraine, a Center for Strategic and International Studies (CSIS) analysis brief by Seth G. Jones and Riley McCabe, released January 27, which says that “a close look at the data suggests that Russia is hardly winning [its war against Ukraine],” and, even more interestingly, that “Russia is increasingly a declining power.”

Jones, President of CSIS’ Defense and Security Department, and McCabe, Associate Fellow in CSIS’, Warfare, Irregular Threats, and Terrorism Program, not only assess that “Russia’s overall progress on the battlefield, especially in the last two years, fall decisively short of Moscow’s goal to militarily conquer Ukraine,” but also that “Russia’s economy is showing signs of strain, and long-term productivity looks bleak.”

Let’s start with the Jones/McCabe analysis of the military situation and below look at their view of Moscow’s economic situation.

While saying assessing casualties and fatalities in wartime is difficult and imprecise, and various sides have incentives to inflate or shrink the numbers for political purposes, Jones/McCabe write that “According to CSIS estimates, Russian forces suffered nearly 1.2 million battlefield casualties, which include killed, wounded, and missing, between February 2022 and December 2025…There were roughly 415,000 Russian casualties in 2025 alone, with an average of nearly 35,000 casualties per month. In addition, there were roughly 275,000 to 325,000 Russian battlefield fatalities between February 2022 and December 2025.”

Compared to the past, the CSIS analysis showed, “Russian battlefield fatalities in Ukraine are more than 17 times greater than Soviet fatalities in Afghanistan during the 1980s, 11 times greater than during Russia’s First and Second Chechen Wars in the 1990s and 2000s, respectively, and over five times greater than all Russian and Soviet wars combined since World War II.”

The CSIS team attributes the high Russian casualties and fatalities to such things as “Russia’s failure to effectively conduct combined arms and joint warfare, poor tactics and training, corruption, low morale, and Ukraine’s effective defense-in-depth strategy in a war that favors the defense.”

Specifically the CSIS analysis says, “Russia’s attrition strategy has accepted the costs of high casualties in hopes of eventually wearing down Ukraine’s military and society. On the battlefield, Russia has utilized dismounted infantry to wear down and attrit Ukrainian lines, along with small first-person view (FPV) drones, artillery, glide bombs, and other stand-off weapons. Russian units have routinely conducted advances using small squads of troops, often poorly trained, that are supported by armored vehicles or light mobility vehicles. Higher Russian headquarters frequently order these forces to advance toward Ukrainian positions to conduct reconnaissance by drawing fire. If Ukrainian positions are positively identified, Russian soldiers may be sent forward to attack positions, which are further mapped and then targeted with artillery, FPV drones, and glide bombs. These tactics have led to high fatalities and casualties.”

The Ukraine side is also given credit for “their defense-in-depth strategy in a war that has largely favored the defender. Ukraine has used trenches, dragon’s teeth (anti-tank obstacles), mines, and other barriers—along with artillery and drones—to attrit advancing Russian soldiers and vehicles. The eastern front line, for instance, continues to be saturated with drones. As a result, vehicle movement is difficult within 15 kilometers of the front line. Infantry soldiers must instead march to their positions for 10 to 15 kilometers.”

One result has been Russia’s slow rate of advance. According to the CSIS analysis, “Russia’s gains since it took the initiative in January 2024 are far smaller than the large territorial shifts seen earlier in the war. At the peak of the initial invasion in March 2022, Russian forces seized roughly 115,000 square kilometers in less than five weeks, but by April 2022, Ukraine had retaken more than 35,000 square kilometers. By November 2022, Ukraine had retaken approximately 75,000 square kilometers, including through successful counteroffensives around [the Ukraine cities] Kharkiv and Kherson.”

Although the Russian economy has held up better than expected following U.S. and other Western country sanctions imposed after Russia’s invasion of Ukraine in February 2022, strain on its economy is starting to show.

The CSIS analysis says, “In 2025, Russian manufacturing declined at its fastest rate since March 2022, with contractions in output and new orders, a rising labor shortage, and a decrease in input buying.Overall, Russian manufacturing suffered seven consecutive months of contraction in 2025, with production levels declining for ten consecutive months. In addition, consumer demand weakened and inflation was high.”

Jone/McCabe write there is also a labor crunch, a drop in oil revenues with lower global prices, with 2025 economic growth slowing to 0.6 percent, while the International Monetary Fund estimates that Russia’s growth would remain slow, at 0.8 percent, in 2026.

The CSIS team also says Russia faces a capital problem. Unable to borrow on international markets, the Kremlin has borrowed at home and raised taxes to finance the Ukraine war. Roughly half its budget is spent on the armed forces, the military-industrial complex, domestic security, and debt service.

“While the war sustains jobs and industrial activity,” the CSIS team says, “it produces few lasting assets or productivity gains. Higher taxes burden the civilian economy, which is already suffering from double-digit interest rates and significant labor shortages. Tank factories are working overtime, but automobile producers have cut shifts.” Ammunition, uniforms, and fortifications contribute to current GDP, but they do not improve long-term welfare or capital formation.

According to Jones/McCabe, “Russia also faces one of the most severe demographic challenges among major economies, with a shrinking and aging population, low birth rate, high mortality rate (especially among working-age men), and high rate of emigration among skilled workers.”

One example where the CSIS analysis finds Russia falling behind is in Artificial Intelligence (AI). It points out that Russian President Vladimir Putin once predicted, “Artificial intelligence is the future not only of Russia but of all of mankind. . . . Whoever becomes the leader in this sphere will become the ruler of the world.”But it then states, “Russia today is a bottom-tier AI power. It ranks 28 of 36 countries in the overall strength and development of its AI ecosystem—or AI ‘vibrancy’ -- according to Stanford University. The top-performing Russian AI model trails even older iterations of OpenAI’s ChatGPT and Google’s Gemini.”

Even worse, not a single Russian company is among the top 100 technology companies in the world by market capitalization, while the U.S. leads the pack.

As for the space race, where Russia was once a leader, Roscosmos, the state corporation in charge of the Russian space program, carried out only 17 orbital launches in 2025, according to the CSIS analysis. That compares to 193 U.S. orbital launches and 92 by China. Russia’s space industry also suffered an accident in December 2025 that caused severe damage to the launch pad Russia uses for sending astronauts and cargo to the International Space Station. In addition, a 2018 Soyuz rocket carrying two astronauts failed as it headed to space; the emergency abort system carried the two to safety.

There has also been a decline inside Russia in popular support inside Russia for the war. According to polls cited by CSIS, in May 2023, 57 percent of Russians believed that most people in their inner social circle supported the war, compared to 39 percent who opposed the war. By October 2025, 55 percent of Russians in their inner social circle opposed the war, compared to 45 who supported the war.

All thi, however, has not appeared to have affected Putin, who, according to the Jones.McCabe analysis “remains undeterred by the high casualty and fatality rates, and Russia’s economic downturn is unlikely to bring the Kremlin to the negotiating table—at least on terms that would be acceptable to Ukraine or Europe.” They say, “Putin may be willing to accept the high casualty and fatality numbers because most of these soldiers are from such regions as the Far East and North Caucasus—and not politically vital areas for him, such as Moscow and St. Petersburg.”

In addition, the Jones/McCabe analysis finds, “President Putin and the Russian government have been adept in conducting an aggressive disinformation campaign that has convinced some policymakers, including in Washington, that Russian victory is inevitable, despite substantial evidence to the contrary.”

The CSIS team attributes that to Russia having “boosted its funding for state-run media in 2026 by roughly 54 percent, indicating a commitment to intensified information warfare. The Kremlin’s propaganda machine is designed to sustain domestic support for the regime and its war against Ukraine, as well as to convince key foreign audiences that the war has been successful and needs to continue.”

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

Building the Talent Pipeline for America’s Security Future

OPINION – Public service, at its core, is bigger than government service alone. Serving one’s country takes many forms, and in a time when the federal workforce is shrinking, recognizing the breadth of these opportunities is critical.

In my roles as an adjunct at Texas A&M’s Bush School, an alumni council member at the University of Denver’s Korbel School, and a contributing alumnus at the University of Southern California’s Global Policy Institute, I find myself fielding an increasing number of students who are grappling with how to navigate the future.

We have been here before. After the Cold War, the so-called “peace dividend” led to reductions across government, yet the need for talented, dedicated individuals remained. Today, too, the demand is high, and the pool of students and young professionals aspiring to serve their country is deep. The three universities that have invested in me also continue to invest in carving paths for students to serve in a wide range of roles.

Government itself is the most traditional route. Agencies may be smaller than in the past, yet as the senior generation transitions out, opportunities abound. Indeed, a cursory look reveals many are hiring. Working at the state and local level opens the aperture even wider; I worked for the state of Colorado and interned for the state of California well before I landed at the CIA.

Teaching, at any level, is an invaluable public service. Educators cultivate the next generation of thinkers, leaders, and professionals, shaping civic knowledge and analytic capacity that are foundational to democratic governance and national security. By equipping students with “deeper learning,” such as reasoning, problem-solving, and even persistence, teachers cultivate civic-mindedness and ensure that public service endures across generations.

Nonprofits also play a vital role. Whether focused on development, security, human rights, environmental protection, or public health, these organizations employ millions of people to perform roles that neither the market nor the government can fulfill. Serving in the nonprofit sector often requires ingenuity, resourcefulness, and a commitment to mission-driven work—traits that translate well into national security challenges.

International organizations provide a global platform for public service. From the United Nations to regional alliances, these institutions facilitate cooperation, conflict resolution, humanitarian response, and development programs. Working in such settings develops core skills, including diplomacy, cross-cultural communication, and policy expertise, all of which are transferable to domestic roles.

Think tanks offer another avenue for impactful service. Analysts and researchers at these institutions produce rigorous, evidence-based insights that influence government policy, public debate, and strategic planning, particularly in national security and foreign affairs. Think tanks combine scholarship with real-world impact, allowing professionals to shape the discourse on pressing issues.

Industry provides opportunities that are increasingly essential to national security. Since joining Leidos as a Director and Account Manager in our Intelligence Sector, I have been humbled by colleagues who dedicate their careers to advancing technology and capabilities that the government cannot, and should not, develop on its own. Furthermore, public-private partnerships are critical to maintaining US technological and security advantages.

Multiple Attributes Open the Way

Our emerging professionals should cultivate a combination of skills, knowledge, and character to pave the way for any of these careers. Excellence, deep expertise, and technology acumen are pillars, particularly as workplace challenges grow more complex and technologically driven. While opinions vary on the most critical traits for young professionals entering public service, I have consistently found a core set of skills and behaviors that open doors to careers. I call them the Five Cs.

Critical Thinking is perhaps the most foundational skill. Critical thinking is learnable, and educational research shows that structured analysis and disciplined writing are among the most effective ways to develop it. A well-reasoned, well-substantiated paper forces the author to evaluate evidence, challenge assumptions, and construct persuasive arguments—exactly the habits that public service demands.

Communication, both written and oral, is inseparable from professional effectiveness. Studies consistently demonstrate that strong communication skills correlate with leadership, policy influence, and organizational success.13 Today, AI tools can assist with drafting, but understanding what makes communication compelling remains a human responsibility—one that requires being able to explain why something works, not merely that it does.

Creativity enables professionals to solve novel and ill-structured problems. Research on innovation in public organizations shows that creative thinking improves adaptability and problem-solving in complex environments, including national security contexts. Future public servants can nurture creativity through interdisciplinary exposure, experimentation, and tolerance for intellectual risk.

Curiosity drives learning, adaptability, and sustained professional growth. Educational and cognitive research links curiosity to deeper knowledge acquisition, improved performance, and long-term expertise development. In a field defined by evolving threats, curiosity is not optional—it is a professional obligation.

Collaboration is essential in environments where no single individual or institution holds all the answers. Organizational research consistently shows that collaborative teams outperform individuals when addressing complex, high-stakes problems. Collaboration transforms individual competence into collective effectiveness, a cornerstone of public service.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Cognitive Battlefield is Now Decisive Terrain

OPINION -- Senior policymakers, military leaders, technologists and narrative strategists had one thing on their minds as they gathered in a Reston conference room last week - how decision advantage, psychological leverage, and narrative dominance are increasingly capable of determining strategic outcomes. Cognitive warfare - once treated as an adjunct to cyber or information operations - is becoming a primary instrument of power and the implications are profound.

Clausewitz wrote that the center of gravity in war is the source of an adversary’s strength. In today’s environment, that center of gravity is increasingly ideological and psychological. Unity and will - both domestic and allied - are strategic assets. Information is not merely a supporting function. It’s a weapon.

The contest unfolding in the gray zone is fundamentally about narrative. Not propaganda in the blunt Cold War sense, but sustained, cumulative influence campaigns that shape how populations interpret reality. These efforts operate across media, social platforms, text messaging networks, gaming environments, and increasingly, AI-driven platforms.

Subtle Corrosion Beats Spectacular Attack

One of the most important insights shared last week centered on the cycle of desensitization. Consider the steady drumbeat of cyber intrusions attributed to China or Russia. Each incident sparks temporary outrage, but repetition normalizes the activity. Over time, the public and sometimes policymakers, stop reacting. Strategic corrosion sets in.

This is cognitive attrition. It does not rely on a single catastrophic blow. Instead, it leverages small, atmospheric messages that accumulate. A fabricated report of a measles outbreak in Ukraine, spread via text messages. Repeated claims that Western institutions are corrupt or incompetent. False narratives injected into local conversations. Individually trivial. Collectively transformative.

The cumulative effect resembles what some participants described as a “cognitive supply chain”- disinformation introduced through multiple channels, actors, and devices over time, reinforcing itself until it feels like truth. In this environment, the question is not simply whether a narrative is false. It is whether the repetition of that narrative alters perception faster than truth can catch up.

If traditional principles of war emphasize mass and maneuver, today’s information battlefield demands speed, scale, and persistence. Speed, because narratives form quickly and harden fast. Scale, because digital transport layers allow messages to reach millions instantly. Persistence, because influence is cumulative. It rewards actors willing to repeat, reinforce, and adapt.

Military leaders are increasingly recognizing that communications is not a peripheral function, it is a commander’s business. Every action or inaction is an information operation. Tone, repetition, and secondary amplification matter as much as initial statements. And dominating that narrative requires dominating the transport layers that carry it. That includes terrestrial networks, undersea cables, satellite infrastructure, and increasingly, space-based assets. Space is not peripheral to information warfare; it is foundational.

Another critical component to consider is that of attribution. In the cyber domain, attackers benefit from ambiguity. If malicious actors can hide behind plausible deniability or if governments can shield them, deterrence collapses. Credible attribution raises costs. It narrows safe havens. It signals resolve.

Some countries are beginning to codify this posture. Latvia, for example, has criminalized election-related fake news and deepfakes, recognizing that information manipulation is not abstract speech but a direct threat to democratic integrity. The United States faces a harder question: are our legal and institutional structures optimized for cognitive deterrence? Or are they still calibrated for a previous era of warfare?

The Rise of Agentic Systems

If the cognitive domain is decisive, technology will be central.

The next frontier is not simply artificial intelligence, but agentic architecture - systems capable of augmenting commander decision-making in real time. The goal is not automation for its own sake. It is better recommendations. Faster synthesis. Clearer visibility.

Architecture matters and open, modular systems are essential. Black boxes are strategically dangerous. Defense institutions need plug-and-play capabilities that allow integration of new tools as threats evolve.

Reliability, not feature proliferation, should guide procurement – think more Amazon.com rather than bespoke. Outcome-based acquisition must replace programmatic inertia. A culture of velocity must supplant a culture of compliance.

In Afghanistan, smaller, foreign terrorist organizations were easier to degrade than deeply embedded, locally rooted movements like the Taliban. Structure mattered. Networks with widespread local integration were far more resilient. The same principle applies to narrative ecosystems. Loosely connected but culturally embedded influence networks are harder to disrupt than centralized propaganda hubs.

If adversaries build durable cognitive infrastructure across diaspora communities, digital platforms, and local influencers, countering them requires more than takedowns. It requires building alternative narratives and actions with comparable persistence and legitimacy. Cognitive advantage requires a network of networks approach (think private-public), operating at the intersections of shared security interests.

Cultural Terrain Is Strategic Terrain

Perhaps the most underappreciated shift in today’s information environment is cultural. Gaming now plays a role similar to Hollywood’s influence after World War II. Streaming platforms dominate storytelling. Media consumption patterns are fragmented and algorithmically curated. Stories remain, as one speaker observed, “the fuel of the human soul.”

For decades, institutions like Voice of America succeeded because audiences sought out American content. The positive narrative of opportunity and possibility carried weight. In today’s environment, focusing solely on countering adversaries may be insufficient. Affirmative narratives about democratic resilience, economic opportunity, and alliance strength remain strategic assets. If the center of gravity is ideological, then cultural confidence is not soft power. It is core power.

None of this is executable without human capital. Building a cognitive arsenal requires building a cognitive workforce - professionals who are fluent in AI, media ecosystems, psychology, geospatial intelligence, and policy. Upskilling is not optional. Institutions must cultivate interdisciplinary talent capable of integrating technology and narrative strategy. They must also accelerate collaboration across government, private sector, and research institutions. And Government is looking to the private sector for training, skill development, and use of advanced technology, methods and applications. The adversary does not operate in stovepipes. Neither can we.

The most important question raised at that conference in Reston may have been the simplest: Are we structured to enact our own strategy?

The United States possesses extraordinary technological and intellectual advantages. But advantages unrealized are advantages lost. If cognitive warfare is indeed the new frontier of power, then institutional adaptation- not incremental reform - will determine success. Speed, modularity, reliable attribution, cultural fluency, and decision-centric AI must move from theory to practice. Because in this domain, the battlefield is not a distant theater. It is perception itself. And perception, once shifted, is far harder to reclaim than territory.

The Pinnacle Conference was hosted by The Information Professionals Association, The National Center for Narrative Intelligence and The Cipher Brief at the Carahsoft Conference & Collaboration Center

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Killing Mencho

CIPHER BRIEF REPORTING — Exactly who tracked El Mencho, the world’s most wanted and feared drug lord, to a heavily armed safe house in a remote Sierra Madre town is a secret, for now. The Mexican government has revealed only that its air force and special forces commandos descended on a safe house in the quaint Sierra Madre town of Tapalpa early yesterday, encountered gunfire and returned it, killing four cartel gunmen.

El Mencho, whose real name is Nemesio Rubén Oseguera Cervantes, is the 59-year-old founder and leader of the Cartel de Jalisco Nueva Generación (CJNG). Oseguera was wounded in the exchange of gunfire, loaded onto a Mexican military aircraft and flown to Mexico City. According to officials, he didn’t survive the flight.

Officials announced that they seized “various weapons and armored vehicles… including rocket launchers capable of shooting down aircraft and destroying armored vehicles” as a result of the raid. Such heavy military-grade weapons don’t just materialize without somebody knowing about them. A lot of people, in fact. Who sold them to Mencho’s paramilitary organization? Where did they originate? Are there others? Officials won’t have the opportunity to interrogate Oseguera about the influential people who were on his payroll as he grew his ultra-violent cartel into a global powerhouse.

But according to DEA intelligence, his cartel is worth billions and has a presence in all 50 American states and 40 countries. Some American agents believe the Mexican government never wanted to take him alive. In fact, for most of his career, as he was consolidating his power, Mexican leaders have told the U.S. that their forces were unable to find and arrest him. What changed? Experts believe at least two things.

First, Mexican leaders finally got fed up with El Mencho’s blood-soaked reign. “The CJNG was public enemy number one” for President Claudia Sheinbaum’s administration, Michael Chavarria, formerly the Drug Enforcement Administration’s senior leader in Guadalajara, the Mexican cartels’ original base of operations, told The Cipher Brief. “It’s the one cartel out of favor with President Claudia Sheinbaum, especially as it was responsible for the attempt on the life of Security Secretary Omar Garcia Harfuch, just prior to Sheinbaum’s election.”

Garcia Harfuch, an aggressive, outspoken crime-fighter considered to be Mexico’s second most powerful official, survived a cartel assassination attempt in 2020, when he was Mexico City’s police chief. He became the CJNG’s implacable nemesis.

Second, under pressure from President Donald Trump and the U.S. Congress, Sheinbaum and other top officials started collaborating openly with the U.S. military and intelligence community, an unthinkable event just a few years ago. But that changed with the election of Donald Trump.

The U.S. Navy’s Seal Team 2 arrived in Mexico around Feb. 16, ostensibly for a training exercise with Mexican military counterparts aimed at interdicting Chinese shipments of chemical precursors used to make the deadly opioid fentanyl, which has killed hundreds of thousands of Americans. The timing is noteworthy. According to U.S. officials, Navy SEALs trained elite Mexican navy special forces units that captured, among others, infamous drug kingpins Joaquin “El Chapo” Guzman in 2016 and Rafael Caro Quintero in 2022.

For those operations and many others, DEA agents posted to Mexico and along the border provided intelligence gleaned from scores of paid informants recruited over decades. Many operations failed, apparently because they were compromised, but enough succeeded to convince President Trump, who declared drug trafficking and illegal migration top national security threats, to order the CIA and other U.S. intelligence agencies to step up their intelligence collections aimed at the Mexican underworld. The CIA reportedly added more drone surveillance flights over the border region as a result.

But sharing intelligence with the Mexican government has always been a fraught enterprise. Some plans were slow walked. For others, operational security was compromised by corruption at every level of the Mexican government. Sheinbaum’s predecessor, leftist Andrés Manuel López Obrador, openly disdained U.S. anti-drug efforts and famously said he would treat the crime cartels with “hugs, not bullets.”

“The CJNG established a nation-wide network of corrupt alliances among federal, state, and local police and regional military – sufficient to afford them a degree of protection,” Chavarria told us. The DEA had recruited plenty of human sources inside Mexico over the decades, but agents complained. The problem was getting the Mexican government to use that intelligence to take action against key cartel lieutenants.

Do you have deep experience in national security and something to say? Drop us a note at info@thecipherbrief.com.

In December 2024, as the CJNG’s power inside Mexico and around the world expanded precipitously, the Biden administration raised the reward for El Mencho from $10 million to $15 million.

As soon as he took office for the second time, Trump designated the CJNG and other Mexican cartels as foreign terrorist organizations. Trump himself repeatedly pressed Sheinbaum to allow the U.S. military to mount anti-cartel operations deep in Mexican territory. She always refused. Trump and her team were warned that such incursions would inflame Mexican politicians and likely backfire, damaging Sheinbaum’s ability to work with the U.S.

The compromise seems to have been that all boots visible on the ground and all triggers pulled would be strictly Mexican, while, behind the scenes, U.S. law enforcement, military and intelligence community personnel would provide “intelligence support,” as White House spokesperson Karoline Leavitt posted yesterday on X.

Even though El Mencho has been declared dead, U.S. security experts say the war on the cartels is not even close to being over.

“He died like a dog,” Rep. Dan Crenshaw, R-Tex., a Navy SEAL veteran who has led Congressional anti-cartel initiatives, posted on X yesterday. “Cause for celebration – absolutely - but not a victory lap. Now, more than ever, it is critical to keep the pressure on the Mexican cartels.”

DEA veterans say that El Mencho will be quickly replaced by one of his key lieutenants, probably his stepson, Juan Carlos Valencia Gonzalez, 41, known as El R-3, El JP, Tricky Tres or simply 03. He inherits narco DNA, not just from Mencho, a farm boy-turned-enforcer but, even more importantly from the Valencia clan, who are narco royalty.

“El Mencho married into the Valencia family, taking Rosalinda Gonzalez Valencia as his wife,” says Chavarria, an expert on the Valencias and author of the book Junior, about a DEA penetration of the cartels. “This is a common practice among drug trafficking families – designed to solidify loyalty and to protect against betrayal. Narco intermarriages were and are regularly encountered in Mexico’s underworld.”

“The operation against Mencho is more about cracking the idea that powerful cartel leaders operate with impunity than bringing about the downfall of a cartel,” says Carlos Olivo, formerly DEA’s agent in charge in Guadalajara and assistant agent in charge in the key border city of El Paso. “Mencho had near absolute control in that area of Jalisco and for that to be penetrated and successful shows us that a willing partner can indeed turn the tide in Mexico,” he told The Cipher Brief.

Olivo, an ex-Marine who led a DEA team hunting Mencho until recently and is now writing a book about the CJNG, warns that taking down the kingpin and his successors is “just one pillar. Corrupt politicians and banking and business sectors must be next.”

With the stakes in the billions and powerful, respected families involved in the country’s politics, banking and business sectors, and cleaning up Mexico’s institutions will take more than firepower and good intelligence.

“For us Americans, reality won’t change,” says Chavarria. “Same drugs coming across, because of our demand. Same violence in Mexico. Wash, rinse, repeat. It is a small skirmish victory in a prolonged drug war. There will be more Menchos. On a positive note, however, no kingpin can last forever. They can run but they cannot escape their eventuality. Kingpins fall.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Tracing the Evolution of Russian Hybrid Warfare

KREMLIN FILES/ANALYSIS: Russia’s full-scale invasion of Ukraine in February 2022 did not emerge from a strategic vacuum. It was the culmination of over a decade of experimentation in hybrid warfare, and of increasingly rigid assumptions inside Russia’s intelligence services.

From Crimea and the Donbas in 2014, through Syria and a series of covert and deniable operations across Europe and the Middle East, Moscow refined a model of conflict built on scripted roles for its security services and their proxies. Yet the same intelligence culture that enabled early gains with hybrid war in Georgia, Ukraine and elsewhere, also fostered deeply flawed prognostications about the utility of force and Russia’s ability to project power.

This is the second in a two-part series on Russian gray zone, or hybrid warfare. In the first article, Wiswesser analyzes the evolution of hybrid warfare and its practice in the decades leading up to Russia’s intervention in Ukraine in 2014.

Russia’s errors ultimately propelled it into a catastrophic all-out war in Ukraine in 2022. This article, which continues a study of Russia’s path to and through the Gray Zone, argues that tracing the evolution of Russian hybrid warfare through the lens of its intelligence services and their miscalculation is not merely an exercise in post-mortem analysis but a critical step toward more effectively deterring future Russian aggression.

With the intervention in Ukraine in 2014, Russia’s so-called “non-contact” or gray warfare doctrine had its first major operational test for Russia, marking it’s most significant use of hybrid warfare. From their perspective, the Russian intelligence services (RIS) and its military succeeded in stunting the actions of Europe and the U.S. when Russia took large portions of the Donbas and Crimea utilizing “little green men." These were Russian GRU (military intelligence elite units), other Russian military units, and intelligence proxies acting in the interests of the state.

For Russian strategists, non-contact war was effective, and these conflicts laid the groundwork for the planning of Putin’s siloviki and “organs” of power—the FSB, GRU, and Russian Armed Forces - for a much larger invasion of Ukraine just 8 years later. Studying the run-up to Russia’s full-scale invasion in 2022, and its hybrid war plan, can help better prepare NATO for the subsequent potential Russian aggression against the Baltics or elsewhere.

2014-2015: Donbas, Crimea, and Syria

In the second decade of this century, as Russia’s debates over non-contact warfare continued within its military and intelligence agencies, planning started to counter what Russia viewed as undue influence from the West in the Caucasus, Central Asia, and most notably, Ukraine. It was the latter that Russia and Putin always considered unfinished business. Russian planners—initially a small group of Kremlin Siloviki and their staff from various ministries—were aware that their military was not prepared for a full-scale war with NATO and the West. Nevertheless, Moscow believed they controlled the narrative and that gaps in reforms of their military and air force could be offset by the RIS conducting sabotage, subversion, cyber warfare, and recruiting key defectors within the Ukrainian government.

The Ukraine interventions and insurgencies of 2014 carried out by Russia in the Donbas and Crimea were classic non-contact operations using reflexive control and malicious influence through the media. Russia’s narrative was circulated among sympathetic European politicians and elsewhere. The story of little green men and whether they “were or weren’t Russian troops” was propagated through active measures. This and other false stories about supposed Ukrainian fascism and atrocities gained significant traction, especially within Central Asian countries and among Russia’s allies. The narrative effectively prevented any unified response by the West and Europe until the occupation of Crimea and large parts of the Donbas became a fait accompli. For Russia, it was a major success.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

At the same time, with a major deployment to Syria to support and back President Assad, the Russian Aerospace Forces (renamed the VKS in 2015) gained valuable experience for its combat squadrons. In Syria, they practiced precision strikes, a key part of non-contact warfare, and demonstrated greater precision (than in Georgia) in the use of air power during strikes. Additionally, in Syria, RIS units like GRU Spetsnaz conducted operations embedded with various factions and partners on the ground.

This deployment gained momentum on the heels of the 2014 Ukrainian operations. It was a classic blend of gray zone operations between intelligence and military units. Syria was also seen as a chance for Russia to bleed green units in preparation for larger wars to come.

In Africa during this same period, Putin’s former cook, then an oligarch, Yevgenniy Prigozhin, used the Wagner Group, a private army, to prop up regimes friendly to Russia. Wagner was one of dozens of private military companies, also known as non-state actors, that Russia was using and continues to use to achieve strategic aims. They acted as mercenaries to repress citizens and dissent, intervening as henchmen for hire across Africa.

Still, there was one overarching strategic goal that Putin and all his services focused on—Ukraine. For Russia and its intelligence services in particular, Ukraine remained unfinished business.

Ukraine War Plans: Prepping the Battlefield

As Russia prepared in the years leading up to the full-scale invasion in 2022, it relied on its version of hybrid warfare, its doctrine of non-contact warfare, and all that it involved: active measures, cyber operations, and efforts to influence the media through reflexive control. In planning, they aimed to combine these measures with a limited air campaign and a significant ground invasion that appeared sufficient on paper but lacked professional soldiers, trained units, and the crucial 3-to-1 (or more) force ratio needed to succeed against Ukraine’s professional military.

Russia’s thinking was enabled by and reinforced from decades of theory on non-contact war, their successes in both Georgia and Ukraine in 2014, and their belief they could pull off an occupation of and complete overthrow of the democratic government of Ukraine. Faulty prognostications by the RIS made Putin sure it would all work.

In the lead-up to the Ukraine invasion in 2022, all three of Russia's main intelligence agencies—the FSB, SVR, and GRU—played prominent roles in Putin's planning and execution of the invasion. These agencies always viewed Ukraine and other former Soviet republics, which they call the “near abroad,” as extensions of Russia. The RIS never accepted its independence and couldn't see Ukraine, in particular, as a separate nation.

The FSB, despite primarily being an internal agency, played an outsized role in planning the "special military operation"—the term they later used to describe the full invasion of Ukraine. The FSB Fifth Service was responsible for “operational information” and was prominent in both 2014 and the invasion eight years later. As the main source of intelligence analysis for President Putin, the FSB Fifth Service provided him with a steady flow of inaccurate reports, which he readily accepted. Many of those same FSB officers were infamously reported in the Russian blogosphere as having “picked out their apartments" in Kyiv before the invasion.

The FSB believed Russia could win in Ukraine. To weaken the battlefield, the FSB used influence operations across Russian-language and international media, working alongside their SVR/GRU colleagues. They were confident it could be effective because, to some extent, they succeeded in 2014 in muddying the waters about the nature of that conflict and how the international community should respond (or unfortunately, not). The West and NATO appeared hesitant to act and were unprepared. For the RIS, they thought it was a "win" they could replicate.

The FSB planned a continuation of these tactics in 2022, aiming to confuse the international focus long enough to ensure a quick victory and regime change in Ukraine. U.S. intelligence sharing and increased NATO awareness thwarted this, at least in part. The Foreign Service (the SVR) supplemented these active measures with its own networks of cooperative journalists, corrupt parties or politicians abroad, and what the SVR calls "useful idiots," whom it could employ as witting or unwitting accomplices to help spread the Russian narrative.

Some experts in the West bought into this narrative, commenting across many media outlets on Russia’s “overwhelming force ratios” along the main axes of advance. Western generals and experts echoed Moscow’s position, repeatedly stating that “unfortunately, Ukraine can’t win.” Early in the war, Russian messaging worked in its favor once again.

Russia’s Military/Intelligence Failures in Ukraine

After practicing Russian military maneuvers in “Zapad” (West in Russian) exercises for several years, in early 2022, Zapad 2022 became the cover for the gathering of forces for the full-scale invasion. But this time, the West—Europe and the U.S.-- were better prepared. U.S. intelligence was shared directly with NATO and Ukraine. Ukraine was readied, and Russia was put on notice that it would not succeed in another gray war followed by an invasion.

This time, and unlike many negative predictions even in the West, the Ukrainians would fight, and Russia would bleed. When the Russians were forced to fight, they fought terribly, incompetently, and it has cost them over a million casualties as the war neared its fourth year.

There are important lessons to learn from Russia’s numerous failures in its operations in Ukraine. This article mainly focuses on intelligence services and hybrid warfare. For the Russian army, however, the widespread use of conscripts and their poor integration into battalion tactical groups with “kontraktniki” (contract soldiers) meant the BTGs were largely effective only on paper. Huge convoys showcasing significant “force ratios” were intended to intimidate Ukraine. Still, their equipment was not ready for combat deployment (for example, the many stories of underinflated tires and trucks running out of gas). The Russian Aerospace Forces lacked sufficient combat-trained pilots with the necessary experience in air campaigns to sustain a prolonged engagement.

For the intelligence services, Ukraine would starkly reveal their shortcomings. Russian Military Intelligence, the GRU planned for substantial roles in what they thought would be a quick victory in 2022. GRU Spetsnaz, or special operations units, were used in the 2022 invasion to a fault, thrown into frontal assaults for which these (claimed) elite elements were not designed. They became cannon fodder literally when the Russian battalion tactical groups (BTGs) could not carry out their planned roles.

Along with other infamous units, the GRU’s Unit 29155 distinguished itself with assassinations and attempted ones, not only in Ukraine but across Europe. They were also behind the 2018 attack on defector Sergey Skripal. But most of their early operations, including attempts allegedly to carry out a fast coup to overthrow President Zelensky, failed. RIS hit squads and teams from the GRU and FSB were sent in to stage what they planned as a coup, following an airborne assault--which also failed--at Hostomel airport outside Kyiv.

Other such operations in the Donbas were thwarted by Ukrainian intelligence. There were special operations units from the FSB deployed throughout Ukraine, including their teams "Alpha" and "Vympel." These FSB units and others were particularly active in the occupied East. Their crimes, including assassinations of local Ukrainian leaders, atrocities against civilians, and torture, are well documented and continue to the present.

The FSB, SVR, and GRU all promised Putin and his planners that they could conduct successful cyber operations to stun and disrupt the Ukrainian response in early 2022. These attacks were blunted primarily by the Ukrainians' own cyber defense capabilities and by early intelligence warnings from the West about the invasion. One example of attempted but failed Russian gray-zone ops is the FSB's Center 16, which is broadly responsible for signals intelligence and intercept operations.

Center 16 hires criminal hackers for the state, an example again of non-state actors (NSAs). The FSB and other RIS units believed they could bring Ukraine to its knees with heavy cyber attacks on the government, and that these NSAs could play a significant role, including Russian organized crime groups. The planned cyber and criminal-assisted coup against Ukraine, like the broader invasion, failed. The RIS's predictions of success were again overly optimistic.

Conclusions: New Gray Zone War Without End

Since 2022, the Ukrainians have fought heroically and successfully defended their nation. Western support has played a key role, and that support should continue. But studying why Russia thought it could win and their doctrine and experience on the same, is key for our country and our allies preparing for the next war.

Understanding the basis for the 2022 invasion, which includes Russia’s doctrine and history, is crucial. Russian war plans relied on the same concepts developed by figures like Sliphchenko, Gareev, and Chief of Staff Valeriy Gerasimov regarding non-contact warfare (as detailed in the first article of this series): a permanent front engaged in information warfare, sabotage, and other actions just below the threshold of actual war.

In the West, we should study our Russian adversaries in their own language, their military writings, culture, and traditions, so we can better counter them. Herein lie the lessons of Russian non-contact warfare, their understanding of hybrid tactics, and why they believed they could win—and still do. These lessons are critically important to prevent the next aggression by Russia. A recent study by the Center for European Analysis highlights that Russia’s strategy involves constant escalation against Europe and the U.S.

A Russian victory—or even a frozen conflict on Moscow’s terms—would validate a decade-long experiment in revisionism by stealth and force. It would signal to allies and adversaries alike that escalation works, that borders are negotiable, and that democratic societies lack the endurance to defend the order they claim to lead. Helping Ukraine prevail is therefore not an act of charity or sentiment; it is a strategic necessity.

For the United States and its allies, the lesson is clear. Supporting Ukraine through to a just and durable outcome is inseparable from preparing for the next evolution of the Russian gray zone. That means investing in deterrence across domains, hardening democratic institutions against subversion, confronting malign influence early rather than episodically, and abandoning the illusion that stability can be purchased through restraint. A nation founded on the belief that freedom is an inalienable right cannot afford strategic ambiguity about whether it will defend those who fight for the same principle.

The gray zone is already contested terrain. The question is not whether conflict will continue, but whether the West is prepared to meet it with clarity, resolve, and the will to win.

---------

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Alliances, Ukraine, and China’s Growing Challenge

EXPERT Q&A — Evelyn Farkas has spent decades working at the center of U.S. national security and transatlantic defense policy. A former Deputy Assistant Secretary of Defense for Russia, Ukraine, and Eurasia, she now serves as Executive Director of the McCain Institute, where she focuses on strengthening democratic alliances and confronting authoritarian threats.

Farkas spoke with The Cipher Brief’s Suzanne Kelly from the Munich Security Conference, where global leaders gathered amid continued war in Ukraine, uncertainty about U.S. commitments abroad, and growing concern over China’s long-term ambitions.

Below are highlights from the conversation, lightly edited for length and clarity.

OUR INTERVIEW

Kelly: With everything going on right now from the Middle East to Ukraine to technology and AI and how that’s going to impact global security overall, what is top of mind for you there in Munich?

Farkas: I think it’s the state of the transatlantic alliance and then beyond that really all U.S. alliances. For me, that’s the thing that matters most. And I think that’s what Europeans and others, even those outside of Europe, especially our Asian allies, are going to be listening for. Are we still united?

Kelly: Secretary Marco Rubio is expected to deliver a message here. What are you hoping to hear from him?

Farkas: I’m hoping he gives a speech more like the one Secretary Gates gave when he was exhorting Europeans to do more to carry the burden of our collective defense. Obviously now it’s urgent. Russia is conducting kinetic attacks on European territory every week. Europeans need to step up.

But beyond that, I hope he reasserts the U.S. commitment to the alliance because it’s in the U.S. interest. It undergirds our way of life, our democracy, our security, and our economic prosperity.

Kelly: Are you seeing any shift in how Europeans are thinking about the alliance?

Farkas: I think there’s a bifurcation. The working-level cooperation is still happening. We’re all working together, whether in government or out.

But at the same time, Europeans are much more distrustful of America. They’re not sure whether they can rely on us, and they don’t understand why our president has taken an approach that has at times been quite hostile rhetorically toward the allies.

Kelly: How are you thinking about the Russia-Ukraine war from Munich?

Farkas: Everything depends on us getting this right, meaning the world community. The Ukrainians are fighting and will continue to fight. They have won this war strategically—it’s just a question of when and at what cost.

Russia cannot conquer and rule Ukraine. They’re weak economically and politically. Their military machine is being squeezed and needs to be squeezed more.

We need increased sanctions on Russia, but we also need to sanction China more because China is allowing Russia to continue the war, not just by buying oil but by providing technological dual-use capabilities.

Kelly: How is Europe thinking about China?

Farkas: I’m a little bit concerned. The Japanese have taken a very strong approach. They’re maintaining deterrence and not pretending they share values with China.

But in Europe, we’re seeing leaders travel to Beijing and hedge. Europeans need to be careful because China is not their friend. China will eat their lunch in a minute, and China is not a democracy. You don’t want to be aligned with that kind of government.

Kelly: Looking ahead, what are the most critical issues to get right now?

Farkas: The most important thing is helping Ukraine bring the message home to the Russian elite and the Russian people that they cannot win militarily and that Ukraine will maintain its sovereignty.

Deterring China is equally important. China is pushing the envelope, and we need to maintain our strength against both adversaries.

Kelly: Final thoughts?

Farkas: We must help Ukraine win and maintain sovereignty, and we must deter China. Those are the defining strategic challenges right now.

Read more expert insights into national security in The Cipher Brief. And find out more about The Cipher Brief HONORS Awards happening March 13 in Washington D.C.

Washington’s Venezuelan Gamble: The Old Guard’s Continued Grip on Power

DEEP DIVE — More than six weeks after United States special forces extracted Nicolás Maduro from Caracas, Venezuela remains under the control of the same intelligence apparatus that ran the regime’s torture networks. Acting President Delcy Rodríguez, who oversaw the feared Bolivarian intelligence service under Maduro, now negotiates sanctions relief with Washington while security hardliners who detained political prisoners coordinate their release.

For much of the U.S. intelligence community, however, it is not about whether Venezuela’s system can be repaired, but rather whether the Trump administration has enough leverage to prevent the old guard from rebranding.

Rather than triggering immediate elections as Venezuelan law requires, the Supreme Court declared Maduro’s capture a temporary absence, allowing Rodríguez to govern indefinitely without a popular mandate.

“The regime used a legal mechanism to maintain institutional control while avoiding an immediate electoral process,” Mauricio Vaquero, country coordinator for María Corina Machado’s Vente Venezuela party in Colombia, tells The Cipher Brief. “The Supreme Court decided she would assume as interim president, but a Chavista Supreme Court, not the democratic legal one.”

In other words, the same loyalist judges who helped Maduro stay in power are now using constitutional loopholes to keep his inner circle in charge.

The Intelligence Network Remains Intact

The security apparatus that sustained Maduro’s authoritarian rule continues operating largely unchanged. Interior Minister Diosdado Cabello, still wanted by American authorities on a $25 million bounty for narco-terrorism charges, controls Venezuela’s coercive forces and armed collectives. His role in coordinating political prisoner releases illustrates the paradox of the current transition.

Foro Penal, Venezuela’s leading human rights organization that has provided pro bono legal assistance to victims of arbitrary detention since 2002, estimates that approximately 711 political prisoners are detained as of mid-February. Releases often come with severe restrictions. When opposition politician Juan Pablo Guanipa was freed on February 8 after eight months of detention, armed men abducted him hours later. He is now under house arrest with an ankle monitor.

“They were released, they reunited with their families, until the enlightened stupidity of some politicians led them to believe they could do whatever they wanted and stir up trouble in the country,” Cabello stated after Guanipa’s re-arrest.

Luis Bustos, the Bogotá-based spokesperson for the Venezuelan opposition party Primero Justicia, tells The Cipher Brief that his party alone has 61 members imprisoned as political prisoners.

“There is still a high risk of getting arrested if authorities are aware that you are happy about the situation,” Bustos continues.

In Caracas and popular zones, armed collectives demonstrate the regime’s ability to maintain social control outside of formal state structures.

“After Maduro’s arrest, a circular went out saying that opposition supporters would be captured and obviously alluding to actions of justice by these groups,” Vaquero insists. “So repression itself has not diminished, not in a constant way, not in a sustainable way.”

Elections: A Constitutional Impossibility

Venezuelan opposition figures and Washington officials increasingly acknowledge that legitimate elections cannot take place in the near term. The electoral system’s corruption under Chavismo extends beyond fraudulent vote counting to fundamental issues of voter registry manipulation and military involvement.

“This government put deceased people to vote,” Vaquero claims. “This government gave identity cards indiscriminately to Cubans, to Russians, to Chinese, to people from FARC, to people from ELN.”

María Corina Machado, the Nobel Peace Prize laureate leading Venezuela’s unified opposition, estimated in early February that transparent elections using manual voting could take place within 9 to 10 months. However, National Assembly President Jorge Rodríguez, Delcy’s brother and key regime interlocutor with Washington, ruled out elections in the near future, citing the need for stabilization.

White House Press Secretary Karoline Leavitt has echoed the administration’s reluctance to commit to an electoral timeline. When pressed on when elections might be held, Leavitt stated: “It’s too premature and too early to dictate a timetable for elections in Venezuela right now.” She emphasized that the administration has “maximum leverage over the interim authorities in Venezuela,” and that “their decisions are going to continue to be dictated by the United States of America.”

The constitutional framework technically allows Acting President Rodríguez to serve 90 days, with a possible ninety-day extension if approved by the Chavista-controlled National Assembly. Temporary absence provisions, however, are interpreted creatively by the Supreme Court, which effectively eliminates any firm deadlines.

A U.S. intelligence official focused on Latin America issues, speaking on background to The Cipher Brief, estimates that credible elections extend well beyond constitutional requirements. The source highlights that comprehensive electoral reform requires dismantling power structures that are still firmly entrenched.

Bustos also underscores that elections might realistically occur as early as next year.

“We need first of all to get a country more stable,” he says. “We need to put our institutions on stronger foundations.”

Without functioning democratic institutions, independent electoral authorities, or international oversight mechanisms in place, any rushed election would ratify the status quo. Under current conditions, elections would not be free or fair because the regime controls voters’ registries and ballots. As long as the same power structure is still in place, cosmetic reforms cannot address this fundamental barrier.

Leverage and Limitations

Despite these obstacles, the Trump administration can drive genuine change by maintaining pressure through its military presence and negotiations over sanctions relief. It appears, however, that the regime is trying to outlast Washington’s attention by complying tactically with American demands while maintaining fundamental power structures.

Paola Salazar, director for Medellín and Antioquia state at Colombia’s government migration agency, Migración Colombia, tells The Cipher Brief that pendular migratory flows between Colombia and Venezuela have remained stable since January 3, suggesting Venezuelans are not yet convinced conditions have fundamentally changed.

Moreover, Alejandro Méndez Hernández, a Venezuelan community organizer in Bogotá, tells The Cipher Brief that trust is still absent, hence migrants are not returning despite Maduro’s removal.

“We have a huge amount of Venezuelans being arrested as political prisoners, who haven’t been released until today, so it’s not building trust,” he continues.

Acting President Rodríguez told NBC News earlier this month that she would hold free and fair elections but declined to commit to a timeline, stating that the schedule would be determined through political dialogue. When pressed about Machado, Rodríguez said she would face legal scrutiny upon any return for calling for military intervention and sanctions.

Secretary of State Marco Rubio has publicly outlined a three-phase approach for Venezuela’s future — stability, recovery, and transition to democracy — though he has declined to provide a specific timeline. During his January 28 Senate Foreign Relations Committee testimony, Rubio emphasized that “the end state here is we want a friendly, stable, prosperous Venezuela, and democratic, in which all elements of society are represented in free and fair elections.”

However, Rubio acknowledged the complexity of the timeline, stating, “We’re not going to get there in three weeks. It’s going to take some time.” In subsequent remarks to reporters, he added that the transition “can’t take forever” and acknowledged there must be progress within several months. However, he cautioned that “this is not a campaign to leave in place the systems currently in place.”

The Diosdado Factor

Interior Minister Cabello represents the most significant obstacle to a genuine transition. With control over security forces, intelligence services, and armed collectives, he possesses the coercive apparatus necessary to maintain regime control independent of formal governmental structures.

“Diosdado Cabello has a price imposed by the United States,” Vaquero explains. “He controls the coercive apparatus and all the internal loyalties. We’ve seen him lately. Every time he appears in Venezuelan media, he looks scared.”

The U.S. intelligence source identifies Cabello as the key figure whose removal or neutralization would be necessary for an authentic democratic opening. As long as Cabello maintains control of security forces, any political transition will be cosmetic rather than substantive.

His control extends beyond formal military and police to encompass armed civilian collectives that intimidate opposition supporters and maintain social control, operating with impunity while allowing the regime to claim official restraint.

Foreign Influence and Regional Implications

The regime’s historical relationships with Iran, Hezbollah, Russia, and China complicate transition planning. Despite keeping a low profile after Maduro’s removal, these actors continue to threaten American national security.

Bustos stresses that the presence of Hezbollah and Iranian-linked entities necessitates an extended transition period.

“The United States certainly knows about it,” he says. “I think that it’s not possible to get them out of the country really quickly.”

The re-extradition of Colombian-Venezuelan businessman Alex Saab in early February, designated by the United States as a key financial operator for Maduro, demonstrates some cooperation from regime elements with American law enforcement.

Saab’s arrest represents a significant test of cooperation with Washington. U.S. authorities accused Saab of moving approximately $350 million out of Venezuela through corrupt contracts, making him central to understanding how the regime financed itself under sanctions. His potential extradition signals Rodríguez is willing to sacrifice even Maduro’s closest financial operatives to maintain Washington’s support.

Nearly 9 million Venezuelans in the diaspora are reassessing their return prospects, yet few are making immediate plans to return. The combination of continued repression, economic uncertainty, and the presence of the same officials who forced their exile creates a wait-and-see dynamic.

Venezuelan passports cost approximately $700 on the black market when available, complicating both legal status abroad and potential return. Embassies and consulates are largely non-functional, creating a documentation crisis that traps Venezuelans in limbo regardless of whether they wish to return home or establish permanent residence elsewhere.

Strategic Implications

There is a fundamental question for Washington intelligence planners: Does the current arrangement represent a genuine transition, or is it simply the regime’s survival under American pressure? Continuing imprisonment of opposition figures and constitutional maneuvers to avoid elections suggest the former.

The official from the U.S. intelligence community notes the regime is maintaining strategic control while ensuring tactical compliance. In the absence of sustained military and economic pressure and clear benchmarks, the current government will likely continue to drag its feet on reforms for as long as possible.

The prisoner release pattern is illustrative. While hundreds have been freed, the process is opaque, reversible, and controlled entirely by Cabello’s interior ministry. As well as gag orders, those released are subject to re-arrest for hypothetical “political activity.”

Meanwhile, Defense Minister Vladimir Padrino’s presentation of a golden baton to Rodríguez at a military parade in February symbolized the armed forces’ continued allegiance to Chavista structures rather than any new democratic order.

Venezuela’s situation tests the Trump administration’s approach to authoritarian transitions. Government policy toward Venezuela currently reflects a calculated preference for energy security over democratic reform. Washington views maintaining regional stability and securing oil access as more pressing strategic priorities than the unpredictable outcomes of rapid political reforms.

The Trump administration’s stated objectives for Venezuela emphasize democratic transition. Rubio told the Senate that Washington seeks “free and fair elections” where “all elements of society are represented,” noting pointedly that “you can have elections all day,” but without media access for opposition and the ability for opposition candidates to run freely, “those aren’t free and fair elections.”

Yet the administration’s actions reveal a calculated preference for energy security over rapid political reform. In the same testimony, Rubio prioritized Venezuela becoming “a friendly, stable, prosperous” partner and ending threats from “Hezbollah and Iran in our own hemisphere.”

Washington views maintaining regional stability and securing oil access as more pressing strategic priorities than the unpredictable outcomes of immediate democratic reforms. This pragmatism risks legitimizing a rebranded authoritarianism, retaining the repressive mechanisms of Maduro’s regime.

However, observers caution that this pragmatism may come at a cost in the long run. By prioritizing energy and migration management, the U.S. risks legitimizing a rebranded authoritarianism that retains the repressive mechanisms of Maduro’s regime.

Former U.S. Ambassador to Venezuela James Story assessed that Rodríguez will play for time, doing “just enough to make it look as if they are complying” while waiting for U.S. focus to shift.

Venezuela’s post-Maduro transition ultimately reveals limitations of decapitation strategies against entrenched authoritarian systems. While removing Maduro eliminated the regime’s symbolic figurehead, the intelligence and security apparatus is intact.

Elections cannot occur in the short term, at least not elections meeting minimal standards of freedom and fairness. There is corruption in the electoral infrastructure, arrests of opposition figures for political activities, and the ability and leadership of those who would suppress genuine democratic opening is intact.

While the current arrangement provides tactical benefits, it also leaves strategic vulnerabilities regarding oil access and preventing a migration surge. The same figures wanted on U.S. criminal charges coordinate government functions. The same security services that tortured political prisoners manage their conditional release. The same armed collectives that intimidated voters patrol neighborhoods.

“Where Diosdado Cabello has been, obviously repression has not disappeared,” Vaquero adds. “It materializes with collectives, with social pressure, with selective judicialization. And obviously, while Diosdado remains in power, there won’t be profound change but rather tactical changes.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

Defending the Homeland: Pentagon Shifts Strategy on Drone Threats

OPINION — “This memorandum consolidates approximately ten separate outdated memoranda that were inadequate to address the current, complex unmanned aircraft system (UAS) threat environment. The new guidance affects a culture shift by empowering commanders to unambiguously apply their authority to mitigate threat UAS. Our message is clear, Department of War (DoW) airspace is off limits, and our commanders on the ground have the discretion to defend our airspace against all manner of UAS threats…Expanding the Defensive Perimeter : Grants commanders the authority to extend defensive actions beyond the physical ‘fence line’ of an installation; allows for the adequate protection of covered facilities, fixed assets, and mobile assets; placing trust in the commander and maximizing their flexibility to defend facilities and assets.”

That’s a quote from last Tuesday’s Defense Department (DoD) press release, Fact Sheet: C-UAS [counter unmanned aircraft systems] Policy in the U.S. Homeland. It was issued just hours before the Federal Aviation Agency (FAA) temporarily closed airspace within an 11-mile radius of El Paso International Airport, but after Customs and Border Protection (CBP) personnel on the day before [Monday, February 9] used a classified Pentagon laser system on nearby Fort Bliss Air Base, to shoot down what they thought were drug cartel UAS systems [drones], but turned out to be metallic party balloons.

According to the Wall Street Journal, Defense Secretary Pete Hegseth last month had approved lending the 20-kilowatt directed-energy LOCUST [laser] weapon to CBP for use on the Fort Bliss installation, whose fence line is on the Mexican border.

The CBP test was not coordinated with the FAA and the resultant uproar, which subsequently involved the White House and Congress, marks only the beginning of what I believe will be a series of similar episodes related to homeland protection against suspect UAS drone systems.

An interesting sidelight to last week’s events: The Senate Armed Services Committee was scheduled to have a meeting last Thursday morning with two Pentagon drone experts, Owen O. West, DoD Senior Advisor for Drone Dominance, and Travis Metz, Drone Dominance Program Manager. It was called off at the last minute.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

Drones are becoming smarter, more autonomous and more widespread, and as their uses grow the lines get blurry between legitimate and illegitimate, secure and not secure, particularly in metropolitan areas. There are strict FAA rules that govern drones over 55 pounds or any flown for non-recreational purposes. There are even some FAA requirements for outdoor flying of smaller drones for personal pleasure.

Back on June 6, 2025, President Trump issued an Executive Order (EO) called Restoring American Airspace Sovereignty that dealt primarily with UAS. It said of them, “criminals,

terrorists, and hostile foreign actors have intensified their weaponization of these technologies, creating new and serious threats to our homeland. Drug cartels use UAS to smuggle fentanyl across our borders, deliver contraband into prisons, surveil law enforcement, and otherwise endanger the public. Mass gatherings are vulnerable to disruptions and threats by unauthorized UAS flights. Critical infrastructure, including military bases, is subject to frequent — and often unidentified — UAS incursions. Immediate action is needed to ensure American sovereignty over its skies and that its airspace remains safe and secure.”

Trump’s June 2025 EO also said that the United States must have a secure and strong domestic UAS industrial base and that relying on UAS produced in foreign countries as well as foreign-made UAS critical components pose unacceptable national security risks to the U.S.

As one response, the June EO called for, “The Attorney General, in coordination with the Secretary of Defense; the Secretary of Transportation, acting through the Administrator of the FAA; the Secretary of Homeland Security; the Director of OMB; and the Chairman of the Federal Communications Commission, shall promptly take all appropriate steps…with regard to the creation of the National Training Center for Counter-Unmanned Aircraft Systems (Center), and, upon establishment of the Center, focus initial training provided by the Center on development of Federal and SLTT [State, Local, Tribal, and Territorial] capabilities to secure major upcoming national and international sporting events held in the United States, such as the FIFA World Cup 2026 and the 2028 Summer Olympics.”

By December 2025, the FBI had established the National Counter-UAS Training Center (NCUTC) at Redstone Arsenal in Huntsville Alabama where the Bureau already had cybersecurity, intelligence, and forensic training. Ever since, the NCUTC has been training officers from state, local, tribal, and territorial agencies on how to detect drones using radar, radio frequency sensors, and related technologies. More important, they are trained how to identify whether a drone is authorized or hostile, assess threats, and coordinate responses across various agencies.

During training, the FBI emphasizes that offensive actions against drones only occur when legally authorized, but the rules are complex. The FAA website, to assist law enforcement personnel responding to drone incidents, has created a three-part video series that covers the basics of drone regulations.

An additional response to the Trump June 2025 EO was Defense Secretary Pete Hegseth’s establishment in August 2025 of Joint Interagency Task Force 401 (JIATF 401) to replace the Pentagon’s then existing Joint C-sUAS Office. Operating under the Secretary of the Army, Hegseth’s order said, “JIATF 401 will be a joint activity and established as a jointly manned organization. The Military Services will support JIATF 401 with timely joint manning…This

new task force is empowered with broader authorities, funding flexibility, and rapid acquisition capabilities. Its mission is to strengthen U.S. airspace sovereignty, protect personnel and facilities, and outpace adversaries’ growing drone threats. With joint manning, interagency collaboration, and streamlined governance, JIATF 401 is designed to deliver innovative, mission-ready solutions at speed.”

As an example of cooperation, last Thursday, Army Brig. Gen. Matt Ross, JIATF 401 Director, visited the FBI's NCUTC in Huntsville yesterday. He met with Mike Torphy, FBI acting assistant section chief for UAS and counter-UAS, and discussed security preparations for this summer's soccer FIFA World Cup activities. Ross and Torphy also met with expert instructors who are teaching a specialized course for local law enforcement in each of the soccer tournament's eleven host cities across the nation.

One of the more unusual steps underway in the drone security field was announced by the Federal Communications Commission (FCC) last December 21. It referred to “a [White House] National Security Determination regarding the unacceptable risks posed by UAS and UAS critical components that are produced in foreign countries.”

It added that, “U.S. cybersecurity and critical infrastructure guidance has repeatedly highlighted how foreign manufactured UAS can be used to harvest sensitive data, used to enable remote unauthorized access, or disabled at will via software updates.”

As a result, the FCC has updated its so-called Covered List, which identifies foreign-made communications equipment and services that pose unacceptable risks to U.S. national security, and thus cannot be imported for sale or use in the U.S. The action, taken by the FCC last December 22, prohibited the future imports of both foreign-made UAS and UAS components, but does not affect any previously-purchased drone, nor does it prevent retailers from continuing to sell, import, or market foreign drone models or parts approved earlier in 2025.

I found one of the best descriptions of the drone security dilemma was in a sales brochure entitled Countering UAV Threats, produced by BAE Systems, a leading defense contractor.

The BAE brochure said, “Detecting small and inexpensive UAVs remains one of the most persistent operational challenges facing today’s militaries. These platforms possess small radar cross-sections, produce minimal acoustic and thermal signatures, and often operate at low altitudes within ground clutter. Many are capable of autonomous flight with little or no radio frequency (RF) emission, making traditional detection methods unreliable. Urban and vegetated terrain further complicate detection, as buildings and foliage create blind spots and signal reflections that mask UAV movement. Adverse weather, restricted lines of sight and interference from birds or civilian activity introduce additional uncertainty.”

Then brochre went on, “A connected challenge is distinguishing between hostile and civilian UAVs. Attribution and intent are major challenges, as it is often unclear who controls a UAV and for what purpose it is being used, particularly in grey-zone or proxy scenarios. The compressed decision timelines of UAV operations further complicate matters, as engagements frequently occur in seconds, leaving little room for deliberation.”

Needless to add, last week the Air Force Life Cycle Management Center, Eglin Air Force Base, Florida awarded BAE a cost-plus-fixed-fee $145 million contract for the development, manufacturing, and delivery of Counter Unmanned Aerial Systems weapon systems.

Along with everything else, the drone problem is worth keeping an eye on.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

How Cuba's Infrastructure Crisis Is Opening the Door to Foreign Intelligence Networks

DEEP DIVE — On February 13, nighttime light emissions across major Cuban cities had dropped as much as 50 percent compared to historical averages — the latest chapter in a crisis that has seen the island's grid collapse multiple times over the past year.

As desperate citizens in half the country waited in the dark, something else was accelerating along the island's few electrified corridors. Chinese technicians continued installing telecommunications equipment, Russian engineers maintained radar stations, and intelligence operatives from both nations embedded themselves deeper into Cuba's crumbling infrastructure.

Just 90 miles from Florida, Cuba's energy crisis has metastasized from an economic catastrophe into a national security vulnerability. Although Havana struggles to maintain the lights, Beijing and Moscow have come to Cuba's aid not as charitable donors but as strategic opportunists seeking to expand their intelligence-collection capabilities.

The State Department warned just one day after the latest outage that "scheduled power cuts occur daily, and unscheduled outages persist throughout Cuba." The island's thermoelectric plants, many dating back decades, now operate at barely 34 percent of their capacity. In February, five of eight Turkish-leased floating power plants departed Cuban ports after Havana failed to meet payment obligations.

The crisis has intensified dramatically as Cuba's oil lifelines have been severed. Following the U.S. seizure of control over Venezuelan oil operations in early January, Mexico had become Cuba's primary supplier, shipping nearly 20,000 barrels per day through September 2025. Yet, under mounting pressure from the Trump administration, which threatened tariffs on any country supplying Cuba with oil, Mexican President Claudia Sheinbaum announced in late January that shipments had been at least temporarily halted.

The figure had already plummeted to about 7,000 barrels per day, leaving Cuba essentially without oil imports for the first time in years.

The breakdown has created an opening that America's strategic competitors are exploiting with alarming sophistication. From this vantage point, intelligence services can monitor U.S. military installations across the Southeast, track Space Force launches from Cape Canaveral, intercept communications from Southern Command headquarters in Florida, and observe naval movements throughout the Atlantic and Gulf of Mexico.

For Beijing and Moscow, Cuba's desperation has become an important windfall.

Beijing's Digital Footprint Expands

China's presence in Cuba has grown exponentially, particularly in telecommunications and digital infrastructure. In testimony before Congress last May, national security analysts confirmed that satellite imagery identifies at least four Chinese-linked signals intelligence facilities across Cuba — Bejucal, Wajay, and Calabazar near Havana, plus a newly constructed site at El Salao near Santiago de Cuba.

"Cuba's proximity to the homeland continues to make the island an attractive intelligence platform for U.S. adversaries," Connor Pfeiffer, senior director of government relations at Foundation for the Defense of Democracies Action, tells The Cipher Brief. "Within 400 miles of Havana sit the headquarters of the U.S. combatant commands for Latin America and the Middle East, U.S. Special Operations Command, and air bases that regularly host advanced U.S. fighter aircraft."

As Cuban telecommunications companies struggle with outdated Soviet-era equipment and chronic power failures, Chinese firms, particularly Huawei and ZTE, have positioned themselves as the only viable solution. These companies aren't simply selling hardware; they're installing the very networks through which Cuba's limited internet traffic flows.

"Because of this proximity, intelligence outposts in Cuba provide signals intelligence and other capabilities that are invaluable to Beijing and Moscow," Pfeiffer explains.

The El Salao site features a circularly disposed antenna array, a configuration highly effective at determining the origin and direction of incoming high-frequency signals. These installations can track signals up to 9,300 miles, providing Beijing with unprecedented visibility into U.S. military communications and operations.

Meanwhile, MacDill Air Force Base in Tampa, home to U.S. Central Command and Special Operations Command, sits less than 300 miles from Cuban shores. Naval Station Mayport in Jacksonville, Naval Air Station Key West, and dozens of other sensitive military installations across Florida, Georgia, and Alabama all operate within easy range. The advantage over satellite surveillance is stark.

"By contrast to what can be obtained from overhead satellite images and other collection from satellites in low earth orbit whose time passing overhead can be anticipated, the ELINT facilities in Cuba are a constant presence with line of sight to key U.S. facilities," Evan Ellis, research professor of Latin American Studies at the U.S. Army War College Strategic Studies Institute, tells The Cipher Brief.

The infrastructure crisis has made Cuba more dependent on Chinese technical expertise. In February 2025, Chinese Ambassador Hua Xin and Cuban President Miguel Díaz-Canel announced China would construct 55 solar plants by the end of 2025, with an additional 37 planned by 2028. If completed, the network would add over 2,000 megawatts of capacity. However, this dependency gives Chinese intelligence services unprecedented access to Cuban government communications, military installations, and infrastructure systems.

"During the present U.S. military operations in the Caribbean, and in a future U.S. conflict in the Indopacific involving U.S. deployment from bases on the Atlantic seaboard and transit through the Caribbean, the Chinese electronic intelligence gathering facilities in Cuba are well positioned to capture not only things like radio transmissions, but the emissions from U.S. facilities, and the signatures of U.S. ships and other forces," Ellis underscores.

In simpler terms: China's Cuban listening posts can intercept not just what U.S. forces communicate, but the electronic fingerprints of their equipment, from radar emissions to communications arrays and ship propulsion systems. By using these signatures, adversaries can identify specific vessels and aircraft, track their movements, and potentially develop countermeasures to defeat U.S. military technology.

Moscow's Renewed Military Presence

Russia's intelligence footprint in Cuba never entirely disappeared after the Cold War, yet Moscow's activities have intensified dramatically. In March 2025, Russia and Cuba signed a military cooperation agreement that Russian lawmakers ratified in October. Ukrainian intelligence estimates that between 6,000 and 7,000 Cubans are currently fighting as mercenaries in Russia's war against Ukraine — the second-largest foreign contingent after North Korea's approximately 12,000 troops.

Rather than operating out of a single massive facility like the Soviet-era Lourdes complex, Russian intelligence has embedded personnel and equipment within ostensibly civilian infrastructure projects. Russian engineers arrive whenever Cuba's power grid requires emergency maintenance, bringing more than just technical skills. When radar systems at Cuban air defense installations fail, Russian specialists provide upgrades with built-in collection capabilities.

Russia has also leveraged Cuba's energy crisis to deepen military cooperation through increasingly frequent naval port calls in Havana; visits that allow Russian intelligence personnel to rotate in and out without scrutiny.

Not everyone in the intelligence community shares the alarm. Critics argue the threat is being overblown by voices eager to justify increased defense spending or maintain hardline Cuba policies that have failed for six decades. Some policy experts argue the infrastructure crisis actually presents an opportunity. If Washington eased sanctions and provided assistance to Cuba's energy sector, Havana would have less incentive to accommodate Chinese and Russian intelligence requirements.

Yet Ellis rejects the notion that Cuba could credibly reduce its ties to Beijing and Moscow in exchange for U.S. economic relief.

"Although U.S. economic coercion, taking advantage of Diaz-Canel's currently desperate economic state, could facilitate a deal in which Cuba promises to reduce its Cuban or Russian presence, Cuba will promise to comply to the degree that it can without truly breaking those ties to China and Russia, which for it are both ideological allies and partners in its survival," he continues.

The regime's dependency, Ellis stresses, runs too deep.

"Not until there is a sincerely democratic pro-US regime in Cuba will the U.S. be truly secure from the type of extra-hemispheric threats that Cuba, like Venezuela, can host in the Caribbean," he asserts.

The desperation-dependence cycle gives Beijing and Moscow leverage that extends beyond traditional espionage. Cuban officials are not in a position to demand transparency when Chinese technicians install new telecommunications equipment. Moreover, when Russian engineers service radar installations in Havana, the government lacks leverage to refuse requests for expanded intelligence cooperation.

"Without Venezuelan oil aid, the Cuban regime faces acute energy shortages and reduced inflows of much-needed foreign currency," Pfeiffer says.

The Trump administration's successful pressure on Mexico to halt oil shipments represents a calculated gamble—one that leverages Mexico's vulnerability during upcoming trade agreement negotiations. The complete severance could accelerate the regime's collapse—or drive it even more desperately into Chinese and Russian arms.

Strategic Vulnerabilities

The intelligence implications extend far beyond passive eavesdropping.

"The data that could be collected could allow the Chinese to capture particular intelligence transmitted in an imperfectly secure or decipherable fashion, but also just from the signatures, have an idea regarding the composition and state of activity of U.S. forces, their location, and signatures that could allow them to more effectively locate and defeat U.S. systems in combat," Ellis points out.

The worst-case scenarios involve cyber weapons pre-positioned in critical infrastructure, electronic warfare systems that could interfere with U.S. military communications during a crisis, or intelligence networks that could support hostile operations on America’s doorstep. The geographic proximity compounds every vulnerability.

Yet not everyone views American intervention as the solution.

Leon Valencia, a former ELN rebel commander and director of the Bogota-based think tank Fundación Paz y Reconciliación, offers a Colombian perspective that reflects broader Latin American sentiment.

"We do see Cuba more as a victim," Valencia tells The Cipher Brief. "Throughout several peace negotiations, Cuba has been a very important part. For example, the peace agreements with the FARC rebels, signed back in 2016, were negotiated in Cuba. Cuba has always kept its doors open towards us. We are thankful to Cuba, but we wouldn't get involved in military actions; there would be a protest."

Yet Valencia and other regional analysts increasingly believe change in Cuba may be inevitable. Enrique Serrano, a Colombian political analyst specializing in Latin American authoritarianism, sees the current crisis as potentially terminal.

"It's very unlikely that the government in Cuba might survive this year," Serrano tells The Cipher Brief. "I think finally we can change, and especially because Venezuela failed too, and even I think Nicaragua will fail to. Those authoritarian governments like Venezuela, Nicaragua and Cuba, what they try to do in real life is to gain time. They will disappear earlier or later."

Washington's Dilemma

The expansion of Chinese and Russian intelligence capabilities in Cuba presents Washington with a challenge that defies easy solutions.

According to Pfeiffer, "continued U.S. pressure will make it difficult for China or Russia to assist the Cuban regime in getting out of this crisis of their own making."

The infrastructure crisis complicates any potential diplomatic opening. A government desperate to keep the lights on may prove more willing to accommodate Chinese and Russian intelligence requirements than it would under less dire circumstances.

The intelligence collection capabilities that Beijing and Moscow are establishing in Cuba will persist long after the current blackouts end. Once installed, telecommunications infrastructure operates for years or decades. Every blackout pushes Havana closer to Beijing, every grid failure necessitates Moscow's help; each represents an incremental expansion of foreign intelligence capabilities on American soil.

"The opportunities stemming from Cuba's military and political alignment with the PRC, longstanding working relationship with its military and other personnel, geographical proximity, and other benefits, both before and during war, are hard to overstate," Ellis adds.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

Media Literacy Isn’t Enough Anymore

OPINION — For years, media literacy has been treated as the solution to misinformation. I've advocated that position as well.

Teach people to question headlines. Encourage them to check sources. Help them recognize bias and emotional manipulation.

All of that still matters. In fact, it matters more than ever. I often encourage people to think like intelligence analysts when they encounter information online. Pause. Ask who benefits. Look for what is missing. Compare across sources. Pay attention to emotion. Those skills are essential. They are part of being an informed citizen in a digital world. And yet, they are no longer sufficient on their own.

The information environment has changed in ways that place unprecedented strain on individual judgment. AI-generated content now moves at a scale and speed no human can comfortably keep up with. Synthetic images, audio, and video are increasingly realistic. Recommendation engines quietly shape what we see first, what we see repeatedly, and what we never see at all.

Even people who are informed and motivated can feel overwhelmed. Not because they lack critical thinking, but because the environment itself is engineered for constant engagement and reaction. Volume replaces deliberation. Speed crowds out reflection. This creates a subtle but important shift in responsibility.

When every individual is expected to function as a full-time analyst, constantly verifying and filtering, fatigue sets in. Naturally, people disengage. Or they rely on shortcuts. Familiar narratives feel safer. Emotion becomes a guide. Over time, trust erodes, not only in information, but in the idea that careful judgment is even possible.

This is where the conversation needs to broaden. Individual literacy and critical thinking remain necessary. We should continue to teach people how to evaluate information and resist online manipulation. At the same time, we have to recognize that resilience cannot rest entirely on individual effort.

Healthy societies depend on environments that support human cognition. Spaces that allow for pause. Systems that introduce friction in high-risk moments instead of eliminating it. Norms and designs that make room for judgment rather than constantly competing for attention. Freedom has always depended on those moments when humans decide what matters, rather than being swept along by momentum.

In a world optimized for speed and engagement, protecting those moments may be one of the most important things we can do.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

From the Monroe Doctrine to Maduro: The Precedent Problem in U.S.

OPINION — In 1895, Secretary of State Richard Olney sent a diplomatic note to Britain that contained one of the most remarkable sentences in American foreign policy history: "The United States is practically sovereign on this continent, and its fiat is law upon the subjects to which it confines its interposition." The line was not a boast. It was a warning — directed at London during a boundary dispute in Venezuela, designed to end the conversation before it began. Britain, to the surprise of many, stood down. What Olney had asserted as doctrine, Elihu Root would spend the next two decades trying to discipline. As both Secretary of War and Secretary of State under Theodore Roosevelt, Root understood that a nation capable of issuing such a fiat faced a problem more dangerous than weakness: the temptation to use power simply because it could.

That project matters again. In January, the Trump administration carried out an operation that resulted in Venezuelan President Nicolás Maduro being taken into U.S. custody and transferred to Florida to face federal narcoterrorism charges. The action was legally defensible under existing statutes and drew intense attention at home, dividing domestic opinion. It was also the kind of operation Root would have recognized as dangerous; not because it violated the law, but because it normalized the use of military force as an instrument of policy once legal justification could be established.

Root's concern was not with Olney's outcome. Britain had backed down, arbitration followed, and the crisis resolved without war. The problem was what Olney's success licensed. A tool used effectively once becomes a template, and the lesson absorbed from 1895 was not that American power required discipline, but that assertion worked. Root understood this danger in part because he had helped institutionalize it. The Monroe Doctrine, as originally conceived in 1823, was framed as a barrier against European intervention in the Western Hemisphere. It was defensive in character. The Roosevelt Corollary, which Root helped construct in 1904, transformed that posture into an assertion of U.S. authority to intervene whenever Washington judged instability intolerable — Olney's logic formalized and given permanent address. In practice, this produced a system of ongoing intervention that stopped short of formal empire while exercising many of its functions: military occupations in Haiti and the Dominican Republic, repeated interventions in Nicaragua and Cuba, and coercive diplomacy justified in the language of order and stability.

Root spent the latter part of his career attempting to correct what he had helped build. He argued for international arbitration, multilateral institutions, and legal frameworks that would constrain American power even as the country grew stronger. In 1914, before the American Society of International Law, he offered a deliberately narrow redefinition of the Monroe Doctrine — not a declaration of hemispheric sovereignty, but a statement that certain foreign acts would be regarded as injurious to American peace and safety. The contrast with Olney was implicit but unmistakable. Root never named him. He didn't need to. He simply offered a different reading of the same doctrine — more disciplined, more defensible over time — and let the contrast speak. He won the Nobel Peace Prize in 1912 for that broader project. But his warning proved easier to admire than to heed. Over time, his diagnosis of American dominance flattened into justification and extended well beyond its original hemispheric frame.

I recognize the appeal of that logic because I once believed in it. In my twenties, working in Washington on national security issues at the end of the Cold War and into the early 2000s, I believed that the freedoms we enjoyed in the United States were a privilege that should not be exclusive, and that American power could and should be used to defend and extend the political conditions that made those freedoms possible. I sometimes imagined an America less burdened by the expectation that every use of power required a moral narrative alongside it — more openly transactional, less apologetic. I was a neocon before it mattered, and perhaps even MAGA before it was born. Iraq forced a reckoning, in part because it revealed how easily power justified by necessity could outrun foresight, legitimacy, and responsibility for what followed.

In the Maduro case, the debate in Washington quickly narrowed to whether the seizure could be defended legally. That question is necessary, but incomplete. The rule of law is the foundation of democratic authority, yet legality alone cannot carry the weight of wise judgment. A government can act within the law and still act unwisely, weakening the norms it depends on once power alone is no longer sufficient. American power should be used to confront injustice, and non-military tools are often preferable to force. The question is not whether to act, but how routinely power is applied once legality becomes its own justification.

The Maduro episode is unlikely to be the last application of this logic. Attention inside the administration has already shifted toward Cuba, where Washington is applying pressure through fuel interdiction, secondary sanctions, and emergency authorities framed as enforcement rather than intervention. These measures are calibrated, legally grounded, and short of war. They represent controlled intervention rather than unconstrained power.

That distinction matters — but it does not resolve the underlying risk. The Caracas operation involved the direct use of military force against a sitting head of state. Cuba involves economic pressure and interdiction. Root would have recognized the difference. He also would have understood how the former creates permission structures that make escalation from the latter more likely. The logic that validates measured coercion in Cuba is the same logic that justified seizing Maduro. Each action establishes precedent for the next. The question is not whether any single measure crosses a line, but whether the accumulation of incremental steps creates a system in which restraint becomes optional rather than structural.

There is a deeper tension at work. If the United States treats spheres of influence as an acceptable norm in its own hemisphere, it becomes harder to reject similar claims elsewhere. Vladimir Putin's arguments about near-abroad authority rest on a logic the United States weakens when it asserts special prerogatives rooted in power rather than principle. The cases are not morally equivalent. Putin's interventions in Ukraine and Georgia involve territorial conquest and the erasure of sovereignty in ways American actions in the hemisphere do not. But the structure of the argument is similar enough that adversaries will exploit the parallel and allies will notice the inconsistency.

Root understood that sovereignty without discipline invites decay. The question before us is not whether America can act this way. Clearly, it can. The question is whether doing so strengthens the order it claims to lead or erodes it through accumulated precedent. Power exercised without restraint rarely remains exceptional.

Root's warning was never about weakness. It was about the difference between authority and dominance, between leadership that endures and power that exhausts itself. A century later, we are testing that distinction again.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

Inside the High-Stakes U.S. Pressure Campaign on Iran

EXPERT INTERVIEW – U.S. officials say a second aircraft carrier will be deployed to the Middle East amid the administration’s efforts to pressure Iran to agree to restrictions on its nuclear program. The USS Gerald R. Ford is expected to join the USS Abraham Lincoln in a significant build-up of U.S. military force in the region.

President Trump said this week that he does believe the U.S. will be able to reach a deal with Tehran but warns that if talks fail, the outcome could turn far more severe.

After meeting with the president in Washington this week, Israeli Prime Minister Benjamin Netanyahu is less optimistic about a deal, telling reporters on Thursday that “...I expressed general skepticism about any agreement with Iran, but I said that if an agreement is reached, it must include the elements that are important to Israel: not only the nuclear program, but also the ballistic missiles, and also the Iranian proxies.”

Meanwhile, Iran’s national security chief Ali Larijani is warning that Tehran would strike U.S. bases in the region if it is attacked.

The Cipher Brief spoke with former National Intelligence Manager for Iran at ODNI Norm Roule about what is likely to come next. Roule, who is also a Cipher Brief Expert, travels regularly to the region for meetings with senior leaders. We spoke with him in this exclusive interview about the risks and opportunities facing the U.S. with regard to Iran and what he believes Iran is likely to do first if the U.S. does launch a military attack.

Norman T. Roule

THE INTERVIEW

The Cipher Brief: The U.S. is continuing to deploy military assets to the Middle East. How are you assessing the opportunities given where talks with Tehran are at the moment? What do you see as realistic U.S. objectives?

Roule: You’re correct to start with a focus on objectives. This will give us targets to assess risks and opportunities, as well as the report card against which the success of any strategy must be judged.

A number of these are included in the Trump Administration’s December 2025 National Security Strategy: avoid involvement in a costly regional war or nation-building, ensure that regional sea lanes and choke points remain open, and maintain stable energy markets.

Regarding the Islamic Republic, every Administration – indeed the entire international community – has agreed that Tehran must cease the oppression of its people, must not be allowed to develop a nuclear weapon, its missile programs must be constrained, and its malign regional adventurism and support for terrorism must end. This latter set of ambitions has been part of not only this administration’s Iran strategy but also of the first Trump administration's strategy. Former Secretary of State Mike Pompeo’s May 2018 Twelve-Point Speech on Iran highlighted each of these goals.

However, the current approach addresses areas where there are different views on the balance between nonproliferation and broader regional issues, and on whether to resolve the nuclear issue first and address other issues later, or to handle them together.

Former Secretary of State Condoleezza Rice once famously reminded a group that policymaking is done in a reality where we must remember that we are a country and not an NGO. National interests, security, and power drive foreign policy.

Humanitarian goals will be important in our policies, but they won’t be the primary driver. Ours is not the first generation to face the challenge of how far we should go to encourage and militarily support those who courageously stand against tyrants.

Woodrow Wilson faced this dilemma as White Russian armies fought the Bolsheviks in 1918-1920. Several presidents were pressed to respond as Germans, Czechs, Hungarians, and other protestors valiantly stood up against heavily armed Soviet occupiers in the 1940s, 50s, and 60s. It’s easy to say we should do more, but these decisions are never clear. In this case, there have been many calls for military action, and it is easy to understand the rationale, watching the regime’s cruelty against the courage of Iranian protestors. But it is also unclear exactly what we are to attack, for how long, how we would measure success, whether the results would justify the ramifications of dealing with Iran’s military retaliation and lastly, whether the moment for such action has passed. Every presidential advisor would try to address these questions.

But if policy choices regarding Iran involve profound risks, the events of this month show that kicking the can down the road is no less dangerous. Inevitably, the can gets heavier with every kick and the road gets shorter. There is absolutely nothing regarding the Iran threat today that hasn’t been predicted for years. The international community refused to risk the price of hard actions against Iran, and elected to use repeated attempts at diplomacy, corrosive sanctions (which were effective in limiting Iranian capabilities) and until June 2025, increasingly empty threats of military action to constrain Iran.

In terms of opportunities, the Administration has been consistent in its focus on four priorities with regard to Iran. The most recent has been humanitarian and involves the U.S. threat of military action against the regime if it continues using widespread murderous force against Iranian protestors. No one can deny the horrific and bloody crimes committed by this regime during the recent unrest. The violence has subsided along with the protests, albeit widespread arrests and detentions continue. The President has claimed that his threats of military action limited Iran’s use of violence and stopped Iran from hanging large numbers of protestors. Some certainly argue that we should have used military action to aid the protesters, but this raises the question I mentioned earlier and related issues about whether we had sufficient assets in the area to address potential “Day After” consequences. This is a question with no single clear answer. However, our use of diplomatic, economic, and military pressure to prevent regime violence against protesters is appropriate and consistent with our national values.

The Cipher Brief: The White House is now focused on Iran’s nuclear, missile, and regional threats. Talk to us about why this is a priority and whether the current moment is an opportunity.

Roule: Let’s start with Iran’s nuclear program. The June 2025 Twelve-Day War severely degraded – at least for now – Iran’s nuclear weapons capability. But that capability can be rebuilt, and if Iran has any enrichment capacity, especially one not under international supervision, they can try to produce weapons-grade enriched uranium. But if Iran doesn’t agree diplomatically not to rebuild these capabilities and to provide the International Atomic Energy Agency with the access it requires, we should steel ourselves to the requirement that the Israelis or we will need to repeat the June 2025 military strikes when Iran chooses to rebuild.

Next, we have the Iranian ballistic missile threat. The unclassified May 2025 Defense Intelligence Assessment stated that Iran’s space-launch vehicle program could give it the capability to build as many as sixty intercontinental ballistic missiles (ICBMs) by 2035.

Iran’s repeated use of ballistic missiles against multiple countries makes it reasonable for Israel to be concerned about the long-term size and direction of this program as well. Iran’s missile program is not currently a threat to Western Europe. If Iran builds ICBMs, this, of course, changes. The idea that anyone would allow a country with Iran’s political, military, and nuclear history to build dozens of potentially nuclear-tipped ICBMs within nine years should not be acceptable. It would also be too easy to imagine a scenario in which Iran and North Korea joined forces to threaten the U.S. Homeland. So, we either compel Iran to change the course of its ballistic missile program, work with Europe to build a costly missile shield, or destroy that program militarily now.

Last, Iran’s Quds Force remains operational and has begun to repeat what will be a several-year campaign to reconstitute its regional proxy program. This is not the first time the Quds Force has been required to rebuild a regional program amid great risk to the regime. In fact, it’s the third time since 2003.

By any traditional measure, the Islamic Republic represents a failed revolutionary state ruling a disillusioned and angry population. In many ways, it resembles the final years of the Soviet Union: an ossified regime whose ideology is dismissed even by its most ardent supporters. The regime retains power through repression, coercion, corruption, and a multi-layered system of lucrative patronage that its most potent supporters would lose in any reformed government.

The administration’s rhetoric and actions make a reasonable case that the current moment should be tested to see whether, with further pressure – which could include military action – the regime would sacrifice these malign activities in exchange for sanctions relief that would allow the Islamic Republic to survive. This won’t satisfy those who seek regime change, but it does parallel Washington’s approach to Venezuela.

The Cipher Brief: How would you assess Iran’s losses to date?

Roule: By any measure, Iran’s losses have been extraordinary, consequential, and unprecedented in modern history for a country of its size, regional influence, and global economic impact in the energy market. The last two years have been crowded with examples of the collapse of its political, economic, and national security architecture.

In terms of leadership, the regime has endured the death of President Ebrahim Raisi, who was highly likely to be Supreme Leader Khamenei’s choice. His passing was followed by a historic low turnout in elections that led to the Pezeshkian presidency. Pezeshkian failed to deliver on his economic promises. His tenure has included the dismissal or resignation of two vice presidents, two cabinet officials, and other senior officials. He spends much of his time apologizing to the Iranian people for the government's failures, hoping this tactic will win him popular support. It’s somewhat understandable in that the economic complaints that ignited Iran’s recent nationwide unrest occurred in a country that has endured months of shortages of water, electricity, natural gas, and refined products, which forces the repeated closure of schools, government offices, and businesses.

The World Bank estimates that one-third of Iranians (25-26 million) are below the poverty line. Annual inflation reached 43 percent in December 2025. The rial, which fell to 1.43 million to the dollar before the unrest, just reached 1.63 million to the dollar and appears to have no bottom. U.S. Secretary of the Treasury Scott Bessent’s comments on recent U.S. expanded sanctions in response to Iran’s handling of protests underscores Washington’s intent to use whatever economic tools it can to pressure Tehran.

The Cipher Brief: If you’re looking at this in terms of Iran’s own national security, how does it look?

Roule: In terms of national security, the picture is bleak. Over the past two years, Israel killed the commanders of Iran’s primary proxy partners and destroyed the group's strategic capacity. Russia and China proved to be of no help in the June War, nor could they stop the reimposition of United Nations Security Council Sanctions.

The loss of Syria and Venezuela cost Iran its closest external allies, reducing its regional and global political reach. The June War was a profound defeat for Iran’s air defenses and intelligence services. Israel and the U.S. easily destroyed key elements of Iran’s hugely expensive nuclear program, an effort that has cost billions of dollars and for which Iran has endured decades of political and economic isolation. The conflict cost Tehran many of its most experienced military and nuclear personnel, and left Iran with billions of dollars in damage to its nuclear and missile infrastructure.

Finally, Iran’s murderous killing of protestors and internet shutdown starkly illustrated that the most successful aspect of the regime’s national security investments remains its tools of oppression.

The Cipher Brief: Many have described Tehran today as weak. Yet the regime keeps surviving protests. Its missile programs are considered a potential threat, and policymakers are worried about its capacity to threaten the Strait of Hormuz, impacting energy markets. What’s your take on this?

Roule: The regime is weaker in many areas, but it is more accurate to say that the regime has never been more fragile and is strategically weaker than it has been in decades. All of this is known to Iran’s Supreme National Security Council. But they can also list strengths they believe will help them survive. I would rather not list these publicly but suffice it to say that key elites and security elements remain unified, disciplined, and responsive.

If the government’s deep national unpopularity is a fact, it can’t be ignored, as a substantial portion of the population remains uncommitted to its overthrow, and some are committed to its survival rather than supporting the opposition. Externally, it may have no reliable state allies, but nor does it face an international coalition. The U.S. is its primary adversary. What it achieves against Washington will shape its relations with the world.

Iran may not be able to compete with the U.S. militarily, but that has always been the case. Its leaders know that they must be able to threaten an asymmetric response: regional and global economic destruction by missile, drones, and cyber-attacks will immediately begin should the U.S. attack Iran.

This list should leave your readers with the sense that these men believe the best days of the regime are ahead. That would imply stupidity, which is not a characteristic that gets one through Iran’s national security shark pool of political and policy challenges.

They wake every morning, knowing that their domestic political and economic realities make another cycle of nationwide anti-regime unrest inevitable. The Supreme Leader will be 87-years old on April 19. His eventual passing will trigger the final transition to the regime’s post-revolutionary generation and they have had years to prepare for this moment. But his passing, which could occur at any time, could create a new crisis. And of course, if an actual military conflict with the U.S. takes place, the survival of the regime, and the personal survival of those in Iran’s leadership could be in question.

The Cipher Brief: How are you assessing the impact of the Trump administration’s approach right now?

Roule: The structure of the Trump administration’s strategy remains strategically conventional. The administration’s primary goal is a diplomatic outcome that avoids a conventional war or an episode that leaves Iran empowered and U.S. credibility damaged. Hence, the likelihood of a dramatically powerful military attack on Iran remains high.

The administration has made no secret of its buildup of one of the most powerful offensive air, missile, and air defense capabilities in history. Israel has also threatened military action. The President is also reportedly considering dispatching another aircraft carrier task force to augment his offensive capabilities further. The way this force has been deployed thus far shows that it is part of the pressure campaign and that the President has not yet authorized military operations. Of course, this last point could change at any time.

The administration has deployed a senior diplomatic team and urged regional partners to press Iran to engage with the U.S. to reach a deal. The administration has loudly announced new economic pressure on Iran and of course, deployed a massive military force. All of this is meant to pressure Iran’s leaders into making concessions.

This brings us to the subject of timelines. This current process is likely to last until the president and his advisors believe they have exhausted diplomacy. If the administration continues to believe it must strategically change Iran’s nuclear, missile, and Qods Force, then military action becomes a very high probability.

Predicting this timeline is impossible as it is shaped by Iran’s decisions, partner input, U.S. political conditions, and even unexpected events, such as a sudden spike in unrest within Iran, the sudden death of the Supreme Leader, etc.

The Cipher Brief: What about Iran’s response?

Roule: Iran needs to conduct multiple actions simultaneously to reduce the pressure on the regime and improve its chance of long-term survival. These steps include ending the protests, improving its military capabilities, and developing a diplomatic strategy to delay a U.S. military strike. But in the near term, Tehran remains unlikely to give Washington what it wants.

Domestically, Tehran must ensure and demonstrate leadership and unity among security forces. The country’s leadership will continue to comprise a spectrum of trusted actors. Security forces will aggressively seek to locate and detain anyone believed to have been part of the recent unrest and anyone who they believe has engaged in unauthorized contact with Western opposition or media, and expedite trials to show that the regime’s control remains strong. The regime will seek opportunities to project an atmosphere of normalcy and, as we have already seen, organize pro-regime rallies and events to show that it has its own base of support.

Externally, the regime will seek to project defiance and confidence. Its primary diplomatic goal will be to buy time and prevent coalitions from forming, so it will seek negotiations, indirectly whenever possible, and will always focus on the most complicated issue: the nuclear program. Its public comments on the talks will be positive and vague. This has been its usual practice because doing so has a positive impact on the value of the rial to the dollar and supports the regime’s propaganda on diplomacy.

We should expect Tehran to maintain oil production and maybe even try to increase floating storage on shadow-fleet assets in Asia to allow it to meet contracts during any short-term conflict with the U.S. If it feels it needs to close the Strait of Hormuz, it has multiple ways of doing so, but we shouldn’t be surprised if the U.S. military has multiple options for dealing with that.

At the same time, it will prepare missile and cyber operations both to signal deterrence and to survive any U.S. and possibly combined U.S.-Israel attack. In the absence of a credible air defense, its deterrence rests on a public diplomacy narrative that it stands ready to launch broad attacks against every U.S. base in the region, Israel, and to close the Strait of Hormuz and perhaps attack oil export facilities, damaging the international oil market, if the U.S. attacks. Iran hopes these statements will spark debate in the U.S. and diplomatic pressure from the international community against Washington over an attack.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Confidence, Interoperability, and the Limits of U.S. Decision Systems

OPINION — In recent months, U.S. policy debates have increasingly acknowledged that the decisive contests of the 21st century will not be fought primarily on conventional battlefields. They will be fought in the cognitive domain, through influence, perception, legitimacy, and decision velocity. This recognition is important and depends on an adequate technical and institutional layer to deliver durable strategic advantage. Cognitive advantage cannot be declared. It must be engineered.

Today, the United States does not lack data, expertise, or analytic talent. What it lacks is decision-shaping architecture capable of producing consistently high-confidence strategic judgment in complex, adaptive environments. The result is a persistent gap between how confident U.S. decisions appear and how reliable they are - especially in Gray Zone conflicts where informal networks, narrative control, and societal resilience determine outcomes long before failure becomes visible. Afghanistan was not an anomaly. Nor will it be the last warning.

The Confidence Illusion

In U.S. national security discourse, the phrase “high confidence” carries enormous weight. It signals authority, rigor, and analytical closure. Yet extensive research into expert judgment, including studies of national-security professionals themselves, shows that confidence is routinely mis-calibrated in complex political environments.

Judgments expressed with 80–90 percent confidence often prove correct closer to 50–70 percent of the time in complex, real-world strategic settings. This is not a marginal error. It is a structural one.

The problem is not individual analysts. It is how institutions aggregate information, frame uncertainty, and present judgment to decision-makers. While pockets of analytic under confidence have existed historically, recent large-scale evidence shows overconfidence is now the dominant institutional risk at the decision level.

Recent U.S. experience from Iraq to Afghanistan suggests that institutional confidence is often declared without calibration, while systems lack mechanisms to enforce learning when that confidence proves misplaced. In kinetic conflicts, this gap can be masked by overwhelming force. In Gray Zone contests, it is fatal.

Afghanistan: Studied Failure Without Learning

Few conflicts in modern U.S. history have been studied as extensively as Afghanistan. Over two decades, the U.S. government produced hundreds of strategies, assessments, revisions, and after-action reviews. After the collapse of 2021, that effort intensified: inspector general reports, departmental after-action reviews, congressional investigations, and now a congressionally mandated Afghanistan War Commission.

The volume of analysis is not the problem. The problem is that these efforts never coalesced into a unified learning system. Across reports, the same lessons recur misjudged political legitimacy, overestimated partner capacity, underestimated informal power networks, ignored warning indicators, and persistent optimism unsupported by ground truth. Yet there is no evidence of a shared architecture that connected these findings across agencies, tracked which assumptions repeatedly failed, or recalibrated confidence over time.

Lessons were documented, not operationalized. Knowledge was archived, not integrated. Each new plan began largely anew, informed by memory and narrative rather than by a living system of institutional learning. When failure came, it appeared suddenly. In reality, it had been structurally prepared for years.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Reports Are Not Learning Systems

This distinction matters because the U.S. response to failure is often to commission better reports. More detailed. More comprehensive. More authoritative. But reports - even excellent ones - do not learn. Learning systems require interoperability: shared data models, common assumptions, feedback loops, and mechanisms that measure accuracy over time. They require the ability to test judgments against outcomes, update beliefs, and carry lessons forward into new contexts. Absent this architecture, reports function as historical records rather than decision engines. They improve documentation, not confidence. This is why the United States can spend decades studying Afghanistan and still enter new Gray Zone engagements without demonstrably higher confidence than before.

Asking the Wrong Questions

The confidence problem is compounded by a deeper analytic flaw: U.S. systems are often designed to answer the wrong questions. Many contemporary analytic and AI-enabled tools optimize for what is verifiable, auditable, or easily measured. In the information domain, they ask whether content is authentic or false. In compliance and due diligence, they ask whether an individual or entity appears in a registry or sanctions database. In governance reform, they ask whether a program is efficient or wasteful. These questions are not irrelevant, but they are rarely decisive.

Gray Zone conflicts hinge on different variables: who influences whom, through which networks, toward what behavioral effect. They hinge on informal authority, narrative resonance, social trust, and the ability of adversaries to adapt faster than bureaucratic learning cycles.

A video can be authentic and still strategically effective as disinformation. An individual can be absent from any database and still shape ideology, mobilization, or legitimacy within a community. A system can appear efficient while quietly eroding the functions that sustain resilience. When analytic systems are designed around shallow questions, they create an illusion of understanding precisely where understanding matters most.

DOGE and the Domestic Mirror

This failure pattern is not confined to foreign policy. Recent government efficiency initiatives-often grouped under the banner of “Department of Government Efficiency” or DOGE - style reforms - illustrate the same analytic tendency in domestic governance. These efforts framed government primarily as a cost and efficiency problem. Success was measured in budget reductions, headcount cuts, and streamlined processes.

What they largely did not assess were system functions, hidden dependencies, mission-critical resilience, or second-order effects. Independent reviews later showed that efficiency gains often disrupted oversight and weakened essential capabilities - not because reform was misguided, but because the wrong questions were prioritized. DOGE did not fail for lack of data or ambition. It failed because it optimized what was measurable while missing what was decisive. The parallel to national security strategy is direct.

Why Gray Zone Conflicts Punish Miscalibration

Gray Zone conflicts are unforgiving environments for miscalibrated confidence. They unfold slowly, adaptively, and below the threshold of overt war. By the time failure becomes visible, the decisive contests - over legitimacy, elite alignment, and narrative control - have already been lost.

Adversaries in these environments do not seek decisive battles. They seek to exploit institutional blind spots, fragmented learning, and overconfident decision cycles. They build networks that persist through shocks, cultivate influence that survives regime change, and weaponize uncertainty itself. When U.S. decision systems cannot reliably distinguish between what is known, what is assumed, and what is merely believed, they cede cognitive advantage by default.

What “90 Percent Confidence” Actually Means

This critique is often misunderstood as a call for predictive omniscience. It is not. According to existing standards, No system can achieve near-perfect confidence in open-ended geopolitical outcomes. But research from forecasting science, high-reliability organizations, and complex systems analysis shows that high confidence is achievable for bounded questions - if systems are designed correctly.

Narrowly scoped judgments, explicit assumptions, calibrated forecasting, continuous feedback, and accountability for accuracy can push reliability toward 90 percent in defined decision contexts. This is not theoretical. It has been demonstrated repeatedly in domains that take learning seriously. What the U.S. lacks is not the science or the technology. It is the architecture.

Cognitive Advantage Requires Cognitive Infrastructure

The central lesson of Afghanistan, Gray Zone conflict, and even domestic governance reform is the same: data abundance without learning architecture produces confidence illusions, not advantage.

Cognitive advantage is not about thinking harder or collecting more information. It is about building systems that can integrate knowledge, test assumptions, recalibrate confidence, and adapt before failure becomes visible.

Until U.S. decision-shaping systems are redesigned around these principles, the United States will continue to repeat familiar patterns - confident, well-intentioned, and structurally unprepared for the conflicts that matter most.

The warning is clear. The opportunity remains with Yaqin.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

A Path to Understanding Autonomy in Defense Technology

Welcome to The Iron Triangle, the Cipher Brief column serving procurement officers tasked with buying the future, Investors funding the next generation of defense technology, and policy wonks analyzing its impact on the global order.

COLUMN/EXPERT PERSPECTIVE -- In its purest sense, autonomy is the condition of self-government. When we overlay that concept onto military machines and armed drones, the immediate fear is that we are outsourcing the moral weight of life and death to an algorithm. I’ve seen the Terminator series, so I know what you’re thinking. No, you don’t need to learn how to make a pipe bomb. It’s not as bad as you think… maybe.

However, the reality of military command is more nuanced. To understand autonomy in defense technology, I want to first be clear about how the military defines command.

Command is composed of three elements: authority, responsibility, and decision-making. Authority is the delegated power to make decisions and use resources. Responsibility is the legal and ethical obligation for everything a unit does or fails to do. And decision-making is the process of translating high-level intent into actionable orders.

Autonomy does not replace the commander; it enables the commander to aggregate and disaggregate aspects of Command and Control (C2). Specifically, autonomy allows a commander to delegate control to a machine while maintaining command. However simple this sounds, it is a monumental mindset shift for many commanders. To be successful, this will require reshaping some commanders’ understanding of technology.

To use autonomous systems appropriately, the commander assigns a framework of authority. This authority might be a benign task, such as "Conduct intelligence, surveillance, and reconnaissance in order to identify the enemy within [defined area]."

On the opposite end of the spectrum, such as in high-intensity, peer-conflict scenarios where there is no civilian presence, "Identify and destroy targets in [defined area]." The authorities a commander assigns to autonomous systems will depend heavily on their risk calculations and dozens of other factors.

The Rewards: Why Accept the Risk?

Remember that all responsibility for the mission remains with the commander. Given the potential risks outlined above, why would a commander accept responsibility for an autonomous system’s performance? Because autonomous systems will be required not only for survival, but to fight and win on a modern, transparent battlefield.

Operational Tempo (OPTEMPO). Autonomy denies the adversary the ability to reset during what would otherwise be natural lulls in combat operations. It enables a constant and consistent pressure campaign that human operators, limited by fatigue, cognitive bandwidth, and resources, cannot sustain.

Force Protection and Attrition. We must shift our thinking toward lifecycle protection. Autonomy allows us to project power and achieve effects without putting a human in the loop–where they are most vulnerable.

Cognitive Decoupling. By reducing the pilot-to-platform ratio from 1:1 to 1:Many, autonomy frees the commander’s mind to focus on the strategic rather than the tactical, effectively reducing cognitive load.

The Implications: The Path Forward

To move autonomy to battlefield reality, we must address three critical pillars:

Low-Cost Near-Exquisite Systems: Commanders cannot get comfortable with autonomy if they are afraid to lose their assets. We must continue to move away from high-cost platforms toward mass-producible, near-exquisite systems that allow for the thousands of training iterations required to build trust.

Interoperability: A quadcopter built in a Florida garage must immediately work cohesively with a bespoke system from a big defense prime. If autonomous systems cannot operate across-domains, if they aren’t vendor-agnostic, and if they can’t operate as one element of a swarm ecosystem, they aren’t force multipliers; they are a logistics burden.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

End Vendor Lock-In: Continuous innovation is the only defense against adversarial countermeasures, and rigid multi-year contracts stifle technology iteration. We need a development operations model for hardware, where field feedback is transferred directly to engineers, rapid improvements are made, and systems are re-fielded. Vendors need to be held accountable–by losing profitable contracts–when they fail against this standard.

For the procurement officer: Stop buying platforms and start buying ecosystems that support delegated authority, scalability, and innovation. Establish criteria for continuously evaluating technology and hold companies accountable. I commend the Department of Defense for acknowledging this need with more flexible contract mechanisms, but more can be done. There are many small, innovative technologies that might make a substantive difference if they are given an opportunity.

For the investor: Look for companies whose technology is not dependent on specific hardware, and for those who are open to rapidly partnering with other OEMs to overcome technical limitations. There are an unprecedented number of small defense technology firms in today’s ecosystem and there will be a consolidation within two-to-five years. If a company insists that every capability is vertically integrated, there is a strong likelihood that they will be outpaced by an up-and-comer or a conglomeration who is more flexible.

For the policy wonk: The debate isn't about whether machines will make decisions, but how we legally and ethically define the authority we give them. Setting conditions that promote and reward innovation will de-risk this transition now. We also need to think about the resources we provide the services for training, and how rules of engagement stack against those of our adversaries. This will all lead to better outcomes when it counts.

The coming years will be a period of creative destruction for the defense industry. The era of proprietary technology is ending, replaced by an ecosystem where the only constant is change. We must reward the agile and hold the stagnant accountable. Whether it’s a garage-born startup or a legacy prime, the winners will be those who embrace the DevOps of hardware and the radical transparency of interoperable swarms. Autonomy is the catalyst; how we choose to fund, buy, and govern it will determine who leads the global order for the next century.

Joey Gagnard is a Cipher Brief columnist who regularly shares his perspective on national security and technology via his Iron Triangle column.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

Standing Up to a Spy: My Run-In with Aldrich Ames

OPINION — I had an unpleasant episode with Aldrich Ames which taught me some life lessons.

I was a mid-level CIA analyst working Caucasus and Central Asian issues in the 1990s. My job responsibilities then included reviewing agency participation in conferences located in that part of the world, helping assure the environment was conducive to the type of gathering being proposed and identifying any threats there might be. The reviews were usually noncontroversial and proforma, perfectly suited for a mid-level analyst.

Sometime, though, in mid 1993, a memo came across my desk from a desk officer in the CIA’s Counter Narcotics Center (CNC) proposing a senior level CNC conference in that part of the world that I worked. I felt strongly there were security risks associated with the gathering that did not justify agency participation. I was also concerned that the host country could not adequately address the conference logistics. I documented my concerns, did not sign off, and moved on, without giving the subject any additional thought.

The following day, as I was reading through my cables, I looked up from my computer to find a very unkempt individual, about 20 years my senior with bushy eyebrows and a dirty, wispy looking mustache hovering over me, in essence, violating my personal space. He introduced himself as Aldrich Ames, the individual planning the conference which I had refused to sign off on the day before. He demanded to know how I had the gall to stand in the way of this important conference. I explained to this aggressive individual that I saw no upside to holding such a conference where he had proposed and explained to him my security and logistics concerns. He continued by berating me for not understanding the former Soviet Union.

Sure, I was in the earlier stages of my career but by then I had an undergraduate and graduate degree in Soviet Studies. I studied in Moscow and St. Petersburg. I wrote my master’s thesis on the role of women in Uzbek politics, participated in several summer workshops at Harvard University and other universities focused on Ukraine and Central Asia, had published articles in academic journals on Central Asia, had spoken on many conference panels regarding Soviet and Former Soviet Union politics, and had just completed a year as part of the CIA Director’s Exceptional Analyst Program studying the history and culture of Azerbaijan and Azeri language.

I stood my ground with Aldrich Ames and politely invited him to leave. Not to be deterred, Ames came back to my desk a few times. I was not there and my cubicle-mates alerted me to the fact that the unkempt man from the CNC was looking for me. He found me at my desk a few weeks later. By then, he was even more surly and patronizing. He told me that he was a senior operations officer and that I was thwarting important operations. I told him to get the Department of Operations to sign off and then come back to me. He then complained to my boss about the stupid analyst. She had my back but as a fairly young analyst, I was shaken by his demeanor and his threats.

Months later I heard that the CNC Conference was happening but maybe somewhere else.

Mr. Ames was arrested for espionage on his way to this relocated conference shortly thereafter.

I later came to know that Mr. Ames may have shared my analysis with the Russians. But, I was not in harm's way. More importantly, I remember the families and loved ones of those executed due to Ames’ betrayals and pay tribute to them and the colleagues whose careers he sidetracked.

This is just another ugly, though inconsequential story in the Aldrich Ames saga. What I learned as an analyst who unwittingly stood up to a spy is to trust your instincts, stand your ground, expertise matters, and that ultimately bad people cannot disguise that they are bad people. And Mr. Ames should have taken my advice.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

Russia’s Promises of Security Lead to Ukraine's Frontlines

DEEP DIVE — Moscow has spent nearly four years burning through human resources in Ukraine, and now they’ve found a new way to fill the gaps of loss: exploiting the Global South. Russia is luring in thousands of men with promises of ‘work’ or ‘security,’ only to hand them a rifle. When these guys eventually head home, their own governments are going to be left dealing with the fallout of having thousands of war-hardened veterans they never asked for.

Ukraine’s military intelligence has identified more than 18,000 foreigners from 128 countries who have fought or are currently fighting for Russian forces. At least 3,388 of these fighters have been killed, according to Ukrainian officials. The death toll includes citizens from Cuba, Nepal, India, Kenya, and across Central Asia — men who often arrived in Russia seeking construction jobs or warehouse work, only to find themselves thrust into Ukraine’s grinding war of attrition with minimal training and false promises.

“Russia has no choice but to attempt to continue its foreign recruitment model given Russian military casualties and political realities of a significant mobilization in President Putin’s political bases in Moscow and Saint Petersburg,” Alex Plitsas, nonresident senior fellow with the Middle East Programs at the Atlantic Council, tells The Cipher Brief.

For Washington, the pipeline carries implications beyond the immediate battlefield. Combat-hardened fighters from regions where the United States competes with Russia for influence, particularly across Africa and Latin America, will eventually return home potentially equipped with drone warfare expertise, small arms proficiency, and tactical knowledge gained in Europe’s most technologically advanced land war since 1945.

Former AFRICOM commander General Stephen Townsend warned in 2019 that Russia’s meddling in Africa comprises the “second biggest threat to US security interests” after terrorism.

The Architecture of Exploitation

Moscow has effectively turned its migration system into a trap, routinely building military recruitment offices right beside immigration facilities where beatings and freezing cells are used to coerce signatures. Detention or military service are often the only options for migrants in legal limbo.

Incentives are also used to exploit poverty. Nepali recruits receive 75,000 to 200,000 rubles monthly, or $750 to $2,000, dwarfing local earnings but representing only a fraction of Russian compensation. Cuban networks promise citizenship and generous payments.

The Human Trafficking Pipeline

Several governments now describe these recruitment tactics as outright human trafficking. In Kenya, an investigation revealed that citizens were promised stable jobs only to find themselves on drone assembly lines in active war zones. India has documented a similar pattern, with at least 35 of its nationals sent to the front lines against their will.

Nepal perhaps serves as the most stark example of this human cost. Officially, 14 Nepalis are confirmed dead, but estimates suggest as many as 2,000 may have enlisted in Russian forces. The subsequent outrage in Kathmandu led to Russia and Ukraine’s work permits being denied in early 2024. This proved effective, at least temporarily, as only one known Nepali citizen had signed a contract in the first ten months of 2025.

The situation, however, is harrowing on the ground. Foreign recruits are deployed to frontline assaults after just a week of training, according to Ukrainian prisoners of war. Despite promises of non-combat roles, some of these men signed Russian-language contracts they couldn’t even read.

“The foreign recruits have proven to be less effective as a result of the minimal amount of training and poor equipment that they receive upon joining,” says Plitsas. “Russia is throwing bodies at the problem, so to speak, in terms of trying to fortify the front lines and replacing fallen Russian troops.”

Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.

The political calculus is deliberate. Plitsas highlights that there are far fewer political ramifications for losing foreign fighters than for Russian citizens.

“Many see these foreigners as having volunteered, so if they die in combat, it doesn’t have a significant reflection within Russian society,” he continues.

Central Asian migrants face particular vulnerability.

Moscow has increasingly turned its attention to the four million Central Asian migrants living within its borders to solve its mounting personnel shortages. Since the legal shifts in September 2022, the Kremlin has effectively tied residency and citizenship to military service.

Uzbeks and Tajiks working in Russia face a forced choice: enlist or lose their legal status. It is common for new arrivals’ residency applications to be stalled unless they sign a military contract, making them a prime target for Russian recruiters.

The Manpower Calculus

Moscow’s reliance on foreign recruits reflects an acute strain on its ability to sustain combat operations. Western estimates suggest Russia has suffered approximately 1.2 million casualties — killed and wounded — since February 2022. The UK Ministry of Defense reported Russia lost approximately 415,000 personnel in 2025 alone, the second-deadliest year of the conflict. December 2025 averaged 1,130 casualties daily, marking four consecutive months of rising losses.

The Kremlin maintains a monthly recruitment rate of roughly 30,000 to 40,000 contract soldiers, approximately matching battlefield attrition rates. This pace requires exploiting every available demographic, with provincial governments pressured to meet quotas.

Yet debate exists over the scale’s significance.

“The Russian army does not depend critically on foreign mercenaries,” Oleg Ignatov, Senior Analyst for Russia at the Crisis Group, tells The Cipher Brief. “The exact number of foreign mercenaries in the Russian army is unknown, but it is small compared to the total number of troops.”

Independent estimates hover around 1,500, while Russian officials claim 30,000 total — a fraction of Russia’s roughly 700,000 troops in Ukraine.

“Overall, there is no evidence that foreign mercenaries stand out among Russian soldiers and suffer significant losses compared to other soldiers,” Ignatov insists, noting North Korean forces initially suffered heavy losses because “they were not adapted to the realities of war in Ukraine.”

“All other foreigners serve in Russian units and suffer the same losses as all other servicemen in these units,” he says.

The pattern reflects a broader strategic reality.

According to Ignatov, “both Russia and Ukraine are experiencing a shortage of manpower for this type of war, which explains their efforts to recruit foreigners.”

“In addition, Russia needs to maintain its manpower advantage on the front lines, which it gained by the end of 2023-early 2024,” he points out.

Plitsas frames the imperative more starkly.

That political risk became clear more than three years ago. Moscow remains wary of the domestic fallout that followed the September 2022 mobilization. The Kremlin thus relies on foreign recruitment to maintain frontline numbers.

The Security Aftermath

The long-term security implications of Russia’s foreign recruitment extend far beyond the battlefield. Combat veterans returning to impoverished home countries bring specialized military skills from Europe’s largest land war since 1945. Historical precedent from Afghanistan, Syria, and Iraq demonstrates that even small percentages can destabilize regions.

“Foreign fighters returning home often suffer from the same types of combat-related stress disorders as troops but given that they were working for a foreign military, they do not get benefits when they return to their home country,” Plitsas cautions. “They also have sufficient training to be able to conduct attacks at home, even if they are simplistic, involving only small arms.”

The psychological and practical risks compound.

“There is always a risk in having a population of combat-experienced fighters who lack access to benefits and treatment for combat-related issues and their susceptibility to domestic causes that could be problematic for their home governments,” Plitsas underscores, pointing to Syria. “Many foreign fighters returned from Iraq with combat experience and helped to form the base of the armed factions that overthrew the Assad regime.”

Beyond physical combat skills, the technological knowledge poses distinct dangers.

“One concern is that foreign fighters will accelerate the proliferation of drone technologies and tactics used in Ukraine to nefarious groups around the world, some of which have already started adopting them,” John Hardie, deputy director of the Russia Program at the Foundation for Defense of Democracies, tells The Cipher Brief.

Ukraine has become a laboratory for drone warfare. Veterans returning with hands-on experience could rapidly advance militant and criminal capabilities from Latin America to Southeast Asia.

Some nations are trying, or tried, to push back.

Kazakhstan opened a record 709 criminal cases in 2025 against citizens who joined Russian formations, with sentences ranging from 4.5 to 5 years. Kyrgyzstan’s attempt to set a legal precedent, however, fell flat when the Kremlin stepped in with pressure to drop charges.

In spite of the death toll of more than 120 Uzbek, Tajik, and Kyrgyz fighters by late 2024, accountability remains nonexistent. It is common for recruits to hide behind new Russian passports, which legally place them beyond the reach of their home governments. The real worry now isn’t just the dead, but the survivors; men who stay in Russia with specialized combat training and no clear path except drifting into the criminal margins.

For Cuba, which joined the Russian-led BRICS bloc, estimates suggest up to 20,000 Cubans recruited since 2022, with 200 to 300 killed. El País reported that 40 percent had previously served in the Cuban Armed Forces, suggesting state awareness. Due to the high percentage of active military personnel and ex-military personnel fighting under the Russian banner, Cuba’s government may be tacitly permitting the recruitment pipeline.

Unlike Nepal or India’s aggressive crackdowns, Havana’s muted response raises questions about quid pro quo arrangements with Moscow, particularly as Cuba faces a severe economic crisis and depends heavily on Russian support.

“Travel bans and efforts by governments to stop their citizens from volunteering will have some impact, though the overall numbers are still small in general terms,” Plitsas observes. “Augmenting Russian troops with foreign troops has also proven to be efficient, though poor training and equipment limit overall effectiveness.”

The offensive exploits global inequality while exporting costs to nations with limited pushback capacity. While Moscow claims foreign recruits demonstrate international support for the war, the reality is much bleaker: it’s a trafficking operation that targets the poor and desperate. The same thing happened in Syria and Iraq, demonstrating to the international community that a handful of combat-hardened veterans can destabilize an entire country.

When these men return to Africa or South Asia with expertise in drone strikes and urban warfare, they often don’t just go back to civilian life; they become a ready-made kit for insurgencies or criminal groups.

“Foreign governments have taken some steps to try to stem the flow of foreign fighters supporting Russia, but the populations involved have been relatively small, and it hasn’t been seen as a significant enough problem for home governments to take more significant action to date,” Plitsas explains.

He identifies structural challenges.

“Many of the fighters come from countries that are friendly to Russia, and so banning travel, or things of that nature, becomes more difficult given the status of the relationship between the countries,” Plitsas continues. “Also, when you’re traveling abroad and need a visa, the country you are traveling to has to grant it to you. Russia is incentivized to allow the flow to continue, as the burden is on Russia to grant the visa, not the home country. It makes policing the effort very difficult.”

As battlefield casualties mount and domestic constraints prevent mobilization, foreign recruitment provides a crucial release valve for Moscow. As a result, thousands of people have been channeled into war under false pretenses, leaving survivors scarred and equipped with military skills posing long-term security risks.

Yet Ignatov pushes back against the alarmist framing.

“War is a serious trauma, and all soldiers need psychological help. But I don’t think there are any risks of radicalization beyond this problem,” he contends. “There is no radical ideology in Russia that poses a threat of global spread.”

Whether ideological or not, the pattern is clear: Russia’s manpower crisis shows no sign of abating.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

After New START: America Weighs a New Nuclear Strategy

OPINION — “Militarily, the expiration [last Thursday] of New START [2010 Treaty with Russia] enables the United States to take parallel steps. We will complete our ongoing nuclear modernization programs that were initiated while New START entered into force. The United States also retains non-deployed nuclear capacity [some 1,900 stored nuclear warheads and bombs] that can be used to address the emerging security environment, if directed by the President. Such actions include expanding current forces, diversifying our capabilities, developing and fielding new theater-range nuclear forces, and adapting our extended deterrence posture as necessary.”

That was Under Secretary of State for Arms Control and International Security Thomas DiNanno speaking in Geneva last Friday at the United Nations Conference on Disarmament in Geneva.

One day earlier, in a post on Truth Social, President Trump offered this arms control idea: “Rather than extend ‘NEW START’ (A badly negotiated deal by the United States that, aside from everything else, is being grossly violated), we should have our Nuclear Experts work on a new, improved, and modernized Treaty that can last long into the future. Thank you for your attention to this matter! PRESIDENT DONALD J. TRUMP”

Having written about nuclear weapons and covered arms control efforts over the past 60+ years, I thought I would join with others to offer some ideas on where we are now and where we ought to be headed. But rather than doing it alone, I thought I would include some matters raised by former U.S. government nuclear weapons and arms control experts who testified last Tuesday before the Senate Arms Services Committee during a hearing on the post-New START treaty environment.

Let’s start with who is at Trump’s future negotiating table. Trump and other U.S. officials have said China along with Russia has to be there, although so far the Chinese have refused to discuss their nuclear programs. Russian President Vladimir Putin, in response to the Chinese participating idea, said he would then want the United Kingdom and France, two other nuclear powers, also included.

At last week’s Senate Armed Services hearing, Rose Gottemoeller, the lead U.S. negotiator for New START and now Lecturer at Stanford University and Research Fellow at the Hoover Institute, gave what I believe would be the best ideas for the way forward.

She said, “I do not support trying to do a trilateral negotiation. I believe that these negotiations [with Russia and China] should be done in parallel. We have 50 plus years of experience limiting and reducing nuclear weapons with the Russians. We can continue that kind of process [to include tactical and hypersonic nuclear weapons] with them.”

Gottemoeller added, “And by the way, I agree that non-strategic nuclear weapons [should be included]. We did not constrain non-strategic nuclear weapons in the New START treaty. It was not designed for that purpose. So to fault it for not controlling those weapons is a bit bizarre, but nevertheless, I agreed with the Trump administration during the first term when they said we need an all-warhead limit in the next negotiation. I think that is definitely the priority we need to proceed on with the Russians.”

Gottemoeller also said, “It's been my recent experience working with them [the Chinese] in track two [non-U.S. Government] settings that they seem very interested in trying to figure out ways to begin a conversation with the United States about nuclear risks… developing better communications, links with them at the strategic level, hotline arrangements, these types of things. I think they are valuable to begin a conversation about the necessity of controlling nuclear weapons at the negotiating table and [for the Chinese] not being so un-transparent about what they're doing with their modernization. That has to be the first and foremost objective talking to them about what their intentions are.”

She added, “I've already spoken about the Chinese. I think they are willing to talk to us now, but it is about risk reduction and the beginning of more predictability and transparency about their nuclear objectives,” matters that up-to-now they have refused to discuss.

Picking up Gottemoeller’s idea for China at the Senate hearing was another witness, retired-Adm. Charles A. Richard, former commander of the U.S. Strategic Command (STRATCOM), and incoming chief executive officer of the Institute for Defense Analysis.

Richard told the Senators, “I think that is an excellent starting point for a conversation with China. There are terms like confidence building and transparency that I would certainly endorse. But fundamentally it comes back to how do you responsibly operate weapon systems with this magnitude of destructive potential. That is to everyone's benefit including China. And I think that makes an excellent starting point for diplomacy.”

The Gottemoeller/Richard approach reminded me of discussions I had had back in the early 1970s with Paul Nitze when he was part of the Nixon team negotiating SALT I. Nitze told me the Soviet negotiators who were Foreign Office diplomats had little knowledge about nuclear weapons thereby leaving most of the negotiations to the Russian hard-line military. As a result, the Americans had to educate the Soviet diplomats about the destructive power of these weapons to get them more active in the negotiations.

Under Secretary DiNanno in his Friday Disarmament Conference Geneva speech said future discussions meant “taking into account all Russian nuclear weapons [strategic and tactical], both novel and existing strategic systems.” DiNanno specifically mentioned Russia’s “nuclear-powered Skyfall cruise missile and its doomsday Poseidon [nuclear strategic] torpedo. New START constrained neither of these systems and Russia has successfully tested both within the last few months.”

Faced with Russia and China, two potentially peer nuclear powers, both Gottemoeller and Richard agreed about the need for the U.S. to increase its nuclear forces.

Gottemoeller said, “I actually agree with the notion that we need to think carefully about the threat that is presented by two nuclear peers by China and by the Russian Federation going forward. And we need to make judicious choices juxtaposed against the other demands on our defense budget. And I mentioned the conventional force posture, but also the new technologies that are coming our way and must be judiciously incorporated into our new weapon systems as well as the whole arena of cyber threats and how we are going to contest the Russians and the China Chinese in that space.”

Richard was much more specific. He said, “I think that the United States needs to immediately start taking steps, steps that are currently precluded by the New START treaty…to include uploading [currently stored U.S. nuclear] warheads to our intercontinental ballistic missiles, removing covers off the four [launch] tubes on our Trident [strategic] submarines that are currently empty [of strategic nuclear sea-launched ballistic missiles], and several other posture steps that should be taken now, and not a year from now.”

At Geneva Friday, Under Secretary DiNanno raised questions about “Russian and Chinese nuclear testing in violation of their respective moratoria on yield-producing nuclear tests.” He said, “The annual U.S. compliance report has previously assessed that Russia has failed to maintain its testing moratorium by conducting supercritical nuclear weapons tests.”

DiNanno also disclosed, “Today, I can reveal that the U.S. Government is aware that China has conducted nuclear explosive tests, including preparing for tests with designated yields in the hundreds of tons…China has used decoupling – a method to decrease the effectiveness of seismic monitoring – to hide their activities from the world. China conducted one such yield producing nuclear test on June 22 of 2020.”

However, at the Senate hearing, Sen. Jacky Rosen (D-Nev.), talked about the Nevada National Security Sites where the U.S. has carried out its nuclear testing saying, “Today the site's underground laboratory is undergoing major mining and construction to provide enhanced capabilities for sub-critical experiments [that are allowed because they don’t involve a nuclear yield] and it will host in the near future two of the most capable weapons radiographic systems in the world.”

Rosen added, “Together with other efforts, these machines will provide greater certainty and data about the performance of the U.S. nuclear stockpile. Far better data, experts say, than the information that could be gleaned if the U.S. were to break the [1992] moratorium [on underground nuclear testing] and conduct an explosive nuclear test, as the President [Trump] and some in his orbit have advocated.”

Rosen then got ret.-Adm. Richard to agree that while he was STRATCOM commander four years ago, U.S. sub-critical experiments and robust computer modeling provided data that led him to certify the military effectiveness of our stockpile without the need to resume explosive testing.

Gottemoeller added, “President Putin himself said that they would only resume testing on a

reciprocal basis with the United States. So, I would expect that to be the outcome. And I do expect that it would disadvantage us, you know, because we conducted more explosive nuclear tests than any nuclear weapon state. We have more data available to us with which we are able to do a massive amount of calculation and other activities in order to assure our stockpile is safe,

secure and effective.”

Gottemoeller and Richard both delivered their own views on the advantages of arms control.

“Stable deterrence is driven by predictability and nuclear negotiations done right deliver predictability,” Gottemoeller said. She added, “The effect comes about because restraints on our opponents reached through agreement bolster predictability which in turn supports our nuclear forces in their drive for reliable, stable and effective deterrence. Lack of predictability by contrast feeds uncertainty about the status of the nuclear forces among our adversaries, which means we may end up spending more than we have to on nuclear weapons and their delivery vehicles.”

Richard said, “Our entire nuclear deterrence posture is designed to, by threat of escalation, convince your opponent -- have a perception in your opponent's mind -- that restraint, inaction is their least bad course of action. And that has been successful for over 60 years in deterring not only nuclear attack on the United States and our allies, but has made a great contribution to the deterrence of great power war.”

I want to close with a reminder that I often use when discussing nuclear weapons. That is to remind readers the original handful of nuclear weapons were built by U.S. scientists, including Dr. J. Robert Oppenheimer, as terror weapons, to kill as many people as possible to end a war – not to fight one.

And as ret.-Adm. Richard noted above, despite the much too large a number of both tactical and strategic nuclear weapons that have since been built and exist today, none has been used in a war situation since two were used in 1945, and they did end a war.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because national security is everyone’s business.

The Former Head of NSA on the Future of U.S. Cybersecurity

EXPERT INTERVIEW -- General Paul Nakasone (ret.) has spent a career at the very center of America's most invisible battlefields. He has served as both director of the National Security Agency and commander of U.S. Cyber Command, two roles that sit at the intersection of intelligence, technology, and modern warfare. During his tenure, cyber operations moved from the shadows into daily strategic competition as the United States confronted persistent threats from China, Russia, Iran, and criminal networks operating at a nation state scale.

General Nakasone prioritized a doctrine of persistent engagement, challenging adversaries continuously in cyberspace rather than reacting to incidents after the fact. It was a shift that reshaped how the U.S. thinks about deterrence, escalation, and defense in a digital age. It feels even more important today, as artificial intelligence accelerates decision-making and blurs the lines between peace and conflict.

Since retiring, General Nakasone is continuing his mission as the founding director of Vanderbilt University's Institute of National Security. He also serves as a board member and advisor to some of the world's leading technology companies. General Nakasone is also being recognized with this year’s Impact in Cyber Award, being presented at The Cipher Brief Honors Dinner in Washington in March.

I spoke with General Nakasone on Friday for the State Secrets Podcast. Below are highlights from the conversation, lightly edited for length and clarity. You can also listen to the full interview of the State Secrets podcast available wherever you listen to podcasts.

General Paul Nakasone (Ret.)

General Paul Nakasone (Ret.) served as Director of the National Security Agency (NSA) and Commander of the U.S. Cyber Command from May 2018 to February 2024.

THE INTERVIEW

Kelly: You've argued that persistent engagement really changed the cyber battlefield. Looking back, where do you think it succeeded beyond expectations and where did it fall short against adversaries like China and Russia?

Gen. Nakasone: I think when we think about cyber, remember, this is a very dynamic environment. When I took over as both the commander and director in 2018, we were coming out of the 2016 elections. And one of the guidance points from President Trump and the secretary of defense was that we can't let this happen again. We cannot have a foreign nation attempt to influence our elections.

We looked at what we had done and what had occurred and we came to the realization that this is not an episodic event where we can just come and do our business and then leave. We must be engaged every single day. And so this idea of persistently engaging with our adversaries was born. It worked quite well in terms of the security of the 2018, 2020, 2022 and 2024 elections. It's worked against a series of different adversaries, Iran, Russia and China. But I think the point is that the environment is dynamic. To your point, as we look at greater scale and scope of adversaries like the Chinese, persistent engagement must also change. We need new partners, new techniques and new technologies. Those are things that we must be able to look at and be able to practice every single day.

Kelly: Midterm elections are coming up later this year. There is certain to be a lot of politics and political messaging around those elections. What are you focused on strictly from a cybersecurity awareness perspective when it comes to securing the midterms?

Gen. Nakasone: As a private citizen, I'm very, very interested in what foreign adversaries might try to do to influence our election. That's what the National Security Agency and U.S. Cyber Commander focused outside of the United States. I want to make sure that there is no nation that can influence what goes on in our electoral processes. That was what I was doing as a military member, and that's what I'm focused on now as a private citizen.

Kelly: Is there more that you can do from the private sector side in terms education? What are you trying to do at Vanderbilt?

Gen. Nakasone: We're really trying to do three things at the Institute of National Security. First, we’re building the next generation of national security leaders. Whether those leaders are in the private sector or the public sector - it's very, very important that we're able to do that.

The second thing we're trying to do is to provide pragmatism to theory. This is one of the things that Vanderbilt and our Institute takes great pride in by saying, ‘Hey, there's a lot of theory out there, but let's make a pragmatic approach to securing the critical infrastructure or looking at new ways in terms of being able to identify and solve hard problems.’

And the third thing we do is we educate. I mean, that's what great universities do. That's what Vanderbilt does. Whether we’re educating our students or whether we’re educating our faculty or whether we’re educating the broader public, that's what we're trying to do at the Institute of National Security.

Kelly: Cyber deterrence is an issue that comes up a lot. Is cyber deterrence something that exists today or are we still stuck in this model of continuous contact without any clear red lines?

Gen. Nakasone: I don't think cyber deterrence is the same thing as nuclear deterrence. Certainly, that's not an analogy I would use. But here's what I would use: we need to be very, very proactive in what we do to be able to secure the domain that we utilize for so many things every single day. And so again, this idea of persistent engagement, I would tell you that that's the right way we've got to approach it. But we need greater partnerships, we need greater technology with greater scope. And I think there are new ideas that need to come to fruition here. So, as the national cyber director gets ready to release his national strategy, I look forward to what he's going to say about how we involve academia or the private sector or private citizens in terms of what we can do to secure this domain that's so important to our nation.

Kelly: There's a whole lot of breath holding over when that national strategy will be released. What are some of the key components of the new strategy that you hope to see?

Nakasone: I'm hopeful to see a very, very strong focus on partnerships. What is it that the government does best? What is it that the private sector does best? What do we, as private citizens need to be able to do? I'm also looking for a component of, ‘How do we look at this and look at our threats differently?’ There's a broad range of threats that we face in cyber states, nation states, non-nation states, criminals. These are all different areas that need different approaches. I'm looking for a strategy that can take care of all of that. And any great strategy should motivate us, should make us think, ‘Wow, this is exactly the way we want to be able to do things and to conduct ourselves to solve these tough problems.’

Kelly: You talk a lot about partnerships. I'm proud to say that Sir Richard Moore, who just recently stepped down as the chief of MI6, is also a fellow honoree at this year's Cipher Brief Honors Awards for his impact through alliances, because alliances and partnerships are so critical. Can you talk a little bit more about how you see partnerships evolving in the future given how dramatically technology is changing the battlefield in cyber?

Gen. Nakasone: Before I talk about that, let me just take a step back and congratulate my fellow honorees, Gilman Louie and Sir Richard Moore and Janet Braun and David Ignatius. These are true giants of what has gone on. I think to be mentioned in this same category of honorees, is really very humbling. I congratulate each one of them. And I'm really looking forward to the HONORS dinner on the 13th of March.

With regards to partnerships, we just had the honor of hosting Sir Richard Moore at Vanderbilt University for a talk. And one of the things that we both agree on very strongly is that we're much better together than we are separately. What I'm always trying to emphasize in partnerships is that we can do things much better collectively than we can alone. As you take a look at what Richard Moore has done throughout his entire life, it's been a series of incredible partnerships that he's been able to foster. I feel the same way. This partnership needs to expand, it needs to be broader and it needs to be inclusive of more nations, more technologies, more industries that can help us be even more secure in the future.

Kelly: Let’s talk about China. What do think Beijing has learned from Russia's performance in Ukraine and do you think anything surprised them?

Gen. Nakasone: I think the first thing that they probably were surprised at is how much the United States intelligence community knew about what was going to take place on the 24th of February 2022. And the administration released that information publicly. I'm sure that shocked the Chinese.

The second thing I think they learned is that the Russians were not that good. And what has occurred over the past three plus years of seeing the loss of life and the loss of equipment, that must have really provided a pause to the Chinese as they think about the future.

The third thing that they've clearly demonstrated is that they've learned they cannot stop supporting Russia. They are the number one supporter of what Russia has been able to do in Ukraine - and continues to do. And even with that, they have not been able to overcome the Ukrainians. Those are the three lessons that I think the Chinese probably have thought about as they look back on the three plus years of this conflict.

Kelly: Do you think China is more likely to use cyber operations as a prelude to any kind of kinetic conflict with Taiwan?

Gen. Nakasone: One of the things that I think the department and certainly I have agreed with is that probably the first shots of any future conflicts are going to take place in cyber and space. And I would include space in that as well. Space is a competitive advantage for our nation, just as cyber is. But as any adversary looks to the future, I don't think they say, ‘Hey, let's go ahead and just wait for this conflict to take place. Let's make sure if we're going to take on the United States that we nullify their competitive advantages’ and the competitive advantages begin with space and cyber.

Kelly: Kevin Mandia, whom you’ve worked with over the course of your career, told how incredibly good Russia is in cyber. They once sort of dominated the cyber conversation. Do you think they're still a top tier cyber adversary? Or has the war in Ukraine exposed a lot of their structural weaknesses?

Gen. Nakasone: I would agree with Kevin that they are a top power in terms of their cyber capabilities, but they're not the best power. Of our adversaries, clearly, it's the Chinese. In the sense of their scale and their scope of what they're able to do, it's much different than what the Russians can do. But there's no one, none of our adversaries today can replace what the Russians are able to do in the information operations space. They are masters at it. And I think that's one of the ways I think about vigilance in the future. I think about how we protect ourselves from that.

Kelly: Let's talk about technology. You focus so much on this. AI is rapidly changing, intelligence collection and analysis also. What do you think is the most dangerous misconception that policymakers have about AI's role in national security right now?

Gen. Nakasone: If we're going to talk about AI, the first thing we need to do is return to the advent of ChatGPT in November of 2022. What have we seen in terms of change? And this is one of the things that I think is important for all of us to realize in what a little over three years, we have seen prompts go to text, to video, to recordings, to reasoning, to deep research. And now to agents. This is the landscape upon which we see AI operating today. I think one of the great misconceptions about artificial intelligence is believing we can just go ahead and put in a prompt and that’s all that’s going to occur. It's not that simple. It still requires a human component to what you're going to do. If you want to be a power in AI, you need four things. You need chips, you need data, you need energy. And the final thing is you need talent. And those are the four components that I think most people don't think about when they think about artificial intelligence.

Kelly: At what point do you think AI stops being an enabler and starts becoming a vulnerability, especially inside military and intelligence decision-making loops?

Nakasone: Artificial intelligence is just like cyber. It’s really just like any capability. It has both its strengths and weaknesses. If we focus on agents, they will able to do all of these things for us. But you're going to want to understand what they're doing, and then protect those agents from those that may try to make the agents do something they shouldn't be doing. One of the things that artificial intelligence shows us is that there are great capabilities here. But there are also incredible challenges with regard to being able to have visibility on them, have control over them, protect them, and then be able to truly understand what they've done.

Kelly: Should the U.S. be willing to accept less explainability in AI systems in exchange for speed and advantage?

Gen. Nakasone: Whenever we talk about a technology, there must be transparency of that technology. We must have a degree of security and feeling of safety that this technology is going to be utilized and that it comports with our norms and values - that it does things we want it to do. This is important. When I think about that, speed is an incredibly important capability of artificial intelligence. But I would also say security is the other ‘S’ that we can't ever forget.

Kelly: What does the next five or ten years look like to you?

Gen. Nakasone: One of the things we don't talk a lot about that I'm very excited about is being able to use artificial intelligence in an enterprise manner, being able to use these models to take a look at code and correct bad code, that is really the responsibility for the vast majority of weaknesses in our cybersecurity posture and is one of the things that we should be able to correct immediately.

The second thing is, wouldn't it be wonderful if we can continue to use artificial intelligence to discover new cures, new medicines for diseases that we have not been able to be able to address in our lifetimes? And the final thing I'm really excited about is using artificial intelligence for education - being able to look at a broad classroom of users – both the smartest and those that are struggling – and giving them the same ability to advance given the fact that this artificial intelligence is almost like a tutor to those students. That's a fairly heady thing that I think about when I think about the next five years.

Kelly: You also sit on several boards and serve as an advisor to a number of companies. I'm wondering from that position, do you see the cyber landscape any differently than you did when you were serving in government?

Gen. Nakasone: One of the things I’ve certainly realized, and I realized it to a degree as the director of NSA and as commander of U.S. Cyber Command, but that I realize even more fully now, is the power of ingenuity within our private sector. If you look at what is being done in places like Silicon Valley and Austin and Seattle and Boston and in Nashville and other places throughout the United States, it's truly amazing. And I say that as we look at our future, one of the things that I always emphasize to audiences is that our government should be focused on the things that we have competitive advantage in. And everything else - we should have our partners do. So, I'll bring that back to the National Security Agency.

No one breaks code or makes code better than the NSA. Everything else, we should have partners with. That's a little bit of my realization as I've made the journey from military officer to private citizen.

Kelly: Now that you’re in the private sector, how do you feel about the dual-hatted role over NSA and Cyber Command?

Gen. Nakasone: My thoughts on the dual hat really haven't changed since I was the commander and the director for six years. And that is within a domain of cyberspace where speed, agility and unity of effort really matter. Having one person that directs both organizations, one that has all of the authorities to do what we need to do to defend and to provide offensive capabilities in cyberspace, and one that has the intelligence components and capabilities that are second to none in the intelligence community, is important. Having one person direct that and say, this is what we need to focus on, is an advantage to the nation, particularly when we have a series of adversaries that at times have larger components than what we do. I think that this is really the secret sauce for what we do in cyberspace.

Kelly: What lessons have you learned from that model?

Gen. Nakasone: I want to share two lessons that I think are relevant for those that are in the private sector. The first is among the best pieces of advice I received early on in my tenure. It was from a retired four-star who said to me, ‘Paul, these two jobs are easy.’ And it was like, you know, day three of my tenure and I could barely find my desk. And he said something that I never forgot. He said, ‘What is it that only you can do that the organizations depend on you to do? And once you figure that out, you'll focus your time on those things.’ It took me a little while to really understand truly what it was that only I could do as both the head of NSA and of Cyber Command. But once I did, that's what I focused on. And that really allowed me to be able to shine a light on the areas that we had to and to get after and understand better the challenges to our nation.

The second piece of advice I received was also really important. And that was that you must be able to communicate. You must be able to talk to a number of different audiences; Congress or the White House or the Secretary of Defense or your own workforce. I really learned very early on that being able to communicate was one of the things that I had to do effectively. And being able to communicate not only with those in government, but also the public sector and for someone who spent his life in the intelligence community, talking in a room of people who were listening and asking questions was something that I had to become comfortable with.

Kelly: NSA is going through a shift since the former commander was dismissed last year and don’t have a confirmed leader yet.

Gen. Nakasone: I'm really excited that Josh Rudd now has been to his confirmation hearings. I would anticipate that he's been voted out of committees, that he'd be confirmed very, very soon. And having a confirmed leader of both organizations is really the true good news story here moving forward. We need to look forward, not in the rear-view mirror, and being able to think about what are the things that he's going to need to have from a broad area of partners to help him be successful. I think about anything that we can do to make his tenure even more successful.

Kelly: When you held those roles, there was really an evolution in the partnerships between the private sector and government. Do you see that evolving under the next director as well?

Gen. Nakasone: I think it must. If you're going to look at having capacity and capability in cyberspace, you must have a series of partnerships with the private sector. And that includes both the National Security Agency and U.S. Cyber Command. But I think the partnerships don't start there. It's also international partners that I think that are really important. I think that there's a series of academic partners. Certainly, we at Vanderbilt University look forward to being a great partner to the new commander and director. But I also think there are a series of partnerships today that perhaps we haven't even thought about. Partnerships with perhaps non-government organizations or partnerships with other entities that have placement and stature within cyberspace that can assist us.

Kelly: You've worked for multiple administrations and you've done a tremendous job remaining very apolitical. In an era of election interference, of deepfakes and information warfare, how do you think the military stays neutral while defending the system? This is something that's on everyone's mind in Washington and you really seem to be very successfully navigating a difficult space.

Gen. Nakasone: First, I think that that the U.S. military and our military officers need to remember what has been an incredibly successful civil-military partnership. And remember that we work for our elected leaders. And I think it's important that we're very, very conscious of anything that we say, whether we're in uniform or out of uniform, that can be construed as being critical or being supportive or anything like that with regards to our political leaders. We have a mission to defend the Constitution.

We also have a focus outside the United States and being able to continue to do that is something that's very, very important to us. And continued civil discourse is one of the things that I really hope continues to improve and being able to listen to people and understand that they may have a radically different opinion than your own. Listening is the first part of understanding. I think that would be one of the things that I hope our future leaders continue to remember.

Kelly: Let’s close with what’s happening outside the U.S. If you had to describe to the average American how serious the threat is from China, how would describe it?

Gen. Nakasone: I think when you consider China or any adversary, one of the things you should measure is what their capabilities are in terms of their military, their economic stature, their informational powers, and even their diplomatic capabilities.

If you look at China today, think about their economy. Fifty years ago, when President Nixon went to China, they had a gross domestic product of $114 billion. Today, it's approaching $18 trillion. And to give you perspective, our gross domestic product in the United States is about $25 trillion. There's been incredible, incredible growth in their economy. Today, they're the number one manufacturer in the world. The next nine countries cannot equal the percentage of manufacturing that takes place in China every single day. Militarily, they have the largest Navy in the world - not the best - but the largest.

If you look at their information capabilities, think about TikTok. Over 60 % of the United States clicks on TikTok every single day to get their news. And then if you look at their diplomatic prowess, they've been able to establish a series of partnerships through the Belt and Road Initiative and being able to obviously bring on several partners that were never ever available to them in the past. This is a nation that has increasing capabilities and has designs not just on being a regional power but being a global power.

That's something that we as Americans need to think very hard about. And if you look at our values and what we stand for, they are dramatically different than what China stands for.

Kelly: Is there anything on your mind that I didn't ask you?

Gen. Nakasone: Let me just come back to what I do as my focus and my passion right now, which is continuing to educate the next generation of young people that are going to be part of our national security apparatus. People ask me whether I’m positive about our future. I would tell you, I am extremely positive about our future because I get to work with some of the smartest young people in America at Vanderbilt University every single day. When I look at the 18 to 20-year-olds, 22-year-olds that are thinking about the opportunities and challenges that face them, this is truly one of the things that I think provides a great dynamism to our nation.

As we close today, I would tell you that I'm incredibly optimistic as I look to the future with the young people who are coming up and I look forward to seeing what they're going to do in their lifetimes.

Read more expert insights into national security in The Cipher Brief. And find out more about The Cipher Brief HONORS Awards happening March 13 in Washington D.C.

Xi Jinping Tightens Grip as China’s Military Purge Deepens

OPINION — In China, the Chinese Communist Party (CCP) “commands the gun”, and Chinese President Xi Jinping controls the one million members of the CCP. In October 2022, Mr. Xi was elected to an unprecedented third term as Secretary General of the CCP and President of the People’s Republic of China.

Mr. Xi succeeded Hu Jintao as Secretary General in November 2012 and immediately proceeded to expel Politburo member Bo Xilai from the CCP and Zhou Yongkang in 2014, responsible for China’s security services and one of nine-members of the powerful Standing Committee of the Politburo. This was the beginning of Mr. Xi’s anti-corruption campaign – and the removal of political rivals.

The anti-corruption campaign continues, with over 115 senior officials investigated in 2025 and reportedly over 60 punished.

But what got the public’s attention was the removal of defense ministers Wei Feng he and Li Shangfu in October 2023 and June 2024. Then in 2025 the removal of General He Wei Dong, Vice Chairman of the nine-member Central Military Commission (CMC), for “serious violations of Party discipline” and Admiral Miao Hua, Director of the CMC’s Political Work Department.

Also removed from the CCP in October 2025 were eight additional senior military officials, to include Lin Xiangyang, former commander of the Eastern Theatre Command responsible for Taiwan; Wang Houbin, former commander of the Rocket Force, responsible for China’s nuclear and missile programs and Wang Chunning, former commander of the People’s Armed Police.

During the 1970s and 80s, both General He Weidong and Admiral Miao Hua were assigned to the 31 Group Army in Fujian Province, responsible for any potential military operations against Taiwan.

And now, in January 2026, Mr. Xi continued with his purge of the military, with the removal of General Zhang Youxia, senior Vice Chairman of the CMC and China’s most senior general and General Liu Zhenli, Chief of CMC’s Joint Staff Department responsible for planning and operations. Both generals are accused of committing severe violations of party discipline and state laws.

General Zhang is also a member of the Politburo and a close associate of Mr. Xi. Their fathers fought together in the Chinese civil war with Mao Zedong’s forces that eventually prevailed in 1949. For Mr. Xi to purge a fellow “princeling” – descendants of revolutionary elders – must have shocked senior officials in Beijing wondering when does this hollowing-out of seniors in the military stop, and if they’re next.

General Zhang. as vice chairman of the CMC, had direct responsibility for military strategies concerning Taiwan. He was responsible for planning for potential conflict with Taiwan. General Zhang was an outspoken proponent of forceful unification, saying the military would “show no mercy” if Taiwan declared independence.

In late December 2025, China’s military conducted large-scale drills around Taiwan – “Justice Mission 2025.” This was the sixth major exercise since 2022, simulating a full blockade of Taiwan, with naval vessels and aircraft testing joint operational capabilities; deploying warships, bombers, and fighter jets to encircle Taiwan. The exercise was designed to test China’s ability to seal off Taiwan’s major ports, while simulating strikes on land and sea targets.

These “gray zone” tactics were meant to intimidate the public and exhaust Taiwan’s defense resources.

It is quite possible that Mr. Xi removed generals Zhang Youxia, He Wei Dong and Liu Zhenli, all members of the 7-member CMC designed for rapid decision-making and China’s highest military command, with Mr. Xi as its chairman, due to disagreements over Taiwan. All these generals, and general Lin Xiangyang, former commander of the Eastern Theatre Command responsible for Taiwan, were responsible for military operations against Taiwan.

Mr. Xi demands loyalty from all CCP and military colleagues. It’s possible that Mr. Xi’s military colleagues were pushing for a kinetic move against Taiwan in 2027, a date that Mr. Xi said China would have the military capability to kinetically move against Taiwan.

It appears to me that Mr. Xi was not prepared for a kinetic move against Taiwan, despite what his military generals were strongly advocating. And when Mr. Xi got push back from his generals, he removed them. In China, the CCP controls the gun, and Mr. Xi controls the CCP.

The author is the former Associate Director of National Intelligence. All statements of fact, opinion or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S government authentication of information or endorsement of the author’s views.

This column by Cipher Brief Expert Ambassador Joseph DeTrani was first published in The Washington Times
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

From Secrets to Sensors: Why Open Source Data Must Drive Modern Intelligence

THE BLUF / COLUMN — The Department of Defense is on a tear to revamp technology for warfighters. Secretary Hegseth signed an AI strategy on 9 January. Prior to that he called for an Enterprise Command and Control Program Office that would provide a real time battlespace picture for military commanders, something that has been talked about for years but never completed. The urgency is clear. The intelligence community must play a large part in this Department of Defense technology transformation if it wants to remain relevant to the warfighter and decision makers. Key for the intelligence community will be to fundamentally rethink its relationship with open-source data. To be most useful for the decision makers and operators, the intelligence community must rebuild itself on the backbone of open-source data and commercial technology.

Not only is data important but because of the volume and complexity of that data, so is the technology that can sift through the data. Public domain data must be the first place to gather trends and threat warnings that feed the many watch centers across the department of defense and intelligence community which should be the basis of the enterprise command and control picture. Much of the technology already exists for sifting through the data; fusing it into one picture will be a feat. The intelligence community, however, must make cultural changes first to accept the importance of the technology and public data, and secondly to acquire the technology and data on a timely basis.

Need for Change

The intelligence community has struggled with adopting the reality that to remain relevant, it must embrace publicly and commercially available data into its threat and warning process and use the powerful technologies that the commercial world is developing to sift through that data. There has been much work in this area across the intelligence community and some of it has been groundbreaking but the work has not been comprehensive, integrated, or fast. There are boutique enterprises that have developed their own high-tech way forward but when it comes to scaling such technology across the intelligence community or within the Defense Intelligence Enterprise, the hurdles are huge. Each intelligence agency claims its own security issues and erects fences against cross intelligence technology modernization. Even organizations like the Defense Innovation Unit or IN-Q-TEL focus on discreet requirements, not the wholesale cultural change needed to bring in the latest commercial technology that can support warning and security. Neither the Director of National Intelligence nor the Office of the Secretary of Defense for Intelligence and Security have been able to lead the intelligence community to making this cultural and technology change a key priority. As the largest part of the intelligence community, the Defense Intelligence Enterprise needs to lead the way in developing a high tech, open source, data rich environment for its customer base. Military commanders need a real-time, complete, and high-quality battlespace picture to quickly make informed decisions, take direct actions, and assess the high volume of potential targets and threats.

The capabilities that are available for plugging into this warning and targeting picture are endless. For example:

Warning Against Biological Events: Technical sensors and human sensors worldwide record biological events and provide data on disease upticks and hazardous environments. Environmental & Biosensors are global and are critical tools for detecting, quantifying, and interpreting dynamic changes in environmental or biological systems. There are multiple crowd sourced disease outbreak platforms. Biosensors, local reporting, and crowdsourcing technologies monitor everything from air and water quality to metabolic and cellular activity in real time. Technology can combine these complex platforms and sensors to read the data and provide intelligence analysts a real time global map of trends ad anomalies, that once fused with other intelligence could lead to early detection of a pandemic, an industrial or environmental bio event, or development of a WMD. Such a real time platform, based on open source data would also support military and clandestine operations by providing information to the operator about the environment they will encounter. Such maps are currently available either through a subscription or to the public but not one that fuses all this data.

Humans as Sensors: Combing through social media to provide on the ground sentiment analysis can help intelligence analysts provide warning of threats or instability or to provide information on how populations are responding to real time events. This commercial tool, used heavily by marketing firms, can augment State Department and other reporting on in country sentiments and provide insights into socio cultural priorities and concerns.

BLOCK Chain Intelligence: Blockchain intelligence can enable proactive disruption and analysis of adversaries by providing data on how they are using virtual assets for revenue generation. This process allows provides a high-level overview of a country's cryptocurrency usage, which could provide valuable insights into the nation’s overall economic health and strategy. It also provides detailed information on an individual or entity’s financial activities that can illuminate patterns and processes. The importance of blockchain analysis was underscored in 2024 when the US Senate Committee on Armed Services recommended that the Department of Defense (DOD) explore blockchain technology to potentially revolutionize national security. In the committee’s 2025 National Defense Authorization Act (NDAA), they instructed the Secretary of Defense to investigate and test potential blockchain applications for DoD.

As the Department of Defense has made clear, commercial solutions for trend analysis, finding anomalies, and providing data for decision makers are abundant. The intelligence community already has some of these abilities. What is missing is the fusion of this data into one picture and the ability to use the tools at scale.

Starting with Cultural Change

In order to provide the intelligence needed for an increasingly complex world, we need to fundamentally change the practice of intelligence to accept the importance of publicly available and commercially available data. Additionally, the intelligence cycle needs to change. The intelligence cycle needs to start with open source information and data. This means that the intelligence community also needs to incorporate the technology and the algorithms that will allow today’s intelligence professionals to see trends, anomalies, and threats in that data. This data then should be fused with intelligence collected by the traditional intelligence disciplines to provide decisionmakers and operators with all the information they need to perform their jobs.

Further, to demonstrate the importance of harnessing the publicly and commercially available data, the intelligence community must develop an open source center that brings together the myriad open source/PAI/CAI and data sifting technologies that industry currently is building. The high-tech center would be the first step for intelligence analysts of all types in building threat and warning analysis and targeting. This center would be a place where the US and its allies could share data and techniques to build a global warning picture. It would be the intelligence community’s beginning of the Enterprise Command and Control picture or the Common Intelligence Picture.

We will need creativity and leadership to move forward with this generational change in how the intelligence community does business. If this major shakeup does not begin soon, the US will lose its edge and remarkable, intelligence driven operations like Absolute Resolve will become amazing stories of American glory that we recount to our grandchildren. The change can happen now

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

The Kremlin Files: Russian Double Agents and Operational Games

THE KREMLIN FILES / COLUMN — There are similarities among intelligence agencies worldwide. All professional services rely on tradecraft to recruit and manage assets. They all operate within bureaucratic systems and ultimately answer to political leaders. At a basic level, espionage tradecraft is a common professional language. However, Russian intelligence services (RIS) differ significantly from their Western counterparts in several key aspects. First, their primary mission is not to serve the interests of the Russian people, nor to protect the country's constitution; instead, their loyalty is to the regime and Putin’s personal political survival. And secondly, in terms of tradecraft, they differ from the CIA and other Western services in their approach and tactics. One of the most important—and often misunderstood—aspects of Russian intelligence is their use of double agents, known in Russian intelligence doctrine as operational games (operativnye igry).

For Russian intelligence, operational games are not just niche skills or occasional counterintelligence tactics. They are fundamental. Double agent operations are central to how Russian agencies define success, justify their importance, and maintain their institutional identity. Whether other collection methods succeed or fail, the RIS reliably and continually default back to operational games. Therefore, understanding how and why the RIS use double agents is essential to understanding Russian intelligence itself.

Before examining how these operations work, it is important to get the terminology right, and something that even experienced national security reporters, espionage writers, and analysts in the West frequently get wrong. The term double agent is often misapplied to describe penetrations of one intelligence service by another. In reality, these are two very different phenomena.

A penetration is an agent who betrays their own service to spy for a foreign power. Aldrich Ames, who recently passed away three decades after he was arrested, was a traitor and a penetration of the CIA by Russian intelligence. He was not a double agent.

A double agent, by contrast, is an intelligence asset who is knowingly and deliberately directed by one service to engage another in espionage. The controlling service uses that agent to feed information (called feed material) —true, false, or mixed—to the adversary. They do so to simultaneously study the adversary’s tradecraft, collection priorities, and decision-making.

In the Russian system, double agents also serve a bureaucratic function: they generate statistics, “success stories,” and operational narratives that demonstrate effectiveness to political overseers and ultimately to Putin himself. Putin knows this; after all, he was a Lieutenant Colonel in the KGB Second Chief Directorate (responsible for Counterintelligence for the USSR), and he later headed the FSB himself.

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Double agents are used in the West and by the U.S. services, but we don’t lie to our government about the origins of the cases or pretend they are real counterintelligence successes when they reach their conclusion. The distinction is not academic. It lies at the heart of how Russian intelligence thinks about espionage. Every year, the FSB publishes an annual report and claims statistics on hundreds of alleged spies it has caught. The vast majority of them are invented, manufactured, or the FSB’s own double agents. In other words, they are not real cases.

Russian services employ multiple varieties of double agents and operational games. They have many names, including the initsiativnik, which is a false volunteer who often “walks in” to an embassy. Also used is the podstava, or dangle, in which Russian services will use the routine of an intelligence officer, diplomat, or journalist and insert the “dangle” right in front of the target at a gym, reception, or other function to appeal to the target. There are still more different varieties and names for other types of double agents.

These operations are not limited to targeting foreign intelligence services. They are also used against businesspeople, journalists, diplomats, nongovernmental organizations, and even Russian citizens themselves. The objective is often not solely intelligence collection, but also control, as the Russians say, to have the target “pod kontrolem,” or under 100% operational control and influence. That is why the Russians prefer, though not exclusively, to carry out double agent operations on Russian soil. Abroad, they are less confident that the SVR or GRU can fully control their double agent during meetings with the adversary.

The end goal is to ensnare, compromise, manipulate, arrest, or extort targets for recruitment and long-term exploitation. A few examples from history help illustrate Russian intelligence’s fixation on double agents, dating back to its earliest institutional roots.

The Cheka and later the NKVD/OGPU perfected operational games in the 1920s through landmark deceptions such as Operation TRUST. With the TRUST operation, the OGPU (Soviet counterintelligence at the time, another forerunner of the KGB) created a fictitious anti-Bolshevik underground to lure in Western intelligence services and Russian émigrés. TRUST sent intelligence officers to the West, or cooptees, who they intimidated to pose as members of this fake organization that claimed to stand against the Bolsheviks.

The operation ran for years, successfully feeding disinformation to multiple foreign services while identifying, neutralizing, or recruiting their agents. They often lured Russians home to “help in operations” only to have them arrested, interrogated, and usually shot in the back of the head in a Chekist-style vyshaya mera (highest measure) execution. The TRUST culminated in the capture of the famous British intelligence officer Sidney Reilly, one of the most celebrated spies of the era, who was executed in a similar fashion.

That double-agent tradition continued throughout the Cold War, when Soviet intelligence used double agents not merely to mislead adversaries but also to validate its own competence. Kim Philby, while often remembered in the West as a Soviet penetration of British intelligence, was also used as part of broader operational games to shape Western threat perceptions and protect other Soviet assets. Scores of Western intelligence officers or special operations team members were wrapped up in the Soviet Union or Eastern Europe immediately after World War II, the victims of KGB and OGPU/GRU operational games Philby had detailed to the USSR. Most were eventually executed.

In later decades, the KGB ran controlled double agents against Western services to exaggerate Soviet capabilities, mask vulnerabilities, and manipulate counterintelligence priorities. The Soviet KGB ran a wave of double-agents at the CIA in the late 1980s with false feed material to explain the 1985 U.S. intelligence losses. Rick Ames volunteered and compromised a dozen agents working for the CIA and FBI (Ames was not arrested till 1994). The KGB and later SVR used these operational games and false volunteers to protect him, trying to give CIA and the broader U.S. IC reasons why the compromise may have happened (Circle of Treason is a classic read on this period and all the various games the KGB was playing to protect Ames with false feeds to CIA and the FBI).

These operations reinforced an internal belief that intelligence success could be measured by how convincingly one could influence the enemy’s perception of reality. In Russian intelligence culture, the double agent is not an exception — it is the ideal. In today’s FSB, however, as well as their foreign counterparts, the SVR, the double agent too often is used to justify their very own existence, instead of paying dividends in terms of tradecraft learned or secrets protected. Operations like TRUST are mostly a relic of the past. Today, the FSB is too busy entrapping innocent foreigners like basketball players, teachers, and NGO workers.

The U.S. IC and our Western allies have learned over the decades that the FSB/SVR and GRU have presented double-agent cases to their political leadership as if they were genuine agents caught and arrested, all the while the case was simply that they were double agents. They feed statistics from the FSB each year about exaggerated intelligence operations—more than all the services in the world could carry out against Russia—and also claim to have thwarted all of them. These reports reach Putin and the Presidential Administration to justify larger budgets, which in turn breed more corruption and line the pockets of senior and middle managers.

This is not unique to Russia; it is often the case across the former Soviet countries of Central Asia, where many of the services remain close and subservient to the Russian FSB and SVR. These services, often serving despotic regimes, swear by double agent operations because, in many cases and over many years, the only “spies” they can really uncover are those they falsely created under a double agent operation. They use them against a range of unwitting foreign citizens, including in legitimate business practices, to extort them and their companies for money when brought up on false charges.

The practice has been expanded in recent years by the Russian FSB, particularly its counterintelligence division, DKRO (the Department of Counterintelligence Operations), which uses double agents against journalists, businesspeople, and others to trap them and hold them hostage for exchanges with the West. DKRO was responsible for the false arrest and imprisonment of Wall Street Journal reporter Evan Gershkovich before his 2024 swap with the West.

In sum, operational games and the double agents associated with them allow Russian intelligence to shape narratives, manufacture threats, and create the appearance of omnipresence. They are dirty tricks elevated to doctrine. And they remain one of Moscow’s most effective tools for compensating for broader institutional weaknesses.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

EU Takes Aim at Tehran: IRGC Terror Listing Opens New Front in Europe’s Iran Policy

OPINION — On January 29, Europe found its voice against Iran’s apparatus of terror. The European Union (EU) announced that it is adding Iran’s Islamic Revolutionary Guards Corps (IRGC) to its list of designated terrorist entities. The EU spent years mulling this step and taking half measures. Now, the EU and its member states must use this new much-needed tool broadly and effectively. The EU’s designation should mark the start of Europe’s campaign against the IRGC, not its end.

Formally listing the IRGC will give Europe important new authorities to limit Iranian attacks and plotting on their soil. The EU’s move also has major symbolic value, particularly at a time when the Iranian regime is under pressure at home and abroad.

The EU previously sanctioned some of the IRGC’s branches, leaders, and operatives. But EU member states resisted taking action against the IRGC in its entirety for several reasons, including European fears of Tehran’s reaction. Iran has long been vocal in its opposition to an IRGC designation, warning in recent days that an EU label would have “destructive consequences.” The U.S. unwillingness to lift its own Foreign Terrorist Organization listing of the IRGC was reportedly a key reason why U.S.-Iran negotiations fell apart during the Biden administration.

The EU designation comes on the heels of the Iranian regime’s bloody crackdown against its own outraged people. The EU’s decision—reached by consensus among its 27 member states—lends Europe’s united voice to the Iranian protestors’ indignation against their oppressors.

The EU action also sends a powerful message to Tehran that it should refrain from conducting attacks on European soil against its perceived enemies, particularly Iranian dissidents and Israeli and Jewish targets. European security officials express great concern about that risk now. Both the IRGC’s deadly Quds Force and Iran’s notorious Ministry of Intelligence and Security (MOIS) have conducted numerous terrorist plots in recent years in Europe, including in Sweden, Germany, Cyprus, and Belgium. Individual European governments have disrupted and prosecuted these networks and issued statements condemning Iranian behavior, but this is the most unified and strongest European stance to date.

With the EU designation, any IRGC assets in Europe are now subject to an asset freeze. It is now illegal to provide the group with funds or resources. The designation also requires EU member states to increase police and judicial cooperation on IRGC-related criminal matters. And the EU will impose a travel ban on IRGC members hoping to visit Europe.

The Europeans should now aim to use these tools vigorously. The IRGC has historically had near global reach, not only with its terrorist cells but with its procurement and financial networks. Uncovering and disrupting the IRGC’s networks and freezing their assets would weaken the corps’ capabilities to rearm, profit, and funnel materiel and finances to its proxies.

Europe can and should do much more to maximize the impact of the designation and impose real costs on the IRGC and its overlords. The EU’s 2013 designation of Hezbollah’s so-called “military wing” offers a good model for how an EU designation can empower both the EU and its member states.

First, the EU should ensure that Europol – the EU’s umbrella police agency – gets a key role in coordinating and supporting IRGC-related investigations across Europe, as Europol has done with Hezbollah. Before the EU’s designation, Europol’s ability to police the IRGC’s operatives in Europe was greatly limited. The IRGC’s many European plots often have a consistent modus operandi, including using criminal actors not associated with Iran to carry out attacks and thus offer Tehran a figleaf of deniability. Europol is uniquely positioned to see the whole picture and share relevant information with all EU member states.

For one model, look to Europol’s involvement in the complex multi-jurisdictional investigation of the Hezbollah financier Mohamad Nourredine, which involved multiple European governments as well as several U.S. law enforcement agencies. In 2018, he was convicted in a French court on multiple charges and sentenced to seven years in prison as part of a multi-country investigation codenamed “Operation Cedar.” Europol could use provide similar support in international investigations against IRGC operatives.

Since 2014, Europol has also played an integral role, along with the United States, in the Law Enforcement Coordination Group, the sole international body dedicated to countering Hezbollah’s terrorist and illicit activity. The EU should empower Europol to do likewise for the U.S.-led Countering Transnational Terrorism Forum, which focuses on Iran-linked terrorism.

Second, European governments must follow up on the EU’s actions and impose their own national bans and designations. Many European countries did just this against Hezbollah, including Germany, Slovenia, Austria, the United Kingdom, and the Baltics.

Take Germany, which shows how national-level actions can strengthen law enforcement and build on Brussels’s actions. In May 2020, Germany formally banned Hezbollah and conducted near simultaneous raids on several Hezbollah-linked organizations in the country. Germany is now prosecuting a Lebanese national allegedly tied to Hezbollah for procuring drone components for the terrorist group – a scheme that also took place in the U.K. and Spain.

The EU’s IRGC designation won’t tip the balance of power within Iran in favor of the protestors, but it can still help reduce Iran’s ability to stage vicious attacks abroad. The EU and its member states must robustly implement these new authorities for them to have the desperately needed effect.

Michael Jacobson, a senior fellow in The Washington Institute’s Reinhard Program on Counterterrorism and Intelligence, formerly served as director of strategy, plans, and initiatives in the State Department’s Counterterrorism Bureau.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

Should Western Tech Giants Partner With Pro-Hamas Network Al Jazeera?

OPINION — A few weeks ago, Al Jazeera named Google Cloud as its primary technology provider for “The Core,” a sweeping program designed to integrate generative artificial intelligence (AI) throughout its production process. The move, which further deepened the relationship between the two companies, should sound alarm bells for policymakers and anyone concerned with the accuracy, credibility, and transparency of the news media and information space, which impacts nearly every aspect of society.

The Core enables more efficient reporting and even drafts scripts that humans generally would otherwise write. Reporters can pull archival material in seconds, generate compelling data visualizations — visual stories — and synthetic images at planetary scale, and automate story planning, all through AI platforms built by Google.

However, it’s not the innovation that’s the problem but rather its use to generate and amplify adversarial state-funded and directed news with no warning labels to its global audience.

The Qatari state funds and oversees Al Jazeera, shaping editorial output. Because of its shared ideology with the Muslim Brotherhood, Al Jazeera’s content often reflects the lens of the Muslim Brotherhood, three branches of which the United States just designated as a terrorist organization. The Qatari outlet also has a history of producing content that glorifies terrorism. Tech companies that help Al Jazeera amplify its content using algorithms, AI, or other methods, advance Qatari foreign policy rather than reflecting independent media assessments on a wide range of worldviews.

Part of the Al Jazeera-Google program is “AJ-LLM,” described as the editorial brain of the system that will be trained on Al Jazeera’s archives and connected to Gemini Enterprise, according to the companies. Al Jazeera is already very prominently cited in large language models (LLMs) like ChatGPT and Claude in questions about the Gaza war, and Gemini could very well follow that trajectory with this expanded partnership.

While one reason Al Jazeera features prominently in LLM answers is because it has no paywall, new partnerships, including Google’s major expansion with Al Jazeera, may fuel its presence even more.

Al Jazeera assures there will be sufficient human oversight in the process. However, Al Jazeera’s current and historic content, with its anti-Western bias that amplifies the likes of Hamas, loaded into its LLM platform, will churn out faster, flashier versions of the same editorial product, in countless formats.

Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.

When users worldwide ask LLM’s about the conflict, they are frequently fed content from a media company that celebrates Hamas terrorist attacks and frames Israeli self-defense as aggression. Because these AI systems operate as black boxes with limited transparency, audiences may receive algorithmically amplified narratives that systematically favor Hamas and Muslim Brotherhood perspectives while appearing to be the product of neutral technological systems.

In May 2025, Google partnered with the Qatari Government Communications Office and the Al Jazeera Media Institute to train journalists in building digital-focused newsrooms. Participants included news directors, journalists, and representatives from various media organizations across Qatar’s media landscape.

What kind of messages do Al Jazeera trainers convey to journalists and diplomats who take their courses? The case of Muhammed Khamaiseh from the Al Jazeera Media Institute is instructive. In 2018, Khamaiseh posted, “Jews have been known for centuries to be cunning thinkers, and currently, the entire global economic system is under their control.” Khamaiseh had previously celebrated Hamas rocket attacks on Israeli civilians in 2014 and offered affection for Hamas after its kidnapping and murder of three Israeli teenagers. “This is why we love Hamas :D,” he wrote. Ironically, Khamaiseh is the author of “A Guide Avoiding Discrimination and Hate Speech in the Media, published by the Al Jazeera Media Institute.”

Qatar is an authoritarian nation, whose stringent media laws prohibit any criticism of Qatari leadership or policy, making Al Jazeera’s output anything but independent. The Department of Justice has determined that Al Jazeera is owned and directed by a foreign government. Congress has asked Justice to review whether the Qatari government should be required to register under the Foreign Agents Registration Act. DOJ has already required Al Jazeera’s AJ+ to register but the Qatari network has failed to do so.

Egypt, Jordan, Saudi Arabia, the United Arab Emirates, and Iraq are among the countries that have placed bans on Al Jazeera. Some bans remain on the Qatari channel. In addition, despite Al Jazeera posing as a savior of Palestinians, prominent Palestinians have long expressed concerns that Al Jazeera has stirred up regional hostilities and fomented violence, a problem that would be amplified if Al Jazeera’s cleverly designed content is recast as neutral algorithmic outputs. News consumers would be hard-pressed to find examples of Al Jazeera criticizing Hamas’s atrocities.

U.S. regulators should regard AI partnerships with foreign state-directed authoritarian media as they would regard sensitive technologies. They should trigger formal risk assessments. Congress should require companies with AI products to disclose the extent to which foreign state-directed media sources are used in training data, retrieval systems, or generated outputs. Absent such transparency, lawmakers and the public cannot evaluate the scale of foreign state influence embedded in AI-driven information systems.

Google should also require clear labeling when AI-generated news summaries or analytical outputs rely on content from foreign state-directed media organizations. Users should not be left to assume neutrality.

Preventing Americans and the global community from being manipulated by the Qatari state’s anti-Western, pro-extremist Al Jazeera content, even though it may be cloaked in high-tech flash, should be a top priority for both technology companies and policymakers. It’s time to pull back the curtain.

Toby Dershowitz is a senior advisor at the Foundation for Defense of Democracies, where Asher Boiskin is an intern. Follow them on X @TobyDersh and @asherboiskin.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Norman T. Roule

Norman T. Roule

General Paul Nakasone (Ret.)

Back to top