The Cipher Brief

There has been yet another terrorist attack targeting Britain’s Jewish community. This time, two Jewish men were stabbed on Wednesday in Golders Green, London - a leading center of Jewish life and culture in the UK. The incident follows a series of recent attacks on Jewish targets, including assaults on Jewish ambulances in north London just weeks ago, and comes amid a broader surge in anti-Jewish violence across Australia, the United States, Europe, and beyond.

The reaction to this attack has been more marked than any previous antisemitic attack in the Uk that I can remember. It has dominated headlines here, in the mainstream media including the BBC. Prime Minister Starmer reacted with condemnation within minutes of the attack taking place. Politicians on all sides - almost all sides - have said that British Jews have to feel safe, have to have confident expectations of being able to live a normal life like other communities in the UK. More Jewish people have been interviewed by the media and the messages they have been giving out are consistent. They do not feel safe, they do not feel they are understood.

The man suspected of committing the two stabbings has been named as Esse Suleiman, a British national born in Somalia. Responsibility for the attack has been claimed by a terrorist organization with links to Iran.

I have written about this problem before, and I have two contentions that should make this relevant to all readers of the Cipher Brief. The first, as I have said before, is that antisemitism has to be treated as a national security issue. The second and related is that antisemitism is not just a threat to the Jewish community but to democracy. You cannot have a democracy in which one group of the community is battered into silence, fear and flight.

The issue therefore matters to people everywhere who share the values of democracy and tolerance.

The clear goal of these attacks is to make Jewish people in England - perhaps less than 0.5% of our population - feel so unsafe that they leave the country. If they take the obvious route - to Israel - this will somehow only play to the conspiracy theories of Islamists and the extreme left. So where else do they go?

I do not think most British Jews will be going anywhere, but they need more than words from the political class, more than a few extra police officers, or cameras and fences around synagogues, Jewish schools and other buildings.

The need is for a government strategy that specifically counters antisemitism. It has not been enough for people to unite against racism because many people who claim to be, think they are, anti-racist still wittingly or unwittingly perpetrate antisemitism. So, antisemitism is a distinct problem, with distinct causes and needs distinct solutions. The idea that Jews are somehow not an ethnic minority but people at the top of the pile needs to be countered. The idea that there is an alternative to a homeland for Jews needs to be countered. Conspiracy theories that I do not need to retail, but which continue to flood across social media, have to be identified and refuted.

How? When we recognized we had a problem with violent Islamist extremism after the London bomb attacks in 2005 it was recognized that ideas behind the extremism needed to be challenged. Now the same is true of anti-Semitism. The police and intelligence agencies need more power to stop violent attacks, but the battle of minds has to be fought in the public sector - through how teachers understand their pupils and how they counter anti-Semitic ideas often innocently expressed. Community leaders of all faiths and none need to be educated in what antisemitism is, why they should counter it and how. Politicians need to understand the difference between legitimate criticism of the actions of Israel and statements that strike fear into the hearts of Jews.

We need a government led strategy that will expose, discredit and discard anti-Semitism. Only then will Britain’s Jews feel not only safe but free.

To repeat, this is a national security issue and should be treated as seriously as any other national security issue. Our own people should not be terrorized - by state or non-state groups, or by individuals.

This has to start now. It is getting very late.

CIA Deaths Expose Fragile U.S.-Mexico Security Ties

Around two o’clock in the morning of April 19, an SUV veered off a twisting dirt road in a remote corner of the Sierra Madre, plunged into a ravine and burst into flames. The dead were two Chihuahua state law enforcement officers and two unnamed Americans -- who were identified by Mexican authorities as CIA officers.

A state official initially said that all four of the dead were returning from two days of fairly spectacular raids of methamphetamine super-labs in the highlands near a hamlet called El Pinal. That account was swiftly retracted, and the Americans were described as “instructors” teaching state cops how to pilot drones. Either way, the CIA had just put boots on the ground deep in Mexico’s Golden Triangle, a forbidding terrain infamous for vast fields of opium poppies and marijuana, clandestine landing strips for Colombian cocaine flights, and, lately, synthetic drug labs pumping out tons of methamphetamine and fentanyl. This might be a first, but at the very least it was rare, and the price was terrible.

“Why would CIA personnel go deep into Mexico’s cartel country - to a place that’s considered the turf of an extremely violent, heavily armed transnational group?” CIA clandestine service veteran Ralph Goff asked rhetorically and answered. “CIA officers go where their intelligence missions take them. And that includes dangerous areas like war zones and high crime areas - and Mexico is an unfortunate combination of both, with the added risk of dangerous roads. We are trained to deal with dangerous situations and events, which reduces risk but never eliminates risk, and we are aware of this.”

The Trump administration’s intensifying pressure on Mexico’s organized crime families is stirring furious protests from Mexico City, where political leaders are acutely protective of perceived insults to their national sovereignty. Yesterday, Mexican President Claudia Sheinbaum told reporters that her government had sent Washington a formal "diplomatic note” objecting to the CIA officers actions and suggested they had gone rogue. “The [U.S.] federal government didn't know about the involvement of these people (in the operation) and we hope that it's an exception," Sheinbaum said in her daily morning press conference, according to Reuters. "...From now on, as has been done, our constitution and national security law should be followed." Sheinbaum’s remarks followed a statement issued on Saturday by Mexico's security cabinet, charging that the U.S. officials had not been accredited to participate in security activities in Mexico and complained that one of them had entered Mexico as a tourist.

The deaths of the two CIA officers have aggravated longstanding U.S.-Mexico tensions over security ⁠cooperation, particularly when it comes to operations against Mexico’s multi-billion-dollar cartels, which have diversified from drug trafficking into human trafficking, petroleum pirating, extortion and other lucrative crimes. President Donald Trump has repeatedly pressed for greater use ⁠of U.S. military force to combat Mexican cartels and has threatened unilateral action, even inside Mexican territory.

Sheinbaum has pushed back, asserting the U.S. cannot send U.S. officers or troops across the border but is welcome to share intelligence with Mexican officials.

For CIA, DEA and FBI personnel assigned to Mexico and the border area, passing actionable intelligence about specific high-value targets has often been a non-starter, citing widespread corruption within the Mexican government. A number of U.S. informants have been murdered in recent years, according to U.S. officials, with leaks suspected though usually unproven. U.S. Ambassador Ron Johnson, a former Green Beret and CIA operations officer, appears to have taken the side of U.S. intelligence officers wary of cooperating with their Mexican counterparts because of the risk of corruption. Significantly, last Thursday, Johnson traveled to Los Mochis, the town where notorious cartel kingpin Joaquin “El Chapo” Guzman was captured in 2016, deep in Sinaloa state, also known as the second leg of the Golden Triangle, and spoke at a ground-breaking for a joint U.S.-Mexican methanol plant. “If we want projects like this to succeed – if we want our shared future to be as bright as it can be – corruption and extortion have no place,” Johnson said pointedly. The existing bilateral trade agreement, he said, “requires our governments to criminalize bribery and corruption and enforce codes of conduct for public officials. We may soon see significant action on this front. So, stay tuned.”

This is exclusive Subscriber+Member content.

By “stay tuned,” the Los Angeles Times reported, citing unnamed sources, the American ambassador was signaling an escalating Trump administration anti-corruption campaign, focused on Mexican officials allegedly linked to organized crime. This campaign would be more severe than the administration’s decision last October to revoke ⁠the visas of more than 50 Mexican politicians for “activities ⁠that run contrary to America's national interest."

CIA officers have worked closely with some Mexican military and security units since the Agency’s creation in the early Cold War. Officers based in Mexico City have long cultivated relationships with Mexican officials willing to help keep tabs on suspected Russian, Chinese, and Cuban spies, Middle Eastern extremists and other shady characters suspected of using Mexico City as a base for espionage or violent conspiracies against the U.S.

Now the Agency is casting a broader net, in response to Trump’s second-term push for an all-of-government assault on the Mexican cartels. On his inauguration day in January 2025, Trump designated Mexico’s major cartels as “foreign terrorist organizations” and “specially designated global terrorists.” In March of last year, as The Cipher Brief reported, the administration designated drug trafficking as the nation’s top national security threat, a major departure from past designations. Since then, officials say, the CIA has been looking for ways to apply its technological and human assets to counternarcotics work, in the Triangle and beyond.

Experts say intelligence about the Golden Triangle and its gateway border city, Juarez, has never been more crucial, as that smuggling corridor has become a battleground between two ambitious emerging crime groups: La Linea, loosely aligned with underworld leader od the Cartel Jalisco Nueva Generacion, (CJNG) currently the world’s richest, most powerful cartel, and the Gente Nueva, a splinter of the Sinaloa Federation, a waning but still powerful and storied old-line cartel. Both of the upstarts operate in and around Juarez, on the border across from El Paso, a major American metropolitan area and one of the nation’s most important trade hubs, handling an estimated $106 billion in U.S.-Mexico cross-border trade in 2024 alone.

“Paramilitary officers and Case Officers from the CIA's Directorate of Operations are tasked to fill the gaps that other USG agencies may have in their programs and to bring our unique skills to bear in support of law enforcement agencies like DEA and FBI as well as DoW,” Goff said.

In Mexico, the CIA strives to keep a low profile, because Mexican politicians, influential people and the press are deeply suspicious of Washington, especially its spy agencies. The current exceptional episode began on Sunday, April 19, when Chihuahua state Attorney General César Jáuregui announced news that Pedro Román Oseguera Cervantes, commander of the state agency of investigation, AEI, a state policeman, and two American “instructors” from the U.S. Embassy in Mexico City had been killed in a vehicle accident in southern Chihuahua. He said they had been returning to the state capital of Chihuahua City after taking part in a state police-military operation raiding six industrial-size methamphetamine labs in the thickly forested highlands. The destruction of a major cartel complex was heralded as a win for the good guys, but Jáuregui inadvertently ignited a political firestorm that’s still raging. Questions proliferated when the Washington Post and Associated Press, citing an unnamed U.S. official, reported that the American “instructors” who were killed were working for the CIA.

“There cannot be agents from any U.S. government institution operating in the Mexican field,” Sheinbaum told reporters. “It is very important that something like this not be allowed to go unaddressed.” She said she was considering sanctioning Chihuahua law enforcement officials for dealing directly with the CIA instead of deferring to the central government.

Sheinbaum’s efforts to corral the CIA, and perhaps other U.S. agencies, brought a sharp rebuke from the White House. “I think the president would agree that some sympathy from Claudia Sheinbaum would be well worth it for the two American lives that were lost, considering all that the United States of America is doing currently under this president to stop the scourge of drug trafficking through Mexico to the United States,” White House press secretary Karoline Leavitt said.

Everyone needs a good nightcap. Ours happens to come in the form of a M-F newsletter that keeps you up to speed on national security. Sign up today.

Now Sheinbaum is caught between Trump, who last month issued a proclamation promising the “dismantlement” of the cartels, and Mexican nationalists who view yielding to Washington’s demands as a grave threat to their country’s hard-won sovereignty. Sheinbaum tried to thread the needle by lodging a formal protest over the CIA presence, at the same time forgiving Washington’s transgression, just this once. “Let us hope this is an exceptional case ... and that a situation like this never happens again,” she said.

“It’s appalling to hear how Claudia Sheinbaum has responded to the tragic loss of life of two officers - presumably Agency officers - in the service of our country,” David Shedd, a CIA veteran and former acting Defense Intelligence Agency leader, told The Cipher Brief. “There was absolutely nothing illegal or extrajudicial associated with what these officers were doing in Mexico, as the cooperation to include assisting the Mexican security personnel in forward positions is not new. In fact, the kind of mission that these officers were on has led me to believe with a high degree of confidence that bilateral security cooperation between the U.S. and Mexico has never been better. That cooperation has been sanctioned by Sheinbaum. For her to publicly distance herself from our joint security operations is again, appalling.”

Shedd said that the value of sending the CIA officers on the lab raid would have been to let them examine the labels and markings on the drums and sacks of precursor chemicals, so they could identify the chemicals’ points of origin. According to DEA intelligence reports, most of the precursor chemicals used in meth production come from China. “The mission that these U.S. officers were on was absolutely critical to the efforts, to not only destroy the lab but if at all possible, establish a fact-based pattern of Chinese ties to the Mexican cartels,” Shedd said.

Adding to the cross-border tensions: Mexican officials’ shifting stories about what happened on that dark night in the Sierra Madre. Jáuregui, the Chihuahua attorney general, was publicly chastised by Mexico City, then held a second press conference to say there had been a misunderstanding, and CIA officers hadn’t been anywhere near the actual lab raids. He said they had been in another mountain village – Polanco, pop. 403 – six-and-a-half hours away from the action, training state officials on how to operate drones. He didn’t explain why the state needed drone operators – presumably to spot clandestine labs.

Jáuregui said that once the Americans wrapped up the drone training session, they contacted officials with the Chihuahua state investigation agency, AEI, who were coming back from the lab raid, and asked to hitch a ride to the state capital, so they could catch their flight home to Mexico City. (The number of CIA officers involved is murky. The Los Angeles Times reported that there were four CIA personnel, two in the lead SUV with the AEI’s director, and another two in a pickup truck with other Mexican police officers.) At any rate, the police-military convoy picked up the Americans. Around 2 a.m. the lead SUV, with two CIA employees, went off the road, tumbled into the ravine and exploded. It all happened too fast for others in the convoy to help. So far, no evidence has surfaced to suggest foul play. By all accounts, so far, it was just very bad luck.

“Unfortunately, long days followed by bad roads and being tired – there are car accidents,” says Goff. “There's 140 memorial stars on the wall, and our martyrs there. Not all of them were killed by enemy action. We have colleagues who were killed in car crashes, killed in plane crashes, killed in hotel fires, things like that. But it still makes them our martyrs. And we mourn them and we're saddened by their loss, but it's like any endeavor. It's part of what we take on.”

Houthi's are Positioned to Close the Bab el-Mandeb Strait

OPINION — Despite suffering heavy losses to combined U.S.-Israeli military strikes, the Iranian regime remains defiant. It’s recent reluctance to send a delegation to Islamabad to resume talks with the U.S. was not—as President Trump asserted—because the regime is too “fractured.” It did not attend because it calculated it is operating from a position of strength, not weakness. Their calculus is rooted in their confidence in their ability to punish the global economy by choking off the Strait of Hormuz, and thereby strike back at the U.S.’ center-of-gravity; our political economy.

But while attention is rightly focused on the Hormuz, it is not the only point of vulnerability. Yemen’s Houthis remain positioned to close the Bab el-Mandeb Strait, which sits astride the vital sea route to the Red Sea and Suez Canal. With the Strait of Hormuz effectively shut, Saudi Arabia is now routing roughly five million barrels per day through the Red Sea port of Yanbu. Every barrel sits within Houthi strike range. The USS George H.W. Bush carrier strike group, deployed from Norfolk in late March, is right now rounding the Cape of Good Hope rather than transit Bab el-Mandeb — a 6,000-mile detour that tells you exactly how seriously the Pentagon takes the threat.

Since the ceasefire took effect, the Houthis have launched at least eight barrages at Israel and have shifted their approach to Red Sea shipping from broad pressure to selective political screening — identifying and targeting vessels by political affiliation rather than nationality, applying the same graduated-pressure formula Iran employed at the Strait of Hormuz. Senior Houthi political official Mohammed al-Bukhaiti has stated publicly that current strikes on Israel constitute only a "first phase," a formulation that signals the movement is managing its escalation options against future contingencies, not simply reacting to current events.

Removing the threat to the Red Sea, however, will not flow automatically from a U.S.-Iranian peace deal, even if one is achieved. Washington’s analytical error is treating the Houthis as a faucet Tehran can open or close. The evidence points the other way. The Houthis are not an Iranian subsidiary taking orders; they are a franchise operator pursuing their own agenda under a shared brand. Their calibrated restraint through most of March, followed by ballistic missile strikes on Israel starting March 28 and a claimed “joint operation” with Iran and Hezbollah on April 1, reflects a Yemeni calculus rooted in Yemeni domestic politics — not Tehran’s stage management. Understanding the distinction matters because it determines whether Bab el-Mandeb closes alongside the Strait of Hormuz. And if it does, the economic shock of this war moves from severe to catastophic.

From “Fingers on the Trigger” to Missiles on Israel

On February 28 — the same day the U.S. and Israel launched Operation Epic Fury — the Houthis threatened to resume Red Sea attacks. Industry bodies reacted immediately. The Baltic and International Maritime Council warned that vessels tied to U.S. or Israeli interests faced elevated risk. UK Maritime Trade Operations issued an advisory flagging increased danger across the Gulf, the Strait of Hormuz, and the Red Sea corridor. Then, nothing.

On March 5, Houthi paramount leader Abdul-Malik al-Houthi declared the group’s “fingers are on the trigger, ready to respond at any moment should developments warrant it.” The statement was conditional, not committing. Through the first three weeks of the war, Hezbollah fired rockets at Israel. Iraqi Shia militias struck U.S. targets in Kuwait and Jordan. The Houthis — Iran’s most geographically advantaged proxy, astride the second most important maritime chokepoint in the region — stayed quiet.

Their hesitancy baffled me and many of my analytic colleagues. Michael Hanna of the International Crisis Group said plainly: “We are not exactly sure, to be honest.” CSIS and Israel’s Institute for National Security Studies each published assessments attempting to account for the reticence. The Times reported on March 16 that the Houthis were awaiting an Iranian signal. Bab el-Mandeb remained the only functioning artery for Saudi crude, with roughly 30 tankers near Yanbu within Houthi range at any given moment.

On March 27, Houthi supporters rallied in Sanaa in “solidarity with Iran and Lebanon.” Military spokesman Yahya Saree warned that the U.S. and Israel would not be permitted to use the Red Sea as a base against Iran. The next day, March 28, the Houthis fired their first ballistic missile at Israel since October 2025. The IDF intercepted it. A second salvo of a cruise missile and drones followed the same day. On April 1, Saree claimed a coordinated “joint operation” with Iranian and Hezbollah forces targeting Israeli military sites. But the Houthi attacks then ceased and the group again went quiet.

On April 7, a senior Iranian source told Reuters that “if the situation gets out of control, Iran’s allies will also close the Bab el-Mandeb Strait.” As of this writing, no commercial vessel has been struck in 2026. The USS George H.W. Bush is off Namibia. Saudi crude still flows through Yanbu. The Houthis have reshaped global naval movement without firing a shot at shipping.

Who They Actually Are

Most American coverage describes the Houthis as “Iran-backed Yemeni rebels” and leaves it there. That shorthand obscures more than it reveals.

The movement emerged from the “Believing Youth” (al-Shabab al-Mo’men) Zaydi revivalist study circles that formed in Yemen’s northern Saada province in the 1990s. The Houthi family’s grievances were not invented in Tehran. They run back to Yemen’s 1962 revolution, which ended a millennium of Zaydi imamate rule in the north and marginalized the Hashemite clerical class from which the al-Houthis claim descent. The founder, Hussein Badr al-Din al-Houthi, was killed by Yemeni government forces in 2004 in the first of six Saada wars with the Saleh regime. His recorded lectures still form the core indoctrination curriculum today.

The current leader is Hussein’s younger brother, Abdul-Malik al-Houthi. He holds the title Alam al-Huda — “Icon of Guidance” — signifying his claim as supreme leader chosen by God and entitled to absolute obedience from his followers. He has not appeared publicly in weeks. Israeli airstrikes in August 2025 killed 12 members of the Houthi cabinet including Prime Minister Ahmed al-Rahawi; Chief of Staff Mohammed al-Ghamari was killed in October 2025. Houthi senior leaders have been instructed to stay off-grid.

Organizationally, the movement is highly personalized and familial. The “preventive security” apparatus — modeled explicitly on Iran’s IRGC and reportedly set up with Hezbollah and Iranian trainers — reports directly to Abdul-Malik al-Houthi rather than to any Yemeni state institution. A U.N. Panel of Experts has described it as the most influential intelligence apparatus in Houthi-controlled areas. The key public figures are Yahya Saree (military spokesman), Mohammed Abdulsalam (chief negotiator, under U.S. sanctions), and Mahdi al-Mashat (formally “commander-in-chief”). But real authority rests with Abdul-Malik and a narrow circle of family and clan figures in Saada.

What motivates them is a blend Washington consistently underestimates: Yemeni nationalism, Zaydi-Hadawi revivalism, Hashemite hereditary entitlement, and an anti-imperial ideology that borrows from Khomeini’s Wilayat al-Faqih but does not depend on it. Their slogan — “Death to America, Death to Israel, Curse the Jews, Victory to Islam” — predates Gaza and is core identity, not opportunistic branding. They are not popular. A 2024 Sanaa Center for Strategic Studies poll found that only 8 percent of Yemenis in Houthi-controlled areas viewed the movement positively. They rule by coercion. Their revenue model — war profiteering, smuggling, extortion of humanitarian aid, racketeering through the port of Hodeidah — has immiserated Yemen rather than developed it.

Franchise, Not Subsidiary

Here is where the analysis matters most. The conventional framing — Houthis as “Iranian proxy” — is useful shorthand but strategically misleading. CSIS Middle East Program director Jon Alterman has put it most plainly in congressional testimony: Iran did not create the Houthi movement, and Iranian support for it is “relatively new” and “largely opportunistic.”

The historical record bears this out. Through the first Saada war in 2004 and the five that followed, Iranian involvement was minimal. The Houthis took the Yemeni capital of Sanaa in September 2014 without significant Iranian support. Serious Quds Force engagement — weapons transfers, training, technical assistance — began only around 2017, after the Houthis had already demonstrated they could hit Saudi Arabia on their own.

What Iran has provided since is real and strategically consequential: ballistic and cruise missiles, anti-ship weapons, long-range drones, training (initially routed through Hezbollah, later direct), intelligence, and increasingly Chinese-sourced dual-use components moved through Iranian logistics networks. But patronage is not command. A franchise pays royalties and flies the brand; it does not take operational orders on schedule.

The distinction is not academic. It shows up in the March-April 2026 pattern in three ways that contradict the proxy frame.

First, Iran reportedly pressed the Houthis to attack Red Sea shipping. Bloomberg reported in late March, citing European officials, that Tehran was pushing Abdul-Malik’s circle to prepare a renewed maritime campaign contingent on further U.S. escalation. The Houthis declined. They launched at Israel instead — a much lower-risk target under the terms of the May 2025 U.S.-Houthi ceasefire, which covered U.S. vessels but not Israeli territory.

Second, credible reporting suggests elements of the IRGC have actively discouraged Houthi escalation at certain moments. Nadwa al-Dawsari of the Middle East Institute has argued that the Guards do not want to “drag the Houthis into a suicidal war” because Tehran may need Yemen as a fallback base if the Iranian regime itself collapses. That is not how a principal treats an agent. It is how one franchise operator protects another.

Third, the Houthis are conducting their own internal debate. Al Jazeera’s reporting from Sanaa and analysis by INSS identify two camps inside the Houthi leadership. A cautious current, shaped by the hard lessons of Operation Rough Rider — the U.S. bombing campaign that ran from March to May 2025 and killed many of the group’s senior missile and drone commanders — argues that direct involvement drains resources, invites Israeli decapitation strikes, and complicates the political track with Saudi Arabia. A maximalist current, aligned with the “unity of fronts” rhetoric coming out of Tehran, argues that this moment is the strategic payoff the movement has spent a decade preparing for. The March 28 strikes on Israel were a compromise between these camps, not an order from Iran.

The May 2025 Omani-brokered U.S.-Houthi ceasefire is the one piece of evidence often cited for the proxy frame. Iranian officials did sway the Houthis to accept it, and the Atlantic Council read this as evidence of Tehran’s “continued command and control.” But the better reading is the INSS one: Iran negotiates with the Houthis, not through them. The ceasefire served Houthi interests — stopping a bombing campaign that had killed their commanders — at a moment when those interests happened to align with Iran’s. Alignment is not subordination.

Why Restraint Now, and What Breaks It

Three drivers account for Houthi restraint through the current phase of the war.

The first is self-preservation after 2024 and 2025. Israeli and U.S. strikes gutted Hodeidah port, killed the cabinet, eliminated al-Ghamari, and degraded the missile and drone arsenal Iran had spent a decade building up. The decapitation playbook Israel ran against Hezbollah — killing Hassan Nasrallah in September 2024 and most of the senior leadership in the weeks that followed — is now a credible Yemen scenario. Abdul-Malik al-Houthi knows this. His survival instinct counsels caution.

The second is the Saudi détente. The 2022 truce between the Houthis and the Saudi-led coalition has held through the Gaza war and survived Operation Rough Rider. Saudi Arabia has spent the last year quietly betting that containment works. More urgently, Riyadh now depends on the Red Sea ports — Yanbu especially — as its Hormuz workaround. Any Houthi strike on shipping off Yanbu shatters the détente and reopens the active Yemen war at a moment when the Saudi-backed internationally recognized government in Aden is stronger than it has been in years.

The third is Yemeni public opinion. Palestine mobilizes the Yemeni street. Iran does not. Most Yemenis view the Islamic Republic as yet another foreign power meddling in their country. Attacking commercial shipping “in solidarity with Gaza” in 2023 and 2024 produced a domestic popularity surge. Attacking shipping “in solidarity with Iran” in 2026 is a much harder sell.

But restraint has a trigger. Three developments would collapse it.

First, U.S. ground operations against Iran. President Trump has deployed an additional 2,500 Marines to the region and has publicly discussed seizing Iran’s Kharg Island. If the war moves from air campaign to ground operation, the calculus inside the Houthi leadership inverts — because the unity-of-fronts logic becomes existential rather than rhetorical.

Second, direct strikes on Houthi infrastructure. If the U.S. or Israel hits Hodeidah, Sanaa, or senior Houthi leadership, the internal debate flips immediately toward the maximalist camp. The cautious current’s entire argument rests on the premise that the Houthis can keep their heads down and preserve the movement. Strikes that negate that premise negate the argument.

Third, an Iranian signal tied to regime survival. Will Todman at CSIS has laid this out clearly: if Tehran judges the regime is existentially threatened, it will squeeze the Houthis hard to join in the fray. New Supreme Leader Mojtaba Khamenei has already hinted at “new fronts in the conflict.” If the IRGC concludes Yemen is the last lever available, they will pull it — and the Houthi maximalist camp will pull with them.

The Bottom Line

What happens at Bab el-Mandeb determines whether this war produces a manageable economic shock or a generational one. Saudi Arabia cannot sustain export volumes without the Red Sea. Egypt cannot sustain its balance of payments without Suez Canal revenues. Asian economies cannot sustain industrial output if both straits close simultaneously. The Bab el-Mandeb is not a secondary concern. It is the keystone of the global response to the Hormuz closure.

The policy implications of the franchise frame are three.

One: any off-ramp with Iran that does not include a separate Houthi track will leave the Red Sea threat intact. Tehran cannot deliver the Houthis. It can influence them, but it cannot guarantee their behavior after a ceasefire.

Two: Riyadh and Muscat are faster levers than Tehran for keeping Bab el-Mandeb open. Oman brokered the 2025 U.S.-Houthi ceasefire. Saudi Arabia has direct back-channels to Abdul-Malik’s circle through the stalled peace roadmap. Those channels should be running hot right now.

Three: direct strikes on Houthi infrastructure should be understood as guaranteeing, not deterring, the Red Sea campaign. Every previous American bombing campaign against the Houthis has ended with more sophisticated Houthi capability and more aggressive Houthi rhetoric. The U.S. Navy is better served by escort operations and deterrent patrols than by strikes that radicalize an internal debate currently running in Washington’s favor.

The image to keep in mind is the USS George H.W. Bush rounding the Cape of Good Hope in mid-April. The Houthis have not fired a shot at a commercial vessel in 2026. They have not sunk a tanker, seized a ship, or mined a shipping lane. And they have still reshaped American naval movement across one of the world’s most critical chokepoints.

That is the franchise at work. Alongside Iran, the Houthis are a consequential variable the Trump administration does not control — and cannot control by treating the Houthis as someone else’s problem to manage.

The author is a former CIA intelligence officer with extensive experience on the Near East. This analysis draws on open-source reporting, regional analysis, and publicly available assessments. All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Follow Chip on X.com and LinkedIn, and watch his Special Competitive Studies Project podcast, Intelligence at the Edge!

This article was originally published on Chip's Substack and is reposted here with permission, give him a follow.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Pakistan’s Terror Landscape Continues to Threaten South Asia

OPINION — In March 2025, an elderly cleric with a long history in Pakistan’s jihadist circles stood before a gathering at Markaz-e-Taiba and called for “jihad against the kuffaar,” explicitly naming India and Israel. The speaker was Amir Hamza, co-founder of Lashkar-e-Taiba (LeT), and his sermon came just weeks before the Pahalgam attack, in which 26 civilians were killed in India’s Union Territory of Kashmir. One year since the Pahalgam attack, Makraz-e-Taiba—LeT's headquarter in Pakistan—remains destroyed because of an Indian airstrike during Operation Sindoor, and Amir Hamza survived two assassination attempts. However, Pakistan-based terrorist organizations have adopted to changing operational circumstances and expanded their geographical reach under the auspice of Pakistan’s civil-military leadership.

The questions remain whether anything has meaningfully changed at all since the four-day conflict between India and Pakistan unfolded in May last year. The answer, based on evolving patterns of activity, appears to be no. Rather than dismantling these networks, Pakistan-based terrorist organizations have adapted, restructured, and in many ways expanded their reach under the protection of the country’s civil-military establishment. Such accommodations not only reveal the acceptance of terrorist organization but exposes the links that continue to flourish under the leadership of Pakistan’s de-facto leader, Field Marshal Asim Munir. As Pakistan continues to position itself as a peacemaker in the Middle East, Islamabad’s ongoing support for Salafi-Jihadi groups reveals a fresh chapter of Pakistan’s long-troubled history with terrorism.

New Logo, Same Motto

Pakistan has formally banned organizations such as Lashkar-e-Taiba and Jaish-e-Mohammad (JeM), but these actions have not translated into meaningful dismantlement. Indian kinetic operations imposed operational setbacks for terrorist outfits and caused significant damage to the state’s military infrastructure, yet Islamabad has not eliminated these groups but helped mainstream them. These groups have now reoriented themselves through layered organizational structures that preserve their operational capabilities while providing a veneer of legitimacy. This transformation is most visible in the emergence of the Pakistan Markazi Muslim League (PMML), widely understood to function as a political front for LeT.

This dual-track strategy—pairing militancy with political participation—is not new, but it has intensified in recent years, particularly under the consolidation of power by Field Marshal Asim Munir. LeT operatives have increasingly appeared in public political spaces, participating in rallies, community outreach programs, and youth mobilization campaigns. These activities blur the boundary between extremist networks and mainstream political life, making it more difficult to distinguish between state-sanctioned political engagement and covert militant operations.

The presence of figures such as Saifullah Khalid Kasuri, a veteran LeT commander now operating within the PMML framework, highlights the extent of this integration. Kasuri, who resurfaced on US radar in 2024 after meeting Hamas terrorist Khaled Mashal in Doha, has openly acknowledged his ties to the Pakistani military and has been photographed alongside senior officers. Similarly, Hafiz Abdur Rauf, a US-designated terrorist, has been seen leading funeral prayers for Pakistani soldiers in the presence of uniformed officials. These instances reflect a pattern of proximity between militant actors and state institutions that raises serious questions about Pakistan’s commitment to counterterrorism.

Despite failing to secure electoral success, PMML has remained active as an ideological platform, targeting youth through training camps, religious competitions, and public gatherings. On several occasions, LeT leader and son of Hafiz Saed, Talha Saeed, has hosted rallies which have been attended by senior Pakistani politicians. In a picture recently leaked online, PMML-Islamabad chief can be seen sitting with Pakistani Defense Minister Khwaja Asif. Such evidence of close relationship between LeT-led political outfit and high-profile Pakistani politicians reveals the degree of access LeT operatives enjoy under the cover of political activities.

Adaptation and Expansion: New Networks, Old Objectives

The transformation of militant groups is not limited to political rebranding. These organizations have also adapted their operational and financial strategies to evade scrutiny and sustain activity. LeT-linked charity networks such as Falah-i Insaniat Foundation (FIF) continue to raise funds across Pakistan, despite being subject to US sanctions. Meanwhile, groups like JeM have shifted toward digital financing mechanisms, including mobile wallets and decentralized payment systems, allowing them to operate with greater anonymity and reduced reliance on formal banking channels. This shift into digital ecosystems represents a significant evolution in militant financing. It reduces the effectiveness of traditional counterterrorism tools, such as financial monitoring and sanctions, while enabling groups to tap into new sources of funding. The result is a more resilient and adaptive network capable of sustaining operations even under increased international scrutiny.

At the same time, these groups are expanding geographically within Pakistan. On April 14, LeT leaders Saifullah Kasuri and Faisal Nadeem visited Quetta in Balochistan Province held a large gathering of LeT cadres. Hundreds attended the gathering in Quetta, which likely reflects LeT’s attempt to strengthen the organization in Balochistan. Historically concentrated in Punjab, organizations like LeT and JeM are now establishing a presence in regions where they previously had limited influence, particularly in Balochistan and Khyber Pakhtunkhwa (KPK). Recent reporting of recruitment drives by JeM in remote areas of KPK also indicate a deliberate effort to broaden their operational footprint in western Pakistan. This expansion serves multiple purposes. First, it allows these groups to diversify recruitment and funding sources, reducing their dependence on traditional strongholds. Second, it enables them to rebuild organizational capacity following losses inflicted by Indian military operations. Third, and perhaps most significantly, it aligns with Pakistan’s broader security challenges.

Pakistan is currently facing a surge in internal insurgencies, particularly from groups such as the Tehrik-e-Taliban Pakistan (TTP) in Khyber Pakhtunkhwa and the Baloch Liberation Army (BLA) in Balochistan. According to the 13th edition of Global Terrorism Index, TTP and BLA were responsible for more than 1,000 attacks in 2025, making Pakistan one of the most terrorism-affected countries globally. In this context, the expansion of LeT and JeM into western Pakistan takes on a new dimension. Rather than being solely oriented toward external targets such as India, these groups may also be serving as instruments of internal counterinsurgency. By recruiting fighters in regions affected by anti-state violence, Pakistan’s military establishment could be attempting to leverage jihadist networks to counter other militant threats. This strategy, while tactically expedient, carries significant risks. It reinforces the ecosystem of militancy rather than dismantling it, creating a cycle in which one form of extremism is used to combat another. Over time, this approach is likely to deepen instability, as different militant groups compete for influence, resources, and legitimacy.

Conclusion: A Persistent Threat to Regional Stability

The persistence and adaptation of these networks raise a fundamental question: has anything truly changed since the Pahalgam attack and the subsequent India-Pakistan crisis? On the surface, there have been visible actions through Indian military operations. However, this has not addressed the underlying structures that sustain militancy in Pakistan. Instead, Pakistan’s approach appears to have shifted toward managing, rather than eliminating, extremist networks. By allowing these groups to operate through political fronts, charitable organizations, and decentralized financial systems, the state has effectively created a parallel ecosystem in which militancy can evolve without direct confrontation. This approach may provide short-term flexibility, but it undermines long-term stability. It perpetuates a cycle of violence that extends beyond Pakistan’s borders, posing a continuing threat to regional security, particularly in South Asia.

One year after Pahalgam, Pakistan’s militant ecosystem has not weakened but evolved, exposing the reality of its military’s "death by a thousand cuts” doctrine against India. This reality should raise serious concerns in Washington, especially as the United States increasingly relies on Pakistan as a mediator in its engagement with Iran. US policymakers must therefore approach this partnership with caution, recognizing that a state struggling to manage its own militant ecosystem may not be a dependable broker in high-stakes regional diplomacy.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

From Chernobyl to Ukraine: The Enduring Cost of Kremlin Lies

In April 1986, a reactor exploded at Chernobyl and the Soviet Union lied about it. That instinct to conceal, distort, and deny did not just worsen the disaster; it would come to define the collapse of the Soviet state. Forty years later, that same instinct still shapes Russia, the largest of the former Soviet republics and, under Putin, the self-proclaimed legacy of that broken system. From Chernobyl to the Ukraine invasion, the through line is not nuclear energy or military ambition. It is the cost of lies. Putin and his siloviki have made it an official state tradecraft.

Four decades since the Soviet nuclear catastrophe at the Chernobyl plant it is important to remember the cost. Dozens died immediately, thousands more within a few years, and likely tens of thousands over the decades from radiation-related illnesses. The disaster scarred the landscape of Ukraine and Belarus, but it also changed the Soviet Union itself, accelerating its decline under the weight of corruption, deception, and bureaucratic rot. Those were not incidental flaws. They were the system.

Looking back at Chernobyl offers a way to understand Russia today. The same security elite - born of the KGB and now embodied in the FSB, SVR, and GRU - still govern the country. President Vladimir Putin and his inner circle of KGB veterans often invoke the Soviet past with nostalgia. But they do so selectively, avoiding the truths that would indict their own system. Their vision is clouded by the same habits of concealment and self-deception that doomed the USSR.

The central lesson of Chernobyl is simple: lies have consequences. The Soviet system was built on them. From Stalin onward, “five-year plans” set unrealistic production targets divorced from reality. Workers and managers learned to fabricate success rather than report failure. The result was a vast Potemkin façade - an economy and state sustained by alleged performance rather than truth. Eventually, the façade, like Catherine the Great’s village of the same name, collapsed.

At Chernobyl, that culture proved fatal. As Adam Higginbotham recounts in his seminal work, Midnight in Chernobyl, bureaucratic pressure and blind obedience drove operators to conduct a dangerously flawed test. Safety systems were disabled and key procedures were ignored. The goal was not safety, but approval from superiors in a rigid, abusive chain of command. Everyone was trying to get ahead in a corrupt, feudal-like Soviet system.

Worse still, the operators were working in the dark, literally and figuratively. The RBMK reactors used at the Chernobyl plant (there were four of them providing energy to the greater Kiev region at the time) had a known design flaw: its control rods, intended to slow or stop the nuclear reaction, could initially increase reactivity when inserted under certain conditions. This flaw had nearly caused a catastrophe during earlier testing in Leningrad. But it was concealed, not only from the public, but from many within the Soviet nuclear establishment itself.

The reason was simple: RBMK reactors were meant to symbolize Soviet technological prowess. They were bigger than those in the West, safer than those in the West, impossible to explode or compromise. Admitting flaws risked lower output, reputational damage, and political consequences. So, the truth was buried.

On the night of April 26, 1986, that buried truth surfaced catastrophically. When operators attempted to shut down the reactor, the control rods accelerated the reaction instead. All the safeties had been removed in order to “complete the test” and for the bureaucrats in charge to get their Soviet-style bonuses and promotions. And with the concealed flaw, the very system designed to ensure safety triggered the explosion.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

It is an apt metaphor for the Soviet state - and for its successor, Russia. Institutions meant to protect the system instead destroyed it, because they were built on secrecy and lies.

Today’s Russia reflects the same pattern. The security services - once the KGB, now its successors in the FSB/SVR/GRU - have not reformed so much as evolved. Their core function remains the same: to preserve power through control of information and to protect the state and its personage in Vladimir Putin. But in doing so, they distort reality for themselves as much as for others.

That dynamic was evident in the invasion of Ukraine. Russian military and intelligence leaders fed optimistic, often false assessments up the chain of command. The FSB and other “organs” of power told President Putin what he expected to hear - just as Soviet officials had done for decades. The result was a catastrophic miscalculation: the largest land invasion in Europe since World War II, launched on faulty assumptions of a short, decisive war. The failed prognostications have cost Russia over 1 million in dead and wounded.

Again, lies fed more lies. And again, the consequences were devastating. The parallels to Chernobyl are not just abstract. They are all too human and they had and still have devastating human consequences for millions of Ukrainians, and Russians.

In 1986, the town of Pripyat - just miles from the reactor - was not evacuated for 36 hours. Tens of thousands were exposed to dangerous radiation. Thousands of them, including children, would die from cancer. The fallout spread across Belarus, Lithuania, and beyond. My own wife, like countless others, spent those days as a young school “pioneer” outdoors in Lithuania for days during school recess, and after school, unknowingly breathing in radioactive particles with no warning from the Soviet leadership. Citizens in Europe and Scandinavia were warned to avoid going outdoors before Soviet citizens thousands of kilometers closer to the danger.

May Day celebrations proceeded as scheduled in Kiev and Minsk with no concern for their citizens’ safety and health while radioactive particles and fallout fell on them. Decades later, those same hundreds of thousands face elevated cancer risks and lifelong medical monitoring (especially of thyroid cancer, the highest risk for having absorbed radiation in such conditions). Hundreds of thousands, even millions, were exposed needlessly, for no reason but lies.

A state that does not protect its own children defies the laws of nature. Russia is that state today, like the USSR was then.

The true human cost of Chernobyl will never be fully known. The Soviet system was too compromised by secrecy to measure it accurately. That same disregard for truth - and for human life - echoes today in Ukraine. Entire cities have been devastated. Millions displaced. The damage, like radiation, spreads invisibly and endures long after the initial event.

There is also a bitter irony in Chernobyl’s continued relevance. The disaster contributed directly to the collapse of the Soviet Union - what Putin has called the “greatest geopolitical catastrophe of the 20th century.” The financial burden of cleanup, combined with an already strained military economy, hastened the system’s unraveling. The Soviet state, already overburdened trying to keep up in an arms race and devoting over half its economy to military production, buckled under the weight of a massive cleanup involving hundreds of thousands of conscripts and volunteers, and billions of rubles.

And yet, the actual site of the catastrophe remains at risk. Recently, a Russian drone struck the New Safe Confinement structure (NSC) built to contain the reactor. The attack caused significant damage and risked releasing radiation once again. That such a target would be endangered - by the very state that inherited responsibility for the disaster, Russia, and whose own citizens could be put at risk - defies logic. But it follows a familiar pattern: short-term action divorced from long-term consequence. Again, the Ukrainian people are made to suffer and be put at risk, just like 40 years ago; and in the midst of an already costly war with untold suffering brought on by Putin and his lies.

Not a Subscriber+Member? Let's fix that and get you access to expert-level national security insights.

Chernobyl is not just history. It is a warning. The lesson is not limited to nuclear safety or Soviet bureaucracy. It is broader, and more enduring: systems built on lies accumulate hidden risks. Those risks eventually surface - often suddenly, and catastrophically.

Forty years ago, the Soviet Union could not escape the consequences of its own deception. Today, Russia faces a similar reckoning. The same habits persist: suppressing bad realities, rewarding loyalty over truth, and mistaking control for stability. But reality has a way of asserting itself.

As the Chernobyl (HBO) series memorably put it: “Every lie incurs a debt to the truth.” That debt can be delayed, disguised, or denied. But it cannot be erased. The question is not whether it will be paid, but when, and at what cost. Putin has encumbered Russia with more lies than any leader in modern Russian or Soviet history. But he faces no accountability for it. Someone will have to pay the debt. Sadly, it is not Putin, nor the security services who will pay, but ultimately, like in Soviet times, the Russian people.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views.

Why the Navy’s Next Battleship Faces Major Hurdles

OPINION — “The Navy and Coast Guard need to demonstrate that the approach to these [shipbuilding] programs is not a short-term deviation followed by returning to the long-standing business as usual approach. This is especially true for shipbuilding programs that require new designs, like the future [Golden Fleet Trump-class] BBG(X) battleship…For these and other future programs, fully leveraging the range of leading ship design practices -- like iterative design based on user feedback and robust, in-house ship design capabilities and digital tools -- will be critical to long-term success.”

That’s an excerpt from the prepared testimony of Ms. Shelby Oakley, the Government Accountability Office (GAO), Director of Contracting and National Security Acquisitions, who appeared last Wednesday before the House Armed Services Subcommittee on Seapower and Projection Forces in a hearing on the shipbuilding challenges facing the U.S. Navy and Coast Guard.

Navy shipbuilding design was a central focus of GAO’s Ms. Oakley’s testimony last week. As she put it, “Improving ship design practices is one step that could help drive different outcomes on ship building programs. As I have testified in the past, both Navy and Coast Guard continue to move into construction before designs are sufficiently mature. That's a consistent pattern and it leads to predictable results -- cost overruns, schedule delays, and performance issues.”

I want to apply those words to the Trump-class BBG(X) battleship, which has been controversial since the President first disclosed it at a Mar-a-Lago press conference last December 22. At that time Trump said, “It's my great honor to announce that I have approved a plan for the Navy to begin the construction of two brand new, very large -- the largest we've ever built -- battleships.”

Taking credit for the idea, Trump said, “It started with me in my first term because I said why aren't we doing battleships like we used to? And these are the best in the world. They'll be the fastest, the biggest and by far -- 100 times more powerful than any battleship ever built.”

Trump went on, “I don't know if anyone's seen Victory at Sea [a famous documentary about World War II naval battles], but it was a classic. They'll [BBG(X) battleships] help maintain American military supremacy, revive the American shipbuilding industry and inspire fear in America's enemies all over the world.”

Trump added, “America's battleships have always been unmistakable symbols of national power. We stopped making them for whatever reason, I don't know.”

At that point, Trump congratulated his Palm Beach neighbor and friend, then-Navy Secretary John Phelan, saying, “He [Phelan] came to me -- the first day we met, he talked about battleships and I said you're absolutely on the right track. He said why are we doing other things?”

Trump continued, “The [BBG(X)] battleships are going to be armed just in terms of guns and missiles at the highest level. They'll also have hypersonic weapons, many hypersonic weapons, state-of-the-art electric railguns and even the high-powered lasers that you've been starting to read about. We have lasers where you aim the laser at a target and it just wipes it out. We're going to have…the most sophisticated laser in the world will be on the battleships that we're building.”

I must note that Navy hypersonic, laser and railgun weapons are still in development.

As if that were not enough, Trump added, “They'll also carry the nuclear arms to launch cruise missiles currently under development, which will be instituted pretty quickly. But they're under development and they've proven to be extremely lethal.”

Then Trump stated, “The U.S. Navy will lead the design of these ships along with me, because I'm a very aesthetic person, alongside our partners in American industry.”

Later, during a February 2026 speech to soldiers at Fort Bragg, Trump said, “The new battleship that we have, which I've seen and helped design. I put a little more spirit in the hull, a little more -- give me a little bit more hull and give me -- I want that ship to look gorgeous.”

Although Trump last December said he had approved “a plan for the Navy to begin the construction” of two BBG(X) battleships, Naval News last week more accurately described that Mar-a-Lago announcement as an “initial concept debut” for the vessels.

Last Tuesday, Navy Secretary Phelan in a keynote speech at the Navy League's Sea-Air-Space conference, opened by saying, “President Trump's Golden Fleet Initiative is not an aspiration. It is the framework by which we deliver decisive maritime power at scale. Under his leadership, we are making a generational investment in American sea power that represents the largest sustained ship building order since FDR urged American industry to build the fleet to win World War II.”

As for the BBG(X) battleships, the first currently set to be named the USS Defiant, Phelan described “Battleship strike groups [that] will offer commanders more war options than what exists in today's fleet.” The new battleship will integrate on board a “staff element for forward command and control, network unmanned systems, layered air and missile defense, directed energy, high-speed long-range strike [that] is designed to operate and prevail across all contested domains. They are built to fight and stay in the fight by sustaining fires, maintaining pressure, and outlasting any adversary.”

“But,” Phelan added, “high-end capability alone does not win wars. Wars are won by forces that can adapt faster than the adversary, that can iterate in real time and scale combat power without delay. That requires a true high-low mix, expanding presence without sacrificing producibility -- new frigates, small surface combatants, and fully integrated unmanned systems.”

On the sidelines of Tuesday’s Navy League Sea Air Space exposition, Phelan confirmed to reporters that the Navy is already in talks with vendors about the BBG(X) design.

“We have been talking to two different vendors as we speak right now,” Phelan said, “and then it’ll be a function of how we get through that design process with them, and then their capacity in their yards, what we think they can do, because we’re looking to really get moving on this and lay the keel in [20]28.”

At a Pentagon background session for reporters on the Navy’s fiscal 2027 budget last Tuesday, Assistant Secretary of the Navy for Budget, Rear Admiral Ben Reynolds laid out just how costly the BBG(X) battleship program will be, starting with research and development (R&D) for the battleship, which is already underway.

“I just want to say that we're already in this year, in [20]26, spending at least $134 million already in R&D for the battleship today,” Reynolds said, “as we try to really tighten and refine the requirements process. And I think we'll likely go to try to put more money into that [R&D] in [20]26 as well.” He later said it could be $100 million to $120 million more this year.

The fiscal 2027 Navy budget for the BBG(X) battleship has an additional $837 million in R&D, plus $1 billion for advanced procurement (AP), which is described as for long-lead materials and design work.

Reynolds said, “I think that the R&D work and AP that we do in [20]27 will be incredibly important. And I think through that very disciplined requirements process and then expanding the way we're building ships, I expect us to be able to start construction [on the first battleship] in [20]28. Remember, it's a battleship. It's a large ship, and so we will start construction in [20]28 and then work in construction through the next few years.”

Over the next five years, according to Reynolds, the Navy expects to spend $3.9 billion for R&D and $43.5 billion for actual shipbuilding, for what’s become a three BBG(X) battleship program. That means each BBG(X) battleship’s costs are expected to be $13 billion-to-$15 billion, roughly equal to each of the next three Ford-class aircraft carriers.

Phalen was fired as Navy Secretary last Wednesday by Defense Secretary Pete Hegseth, with no reason given. President Trump told reporters a day later of Phalen, “He’s a very good man. I really liked him, but he had some conflict, not necessarily with Pete. He’s [Phalen’s] a hard charger, and he had some conflicts with some other people, mostly as to building and buying new ships. I’m very aggressive in the new shipbuilding.”

Politico last week suggested Phalen’s firing was related to his promotion of the Trump-class battleships, because Hegseth and Deputy Defense Secretary Stephen Feinberg wanted “to pivot

toward smaller, cheaper uncrewed ships, according to the two people, who…were granted anonymity to discuss sensitive matters.”

That got me thinking that there are other potential blockages to the BBG(X) battleship moving ahead, starting with the GAO’s Oakley’s testimony to the House subcommittee that “early design work helps you kind of stress out what it is you can and can't do.”

That echoed what the Chief of Navy Operations (CNO) Adm. Daryl Caudle said last week during a session with reporters at the Navy League event. Caudle picked up on the design issue saying that one of the “mistakes that we’ve done before, quite frankly,” is “we’ve started to build before the design is mature enough.” The CNO then added, “And we want to make sure that we’re at [sic] least a very, very high level – I won’t try to give a percentage, but you can think like 80% or more design – before the first weld is done.”

Since BBG(X) design work will continue for at least another two years, my bet is that none of these Trump-class battleships will ever actually be built.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Pyongyang’s Bet: Nuclear Growth and Great Power Support

OPINION – North Korea is building more nuclear weapons and more sophisticated ballistic missiles to target the region and the U.S., while ensuring that they are closely aligned with China and Russia. Basically, North Korean leader Kim Jong Un has given up on the U.S., even if the U.S. relents and accepts North Korea as a nuclear weapons state.

The International Atomic Energy Agency (IAEA) Chief, Rafael Grossi, while on a recent visit to South Korea, said North Korea is boosting its nuclear weapons capability, saying they made “very serious” advances in their nuclear program. He cited their new uranium enrichment facility at the Yongbyon nuclear complex, noting that satellite images were like the images for their uranium enrichment facility in Kangson.

North Korea’s Highly Enriched Uranium (HEU) program goes back to 2000, when the Intelligence Community (IC) assessed – despite press skepticism -- that North Korea had a clandestine HEU program. To this day, North Korea denies having an HEU program for nuclear weapons. And in the failed 2019 Hanoi Summit with President Donald Trump, Mr. Kim refused to include his HEU sites in any agreement with the U.S.

North Korea reportedly has between 50 and 60 nuclear weapons, with enough fissile material – from HEU and Plutonium -- to increase that number to 100 nuclear weapons within the next few years. I – and others who follow North Korea -- believe North Korea can miniaturize and mate these nuclear weapons to the tip of ballistic missiles.

Impressive progress has been made with North Korea’s ballistic missile programs. Recently, they displayed the Hwasong -20, a large, solid fuel, mobile, multiwarhead (MIRV) Intercontinental Ballistic Missile (ICBM) with a range of 15,000 kilometers. This is the latest in an arsenal of over 400 ballistic missiles, from short-range (SRBM) to long-range ICBMs designed for nuclear and conventional warheads. The focus has been on the solid-fuel systems like the KN-23, KN-24, and the KN-25 and the sophisticated ICBMs, like the Hwasong-17 and Hwasong-19.

North Korea’s nuclear doctrine has evolved from no-first use to “automatic” preemptive use of nuclear weapons if its leadership and command systems are under imminent – or perceived to be imminent attack. Their work on hypersonic systems, to defeat missile defense systems – is impressive, as is their progress with cruise and anti-ship missiles.

Pyongyang made sure the world saw Mr. Kim visiting the 5000-ton Choe Hyun-class destroyer, their second destroyer with a third and fourth destroyer under construction. Plans are for North Korea to exponentially increase the number of nuclear-capable destroyers to twelve by 2030, all armed with cruise and tactical ballistic missiles.

It’s not only North Korea’s rush to acquire more nuclear weapons and missiles to potentially target countries in the region and the U.S., or their new preemptive-use doctrine, it is North Korea’s allied relationship with China and Russia that should be of concern. Historically, North Korea has relied on China for its economic survival and Russia, prior to 1991, for assistance with its nuclear and missile programs. But things have changed. North Korea is closer to China than at any time since Mr. Kim took over in 2011. Indeed, the September 2025 visit to Beijing to stand with China’s Xi Jinping and Russia’s Vladimir Putin was the beginning of a new and closer North Korean relationship with China and its leader, Xi Jinping. China’s Foreign Minister Wang Yi’s visit last week to North Korea to meet with Mr. Kim -- and the attention it got from North Korea’s press -- was indicative of that improved relationship.

North Korea’s relationship with Russia over the past few years has progressed rapidly, with a mutual defense treaty and North Korean assistance – troops and munitions -- to Russia for its war with Ukraine and the likely nuclear, missile and satellite assistance North Korea is receiving from Russia.

North Korea now has two permanent members of the United Nations Security Council (UNSC) who will ensure that no further sanctions are imposed on North Korea for their continued violations of UNSC resolutions.

So, in the final analysis, Pyongyang has probably concluded that they don’t need a normal relationship with the U.S. They have China and Russia who provide economic and military support and apparently accept their nuclear status. And Mr. Kim’s global credibility – important to him -- will be derived from a close allied relationship with China and Russia, and their leadership of the Shanghai Cooperation Organization (SCO), the BRICS (Brazil, Russia, India, China, and South Africa), and their appeal to the Global South.

It appears that Mr. Kim is taking advantage of the U.S. war with Iran – and tension with NATO -- to grow his nuclear arsenal, while strengthening his relationship with China and Russia.

Indeed, if the U.S. relents – which North Korea believes is inevitable – and eventually accepts North Korea as a nuclear weapons state, Pyongyang will pocket the win, and use it to get more from his allies, China and Russia.

This column by Cipher Brief Expert Ambassador Joseph DeTrani, was first published in The Washington Times, and is republished with permission from the author.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

America Is Fighting the Wrong Drone War

OPINION – For two decades, U.S. drones hunting terrorists across the mountains of South Asia were the symbol of American military power: precise, lethal, and unmatched. That era is now over. Drones are no longer exquisite tools of counterterrorism and have evolved into something far more common and destabilizing: cheap, expendable, and mass-produced tools of attrition. Despite pioneering the technology, the United States is now poorly positioned for the version that matters most. Critical mass is being replaced by a strategy of 'death by a thousand cuts,' as quantity assumes a quality all of its own.

From Ukraine to the Persian Gulf, and increasingly along America’s own borders, expendable drones are reshaping battlefields and quickly rewriting how modern wars are waged. These platforms aren’t winning wars outright, but they are doing something just as important: straining defenses, exhausting budgets, and outlasting the very systems that were designed to counter them. Right now, the United States is least prepared for that reality, and its adversaries know it.

But two things can be true at once: the United States still leads in advanced conventional military power, and cheap drones aren't necessarily subject to those rules. They don’t need to be sophisticated, just cheap and in constant supply. That alone is enough to upend long-held assumptions about how wars are fought and won. Today, America’s adversaries — state and non-state alike — are using drones more effectively while Washington has yet to fully reckon with what that portends, both in the short and long term.

The new drone war runs on a simple, ruthless logic: cheap beats expensive. Take Iran’s Shahed-136 drones. They are simple by conventional standards—noisy, slow, and not particularly precise—yet brutally effective. Costing as little as $20,000, they are mass-produced for saturation, overwhelming defenses through sheer volume. Each drone forces a response, often with a missile costing over $1 million a piece. Do that math a thousand times, and you don't just have a military problem, but a dealbreaker for almost any defense budget.

This strategy is not incidental but deliberate. It is a calculated campaign of economic exhaustion — and it is working. For Western militaries and for those countries that Western militaries supply with weapons and training, this is not just inefficient but a losing equation.

This is what war looks like in 2026, where outcomes are no longer driven solely by large-scale strikes or which side destroys more targets. Conflicts are shaped by persistence through thousands of small hits that stretch resources, exhaust personnel, and wear down resolve of populations, militaries, and governments. Advantage favors the side that can sustain pressure while forcing the other side into a continuous, costly response day after day.

Ukraine offers the clearest example. Russia has used Iranian-supplied drones and domestically produced variants in relentless attacks against cities and infrastructure. In one recent 24-hour period, nearly a thousand drones were launched alongside cruise missiles. Even when most are shot down, the cumulative effect strains defenses, drains resources, and erodes public confidence. Ukraine, meanwhile, has emerged as one of the world’s most adaptive drone ecosystems, scaling production to tens of thousands of systems a month through a decentralized network of engineers, hobbyists, and 3D-printing workshops.

The same playbook is strangling the Red Sea, where Houthi militia forces have used inexpensive drones to disrupt one of the world’s most critical shipping lanes, forcing commercial vessels to reroute around Africa. The result is imposing billions in added costs on global supply chains, all driven by weapons that cost a fraction of the disruption they cause. Powerful nation-states are slowly waking up to the reality that well-trained and well-resourced non-state actors can consistently disrupt the global economy.

A quieter but equally dangerous version of this dynamic is also playing out along the Afghanistan-Pakistan border. The Afghan Taliban and Tehrik-e-Taliban Pakistan (TTP) are using off-the-shelf drones—some costing just a few thousand dollars—for surveillance and limited strikes. Pakistan’s cross-border operations have led to civilian casualties, hardening what began as localized tensions into a steady back-and-forth with both sides testing limits without tipping into full-scale war. Terrorist groups have adapted just as quickly, with ISIS and al-Qaeda affiliates now routinely modifying commercial drones for surveillance and attacks. In doing so, they have gained capabilities and reach they never had before.

Worryingly, the same trend is now visible much closer to home. Mexican cartels and criminal networks are operating drones along the U.S. border at a scale that would have seemed unthinkable a decade ago — for surveillance, tracking law enforcement, smuggling, and increasingly, attacks. More than 30,000 drone incursions were recorded in 2025 alone, including cases involving explosives. In one incident, a drone struck a government building in Tijuana, just miles from California.

The line between foreign battlefield and domestic threat has not just collapsed but has exposed where the United States is least prepared. The uncomfortable truth is that the United States is exquisitely prepared for a war no adversary wants to fight. The Pentagon has spent decades and trillions of dollars optimizing for high-end conflict —the kind built around stealth platforms, precision strikes, and overwhelming technological advantage. But that model assumes short wars, finite adversaries, and dominance through superiority. Cheap drones are invalidating all three assumptions in real time.

That mismatch is increasingly out of step with the wars America is actually facing. China is already moving aggressively in the opposite direction, pursuing a program to field one million tactical drones, while the United States procured roughly 50,000 in 2025 and plans another 200,000 by 2027. At the same time, the economics of defense are becoming harder to ignore. In the early days of the Iran conflict, the United States reportedly spent billions of dollars on interceptor systems in a matter of days. Against adversaries deploying drones that cost a fraction of that, the math is dangerously unfavorable.

Getting serious about this will require more than small adjustments.

First, the United States must treat low-cost, expendable drones not as a supplement but as a core element of how it fights. Quantity has a quality all of its own. Having enough systems matters just as much as having the best ones. The hard reality is that while the United States is not being outmatched technologically, it is still playing a game its adversaries have already changed.

The good news is that the Pentagon’s new $1 billion Drone Dominance program is a step in the right direction aimed at rapidly fielding tens of thousands of low-cost, one-way attack drones. So is the new training for force-on-force drone warfare, where autonomous systems engage each other directly. The U.S. defense budget may also allocate around $7.5 billion toward counter-drone systems in 2026, a belated recognition of just how costly it is to play defense in a war of attrition that adversaries are deliberately engineering.

These are the right instincts, because real competition is no longer about who has the most advanced platforms, but who can produce systems faster and cheaper. Iran’s effective use of low-cost drones to wreak havoc across the Gulf and to pressure the world's strongest military will only guarantee other countries to follow suit, accelerating efforts to develop their own indigenous drone manufacturing programs.

Second, defense ought to become cheaper than offense. Destroying a $20,000 drone with a million-dollar missile cedes the advantage to adversaries by design. Investments in systems like high-power lasers, electronic jammers, and autonomous counter-drone networks are essential if the economics of defense are to make sense again.

Third, the Pentagon must rethink how it buys and builds. The current development cycles measured in years are fundamentally mismatched against adversaries who adapt in days. That means opening the door to smaller manufacturers and startups, leveraging commercial technology, and accepting systems that are “good enough” if they are available at scale when needed. The LUCAS drone - based on the Shahed-136 design, developed by an Arizona startup, and fielded in roughly seven months - shows what is possible when the system moves at the speed of the threat. Such a shift will be uncomfortable for a defense community built around precision and quality, but the alternative is worse.

The United States invented this weapon and turned it into a defining counterterrorism tool. But that advantage is now moot. The technology has diffused and been successfully repurposed by a wide range of actors. The speed of this shift leaves little room for a slow response, with every year spent preparing for the last war only handing the advantage to those fighting the one today.

What is unfolding reflects a broader shift in the changing character of warfare, one that rewards volume over precision, staying power over firepower, and speed over perfection. In this kind of accelerated technological Darwinism, victory will be claimed by those who can sustain pressure, adapt quickly, and outlast their adversary.

Right now, even under the most optimistic scenario, the United States is at a serious disadvantage. Until it adjusts to that reality, it will keep fighting on terms set by others while absorbing costs it cannot afford to bear. This is a competition America cannot afford to lose.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Dangerous Trade of State Secrets

At just after 2 a.m. on January 3, explosions echoed across Caracas. Low-flying aircraft struck military installations. Venezuelan President Nicolás Maduro and his wife were seized by U.S. forces and taken into custody to face narco-terrorism charges.

Mere hours before President Trump announced the operation on Truth Social, a newly created Polymarket account had quietly staked just over $32,000 on Maduro’s exit from power by the end of January. When the news broke, that position paid out $436,759 — a return of more than 1,200 percent in under 24 hours, on an event Polymarket itself had been pricing at roughly 5 to 7 percent odds for weeks. The account had been created less than a week before the operation and had placed bets on only one subject: Maduro’s removal.

Nearly four months later, U.S. Army Special Forces Master Sgt. Gannon Ken Van Dyke is scheduled to be arraigned on Tuesday in the Southern District of New York, where he’s facing charges associated with wire fraud, conspiracy and misuse of national defense information. Neither Van Dyke or his attorney have yet issued a statement, though he is expected to enter a plea in court on Tuesday.

This isn’t the first time something like this has happened. On February 12, an indictment unsealed in Tel Aviv read like something from a different era of espionage — only instead of dead drops and clandestine meetings, the alleged method of exploitation was a cryptocurrency wallet and a prediction market website. An Israeli military reservist and a civilian were charged with placing bets on the online betting site Polymarket regarding the timing of military operations, based on classified information the reservist had accessed by virtue of his military duties.

The investigation, conducted jointly by Israel’s Shin Bet domestic security agency, the Defense Ministry, and the Israel Police, resulted in the arrests of several suspects and was widely believed to be the first public case stemming from classified operational intelligence being used to trade on a prediction market in a kinetic combat environment.

Sixteen days after the bet was made, on February 28, the United States and Israel launched coordinated strikes against Iran under what the Pentagon designated Operation Epic Fury. Before the first explosions were reported in Tehran, on-chain analytics firm Bubblemaps had already flagged six wallets that walked away with roughly $1 million in combined profit on the Polymarket contract “US strikes Iran by February 28, 2026?” Officials say most accounts were funded and activated within 24 hours of the strikes, all concentrated on the same date-specific contract, and all with no prior trading history.

The largest single wallet turned a roughly $61,000 position into a profit of over $493,000. The account bought 560,680 “yes” shares at about 10.8 cents each, when the odds were still at just 17 percent. and walked away with nearly half a million dollars once the contract was resolved. The Iran war-related contracts had, by that point, generated approximately $529 million in total trading volume on the timing-of-attack markets alone, with another $45 million wagered on the single largest contract tied to Supreme Leader Ayatollah Ali Khamenei.

JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief this pattern “has crossed the threshold into a documented, operational counterintelligence vulnerability.”

“Every time a government or military insider places a pre-operational bet, they are effectively broadcasting classified foreknowledge into a public, blockchain-transparent ledger,” he cautions.

This is no longer a story about gambling. It is a counterintelligence crisis.

A new vector for secrets

Polymarket said it reported suspicious trading in the case involving Van Dyke to law enforcement and that it is cooperating with investigators, while stressing that its rules prohibit trading on material nonpublic information.

Online betting outlets work like a stock exchange for real-world outcomes. Users buy and sell shares tied to whether a given event will happen, with prices shifting in real time as new information enters the market. Its founder and CEO, Shayne Coplan, has been unapologetic about the role of informed traders, insisting that insiders “having an edge in the market is a good thing” because it surfaces accurate predictions faster.

That framing might be defensible when applied to corporate earnings or box office projections, but does it hold when the underlying event is a military strike and the “informed trader” holds a security clearance?

The structural problem is not incidental to Polymarket’s design; it is embedded in it. While rival platform Kalshi is regulated by the Commodity Futures Trading Commission and bans contracts involving wars, terrorism, and assassinations, Polymarket has operated an overseas exchange outside the reach of U.S. authorities. That offshore structure has made it a magnet for the most controversial types of prediction-market wagers.

Users in the United States accessed the platform through virtual private networks that masked their identities, and transactions settled in cryptocurrency — pseudonymous, borderless, and largely resistant to subpoena.

Stephen Piepgrass, a regulatory attorney at Troutman Pepper Locke focused on financial enforcement, tells The Cipher Brief that the platform’s design features are precisely what make it so difficult to police.

“The prediction markets are thriving in part because they permit the use of anonymous accounts, allow trading using cryptocurrency, and do not require geofencing,” he explains. “To date, these have been features, not bugs, of this growing market. But these same factors make policing the markets challenging, if not impossible.”

The Israeli case made explicit what many in intelligence circles had long suspected. A senior Israeli source involved in the details of the affair said it would “cause an earthquake,” describing it as “a serious security scandal in which those involved are suspected of committing acts for the sake of money”.

The adversarial intelligence problem

The danger does not run only from insider to market. It runs in the other direction, too. Dennis Kelleher, a financial reform advocate with deep expertise in derivatives regulation, points out that U.S. adversaries already have both the motive and the means to exploit these markets as a live intelligence feed.

“U.S. adversaries can use event contracts on geopolitical events to try to determine if the U.S. is going to undertake an action against their country,” he tells The Cipher Brief. “They can go on prediction market platforms and see the baseline of activity on these event contracts and then monitor for any unusual activity, which could be a spike in activity or a newly opened account that places a large bet in the midst of reporting on a possible action. That could easily tip off an adversary that insiders who know what is going to happen are the ones driving the activity.”

Castellanos echoes the assessment, noting that foreign intelligence services like Russia’s Foreign Intelligence Service and China’s Ministry of State Security are almost certainly already doing exactly that.

A sudden price spike on a “U.S. strikes Iran by a certain date” contract three hours before an operation, he contends, carries actionable intelligence value, potentially providing warning time to Iranian partners or informing Russian diplomatic positioning.

The manipulation vector runs in the opposite direction as well. Kelleher warns that adversaries could just as easily use these markets offensively, placing large bets to manufacture the appearance of insider knowledge and sowing anxiety without firing a shot.

Piepgrass offers a concrete example.

“An adversary could create a new account and place a large bet around, for example, a major regional power grid going down,” he notes. “If U.S. intelligence monitors the markets and believes an attack on the grid is imminent, it could divert resources and focus to that area, leaving the actual target more vulnerable.”

On March 10, Times of Israel military correspondent Emanuel Fabian reported that an Iranian missile had struck an open area outside Beit Shemesh. The attack caused no reported casualties but what Fabian didn’t know at the time was that his dispatch had become the resolution trigger for a Polymarket contract with more than $14 million wagered on whether Iran would strike Israel that day.

What followed was a pressure campaign: emails, WhatsApp messages, fabricated legal threats, and eventually death threats from users who had lost positions worth an estimated $900,000. Some of them demanded he rewrite his reporting. Polymarket condemned the harassment, banned the accounts involved, and said it was cooperating with authorities.

What the episode made plain was something Polymarket’s defenders had not seriously reckoned with: that contracts carrying enough money can turn journalists into targets, with their reporting becoming leverage in someone else’s financial bet.

Matthew Wein, a national security analyst who has studied prediction markets and insider threat dynamics, tells The Cipher Brief that the risk of foreign manipulation is real and relatively easy to execute.

“For a relatively cheap level of investment, an adversary could buy up the price of a certain market to drive news coverage of the change in price or probability,” he says. “Given news organizations’ agreements with prediction markets, the ability to change the narrative of a given news story seems relatively easy.”

Washington moves — slowly

Congress has begun to stir. Federal officials, political appointees, and executive branch staff would be barred from trading event contracts tied to government policy based on nonpublic information under a bill introduced by Representative Ritchie Torres in the House.

Senator Adam Schiff and Representative Mike Levin jointly introduced the DEATH BETS Act on March 10, which would explicitly prohibit any CFTC-registered exchange from listing event contracts referencing terrorism, assassination, war, or an individual’s death.

That same day, Senator Richard Blumenthal introduced the Prediction Markets Security and Integrity Act to address fraud, insider trading, and broader market manipulation. Then, on March 17, Senator Chris Murphy and Representative Greg Casar introduced the BETS OFF Act, which would ban trades on war, terrorism, assassination, non-financial government actions, and events where someone controls or knows the outcome in advance. Senator Blumenthal put it directly, stating that “prediction markets have become a haven for insider trading, market manipulation, and underage gambling” and that these “billion-dollar businesses are turning war into a casino game.”

Yet the legislative momentum faces structural headwinds. Donald Trump Jr. is an adviser to Polymarket, and his venture capital firm 1789 Capital has invested millions in the company. The Trump administration dropped two federal investigations into the platform — one civil, one criminal — that were opened under former President Joe Biden. By November 25, 2025, Polymarket had its CFTC designation in hand, cleared to run a fully regulated United States exchange. Come February 2026, the company was being valued at $9 billion. Three months later, on February 25, the CFTC’s enforcement division issued a public advisory reminding markets that it has full authority to pursue illegal trading practices on any designated contract market — including prediction platforms.

Still, legal analysts note that how insider trading rules apply in practice, particularly to offshore platforms beyond the agency’s direct reach, remains dangerously unresolved.

Matt Motta, a policy expert who has studied the legislative proposals, tells The Cipher Brief that both the Public Integrity Act and the DEATH BETS Act are necessary but insufficient.

“I think we can do more,” he asserts. “Only regular audits of prediction market transaction reports can allow government regulators to survey the full scope of trading on political markets, and assess how those transactions might impact national security.”

The definitional problem compounds the enforcement gap. Piepgrass notes that the Commodity Exchange Act prohibits prediction contracts related to terrorism, assassination, and war — yet those concepts resist precise legal definition.

“The last time Congress formally declared war was during World War II,” he points out. “Is removing a head of state, like Maduro, a form of war? How about the action in Iran?”

Kelleher is more direct about where the fault lies.

“Current law could be sufficient to address these risks from U.S.-based bettors if the law were actually aggressively enforced,” he explains. “However, the administration generally and the CFTC in particular refuse to enforce the law and are cheerleaders for the prediction market industry.”

When asked what it would actually take for Washington to close that gap, Castellanos is blunt.

“The legislative package is a necessary first step and will deter the unsophisticated opportunist,” he adds. “It will not deter the deliberate foreign asset, the sophisticated contractor insider, or the allied military officer.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Half Measures and Maximum Risk in Iran

OPINION – Over the past month, U.S. and Israeli operations have killed Iran’s senior leadership, destroyed over 155 naval vessels and roughly 300 ballistic missile launchers, and degraded elements of Iran’s nuclear infrastructure. But scorch marks and craters do not equal a strategic victory.

Operation Epic Fury’s initially stated goals were sweeping and maximalist: to fully destroy Iran’s nuclear infrastructure, missile forces, navy, Iranian Revolutionary Guard Corps, and proxy networks. Yet in pursuing these objectives, the Trump administration has constrained itself to accommodate political realities, employing means short of the full-scale occupation typically required to secure such objectives. The problem is compounded by a second, related challenge: even when strikes appear successful, the United States has limited ability to verify whether its objectives have actually been achieved.

This dynamic, of seeking maximalist ends with politically constrained means, creates a strategic tension that precision strikes can’t resolve. While B-2s and Tomahawks can destroy targets, ensuring the dismantlement of a nation’s military capacity has historically required forms of commitment that Washington is reluctant to undertake.

Understandably, Washington appears unwilling to occupy territory in order to follow through completely on its stated aims. The Trump administration, perhaps emboldened by its easy victory in Iran last June, and Venezuela this January, has walked into a trap of its own making. As history shows, half-measures deployed in service of total victory have often proven disastrous — perpetuating conflict, resolving little.

The verification problem

Through the first month of Epic Fury, the U.S. and Israel have conducted thousands of strikes, all geared toward addressing the operation’s stated end goal. Reports suggest that these attacks have been tactically effective, degrading various forms of Iranian nuclear and military infrastructure. But assessing the true damage, and the irreversibility of that damage, presents a logistical problem that remote methods can’t solve.

The U.S. is equipped with the world’s most sophisticated surveillance architecture. America’s toolbox of satellites, drones, and artificial intelligence allow for rapid assessment of the battlespace and the damage wrought. This sophisticated surveillance architecture paints a flattering picture of objectives nearly or fully achieved, but the actual picture remains incomplete.

Remote surveillance cannot determine whether underground nuclear facilities were destroyed; whether mobile missile launchers survived; whether covert logistics chains still flow; and whether proxy militias remain operational. To truly gauge the effectiveness of Epic Fury, the United States would need to inspect tunnels and warehouses, rooting out hidden stockpiles and underground enrichment facilities - feats that can’t be accomplished from afar. Even under the 2015 nuclear deal, the Joint Comprehensive Plan of Action, verification depended on intrusive, on-the-ground inspections, underscoring the limits of remote surveillance in dismantling complex programs.

Battle damage assessment (BDA), which is used to gauge the effectiveness of Epic Fury, measures only the visible destruction at the point of impact but offers limited insight into the resilience of the targeted system. A crater where a nuclear enrichment facility once stood is an encouraging piece of intelligence. But it leaves questions unanswered, like whether critical components from that facility were moved before the strike, or whether redundant systems exist elsewhere, or whether the brainpower that animated the facility lives on.

The limits of BDA are especially present against Iran, which has spent years hardening and dispersing its military infrastructure in preparation for this long-anticipated attack, all in the hopes of remaining intact enough to regenerate.

The tension at play in Epic Fury - between ambitious objectives, constrained means, and limited visibility - has been present in past U.S. conflicts. After Operation Desert Storm, in which President George H.W. Bush stopped short of wreaking total destruction on Saddam’s regime, Washington believed that Iraq’s military capability had been crippled. But uncertainty persisted, resulting in a long standoff, which finally culminated with the disastrous 2003 invasion.

Afghanistan is also instructive. During Operation Enduring Freedom, the U.S. shifted from airstrikes and special forces to a strategy deeply invested in remote counterterrorism. This limited, drone-dependent remote presence failed to eliminate militant groups who were mobile and embedded. The result was a two-decade resource drain, America’s longest war, which ultimately failed to achieve its objectives and concluded with the resurgence of the Taliban.

The takeaway, from both Iran and Afghanistan, is that half measures don’t work for maximalist strategic goals. The lesson, which should have been applied to Epic Fury, is not that the U.S. should have committed more force, but that it should adjust its objectives to the resources it is willing to commit - before the first Tomahawk is ever launched.

Yet, through the opening month of Operation Epic Fury, Washington appears on the verge of repeating its familiar, post-Cold War pattern of half measures. The administration’s sweeping aims - to dismantle Iran’s nuclear program, missile production, IRGC, proxy networks, and navy - are not achievable or verifiable under the constraints Washington has (correctly) imposed on the campaign.

The current methods deployed against Iran threaten to leave behind persistent strategic ambiguity. Without physical verifications, Iran may well retain, or quickly replenish, the missiles and drones and fissile material that inspired Epic Fury in the first place, which in turn could inspire a lingering half-measured U.S. commitment.

In other words, Epic Fury could lock the United States into a repetitive cycle of sporadic violence (what the Israelis call “mowing the lawn”), with each round triggered by signs that Iran is regenerating capabilities that were never fully eliminated. The prospect of a third 21st century quagmire should give warplanners pause - especially given the uncertain strategic value of Epic Fury itself.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Pentagon’s $54 Billion Bet on Autonomous Warfare

OPINION — The Department of Defense does not always announce structural shifts loudly; often, it buries them in the dense columns of budget lines where only the most attentive analysts can find the seismic activity. The $1.5 trillion FY2027 spending proposal contains exactly such a shift, a profound and subtle transformation that effectively reorders the American approach to conflict. Central to this plan is the Departmental Autonomous Warfighting Group (DAWG), an organization established late last year with a modest budget of $225 million. For the 2027 fiscal year, the Pentagon has requested $54.6 billion for this organization, representing a staggering 24,166% increase in funding; that single line accounts for nearly 15 percent of the total reconciliation and exceeds the gross domestic product of many small nations and is higher than the entire budget request for the US Marine Corps of $52.8 billion.

Internal documents indicate the intent to transform the group into a unified combatant command, a joint entity that would coordinate drone, aircraft, and vessel operations across all warfighting domains. This shift mirrors previous military evolutions, specifically the establishment of Space Command in 2019 and the elevation of Cyber Command in 2017. Historically, Congress has authorized these specialized commands when fragmented service approaches created redundancy or dangerous gaps; the same logic applies here. By consolidating these capabilities, Secretary of War Pete Hegsethwants to streamline the development of autonomous systems, ensuring the service branches do not pursue conflicting tactical goals or incompatible technical standards.

The reflects the hard lessons learned in modern conflicts, particularly the ongoing struggles in Ukraine and Iran. CTO Emil Michael has observed that these wars routinely involve thousands of low cost systems engaging against each other in highly contested environments. To maintain a competitive edge, the Pentagon launched the Replicator program with the ambitious goal to deploy hundreds of thousands of one way attack drones by 2028. However, early efforts faced substantial hurdles regarding hardware reliability and supply chain bottlenecks that delayed delivery targets. These shortcomings led to a fundamental realization within the leadership: hardware is secondary to the AI software that drives it.

The current strategy treats artificial intelligence and physical autonomy as a tandem force, where the software is the primary strategic asset. This perspective has created a unique friction point between the Department of War and the private sector, specifically with Anthropic. While the military requires flexible, decisive models for high stakes environments, Anthropic has maintained strict red lines regarding the use of its Claude model. This impasse prompted the Department of War to designate certain domestic AI firms as supply chain risks, a move that highlights the growing chasm between Silicon Valley and national security. If a model is too restricted to perform in a combat environment, it becomes a liability rather than an asset.

The policy landscape remains contentious as Congress prepares the next National Defense Authorization Act. While the technological advantages are evident, the legislative challenges are substantial. Armed Services Committee leaders like Senator Roger Wicker and Representative Mike Rogers have cautioned against making such massive structural shifts without a clear strategy that accounts for ethical and operational oversight. They have drawn clear lines on executive branch activism regarding autonomy, requiring that any major push receives rigorous scrutiny. Representative Rob Wittman has echoed these concerns, noting that while the military must move fast, it cannot afford to abandon the principles of accountability that define American governance.

Internationally, the pressure is even more pronounced. Recently, 156 nations supported a United Nations General Assembly resolution expressing deep concern over the risks of an autonomous arms race. These nations fear that removing humans from the loop will lower the threshold for conflict and lead to unpredictable escalations. The United States was among the minority that declined to support the resolution, citing the necessity of maintaining a technological lead against competitors like China and Russia who are pursuing their own autonomous capabilities with little regard for international norms. Current U.S. policy prohibits the employment of lethal autonomous systems without senior official approval, but critics argue this is a temporary safeguard that could easily be swept away by the speed of machine warfare.

History suggests that as technical capabilities drift, legal frameworks must evolve to provide clear definitions of what constitutes an autonomous weapon. The transition to a unified command for autonomy is not merely a budgetary or structural change; it is a recognition that the nature of power has shifted from physical platforms to the cognitive software that controls them. Failing to adapt to this reality would leave the United States holding an expensive, manned fleet in an age of attritable, intelligent swarms. The window for this transformation is closing, and the FY2027 budget request is the most significant signal yet that the Pentagon is ready to step through it.

Success will depend on more than just the $54.6 billion requested; it will require a new type of coordination between the warriors who fight and the engineers who build the tools. As the Department of War navigates the friction with firms like Anthropic and the skepticism on Capitol Hill, it must articulate a vision where autonomy enhances human judgment rather than replaces it. If they succeed, the 12th Unified Command will become the backbone of American security for the next century; if they fail, the machines will indeed be at the helm, but we may not like where they are steering us.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Anthropic Mythos - We’ve Opened Pandora's Box

EXPERT OPINION -- For a decade the cybersecurity community was predicting a cyber apocalypse tied to a single event - the day a Cryptographically Relevant Quantum Computer could run Shor’s algorithm and break the public-key cryptography systems most of the internet runs on. We braced for a one-time shock we would absorb and adapt to. The National Institute for Standards and Technology (NIST) has already published standards for the first set of post-quantum cryptography codes.

It’s possible that the first cybersecurity apocalypse may have come early. Anthropic Mythos now tilts the odds in the cybersecurity arms race in favor of attackers - and the math of why it tilts, and how long it stays tilted, is different from anything our institutions were built to handle.

In 2013, Edward Snowden changed what people understood about nation-state cyber capabilities. In the decade that followed disclosures and leaks of nation state cyber tools reduced uncertainty and accelerated the diffusion of cyber tradecraft.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

The defensive playbook that followed - compartmentalization, need-to-know, leak-surface reduction, clearance reform, “worked” because the Snowden leaks and those that followed were one-time disclosures, absorbed over a decade, with the system returning to something like equilibrium.

We got good at responding to the shocks of disclosures. It became doctrine. It was the right doctrine for the wrong future.

Pandora's Box

In 2026, Anthropic Mythos (and similar AI systems) is changing what people can do. Mythos found Zero-day vulnerabilities and thousands of “bugs” that were not publicly known to exist (a must read article here.) Many of these were not just run-of-the-mill stack-smashing exploits but sophisticated attacks that required exploiting subtle race conditions, KASLR (Kernel Address Space Layout Randomization) bypasses, memory corruption vulnerabilities and logic flaws in cryptographic libraries in cryptography libraries, and bugs in TLS, AES-GCM, and SSH.

The reality is a number of these were not “bugs.” There were nation-state exploits built over decades.

What this means is that Anthropic Mythos, and the tools that will certainly follow, has exposed hacking tools previously only available to nation-states and transformed into tools that Script Kiddies will have within a few months (and certainly within a year.) No expertise will be required to apply that tradecraft, compressing both the learning curve and the execution barrier.

All Government’s Will Scramble

When Mythos-class systems are used to analyze the code in critical infrastructure and systems, the hidden sophisticated zero-day exploits that are already in use, (including ones nation-states have been sitting on for years) will be found and patched. That means intelligence agency sources of how to collect information will go dark as companies and governments patch these vulnerabilities.

Every serious intelligence service will scramble, likely with their own AI, to find new access before the visibility gap costs them something they cannot replace. A new generation of AI-driven exploits will rise to replace the ones that have been burned.This will build an arms race with a new generation of AI-driven cyber exploits looking to replace the ones that have been discovered. Whichever side sustains faster AI adoption - not just “procures” it, but ships it into operational systems, holds a widening advantage measured in powers of two every four months.

The binding constraint is not budget. Not authority. Not access to models. It is institutional capacity for change - the rate at which a defender organization can actually change what it deploys.

The Long Tail Will Not Be Patched

Anthropic has given companies early access to secure the world’s most critical software. That will help Fortune 100 companies. But the Fortune 100 is not just a small part of the software attack surface.

The attack surface includes the unpatched county water utility, the regional hospital, the third-tier defense supplier, the school district, the state Department of Motor Vehicles, the municipal 911 system, and the small-town electric co-op. Tens of thousands of systems running software nobody has time to patch, maintained by teams that have never heard of KASLR.

Every one of those systems is now exposed to nation-state-grade tradecraft, wielded by attackers with no expertise required. Mythos-class hardening at the top of the pyramid does not trickle down. The long tail will stay unpatched for years.

Attackers Advantage - For Now

Under continuous exponential growth of AI designed cyberattacks, a cyber defender using traditional tools can't just respond just once and stabilize their systems. They’ll need to keep investing at a rate that matches the offense's growth rate itself. A one-time defensive shock like compartmentalization might work against a sudden attack, but it will fail against sustained exponential pressure because there's no stable equilibrium to return to. The defender's investment rate has to track the offense's growth rate.

Ultimately and hopefully, the next generation of AI driven cyber-defense tools will create a new equilibrium.

What We Need to Do

Mythos and its follow-ons will change how we think about cyber-defense. We can’t just build a set of features to catch every exploit x or y. We need to build cyber systems that can maintain or exceed the capability rate of the attackers.

Here are the three tools governments and cyber defense companies need to build now:

Measure the Gap Between Attackers and Defenders. We need to know the gap between what the attackers can do and what we can defend against. We need to develop instrumented red/blue exercises (a simulation of a cyberattack, where two teams – the red team and the blue team – are pitted against each other) to estimate the number of new vulnerabilities vs cyber defense mitigation. (This can be built in six months, with a small team.)
Measure the Defender Response Time. For each corporate or government mission system, measure how long it takes to implement a change from identification to production deployment. Treat each organizational obstacle as equivalent to technical debt that needs to be remediated.
Specify Speed, Not Features. Any new Cyber Defense tools and architecture - including the next-generation cloud-native systems sitting in review right now - should have explicit ‘rate’ requirements. Claims of “our product delivers X capability is now the wrong specification. “Closes detection gap at rate greater than or equal to the offense growth rate” is the right one.

Buckle up. It's going to be a wild ride - for companies, for defense and for government agencies.

Mythos is a sea change. It requires a different response than what the current cyber security ecosystem was built for, and one the current system is not built to produce. We are not behind yet. The gap between Mythos and what we can build to defend is small enough today that a serious response can still match it. A year from now, the same response will be eight times too slow. Two years, sixty-four.

By the way, the only thing left in Pandora’s Box was hope.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

America’s Cyber Strategy Has a Budget Problem

OPINION – The threat from cyberattacks has never been more acute, but there is reason to worry America is not rising to the challenge. It is not the lack of a cybersecurity strategy, but rather a growing gap between what the United States says and what it is willing to fund. The Trump administration’s latest budget proposal makes that gap impossible to ignore.

At the center of the proposal is a $707 million reduction to the Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s primary civilian cybersecurity body. The request would bring CISA’s budget down to just over $2 billion. That’s well below the roughly $2.6 billion Congress had been prepared — on a bipartisan level — to provide to the agency prior to the partisan blow up over the Department of Homeland Security’s budget because of a dispute over immigration enforcement.

Over the past year, the agency has already been weakened by layoffs and reduced support for state and local cybersecurity efforts. The new budget would accelerate that trend. The administration has framed the cuts as a refocusing of CISA on its “core mission,” shuttering supposedly unnecessary initiatives like the Stakeholder Engagement Division. But the reality is that modern cybersecurity does not operate in a vacuum. Defending critical infrastructure — energy grids, transportation systems, water utilities, and telecommunications networks — depends on constant coordination with state and local governments, private sector operators, and international partners. Dismantling the very offices designed to enable that coordination undermines the mission the budget claims to prioritize.

At the same time, the broader federal cyber ecosystem is also being thinned. The Office of the National Cyber Director would see a $3 million reduction in funding. The State Department’s cyber apparatus has been reorganized in ways that risk diluting its effectiveness. The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response would see budget $40 million below FY25 enacted levels of $200 million. And there has been a noticeable pullback in engagement with the private sector and international cyber community — two pillars of any credible cyber defense strategy.

The contradiction becomes even clearer when viewed against the broader threat environment. The United States faces sustained cyber pressure from sophisticated adversaries, including China, Russia, Iran, and North Korea. These actors are not just targeting federal systems; they are probing the connective tissue of American society – ports, pipelines, hospitals, and supply chains. Many of these systems are owned and operated by the private sector or local entities that rely on federal support, guidance, and information sharing to defend themselves.

To be clear, not every line in the budget moves in the wrong direction. There is a modest $15 million increase proposed for Treasury’s “critical cyber capabilities, sanctions targeting, and combatting illicit financial activity.” State Department funding to improve its own IT infrastructure would also see a slight boost. These are useful investments, but they are not substitutes for a coherent, whole-of-government approach.

The most striking aspect of this budget is how misaligned it is with widely accepted cybersecurity priorities. For years, policymakers from both parties have emphasized the need for stronger public-private collaboration, improved information sharing, and deeper international partnerships. Yet, the proposed cuts target precisely those functions.

This raises a more fundamental question: what is the administration’s theory of cyber defense?

If the goal is to reduce federal overreach, that is a legitimate policy debate. But the current approach does not simply scale back — it selectively removes the connective infrastructure that enables decentralized defense to work. Without federal coordination, the burden shifts to actors who often lack the resources, visibility, or expertise to manage nation state cyber threats on their own.

Congress has seen this dynamic before. In prior budget cycles, lawmakers from both parties rejected proposals to significantly cut cyber funding, recognizing the mismatch between rising threats and reduced investment. There is little reason to believe the underlying risk calculus has changed. If anything, it has intensified.

The United States is entering a period of heightened geopolitical tension, where cyber operations are increasingly integrated into broader military and economic strategies. In this environment, underinvesting in civilian cyber defense is not a cost-saving measure — it is a strategic liability.

A credible cybersecurity strategy requires more than strong rhetoric. It requires sustained investment in the institutions, partnerships, and capabilities that make defense possible. Right now, the budget and the strategy are moving in opposite directions. Congress should close that gap.

Jiwon Ma is the senior policy analyst at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation, where she contributes to the work of CSC 2.0.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Extremist Groups Are Sharing a Global Media Strategy

OPINION — In the private sector, we analyze competitors to understand where they excel, so we can improve our approach. With this same mindset, I reviewed how 15 adversarial groups utilize media to communicate locally and internationally.

The headline is that the groups, ranging from Al-Shabaab to ISIS-K to Hezbollah, are clearly learning from each other, leading to an informal universal playbook that is consistent across the groups.

This is quite similar to the private sector where innovation is more of an iterative race. We have a tendency to copy what works.

Let’s take a look at these common behaviors by separating them into media strategy and narrative style.

Media Strategy

Telegram is home base. It is the top distribution channel for a reason. Telegram offers broadcast channels with no limit on subscribers, bots for automation, end-to-end encrypted direct messages, minimal content moderation and easy migration after bans via invite links. Narratives often start in Telegram, then content is fed to other platforms.

Each group has a similar distribution strategy that anticipates content takedowns. Groups distribute content, on average, across 3-7 platforms simultaneously. Knowing takedowns will occur, they also upload content to Archive.org, which serves as a holding tank. If content goes down on a social channel, it can be re-uploaded from Archive.org. An example of a media mix may include Telegram, Facebook, TikTok, Element and Archive.org.

A two-tier distribution system. All groups have two-tier distribution – their official channels for direct distribution and unofficial channels for supporters/surrogates (TikTok, Instagram, YouTube) to reshare and amplify content. The supporters help groups maintain a presence despite official account bans. Platform policies have difficulties proactively monitoring and patrolling the surrogate amplification layer.

Enforcement leads to migration. Each group pre-positions on other channels, e.g., Rocket.Chat, Element and Session so they can more easily activate a pre-existing presence in alternative channels or they move to new channels beyond the reach of platform moderation, such as satellite TV (Hezbollah, Houthis) and physical offline media (JI, Boko Haram).

Narrative Style

Groups are expert at establishing a false narrative frame. It is standing protocol to exploit major geopolitical events by immediately inserting their narrative within hours. If they conduct this type of “narrative jacking” within 2-4 hours of the incident they have a chance to lead the first wave of interpretation before mainstream media establishes the dominant frame.

Video accelerates attack claims. Every group releases an official video within hours of any attack. Pre-produced, officially branded with logos, released to Telegram first. Sets the frame and it is often more emotional.

Expertise in parallel audience messaging. The local message is in local language and often focuses on governance legitimacy or grievance. The international message focuses on solidarity, victimhood and humanitarian framing. Dual-narrative analysis will be more instructive than tracking either alone.

Ability to reframe civilian imagery. The footage is often authentic. The deception is in the attribution, the framing, or the claimed scale.

Grievance amplification is a gateway to radicalization. Media strategy often begins by amplifying legitimate grievance – real injustices, real conflicts, civilian suffering. Extreme content gets layered on top over time, and because the foundation is real, platform policies usually don’t flag it.

Overall, if we understand how groups learn from each other, it improves our ability to identify which media, technology and AI trends are being utilized by any of the groups. We know that what breaks new ground will be analyzed and implemented as quickly as possible.

The implication for any counter-messaging team is practical. Watching one group’s innovation is watching all fifteen. The right question to ask inside your own operation is whether you are monitoring the first mover in the playbook — not just the group on your assigned target list.

Note: the groups analyzed include ISIS, Al-Qaeda, Al-Shabaab, Boko Haram/ISWAP, Taliban, Hay’at Tahrir al-Sham, Hezbollah, Hamas, Tehrik-i-Taliban Pakistan, AQAP, ISIS-K, Jemaah Islamiyah, Abu Sayyaf Group, Jaish-e-Mohammed/Lashkar-e-Taiba, Houthis.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Pakistan: Broker of Peace While Still at War

Just a few weeks ago, Pakistan, the host for fragile ceasefire talks aiming to end the war between the U.S. and Iran, was at war with Afghanistan in what has been described as the worst conflict between the two countries in years.

A ceasefire between Pakistan and Afghanistan that was scheduled to run from midnight March 19 to midnight March 24 - and brokered at the request of Saudi Arabia, Qatar, and Turkey - offered the first lull in nearly a month of what was widely described as open warfare. Few analysts were treating it as anything more than a pause, risking

Pakistan’s Information Minister Attaullah Tarar was explicit: Operation Ghazab Lil Haq would resume with greater intensity the moment any cross-border attack, drone strike, or terrorist incident occurred inside Pakistan during the holiday period. On Monday, as the ceasefire approached its midnight deadline, Deputy Prime Minister and Foreign Minister Ishaq Dar reaffirmed that Pakistan’s approach had not shifted. “Pakistan remains firmly committed to eradicating the menace of terrorism,” he said.

Previous ceasefires have not held. The one brokered by the same mediators in October 2025 collapsed within days - Istanbul peace talks broke down on October 29, and Pakistan threatened to “obliterate” the Taliban government shortly after. Saudi-led mediation in December 2025 also failed.

What has changed is the scale of the conflict. Pakistan declared “open war” against Afghanistan. Late February brought Operation Ghazab Lil Haq — air and ground strikes hammering Taliban positions across Kabul, Kandahar, Paktia, Nangarhar, Khost, and Paktika, the most significant cross-border military action since the Taliban retook power in 2021. Pakistani officials now claim more than 684 Taliban fighters killed, over 912 injured, 252 posts destroyed, and 229 tanks, armored vehicles, and artillery guns taken out of action.

The Taliban dispute nearly all of those figures. Pakistani airstrikes have hit Kabul repeatedly, Afghan forces have sent drones and mortars back across the border, and the United Nations has tallied at least 289 Afghan civilian casualties since the fighting began — 104 of them children, 59 women.

The worst single day came on March 16. A Pakistani airstrike hit the Omid Addiction Treatment Hospital in Kabul while patients were inside. Afghan authorities counted more than 400 dead. The UN put the confirmed figure at 143 or more. Pakistan said it had struck only military infrastructure. The following day, mass funerals moved through the capital.

Aparna Pande, Senior Fellow for India and South Asia at the Hudson Institute, tells The Cipher Brief that the ceasefire pattern should surprise no one.

“Historically speaking, these ceasefires have never been durable,” she says. “Each side has simply used the pause in fighting to rebuild and replenish before the next round.”

With the truce now expiring and both sides’ core grievances entirely unresolved, the question pressing analysts is whether Islamabad has a realistic end-state in mind, or whether open war with a nuclear-armed state’s most volatile neighbor has become a policy that Pakistan can start but not finish.

A relationship Pakistan can no longer manage

The roots of this conflict run directly through Islamabad’s own strategic choices. For decades, Pakistan cultivated the Afghan Taliban as a buffer against Indian influence, the doctrine of “strategic depth,” conceived in the 1980s, envisioned a pliant Kabul as an extension of Pakistani security space.

That calculation has collapsed entirely. The immediate trigger for the current war is the Tehrik-e-Taliban Pakistan, the militant group that Islamabad accuses Kabul of sheltering and enabling. TTP attacks inside Pakistan have dramatically escalated since 2021, and Pakistan’s Army Chief Field Marshal Asim Munir said during a March 4 visit to troops in South Waziristan that peace can only exist if the Taliban “renounced their support for terrorism and terrorist organisations.”

The Taliban, meanwhile, have never recognized the Durand Line, the colonial-era border Pakistan regards as sacrosanct, and that dispute alone makes any durable political settlement nearly impossible to achieve.

Aref Dostyar, Director of the Afghanistan Program at the University of Notre Dame and former senior Afghan diplomat, tells The Cipher Brief that Pakistan’s military logic is backfiring on itself.

“If the goal is to weaken the Taliban, Pakistan’s aggression is backfiring because it is triggering a ‘rally round the flag’ effect,” he says. “Even Taliban opponents are being cornered to choose between supporting the current regime’s stance against Pakistan or appearing to justify foreign aggression. Most are choosing the former.”

The strategic paradox here is stark: Islamabad is now at war with an actor it once created, sustained, and expected to serve its interests indefinitely. Pande is equally direct: any durable agreement would require each side to move off entrenched positions that the other has shown no willingness to abandon.

The Afghan Taliban would need to pressure their ideological ally, the TTP, to ease attacks inside Pakistan. For its part, Pakistan would need to accept that “it cannot combat an insurgent movement through conventional means and hence offer some economic and other incentives,” Pande says, underscoring that “there is a reason a compromise has not happened as both sides are sticking to their hardline positions.”

Dostyar also questions Islamabad’s underlying objectives.

“Pakistan cites the TTP as justification for ‘open war,’ but its true aims are unclear,” he analyzes. “Mapping the specific locations of Afghan targets may reveal an agenda that contradicts their stated counter-terrorism goals.”

The Iranian dimension

The war in Afghanistan, however, is not happening in isolation. On February 28, coordinated United States and Israeli strikes on Iran killed Supreme Leader Ayatollah Ali Khamenei and triggered a rapidly expanding Middle East conflict. For Pakistan, already engaged in open fighting on its northwestern border, the implications of Iranian instability on its southwestern frontier are severe.

Pakistan’s western frontier with Iran runs for 565 miles, cutting through territory where both sides of the border — Pakistan’s Balochistan and Iran’s Sistan-Balochistan — have long hosted ethno-separatist insurgencies. Roughly $1.4 billion in goods moved between the two countries in 2024-2025, most of it through barter deals and informal crossings rather than anything approaching a formal trade architecture.

Iranian fuel and food have kept Balochistan’s markets from seizing up entirely since the Afghan border shut in October. That lifeline now runs through a war zone, and the border districts of Balochistan, among Pakistan’s poorest, would feel any disruption most acutely.

Afghanistan shares its own 572-mile border with Iran, and the stakes for Kabul are equally acute. Iran hosts an estimated three to five million Afghan refugees and migrant workers. It serves as Afghanistan’s primary remaining trade route to the sea via Chabahar port, a lifeline that became critical after Pakistan closed its border in October. With that route now disrupted by the war, Afghanistan faces a dual economic squeeze that has no near-term resolution.

Pande points out that the security calculus around Balochistan is shifting fast.

“Groups like the BLA have used Iranian and Afghan Baluchistan to operate inside Pakistani Baluchistan,” she observes.

The BLA, the Balochistan Liberation Army, is the most powerful of several insurgent groups operating in the province, a banned separatist organization designated a foreign terrorist group by the United States that seeks to carve an independent Balochistan from Pakistani territory and has escalated sharply in recent months, carrying out coordinated bombings, train hijackings, and mass casualty attacks.

“Instability inside Iran can be helpful to these groups as it may make it easier for them to move across the borders and also easier to find access to military equipment,” Pande continues, stressing that the picture cuts both ways. “Instability inside Iran and the Iranian state’s focus on the western frontier means the Pakistani state may find it easier to target these Baluch groups, knowing that Iran’s attention is diverted.”

Pakistan is also home to an estimated 15 to 20 percent Shia population, one of the largest outside Iran. Violence erupted in Pakistani cities following news of Khamenei’s death. Jihadist networks, including the Islamic State Khorasan Province, al-Qaeda, and the TTP, have been trying to expand their footprints in Balochistan, and instability in Iran would divert Pakistani security resources toward border management, creating an opening for those networks to grow.

In Balochistan’s Makran coast region, home to the Chinese-operated deep-sea port of Gwadar, local officials have advised residents to avoid Iranian territory entirely.

A nuclear state on three fronts

Then there is India. Last May, the two nuclear-armed neighbors fought their most intense clash since 1971. India launched Operation Sindoor on May 7, striking nine sites linked to militant groups Jaish-e-Mohammed and Lashkar-e-Taiba in Pakistan and Pakistan-administered Kashmir — the first time India had struck inside Pakistan’s Punjab province since the 1971 war.

When reports surfaced that Pakistan had summoned its Nuclear Command Authority, the body that controls decisions over its nuclear arsenal, the crisis took on a different character altogether. Analysts read it as a calculated signal. Pakistani officials later said no such meeting occurred. Fears of escalation to the nuclear threshold drove United States government involvement, with Secretary of State Marco Rubio working the phones before President Trump announced the ceasefire on social media on May 10.

The intervention produced a fragile truce yet left the underlying tensions entirely intact. Delhi has held the Indus Waters Treaty in abeyance since then, a move Islamabad has called an act of war. The Indus basin supplies roughly 80 percent of Pakistan’s irrigated agricultural land and underpins a sector that accounts for nearly a quarter of GDP.

Dostyar does not mince words about where all this leaves Islamabad.

“Pakistan is facing a failing economy, political instability, and internal separatist movements,” he asserts. “In the face of all this, it is an enormous gamble to engage in multiple external conflicts. It may be a ‘distraction’ strategy, but it poses a significant regional risk, particularly regarding the security of Pakistan’s nuclear arsenal.”

Pande agrees the military believes it can manage all three frontiers for now, partly because of what she describes as confidence in Washington’s backing and a mutual defense arrangement Pakistan concluded with Saudi Arabia in September 2025, which stipulates that any aggression against either country is treated as aggression against both. Still, she flags a structural weakness in the information campaign that sustains it.

“The message being sent by the top brass is that events that are happening are a conspiracy against Pakistan, in an attempt to rally the people to support the state and its actions,” she says.

That Washington has left the mediation work entirely to Ankara, Doha, and Riyadh is itself telling and consequential. As Dostyar puts it, “Washington’s apparent absence from mediation is likely driven by either insufficient awareness about what is truly going on or a strategic choice due to competing priorities.” In plain terms, the United States is either not paying close enough attention or has decided this fire is someone else’s to put out.

That calculation carries costs. A nuclear state fighting one neighbor, frozen out by another, and watching a third descend into war on its doorstep is exactly the kind of cascading regional breakdown that tends to pull Washington back in regardless of its intentions.

The security of Pakistan’s nuclear arsenal under simultaneous pressure on three fronts, the risk of jihadist networks exploiting the chaos in Balochistan, and the potential for an escalation that pulls in India — all of these are American national security equities, whether Washington chooses to engage or not.

The Eid pause now expiring gives diplomats the narrowest of windows. Saudi Arabia, Qatar, and Turkey all called this week for a path toward a sustainable agreement. Whether the structural conditions for such an agreement exist is another matter entirely. Pakistan’s preconditions — TTP sanctuaries dismantled, militant leaders handed over — are non-starters for a Taliban government that has staked its domestic legitimacy on refusing to be seen as compliant with Islamabad’s demands. The Taliban’s own precondition, recognition of Afghan sovereignty over the Durand Line, is equally unacceptable to Pakistan’s military establishment.

The underlying drivers are unchanged.

As Pande frames it, the core problem is not a lack of mediation but a lack of political will on both sides.

“The Afghan Taliban believes they are no longer beholden to Pakistan, they are in power, and they are reluctant to act against their ideological ally, the TTP,” she adds. “Pakistan believes that since it helped the Afghan Taliban regain power, the latter should be grateful to Pakistan, should keep Pakistan’s interests in mind and should tame the TTP. The key challenge for Pakistan is the ongoing conflict with its former proxy.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Costly Illusion of the Golden Dome

OPINION — “The Golden Dome for America strategy [President Trump’s proposed nationwide anti-missile defense system] remains centered on affordable and scalable capabilities. In the short-term, we will leverage battle-proven technologies and systems to provide immediate defense against current threats. By improving, multiplying, and integrating existing systems, we can field a credible defense now. However, defeating an increasing number of sophisticated, lower-cost offensive threats with a limited supply of multi-million-dollar [space- and ground-based] interceptors is an economically untenable proposition in the long term.”

That was from the prepared statement of Space Command General Michael Guetlein, Program Manager for the Golden Dome for America project, who appeared last Wednesday before a House Armed Services Strategic Subcommittee hearing held to provide an update on Golden Dome and other Department of Defense (DoD) missile defense programs along with other senior officers.

In announcing the Golden Dome program on January 27, 2025, Trump, in an Executive Order said, “The United States will provide for the common defense of its citizens and the Nation by deploying and maintaining a next-generation missile defense shield; the United States will deter — and defend its citizens and critical infrastructure against — any foreign aerial attack on the Homeland; and the United States will guarantee its secure second-strike capability.”

Last May, Trump predicted, “Once fully constructed, the Golden Dome will be capable of intercepting missiles even if they are launched from other sides of the world, and even if they are launched from space, and we will have the best system ever built.”

Guetlein, just before the two-hour session ended, again made clear, cost would be a factor in the system. “If we cannot do it affordable we will not go into production and that's something that others have not understood. Because we are looking at the threats from a multi-domain perspective, to make sure I have redundant capabilities, and I don't have single points of failure, so if boost- phase intercept from space is not affordable and scalable, we will not produce it because we have other options to get after it.”

During the hearing, Guetlein and the others made clear what a long, costly and complicated process the Golden Dome will involve.

For example, when Guetlein was asked how many American cities are currently protected by Patriot or Terminal High Altitude Area Defense (THAAD) batteries – the U.S. Army’s existing ground-based anti-missile units he referred to above -- he answered, “Today, none.”

I remember back in the 1950-to-1970 Cold War days when the U.S. Army deployed nuclear-armed Nike surface-to-air missile batteries around major cities such as Washington, D.C., Chicago, Detroit, Minneapolis, and the Florida coast to intercept Soviet missiles or bombers. One example: back then 19 Nike anti-air sites ringed New York City.

As I read Guetlein, Golden Dome will require Patriot and THAAD batteries to be deployed to hundreds of U.S. cities to provide the protection President Trump envisioned.

Today, a single Patriot battery cost $1.1 billion -- $400 million for the radar, control station and launchers plus another $690 million for the interceptor missiles, at some $4 million each. In addition, it takes 90 service personnel to operate that Patriot battery. A single battery can protect an area with a 42-mile defense radius, depending on the surrounding terrain, while its radar can track up to 50 potential targets and engage five simultaneously.

A Patriot battery acts as a terminal-phase shield against tactical ballistic missiles, cruise missiles, drones, and advanced aircraft.

The U.S. Army today operates roughly 15-16 Patriot battalions, consisting of some 60 active batteries, with some 30+ stationed within the U.S., while the remaining are deployed in Europe, the Middle East, and the Indo-Pacific region.

A single THAAD battery, designed to intercept short-, medium-, and intermediate-range ballistic missiles, typically costs between $1 billion and $2.7 billion. A battery is comprised of six truck-mounted launchers, 48+ interceptors, the AN/TPY-2 radar, and fire control units. Again, some 90 personnel are needed to operate a THAAD battery.

As of June 2025, the Army had just eight THAAD batteries with four stationed overseas -- in Guam, South Korea, Israel and Middle East -- and four on U.S. Army bases at home.

Supplementing these terminal-phase defense systems, in considering this new Golden Dome concept, is the Ground-Based Midcourse Defense (GMD), the only operational U.S. system theoretically designed to defend the entire U.S. against long-range ballistic missiles. However, GMD is designed to defend against limited ICBM threats from rogue nations such as North Korea and Iran and not the advanced ICBM capabilities of Russia and China.

GMD consists of a space-based and ground-based global network of sensors and radars to detect and track threats; command, control, battle management and communications; a fire control system that can calculate interception points; and just 44 Ground based Interceptors (GBI), 40 at Fort Greely, Alaska, and 4 deployed to Vandenberg Air Force Base, California. President Trump has requested funding for 20 additional GBI interceptors to be deployed in the United States.

Each GBI has cost roughly $90 million and the GMD system as a whole has been estimated to have cost over $40 billion.

The U.S. Missile Defense Agency (MDA) in 2021 awarded Northrop Grumman and Lockheed Martin contracts to develop a Next Generation Interceptor (NGI) as a follow-on to the GBI. In April 2024, the MDA announced it had selected Lockheed Martin as the sole prime contractor for the NGI program’s development phase.

The NGI plan called for the first new interceptors to be operational by 2028 and the final multi-year contract to be worth an estimated $17 billion.

When Guetlein told the House subcommittee last week “Golden Dome for America is not a single or static weapon system, but an integrated ‘system of systems,’” these three – Patriot, THAAD and GMD -- are the basic systems I believe he was talking about.

There is also the Navy’s AEGIS shipboard anti-missile system, which also provides midcourse and terminal interceptions. But other than the one land-based AEGIS system in Europe, the remainder appear to be needed to protect the fleet.

Guetlein explained, “The architecture that we're building is a very flexible open architecture design system so that we can continuously modernize it as the threat continues to mature. It is not a static architecture. So we will continue to upgrade along the way to get after the threat.”

He claimed his new system “will increase the number of threats we can defend against for a fraction of the cost…by building a modular, layered, defense-in-depth ‘system of systems’ where all components can operate independently and, therefore, can be replaced without having to rebuild the entire enterprise.”

Guetlein said, “We are going to deliver an operational capability by the summer of [20]28 that will be able to protect the homeland against a variety of threats. The ultimate objective architecture is going to be $185 billion. That's $175 billion as identified by the President of the United States and an additional $10 billion to accelerate some space capabilities that were not originally part of our architecture.”

Another House subcommittee witness, Lieutenant General Heath Collins, Director of the Missile Defense Agency, introduced the idea that directed energy weapons, lasers, would also be part of the Golden Dome program.

“We are certainly putting more attention into potentially game-changing directed energy,” Collins said. “Capabilities in an unmanned air platform is what we're focused on so we can bring that capability to the edge of the fight and thin the herd of UAVs [unmanned air vehicles] – potentially air threats and the like. So, we're very into that and we're driving through on that experimentation as we as we move forward.”

Speaking of Patriot and THAAD, Collins said , “We have some very proven systems with incredible capability…We are always driving to figure out how to drive the cost of those down. One through the acceleration in quantities that we're going to talk about. We're going to have a

savings in those. But those are pretty exquisite and unique weapons. As we move forward we are continuing to push directed energy and non-kinetics to change the cost equation.”

Near the close of the hearing, Gen. Guetlein was asked to sum up “in layman’s terms,” why Golden Dome was the right option to meet the current threat.

Guetlein responded in part, “We are seeing threats coming from the multi-domain environment meaning they're coming from air, they're coming from the sea, they're coming from space, they're coming from land. They [U.S. adversaries] have figured out how to get some low-cost threats in there as well to challenge our depth, our defenses.”

Guetlein concluded, “This is driving a demand for increased magazine depth [an adequate supply of interceptors] and a demand for lower cost solutions to get after these sectors. That's what Golden Dome is focusing on…how to change that defense equation. And we're doing that through partnerships with industry, partnerships with academia and partnerships with the national labs.”

I believe the truth is, as the U.S. discovered during the Reagan years, that missile offenses will always defeat missile defenses, and while an Iron Dome defense can be set up for a small country – Israel -- no Golden Dome can be established to protect a large country such as the U.S.

And, ironically, trying to create a defensive system will eventually lead to a more aggressive offensive arms race than exists today.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump, Iran, and the Stress Test of Western Alliances

OPINION – The war with Iran has grown beyond just a regional war; it is also a preliminary test of the cohesion of Western alliances under President Donald Trump. Deep root causes concerning burden-sharing, strategic partnership, and political trust within NATO are being exposed by the United States’ and its allies' reactions as tensions escalate and the shock of disruption through the Strait of Hormuz is felt by the world's energy markets. A broader re-evaluation of how Western alliances function in an increasingly volatile global context is taking place, rather than just a contest of deterrence against Iran.

This war unfolds in a distinct political setting in Washington - different from previous Middle East conflicts. Trump's foreign policy approach throughout his current term has remained consistent with a transactional view of alliances, putting concrete commitments and national advantage over conventional ideas of shared security.

NATO's internal structures are experiencing pressure and uncertainty. European allies are currently dealing with a more nuanced strategic context, where unconditional alignment with the United States is hardly assumed but still anticipated. As a result, the Iran war reveals the political boundaries of alliance unity.

A Regional War with Global Consequences

The war’s global implications are being highlighted by the closure of the Strait of Hormuz. Uncertainty in the Strait, a vital conduit for global energy supply, has direct and major economic repercussions, from rising energy costs to heightened financial market swings. The economic implications caused by the Iran war raised calls for de-escalation for European economies already facing structural strain.

NATO allies' strategic calculations are hampered by this economic element. While local economic factors favour neutrality, security commitments require European states to back U.S. policy. The result is a dual strain that weakens collective decision-making. As a result, the Iran War cannot be viewed simply as a regional security matter; rather, it is a confluence of political, economic, and military concerns that go well beyond the Middle East.

Trump’s Alliance Strategy: Pressure as Policy

Trump's use of external threats to alter alliance behaviour is a larger trend in his foreign policy, which appears in how he managed the situation. The current crisis intensified his repeated criticism of NATO states for inadequate defence spending, with new demands for enhanced European contribution to both military operations and financial commitments.

There could be inconsistent outcomes from such a strategy. On one hand, it could hasten European attempts to strengthen strategic autonomy and increase defence spending. On the other hand, it carries the risk of upsetting allies who see this type of strain as eroding the alliance's cooperative roots. According to political scientist Stephen M. Walt alliances are upheld by bilateral trust as well as common interests, which can be weakened when relationships are laid out mainly in terms of give and take.

However, Trump's strategy does make some sense. The realists argue that greater shared burdens could boost the alliance's overall capabilities. The tough element is achieving this without weakening political cohesion that is vital for successful shared action.

NATO at a Crossroads

The Iran war has exposed long-standing divisions in NATO cohesion. Attempts to develop a cohesive response have been hindered by member countries' varying views of the risk. Russia remains as the key security threat for many Eastern European nations, with Middle East instability seen as a secondary concern. On the other hand, the impact of Middle Eastern unrest is more urgent for Southern European nations, especially about migration and energy security.

Establishing agreement turns tougher because of these conflicting agendas. NATO's viability eventually depends on political agreement among its members, even if it maintains strong bureaucratic procedures. Even in the absence of explicit disagreement, the current crisis highlights the risk of a slow erosion of strategic cohesion.

However, history reveals that crises may also act as a catalyst for adaptation. As political scientist Barry R. Posen points out, alliances often fluctuate in response to changing strategic conditions. The question involves whether NATO can utilise the Iran war to reassess its goals, or if internal division will worsen.

The Expanding Role of Middle Powers

Middle powers have played a significant part in fostering diplomatic dialogue throughout the current war. States like Pakistan and Turkey have emerged as mediators, showing the multipolar character of international diplomacy. Pakistan's recent effort to portray itself as a mediator and host the negotiators from the United States, and Iran is especially notable. Despite an inconsistent track record in regional policy and counterterrorism, Islamabad has utilised its alliances with rival blocs in order to preserve channels of communication at a critical time. In this respect, its role is less about resolving the war and more about preventing further escalation by facilitating dialogue in circumstances where direct engagement is politically constrained.

Their engagement reflects a broader shift away from Western dominance in conflict resolution and highlights the growing role played by regional players in crisis management. For NATO, this development provides both challenges and opportunities. On one hand, reliance on external mediators may indicate an erosion in Western diplomatic dominance. On the other hand, it offers other de-escalation alternatives that can complement formal alliance protocols.

The capability of NATO member countries to interact productively with these actors will be crucial in determining the trajectory of the crisis. Successful diplomacy in such a complicated setting requires cooperation outside conventional alliance agreements.

Future Trajectories: Cohesion, Transnationalism, or Fragmentation

The long-term repercussions of the Iran conflict for Western alliances will ultimately be shaped by how these interactions play out. Three potential pathways can be identified.

The first path is a renewed feeling of cohesiveness. In this scenario, the common challenges caused by the war contribute to greater cooperation among NATO members, strengthening NATO's legitimacy and efficiency. This would signify the continuation of NATO's enduring position as a foundation of Western security.

The second path is a shift towards transnationalism. The alliance persists, but collaboration becomes increasingly conditional, driven by national interests and contributions rather than unified standards. While this could enhance efficiency in certain areas, it also has the potential to weaken NATO's sense of joint missions.

The third path is gradual fragmentation. If internal divisions continue to grow, NATO may struggle to react to future crises as a cohesive alliance. This would not necessarily lead to the alliance's collapse, but it might significantly diminish strategic unity and influence.

The Iran war indicated that it’s more than just a test of military capacity or regional strategy; it also tests Western allies' resilience and adaptation in a shifting geopolitical context. Under President Trump, this test is exacerbated by a leadership style that prioritises power and negotiation above established alliance conventions.

For NATO, the stakes go beyond the current crisis. The alliance must manage a complicated web of security challenges, economic constraints, and political disagreements while retaining its credibility as a collective defensive agency. The capacity to manage these opposing needs will determine whether it emerges stronger or more fractured at the end of this period.

Ultimately, the significance of the Iran war may lie less in its immediate outcomes than in what it reveals about the future of alliance politics. In an era of shifting power dynamics and increasing uncertainty, the capacity of Western alliances to adapt will be a critical determinant of their continued relevance.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

An FBI Perspective on FISA Section 702

OPINION – I spent twenty years at the FBI supporting investigations into cybercrime, tracking ransomware gangs, and watching foreign adversaries tear through American networks. I've sat across the table from hospital administrators trying to figure out how to care for patients when their systems are locked. I've talked to small business owners who lost everything to a cyber operation traced back to a state-sponsored group operating with near-impunity abroad.

What I can tell you, from that vantage point, is that allowing Section 702 to lapse would create intelligence gaps that our adversaries are already positioned to exploit.

Section 702 is a vital tool. A nimble authority that provides for collection against foreign-based, non-U.S. person threat actors intent on harming Americans. The threats this authority was built to address have not slowed down while Congress deliberates. Iranian-nexus actors are actively probing U.S. critical infrastructure, Chinese operators remain embedded in telecommunications networks, and ransomware groups – some operating with the direct support or tolerance of foreign governments – are targeting hospitals, water systems, and school districts across the country.

The actors dominating today's headlines each represent a different dimension of why 702 matters to the FBI as an investigative and intelligence collection tool.

Iran has demonstrated both the intent and the capability to conduct attacks on US soil. Beyond cyber operations against critical infrastructure – including recent attacks against operational technology in water treatment plants – Iran has sought to assassinate American citizens, including senior government officials, and to silence dissidents operating on US soil. Many of these plots are planned from abroad, coordinated through the internet, and would be invisible to investigators without 702. It is the tool that lets us connect the dots before an attack is executed rather than after.

China is playing a longer game. The campaign to pre-position access inside US critical infrastructure – power grids, water systems, transportation hubs, communications networks – is patient and methodical, designed to be activated at a moment of Beijing's choosing, including in the event of a conflict over Taiwan. In the FBI's own experience, 702 has been the difference between detecting that access early and discovering it only after the damage is done. When Chinese hackers compromised a major US transportation hub, it was 702-derived intelligence and US person queries that allowed the FBI to pinpoint exactly which network infrastructure had been hit, alert operators to the specific vulnerability, and help close the backdoor.

Ransomware, which defined much of my work at FBI, has evolved from a criminal problem into a national security one. Many of the groups responsible for attacks on hospitals and pipelines operate under the protection or direction of state sponsors who understand that ransomware destabilizes the same infrastructure a military adversary would want to disable. Over the past decade, malicious cyber actors have accounted for more than half of the FBI's Section 702 targets. The authority is central to how the FBI does cyber work: identifying victims, warning them before attacks begin, and helping them close backdoors before the next wave hits.

If Section 702 authority expires, active collection against foreign targets stops. Leads go cold. Investigations that depend on 702-derived intelligence hit a wall at exactly the moment continuity is critical. Adversaries don't pause. Every day the authority lapses is a day they move more freely through networks they have already compromised.

On compliance, the record deserves an honest accounting. The FBI's pre-reform querying practices were unacceptable. Director Wray said so plainly, and he was right. But beginning in 2021, there was a genuine institutional reckoning: foundational reforms to training, supervision, and accountability that produced documented, court-verified improvement. The same court that documented FBI’s violations in the first place – the Foreign Intelligence Surveillance Court (FISC) – concluded the reforms are having the desired effect.

The same rigor that produced those improvements is exactly why this reauthorization debate deserves to be evaluated on its own merits. The concern about government acquisition of commercially available data is legitimate, but it is a separate question from 702. Conflating the two risks taking down a well-functioning authority over a fight that belongs elsewhere in statute.

From two decades working to counter these threats, I know what it costs to arrive after the damage is done. The good news is that Congress doesn't have to make that choice. The oversight architecture is working. The reforms are documented. The threats are real and they are not waiting. Reauthorize 702, address commercial data on its own track, and keep the investigative capability that makes the FBI's cyber and national security work possible.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why Greenland is the Linchpin of the Golden Dome

OPINION – When President Trump first proposed the purchase of Greenland, the world’s reaction leaned toward mockery. But as the strategic landscape of the 2020s shifts from traditional ground wars to a high-stakes Arctic battlefield and space-based competition, the real estate deal of the century is looking less like a whim and more like a calculated move for national survival.

The logic behind the push for Greenland, whether through outright acquisition or a significantly expanded role as its primary protector, is not about land mass nor rare earth minerals. It is about latitude. As the U.S. develops the Golden Dome system, a revolutionary, layered missile defense shield, Greenland is the one of the only geographic assets that offers the location necessary to protect the American mainland from modern existential threats.

The Ultimate Vantage Point

To understand Greenland’s value, one must look at a globe, not a map. The shortest flight path for an Intercontinental Ballistic Missile (ICBM) launched from Russia, China, or North Korea toward the United States is not across the oceans, but over the North Pole.

Greenland sits directly beneath these routes often referred to as Great Circle routes. By securing unfettered access to this territory, the U.S. can transition the Pituffik Space Base from a mere warning site into an active intercept location. Forward-basing interceptors on Greenland allows the military to engage incoming missiles in their mid-course phase—while they are still coasting through the vacuum of space. This provides a second line of defense that can neutralize threats thousands of miles away, ensuring that any debris or nuclear fallout occurs over the uninhabited Arctic ice rather than North American civilian populations.

Commanding the High Orbit

Beyond missile interceptors, Greenland should be the operational fulcrum for the space-based leg of the Golden Dome. Modern defense relies on the Proliferated Warfighter Space Architecture (PWSA), a mesh network of thousands of small satellites in Low Earth Orbit (LEO).

● Satellite Command: Because polar-orbiting satellites pass over the North Pole on every revolution, a ground station in Greenland can communicate with these satellites more frequently than any site in the continental U.S.

● Atmospheric Clarity: Greenland’s cold, dry air is a scientific miracle for communications. It provides the perfect medium for laser-based satellite links and high-frequency V-band radio, which are far more resistant to enemy jamming than traditional signals.

Beyond Greenland: The Svalbard Puzzle

While Greenland serves as the western anchor of this Arctic shield, it is only one piece of a broader polar puzzle. To truly secure the High North, the U.S. and its allies must eventually address the strategic anomaly of Svalbard.

Located halfway between Norway and the North Pole, Svalbard shares Greenland’s near-perfect latitude for satellite downlinking and missile detection. However, unlike Greenland, which is governed by a bilateral agreement with Denmark, Svalbard is governed by the Svalbard Treaty of 1920. This unique international document recognizes Norway’s sovereignty but with a major catch: the islands must remain demilitarized and open to commercial activity from all 40+ signatory nations (that includes Russia, China, North Korea, Iran and others).

This has led to a bizarre patchwork of land ownership that presents a significant security challenge:

● 34 Plots: Historically, land on Svalbard was divided into 34 distinct claims (aka, plots which were based on mineral or fishing rights).

● Norway (31 Plots): The Norwegian state owns a majority of the land, maintaining the primary administrative hub in Longyearbyen.

● Russia (2 Plots): Through the state-owned mining company Arktikugol, Russia owns two significant plots, including the active mining town of Barentsburg and the "ghost town" of Pyramiden. This allows Moscow a permanent, legal foothold on what is technically NATO soil.

● Private Hands (1 Plot): For years, the last remaining private plot, Søre Fagerfjord, has been a source of geopolitical anxiety. In late 2024 and throughout 2025, the Norwegian government took the unprecedented step of blocking the sale of this Manhattan-sized plot to prevent it from falling into the hands of non-NATO actors, specifically citing concerns over Chinese interest. This included blocking it from being sold to an American firm which would have ensured it could not fall under the control of a foreign power (conveying Arctic status to any such possibly malignant actor).

Conclusion: A Unified Arctic Strategy

If the push for Greenland is the first move in securing the Golden Dome, Svalbard is the inevitable second move. The topography that makes Greenland an ideal interceptor site is mirrored in Svalbard. However, the presence of Russian commercial outposts and the treaty’s strict restrictions on warlike purposes create a diplomatic minefield.

As the U.S. seeks to build an impenetrable shield against trans-polar threats, it must look beyond just buying land. It must navigate a complex web of hundred year-old treaties to ensure that the top of the world remains a vantage point for the West, rather than a loophole for its adversaries.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Most Dangerous Extremist Movement in America Has No Ideology

She Was 13. She'd Been Inside This World Since She Was 8.

A week after her birthday, Audree was dead.

Her mother didn't know why – not until a detective called to say Audree's journal was filled with drawings of school shooters. Not until she searched TikTok and recognized her daughter's artwork everywhere. Not until she learned that the online world her artistic, funny, guitar-playing daughter had been living in for five years had a name.

The True Crime Community. The TCC.

The TCC is one of the most dangerous pipelines operating right now – and most parents have never heard of it.

A Fandom Built Around Killers

It's not an organization. There's no leader, no membership card, no political ideology. Researchers call it nihilistic violent extremism – a fandom built around mass killers, driven by hatred of humanity and a hunger for notoriety.

The Columbine shooting gave this world a look and a feel. Members dress like shooters, draw fan art of them, and celebrate them the way other teenagers celebrate musicians. The community has migrated from Tumblr to TikTok, where a hand making an "OK" sign paired with a photo of boots signals TCC membership – and comment sections do the recruiting.

When a new shooting happens, the perpetrator often becomes the next idol. After the December 2024 shooting at Abundant Life Christian School in Madison, Wisconsin, the 15-year-old shooter became a figure the community celebrated – and three more school shootings in Tennessee, Minnesota, and Colorado followed. Each attack feeds the next.

Since January 2024, researchers have linked TCC to at least 25 attacks or disrupted plots. The FBI reported a 300% increase in this kind of extremism between late 2024 and late 2025. And this week, a school shooting in Argentina was directly tied to TCC by government officials, who said it had nothing to do with bullying – only membership in an international online subculture. This isn't an American problem anymore.

The Signs Are There – Parents Just Don't Know What They're Looking At

There is no recruitment script. No one knocks on your door. Your child doesn't come home saying she joined an extremist group. She asks for a T-shirt. She draws something in her notebook you don't recognize. She uses a username that sounds random.

One mother – Audree's mother – didn't just miss the signs. She helped create them. She made custom T-shirts for her daughter printed with logos tied to the Columbine killers. She had no idea what they meant. "I wanted to vomit," she said when she found out.

These communities target kids who are struggling – isolated, anxious, looking for somewhere to fit in. According to de-radicalization expert Allizandra Herberhold of Parents for Peace, about 95% of TCC participants never harm anyone else – they are far more likely to hurt themselves. This is a self-harm crisis as much as a violence crisis.

One more thing most parents don't know: TCC is roughly half girls, half boys – unusual for any extremist group. Girls often find their way in through online eating disorder communities. Boys typically come in through gore forums. If you think only boys are at risk, you're missing half the picture.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

A Phone Call Can Stop It

In January, an Indiana mother called the sheriff after noticing something wrong with her 17-year-old daughter. Investigators found the girl had recorded a walkthrough video of her school and was planning an attack with people she'd met online. The mother's call stopped it.

Another mother, Heather Dioneff, watched her daughter Lilyanna get pulled into the TCC world. Lilyanna idolized killers, wrote a manifesto, and made a list of people she wanted to hurt at school. She eventually told a therapist. The therapist called for help. Lilyanna was hospitalized before anything happened.

Two different families. Two different paths. Same result – someone paid attention and made the call.

The warning signs are about looks, not words. Watch for fixation on specific shooters, drawings of killers, references to Columbine, or usernames and symbols you don't understand. If something confuses you – a meme, a post, an image – search it before you react.

Monitor private channels, not just public profiles. Discord needs close attention. Experts say don't allow children on Telegram at all – it's full of violent and exploitative content.

Don't wait until you're sure. Parents for Peace runs a confidential helpline for families worried about where a child is headed. Their number is 1-844-49-PEACE. No judgment. No obligation. The Anti-Defamation League has sent TCC research to more than 16,000 schools and offers guidance on what to look for. Lawmakers have also introduced a bill that would make it a federal crime to push children toward self-harm – a step in the right direction.

The Adults Closest to These Kids Don't Know What to Look For

We have systems for identifying jihadist radicalization. We are building them for domestic extremism. We have almost nothing in place for this threat at the school and community level. The most sustainable fix, researchers say, is treating this like a public health problem – reduce what makes young people vulnerable before an attack happens, not just respond after. That means youth mental health investment, school-based threat assessment training, and making sure the counselors, coaches, and pediatricians who see these kids every day know what they're looking at.

That gap is where children are dying.

The mothers in that CNN story aren't asking for sympathy. They're asking for accountability – from platforms, from policymakers, and from a public that keeps acting surprised by attacks that researchers saw coming.

Kids are going to seek out secret worlds. That instinct is human – it's the same one that draws them to spy stories, adventure novels, and tales of people who matter and belong to something bigger than themselves. The question is who finds them first and what world they're handed when they arrive.

Resources:

Parents for Peace confidential helpline: 1-844-49-PEACE | parents4peace.org
ADL Center on Extremism: adl.org
K-12 School Shooting Database: k12ssdb.org
If you or someone you know is in crisis: call or text 988

The Trump-Xi Summit: A Chance to Change the Global Narrative

Let’s hope the May summit between Presidents Donald Trump and Xi Jinping is uplifting, giving the world hope that these great powers can cooperate for the common good. The global community is distraught and fatigued with the wars in Ukraine, Gaza and Iran and the sense that war has now become accepted behavior.

The summit of the U.S. and China is an opportunity to change the narrative and instill hope that these two great powers can work through the many issues that divide us and focus on the issues that can lead to the betterment of mankind.

The summit will be an opportunity to discuss a myriad of economic and trade issues that continue to be an irritant in the bilateral relationship: The U.S. trade imbalance with China; industrial subsidies China provides to state-owned enterprises and cheap financing from state banks; U.S. restricted exports to China of advanced semiconductors and chipmaking equipment and AI-related technologies; Intellectual Property theft by China and industrial espionage; U.S. tariffs and de-risking efforts with rare earths, batteries and pharmaceuticals; U.S. investment restrictions and China’s efforts to keep the yuan undervalued to boost exports; and U.S. human rights-related trade restrictions and sanctions on Chinese companies.

China has strong views on each of these issues, accusing the U.S. of economic containment. As major economic competitors, these and other related issues can and should be addressed routinely, in diplomatic and trade negotiations. Indeed, these economic and trade issues can and should be mentioned and discussed at the summit but left to the diplomats and trade negotiators to resolve during routine annual meetings in Beijing and Washington.

What the world needs to hear is how the U.S. and China can cooperate to end wars and make the world more inhabitable.

Indeed, conflict resolutions should be high on the list of issues to discuss. Ensuring that we do not have a repeat of the Belgrade Embassy bombing of 1999 (when the U.S. accidentally bombed the Chinese Embassy in Belgrade) and former President Jiang Zemin refusing to take with President Bill Clinton’s calls to apologize; or the EP-3 incident of 2001 ( a U.S. reconnaissance aircraft collided with a Chinese jet in international airspace, killing the Chinese pilot) when President Jiang Zemin would not take the calls from former President George W. Bush who wanted to apologize for the incident and request the release of the U.S. crew being held in Hainan Island.

We cannot have a repeat of these two tragic events. It is important that our leaders communicate in a timely and secure manner, to ensure that incidents of this type do not escalate. The hotline between our military leaders is equally important, to avoid inadvertent escalation and potential conflict.

Taiwan and the South China Sea are issues requiring immediate presidential attention. These are issues that can escalate quickly and potentially lead to conflict and war. The U.S. Taiwan Relations Act of 1999 clearly states that the issue of Taiwan should be resolved peacefully between the People’s Republic of China and Taiwan, while the U.S. provides Taiwan with arms of a defensive character. Mr. Xi has said he wants a peaceful resolution of issues with Taiwan, but China, he said, is prepared to use military force if necessary. The recent meeting of Taiwan’s opposition leader, Cheng Li-wun, Chairman of Taiwan’s Kuomintang (KMT) with Mr. Xi on April 10 was the first meeting in a decade with Mr. Xi, who has increased military pressure around Taiwan and sees reunification with Taiwan as an important part of his legacy.

The South China Sea is a potential flash point between China and the U.S. Island-building activity by China has been found illegal under the United Nations Convention on the Law of the Sea (UNCLOS). Between 2013 and 2015, China engaged in extensive land reclamation in the Spratly Islands, building artificial islands in areas claimed by the Philippines and Vietnam. An arbitral tribunal ruled in 2016 that China was in violation of UNCLOS. But China persists, insisting – based on dated maps going back to the Qing Dynasty – that China has sovereignty of the South China Sea Islands. The U.S. position is that China’s claim to sovereignty of the South China Seas islands is unlawful and freedom of the seas is consistent with international law.

Discussing Taiwan and the South China Seas is necessary, to avoid conflict that could develop into a war. But these are long-established points of conflict that require close and continued diplomatic and military dialogue with Beijing. A two-day leadership session in Beijing likely will not resolve either of these contentious issues. But continued dialogue is necessary.

What the people would like to see from this summit is how the U.S. and China are prepared to cooperate to resolve conflicts and wars and how the U.S. and China plan to cooperate on global issues requiring immediate attention: Global pandemics, global warming, nuclear proliferation, biosecurity, counterterrorism, counternarcotics, counter international organized crime, and other issues requiring attention.

The May summit between the leaders of the U.S. and China is an opportunity to show the world that two great powers can coexist peacefully and cooperate to make the world a better place for mankind.

The author is a former associate director of national intelligence. All statements of fact, opinion or analysis are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication of information or endorsement of the author’s views.

This article was originally published in The Washington Times and is republished here with permission from the author.

What Iran Is Learning from Russia’s War and Why the U.S. Should Be Concerned

KREMLIN FILES/COLUMN: The war in Ukraine is often framed by optimistic academics, and some policymakers as a cautionary tale—an example of how military aggression can backfire, weaken a state, and isolate it from the world. But that assumption may be dangerously incomplete. For regimes like Iran, the more relevant lesson may not be Russia’s failures, but its endurance.

Four years into the conflict, Moscow has not collapsed. Instead, it has adapted militarily remarkably well, particularly in the past two years. Russia has resisted sanctions to make its economy even more domestically oriented and more reliant on China. It has also dramatically strengthened the security and intelligence structures that sustain authoritarian rule. If Iran’s leadership is studying this war—and there is strong evidence that it is—it may come away with lessons that make it more resilient, more technologically capable, and more repressive. That possibility should concern the United States.

The first lesson Iran’s regime might learn is that war fosters innovation, especially when countries must operate under constraints. Even before Russia’s full-scale invasion of Ukraine, Moscow and Tehran were already working together militarily. While not a strategic alliance like NATO, or anything close to approaching the strength of our “Five Eyes” partnerships, Iran supplied Russia early in the war with Shahed drones, which quickly became a key part of Russia’s strike campaign against Ukrainian infrastructure.

But the relationship didn’t stop at the simple transfer and sale of weapons. Throughout the war, both countries have adapted and improved. Russia has modified Iranian drone designs, increased their range and guidance systems, and expanded domestic production for new generations of its GERLAN drone series (based initially on the Shahed, but evolved significantly since). They have also established a new “Unmanned Systems Troops” branch for their military. Some might argue they are ahead of NATO in this innovation (though still behind Ukraine, thankfully).

Meanwhile, Iran has gained battlefield feedback, collecting real-world data on how its systems perform against modern air defenses when the Russians deployed them. That seems to be paying off in some respects now with Iran’s own conflict. Their drones have indeed penetrated U.S. and allied defenses in the region. U.S. airpower remains a dominant force on any battlefield of any potential conflict still, but for how much longer?

The wartime innovation is not limited to drones. Russia has improvised with electronic warfare, missile production, and decentralized command structures under pressure—the latter being particularly difficult for its Soviet-style military to adapt from, but reports are that they have done so. Iran, which already prioritizes asymmetric warfare, is likely absorbing these lessons. The development of new generations of loitering munitions—like Iran’s IRSA-7—illustrates how quickly relatively simple technologies can evolve into more effective and harder-to-counter systems.

For Iran, the takeaway is clear: even under sanctions and technological isolation, war can accelerate military advancement rather than stall it. That has direct implications for U.S. forces now at war in Iran, and partners in the Middle East, who could face more sophisticated and battle-tested Iranian systems if the war continues.

A second lesson Iran might learn is that prolonged conflict doesn't necessarily topple a regime—it can instead make it more resilient. Western policymakers often believe that ongoing economic pressure and battlefield losses will eventually lead to political change. Russia’s experience complicates that argument and shows how an autocratic system can be built to endure a long conflict.

Despite broad sanctions, export controls, and diplomatic isolation, the Russian government has kept functioning. It has shifted its economy toward non-European partners, especially China, maintained energy revenues, and passed the hardships onto its people. Russia’s domestic production of many agricultural and other goods has actually increased during the war. How does this compare with the U.S. and the West? Not very well, of course. If international shipping stopped bringing goods to the U.S. market, our economy would collapse.

Iran is arguably even better positioned to absorb this lesson. It has decades of experience operating under sanctions, developing informal trade networks, and insulating its core institutions from economic shock. What Russia has demonstrated is that a large, resource-rich, authoritarian state can endure far longer than many expected, even under intense pressure. For Tehran, this reinforces the idea that time may be on its side—that it can outlast external pressure campaigns without fundamentally changing its behavior. That belief, in turn, could make Iran more willing to engage in risky or confrontational actions, calculating that the long-term costs are manageable.

The final—and perhaps most troubling—lesson is the strengthening of the security state. Over the course of the war, Russia’s internal security services, particularly the FSB, have not weakened; they have grown more powerful. As I have argued previously in this column, the FSB now has a strong claim to being the most powerful and all-encompassing security service in the history of Russia, pre- and post-USSR. Compared against the Okhrana, the KGB, Cheka, and even Ivan the Terrible’s oprichniki, that is saying something.

But as the conflict dragged on, the Russian government systematically dismantled what remained of independent media, criminalized dissent, and expanded surveillance and repression. In many ways, the war accelerated a process that was already underway: the consolidation of a security-service-driven state.

History offers a grim parallel. By the end of World War II, organizations like the Gestapo and the SS had become central pillars of the Nazi regime, enforcing loyalty and eliminating opposition. Hitler used the failed Valkyrie plot (Colonel von Staufenberg and other senior Wehrmacht officers who planted a bomb at the Wolf’s Lair) to ruthlessly eliminate all dissent in the final year of the war. Could Iran’s regime similarly build on its already brutal suppression of dissent just before this conflict and then crack down even harder?

While the contexts are different, the underlying dynamic is similar: prolonged conflict can empower internal security institutions, making them the backbone of regime survival. In Russia today, the erosion of freedoms has been accompanied by the rise of a system in which dissent is nearly impossible. Many of the country’s brightest young minds left early in the war, and those who remain often operate under intense fear and constraint. Intellectual life is stifled, and opposition is either exiled, imprisoned, or silenced. Even when in prison, though, as in the case of Aleksey Navalny, that is not enough—the regime imposes the “highest measure” and continues to murder the opposition.

For Iran, this is a powerful example, one they have practiced well over the decades. The regime already relies heavily on its own security apparatus, including the Islamic Revolutionary Guard Corps and its many intelligence and security services/police. The Russian experience suggests that war—or even the sustained perception of external threat—can justify further expanding these institutions’ power. It creates a political environment in which repression is not only tolerated but framed as necessary for national survival. The result is a system with little to no space for dissent, where the regime becomes more stable precisely because it is more coercive.

Taken together, these lessons point to a sobering conclusion. Iran’s regime and its new leadership may see Russia’s war not as a warning but as a model: a demonstration that a determined authoritarian regime can innovate under pressure, endure economic punishment, and consolidate power internally even while engaged in a costly conflict. For Russia, they have been telling their people and their claimed allies, like Iran, that they are “fighting all of Europe.” And for Russia, they believe they are prevailing. For Iran, the lesson may be—we can win too.

For the United States, these challenge several core assumptions about deterrence and pressure. If regimes believe they can survive—and even strengthen themselves—through confrontation, then the tools Washington relies on may be less effective than hoped.

The war in Ukraine is not just a regional conflict; it is a global case study in how modern authoritarian states adapt to crises. The danger is not that Iran misreads Russia’s experience, but that it reads it correctly and that we in the West, possibly, have not. And if it does, the next phase of confrontation between Iran and the United States may unfold under conditions far less favorable to deterrence than policymakers expect.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Copy of Trump’s Cyber Strategy Is a Strong Playbook, but It’s All in the Execution

OPINION — The White House is making a significant effort toward putting the nation’s cyber house in order. A newly released National Cyber Strategy represents a big step in the right direction for U.S. national security policy — advocating for the aggressive defense of our national infrastructure.

While the strategy includes important goals for the administration — streamlining regulation, developing the cyber workforce, defending federal networks, and partnering with the private sector — how the administration proceeds will determine whether it achieves the goals the strategy outlines. Across the strategy’s six pillars, the administration needs to clarify its arguments, refine its implementation plans, and improve its articulation of the challenge we face.

Defending U.S. national interests in cyberspace requires understanding the threat to our national security. Despite the prioritizing efforts to shape adversary behavior in the first of the strategy’s six pillars, it falls short of identifying America’s most aggressive adversaries — Russia and China. Both countries have repeatedly targeted American critical infrastructure without a meaningful response from the United States. It fails to mention China’s operational preparation of the battlefield on U.S. soil through its Volt Typhoon campaign against national critical infrastructure or Russia’s targeting of networking devices. Shaping adversary behavior in cyberspace requires identifying who the adversary is.

Pillar One provides a strong, effective argument for developing the offensive cyber capabilities and operations which are critical to enable success in today’s warfare. This White House showed its willingness to use these cyber capabilities in both Venezuela and Iran. There is an ongoing debate as to whether private companies should be allowed more agency to “hack back” against attackers, and the administration is reportedly considering an expanded role for the private sector. While the government should work with the private sector to develop these offensive capabilities, this should be limited to tool building and network defense rather than the actual conduct of offensive operations. If private companies conduct offensive cyber operations, the government risks losing control over escalation in conflict.

Pillar Two prioritizes streamlined regulations. Data and cybersecurity regulations help ensure companies have safe and secure practices. The proliferation of cyberattacks, however, has caused an explosion of cyber-related regulations. The federal government should work with the private sector to ensure that these regulations are comprehensive without being an unnecessary burden on the private sector.

Pillar Three focuses on the important goal of securing federal networks and modernizing procurement. The strategy wisely mentions post-quantum cryptography, zero-trust architecture, and cloud transition. To account for this emerging technology, the government must refine procurement processes to enable continuous improvement of federal networks.

Pillar Four calls for building strong private-public collaboration to defend critical infrastructure. This is a noble goal, but most of former Secretary of Homeland Security Kristi Noem’s work over the past year contradicted this goal. She eviscerated the cyber defense agency’s workforce — reducing it by nearly 40 percent — and disrupted cybersecurity grant programs, weakening the agency’s efforts to support state and local governments and public utilities. She cancelled the Critical Infrastructure Partnership Advisory Council, effectively gutting the federal government’s authority to engage private companies collectively to advance cyber defense.

The Trump administration can reverse this disastrous trend and get the United States on the right track to cyber defense of critical infrastructure. Noem’s replacement should start by rejuvenating and resourcing the Cybersecurity and Infrastructure Security Agency (CISA).

Pillar Five prioritizes American superiority in critical and emerging technologies — a necessary priority for ensuring U.S. success in cyberspace. Executing this strategy requires investment in the research centers that are the driving force for consistent improvement and development of critical and emerging technologies.

A key element of the new cyber strategy is in Pillar Six — its continued commitment to building America’s capability to develop talent in cyberspace. Without a strong cyber workforce in the government, the military, and the private sector, the nation is at risk of falling behind. The administration can validate this pillar with continued support to programs like the CyberCorps: Scholarship for Service which provides scholarships for cyber-related degrees in exchange for government service after graduation.

Because of the administration’s workforce cuts and hiring freezes, the program has faced challenges in the past year with maintaining funding and placing participants. The administration should support and expand funding for the program and prioritize hiring for participants. President Donald Trump should also establish a new military service for cyber, a U.S. Cyber Force, which would create a better mechanism for generating a military cyber workforce sufficient in size and skill to fulfill America’s strategic goals.

Trump would be wise to put the plan into action through additional executive orders (EOs) to implement the stated goals — presidentially signed orders task the federal agencies with discrete deliverables while White House strategic documents lack enforcing power. These EOs should prioritize support for CISA, cyber workforce development, and an organizational construct for taking aggressive action against U.S. adversaries. Taking the “ends” of the strategy and equipping them with “ways” and “means” via EOs will enable continued American superiority in cyberspace.

The six “Pillars of Action” in the new strategy have the potential to guide the United States toward success in cyberspace. That success will depend on whether the administration takes the necessary action to back up the sound rhetoric.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Avoiding Another 9/11: 3 Key Reasons to Reauthorize Section 702

Editor's Note: Section 702 of the Foreign Intelligence Surveillance Act was originally enacted as a post 9/11surveillance program that allows the government to collect electronic communications of foreign nationals located outside the United States without needing a warrant for each target. Supporters have called it 'indispensable' and critics worry about its potential use to surveil Americans. Section 702 is up for Congressional reauthorization this month.

The Cipher Brief asked General Paul Nakasone (Ret.), former director of the National Security Agency and former Commander of U.S. Cyber Command for his take on reauthorization and why it matters to future U.S. national security.

EXPERT PERSPECTIVE – I strongly support the clean reauthorization of Section 702 of the Foreign Intelligence Surveillance Act. Allowing this critical authority to lapse would put our nation at unnecessary risk.

This view is informed not only by my experience leading U.S. Cyber Command and the National Security Agency, but also by the lessons of September 11th—a day I remember vividly from the Pentagon. Our intelligence community was surprised on 9-11, and the consequences were devastating. We cannot afford to repeat that failure.

Section 702 should be cleanly reauthorized for three key reasons:

First, it is a carefully designed authority that balances national security with civil liberties. It is limited to surveillance of foreigners abroad, and it operates under oversight from all three branches of government, with established mechanisms to identify and address misuse. There is no other statutory authority that gives our nation the equivalent information vital to our national security.

Second, it enables targeted—not bulk—collection. Contrary to common misconceptions, Section 702 is not a mass surveillance tool. It is a precise capability that helps us discover, and if necessary, prevent threats like Iranian sponsored attacks in the homeland, Chinese cyber thefts, and Russian espionage.

Finally, we face an increasingly complex and dangerous global environment. Letting this authority lapse risks creating intelligence gaps at the worst possible time. Maintaining an effective and bounded tool like Section 702 helps prevent overreactions in a crisis—when emergency measures might be broader and less protective of civil liberties.

For nearly six years, I relied daily on Section 702 to identify terrorist threats, protect our servicemen abroad, foil cyber intrusions, and prevent attacks against our homeland. It was, and remains, indispensable to our safety and security, while also upholding our values. A clean reauthorization of Section 702 is essential to both ensuring our national security and the protection of our civil liberties.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

The Navy is changing the way it does business and its still pretty pricey

OPINION -- "After a rigorous, data-driven analysis, we've made the tough but necessary decision to inactivate the USS Boise. This strategic move allows us to reallocate America’s highly-skilled workforce to our highest priorities: delivering new Virginia [attack] and Columbia [strategic ballistic missile] - class submarines and improving the readiness of the current fleet. We owe it to our Sailors and the nation to make these tough calls to build a more capable and ready Navy.”

That was a statement by Chief of Naval Operations Adm. Daryl Caudle as part of a U.S. Navy press release distributed last Friday that announced the decision to inactivate the Los Angeles-class attack submarine USS Boise (SSN 764).

Friday’s press release also said, “The move is part of the Navy’s broader, data-driven initiative to optimize the fleet's composition, ensuring that every dollar is invested in capabilities that directly contribute to maintaining a decisive war-fighting advantage…The Navy is changing the way it does business, and part of that shift is ensuring all authorized funding directly contributes to readiness and our ability to defeat future threats.”

I quote that Navy press release because the USS Boise represents what must be considered an extreme case of military service over-spending.

According to Defense News, “The Navy had originally planned for Boise to begin its overhaul in 2013, but the timetable was repeatedly delayed, primarily due to a lack of shipyard availability.” As a result, the submarine has not been to sea since its last cruise in January 2015 and formally lost its dive certification nine years ago.

Meanwhile, contracts were awarded for its overhaul beginning with one for $59.8 million on October 16, 2017 to Huntington Ingalls Inc. - Newport News Shipbuilding, for planning and execution of Engineered Overhaul of the Boise. Work was expected to start in January 2019 and be completed by February 2021.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

In February 2020, Huntington-Ingalls was awarded a $15 million modification to the previously-awarded contract and in September 2020 Huntington-Ingalls was awarded another modification, this time a $351.8 million cost-plus-fixed-fee contract, for continued advanced planning and modernization to prepare the USS Boise for its overhaul, which was to begin in dry dock.

Finally, despite the earlier delays, in February 2024, Huntington Ingalls Inc. was awarded a $1.17 billion cost-plus-incentive-fee modification to the previously awarded contract for completion of USS Boise (SSN 764) engineered overhaul. However, only $36 million was to be made available at the time of award. This time, the overhaul was to be completed by September 2029.

Last Friday, Navy Secretary John Phelan told Fox News that the Boise overhaul had already cost $800 million and would require another $1.9 billion to finish repairs. "At some point, you just cut your losses and move on," Phelan said.

I wondered whether the Boise case is that unique, particularly because the Navy’s new fiscal 2027 budget request sent to Congress last week contains a record $65.8 billion in shipbuilding funding for 18 battle force ships and 16 non-battle force ships.

Looking at Pentagon contracts last Thursday, I came across a Navy award of a $33.5 million firm-fixed-price contract to BAE Systems, Maritime Solutions San Diego, “for maintenance, modernization and repair of USS Augusta (LCS 34) Fiscal 2026 Docking Selected Restricted Availability.” The work will be performed in San Diego and is expected to be completed by August 2027, according to the Navy.

A Docking Selected Restricted Availability is essentially a major scheduled shipyard overhaul. The ship is placed in dry dock so crews can inspect and repair parts of the hull and propulsion systems that are normally below the waterline, while also updating onboard equipment and carrying out checks that cannot be done at sea.

The USS Augusta is the 17th Independence-class U.S. Navy Littoral Combat Ship (LCS), a controversial group of vessels that has suffered numerous issues from hull fatigue cracks limiting their design top speed and other issues that have made them unable to carry out the roles they were built to fill.

The Augusta was delivered to the Navy in May 2023 and commissioned in September 2023. Based on user reports and social media messages, the Augusta has had mechanical and sanitary challenges since arriving at Naval Base San Diego in late 2023. The reported issues have included engine startup failures that delayed pier movements and severe plumbing issues.

In November 2025, little more than two years after the Augusta was commissioned, the Naval Sea Systems Command put out a solicitation requiring “a combination of maintenance, modernization, and repair, and…a highly capable contractor with substantial facilities, to include capable pier (for the applicable ship class) as well as human resources capable of completing, coordinating, and integrating multiple areas of ship maintenance, repair and modernization.”

So, after three years of minimal service at sea, the Augusta LCS, which cost over $500 million to build and will spend the next year being repaired and modernized for at least another $30 million-plus.

Having reviewed the story of the Augusta, I then looked into the history of the LCS program

and found another cautionary Navy shipbuilding tale worth telling given that in fiscal 2027 the Pentagon is about to embark on establishing what the Office of Management and Budget calls in budget documents “President Trump’s Golden Fleet, including initial funding for the Trump-class battleship and next generation frigates, as well as increasing the capacity of public shipyards and improving overall ship production.”

Initiated in February 2002, the Navy held a major, multi-year competition for the LCS program that involved two distinct designs -- Lockheed Martin’s steel monohull (Freedom class) and Austal USA/General Dynamics’ (Independence class) with an aluminum trimaran hull, meaning a slender main hull flanked by two smaller outrigger hulls to provide superior stability, speed, and efficiency compared to monohulls.

In November 2010, the Navy asked that Congress approve ten each of the Independence and Freedom classes as part of a plan to build two LCS variants totaling 52 modular ships. The separate modules for the LCS included anti-submarine warfare, mine countermeasures, surface warfare and special warfare missions.

The two different designs meant the ships could not trade parts or sailors, making them more expensive to maintain and crew. Costs also grew because of development delays and testing failures thanks to a combination of new concepts and systems. Originally to be priced at $220 million per LCS unit, costs for the first ships rose to $700 million, later dropping to around $500 million.

In December 2015, Defense Secretary Ash Carter ordered the Navy to reduce the number of LCS to be built from 52 to 40, and ordered the service to down-select to one version by fiscal year 2019.

In 2021, the Navy decommissioned LCS-2, the USS Independence, after only 11 years in what was to be 25 years in service. It was part of a Navy plan to decommission the first four LCS vessels due to high operating costs and structural issues. Instead, by 2023, six additional LCS ships were decommissioned.

Three other LCS were scheduled to be taken out of service but have since been kept as test beds for Navy robotic autonomous systems and other purposes.

There is a reported $1 billion in the Navy’s fiscal 2027 budget request for President Trump’s proposed 35,000-ton guided missile battleship that would house rail-guns, hypersonic missiles, nuclear cruise missiles, lasers, and a large Vertical Launch System battery.

Trump said last December “we’re starting with the first two immediately,” but based on the Navy’s record of developing and building warships, I don’t expect this questionable vessel to appear any time soon.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

The Case for Reauthorizing Section 702

Editor's Note: Section 702 of the Foreign Intelligence Surveillance Act was originally enacted as a post 9/11surveillance program that allows the government to collect electronic communications of foreign nationals located outside the United States without needing a warrant for each target. Supporters have called it 'indispensable' and critics worry about its potential use to surveil Americans. Section 702 is up for Congressional reauthorization this month.

The Cipher Brief asked Rob Joyce, a 34-year NSA veteran, who most recently served as Director of Cybersecurity at the NSA for his take on reauthorization and why it matters to future U.S. national security. Joyce is also a principal member of The Cyber Initiatives Group.

EXPERT PERSPECTIVE -- Section 702 of the Foreign Intelligence Surveillance Act is one of the most vital tools we have for protecting the nation. It underpins our ability to disrupt cyberattacks against critical infrastructure, track terrorist plots before they reach our shores, counter hostile nation-state activity, and understand the intentions of adversaries ranging from Beijing to Tehran to Pyongyang.

Let's be clear about what 702 is and what it isn't. It is a targeted authority aimed at specific foreign persons located overseas who possess foreign intelligence value. It is not bulk collection, not a dragnet, and not a tool pointed at Americans. The intelligence it generates shows up in the President's Daily Brief, in warnings to network defenders, and in the disruption of threats the public never hears about precisely because 702 worked.

The current headwinds around reauthorization are largely driven by concerns about the government's purchase of commercially available data. Those concerns are legitimate and deserve serious attention, but they are a separate issue from 702. Commercial data acquisition should be examined on its own merits, and Congress should write the law and policy that addresses it directly. Conflating the two risks letting a proven, lawful authority lapse over a distraction.

Section 702 is already subject to unprecedented oversight from all three branches of government: it operates under rules approved by the Foreign Intelligence Surveillance Court, which has steadily tightened query procedures and compliance requirements, and it is audited repeatedly by inspectors general, congressional intelligence committees, the Privacy and Civil Liberties Oversight Board, and the Department of Justice.

No comparable intelligence authority anywhere in the world carries this much scrutiny.

Let's get this done. The threats are not pausing while we debate, and an expired 702 means blind spots our adversaries will exploit immediately. Reauthorize it, address commercial data separately, and keep the tool that keeps Americans safe.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Is the U.S. lagging when it comes to drone warfare superiority?

When Iranian Shahed drones began tearing through the Gulf in the opening hours of Operation Epic Fury on February 28, killing American service members and overwhelming allied air defenses, Washington faced an uncomfortable revelation. The most powerful military in the world was flying into its first major drone war, having studied the problem primarily from afar, and had recently dismissed an offer from the one country that had been living in it for four years.

Nearly seven months before the bombing of Iran began, Ukrainian officials had offered the United States their battle-tested technology for downing Iranian-made attack drones. The Trump administration passed. American officials now describe that decision as one of the costliest tactical mistakes of the war. They prepared a detailed presentation displaying a map of the Middle East with a stark warning: Iran is improving its Shahed one-way-attack drone design.

The Trump administration dismissed the offer, then reversed course after Iranian drones began killing Americans.

The cost was measured almost immediately in blood and treasure. In the first two days of the war alone, the U.S. burned through a reported $5.6 billion in munitions. The Pentagon fired more than 850 Tomahawk missiles in five weeks of Operation Epic Fury alone — roughly a quarter of the total United States inventory, according to analysts at the Center for Strategic and International Studies, at a cost of approximately $3 billion, given a unit price of up to $3.6 million per missile.

Washington initially ordered 350 Tomahawks for 2026, which it has since increased to more than 1,000 annually under new framework agreements with Raytheon. However, timelines for achieving that rate remain unclear, and the U.S. has already expended more than 850 Tomahawks in the first five weeks of the campaign alone.

The economics were brutal from the start: shooting down $20,000 drones with multimillion-dollar interceptors is unsustainable against a comparatively modest adversary like Iran and becomes completely unthinkable in a scenario involving China or Russia.

The new drone powers — and America’s place among them

Low-cost, mass-produced drone warfare is reshaping every modern battlefield — and America is not leading it. Iran, Russia, and Ukraine have each shown they can turn out drones by the tens of thousands annually, in some cases pushing toward millions. The United States has not come close.

Iran’s Shahed-136 loitering munition, costing between $20,000 and $50,000 per unit, has become one of the defining weapons of the 21st-century battlefield. Iran supplied the design to Russia, which built its own production ecosystem. Russia’s domestically produced variant has since taken on a life of its own — navigation systems upgraded, warhead capacity expanded, and by early 2026, Starlink connectivity folded in. Moscow has set a production target of up to 1,000 Geran-2 drones per day.

Ukraine, forced into innovation by necessity, became the world’s most experienced practitioner of both drone attack and drone defense. More than 160 drone manufacturers operating in Ukraine have pledged to deliver 8 million first-person-view drones in 2026 alone. Over 80 percent of Russian battlefield casualties are now inflicted by Ukrainian drones, while a drone-dominated kill zone stretching roughly ten miles either side of the front lines makes any major offensive operation extraordinarily hazardous.

America went into the Iran war with its own version of the Shahed — a drone called LUCAS, built by Arizona startup SpektreWorks from a reverse-engineered Iranian airframe, priced at $35,000 a unit. It saw its first confirmed combat use on February 28. Full-rate production, however, had not yet begun.

The strategic irony was not lost on analysts: America struck Iran using a weapon derived almost entirely from Iran’s own signature strike platform.

Kate Bondar, a fellow at the Center for Strategic and International Studies, tells The Cipher Brief the gap, however, runs deeper than raw production numbers.

“The gap is very real, especially in the category that matters most in modern attritional warfare: cheap, expendable, and rapidly replaceable systems,” she said, noting that to truly integrate first-person-view drones into operations, “volumes need to reach into the millions.”

Current U.S. plans for roughly 300,000 small drones by 2027 are a step forward, Bondar observed, but “still fall short of what this kind of warfare demands.”

The Ukrainian classroom

While Washington spent years deliberating over acquisition timelines, Kyiv was building the most combat-tested drone force on earth. Ukraine’s intercept rate against Shahed-class drones now approaches 90 percent — and Kyiv is aiming for 95.

Russia has launched nearly 57,000 Shahed-type drones at Ukrainian cities across four years of war. The low-cost defensive solutions Ukraine developed, however, were never replicated across Gulf nations or by the American military in the region. When Iran’s drones began arriving in mass, the United States was left improvising.

One Ukrainian drone specialist, speaking to The Cipher Brief at the Ground War symposium in Washington, explained that only three countries on the planet can fight with drones efficiently — Iran, Russia, and Ukraine.

“Americans have helped to produce these interceptors, but they don’t have the experience of applying them,” the military specialist, identified only as Yuri, noted. “Only those engaged directly in warfare, like Ukraine, have the understanding and intuition of how to apply new technology. And it’s changing every single day.”

Yuri, who came to the Ukrainian military with a background in IT and cybersecurity, described a feedback loop that American procurement culture has never had to replicate.

“The best way is close communication between manufacturers and the military,” he continued. “After using different types of drones or technologies, they need to provide fast feedback to manufacturers. These cycles of upgrades need to take a very short time. That’s why our drones are always up to date.”

Ukraine has now deployed 228 counter-drone specialists across five regional partners — Jordan, Qatar, the United Arab Emirates, Saudi Arabia, and Kuwait. Ukrainian specialists have also been dispatched to protect American military bases in Jordan, with Zelensky confirming that more than ten countries had requested Kyiv’s assistance. Trump initially rebuffed the offer.

“We don’t need their help in drone defense,” he told Fox News. “We know more about drones than anybody. We have the best drones in the world, actually.”

Days later, Washington reversed course.

Catching up — at war speed

To its credit, the Pentagon has moved with unusual urgency since the gap became undeniable. Travis Metz, the Pentagon’s drone dominance program manager, told senators that the Defense Department has committed $1.1 billion to buy drone systems over the next 18 months, including 30,000 small, one-way attack drones to be delivered to military units over the next five months. The broader Drone Dominance Program aims to acquire more than 300,000 low-cost drones by 2027, with the FY2026 defense budget allocating $13.4 billion for autonomous military systems.

Bondar, however, warns that ambition and production are different things.

“Success in this space depends on constant iteration,” she pointed out. “Russia has introduced dozens of modifications to Shahed systems and their employment over time. The United States moved too slowly for too long, and is still not operating at the scale or speed required.”

Lt. Col. Jahara Matisek, a non-resident research fellow at the U.S. Naval War College, tells The Cipher Brief the deeper problem is organizational.

“Russia and Iran treat drones as a consumable and design their whole kill chain around adaptation and attrition,” he said. “The U.S. spent too long with a boutique mindset: exquisite platforms, slow procurement, and drones as ISR accessories.”

In Ukraine, drone warfare doctrine doesn’t update on a doctrinal cycle; it updates on a survival cycle.

“Every three to four months, a new jamming technique or counter-drone tactic forces units to rewrite how they fight,” Matisek explained. “Squad leaders brief new engagement protocols after a single bad day.” In the U.S., doctrinal updates take years.

The China dimension makes all of this even more urgent. Matisek points out that a war in the Indo-Pacific would be a drone-and-missile volume fight at a scale that dwarfs anything seen in the Gulf, with China holding dominant positions across the upstream supply chain — batteries, optical systems and rare earth minerals.

Ukraine has worked hard to wean itself off Chinese drone components — the share dropped from roughly 97 percent at the start of the war to an estimated 38 percent by 2025, per the Ukrainian Council of Defense Industry and the Snake Island Institute. But Chinese supply chains still run through both sides of this conflict.

The United States faces the same dependency at precisely the moment it is trying to scale up: China controls an estimated 90 percent of the global commercial drone market and dominates production of the batteries, motors, cameras, and flight controllers that underpin virtually every small drone system in use today.

“What I think is most worrying,” Matisek continues, “is that the U.S. military in four weeks of the Iran war has basically spent four to five days’ worth of precision-guided munitions that it would need in a war with China. If a war with China broke out next month, the U.S. would only have enough PGMs for three days of fighting, at most.”

The model for getting this right already exists in American history. During World War II, eleven factories built the M4 Sherman tank using standardized engineering documentation, producing nearly 50,000 units between 1942 and 1946. The question now is whether, a generation into the drone age, the United States can do it fast enough.

“What matters now,” Bondar adds, “is whether these initiatives produce not just inventory, but a repeatable ecosystem: rapid procurement, operator training, software iteration, battle damage feedback, and industrial learning loops.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Strategic Realignment: Iran, China, and the Great Power Contest

OPINION — The conflict in Iran is not solely the result of 47 years of unresolved tension. That framing misses a more consequential story: what is unfolding is a significant disruption to China's grand strategy, with consequences reverberating far beyond Tehran.

The Islamic Republic’s hostility toward the United States was foundational, defined by explicit opposition to American influence since 1979. While successive American administrations managed this threat through containment, the strategic calculus has shifted due to changes in the threat itself. While Iran’s nuclear ambitions have received the most attention, the deepening military and economic relationship between Tehran and Beijing was quietly transforming Iran’s conventional capabilities and changing the strategic math for every actor in the region.

The China-Iran Military Nexus

China’s 25 year Comprehensive Strategic Partnership with Iran, signed in 2021, outlined up to $400 billion in Chinese investment in exchange for discounted oil and expanded military cooperation. Intelligence assessments grew focused on the potential transfer of two specific categories of advanced Chinese weapons systems:

- Hypersonic Anti-Ship Missiles: China has deployed some of the most capable anti-ship weapons in the world. A transfer of this capability to Iran could fundamentally alter the threat environment in the Persian Gulf and the Strait of Hormuz, threatening U.S. carrier strike groups and commercial shipping.

- Advanced Air Defense: Iran sought Chinese surface to air missile systems more capable than its existing Russian S-300 variants. These systems would have significantly complicated any future military operation against Iranian nuclear or military infrastructure.

Taken together, a nuclear threshold Iran equipped with Chinese hypersonic missiles and advanced air defenses represented a qualitatively different threat than the one managed for the past four decades.

Disruption of the Belt and Road

Beyond arms transfers, Iran occupies a central role in China’s broader geopolitical architecture. The Belt and Road Initiative and the International North-South Transport Corridor (INSTC) both run through Iranian territory. These commercial projects seek to connect Chinese manufacturing to European markets and Gulf energy without transiting Western controlled maritime chokepoints.

China has a specific vulnerability at the Strait of Malacca, where it is susceptible to a naval blockade; Beijing hoped to address this through Iranian geography. That project is now severely disrupted. Furthermore, the sinking of the IRIS Dena in the Indian Ocean sends a message that the U.S. Navy can project dominance across all oceans.

Beijing’s Strategic Calculation

China’s response to the strikes on Iran has followed a formula of measured condemnation and calls for restraint. Notably, Beijing has not acted; it evacuated its citizens with efficiency but offered no meaningful military or material support to Tehran. This appears to be a deliberate calculation. Beijing prizes its commercial relationship with Washington and its perception as a responsible great power, recognizing that active intervention would trigger consequences it is not prepared to absorb.

The exposure of this gap may benefit America for years. Nations across the Global South may conclude that China offers investment but not insurance in times of conflict. The Iranian conflict has thus disrupted Chinese interests across multiple dimensions: energy diversification, logistics architecture, INSTC investment, and its credibility as a security partner.

The Path Ahead

The road ahead remains complicated. If the clerics retain power, Iran may continue to deploy asymmetric retaliation across the region. While the U.S. and its allies are addressing these uncertainties through overwhelming targeting of command infrastructure and leadership, there is a risk that additional damage to Gulf civilian infrastructure could drive those nations to embrace closer ties to China.

To avoid this, the U.S. must achieve regime change in Tehran. Even if achieved, the military phase will give way to a longer contest to shape the post conflict order and determine if China’s Eurasian architecture is permanently disrupted. This competition will be decided in port cities, pipeline corridors, and trade agreements. America must offer a coherent and attractive alternative to Beijing’s model: investment, security partnerships with genuine mutual obligations, and frameworks that serve the interests of participating nations.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why Australia Needs a National Spy Museum

OPINION — Australia is entering one of the most complex and psychologically destabilizing security periods in its modern history. The ASIO Director‑General’s Annual Threat Assessment 2025 underscored a strategic environment defined by accelerating foreign interference, sharper geopolitical competition, and a domestic threat landscape that is more fragmented, more digitally enabled, and more unpredictable than at any point in the past decade.

2025’s assessment was notable for its future‑focused framing: a warning that Australia is not simply managing discrete threats, but navigating a structural shift in the security climate itself. ASIO’s futures work, which is normally classified, outlined a trajectory to 2030 marked by intensifying espionage activity, the mainstreaming of conspiracy‑driven extremism, and a rising cohort of younger Australians vulnerable to radicalisation.

Burgess said: Many of the foundations that have underpinned Australia’s security, prosperity and democracy are being tested: social cohesion is eroding, trust in institutions is declining, intolerance is growing, even truth itself is being undermined by conspiracy, mis- and disinformation. Similar trends are playing out across the Western world. (ASIO)

Against this backdrop, the Bondi attack (on 14 December 2025, during a Hanukkah event at Bondi Beach, where two gunmen opened fire on the crowd) and the consequential Royal Commission on Anti-Semitism and Social Cohesion, have become national inflection points. While the Commission will rightly focus on operational lessons, interagency coordination, and systemic gaps, its broader significance lies in how it has shaken public confidence. Australians are now grappling with the uncomfortable reality that threats can emerge rapidly, across domains, and exploit seams between federal, state, and community‑level preparedness.

Furthermore, recent events in Iran as well as the intensification of others conflicts abroad underscore the importance of strong foreign intelligence agencies to provide governments with accurate information to guide policy and reduce the risk of miscalculation or misunderstanding. Informed decision‑making becomes essential to managing both international and domestic consequences.

This is precisely why the establishment of the National Spy Museum Australia (NSMA) is not a cultural luxury - it is a strategic necessity.

For decades, Australia’s intelligence and national‑security community has operated behind a veil of necessary secrecy. Yet the 2025 threat assessment makes clear that the most significant vulnerabilities now sit at the intersection of public behavior, digital ecosystems, and foreign manipulation. Espionage and interference no longer target only government; they target communities, universities, businesses, and individuals.

A population that does not understand how intelligence works - or why it matters - is a population more easily exploited.

The NSMA addresses this gap directly. By telling Australia’s intelligence story with accuracy, dignity, and national purpose, it provides something the country urgently needs: a civic literacy uplift in how modern threats operate and how national security is actually maintained.

Museums are not typically thought of as instruments of national resilience. But globally, intelligence museums from Washington to Berlin have become powerful soft‑power platforms. They demystify the work of intelligence agencies, build public trust, and attract the next generation of intelligence professionals, including technologists, analysts and linguists.

For Australia, the timing is critical. The Bondi Royal Commission will inevitably expose gaps - some operational, some cultural, some structural. The NSMA offers a parallel national building project: one that strengthens public understanding, honors quiet service, and reinforces the legitimacy of the intelligence mission at a moment when trust is both fragile and essential.

Australia is facing significant changes in the security climate ,which Burgess described as a long‑term shift rather than a passing storm. In such an environment, national resilience is not built solely through classified capabilities. It is built through public comprehension, societal cohesion, and a shared understanding of the threats we face.

The National Spy Museum Australia is, at its core, a nation‑building institution. It anchors Australia’s intelligence story in the public domain at the exact moment the country needs clarity, confidence, and connection to the people who protect it.

In a decade defined by uncertainty, the NSMA offers something rare: a strategic investment in public understanding - one that strengthens Australia’s security from the inside out.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

America’s AI Strategy Is Fighting the Last War

OPINION — Washington’s strategy for artificial general intelligence (AGI), or the ability to replace human cognitive labor, assumes the United States is locked in a decisive race with Beijing—one requiring maximum acceleration and denial of Beijing’s access to semiconductor chips and technology. This approach, as captured in the White House’s AI Action Plan from last year, echoes the race in the 1940s to build the atomic bomb and during the Cold War to dominate space. It risks refighting the Cold War, which is ill-equipped for a technology-based struggle. This posture misdiagnoses the nature of the AI competition and risks degrading, rather than strengthening, America’s long-term strategic position. It also has a sizable blind spot: dealing with an inevitable dislocation in the global workforce.

Presidents Trump and Xi have an opportunity to reset the terms of this competition over AI when they meet next month.

The current U.S. AI strategy amounts to a wartime footing defined by denial and containment of competitor capabilities, hundreds of billions in capital expenditure in AI capabilities, and expansive export controls of diminishing effectiveness. But AI is not a binary capability—either you have it or you don’t. It is a continuous, evolutionary technology with no single threshold that confers decisive, let alone permanent advantage. Our national workforce policies have remained remarkably stable so far, though AI is but one of many emerging technologies that may upend the global economy for which the U.S. is well positioned.

The international AGI ecosystem is rapidly evolving with many competitors entering, replicating others’ advances, and exiting to pursue niche applications. It was once assumed the U.S. held a year-plus advantage over China in frontier AI models. That gap has dwindled to 2-3 months, despite stringent export controls. Even if these controls have slowed China’s training on new frontier models, they have not dampened China’s advantages in AI deployment and diffusion. China’s AI influence on the global stage has only grown, aided by increasingly capable models, dramatically cheaper end-user pricing, and leverage of the global open-source developer community.

The economic advantage from AI does not stem from being first to develop frontier models, but from being first to diffuse capabilities across industries and scale across the economy. China rarely competes on frontier quality (it prefers being “good enough”), but on quantity, price, time to market, and speed to dominate supply chains. In this race, China is likely outpacing us. ByteDance’s Doubao chatbot exceeded 100 million daily active users. Alibaba’s Qwen models have surpassed 700 million downloads globally, spawning 180,000+ derivative models. Chinese open-source models are fast becoming the de facto platform for sovereign AI efforts across the Global South and startup companies globally (even in the U.S.).

China leads in 66 of 74 critical technologies tracked by the Australian Strategic Policy Institute, accounts for 54% of global industrial robot installations (International Federation of Robotics, 2024), produces about half of the world’s AI researchers, and builds more new electricity capacity annually than the rest of the world combined. These are the foundations of AI deployment at scale; denying chips won’t offset these structural advantages.

Washington often perceives the Chinese AI effort as a state-directed monolith. The reality is a fiercely competitive and innovative commercial ecosystem with creative business models. ByteDance’s Doubao is a closed-source consumer product fighting for domestic market share. Zhipu AI generates over 60% of revenue from enterprise deployment services. MiniMax earns roughly 70% of revenue from international API sales. Alibaba open-sourced Qwen to drive cloud adoption; DeepSeek did so to attract research talent. Framing this diverse, commercially motivated ecosystem as a centrally planned strategic threat produces policy responses that are either too blunt—restricting all Chinese AI—or too narrow, focused on chip exports while ignoring the deployment gap (how models are trained and used in practice).

The U.S. is now chasing artificial “superintelligence” (ASI) in pursuit of permanent dominance, relying on chaotic and unsustainable private investment. Meanwhile, China is building the industrial AI infrastructure with a consistent regulatory approach that will shape how roughly 150 countries deploy this technology for decades.

The consequences of this mismatch are profound. U.S. technology firms have committed over $500 billion annually in AI capital expenditures for 2025–2027, while job openings in the U.S. have declined sharply. Data from the World Bank indicate 60% of the U.S. workforce is at risk of being displaced due to AI without a compensatory social safety net.

The impact in the defense sector is similar. Proponents of the current posture often argue that if China gets AGI first, they’ll weaponize it. But the US military does not need the latest or the best frontier model. It needs models that are fit to task—certified, tested, and integrated into operational systems.

The decisive military advantage may lie less in which country trains the most capable model than in who can field AI-enabled systems fastest across its force. By that metric, the current U.S. acquisition system is at a structural disadvantage. The U.S. military’s vendor and model certification process can take over a year. The Chinese government reviews AI models even before their public releases to streamline their deployment.

AI does pose genuine security risks. AI-enabled cyber weapons, the proliferation of autonomous weapons, and malicious use of AI by bad actors all pose significant hazards. But these threats are best addressed through narrowly scoped controls and shared intelligence with key allies (Australia, Japan, the European Union, and South Korea) to provide safety standards and semiconductor supply chain resilience. This strategy should address misuse of AI by malicious actors, potential instability from mass displacement of workers, undue market concentration. and inadvertent military escalation. Washington should take a posture of allied industrial policy for AI diffusion, targeted safety agreements with enforcement mechanisms, and serious domestic investment in workforce transition. The precedent to replicate is not the Manhattan Project that sought first deployment of nuclear weapons, but Cold War arms control agreements that stabilized relations with the Soviets and allowed the U.S. economy to boom.

Additionally, we must enable a soft landing for the looming workforce displaced by AI. We should be creating workforce legislation modeled on the post-WWII GI Bill and educational, housing, and living assistance programs to help the economy adapt. We should be building with likeminded global partners an architecture that nurtures international AI standards, polices compliance, and provides guardrails for open-source AI capabilities for civil applications.

If Washington continues fighting the last war as AI’s promise matures, it may win battles over benchmarks and chips ,but lose the campaign that actually matters—safely diffusing AI to remake the global economy for the next century. Rethinking the parameters of today’s competition is the first step to ensuring AI strengthens rather than erodes American security and prosperity.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Back to top