OPINION — The global terrorism landscape in 2026 — the 25th anniversary year of the 9/11 terrorism attacks — is more uncertain, hybridized, and combustible than at any point since 9/11. Framing a sound U.S. counterterrorism strategy — especially in the second year of a Trump administration — will require more than isolated strikes against ISIS in Nigeria, punitive counterterrorism operations in Syria, or a tougher rhetorical posture.
A Trump administration counterterrorism strategy will require legitimacy: the domestic, international, and legal credibility that leverages a wide-range of counterterrorism tools, while engendering international counterterrorism cooperation. Without legitimacy, even tactically successful counterterrorism operations risk becoming illusory, politicized, and ultimately self-defeating.
The terrorist threat landscape
Extremist violence no longer conforms to clean ideological lines. Terrorist objectives and drivers are muddled in ways that are hard to understand — but evolving. There’s little ideological purity with those radicalizing in today’s extremist milieu.
At the same time, state-directed intelligence officers increasingly behave like terrorists. Russian intelligence-linked sabotage plots blur the line between terrorism and hybrid warfare. Islamic Revolutionary Guard Corps officers provide hands-on training to Lebanese Hizballah commanders. Addressing these kinds of risks requires legitimacy, too, especially among allies whose intelligence cooperation, legal authorities, and public support are indispensable.
Nowhere is this threat picture more tenuous than in the Middle East. Hamas’s October 7, 2023, attacks triggered a profound rebalancing of power in the region. Yet, Syria remains unfinished business. Power vacuums there invite foreign jihadists, threaten Israel's border communities, and create future opportunities for Iranian influence to rebound.
A modest but persistent U.S. presence in Syria with a friendly Ahmed al-Sharaa-led government remains a strategic hedge against an Islamic State resurgence, and is a strong signal of U.S. commitment that helps sustain partner confidence. The U.S. counterterrorism presence and alignment with al-Sharaa is not without its risks, though: in December, three Americans were killed by a lone ISIS gunman in central Syria. The country is, and will continue to be, plagued by sectarianism and terrorism, which means that restoring control over a deeply fractured Syria remains fraught.
Taken together, the current transnational terrorism threat landscape is volatile and difficult to predict, a challenge compounded by resource constraints. In such an environment, legitimacy becomes a force multiplier. A belief that America is a ‘force for good’, credible messaging, and confidence that U.S. government action is perceived as just, can go a long way.
This is not an abstract concern. Terrorism today thrives in contested information environments, polarized societies, and fragile states. In short, transnational jihadist networks now coexist with domestic violent extremists, and online radicalization ecosystems that blur the line between terrorism, insurgency, and hybrid warfare. Terrorist propaganda continues to resonate with individuals in the West, especially younger generations who radicalize online. In this environment, legitimacy is no longer a secondary benefit of sound strategy—it is a core guiding principle.
The Trump administration's counterterrorism approach
We are looking for more clarity on the trajectory of Trump 2.0 counterterrorism efforts. It’s still, premature to consider a strategy that has yet to be formally articulated, as many in the counterterrorism community eagerly await its release. History offers a useful reminder. The first Trump administration did not publish its National Strategy for Counterterrorism until its second year. When it appeared in 2018, critics and supporters alike acknowledged that it reflected professional judgment rather than ideological excess. That document recognized terrorism’s evolution and called for strengthening counterterrorism partnerships within the U.S. government, but abroad as well, with a range of longstanding allies.
What gave that strategy durability was its legitimacy. Authorities were grounded in law, threat assessments were evidence-based, policies were stress-tested for faulty assumptions, and foreign partnerships were treated as strategic assets rather than transactional relationships.
When the Biden administration publicly released a set of redacted rules secretly issued by President Trump in 2017 for counterterrorism operations — such as “direct action” strikes and special operations raids outside conventional war zones — those guidelines explicitly acknowledged the power of legitimacy. Counterterrorism succeeds when allies trust the U.S., and the American public believes force is used proportionately and lawfully.
That legacy of trust matters now more than ever, given signals that a second Trump administration could overcorrect on its counterterrorism priorities by redirecting and focusing resources on far-left extremist groups such as the Turtle Island Liberation Front (TILF) or Antifa, while downplaying far-right extremism—or being distracted from the more dangerous terrorism threats from ISIS and other violent jihadists. As the world recently witnessed during the holidays, from Bondi Beach to Syria, ISIS remains a threat. Far-Left terrorism in the U.S. is on the rise, but far-right terrorism accounts for greater lethality than did the left. And still, after 25 years, it’s ISIS and al-Qa’ida that remain the most persistent and enduring transnational terrorism threat against U.S interests.
The Trump National Security Strategy
It’s concerning that the recently published National Security Strategy (NSS) only tepidly addresses transnational terrorism, but notably links terrorism with cross-border threats and hemispheric cooperation against things like “narco-terrorists,” blurring the traditional separation between transnational organized crime and terrorism.
Still, the Trump administration’s emphasis on drug cartels is justifiable, if it does not detract from broader counterterrorism objectives, such as the ISIS or hybridizing terrorist threats that continue to emerge. Commentators claim, however, that the Trump administration is already losing sight of the ISIS and al-Qa’ida threats, though settling that debate here is quixotic at best — only time will tell.
Besides jihadi threats, the U.S. does not need the unintended consequences and risks of triggering a cycle of cartel retaliation – or provoking greater far-left violence – down-the-line in the U.S. homeland.
Contrastingly, the 2017 National Security Strategy saw radical Islamist terrorism as one of the priority transnational threats that could undermine U.S. security and stability. The strategy highlighted groups such as ISIS and al-Qa’ida as continuing dangers, stressing that terrorists had taken control of parts of the Middle East and remained a threat globally.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
Addressing transnational terrorism during the first Trump administration required discipline and steadiness amid predictable frictions at the National Security Council (NSC) among policymakers who wanted a more rapid shift toward other priorities, such as great power competition. Still, terrorist labeling and designations, strategic messaging, and resource allocation for counterterrorism were grounded in evidence rather than politics.
So, overhyping some threats while minimizing others undermines legitimacy, invites backlash, and weakens the very moral authority needed to operationalize a cogent, thoughtful national security strategy. It also erodes trust between the government and the public and leads citizens to second-guess whether they are being told the truth or being led astray. The 2017 NSS carried weight precisely because it was grounded in intelligence, not politics. Moreover, the NSS helped frame the counterterrorism strategy that followed and proved highly effective in keeping Americans safe.
Drawing lessons from the 2018 National Strategy for Counterterrorism
The 2018 National Strategy for Counterterrorism (NSCT) remains a useful foundation for the second Trump administration—not because the world is unchanged, but because it embraced balance. The strategy emphasized foreign partnerships, non-military tools, and targeted direct action when necessary. It recognized a central legitimacy principle: the United States cannot and should not fight every terrorist everywhere with American troops when capable counterterrorism partners can do so in their own backyards, with local consent, and a more granular understanding of the grievances that motivate these terrorist groups and their supporters.
And still, U.S. counterterrorism pressure through direct action remains a necessary tool to disrupt terrorism planning. It seems that the second Trump Administration is following the playbook of the first Trump administration in terms of aggressive counterterrorism kinetic strikes in places like Somalia, Yemen, and Iraq.
President Trump rescinded Biden-era limits on counterterrorism drone strikes, allowing the kind of flexible operational framework used for counterterrorism throughout the President’s first term. Thus far, in the aggressive counter-narcotic campaign in international waters off Venezuela, the standoff U.S. strikes resemble counterterrorism operations in Yemen and Somalia during the first Trump administration. Operationally, direct action remains an indispensable counterterrorism tool for disrupting terror groups overseas, and more U.S. direct action will likely be necessary in West Africa and the Sahel to keep jihadist groups operating there off balance, forcing them to devote more time and resources to operational security.
But pressure without legitimacy is counterproductive. What works against jihadist networks does not necessarily translate cleanly to drug cartels or transnational criminal gangs. So, policymakers must be circumspect that expanding the scope of counterterrorism authorities and terrorist designations to canvas drug cartels, risks the unintended consequences of triggering destabilizing cycles of violence in the future, and straining more traditional counterterrorism resources.
Coming full circle, in light of the U.S. capture of Nicolás Maduro for narcoterrorism-related offenses, the idea of legitimacy will be fiercely debated in the days and weeks ahead. If the Trump National Security Strategy is the roadmap for focusing on narcoterrorism in the Western Hemisphere, then the need for publishing a clarifying and rational U.S. counterterrorism strategy for the rest of the world takes on even greater sense of urgency.
Pushing a boulder uphill
Drawing on past counterterrorism lessons to find a comprehensive strategy—from the Bush administration’s wartime footing, through 8 years of Obama counterterrorism work, to President Trump’s "war on terror" — is a Sisyphean task. But, in the wake of over two decades of relentless overseas counterterrorism work, a few ideas have come into sharper focus:
After more than two decades of counterterrorism, loosening the Gordian knot of modern terrorism requires balance, far greater clarity, and consistent, predictable national leadership.
Above all, counterterrorism strategy requires legitimacy. Without it, counterterrorism becomes reactive and politicized. With it, a Trump 2.0 counterterrorism strategy can still be firm, flexible, and credible in a far more dangerous world.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
EXPERT PERSPECTIVE — Iran is experiencing its most consequential period of internal unrest in years. Nationwide demonstrations driven by economic collapse, social grievance, and political frustration have been met with force, mass arrests, and near-total information control. The scale and coordination of the response suggest a regime that feels threatened but not unmoored, confident in its ability to absorb pressure while preventing fragmentation.
This moment has reignited debate in Washington about escalation, leverage, and the possibility—explicit or implicit—of regime collapse. That debate is familiar. The United States has confronted similar moments before, most notably in Afghanistan and Iraq, where early assumptions about pressure, legitimacy, and endurance proved wrong.
This article is not an argument for restraint or intervention. It is a warning drawn from experience: without understanding how competition unfolds below the level of open conflict - the gray zone - pressure alone does not produce favorable outcomes. Iran today sits at the center of a problem the United States has repeatedly misunderstood - not the use of force, but what comes before and after it.
Afghanistan and Iraq: Where Strategy Slipped
In Afghanistan, the United States removed the Taliban from power quickly. In Iraq, Saddam Hussein’s regime collapsed even faster. In both cases, the decisive phase of the conflict ended early. What followed was the harder contest—one defined less by firepower and more by local power structures, informal authority, and external interference operating quietly and persistently.
In Afghanistan, as I witnessed firsthand, regional actors adapted faster than Washington. Iran, Pakistan, Russia, and later China treated the conflict as a long game. They invested in relationships, cultivated influence, and positioned themselves for the post-U.S. environment years before the withdrawal. The result was not an immediate defeat on the battlefield, but a strategic hollowing-out of the state.
Iraq followed a similar trajectory. Iranian-aligned militias embedded themselves within neighborhoods, religious institutions, and political parties. Over time, they became inseparable from the state itself. U.S. military dominance did not prevent this. In fact, it often obscured it, until the architecture of influence was already in place.
The lesson from both cases is straightforward: control of territory is temporary; control of networks endures.
Iran Is Not Afghanistan or Iraq — But the Pattern Rhymes
Iran today is often discussed as if pressure will produce rapid political change. That assumption ignores how power is organized inside the Islamic Republic.
Iran’s security model is deliberately social. The Basij is not simply a paramilitary force; it is embedded across society—universities, workplaces, neighborhoods, religious institutions. Its purpose is not only repression, but surveillance, mobilization, and ideological reinforcement. This structure was built to survive unrest, sanctions, and isolation.
Externally, Iran has exported the same logic. In Iraq, allied militias function simultaneously as armed actors, political movements, and social providers. In Afghanistan, Iran preserved influence across regime changes, maintaining access to key actors even after the fall of the Republic. These are not improvisations; they are the product of decades of learning.
It is worth remembering that Iran was not a spectator during the U.S. presence in Afghanistan and Iraq. It observed American methods up close—what worked, what failed, and where patience outperformed power. Tehran adapted accordingly.
Why Escalation Without Preparation Backfires
Moments of internal unrest often create pressure for external action. Yet Afghanistan and Iraq show that collapse—real or perceived—creates its own risks.
Removing a regime does not dismantle informal power structures. It often accelerates their consolidation. Networks that survive pressure are the ones that define what comes next. Iran’s internal system is designed precisely for this kind of stress: decentralized, redundant, and socially embedded.
There is also a strategic paradox at play. External pressure can validate internal narratives of siege and foreign threat, strengthening coercive institutions rather than weakening them. Information controls, security mobilization, and proxy signaling are not reactions; they are rehearsed responses.
This is why simplistic comparisons—whether to Eastern Europe, Latin America, or past protest movements, are misleading. Iran’s political ecosystem is closer to the environments the United States faced in Kabul and Baghdad than many in Washington are willing to admit.
Who’s Reading this? More than 500K of the most influential national security experts in the world.
None of this suggests that Iran is immune to pressure or that its current trajectory is stable. Economic distress, generational change, and legitimacy erosion are real. But history cautions against assuming that pressure equals control or that unrest equals opportunity.
The more relevant question for U.S. policymakers is not whether Iran is vulnerable, but whether the United States is prepared to operate effectively in the space that follows vulnerability.
That preparation requires understanding how authority is distributed beneath formal institutions, recognizing how coercive and social systems reinforce one another, and anticipating how regional actors adapt during periods of instability.
These are the same lessons Afghanistan and Iraq offered lessons learned too late.
Iran’s current unrest has reopened a familiar debate in Washington about pressure, leverage, and escalation. But Afghanistan and Iraq should have settled that debate long ago. The United States did not lose those conflicts because it lacked military power; it lost because it underestimated how authority, loyalty, and influence actually function inside contested societies.
Iran is not a blank slate, nor is it a fragile state waiting to collapse under external strain. It is a system built to absorb pressure, manage unrest, and outlast moments of crisis. Any approach that treats unrest as an opportunity without first understanding what follows it risks repeating the same strategic error the United States has already made—twice.
The choice facing U.S. policymakers is therefore not whether to act, but how to act without misunderstanding the terrain. Escalation without preparation does not produce control; it produces consequences that others are better positioned to manage. If Washington has truly learned from Afghanistan and Iraq, it will recognize that the most dangerous moment is not the collapse of order, but the false confidence that comes before it.
History will not judge the United States on whether it applied pressure. It will judge whether it understood what that pressure would unleash.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief.
THE KREMLIN FILES / COLUMN — Russian hybrid warfare, often referred to in the West as “gray zone” conflict, has transitioned from theoretical concept to prominent headlines, particularly following the invasion of Ukraine and the Kremlin’s campaigns of sabotage, disinformation, and targeted intelligence actions across Europe and the U.S. What defines Russian-style gray warfare, or hybrid war? What are its doctrinal roots, and how well do these foundations align with assumptions in Western security discussions? To explore these questions, this article analyzes the writings of Russian military thinkers and the views of Russian military and intelligence agencies—covering their terminology, doctrines, and their evolving grasp of non-kinetic conflict.
This is the first in a two-part series by Sean Wiswesser on Russian gray zone, or hybrid warfare
Gray zone operations in the West are generally seen as actions that influence the course of a conflict or harm an adversary without crossing into direct kinetic attacks. For Russia, at the core of the gray zone is the concept of “non-contact war” (bezkontaktnaya voina), which is part of a larger doctrinal framework under which gray warfare, also called “new generation warfare” by the Russians, falls. This is not a new concept in Russian military thinking, but it has developed over decades. By examining its evolution over the past thirty years through Russian sources and military thinkers, we can better understand how Moscow uses these concepts today—and how they influence the conflicts we may face now and in the future, enabling the U.S. and our allies to respond more effectively.
There are two main components of Russian gray warfare. Russians rarely use the term hybrid war, which exists in Russian only as a borrowed term from English. The first concept is non-contact warfare - the concept of preparing and softening the battlefield, then minimizing ground engagements for their troops whenever possible. The second concept is Russian intelligence active measures, also known as measures of support. This is also an old idea in Russian intelligence circles, but one that has been expanded and intensified in recent decades, incorporating new elements such as cyber operations and cognitive warfare.
We will briefly discuss each of these concepts below, along with Russia’s gray-zone developments up to its deployments into Ukraine in 2014. In the second part of this series, we will analyze Russia’s doctrine as it was applied in the years immediately leading up to and through the full-scale invasion of Ukraine, while also considering another key factor for Russia—their ability to evolve and adapt.
Non-Contact Warfare: Origins and Russian Military Necessities
Non-contact warfare developed from what the Russian General Staff and other military thinkers called sixth-generation warfare. The concept grew from the “reconnaissance strike complex” theory and the so-called “revolution in military affairs” at the end of the Cold War. As the Soviet Union disintegrated and the U.S. demonstrated overwhelming air power with NATO and other allies during the Persian Gulf war, former Soviet and Russian generals were not fools. They understood they could not keep pace with the new advancements in air warfare and the technological edge of NATO weapons systems.
Russian General Staff thinkers recognized that the Russian Air Force could not match TTPs (techniques, tactics, and procedures), the number of pilot training hours, or the advanced systems that the U.S. and NATO could field, especially given their significantly reduced military budget following the Soviet Union's collapse. This operational shortfall was further emphasized by the targeted bombing campaigns and overwhelming force deployed by U.S./NATO forces in the Balkan campaigns of the mid-1990s.
Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
In short, Russian military planners recognized they could not keep pace. NATO airpower and the reach of the alliance into all sorts of regions and conflict zones posed a significant challenge for the Russian military and its intelligence services. One of the lessons they understood was that massed tank formations alone would not win wars in the 21st century. Throughout the 1990s and into the early 2000s, several important writings were produced by prominent Russian general staff figures, such as Generals Slipchenko and Gareev, as well as the future Chief of Staff of the Russian military and currently the commander of the Russian forces in the Ukraine war, Valeriy Gerasimov.
Slipchenko is credited in Russia with coining the phrase “sixth generation warfare” more than twenty years ago. According to Slipchenko, this new form of warfare signified a shift from nuclear-based conflict (which he called “fifth generation”) toward information-enabled, precision-strike, so-called non-contact wars (he authored a book with that same title). These wars would be fought at a distance, relying on airpower, command, control, intelligence, surveillance, reconnaissance (C4ISR), and long-range precision strikes, rather than large ground forces. He and Gareev published a book in Russia in 2004 titled On Future Wars, which became influential in many Russian military circles. In this work, Slipchenko and Gareev emphasized the importance of studying non-contact warfare and firmly stated that Russia must adapt to it, or else “Russia would not survive.”
During that same period, Russia’s Air Force struggled significantly in the 1990s and 2000s to adopt precision-guided munitions (PGMs). Russia never fully integrated them or appropriately trained them on their use, which was evident in its prolonged conflicts with Chechen separatists. Most ground-attack operations during that period, from the mid to late 1990s, relied on “dumb bombs” and massed artillery on the battlefield. This resulted in the Russian air force’s poor performance in the 2008 Georgian conflict, when an outmanned Georgian military embarrassingly shot down several Russian fighter-bombers.
In the summer of 2008, responding to Georgia launching an incursion to retake South Ossetia, Russia responded with overwhelming force, sending an entire army to occupy swaths of Abkhazia, Ossetia, and also northern Georgia from Poti to Gori and the edges of Tbilisi. But while their force ratios led to quick success on the ground, the Russian air force did not perform as well in the air. In addition to air losses to ground-based air defense and friendly fire, Russian precision strikes did not go off as planned. Russia’s performance could be summed up as ineffective from the air. They were not able to project over-the-horizon warfare in the ways that Russian military planners had envisioned for non-contact war.
The first widespread and successful use of Russian PGMs would come still later, mostly during Russia’s involvement in Syria, where Russian squadrons were rotated for training and gained exposure to actual combat. Before that, many pilots had not experienced any combat outside of Chechnya.
Russia’s Air Force underwent a series of reforms due to these failures. It was reorganized and renamed the Russian Aerospace Forces (the VKS) in 2015 as a result of many of these reforms, or what were claimed to be reforms. When the full-scale invasion happened in 2022, Russia’s VKS, like much of its military, was still trying to evolve from its targeted reforms and these earlier developmental challenges. They attempted a limited shock-and-awe offensive but failed miserably in areas such as battle damage assessment and other key aspects of a true air campaign (the second article in this series will touch on these issues in more detail).
However, military reforms and adaptations in the Russian Air Force were not meant to stand alone. Russian kinetic actions were intended to be supported by other elements in non-contact warfare, aimed at softening the battlefield and undermining an adversary’s ability to fight. Prominent among these were active measures focused on information operations.
Active Measures, Measures of Support, and Non-state Actors
Returning to Russian arms doctrine, Slipchenko and other figures on the General Staff argued that, in the post–Cold War world, especially after observing the 1991 Gulf War and the dominance of US airpower, massing military forces was no longer effective. The world saw how Saddam’s large army, with thousands of tanks and armored vehicles, was destroyed from the air. Slipchenko claimed that future wars will focus on disrupting enemy systems, including military, economic, social, and other so-called “information means.”
This was not a new concept for Russia and its intelligence agencies—the FSB, GRU, and SVR (collectively the Russian intelligence services or RIS). The RIS would play a key role by using a well-known Russian technique—active measures, or as the RIS calls them today, measures of support. These tactics aim to weaken the enemy's ability to fight through malign influence, political interference, and disinformation. The Russians use state agencies and means, like their intelligence services, but also so-called non-state actors, like organized crime, private mercenaries, hacker groups, and many others, to carry out these and other hybrid actions as proxies.
The doctrinal approach of gray war, or new generation warfare, was gaining attention in Russia just as Putin's reign started. His rule coincided with the growing influence of the RIS within the government. It was natural for the RIS to take on roles the military was not equipped to perform, and Putin was quick to authorize them. One of the first tests for their active measures and gray war was Russia’s brief war with Georgia in 2008. As noted above, and while their military’s performance was mixed, their intelligence services were very active in the information arena. Russia flooded international media with its version of events. Their still-growing “RTV” news network promoted stories of atrocities they claimed were committed by the Georgian military. Europe and the U.S. were caught off guard and unprepared by the conflict; there was little to no meaningful response to Russia’s military actions, and no high costs or reprisals. It was a lesson Russia would remember.
After Georgia in 2008, while reforms were introduced in the air force in particular, the doctrinal debates continued. Building on Slipchenko’s ideas, writers from the General Staff, such as General Chekinov and General Bogdanov, further developed the doctrine they called “new-generation warfare.” Their work emphasized scripted roles in conflict for the information-psychological struggle, subversion, and cyber operations, while traditional large-scale combat operations became, by comparison, less prominent.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Gerasimov’s speech and article focused on shifting Russia's attention to countering the so-called “color revolutions” that occurred in the first decade of this century in Ukraine, Georgia, and Kyrgyzstan. They were, and still are, viewed as a direct threat to Russia’s national security and to Putin’s dictatorship. Russia cannot tolerate functioning democracies and freedom on its borders.
By combining Gerasimov’s contributions with those of Slipchenko, Gareev, and others, the Russian military developed a concept of non-contact warfare that planned for long-range strikes executed after weakening the enemy through non-kinetic means. They de-emphasized large ground formations because, according to the theory, they should not be necessary. Russian measures of support are designed to weaken an adversary through disinformation, misinformation, malign influence on politics, and other methods. This would become the battle plan the Russians would attempt to implement in Ukraine in 2014 (and again, with adjustments, in 2022).
As cyber has taken a greater role in society and the mass media, the Russian grey zone approach has also increasingly included RIS cyber operations and online media manipulation to support “reflexive control,” an old Russian intelligence concept from the 1960s. The term reflects the notion of influencing an adversary to act in a desired way without the enemy’s awareness. Gerasimov and the military, along with leaders of the RIS, knew from Russia’s poor performance in Georgia that they were not ready for war with NATO or any strong peer-level adversary. They needed help to weaken any adversary with a capable armed force before actual war.
Syria and Ukraine would be the new testing grounds for this concept in practice, with a heavy reliance on the intelligence services to help prepare the battlefield before and through the military’s engagement. Their perceived successes in both theaters would, over time, convince the Russian intelligence services, its military, and most importantly, President Putin that Russia was ready for a much larger task— an attack on and seizure of the entire territory of Ukraine.
All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
OPINION — “We [the U.S.] began as a sliver of a country and next thing you know we're a continental power, and we did not do that primarily through our great diplomacy and our good looks and our charm. We did that primarily by taking the land from other people.”
That was Michael O’Hanlon, the Brookings Institution’s Director of Research in the Foreign Policy program, speaking January 12, about his new book, To Dare Mighty Things: U.S. Defense Strategy Since the Revolution, on a panel with retired-Gen. David Petraeus and Historian Robert Kagan.
O’Hanlon continued, “Now, this is not a revisionist history that's meant to beat up on the United States for having become a world power, because if we hadn't done that, if we hadn't become this continental power, then we could never have prevailed in the World Wars…The world would have been a much worse place and we could never have played the role we did in the Cold War and at least up until recent times, the post-Cold-War world. So generally speaking, I'm glad for this American assertiveness, but to me, it's striking just how little we understand that about ourselves.”
Listening to that event eight days ago at Brookings, and looking around at what the Trump administration is doing at home and abroad today, I thought elements of what I heard from these three were worth repeating and reviewing.
For example, O’Hanlon pointed out a great amount of U.S. grand strategy and national security thinking took place during historic periods considered times of American isolationism and retrenchment.
O’Hanlon said, “A lot of the institutional machinery, a lot of the intellectual and leadership development capability of the United States began in this period starting in the late 19th century and accelerating into the inner [World] War years [1918-to-1941]. And without that, we would not have had the great leaders like [Gen. Dwight D.] Eisenhower, and [Gen. George C.] Marshall, trained in the way they were. I think that made them ready for World War II.”
He added, “We would not have had many of the innovations that occurred in this period of time -- so whether it's [Rear Admiral William A.] Moffett and [Navy] air power and [aircraft] carrier power, [Army Brig. Gen.] Billy Mitchell and the development of the Army Air Corps, [Marine Maj. Gen. John A.] Lejeune and the thinking about amphibious warfare. A lot of these great military leaders and innovators were doing their thing in the early decades of the 20th century and including in the inner war years in ways that prepared us for all these new innovations, all these new kinds of operations that would prove so crucial in World War II.”
“To me it's sort of striking,” O’Hanlon said, “how quickly we got momentum in World War II, given how underprepared we were in terms of standing armies and navies and capabilities. And by early 1943 at the latest, I think we're basically starting to win that war, which is faster than we've often turned things around in many of our conflicts in our history.”
Kagan, a Brookings senior fellow and author of the 2012 book The World America Made, picked up on American assertiveness. “Ideologically, the United States was expansive,” Kagan said, “We had a universalist ideology. We got upset when we saw liberalism being attacked, even back in the 1820s. You know, a lot of Americans wanted to help the Greek rebellion [against the Ottoman Empire]. The world was very ideological in the 19th century and we saw ourselves as being on the side of liberalism and freedom versus genuine autocracies like Russia and Austria and Prussia. And so we always had these sympathies. Now everybody would say wait a second it's none of our business blah blah blah blah, but nevertheless the general trend was we cared.”
Kagan went on, “People keep doing things out there that we're finding offensive in one way or another. And so we're like wanting to do something about it. So then we get dragged into, [or] we drag ourselves into these conflicts and then we say, ‘Wait a second, we're perfectly safe here [protected east and west by the Atlantic and Pacific Oceans]. Why are we involved in all this stuff?’ And then we want to come back. And so this tension between our essential security on the one hand and…our kind of busy bodyness in the world has just been has been a constant -- and I think explains why we have vacillated in terms of our military capability.”
Petraeus, began by saying, “I'm a soldier not a historian here,” and then defended some past U.S. interventions as “basically when we've been attacked,” citing Pearl Harbor and ships being sunk in the Atlantic. He added, “Sometimes it's and/or when we fear hostile powers especially, if they're aligned as it was during the Cold War with the communists, or now arguably with China and/or Russia or both taking control of again Eurasia, Southeast Asia, East Asia.”
Petraeus admitted, “We have sometimes misread that. You can certainly argue that Vietnam was arguably more nationalist [North Vietnamese seeking independence from France] maybe than it was communist. But that I think still applies. I think one of the motivations with respect to [Venezuelan President Nicolas] Maduro is that they [the Maduro Venezuelan leadership] were more closely than ever aligning with China, Iran to a degree, Russia and so forth. And we've seen that play out on a number of occasions as well.”
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
Petraeus, who played several roles in Iraq, said the U.S. had “to be very measured in what your objectives are if you're going to use force, and…try to avoid boots-on-the-ground. If they're going to be on the ground, then employ advise, assist, and enable operations where it's the host nation forces or partner forces that are on the front lines rather than Americans.”
Looking back, Petraeus said, “I think we were unprepared definitely intellectually for these operations after toppling regimes in Iraq and Afghanistan and not just [in] the catastrophically bad post-conflict as phase,” citing “horrific decisions to fire the entire Iraqi military without telling them what their future was. And then firing the Baath Party down to the level of bureaucrats. That meant that tens of thousands [of Iraqis] without an agreed reconciliation process are literally cast out. And by the way, they're the bureaucrats that we needed to actually help us run a country [Iraq] we didn't sufficiently understand.”
Describing another lesson learned, Petraeus said, “In looking back on Afghanistan, trying to distill what happened, what we did wrong, what we did right, I really concluded that we were never truly committed to Afghanistan nation building. Rather, we were repeatedly committed to exiting. And that was a huge challenge [for the 20 years the U.S. was there], because if you tell the enemy that you're going to draw down on a given date, during the speech in which you announce a buildup, really undermines the enemy's sense of your will in what is a contest of wills at the end of the day. Not saying that we didn't want to draw down, but to do it according to the right conditions. And of course then the other challenge was that the draw-down became much more based on conditions in Washington than it did on conditions in Afghanistan, which is again another pretty fatal flaw.”
Kagan gave his view on past American interventions with U.S. troops in foreign countries, and tied them sharply to today’s situation, not only in Caracas, but also in Washington. “You know, the United States did not go to war in Iraq to promote democracy despite the vast mythology that has grown up about that,” Kagan began.
He then continued, “It was primarily fear of security. Saddam was a serial aggressor. He certainly was working on weapons of mass destruction. Rightly or wrongly that was the primary motive [of the George W. Bush administration]. But then Americans, as always the case, and you know, all you have to do is look at what we did in Germany after World War II, what we did in Japan after World War II. Americans never felt very comfortable about moving into some country, taking it over for whatever reason and then turning it over to some dictator. We wanted to be able to say that we left something like democratic governance behind. Until now that has been such a key element of our self-perception and our character.”
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
Kagan said the Bush administration then sent U.S. troops into Iraq “was not because we were dying to send troops into Iraq, but because we had concluded you cannot control countries from the air. And so we're now [with Venezuela] we’re back in that mode.”
But here, Kagan gave his view of an important change from the past. He said, “So here's what's different. We did not want to leave in Iraq Saddam's number two. Go ahead, take over. In Venezuela, we've gone after a regime head…[but] this isn't regime change. This is decapitation and now we've turned it over to the next, you know, part of the Maduro regime and said you take care of it. We'll run it, but you take care of it. That is a departure from American history and I think it is directly a consequence of the fact that for the first time I can say without any doubt we do not have a president who believes in the American principles of liberalism, but is actively hostile to them here in the United States as well as internationally. He is on the side of anti-liberalism. He is on the side of authoritarianism, both here and abroad. That, to my mind, it's not do we intervene in Latin America, Yes, we do, but for what purpose? And I think that is the huge break [from the past] that we're witnessing right now.”
To my mind and others, Kagan has it right. President Trump, facing political problems at home – affordability, the Epstein files, the upcoming November House and Senate elections – has tried to show expanding power abroad. Based on past success in Iran bombing nuclear sites and removing Maduro from Venezuela, Trump wants to absorb Greenland, send U.S. forces into Mexico after drug cartels, and threaten attacking the faltering regime in Iran.
Let me add a final element to Trump’s current eagerness to show power abroad. The one thing he doesn’t want is the death of any U.S. military personnel he sends into harm’s way. Trump and his top aides have repeatedly pointed out, whether it was in blowing up narco-trafficking boats or the Iran bombing or the Maduro snatch, no American lives were lost.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
DEEP DIVE — It is one of the most lauded defense developments in recent decades, providing preeminent capability to U.S. military personnel worldwide, but that prowess evidently comes with a steep cost that military leadership allowed to grow for years.
Critics have long asserted that the military failed to adequately address a mounting series of safety issues with the V-22 Osprey aircraft, even as service members died in preventable crashes. The Naval Air Systems Commandreview and Government Accountability Officereport paint a scathing portrait of systemic failures by the Joint Program Office overseeing V-22 variants for the Air Force, Marine Corps, and Navy.
The Marine Corpsoperates approximately 348 MV-22s, the Air Force 52 CV-22s, and the Navy 29 CMV-22s, with the program of record at around 464 total across services. Japan operates 17 MV-22s, with deliveries complete or near-complete.
The Deadly Track Record
Some 30 U.S. Marines lost their lives in threeseparate crashes during the testing and development phase throughout the 1990s, giving the Osprey the nickname “The Widow Maker.” Since its introduction in 2007, at least 35servicemembers have died in 10 fatal crashes.
“Initially, the V-22 suffered from Vortex Ring State, which produced crashes during development. The problem was diagnosed and remediated, and the loss rate went down dramatically,” John Pike, a leading defense, space and intelligence policy expert and Director of GlobalSecurity.org, tells The Cipher Brief. “Subsequent losses have been ‘normal accidents’ due to the usual mechanical and human failings.”
The GAOfound that serious Osprey mishaps in 2023 and 2024 exceeded the previous eight years and generally surpassed accident rates of other Navy and Air Force aircraft. In August 2023, three Marines died in Australia. In 2022, four U.S. soldiers were killed in a NATO training mission, and five Marines were killed in California.
Unresolved Problems
The NAVAIR reportrevealed that “the cumulative risk posture of the V-22 platform has been growing since initial fielding,” and the program office “has not promptly implemented fixes.” Of 12 Class A mishaps in the past four years, seven involved parts failures already identified as major problems but not addressed.
Issues with hard-clutch engagement (HCE) caused the July 2022 California crash that killed five. The problem occurs when the clutch connecting the engine to the propeller gearbox slips and reengages abruptly, causing a power spike that can throw the aircraft into an uncontrolled roll.
There were eight Air Force servicemembers killed in the November 2023 crash off Yakushima Island when a catastrophic propeller gearbox failed due to cracks in the metal pinion gear, and the pilot continued flying despite multiple warnings, contributing to the crash.
This manufacturing issuedates to 2006, but the Joint Program Office didn’t formally assess the risk until March 2024 – nearly two decades later. A NAVAIR logbook reviewfound that over 40 safety-critical components were operating beyond their airworthiness limits, and that 81 percent of ground accidents were due to human error.
A Broken System: Poor Communication Between Services
The GAO also found that the three services don’troutinely share critical safety information. Aircrews haven’t met regularly to review aircraft knowledge and emergency procedures. The servicesoperate with significantly different maintenance standards, with three parallel review processes and no common source of material.
The GAOidentified 34 unresolved safety risks, including eight potentially catastrophic risks that have remained open for a median of 10 years. The V-22 has the oldestaverage age of unresolved catastrophic safety risks across the Navy’s aircraft inventory.
Fixes May Take a Decade
The Navy reportindicated fixes won’t be complete until 2033-2034. Officials now say the fleet won’t return to unrestricted operationsuntil 2026 – a year later than planned. The V-22 program plans to upgrade gearboxes with triple-melted steel, reducing inclusions by 90 percent.
Under current restrictions, overwater flights are prohibited unless within 30 minutes of a safe landing spot, severely limiting their use by the Navy and Marine Corps.
Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.
Osprey's Unmatched Capabilities
The Osprey still offers a game-changing advantage for U.S. troops, despite its troubled past, according to its supporters.
As it currently stands, the entire fleet operates under restrictions that prevent overwater flights unless within 30 minutes of a safe landing spot, significantly limiting its utility for Navy and Marine Corps missions.
In 1979 to 1980, American hostages were taken in Iran during Operation Eagle Claw, which gave rise to the Osprey. As five of the eight Navy helicopters that arrived at Desert One were inoperable, it was clear that rapid troop movement in harsh environmental conditions was urgently needed.
After development began in 1985, the Osprey entered service in 2007, replacing the Vietnam-era CH-46 Sea Knight.
Compared to fixed-wing transports, the Osprey can land troops just where they are needed. Airdrops with parachutes tend to scatter paratroops all over the place; see ‘Saving Private Ryan,’” Pike explained. “And compared with other rotary wing aircraft, the Osprey is much faster and has a much longer range.”
The Osprey shifts from helicopter to airplane mode in under 12 seconds, reaches speeds of 315 mph, has an operational range of 580 miles, and carries 10,000 pounds – or 24 troops. It’s used for missions ranging from combat operations to the occasional transport of White House staff. During a dust storm in Afghanistan in 2010, two CV-22 helicopters rescued 32 soldiers in under four hours from a distance of 800 miles.
Chronic Readiness Problems
Yet these performance advantages have been undercut by persistent readiness shortfalls.
The NAVAIR reportnoted that mission-capable rates between 2020 and 2024 averaged just 50 percent for the Navy and Air Force, and 60 percent for Marines. The Ospreyrequires 100 percent more unscheduled maintenance than the Navy averages and 22 maintenance man-hours per flight hour versus 12 for other aircraft.
In addition, Boeing settled a whistleblower lawsuit in 2023 for $8.1 million after employees accused the company of falsifying records for composite part testing. Boeing, in its defense,claimed that the parts were “non-critical” and did not impact flight safety.
Conflicting Views on Safety
“The Osprey does not have a troubled safety record. Per a recent press release, the V-22 mishap rate per 100,000 flight hours is 3.28, which is in line with helicopters with similar missions.” a government source who works closely with the Osprey fleet but is not authorized to speak on the record contended to The Cipher Brief. “Like anything measured statistically, there are periods above and below the mean. Just because humans tend to conclude because of apparent clusters doesn’t necessarily mean there is a pattern or connection – think of how some people say that ‘celebrities die in threes.’”
The source vowed that “the design issues, such as certain electrical wiring rubbing against hydraulic and oil lines, were fixed before fleet introduction.”
“The problems with the test plan were a product of pressure applied to accelerate a delayed and overbudget program and were not repeated when the aircraft was reintroduced,” the insider pointed out. “Those mishaps, combined with the distinctive nature of the V-22, mean that any subsequent incident, major or minor, is always viewed as part of the ‘dangerous V-22’ narrative. A U.S. Army Blackhawk crash in November killed five but barely made the news. A Japanese Blackhawk crash killed ten soldiers in April, but the Japanese didn’t ground their Blackhawks.”
That perception, however, has done little to quiet families who argue that known risks went unaddressed.
Amber Sax’s husband, Marine Corps Capt. John J. Sax died in the 2022 California crash caused by hard clutch engagement, a problem the Marine Corps had known about for over a decade. “Their findings confirm what we already know: More needs to be done, and more needs to be done,” Saxsaid. “It’s clear in the report that these risks were not properly assessed, and that failure cost my husband his life.”
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
An Uncertain Future
As the military confronts those findings, the future of the Osprey fleet is not completely clear. In 2018, the Marine Corps Aviation proposaloutlined a sustainability plan for the Osprey to at least 2060.
“The quality of maintenance training curricula, maturation, and standardization has not kept pace with readiness requirements,” the reportstated. “Current maintenance manning levels are unable to support demands for labor. The current V-22 sustainment system cannot realize improved and sustained aircraft readiness and availability without significant change. Depot-level maintenance cannot keep up with demand.”
Despite extensive recommendations – NAVAIRunderscored 32 actions to improve safety – Vice Adm. John Dougherty reaffirmed commitment to the aircraft. Pike believes it’s a matter of when, not if, the Osprey returns to full operations.
“Once the issues are fixed, everyone will resume their regular programming,” he asserted.
Officials and insiders alike expect that process to translate into tangible fixes.
“I would expect that to lead to some type of corrective action, whether it’s a new procedure or replacing a defective part,” the insider added. “After that, I would expect a long career for the aircraft in the Marine Corps, Navy, and Air Force, as it’s an irreplaceable part of all three services now and gives a unique capability to the American military.”
Whether that optimism proves warranted depends on whether military leadership finally addresses the systemic failures the latest reports have laid bare – failures that cost 20 service members their lives in just the past five years.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business
OPINION — U.S. defense planning rests on the assumption that wars are fought abroad, by expeditionary forces, against defined adversaries. For decades, those assumptions held. But today, many of the most consequential security challenges facing the United States violate all three. They occur closer to home, below the threshold of armed conflict, and in domains where sovereignty is enforced incrementally.
The shift has exposed a chronic mismatch between how the United States defines its defense priorities and how it allocates resources and respect. While defense discourse continues to stubbornly emphasize power projection and high-end conflict, many of today’s challenges revolve around the more modest and rote enforcement of U.S. territorial integrity and national sovereignty - functions that are vital to U.S. strategic objectives yet lack the optical prestige of winning wars abroad.
Sitting at the center of this gap between prestige and need is the U.S. Coast Guard, whose mission profile aligns directly with America’s most important strategic objectives - the enforcement of sovereignty and homeland defense - yet remains strategically undervalued because its work rarely resembles the celebrated and well-funded styles of conventional warfighting. In an era of increased gray-zone competition and persistent coercion, the failure to properly appreciate the Coast Guard threatens real strategic fallout.
In the third decade of the 21st century, U.S. defense planning remains heavily oriented toward expeditionary warfighting and high-end kinetic conflict. Budget conversations still revolve around Ford-class supercarriers, F-35 fighters, and A2/AD penetration. This orientation shapes not only force design and budget allocations, but also institutional prestige and political capital. The services associated with visible combat power, with the Ford-class and the F-35, continue to dominate strategic discourse—even as many of the most persistent security challenges confronting the United States unfold close to home, in the gray-zone, without the need for fifth-generation air power or heavy armor.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
At the most basic level, any nation’s military exists primarily to defend territorial integrity, enforce sovereignty, and protect the homeland. Power projection, forward presence, and deterrence abroad are important—but they are secondary functions derived from the primary purpose of homeland defense. Yet U.S. defense discourse often treats homeland defense as a background condition when it should be revered as the first priority. The result is a blind spot in how security resources are evaluated and allocated.
The Coast Guard operates at a unique point where law enforcement, military authority, and sovereign enforcement all converge. On any given day, the Coast Guard may board foreign-flagged vessels suspected of sanctions violations, police maritime borders against illicit trafficking, secure ports that underpin global supply chains, and maintain a persistent presence in contested spaces, like the Arctic, without inviting escalation. The Coast Guard is equipped to intercept illegal fishing fleets, escort commercial shipping through sensitive waterways, and assert jurisdiction in legally ambiguous areas. These activities rarely resemble traditional warfighting, they rarely result in a Hollywood blockbuster, and they can be accomplished without nuclear-powered submarines or intercontinental ballistic missiles. But these are not peripheral activities—they are arguably amongst the most important daily functions the U.S. military undertakes.
Distinct among the military branches, the Coast Guard operates under a legal framework that is uniquely suited to today’s security environment. Under Title 14 status, the Coast Guard falls within the Department of Homeland Security, conducting law enforcement and regulatory missions on a daily basis. Yet, when needed, the service can transition to Title 10 status, under the Department of Defense, and operate as an armed service when required. This agility allows the Coast Guard to remain continuously engaged across the spectrum of competition, whether enforcing U.S. law in peacetime, managing escalation in gray-zone encounters, or integrating seamlessly into military operations. Few other elements of U.S. power can move so fluidly between legal regimes.
Still, despite such strategic relevance, the Coast Guard suffers from a persistent optical problem. U.S. defense culture has long privileged services and missions associated with visible, kinetic combat—those that lend themselves to clear narratives of victory, sacrifice, and heroism. The Coast Guard’s work rarely fits that cinematic mold. Its success is measured not in territory seized or targets destroyed, but in disruptions prevented, borders enforced, and crises that never materialize. Inherently quiet work with outcomes that reflect a force operating exactly as designed, although without generating institutional prestige or political support. In a system that rewards the loudest and the brightest, the Coast Guard’s quiet enforcement of sovereignty is easy to overlook.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
Continuing to overlook the value of the Coast Guard carries strategic consequences. Specifically, persistent underinvestment in the Coast Guard weakens maritime domain awareness, reduces sustained presence in key waterways, and narrows the set of tools available to manage gray-zone competition. As adversaries increasingly rely on legal ambiguity, deniable actors, and incremental pressure to test U.S. resolve, gaps in enforcement become opportunities. In this environment, the absence of credible, continuous sovereignty enforcement invites probing behavior that becomes harder to deter over time.
Advocacy for the Coast Guard does not require reassigning prestige, or elevating one service at the expense of others. It is merely an argument for strategic alignment. If territorial integrity, sovereignty enforcement, and homeland defense are truly core national-security priorities, then the institutions most directly responsible for those missions should be treated accordingly. As competition increasingly unfolds in the gray-zone between peace and war, the United States will need forces designed not only to win conflicts—but to prevent them from starting in the first place.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
WEEKEND INTERVIEW — In an era when foreign adversaries can shape public sentiment with a well-timed meme and a handful of AI-driven accounts, the U.S. government is racing to redefine what national power looks like in the information age.
At the center of that effort is Shawn Chenoweth, the country’s first Director of Cognitive Advantage - a role designed to help the United States compete in the domain where modern influence, persuasion, and political outcomes are increasingly decided.
What, exactly, does a Director of Cognitive Advantage do? It’s not a title most Americans encounter, and it sits far outside the familiar contours of diplomacy, military force, or economic leverage. But as Chenoweth explains, the contest for influence no longer stays neatly within those lanes either.
His focus is often on the gray space - where information, perception, culture, and behavior collide, and where adversaries like China, Russia, Iran, and North Korea are operating with staggering resources and strategic focus.
In this Cipher Brief conversation, Chenoweth breaks down how cognitive operations actually work, why the U.S. has struggled to keep pace, and what it means to give the President an “information option” that’s not simply kinetic or economic.
He offers rare, candid insight into how technology, AI, and social platforms—from TikTok to algorithmically driven personas—are reshaping the battlespace faster than policymakers can write doctrine.
Our conversation is a deep dive into one of the least understood - but perhaps most consequential - fronts of modern national security. Our conversation has been lightly edited for length and clarity.
Shawn Chenoweth is the Director of Cognitive Advantage at the US National Security Council.
The Cipher Brief: How do you explain the role of the director of Cognitive Advantage?
Chenoweth: When you look at traditional elements of military power, you probably think of the DIME construct.It's not a perfect construct, but it's pretty good. DIME, is broken down into Diplomatic, Information, Military and Economic, and it's very clear who owns the Diplomatic, Military, and Economic components. But there hasn't been, at least in several decades, a good example of where people have really come to the president and the administration with an "I" option, for Information. And it's a shame because when you actually look at the DIME construct, you don't want to break it into stove pipes. We should think of it as a cell. Each of those elements acts as part of a functioning cell, and removing any of those elements means you have an imperfect or failing cell.
So, I was asked to help put the "I" back in DIME so that we can provide additional options and advantages across the other elements of DIME to national power and provide the president with opportunities to accomplish the Administration’s objectives that aren't just warheads on foreheads or threatening economics or expending political leverage. We can enhance those things, but we can also gain advantages by using cognitive effects through the information environment.
Kelly: Let’s set the stage a bit further. If you were to explain to the average American what is happening in terms of cognitive warfare in the gray zone – the area where conflict occurs below the level of warfare - how would you describe it?
Chenoweth: I think if you look through your military histories, philosophers, politicians, political science, it's all pretty clear. You can pick out the elements. They all have one underlying thread, which is that political victory is the one that matters at its core. That's really what we're talking about. Nothing's changed. How human beings are connected, how technology is affected has certainly changed. But what we really care about is what people do in the real world and the geophysical world, the world we live in.
So, the point of a cognitive advantage is to leverage that so that human beings are taking behaviors favorable to outcomes, to national objectives, which most of the time are also - in the case of the United States - favorable in their own right. So it's core. And that is what we're driving to get: those advantages in what people do in the real world through their sensing, to make decisions that come back to the real world and have the effects that you want.
Kelly: Can you give an example of what that would look like?
Chenoweth: Let's say you're negotiating for a piece of land or a base that you need for overflight intel collection. You're going to conduct a trade-off in negotiations. Maybe it's going to look like, - if you pay more, you'll get more - based off what the value proposition is. But very rarely is it that blatant and simple. So, what you want to be able to do is understand, what advantage would we need in the negotiation? What's actually driving this other party other than maybe just cost or just danger? What’s the risk calculus?
There are cultural nuances that affect things: their understanding of influence, political implications. So, the point would be to understand why they would be interested in this in the first place? What advantage does it give them? What are the cultural nuances? Why wouldn't they do this in the first place? Why aren't they taking this action and what can we do to make sure that the outcome is what we want?
There are other areas where that applies across the spectrum.
Let's say we're conducting counter-terrorism operations, and we know an objective tends to use a particular cafe. Well, what if they were using a different one that day? What can we do to influence them to go to a place that's more favorable for options to decrease our own risk calculus, either because we want to conduct a kinetic strike or make an arrest? Maybe we can't find them. So, what if we use that for our intel collection and our methods to basically make them come up on comms and change their behavior so it's easier to find them, collect on them, and build the data so that we can conduct physical actions to stop or disrupt them? And you can kind of see how that applies across the board.
If you know more than the person you're dealing with, chances are that you're going to be better at accomplishing your outcome. It’s very similar with the werewolf theory. It's a game where two people are chosen to be the werewolf of the village and everyone else in the group doesn't know who the werewolf is. Most of the time the people who are the werewolves win the game because they have an information advantage over everyone else playing the game. So, it's a human norm.
And again, I point out that nothing's new under the sun. It's just that we haven't really thought through the implications of what it means in the information age that we live in - where everyone is connected through software defined radios. We're a long way away from direct sensing where it's communication and things happening in the real world. Now we have sort of indirect sensing where you're fed data feeds and everything else. We can affect cognitive behavior in ways we never imagined, and we really haven't thought through just as we can reach people and sell items. And if I want to find a person whose favorite color is red, who's a military age male who's really into Magnum PI, I can find that person thanks to their radio, and I can craft messages specifically for someone who fits that demographic and move them in a particular direction. That's the first time in history that that's been the case.
Kelly: You have a background that combines both government and private sector experience. Given that technology is being rapidly developed in the private sector, how do you think that background gives you an advantage in this role?
Chenoweth: There are a lot of people who've served in the military and have been contractors but just by happenstance, I happen to have been in a lot of critical locations at critical times. I think one of the advantages that has brought me is that I saw the frustration within the military when the contracting apparatus didn't work. I was also empowered by industry to go and fix a lot of those structures and enable the government to do it, and now I'm getting afforded the opportunity to work on policy to make the system really hum.
I think the advantage with that is that when it comes to the information space, there's no control. And I try to emphasize this to any policy maker or power broker or decision maker that I can find. You can put an armored brigade in an intersection - fully equipped, fully supported – and a U.S. Armored Brigade could own that intersection. There are things you can control. But when it comes to the information space, there is no control. It is constantly shifting, constantly changing. You have a binary decision. You are either going to participate, preferably at a level that matters, or not, and whatever's going to happen is going to happen.
So, you could find yourself in an advantageous information space in the morning, lose it by the late morning, get a stalemate in the afternoon, and win it back in the afternoon – just to lose it again at the end of the day. And when you wake up the next morning, you're going to have to do it all over again. There is no, "We have information dominance and we're done and we can crack our beers and go on with other things."
That's not how this works because every day new information is being injected into the system. People are changing and developing new opinions. Things are occurring and people are going to react to those things, change their opinions, adapt, age out, age in, so those cultural references may change. It's a constant flux. One of the things that from the U.S. government side we're getting our head around is that we need an information carrier group constantly operating afloat in the information environment, effectively. One that’s engaged 24/7 to affect these changes.
The Cipher Brief is partnering with the Information Professionals Association and the National Center for Narrative Intelligence to bring you Pinnacle 2026: Gray Zone Convergence: Cognitive Security at the Intersection of Influence, Innovation, and Shared Interests. Register for the February 9-10 conference now to secure your spot.
Kelly: It's not just the United States that has gotten pretty good at understanding the impact of cognitive advantage. We see these tactics from China and Russia being used with stunning success. In this role, how focused are you on their activities when it comes to doing the exact same thing that you're tasked with doing?
Chenoweth: They absolutely practice these activities. I call them the ‘CRINKETT’. Every challenge we're generally dealing with falls in the CRINKETTS. It's China, Russia, Iran, North Korea, Terrorists and Trans[national] criminals. And particularly for the nation states, this is exactly how they want to compete.
From their perspective, there are two ways to deal with the United States: asymmetrically and stupidly, largely because of our economic and military power. They get that. They're not interested in a kinetic fight; that is an awful prospect. So the way they want to do this is in gray zone activities, in the information space, in the cognitive domain.
And they outspend us. I'm not going to say necessarily outperform, but I'll say if you want to compete at a level that matters, they outspend us, period. Iran probably spends around $1.8 billion plus-minus a year, maybe more with their proxies and everything else they do in this particular space. Russia - post Ukraine invasion, spends about $2.6 billion, something like that. China - 48 plus billion dollars a year. The U.S., if I take all of the activities from the DoD, the State Department and everything else, and you put those together, you might approach $1.2 billion.
It doesn't mean we're executing those funds either. It just means that that's what we've allocated. When you think about how we outspend to have an advantage on the other parts of DIME, we're hideously underperforming here. And again, all props to the administration. They're acutely aware of this and the support I've had at the National Security Council and across the elements of government - the departments and agencies - has been stellar. And we're going to continue to work on this and get it right because we have three and a half more years of President Trump's administration to get this right, do the reps and sets, and make this a durable policy so that the American people can start enjoying those benefits that come when we're really focused on this space.
Kelly: What does success look like for you in this role and how do you measure it?
Chenoweth: Measurement has always been a funny thing. People will constantly tell me how hard it is to measure these activities. And what I’ve found time and time again is that we're actually pretty good at these activities. The issues with the measurements are, again, participating at a scale that matters. We need to measure behavior change, and in order to do that, we need to have clear objectives. What are we after?
The big part of that is who is the target audience that has the agency to do the thing we want? We spend a lot of time making plans and CONOPS [Concept of Operations] on sub-target audiences that don't actually have the agency – in hopes that they affect agency - and that's perfectly fine. But why are we doing assessments against this? We spend a lot of time and money generating assessments to target audiences that don't have the agency you want. So, let's focus on the target audience that has the agency and let's do this at scale.
For example; I'm in the DC area and I can go down to the Potomac River, drop a bucket of water in the river, and I have objectively molecularly increased the amount of water in the Potomac. There isn't a sensor on this planet that is going to detect that molecular change.
The fact is that you might be having an effect, but you don't have a sensor that is going to pick that up. So, you need to increase your scale or customize your sensing system to the effect you're having. That tends to be where the assessments fall apart.
I’ve heard all the time for decades now that assessments are so hard. I don't find that to be true. What I find is that you've sacrificed assessments for effect, which is fine. It's risk calculus. If I had a low amount of resources and I decided to put as much into the effect I've wanted, that's fine. But at the end of the day, you're looking for the real behavior change in the targeted audience that matters. What are the sensors you have on that and what are you doing to collect that data: public opinion, research surveys, building the networks. We're going to see this exacerbate further as the AI revolution continues at pace.
Kelly: How is technology impacting what you're trying to do, your mission, and then how are you also working with the private sector because the private sector is controlling so much of the technology and the innovation that the government needs to work with. So how are you doing that?
Chenoweth: One of the challenges I see emerging from AI is that there's sort of an assumption that AI will fix all your woes. I've seen the best tools out there do one thing: they model the data they have, and that's the core issue. We don't have the data. So again, I'm back to there's not a whole lot of new things under the sun. And the AI models are really good, and it can allow you to find new insights from the data that you have, but new data needs to be created. So, sacrificing collection methodologies and new approaches to gather the data at the foot of a model is terrible.
The AI snake oil salesman I would deal with in industry all the time would come in and say, ‘Oh, you're interested in that? I could absolutely model you the thing.’ Cool. How does that work? ‘Well, all you have to do is provide me the data and we'll put all this together and give you the insights.’ I'm like, whoa. We don't have the data either. No one has the data. That's kind of the problem. So, let's be honest about what we're doing.
AI is going to be a great boon for industry and for the government and everyone else under the sun. It's going to obviously have impact, but I think as that moves forward, we need to start looking at how we actually employ it. Building an agent or a token for every worker so that they're augmented by an AI that does the thing that they themselves may not be good at or saving them time is going to be amazing, but it needs to be undergirded by being able to detect what's actually happening out in the real world. And those two things are not necessarily - not interrelated. As I said, most things are kind of a whole cell that operate in one unit, and we can't necessarily bifurcate these things and then expect good outcomes.
Former Senior CIA Executive Dave Pitts wrote a three-part series exclusively for The Cipher Brief on what the U.S. can do to become more competitive in the Gray Zone. Subscriber+Members can read it here. Need access? We can help with that.
Kelly: So you have a mission that is difficult to measure, is hugely impactful, adversaries are using it as well against American citizens effectively, and in some cases, those adversaires are dedicating a lot more resources to this. If you could explaine to the average U.S. citizen how they might be targeted by cognitive operations that are conducted by U.S. adversaries, what would you tell them to look for?
Chenoweth: You need to be mindful of sources obviously. When I look at the construct of how we approach cognitive warfare, I think one of the biggest problems I've had for at least the last 10 years has been the construct of dis- and misinformation. My issue isn't the dis- and misinformation construct. It's the overuse of it.
Disinformation and misinformation are things. They have meaning. But they mean something that is true and people use it for things that are not true. For example, disinformation are lies. The person projecting the information knows it's a lie. They're doing it to accomplish an objective. The bigger problem of disinformation is misinformation. Those are people who are sharing those lies, not knowing they are lies, or taking things out of context like satire, et cetera, and propagating as if it were truth. Those are what those are.
But not everything we have to deal with falls into that construct. There are two other portions to this that we have to be mindful of.
One is missing information, which used to mean that the target audience wasn't informed enough to make a correct decision, favorable to them or anyone else. ‘It's a tragedy that your family member died and you should mourn their loss, but stop touching the body. That's how you're spreading Ebola’, right? Pretty straightforward, pretty simple.
Now that we're dealing with nation states with deep pockets, that's been flipped up on its head and they're practicing active missing information, where they will provide wire services into a country saying, ‘Congratulations, you can use our wire service for free and we'll provide you all the stuff, and that's your biggest cost except for labor. Isn't that wonderful? The catch is that you just have to use our wire service’.
If you think [contextual] stories are going to get into the press through those channels, good luck. This isn't happening in the third world. These are happening in major countries and places that would shock you.
Imagine something like, ‘If you run this story, all our connected businesses that are connected through us or other means are going to pull their advertising budget from you.’ So again, good luck talking about the story in your environment. No one's going to touch it. No influencer wants a piece of it because they're going to lose their incentive structure and their revenue stream. It's things like that.
On the other side of the coin, and the bigger problem, is the rhetoric information. These are the things that aren't necessarily true or false. They are framed by your value system, how you view things, what you think truth actually is.
There are people out there who will say, I think a communist socialist form of government that is highly authoritarian is more stable and therefore better than a liberal democracy. There are people who believe that, and just by saying, well, history would prove you otherwise, it's not a good enough argument. You need to engage with those people at a scale that matters and be prepared to win the argument.
We've seen this time again on the counter-terrorism front where we would shut down the comms of a nobody, and suddenly that person would come back with the reputation that was so valuable, and now they're a terrorist thought leader because the Western world thought that they were so dangerous they needed to be shut down instead of just accepting the fact, that maybe we should just engage with this guy because no one's ever heard of him and maybe we should just point out that he's a moron.
There are ways to deal with this, and just because we don't like something doesn't mean it's a lie to the person that's spreading it. They might believe it. Before we just title something disinformation and say, well, it's a lie and we can ignore it — that is not adequate in the modern era where everyone is connected because, again, this person has connective tissue to the internet. They have web platforms. They can be just as connected as a government if they should choose to be and if they have the popularity, because at its core, regardless of whether or not you're a government or a celebrity or anything else, you are fighting for attention.
Kelly: It’s sometimes difficult for busy Americans to navigate the information space today and know what to believe without inviting some serious time into the source. Do you look at part of your mission in this role as helping people understand more of the context they need in order to make good decisions?
Chenoweth: I've been more on the side dealing with foreign audiences. But even in that regard, I think that it really matters to ask what are the things that we know to be what we feel are objective truths and things that matter? Things that we want target audiences to know because we know it would be better for them and better for our objectives?
And then what are the things where we just want to make sure that if a debate needs to be had, we facilitate the debate so that the target audience, particularly with an American target audience - which again, it's not my forte, we don't do that in government or shouldn't — that needs to be facilitated by Americans pointing out to each other that we do need to have these debates and come to kind of consensus, understanding that there will be disagreements.
Kelly: Do you think your job is going to be even more important in the future or maybe less?
Chenoweth: I've never thought the job wasn't important. I think the thing I'm enjoying right now is that everyone's kind of getting their head around what this means. The overused expression that ‘We need to do some things on Facebook,’ when you would have policymakers say, ‘Well, I'm concerned that that would destroy Amazon and internet commerce’ and your head would explode as you're trying to explain, ‘That's just not how the internet works, man.’
We can be comfortable operating on these platforms and doing things that we need to do without destroying internet commerce or the internet. And now I think a lot of policy makers and industry are all connected. They're a lot more comfortable doing these things. Now is the time when we need to get to where the resources and the permissions really match the ability to get us where we need to be.
I've generally not found too many authority problems. I generally find permissions problems. I find that when it comes to authorities, you almost always find that every organization actually has a framework that allows them to do things. It's just that someone somewhere in the chain can say no and is all too comfortable saying no, because, particularly in the past administration, they were very comfortable at avoiding risk and not as comfortable at managing risk. And that is a dynamic that we have to change. The world is a risky place, and we need to be out there participating in it, throwing our elbows around and managing the risk, not avoiding it.
Kelly: How hard of a job is it to give the U.S. the cognitive advantage in today’s world?
Chenoweth: It's hard, tremendously hard because you're talking about changing culture. I don't think the activity itself and the policy and the things that can be done are hard. I think the hard part will be changing the culture and changing people's mindsets.
We've talked about the fact that there used to be three domains: physical domain, information domain and cognitive domain. We have to explore the information domain and actually call it what it is. There is the physical domain, the geophysical domain. But I like the ‘kill web’ approach. A good kill web will constitute a kill chain that is disrupted, and we have to get out of just a kill chain. We need to get into a kill web mentality when it comes to cognitive effects.
Kelly: Explain what you mean by a “kill web”?
Chenoweth: You have your geophysical world where things exist in the real world, the place where we all live. When it comes to the information domain, though, it used to consolidate a bunch of things.
The reality is that when we break that down into a kill web, you're looking from your physical domain up to your logic layer. The internet is not some amorphous cloud that wanders around. It's composed of a system of systems that live in the real world. It's data centers, servers, modems, et cetera. Where does that infrastructure actually exist? Sometimes the files are in the computer. So, we need to be mindful of where does that work? How does the internet, how do these structures work, the mobile networks, et cetera.
From there, it then creates the digital layer, where all the trons are that exist. You can have effects, that's where your real cyberspace comes into play. That's how the mobile devices work, but that is just data.
Then it goes up to the persona entity level. These are the real human beings, sometimes fake human beings, they're personas, organizations but entities that potentially could be targeted or addressed or engaged, et cetera.
And then there's the cognitive space. The trick in the cognitive space is what happens in the mind. And that mind is influenced by the sensing that goes up through that chain when they process it. You're able to interdict on its way up or influence, and you're able to influence on the way down when a decision is made.
For example, when something happens in the real world, it's communicated to a decision maker, but it's going to go through the logic layer transmitted through sensors, computers, emails, phones, et cetera, to people and entities who are going to process it themselves, communicate it to a decision maker who's going to make a decision based off that information, or an individual or a bunch of individuals.
They're all going to make decisions on how to react to that or not react to that. And that's going to go back down to the physical world when they say, ‘I don't really like what is happening’, or maybe ‘I do like what's happening. Let's do the thing’. They're going to communicate that down to ‘Yes, launch the missiles’, or ‘Let's have a protest’. So, you can affect the chain up. You can affect the chain down, but that's how it works.
We as the United States have a pipe that exists inside that kill web structure - so does everyone else. And it doesn't matter if you're a nation state or a family or an individual. You have your sensing sources.
As I mentioned earlier, the direct conversations between people in the real world - even now, you and I are communicating completely over that entire structure - and that structure could be affected on the way up as we're communicating to when this is finally produced and goes back out to the real world where suddenly I have AI effects on me and I'm saying things I never meant to say, but the rest of the world's now interpreting that.
I didn't say that, that wasn't my cognitive decision, but you intercepted on the way down and now you would inadvertently affect everyone else's cognitive approach to what I'm communicating.
Kelly: What does the future from a technology and AI standpoint really look like?
Chenoweth: It's having fundamental changes. It's going to be interesting to see what happens in the entertainment industry as AI takes over and suddenly people can have more access. We've seen how the music industry went through huge change just on streaming music. We're about to witness what this is going to look like from our more traditional platforms. We've seen how things move from streaming. I think there is a level of adaptation that's going to go with that.
One of the things that needs to be addressed is how exactly we're going to engage. There is a point where we need to be comfortable with giving sort of guidance to the AIs - human in the loop - but if you think that you're going to be able to review every single message that needs to go out in an AI-driven world, you're out of your mind.
So, you need to be able to be comfortable generating for your target audience profiles and give sort of thematic guidance and let the AI do some level of engagements against foreign audiences to steer conversations in a particular direction, or at least identify where a conversation might be going so you can intervene when it looks like decisions are being made in a bad way, and then find out if that is an open and honest cultural nuance thing where it is about engagement or if it's being steered by your opponent.
I think that we are not far, and we're probably already in a game, where there are AIs versus AIs as we speak in the information environment.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
OPINION -- China was very critical of the capture of Venezuelan President Nicolas Maduro last week. The spokesperson for the Ministry of Foreign Affairs said the U.S. action was “blatant interference” in Venezuela and a violation of international law.
Mr. Maduro was accused of working with Columbian guerrilla groups to traffic cocaine into the U.S. as part of a “narco-terrorism” conspiracy. Of all countries, China should appreciate the need to stop Mr. Maduro from smuggling these illicit drugs into the U.S., killing tens of thousands of Americans. China experienced this in the Opium War of 1839-1842, when Great Britain forced opium on China, despite government protestations, resulting in the humiliating Treaty of Nanjing, ceding Hong Kong to Great Britain. Mr. Maduro was violating U.S. laws, in a conspiracy to aid enemies and kill innocent Americans. Fortunately, the U.S. had the political will, and military might, to quickly and effectively put an end to this assault. China should understand this and withhold criticism, despite their close relationship with Mr. Maduro and Venezuela.
The scheduled April meeting of presidents Donald Trump and Xi Jinping will hopefully ease tension related to the South China Sea and Taiwan. The meeting will also offer an opportunity of the two presidents to elaborate on those transnational issues that the U.S. and China can work together on, for the common good.
The National Security Strategy of 2025 states that deterring a conflict over Taiwan is a priority and does not support any unilateral change to the status quo in the Taiwan Strait. It also states that one-third of global shipping passes annually through the South China Sea and its implications for the U.S. economy are obvious.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
The April meeting will permit Messrs. Trump and Xi to candidly discuss the South China Sea and Taiwan and ensure that there are guardrails to prevent conflict. Quiet and effective diplomacy is needed to address these issues, and the Trump – Xi meeting could establish the working groups and processes necessary to ensure the U.S. and China do not stumble into conflict.
Also important are the transnational issues that require the attention of the U.S. and China. This shouldn’t be too difficult, given the history of cooperation between the U.S. and China, primarily in the 1980s and 1990s.
Indeed, it was China’s Chairman Deng Xiaoping who approved cooperation with the U.S. on the collection and sharing of intelligence on the Soviet Union.
China opposed the December 1979 Soviet Union invasion of Afghanistan and worked with the U.S. to provide weapons and supplies to the resistance forces in Afghanistan – who eventually prevailed, with the Soviet Union admitting defeat and pulling out of Afghanistan in 1989. The war in Afghanistan cost the Soviet Union immense resources, lives and prestige, weakening the Soviet Union and contributing to its later dissolution.
After the 1979 normalization of relations, the U.S. and China cooperated on a few transnational issues: nuclear nonproliferation; counternarcotics, focusing on Southeast Asia’s Golden Triangle and the heroin from Burma going into China and the U.S.; counterterrorism and the sharing of intelligence on extremist networks.
In 2002, Secretary of State Colin Powell asked China to assist with the denuclearization of North Korea. The following year, China hosted the Six-Party Talks on North Korea’s nuclear program and actively assisted convincing North Korea, in the Joint Statement of September 19, 2005, to commit to complete and verifiable dismantlement of all nuclear weapons and nuclear weapons programs.
China also cooperated with the U.S. on public health issues, like SARS and the avian flu.
Cooperation on these transnational issues was issue-specific, pragmatic, and often insulated from political tensions. Indeed, even during periods of rivalry, functional cooperation persisted when interests overlapped.
Opportunities to Further Enhance Bilateral Cooperation for the Common Good
Although U.S. – China cooperation on counternarcotics is ongoing, specifically regarding the fentanyl crisis, trafficking in cocaine, heroin and methamphetamines also requires close attention. More can be done to enhance bilateral efforts on nuclear nonproliferation, starting with China agreeing to have a dialogue with the U.S. on China’s ambitious nuclear program. Extremist militant groups like ISIS continue to be active, thus requiring better cooperation on counterterrorism. Covid-19 was a wakeup call: there needs to be meaningful cooperation on pandemics. And ensuring that the space domain is used only for peaceful purposes must be a priority, while also ensuring that there are acceptable guidelines for the lawful and moral use of Artificial Intelligence.
U.S. – China cooperation today is more about preventing a catastrophe. The Belgrade Embassy bombing in 1999, when the U.S. accidentally bombed China’s embassy in Belgrade, killing three Chinese officials and the EP-3 incident of 2001, when a Chinese jet crashed into a U.S. reconnaissance plane, killing the Chinese pilot, and China detaining the U.S. crew in Hainan Island are two examples of incidents that could have spiraled out of control. Chinas initially refused to take the telephone calls from Presidents Bill Clinton and George W. Bush, both hoping to deescalate these tense developments.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
Thus, crisis management and military de-confliction should be high on the list of subjects to be discussed, with a robust discussion of nuclear risk reduction. Stability in Northeast Asia and a nuclear North Korea, aligned with Russia and viewing the U.S. and South Korea as the enemies, should also be discussed, as well as nuclear nonproliferation.
The April summit between Messrs. Trump and Xi will be an opportunity to candidly discuss Taiwan and the South China Sea, to ensure we do not stumble into conflict.
The summit is also an opportunity to message to the world that the U.S. and China are working on a myriad of transnational issues for the common good of all countries.
The author is the former associate director of national intelligence. All statements of fact, opinion or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication or information or endorsement of the author’s views.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
OPINION — U.S. defense planning rests on the assumption that wars are fought abroad, by expeditionary forces, against defined adversaries. For decades, those assumptions held. But today, many of the most consequential security challenges facing the United States violate all three. They occur closer to home, below the threshold of armed conflict, and in domains where sovereignty is enforced incrementally.
The shift has exposed a chronic mismatch between how the United States defines its defense priorities and how it allocates resources and respect. While defense discourse continues to stubbornly emphasize power projection and high-end conflict, many of today’s challenges revolve around the more modest and rote enforcement of U.S. territorial integrity and national sovereignty—functions that are vital to U.S. strategic objectives yet lack the optical prestige of winning wars abroad.
Sitting at the center of this gap between prestige and need is the U.S. Coast Guard, whose mission profile aligns directly with America’s most important strategic objectives—the enforcement of sovereignty and homeland defense—yet remains strategically undervalued because its work rarely resembles the celebrated and well-funded styles of conventional warfighting. In an era of increased gray-zone competition and persistent coercion, the failure to properly appreciate the Coast Guard threatens real strategic fallout.
In the third decade of the 21st century, U.S. defense planning remains heavily oriented toward expeditionary warfighting and high-end kinetic conflict. Budget conversations still revolve around Ford-class supercarriers, F-35 fighters, and A2/AD penetration. This orientation shapes not only force design and budget allocations, but also institutional prestige and political capital. The services associated with visible combat power, with the Ford-class and the F-35, continue to dominate strategic discourse—even as many of the most persistent security challenges confronting the United States unfold close to home, in the gray-zone, without the need for fifth-generation air power or heavy armor.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
At the most basic level, any nation’s military exists primarily to defend territorial integrity, enforce sovereignty, and protect the homeland. Power projection, forward presence, and deterrence abroad are important—but they are secondary functions derived from the primary purpose of homeland defense. Yet U.S. defense discourse often treats homeland defense as a background condition when it should be revered as the first priority. The result is a blind spot in how security resources are evaluated and allocated.
The Coast Guard operates at a unique point where law enforcement, military authority, and sovereign enforcement all converge. On any given day, the Coast Guard may board foreign-flagged vessels suspected of sanctions violations, police maritime borders against illicit trafficking, secure ports that underpin global supply chains, and maintain a persistent presence in contested spaces, like the Arctic, without inviting escalation. The Coast Guard is equipped to intercept illegal fishing fleets, escort commercial shipping through sensitive waterways, and assert jurisdiction in legally ambiguous areas. These activities rarely resemble traditional warfighting, they rarely result in a Hollywood blockbuster, and they can be accomplished without nuclear-powered submarines or intercontinental ballistic missiles. But these are not peripheral activities—they are arguably amongst the most important daily functions the U.S. military undertakes.
Distinct among the military branches, the Coast Guard operates under a legal framework that is uniquely suited to today’s security environment. Under Title 14 status, the Coast Guard falls within the Department of Homeland Security, conducting law enforcement and regulatory missions on a daily basis. Yet, when needed, the service can transition to Title 10 status, under the Department of Defense, and operate as an armed service when required. This agility allows the Coast Guard to remain continuously engaged across the spectrum of competition, whether enforcing U.S. law in peacetime, managing escalation in gray-zone encounters, or integrating seamlessly into military operations. Few other elements of U.S. power can move so fluidly between legal regimes.
Still, despite such strategic relevance, the Coast Guard suffers from a persistent optical problem. U.S. defense culture has long privileged services and missions associated with visible, kinetic combat—those that lend themselves to clear narratives of victory, sacrifice, and heroism. The Coast Guard’s work rarely fits that cinematic mold. Its success is measured not in territory seized or targets destroyed, but in disruptions prevented, borders enforced, and crises that never materialize. Inherently quiet work with outcomes that reflect a force operating exactly as designed, although without generating institutional prestige or political support. In a system that rewards the loudest and the brightest, the Coast Guard’s quiet enforcement of sovereignty is easy to overlook.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
Continuing to overlook the value of the Coast Guard carries strategic consequences. Specifically, persistent underinvestment in the Coast Guard weakens maritime domain awareness, reduces sustained presence in key waterways, and narrows the set of tools available to manage gray-zone competition. As adversaries increasingly rely on legal ambiguity, deniable actors, and incremental pressure to test U.S. resolve, gaps in enforcement become opportunities. In this environment, the absence of credible, continuous sovereignty enforcement invites probing behavior that becomes harder to deter over time.
Advocacy for the Coast Guard does not require reassigning prestige, or elevating one service at the expense of others. It is merely an argument for strategic alignment. If territorial integrity, sovereignty enforcement, and homeland defense are truly core national-security priorities, then the institutions most directly responsible for those missions should be treated accordingly. As competition increasingly unfolds in the gray-zone between peace and war, the United States will need forces designed not only to win conflicts—but to prevent them from starting in the first place.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
“I would never wish death upon anyone, but I have read some obituaries with great satisfaction.” - Winston Churchill
OPINION -- I associate myself with at least the latter part of that quote from Winston Churchill with regard to Aldrich Ames. To my knowledge, I met Ames on only one occasion. It was during a cocktail party in 1989 or 1990 when he oversaw the CIA operations group responsible for what was then Czechoslovakia. I have no clear recollection of that event, but I was later told that fellow traitor Robert Hanssen was also in attendance. If so, to paraphrase Shakespeare: ‘Hell was empty and the devils were there’.
While I can recall little about meeting Ames at that party, my colleagues and I lived – and still live – with the consequences of his betrayal. The loss of an agent is a very personal thing for those responsible for securely handling him or her. I saw that impact up close early on in my career.
Toward the end of my training as an operations officer in late 1982, I was summoned to the office of the then-chief of Soviet Division (SE). In that era, a summons to a meeting with any Division Chief - much less the head of what was then the most secretive operational component – could be unnerving for any junior officer. The initial moments of my appointment with then-C/SE, Dave Forden, were appropriately unsettling. He began by asking me whether I had stolen anything lately. Having never purloined anything ever, I was taken aback. After I answered no, he asked if I could pass a polygraph exam. Again surprised, I responded that I could the last time I took one. ‘Good’, Forden said, ‘you are coming to SE to replace Ed Howard in Moscow’. Howard, whom I had met during training, had been fired from CIA for a variety of offenses. He later defected to the USSR, betraying his knowledge of CIA operations and personnel to the KGB.
After completing training, I reported to SE Division. Shortly thereafter, I was told I would not be going to Moscow after all. Instead, I was informed, I would be going to Prague. Initially, I was a bit disappointed not to have a chance to test my skills against our principal adversary. In hindsight, however, that change in plan was fortuitous. While I could not know it at the time, my SE colleagues who went to Moscow would be there during the grim mid-1980’s period in which our agents were being rolled-up by the KGB. Many CIA officers involved with those cases would have to live for years thereafter wondering what had happened to their agents and whether anything they had done had contributed to their arrests and executions. My colleagues’ ordeals would only end with the revelation that one of our own was a spy.
But Ames was more than a spy. He was a killer. His career floundering and burdened by growing debt, Ames decided to solve his money problems by selling the identities of several low-level CIA agents to the KGB. Consequently, on April 16, 1985 he walked into the Soviet Embassy and passed on the following note: "I am Aldrich H. Ames and my job is branch chief of Soviet (CI) at the CIA. […] I need $50,000 and in exchange for the money, here is information about three agents we are developing in the Soviet Union right now.” He attached a page from SE Division's phone list, with his name underlined, to prove he was genuine. Within weeks, fearful that Soviet spy John Walker had been fingered by a CIA agent within the KGB, and worried that he might likewise be exposed, Ames decided to comprise all of the CIA and FBI Soviet sources he knew of. “My scam,” he later said, “was supposed to be a one-time hit. I was just going to get the fifty thousand dollars and be done with it, but now I started to panic.”
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
Accordingly, on June 13, 1985, Ames passed the Soviets what he called “the Big Dump.” That tranche of documents contained the identities of at least 11 CIA agents. Brave men who had risked all in deciding to serve freedom’s cause, many of them would be arrested, interrogated and ultimately executed.
Ames’s rationalization of this act says everything about the kind of man he was. “All of the people whose names were on my list knew the risks they were taking when they began spying for the CIA and FBI,” he said, before adding that, "They knew they were risking prison or death.”
He would repeatedly seek to justify his actions by claiming that his espionage for the USSR was morally equivalent to what Western services had long done against their adversaries. Oleg Gordievsky, a British spy within the KGB and one of the few agents betrayed by Ames who escaped, rightly rejected any such equivalency. "I knew,” he said, that “the people I identified would be arrested and put in prison. Ames knew the people he identified would be arrested and shot. That is one of the differences between us.”
Sentenced to prison, Ames would spend almost 32 years of his life behind bars. I like to think that punishment was worse than death. One hopes he whiled away hours in his cell thinking of what he’d done and the lives he took. He expressed contrition during the plea bargain and sentencing process to ensure leniency for his wife, Rosario, saying, for example, that, "No punishment by this court can balance or ease the profound shame and guilt I bear."
But I very much doubt the sincerity of such statements because he showed no signs of having a troubled conscience thereafter. Instead, in statements while incarcerated, Ames was at pains to give his actions a veneer of ideological justification. "I had,” he said, “come to believe that the espionage business, as carried out by the CIA and a few other American agencies, was and is a self-serving sham, carried out by careerist bureaucrats who have managed to deceive several generations of American policy makers and the public about both the necessity and the value of their work.”
“There is an actuarial certainty that there are other spies in U.S. national security agencies and there always will be.” That statement by former CIA Chief of Counterintelligence Paul Redmond in the wake of the Ames and Hanssen cases reflects a grim reality of the intelligence profession.
Nonetheless, when I joined CIA, it was accepted wisdom that the Agency had never had, and could never have, a spy in its ranks. With the benefit of hindsight, it is hard to understand how such a naïve conviction could have taken hold given the repeated penetration of our predecessor organization, the Office of Strategic Services (OSS), and our British counterparts by Soviet intelligence. “There will,” as CIA Chief of CI James J. Angleton said, “always be penetrations…it is a way of life. It should never be thought of as an aberration. Anyone who gets flustered is in the wrong business.”
Perhaps the downplaying of such a possibility was a natural reaction to the overreach of Angleton himself with his ‘HONETOL’ spy hunts which hindered the Agency’s ability to mount operations against the Soviets for years at the height of the Cold War. It was certainly a reflection of institutional arrogance.
Whatever the reason, the idea that a foreign intelligence service could recruit a serving CIA officer as a spy was inconceivable to many. That mindset makes the accomplishment of Redmond and the Agency team led by Jeanne Vertefeuille, concluding that reporting from a Soviet mole – ultimately determined to be CIA officer Aldrich Ames – was the cause of the losses, all the more remarkable.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
The years-long hunt for the agent the KGB called “KOLOKOL” (‘Bell’) ended on February 21, 1994 with the arrest of Ames by the FBI. The assessment of the damage that Ames had inflicted on U.S. national security in exchange for some $2.5 million from Moscow was, not surprisingly, extensive. Even in the analogue era, he was able to pass along voluminous documentary and oral reporting to Moscow. This included reporting on his own debriefing of Vitaliy Yurchenko, who defected briefly to U.S. before returning to the USSR.
But it was the review of Ames’s role in compromising our courageous agents that struck home with us. Their sacrifice is commemorated by the CIA ‘Fallen Agent Memorial’ and other memorials within Agency spaces. And one hopes that someday the Russian people, too, will come to realize that Military/Technical researcherAdolf G. Tolkachev (GTVANQUISH); KGB Line PR officer Vladimir M. Piguzov (GTJOGGER); KGB Line PR officer Leonid G. Poleschuk (GTWEIGH); GRU officer Vladimir M. Vasilyev (GTACCORD); GRU officer Gennadiy A. Smetanin (GTMILLION); KGB Line X officer Valeriy F. Martynov (GTGENTILE); KGB Active Measures specialist Sergey M. Motorin (GTGAUZE); KGB Illegals Support officer Gennadiy G. Varenik (GTFITNESS); KGB Second Chief Directorate officer Sergey Vorontsov (GTCOWL); and the highest-ranking spy run by the U.S. against the USSR; GRU General Dmitry F. Polyakov (TOPHAT, BOURBON and ROAM); sacrificed everything for them and for their country.
“The life of the dead,” Marcus Tullius Cicero wrote, “is placed in the memory of the living.” For my part, I will remember Ames as the base traitor he was and the men he killed as the heroes they were.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
EXPERT OPINION — Rule by proxy just isn’t as simple as the Trump Administration wants to make it sound. While the long-term goals of the Administration in Venezuela are unclear, the tools they appear to want to use are not.
First, the Administration seems to want to dictate policy to the Delcy Rodriguez government through threats of force, which President Trump recently highlighted by suggesting that he had called off a second strike on Venezuela because the regime was cooperating.
Second, the Trump Administration has stated that it will control the oil sales “indefinitely” to, in the words of the Secretary of Energy, “drive the changes that simply must happen in Venezuela.”
Leaving aside the legality and morality of using threats of armed force to seize another country’s natural resources and dictate an unspecified set of “changes”, this sort of rule from a distance is unlikely to work out as intended.
First, attempting to work through the Venezuelan regime will drive a number of choices that the Administration does not appear to have thought through. Propping up an authoritarian regime that is deeply corrupt, violent, and wildly unpopular will over time increasingly alienate the majority of the Venezuelan people and undermine international legitimacy.
Regime leaders, and the upper echelons of their subordinates, are themselves unlikely to quietly depart power or Venezuela itself without substantial guarantees of immunity and probably wealth somewhere else. Absent that, they will have every incentive to throw sand in the works of any sort of process of political transition. Yet facilitating their escape from punishment for their crimes with some amount of their ill-gotten gains is unlikely to be acceptable to the majority of the Venezuelan people.
Elements of the regime have already taken steps to crack down on opposition in the streets. The Trump Administration is going to decide how much of this sort of repression is acceptable. Too much tolerance of repression will harm the already-thin legitimacy of this policy, particularly among the Venezuelan people, the rest of the hemisphere, and those allies the Administration hasn’t managed to alienate. Too little tolerance will encourage street protests and potentially anti-regime violence and threaten regime stability.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
Opposition leader Maria Corina Machado has announced that she plans to return to Venezuela in the near future, which could highlight the choices the Administration faces. Some parts of the Rodriguez government will want to crack down on her supporters and make their lives as difficult as possible. The Trump Administration is going to have to think hard about how to react to that.
The tools of violence from a distance, or even abductions by Delta Force from over the horizon, are not well calibrated to deal with these dilemmas.
The Venezuelan regime appears to be heavily factionalized and punishing Delcy Rodriguez, which President Trump has threatened, could benefit other factions, for example, the Minister of the Interior or the Minister of Defense, both allegedly her rivals for power.
Unless the Administration can count on perfect intelligence about what faction is responsible for each disfavored action and precisely and directly respond, we are likely to see different factions, and even elements of the opposition, undertake “false flag” activity intended to cause the U.S. to strike their rivals.
Actions to punish or compel the regime also run the risk of collateral damage, in particular civilian casualties which will undermine support for U.S. policy both in Venezuela and abroad and potentially bolster support for the regime. And intelligence on the ground is not going to be perfect and airstrikes or raids will almost certainly cause collateral damage despite the incredible capabilities of the U.S. intelligence community and the U.S. military.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
Secondly, assuming that the Administration doesn’t intend to use the proceeds of sales of Venezuelan oil to build the White House ballroom, it’s unclear what mechanisms they plan to use to ensure that those proceeds benefit the Venezuelan people.
The Venezuelan regime is deeply corrupt. Utilizing the Venezuelan government to distribute proceeds from oil sales is just a way of ensuring that regime elites continue to siphon off cash or use that money to reward their followers, punish their opponents, or coopt potential rivals by buying them off.
Assuming that the U.S. could, in fact, somehow track the vast majority of the funds from oil sales and ensure that they are not misused, this would again undermine the unity and inner workings of a regime built on buying off factions and elites. That would likely encourage those factions to find other ways of extracting funds—for example, increased facilitation of drug shipments or shakedowns of local firms supporting the reconstruction of the oil sector.
Yet the U.S. is not at all likely to have a granular view of what happens to that money. The U.S. intelligence community, while capable of a great many things, cannot track where most of these funds go or who is raking off how much.
In Iraq and Afghanistan, where the U.S. had tens of thousands of soldiers, spies, advisors, and bureaucrats and was directly funding large parts of those governments, staggering levels of corruption existed and at times, helped fund warlords and faction leaders who undermined stability. We even managed to fund our adversaries at times.
In Venezuela, by contrast, we might have an embassy.
Unless the problem of how to monitor where the money goes can be solved, the U.S. will be supporting and funding a corrupt regime that feathers its own nest and undermines the transition to democracy.
Ruling from a distance, or even trying to force a political transition from a distance, drives a number of choices that the Administration clearly hasn’t thought through. And the tools the Administration is choosing to use; force from over the horizon and the control over the flow of some funds, aren’t matched well enough or sufficiently nuanced to accomplish the ends they claim to want to achieve.
Given that, it’s unlikely this will end well.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
EXPERT PERSPECTIVE — As Russia continues it's brutal bombardment of Ukrainian cities, talks between Moscow and the U.S. to end the war appear on very different trajectories.White House envoy Steve Witkoff is reportedly planning another trip to Moscow to meet with Russian President Vladimir Putin as Moscow's winter attacks continue unabated.
This week, Russia launched hundreds of drones and dozens of missiles on cities across Ukraine, killing at least four people and striking critical energy and heat infrastructure. In the capital, Kyiv, residents are facing temperatures as low as 10 degrees farenheit without electricity or water.
On December 30, 2025, Moscow claimed a Ukrainian drone attack targeted Russian President Vladimir Putin's residence. Russian Foreign Minister Sergei Lavrov threatened his country's military would launch "retaliatory strikes" and said Moscow's "negotiating position will be revised” in ongoing talks. Ukrainian President Volodymyr Zelensky rejected the claimed drone attack as “a complete fabrication”, and sources say the CIA assessed that Ukraine was not targeting the Russian leader's residence in the attack.
President Trump said in December that the U.S. was “very close” to a deal. So, what's happening?
Throughout the latest push for peace, Russia seems to conveniently reset the clock, demanding further talks as it continues its bombardments and assaults across Ukraine.
“This Russian strike sends an extremely clear signal about Russia’s priorities,” Zelensky said in a post on X referring to a strike on December 23 that killed three people and injured 12. Zeleneky condemned the attack “ahead of Christmas, when people simply want to be with their families, at home, and safe.”
That strike came just days after Putin told Russian defense ministry officials that Moscow will persist in its mission to “liberate its historic lands” and achieve its war goals “unconditionally” — by negotiations for an agreement in Moscow’s favor, or through continued war.
The continued Russian attacks and Putin’s bellicose language underscore a pattern that has defined Russia’s position on “peace” throughout its full-scale invasion of Ukraine: not budging from maximalist demands, blaming Kyiv for the lack of progress, and leveraging Western fears of escalation to World War Three.
The hardline from Putin comes as Ukraine has offered significant concessions, including Ukraine dropping NATO membership ambitions, for at least the time being, as well as a potential withdrawal of Ukrainian troops from the east and the creation of a demilitarized “free economic zone.” The latest reports say Russia still wants more, including more stringent restrictions on the size of Ukraine’s military.
“The Ukrainians have been saying for over a year that they are ready to come to an agreement. They are ready to be realistic and compromise,” Glenn Corn, a former senior CIA Officer told The Cipher Brief. “It’s the Russians that are not doing that. It’s the Russians that continue to push maximalist demands and that continue to scuttle the peace process — not the Ukrainians.”
Through the eyes of seasoned intelligence professionals who have studied Putin's actions for decades, the continued attacks despite peace talks are hardly surprising. “Putin has never been sincere about a negotiated solution to his ‘Special Military Operation,’” said Rob Dannenberg, former Chief of CIA’s Central Eurasia Division.
Russia is also continuing offensive pushes on multiple fronts, including in the regions it claimed to annex - Kherson, Zaporizhzhia, Luhansk and Donetsk, where the embattled strategic city of Pokrovsk is - as well as in the northern Kharkiv region. Experts warn Putin’s ambitions go far beyond.
“We've got Putin on the other side of it and the reality is he has not taken one single step towards a temporary ceasefire or a peace deal whatsoever,” General Jack Keane (Ret.), who served as Vice Chief of Staff of the U.S. Army and is a trusted advisor to President Donald Trump, told Fox News. “Where he is, he still believes that eventually he's going to break the will and resolve of the United States and the Europeans and the Zelensky government and he will eventually have his way here,” Keane said, adding that Putin’s ultimate war goal is to “topple the government of Ukraine and expand into Eastern Europe.”
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
A Tested Playbook
Russia has long used the pretense of openness to negotiations as a tool to deceive, delay, and fracture Western support for those Moscow is targeting. The pattern was visible in Georgia in 2008 and again in Crimea in 2014, when Moscow signaled willingness to talk even as it consolidated military gains on the ground, buying time and weakening Western responses.
“I always use the example of Syria during the Civil War when they [Russian forces] were killing members of the Syrian opposition while they were drinking wine and coffee with American and European interlocutors in Europe, claiming that they were trying to find an agreement,” Corn told The Cipher Brief.
Indeed, behind any Russian statement of openness to engagement and dialogue, Putin has continued to assert that Ukraine is part of Russia, that the government of Zelensky is illegitimate, and that Russian forces can achieve victory on the battlefield to justify his stonewalling — despite mounting costs for Russia and limited territorial gains.
“Putin’s strategy has been consistent: advance false narratives; adopt a non-negotiable maximalist position and make ever-increasing demands for concessions; take deliberate actions to erode U.S., Ukrainian, and NATO resolve and perceived options; employ implicit and explicit threats and intimidation; and offer false choices,” former CIA Senior Executive Dave Pittstold The Cipher Brief.
“Taken together, these represent Russian ‘reflexive control’—a subset of cognitive warfare and a strategy designed to persuade adversaries to voluntarily adopt outcomes favorable to Russia,” Pitts told us. “In the face of unreasonable sovereignty and territorial demands placed on Ukraine and none placed on Russia, an emboldened and confident Putin will now likely demand even more.”
A Hesitant West
How did we get here? Some experts say a long-running pattern of Western hesitation in keeping Russia in check has emboldened Moscow. It’s not hard to remember that at the start of the full-scale invasion, Western countries were slow to provide full military support to Ukraine, concerned about a possible wider escalation.
Retired General Philip Breedlove, former NATO Supreme Allied Commander, told The Cipher Brief, “We have taken precious little action to stop the fight in Ukraine and we still find ourselves saying, ‘We're not going to do that because we've got to give peace a chance and we don't want to escalate the problem.’ And that formula is not working now and has not worked for 11 years.”
“We have virtually enabled the Russian war on Ukraine by our lack of action in a more severe way. Many of us from military backgrounds say that we have built sanctuary for Russia. From that sanctuary, we allow them to attack Ukraine.”
Experts warn that while the goal should be, as President Donald Trump has said, “to stop the killing,” awarding concessions to a Kremlin that has yet to drop its maximalist war aims is not the solution.
“The Trump Administration’s desire to end the violence in Ukraine is commendable, but not at the price of setting the stage for the next war by giving victory to the aggressor,” Dannenberg told The Cipher Brief.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
The Road Ahead
With peace talks ongoing, it is proving difficult to come up with a deal that does not force Ukraine to give too much while ensuring the proposal does not push Russia to reject the deal outright.
But beyond the negotiating table, experts say there are ways to pressure Putin to peace.
Ukraine is not waiting, continuing strikes on Russian energy infrastructure to curb energy export revenues that fund Moscow’s war machine, and bringing the cost of the war back to ordinary Russians.
For the U.S. and Europe, major sanctions on Russia - including new measures against Russian oil giants Rosneft and Lukoil - are already in place and reportedly starting to take their toll, but experts say stronger enforcement is needed to make them truly bite.
Maintaining military aid to Ukraine is also essential. In mid-December, Congress passed a defense bill that authorizes $800 million for Ukraine - $400 million in each of the next two years - as part of the Ukraine Security Assistance Initiative, which pays U.S. companies to produce weapons for Ukraine's military. President Trump signed the measure into law on December 18. Meanwhile, while Europeans failed to agree to use frozen Russian assets to back a loan for Ukraine, the EU agreed to a 90 billion euro loan over the next two years, backed by the bloc’s budget.
"The Trump Administration should demonstrate its displeasure at Russia’s clear disregard for any so-called peace process by fully enforcing all existing sanctions, providing Ukraine with long-range weapons, and declaring that peace negotiations are suspended until Russia demonstrates it is serious about these negotiations," General Ben Hodges, former Commanding General of U.S. Army Europe, told The Cipher Brief. "Otherwise, the President’s efforts and those of his negotiators are clearly a waste of time and headed nowhere."
European countries have also fortified post-war pledges to Ukraine. Britain and France have committed to sending troops to a peacekeeping mission -- if a peace deal is reached. Experts U.S. intelligence, command and control, and logistics support is needed to give any European effort credibility.
The impact will be felt far beyond Ukraine, and long after the guns there go silent.
“For the United States, the best outcome will come from taking the longer, harder road that denies any reward for Russia’s illegal invasion, forces Putin to make reasonable concessions, and sustains the long-term sovereignty and independence of Ukraine,” Pitts said. “That longer, harder road also leads to stronger U.S. national security.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief.
OPINION — The White House this past November issued a Presidential action statement designating certain Muslim Brotherhood “chapters” as terrorist organizations. On Tuesday, the U.S. State Department and U.S. Treasury Department announced the designations of the Lebanese, Jordanian, and Egyptian chapters of the Muslim Brotherhood as terrorist organizations. The Egyptian and Jordanian chapters received a Specially Designated Global Terrorist (SDGT) designation. The Lebanese chapter received both the SDGT designation and a Foreign Terrorist Organization (FTO) designation.
In the spring of 2019, Washington, responding to mounting pressure by Egyptian President Abdel Fattah al-Sisi, decided to brand the Egyptian Muslim Brotherhood (MB) a terrorist organization. There was no mention of “chapters” outside Egypt.
Having followed the MB and interviewed many of its members for years during my government service, I published an article in 2019 questioning the underlying assumptions of the plan. This article is a revised version of my 2019 piece.
I argued in the 2019 piece that the administration’s decision at the time did not reflect a deep knowledge of the origins of the Muslim Brotherhood and its connection to Muslim societies and political Islam.
In the fall of 2025, the leaders of the United Arab Republic, Jordan, Bahrain, and Lebanon pressured the administration to label the MB a terrorist group.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
Context
The Egyptian Muslim Brotherhood was founded by schoolteacher Hassan al-Banna in 1928 in response to two fundamental realities: First, Egypt was under the influence of British colonialism embodied in the massive British military presence near the Suez Canal. Second, under the influence of the pro-Western corrupt monarchy lead first by King Fuad and later by his son King Faruk, the MB’s founder believed that Muslim Egypt was drifting away from Islam. Egypt of course is the home of Al-Azhar University, the oldest Muslim academic center of learning in the world.
In addition, Al-Azhar University represents the philosophical and theological thought of the three major Schools of Jurisprudence in Sunni Islam—the Hanafi, the Maliki, and the Shafi’i Schools. The fourth and smallest School of Jurisprudence—the Hanbali—is embodied in the Wahhabi-Salafi doctrine and is prevalent in Saudi Arabia.
Al-Banna’s two founding principles were: a) Islam is the solution to society’s ills (“Islam hua al-Hal”), and b) Islam is a combination of Faith (Din), Society (Dunya) and State (Dawla). He believed, correctly for the most part, that these principles, especially the three Arabic Ds, underpin all Sunni Muslim societies, other than perhaps the adherents of the Hanbali School.
In the past 98 years, the Muslim Brotherhood has undergone different reiterations from eschewing politics to accepting the authority of Muslim rulers to declaring war against some of them to participating in the political process through elections.
Certain MB thinkers and leaders over the past nine decades, including the Egyptian Sayyid Qutb, the Syrian Muhammad Surur, and the Palestinian Abdullah Azzam, adopted a radical violent view of Islamic jihad and either allied themselves with some Wahhabi clerics in Saudi Arabia or joined al-Qa’ida. The organization itself generally stayed away from violent jihad. Consequently, it would make sense to label certain leaders or certain actions as terrorist but not the entire group or the different Islamic political parties in several countries.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
In the early 1990s, the Egyptian MB rejected political violence and declared its support for peaceful gradual political change through elections, and in fact participated in several national elections. While Islamic Sunni parties in different countries adopted the basic theological organizing principles of the MB on the role of Islam in society, they were not “chapters” of the MB.
They are free standing Islamic political groups and movements, legally registered in their countries, which often focus on economic, health, and social issues of concern to their communities. They are not tied to the MB in command, control, or operations.
Examples of these Sunni Islamic political parties include the AKP in Turkey, the Islamic Action Front in Jordan, Justice and Development in Morocco, al-Nahda in Tunisia, the Islamic Constitutional Movement in Kuwait, the Islamic Movement (RA’AM) in Israel, PAS in Malaysia, PKS in Indonesia, the Islamic Party in Kenya, and the National Islamic Front in Sudan.
During my government career, my analysts and I spent years in conversations with representatives of these parties with an eye toward helping them moderate their political positions and encouraging them to enter the mainstream political process through elections. In fact, most of them did just that. They won some elections and lost others, and in the process, they were able to recruit thousands of young members.
Based on these conversations, we concluded that these groups were pragmatic, mainstream, and committed to the dictum that electoral politics was a process, and not “one man, one vote, one time.” Because they believed in the efficacy and value of gradual peaceful political change, they were able to convince their fellow Muslims that a winning strategy at the polls was to focus on bread-and-butter issues, including health, education, and welfare, that were of concern to their own societies. They projected to their members a moderate vision of Islam.
Labeling the Muslim Brotherhood and other mainstream Sunni Islamic political parties as terrorist organizations could radicalize some of the youth in these parties and opt out of electoral politics. Some of the party leaders would become reticent to engage with American diplomats, intelligence officers, and other officials at U.S. embassies.
Washington inadvertently would be sending a message to Muslim youth that the democratic process and peaceful participation in electoral politics are a sham, which could damage American national security and credibility in many Muslim countries.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
OPINION — Current discussion of Russian "hybrid warfare" tends to revolve around concepts like disinformation, proxy militias, cyber operations, sabotage, and psychological manipulation designed to fragment, confuse, and demoralize Russia's opponents—and the respective roles these play in Russian military and national security doctrine. Yet one essential dimension remains underdeveloped in the broader debate: the organic integration of criminal structures and methods into Russia's strategic toolkit. Russia's system does more than merely operate in a "gray zone." It has become a gray state, sustained by an "Uber Krysha," a super-protection racket in which the Kremlin fuses its security apparatus with organized crime to project influence and intimidation both at home and abroad.
The enabling mentality behind this fusion can be directly tied to Russia's pre-revolutionary period. Although no longer ideologically communist, Russia's current ruling elite, led by President Vladimir Putin, has very much inherited the Bolsheviks' comfort with adopting criminal methods in the pursuit of regime objectives. Before 1917, Lenin's Bolshevik Party financed its operations partly through armed robberies justified as the expropriation of bourgeois wealth for the sake of the proletarian struggle. The Bolsheviks were revolutionary in ideology but gangster in practice, rationalizing robbery and violence not as moral lapses, but as necessary transgressions—crime rebranded as virtue in the service of power.
Furthermore, during the early years of the USSR, the communist regime was defiantly, even boastfully, dismissive in its rejection of “bourgeois” legal norms. Its November 1918 decree On Red Terror (yes, it was called that) is a good case in point. It formally authorized the secret police, the Cheka, to summarily arrest and execute perceived opponents of the revolution without trial, which it proceeded to do in the tens of thousands. In doing so, the new revolutionary state openly and unapologetically signaled to its people and to the world that it would not be bound by the ordinary moral limits of civilized life. Terror was not a regrettable excess, but a management tool. This was not moral confusion, it was moral disregard elevated to state policy, with a legacy that has left a deep imprint on the political DNA of contemporary Russia.
Even as the Soviet state engaged in its bloody ideological experiment, common criminality thrived in the workers' paradise. The inefficient Soviet economic system brought chronic scarcity, which, as it does everywhere, spawned smuggling and black-market behaviors. The state imposed tight controls, but the security services did not shy away from making expedient use of criminal gangs as instruments of control to help impose a brutal order among inmates in its sprawling GULAG camp system, or using petty thieves and prostitutes to report on dissidents and foreigners.
When the Soviet Union collapsed, however, these controls dissolved, and the roles suddenly reversed. In 1991 the Soviet security apparatus imploded, and many KGB and GRU officers migrated to the emerging oligarchic and criminal economy left in its wake. There they became security chiefs, "political technologists," oil traders, and gangsters, using their skills and muscle to help these entities provide a "krysha" (roof)—similar in meaning to "protection" in Western mafia parlance—by combining inside connections, intelligence tradecraft, violence, and financial engineering. When Putin—himself a KGB veteran whose purview over foreign trade and city assets as St. Petersburg’s Deputy Mayor brought him into contact with port rackets, fuel schemes, and the Tambov crime syndicate—rose to the presidency in 1999, he re-asserted state primacy not by dismantling this nexus, but by mastering it. Putin's Kremlin in effect became the Uber Krysha, the ultimate protection roof above the oligarchs, security chiefs, and crime bosses. The bargain was clear: enjoy your wealth and impunity, but serve the state—effectively Putin—when called. Loyalty was enforced not by law or shared purpose, but by leverage, fear, and mutual criminal exposure.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
What took place after 1991, however, was more than merely a case of inverted and re-inverted primacy. The unprecedented circulation of cadres that occurred during this period fostered a profound organizational and behavioral cross-pollination between intelligence, oligarchic, and criminal elements resulting in a qualitatively new and insidious mutation that is today’s Russia—Putin's Russia. The 1990s saw an outflow of KGB and GRU officers who "pollenated" the criminal/oligarchic economy with their tradecraft, tools, and government connections. Putin’s reconsolidation of state power in the 2000s then saw a return flow creating a "reverse-pollination" as ex-intelligence officers brought their new underworld relationships, financial channels, and expanded operational flexibility back to the security services.
Among contemporary scholars, the historian and journalist Mark Galeotti stands out as the leading theorist and interpreter of this phenomenon, pointing out how modern Russia's power projection depends on cultivating deniability through criminal intermediaries. Galeotti's concept of the Kremlin as a "political-criminal nexus" and his description of its global "crimintern" offers a crucial corrective to more conventional security studies frameworks. Where others see diffusion of state control as a weakness, Galeotti sees design—a pragmatic outsourcing of coercion and corruption to actors who maintain loyalty through mutual dependence. In this arrangement, the lines between mafia, mercenaries, business, and ministries are blurred.
Russia's asymmetric tactics abroad leveraging smuggling networks, compromising criminal entanglement (kompromat), cyber hacking, illicit financing, and global shadow operations by semi-private mercenary groups, like the Wagner Group and the Africa Corps, extend this logic internationally. Liaisons between the Russian intelligence and crime groups across Europe also give Moscow access to local networks for espionage, intimidation, and assassinations that can act faster, at lower cost, and with more deniability than professional intelligence officers. But while most analysts tend to focus on this as a blending of tools—military, intelligence, cyber, informational— Galeotti’s insight is sharper: the blend itself is criminal in nature, structurally fusing coercion, corruption, and deceit into a governing logic—not as a breakdown of state power, but as its deliberate expression. Yet you will never find this asymmetric dimension acknowledged in Russian doctrinal writings despite its widespread exploitation in Russian actions.
Policymakers in the Western democracies struggle mightily to wrap their minds around this phenomenon. Their siloed agencies—CIA for HUMINT, NSA for SIGINT/cyber, DOD for military, and FBI for crime, etc.—operate under strict legal separations between these domains to protect civil liberties. Effective in their respective arenas, they are vulnerable when adversaries operate across boundaries. Russia’s mafia-state collapses these distinctions and thrives in the weeds, exploiting moral disregard and legal ambiguity to create jurisdictional confusion and cognitive overload that stymie efforts at response.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
And yet for all its advantages, the inherent pathologies of this criminal-state fusion contain the seeds of its own decay. Its reliance on criminal intermediaries corrodes institutional coherence. Loyalty is transactional, not ideological, and emptied of moral meaning. The fates of figures like Yevgeniy Prigozhin and various siloviki-linked oligarchs demonstrate how rapidly beneficiaries can become threats once their ambitions outgrow the tolerance of the Center. Moreover, by incentivizing enrichment over competence, criminal methods undermine professionalism within the military, intelligence services, government bureaucracy, and the private sector. Corruption pervades procurement, logistics, and governance, eroding capacity even as it funds loyalty. This was clearly evident in the shocking underperformance of Russia's military and intelligence operations in Ukraine.
Internationally, what appears cunning in the short term produces isolation in the long term. Russia's growing reputation as a mafia state alienates legitimate partners, of which it now has few, and hollows out whatever moral legitimacy it once had. Putin's Uber Krysha model is unsustainable in the long run because it requires continuous motion. It cannot stand on genuine law or trust, only perpetual leverage and fear, with tools that must be continuously re-coerced. The Russian people and others who are caught in its reach exist in an environment of moral blackmail that breeds cynicism rather than solidarity. Galeotti's moral edge, implicit in his scholarship, lies in showing that the criminal state is not merely a threat to others, it is a tragedy for Russia itself.
To fully understand Russian asymmetric warfare today, we must appreciate its blending of the state and criminal domains and recognize that Moscow hasn't simply rewritten the rules of war for the gray zone, it has blurred the lines between law and criminality and has itself become a gray state. It is the malignant ethos of this new Russian Uber Krysha state—the normalization of moral disregard—that, more than any cyber weapon or troll farm, has become its most dangerous export.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
EXPERT OPINION — I amclosely watching the growing size and momentum of protesters across Iran’s cities, rural areas, and pious communities who are bravely and vocally rejecting the Supreme Leader’s broken policies. They have shined a light on Khamenei’s gross mismanagement of the economy and the severe multi-year drought; his constant agitation and hostile relations with neighbors; Iran’s loss of prestige and influence with coreligionist communities in Lebanon, Iraq, and Syria; his failures against foreign attacks; and his misguided alliance with Russia against Ukraine. Even regime loyalists have begun murmuring such complaints.
Regime instability indicators and warnings are blinking. I believe Iran’s revolutionary facade is crumbling, but into an uncertain future.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
As more protesters demand a better future, I am watching for evidence of leniency from their fathers, brothers, uncles, and schoolmates who work in the IRGC, the police, and even in the Basij. If such cracks appear, new non-revolutionary leaders could emerge as quickly as al-Sharaa rose to power in Syria.
Protesters, however, most likely lack experience running cities, provinces, and the federal government. New non-revolutionary leaders therefore probably would look to the U.S. for assurance and support – and right away.
If the protests produce a new Supreme Leader under a revolutionary Velāyat-e Faqih theocracy model, however, the future looks quite dark. Crackdowns would probably be quite harsh and swift, the nuclear program would most likely march on, and Tehran undoubtedly would keep funneling money and arms to trusted proxies that threaten the U.S. and Israel.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
I’ve been working on Iranian issues since 1979 as an academic, diplomat, intelligence officer, and now as a professor of practice. Nothing, in my view, would stabilize the region between the Black Sea, Eastern Mediterranean, and the Persian Gulf faster than a peaceful, non-nuclear and wealthy Iran that recognizes the state of Israel and distances itself from Russia.
Most pendulums eventually swing, and I am watching for this one to swing in support of the Iranian people finally having a chance to rejoin a community of free nations that value peace, prosperity, and democracy. If non-revolutionary leaders were to emerge, the West could finally and quickly work towards restoring a genuinely peaceful future that ends Tehran's nuclear weapons program; breaks its deadly alliance with Russia; terminates its costly support to Hizballah, Hamas, and the Houthis; and welcomes Iran into the community of nations as a responsible, wealth-producing global energy partner. May the pendulum swing decisively in these directions in 2026.
All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
OPINION — “After long and difficult negotiations with Senators, Congressmen, Secretaries, and other Political Representatives, I have determined that, for the Good of our Country, especially in these very troubled and dangerous times, our Military Budget for the year 2027 should not be $1 Trillion Dollars, but rather $1.5 Trillion Dollars. This will allow us to build the ‘Dream Military’ that we have long been entitled to and, more importantly, that will keep us SAFE and SECURE, regardless of foe.”
That was part of a Truth Social message from President Trump posted last Wednesday afternoon and illustrates the emphasis on increasing U.S. military power by him and top administration officials since the successful U.S. January 3, raid in Venezuela that captured its former-President Nicolas Maduro and his wife.
As it should, public attention has been focused on Trump’s apparent desire to project force as he publicly savors the plaudits arising from not only the Venezuela operation, but also the June 2025 Operation Midnight Hammer bombing of three Iranian nuclear facilities.
Most focus this past week has been paid to remarks Trump made to New York Times reporters during their more than two hour interview last Thursday.
At that time, when asked if there are any limits on his global powers, Trump said, "Yeah, there is one thing. My own morality. My own mind. It’s the only thing that can stop me.”
Trump added, “I don’t need international law. I’m not looking to hurt people.” Asked about whether his administration needed to abide by international law, Trump said, “I do,” but added, “it depends what your definition of international law is.”
Attention is also correctly being paid to remarks Trump’s Deputy Chief of Staff Stephen Miller made last Tuesday during an interview with CNN.
“We live in a world in which you can talk all you want about international niceties and everything else,” Miller told CNN’s Jake Tapper, “But we live in a world, in the real world … that is governed by strength, that is governed by force, that is governed by power. These are the iron laws of the world.”
It is against that Trump open-stress-on-power background that I will discuss below a few other incidents last week that could indicate future events. But first I want to explore Trump’s obsession with taking over Greenland, which was also illustrated during the Times interview.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
In 1945, at the end of World War II fighting in Europe, the United States had 17 bases and military installations in Greenland with thousands of soldiers. Today, there is only one American base – U.S. Pituffik Space Base in northwest Greenland, formerly known as Thule Air Base.
From this base today some 200 U.S. Air Force and Space Force personnel, plus many more contractors, carry out ballistic missile early warnings, missile defense, and space surveillance missions supported by what the Space Force described as an “Upgraded Early Warning Radar weapon system.” That system includes “a phased-array radar that detects and reports attack assessments of sea-launched and intercontinental ballistic missile threats in support of [a worldwide U.S.] strategic missile warning and missile defense [system],” according to a Space Force press release.
The same radar also supports what Space Force said is “Space Domain Awareness by tracking and characterizing objects in orbit around the earth.”
Under the 1951 U.S.-Denmark defense agreement, the U.S., with Denmark’s assent, can create new “defense areas” in Greenland “necessary for the development of the defense of Greenland and the rest of the North Atlantic Treaty area, and which the Government of the Kingdom of Denmark is unable to establish and operate singlehanded.”
The agreement says further: “the Government of the United States of America, without compensation to the Government of the Kingdom of Denmark, shall be entitled within such defense area and the air spaces and waters adjacent thereto to improve and generally to fit the area for military use.”
That apparently is not enough freedom for President Trump, still a real estate man. As he explained last week to the Times reporters, “Ownership is very important, because that’s what I feel is psychologically needed for success. I think that ownership gives you a thing that you can’t do with, you’re talking about a lease or a treaty. Ownership gives you things and elements that you can’t get from just signing a document.”
This long-held Trump view that he must have Greenland was explored back in 2021. After his first term as President, Trump was interviewed by Susan Glasser and Peter Baker for the book they were writing, and they asked Trump at that time why he wanted Greenland.
Four years ago, Trump explained, “You take a look at a map. So I’m in real estate. I look at a [street] corner, I say, ‘I gotta get that store for the building that I’m building,’ et cetera. You know, it’s not that different. I love maps. And I always said, ‘Look at the size of this [Greenland], it’s massive, and that should be part of the United States.’ It’s not different from a real-estate deal. It’s just a little bit larger, to put it mildly.”
For all Trump’s repeated threats to seize Greenland militarily, it’s doubtful that will happen. Secretary of State Marco Rubio is scheduled to meet with Danish and Greenland counterparts this week, and afterwards the situation should become clearer.
Context is another test for analyzing Trump statements, and that seems to be the case when looking at his call for a $1.5 trillion fiscal 2027 defense budget.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
Last Wednesday, hours before Trump made his Truth Social FY 2027 budget statement, the White House released an Executive Order (EO) entitled, Prioritizing The Warfighter In Defense Contracting. The EO called for holding defense contractors accountable and targeted those who engaged in stock buybacks or issued dividends while “underperforming” on government contracts. According to one Washington firm, the Trump EO represented “one of the most aggressive federal interventions into corporate financial decisions in recent memory.”
The EO caused shares of defense stocks to fall. Lockheed Martin fell 4.8%, Northrop Grumman 5.5%, and General Dynamics 3.6% during that afternoon’s stock exchange trading in New York. After the stock market closed, Trump released his Truth Social message calling for the $1.5 trillion FY 2027 defense budget and the next day, January 8, defense stocks experienced a sharp rebound. Lockheed Martin rebounded with gains of around 7%; Northrop Grumman rose over 8%; and General Dynamics gained around 4%.
Trump has not spoken publicly about the $1.5 trillion for FY 2027, but in his first message, he said the added funds would come from tariffs. He wrote, “Because of tariffs and the tremendous income that they bring, amounts being generated, that would have been unthinkable in the past, we are able to easily hit the $1.5 trillion dollar number.”
If that were not enough, Trump added that the new funding would produce “an unparalleled military force, and having the ability to, at the same time, pay down debt, and likewise, pay a substantial dividend to moderate income patriots within our country!”
What can be believed?
The nonpartisan Committee for a Responsible Federal Budget (CRFB) said the $500 billion annual increase in defense spending would be nearly twice as much as the expected yearly tariff revenue, and the spending increase would push the national debt $5.8 trillion higher over the next decade. CRFB added, “Given the $175 billion appropriated to the defense budget under the [2025] One Big Beautiful Bill Act (OBBBA), there is little case for a near-term increase in military spending.”
I should point out that the FY 2026 $901 billion defense appropriations bill has yet to pass the Congress.
One more event from last week needing attention involves Venezuela.
Last Tuesday January 6, 2026, as Delcy Rodriguez, former Vice President, was sworn in as Venezuela's interim president, General Javier Marcano Tabata. the military officer closest to Maduro as his head of the presidential honor guard and director of the DGCIM, the Venezuelan military counterintelligence agency, was arrested and jailed, according to El Pais Caracas.
Marcano Tabata was labeled a traitor and accused of facilitating the kidnapping of Maduro by providing the U.S. with exactly where Maduro and First Lady Cilia Flores were sleeping, and identifying blind spots in the Cuban-Venezuelan security ring protecting them, according to El Pais Caracas.
What’s the U.S. responsibility toward Marcano Tabata if the El Pais Caracas facts are correct ?
I want to end this column with another Trump statement last week that stuck in my mind because of its implications.
It came up last Friday after Trump, in the White House East Room, started welcoming more than 20 oil and gas executives invited to discuss the situation in Venezuela.
“We have many others that were not able to get in…If we had a ballroom, we'd have over a thousand people. Everybody wanted. I never knew your industry was that big. I never knew you had that many people in your industry. But, here we are.”
Trump then paused, got up and turned to look through the glass door behind him that showed the excavation for the new ballroom saying, “I got to look at this myself. Wow. What a view…Take a look, you can see a very big foundation that's moving. We're ahead of schedule in the ballroom and under budget. It's going to be I don't think there'll be anything like it in the world, actually. I think it will be the best.”
He then said the remark I want to highlight, “The ballroom will seat many and it'll also take care of the inauguration with bulletproof glass-drone proof ceilings and everything else unfortunately that today you need.”
Who, other than Trump, would think that the next President of the United States would need to hold his inauguration indoors, inside the White House ballroom, with bullet-proof windows and a roof that protects from a drone attack?
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
EXPERT PERSPECTIVE — Now comes the hard part in Venezuela. Dictator Nicolas Maduro and his wife are gone but the regime is still in power. Most Venezuelans, particularly in the diaspora, are pleased and relieved. Many are also apprehensive.
The Trump administration has decided to compel the cooperation of Maduro’s Vice President, Delcy Rodriguez, now interim president. It is not at all assured that she will be a reliable partner. The U.S. decision to work with those still in control was logical even if disappointing to some in the democratic opposition which, after all, won the presidential election overwhelmingly in late July of 2024. The opposition’s base of support dwarfs that of the regime but the military, intelligence services and police are all still loyal to the regime - at least for the time being. The Trump administration believes the cooperation of these elements of the regime will be necessary for the Trump administration to implement its plans for the country without further U.S. police and military actions on the ground.
Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
The Trump administration has said we will be taking over the oil sector and President Trump himself has announced his intention to persuade the U.S. private sector to return to Venezuela to rebuild the sector. Oil production in Venezuela has declined by two thirds since Hugo Chavez, Maduro’s predecessor, was elected in 1998. This unprecedented decline was due to incompetent management, undercapitalization and corruption. Had Chevron not opted to stay in the country under difficult circumstances, the production numbers would look even worse. Resurrecting the oil sector will take time, money and expertise. The return of the U.S. oil companies and the infusions of cash that will be required will only happen if an appropriate level of security can be established — and that will require the cooperation of the Venezuelan armed forces and police. Many senior leaders in those sectors are believed to have been deeply complicit in both the abuses and corruption of a government the United Nations said was plausibly responsible for “crimes against humanity.” Two of the regime figures most widely believed to have been, along with Maduro himself, the architects of the Bolivarian regime’s repressive governance are still in power, Minister of the Interior Diosdado Cabello and Minister of Defense General Vladimir Portino Lopez. They will need to be watched and not permitted to undermine U.S. efforts to rehabilitate the oil sector and orchestrate a return to legitimate, popularly supported and democratic government.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.
There are several considerations that the U.S. will need to keep in mind going forward. First, more than 80 percent of Venezuelans now live below the poverty line. Their needs must be addressed . Even the shrinking number of Venezuelans who aligned with the regime are hoping to see their lives improve. Between 2013 and 2023, the country’s GDP contracted by around 70 percent, some believe it may have been as much as 75 percent. As most of Venezuela’s licit economy is essentially moribund and the U.S. will be controlling oil exports, the poor will naturally look to the United States for help. Heretofore, the regime employed food transfers to keep the populace in line. That role should move to the NGO community, the church or even elements of the democratic opposition.
Indeed, it will be important to secure the cooperation of the opposition, notwithstanding the Trump administrations to work with Delcy Rodriguez and company as the opposition represents the majority of Venezuelans inside the country as well as out. It will also be necessary to pay the military and it is not at all clear that the regime elements still in place will have the money to do so once oil receipts are being handled by the United States. If the U.S. is to avoid the mistakes that followed the fall of Saddam Hussein, attending to the needs of the populace and paying the rank and file of the military should be priorities.
The Trump administration should also move as quickly as the security situation permits to reopen the U.S. embassy in Caracas. There is reporting out of Colombia that the U.S. Charge in Bogota has already made a trip to Caracas to evaluate the situation. This is a good thing. There is no substitute for on-the-ground engagement and observation.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
Asked if there were any restraints on his global powers, [President Trump] answered: “Yeah, there is one thing. My own morality. My own mind. It’s the only thing that can stop me.”
“I don’t need international law."
EXPERT PERSPECTIVE — Nicholas Maduro’s fate seems sealed: he will stand trial for numerous violations of federal criminal long-arm statutes and very likely spend decades as an inmate in the Federal Bureau of Prisons.
How this U.S. military operation that resulted in his apprehension is legally characterized has and will continue to be a topic of debate and controversy. Central to this debate have been two critically significant international law issues. First, was the operation conducted to apprehend him a violation of the Charter of the United Nations? Second, did that operation trigger applicability of the law of armed conflict?
The Trump administration has invoked the memory of General Manuel Noriega’s apprehension following the 1989 U.S. invasion of Panama, Operation Just Cause, in support of its assertion that the raid into Venezuela must be understood as nothing more than a law enforcement operation. But this reflects an invalid conflation between a law enforcement objective with a law enforcement operation.
Suggesting Operation Just Cause supports the assertion that this raid was anything other than an international armed conflict reflects a patently false analogy. Nonetheless, if - contrary to the President’s dismissal of international law quoted above – international law still means something for the United States - what happened in Panama and to General Noriega after his capture does have precedential value, so long as it is properly understood.
Parallels with the Noriega case?
Maduro was taken into U.S. custody 36 years to the day after General Manuel Noriega was taken into U.S. custody in Panama. Like Maduro, Noriega was the de facto leader of his nation. Like Maduro, the U.S. did not consider him the legitimate leader of his country due to his actions that led to nullifying a resounding election defeat of his hand-picked presidential candidate by an opposition candidate (in Panama’s case, Guillermo Endara).
Like Maduro, Noriega was under federal criminal indictment for narco-trafficking offenses. Like Maduro, that indictment had been pending several years. Like Maduro, Noriega was the commander of his nation’s military forces (in his case, the Panamanian Defense Forces, or PDF).
Like Maduro, his apprehension was the outcome of a U.S. military attack. Like Maduro, once he was captured, he was immediately transferred to the custody of U.S. law enforcement personnel and transported to the United States for his first appearance as a criminal defendant. And now we know that Maduro, like Noriega, immediately demanded prisoner of war status and immediate repatriation.
It is therefore unsurprising that commentators – and government officials – immediately began to offer analogies between the two to help understand both the legal basis for the raid into Venezuela and how Maduro was captured will impact his criminal case. Like how the Panama Canal itself cut that country into two, it is almost as if these two categories of analogy can be cut into valid and invalid.
Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
False Analogy to Operation Just Cause
Almost immediately following the news of the raid, critics – including me – began to question how the U.S. action could be credibly justified under international law?
As two of the most respected experts on use of force law – Michael Schmitt and Ryan Goodman - explained, there did not seem to be any valid legal justification for this U.S. military attack against another sovereign nation, even conceding the ends were arguably laudable.
My expectation was that the Trump administration would extend its ‘drug boat campaign’ rationale to justify its projection of military force into Venezuela proper; that self-defense justified U.S. military action to apprehend the leader of an alleged drug cartel that the Secretary of State had designated a Foreign Terrorist Organization. While I shared the view of almost all experts who have condemned this theory of legality, it seemed to be the only plausible rationale the government might offer.
It appears I may have been wrong. While no official legal opinion is yet available, statements by the Secretary of State and other officials seem to point to a different rationale: that this was not an armed attack but was instead a law enforcement apprehension operation.
And, as could be expected, Operation Just Cause – the military assault on Panama that led to General Noriega’s apprehension – is cited as precedent in support of this assertion. This effort to justify the raid is, in my view, even more implausible than even the drug boat self-defense theory.
At its core, it conflates a law enforcement objective with a law enforcement operation. Yes, it does appear that the objective of the raid was to apprehend an indicted fugitive. But the objective – or motive – for an operation does not dictate its legal characterization.
In this case, a military attack was launched to achieve that objective. Indeed, when General Caine took the podium in Mara Lago to brief the world on the operation, he emphasized how U.S. ‘targeting’ complied with principles of the law of armed conflict. Targeting, diversionary attacks, and engagement of enemy personnel leading to substantial casualties are not aspects of a law enforcement operation even if there is a law enforcement objective.
Nor does the example of Panama support this effort at slight of hand. The United States never pretended that the invasion of Panama was anything other than an armed conflict. Nor was apprehension of General Noriega an asserted legal justification for the invasion. Instead, as noted in this Government Accounting Office report,
The Department of State provided essentially three legal bases for the US. military action in Panama: the United States had exercised its legitimate right of self-defense as defined in the UN and CM charters, the United States had the right to protect and defend the Panama Canal under the Panama Canal Treaty, and U.S. actions were taken with the consent of the legitimate government of Panama
The more complicated issue in Panama was the nature of the armed conflict, with the U.S. asserting that it was ‘non-international’ due to the invitation from Guillermo Endara who the U.S. arranged to be sworn in as President on a U.S. base in Panama immediately prior to the attack. But while apprehending Noriega was almost certainly an operational objective for Just Cause, that in no way influenced the legal characterization of the operation.
International law
The assertion that a law enforcement objective provided the international legal justification for the invasion is, as noted above, contradicted by post-invasion analysis. It is also contradicted by the fact that the United States had ample opportunity to conduct a military operation to capture General Noriega during the nearly two years between the unsealing of his indictment and the invasion. This included the opportunity to provide modest military support to two coup attempts that would have certainly sealed Noriega’s fate.
With approximately 15,000 U.S. forces stationed within a few miles of his Commandancia, and his other office located on Fort Amador – a base shared with U.S. forces – had arrest been the primary U.S. objective it would have almost certainly happened much sooner and without a full scale invasion.
That invasion was justified to protect the approximate 30,000 U.S. nationals living in Panama. The interpretation of the international legal justification of self-defense to protect nationals from imminent deadly threats was consistent with longstanding U.S. practice.
Normally this would be effectuated by conducting a non-combatant evacuation operation. But evacuating such a substantial population of U.S. nationals was never a feasible option and assembling so many people in evacuation points – assuming they could get there safely – would have just facilitated PDF violence against them.
No analogous justification supported the raid into Venezuela. Criminal drug traffickers deserve no sympathy, and the harmful impact of illegal narcotics should not be diminished.
But President Bush confronted incidents of violence against U.S. nationals that appeared to be escalating rapidly and deviated from the norm of relatively non-violent harassment that had been ongoing for almost two years (I was one of the victims of that harassment, spending a long boring day in a Panamanian jail cell for the offense of wearing my uniform on my drive from Panama City to work).
With PDF infantry barracks literally a golf fairway across from U.S. family housing, it was reasonable to conclude the PDF needed to be neutered. Yet even this asserted legal basis for the invasion was widely condemned as invalid.
Noriega was ultimately apprehended and brought to justice. But that objective was never asserted as the principal legal basis for the invasion. Nor did it need to be. Operation Just Cause was, in my opinion (which concededly is influenced from my experience living in Panama for 3.5 years leading up to the invasion) a valid exercise of the inherent right of self-defense (also bolstered by the Canal Treaty right to defend the function of the Canal).
Nor was the peripheral law enforcement objective conflated with the nature of the operation. Operation Just Cause, like the raid into Venezuela, was an armed conflict. And, like the capture of Maduro, that leads to a valid aspect of analogy: Maduro’s status.
Like Noriega, at his initial appearance in federal court Maduro asserted his is a prisoner of war. And for good reason: the U.S. raid was an international armed conflict bringing into force the Third Geneva Convention, and Maduro by Venezuelan law was the military commander of their armed forces.
The U.S. government’s position on this assertion has not been fully revealed (or perhaps even formulated). But the persistent emphasis that the raid was a law enforcement operation that was merely facilitated by military action seems to be pointing towards a rejection. As in the case of General Noriega, this is both invalid and unnecessary: what matters is not what the government calls the operation, but the objective facts related to the raid.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? If not, you're missing out on insights so good they should require a security clearance.
Existence of an armed conflict
Almost immediately following news of the raid, the Trump administration asserted it was not a military operation, but instead a law enforcement operation supported by military action. This was the central premise of the statement made at the Security Council by Mike Waltz, the U.S. Ambassador to the United Nations. Notably, Ambassador Waltz stated that, “As Secretary Rubio has said, there is no war against Venezuela or its people. We are not occupying a country. This was a law enforcement operation in furtherance of lawful indictments that have existed for decades.”
This characterization appears to be intended to disavow any assertion the operation qualified as an armed conflict within the meaning of common Article 2 of the four Geneva Conventions of 1949. That article indicates that the Conventions (and by extension the law of armed conflict generally) comes into force whenever there is an armed conflict between High Contracting Parties – which today means between any two sovereign states as these treaties have been universally adopted. It is beyond dispute that this article was intended to ensure application of the law of armed conflict would be dictated by the de facto existence of armed conflict, and not limited to de jure situations of war.
This pragmatic fact-based trigger for the law’s applicability was perhaps the most significant development of the law when the Conventions were revised between 1947 and 1949. It was intended to prevent states from disavowing applicability of the law through rhetorical ‘law-avoidance’ characterizations of such armed conflicts. While originally only impacting applicability of the four Conventions, this ‘law trigger’ evolved into a bedrock principle of international law: the law of armed conflict applies to any international armed conflict, meaning any dispute between states resulting in hostilities between armed forces, irrespective of how a state characterizes the situation.
By any objective assessment, the hostilities that occurred between U.S. and Venezuelan armed forces earlier this week qualified as an international armed conflict. Unfortunately, the U.S. position appears to be conflating a law enforcement objective with the assessment of armed conflict. And, ironically, this conflation appears to be premised on a prior armed conflict that doesn’t support the law enforcement operation assertion, but actually contradicts it: Operation Just Cause.
Judge Advocates have been taught for decades that the existence of an armed conflict is based on an objective assessment of facts; that the term was deliberately adopted to ensure the de facto situation dictated applicability of the law of armed conflict and to prevent what might best be understood as ‘creative obligation avoidance’ by using characterizations that are inconsistent with objective facts.
And when those objective facts indicate hostilities between the armed forces of two states, the armed conflict in international in nature, no matter how brief the engagement. This is all summarized in paragraph 3.4.2 of The Department of Defense Law of War Manual, which provides:
Act-Based Test for Applying Jus in Bello Rules. Jus in bello rules apply when parties are actually conducting hostilities, even if the war is not declared or if the state of war is not recognized by them. The de facto existence of an armed conflict is sufficient to trigger obligations for the conduct of hostilities. The United States has interpreted “armed conflict” in Common Article 2 of the 1949 Geneva Conventions to include “any situation in which there is hostile action between the armed forces of two parties, regardless of the duration, intensity or scope of the fighting.”
No matter what the objective of the Venezuelan raid may have been, there undeniable indication that the situation involved, “hostile action between” U.S. and Venezuelan armed forces.
This was an international armed conflict within the meaning of Common Article 2 of the four Geneva Conventions of 1949 – the definitive test for assessing when the law of armed conflict comes into force. To paraphrase Judge Hoeveler, ‘[H]owever the government wishes to label it, what occurred in [Venezuela] was clearly an "armed conflict" within the meaning of Article 2. Armed troops intervened in a conflict between two parties to the treaty.’ Labels are not controlling, facts are. We can say the sun is the moon, but it doesn’t make it so.
Prisoner of war status
So, like General Noriega, Maduro seems to have a valid claim to prisoner of war status (Venezuelan law designated him as the military commander of their armed forces authorizing him to wear the rank of a five-star general). And like the court that presided over Noriega’s case, the court presiding over Maduro’s case qualifies as a ‘competent tribunal’ within the meaning of Article 5 of the Third Convention to make that determination.
But will it really matter? The answer will be the same as it was for Noriega: not that much. Most notably, it will have no impact on the two most significant issues related to his apprehension: first, whether he is entitled to immediate repatriation because hostilities between the U.S. and Venezuela have apparently ended, and 2. Whether he is immune from prosecution for his pre-conflict alleged criminal misconduct.
Article 118 of the Third Convention indicates that, “Prisoners of war shall be released and repatriated without delay after the cessation of active hostilities.” However, this repatriation obligation is qualified. Article 85 specifically acknowledges that, “[P]risoners of war prosecuted under the laws of the Detaining Power for acts committed prior to capture . . .”
Article 119 provides, “Prisoners of war against whom criminal proceedings for an indictable offence are pending may be detained until the end of such proceedings, and, if necessary, until the completion of the punishment. The same shall apply to prisoners of war already convicted for an indictable offence.”
This means that like General Noriega, extending prisoner of war status to Maduro will in no way impede the authority of the United States to prosecute him for his pre-conflict indicted offenses. Nor would it invalidate the jurisdiction of a federal civilian court, as Article 84 also provides that,
A prisoner of war shall be tried only by a military court, unless the existing laws of the Detaining Power expressly permit the civil courts to try a member of the armed forces of the Detaining Power in respect of the particular offence alleged to have been committed by the prisoner of war.” As in General Noriega’s case, because U.S. service-members would be subject to federal civilian jurisdiction for the same offenses, Maduro is also subject to that jurisdiction.
This would obviously be different if he were charged with offenses arising out of the brief hostilities the night of the raid, in which case his status would justify a claim of combatant immunity, a customary international law concept that protects privileged belligerents from being subjected to criminal prosecution by a detaining power for lawful conduct related to the armed conflict (and implicitly implemented by Article 87 of the Third Convention). But there is no such relationship between the indicted offenses and the hostilities that resulted in Maduro’s capture.
Prisoner of war status will require extending certain rights and privileges to Maduro during his trial and, assuming his is convicted, during his incarceration. Notice to a Protecting Power, ensuring certain procedural rights, access to the International Committee of the Red Cross during incarceration, access to care packages, access to communications, and perhaps most notably segregation from the general inmate population.
Perhaps he will end up in the same facility where the government incarcerated Noriega, something I saw first-hand when I visited him in 2004. A separate building in the federal prison outside Miami was converted as his private prison; his uniform – from an Army no longer in existence – hung on the wall; the logbook showed family and ICRC visits.
Concluding thoughts
The government should learn a lesson from Noriega’s experience: concede the existence of an international armed conflict resulted in Maduro’s capture and no resist a claim of prisoner of war status. There is little reason to resist this seemingly obvious consequence of the operation.
Persisting in the assertion that the conflation of a law enforcement objective with a law enforcement operation as a way of denying the obvious – that this was an international armed conflict – jeopardizes U.S. personnel who in the future might face the unfortunate reality of being captured in a raid like this.
Indeed, it is not hard to imagine how aggressively the U.S. would be insisting on prisoner of war status had any of the intrepid forces who executed this mission been captured by Venezuela.
There is just no credible reason why aversion to acknowledging this reality should increase the risk that some unfortunate day in the future it is one of our own who is subjected to a ‘perp walk’ as a criminal by a detaining power that is emboldened to deny the protection of the Third Convention.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.
DEEP DIVE — Federal prosecutors in Texas, in December, unsealed charges and related details exposing a sprawling scheme that quietly siphoned some of America’s most powerful artificial intelligence chips into China.
According to court filings, a Houston businessman and his company orchestrated a $160 million smuggling operation that moved thousands of NVIDIA’s top-tier processors overseas, evading U.S. export controls through falsified shipping records and shell transactions.
Hao Global and its founder, Alan Hao Hsu, pleaded guilty on October 10, 2025, to participating in smuggling and unlawful export activities, including knowingly exporting and attempting to export at least $160 million in Nvidia H100 and H200 GPUs between October 2024 and May 2025. Investigators say the operation was funded by more than $50 million in wire transfers originating from China, and the U.S. has seized over $50 million in Nvidia hardware and cash as part of the broader investigation, with the seizures tied to the overall network, not solely this defendant’s operation.
The operation reveals a broader strategy: if you can’t build it, take it. With a blend of state-run espionage and corporate infiltration, China has turned technology acquisition into an art form. Their ‘all-of-the-above’ approach has allowed their AI sector to grow even as export bans tighten. By sourcing the hardware from elsewhere, Beijing has made the lack of domestic chip manufacture moot.
The Corporate Insider Pipeline
The same month that prosecutors announced the NVIDIA chip smuggling charges, the Department of Justice filed a superseding indictment against Linwei Ding, a former Google software engineer accused of stealing over 1,000 confidential files containing trade secrets related to Google’s AI infrastructure. According to the indictment, Ding uploaded the files to his personal cloud account between May 2022 and May 2023 while secretly working for two China-based technology companies.
It is believed that the stolen materials included detailed specifications of Google’s Tensor Processing Unit chips and Graphics Processing Unit systems, as well as the software platform that orchestrates thousands of chips into supercomputers used to train cutting-edge AI models.
Ding allegedly circulated presentations to employees of his Chinese startup, citing national policies encouraging domestic AI development, and applied to a Shanghai-based talent program, stating that his company’s product “will help China to have computing power infrastructure capabilities that are on par with the international level.”
Within weeks of beginning the theft, Ding was offered a chief technology officer position at Beijing Rongshu Lianzhi Technology with a monthly salary of approximately $14,800 plus bonuses and stock. He traveled to China to raise capital and was publicly announced as CTO. A year later, he founded his own AI startup, Zhisuan, focused on training large AI models. Ding never disclosed either affiliation to Google.
After Google detected unauthorized uploads in December 2023, Ding vowed to save the files as evidence of his work. Nonetheless, he resigned a week later after booking a one-way ticket to Beijing. Security footage revealed that another employee had been scanning Ding’s access badge to give the appearance that he was working there during extended trips to China. Ding faces up to 175 years in prison on 14 counts: economic espionage and theft of trade secrets.
Ding has pleaded not guilty to the charges on multiple occasions. He entered a not guilty plea in March 2024 to the original four counts of trade secret theft, and again pleaded not guilty through his attorney, Grant Fondo, in September 2025 to the expanded superseding charges — including seven counts each of economic espionage and trade secret theft. Fondo has actively represented Ding in court proceedings, including a successful June 2025 motion to suppress certain post-arrest statements due to alleged Miranda violations, though no extensive public explanatory statements from the attorney or Ding appear beyond these court actions and pleas.
The federal trial in San Francisco began in early January 2026, with jury selection reported around January 8, and Ding remains presumed innocent until proven guilty.
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
AI-Powered Cyber Espionage at Scale.
The threat escalated dramatically in September 2025 when Anthropic detected what it describes as the first fully automated cyberattack using artificial intelligence to breach corporate networks. Chinese state-sponsored hackers conducted the campaign, which Anthropic assessed with high confidence, targeted approximately 30 organizations, including technology firms, financial institutions, chemical manufacturers, and government agencies.
The attackers manipulated Anthropic’s Claude Code tool into executing 80 to 90 percent of the operation autonomously. Claude’s safety guardrails were bypassed by jailbreaking the system, disguising malicious tasks as routine cybersecurity tests, and breaking attacks into small, seemingly innocent steps that conceal their broader objectives. Once compromised, the AI system independently conducted reconnaissance, identified valuable databases, wrote custom exploit code, harvested credentials, created backdoors, and exfiltrated data with minimal human supervision.
“The AI made thousands of requests per second—an attack speed that would have been, for human hackers, simply impossible to match,” Anthropic stated in its analysis.
“This case is a huge concern for other companies that have almost fully adopted AI in their business operations,” JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief. “Instead of just using AI to draft phishing emails or assist human hackers, the perpetrators gave Claude direct instructions to carry out multi-stage operations on its own.”
The implications extend far beyond technical sophistication.
“An AI operator doesn’t have to sleep or take breaks moving at machine speed; the agent can do the work of dozens or more hackers, tirelessly and even without error, launching constant attacks that even human defenders would struggle to monitor, let alone counter,” Castellanos explained.
Chief Geopolitical Officer at Insight Forward, Treston Wheat, also noted the operational tempo represents a fundamental shift.
“AI-enabled operations can run reconnaissance, exploitation attempts, credential harvesting, lateral movement playbooks, and exfiltration workflows in parallel, iterating rapidly across targets,” he tells The Cipher Brief.
This shift not only changes how operations are conducted but also reveals the hidden supply chains that enable them.
DeepSeek’s Smuggled Silicon
In early 2025, it became impossible to ignore the connection between black-market chips and stolen IP. It was then that DeepSeek dropped the R1 model, claiming it could compete with OpenAI’s o1, but for significantly less. This, however, immediately set off alarm bells: How does a company hamstrung by U.S. sanctions move that fast without some serious ‘outside’ help?
Reports from The Information in December 2025 revealed that DeepSeek is training its next-generation model using thousands of NVIDIA’s advanced Blackwell chips — processors specifically banned from export to China. The smuggling operation reportedly involves purchasing servers for phantom data centers in Southeast Asia, where Blackwell sales remain legal. After inspection and certification, smugglers allegedly dismantle entire data centers rack by rack, shipping GPU servers in suitcases across borders into mainland China, where the chips are reassembled.
NVIDIA disputed the reports, stating it had seen “no substantiation or received tips of ‘phantom data centers’ constructed to deceive us and our OEM partners” while acknowledging the company pursues any tip it receives. The chipmaker is developing digital tracking features to verify chip locations, a tacit acknowledgement that there are enough smuggling concerns to warrant technological solutions.
Castellanos described China’s strategy as deliberately dual-track.
“China has been very open to being the lead in AI and semiconductors and the need for self-reliance in core technologies,” he said. “But also, externally, China relies on partnering with overseas institutions, building on top of Western open-source technologies, and acquiring advanced technologies through illegal means, such as through theft, smuggling, and forced transfers.”
Subscriber+Members get exclusive access to expert-driven briefings on the top national security issues we face today. Gain access to save your virtual seat now.
The FBI’s Losing Battle
Christopher Wray, the former FBI director, testified that the bureau oversees approximately 2,000 active investigations into Chinese espionage operations.
“Chinese hackers outnumber FBI cyber personnel by at least 50 to 1,” Wray testified before the House Appropriations Committee in 2023. “They’ve got a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations—big or small—combined.”
That scale reflects a long-running strategy rather than a sudden surge.
“U.S. officials say China has long relied on a multi-pronged strategy to lie, to cheat and to steal their way to surpassing us as the global superpower in cyber,” he said. “It’s not just cyber intrusions, we are concerned about, but also human insiders stealing intellectual property. In the realm of AI, this can include insiders siphoning source code, research papers, or semiconductor designs for China.”
The Chinese approach exploits multiple vectors simultaneously, according to experts. The Ministry of State Security operates human intelligence networks. The People’s Liberation Army’s Strategic Support Force conducts offensive cyber operations.
The Thousand Talents Plan, for example, then offers Chinese researchers financial incentives to transfer proprietary information to American institutions. By investing in and partnering with ostensibly private companies, state-owned enterprises gain access to sensitive technologies.
Export Controls Lag Behind Reality
The export control regime designed to prevent China from accessing advanced chips has proven inadequate in the face of Beijing’s evasion tactics. The Commerce Department’s Bureau of Industry and Security has repeatedly updated restrictions, most recently imposing sweeping controls in October 2023 on AI chips and semiconductor manufacturing equipment.
The recent Texas case shed light on how these smugglers operate. There was more to it than simply shipping; they used crypto payments and paper-only shell companies to conceal the money trail. To pass customs, they even removed the Nvidia labels from the chips. By the time those processors reached China, they had been bounced through so many different countries that the original paper trail was basically gone.
“Export controls are not a complete solution to IP theft or technology diffusion. They are best understood as a time-buying and friction-imposing tool,” Wheat observed. “If the objective is to prevent all leakage, that is unrealistic; if the objective is to slow adversary capability development, shape supply chains, and increase acquisition cost and risk, they can be effective when paired with enforcement and complementary measures.”
The chip industry, analysts caution, is facing a structural nightmare. We’re restricting technology that’s already been stolen and studied. The $160 million operation out of Texas proved just how easy it is to game the system — they lied on customs forms hundreds of times over several months, and it still took nearly a year for authorities to notice anything was wrong.
Defending at Machine Speed
Security experts are calling this the most significant tech transfer in history, and it isn’t happening by accident. By stacking insider theft, cyberattacks, recruitment programs, and smuggling on top of each other, China has found a way to leapfrog ahead in AI. They don’t have the domestic factories to build high-end chips yet, so they’ve bypassed the need for ‘original’ innovation by taking what they need. It’s a massive operation that’s making traditional defense strategies look obsolete.
“The realistic U.S. approach is not to match China operator-for-operator. It is to win by asymmetry, such as scaling defense through automation, hardening the most valuable targets, and using public-private coordination to reduce attacker dwell time and increase attacker cost,” Wray said in his testimony.
Castellanos emphasized that defending against AI-enabled attacks requires matching the adversary’s capabilities.
“To have any hope to defend against this, we have to multiply effectiveness through automation and AI, so basically fight fire with fire,” he underscored. “Doing this requires significant investment, new skills, and perhaps most challenging, trust in autonomous defensive AI at a time when many organizations are still learning basic cyber hygiene.”
To prevent adversaries from acquiring sensitive technologies, the U.S. Government has, in recent years, implemented targeted responses, such as the Disruptive Technology Strike Force in 2023. Yet, even as FBI investigations increase and new indictments are filed, the fundamental challenge persists. Chinese intelligence services use unlimited resources, legal compulsion over Chinese nationals, and long-term strategic patience to operate in an open society with porous institutional boundaries.
“It’s a challenge for policy makers; a multi-layered response and defense in depth is needed to protect the US AI technology base better,” Castellanos added. “Harden insider threat programs, accelerate public and private intelligence sharing, modernize export controls and enforcement, increase the costs or impose costs for the offenders of these attacks and lastly innovate faster to ensure even if China steals today’s tech, the breakthrough is already in the pipeline for tomorrow.”
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business
THE WEEKEND INTERVIEW —As Venezuela faces a moment of profound uncertainty following a dramatic U.S. operation that removed longtime strongman Nicolás Maduro from power, policymakers and intelligence professionals are grappling with what comes next for a country long plagued by authoritarian rule, with Washington signaling an unprecedented level of involvement in shaping Venezuela’s political future.
To help unpack what's ahead, Cipher Brief CEO Suzanne Kelly spoke with former CIA Senior Executive David Fitzgerald, a veteran intelligence officer whose career spans decades of operational, leadership, and policy roles across Latin America. Drawing on firsthand experience as a former Chief of Station and senior headquarters official overseeing the region, Fitzgerald offers a sobering assessment of Venezuela’s challenges, from rebuilding its institutions and oil sector to managing internal security threats while navigating the competing interests of China, Russia, Cuba, and Iran. The conversation has been lightly edited for length and clarity.
A 37-yr. CIA veteran, David Fitgerald retired in 2021 as Chief of Station in a Middle Eastern country, which hosted CIA’s largest field station. As a seven-time Chief of Station, Fitzgerald served in numerous conflict zones to include Africa, Latin America, the Middle East and South Asia. He also held senior HQS positions that included Latin America Chief of Operations and Latin America Deputy Division Chief. He also served as the senior DCIA representative at U.S. Military’s Central Command from 2017-2020, where he participated in several tier 1 operations as the intelligence advisor to the commander.
The Cipher Brief: How are you looking at Venezuela at this moment through a national security lens? What do you see as the next real challenge the U.S. is likely to face there?
Fitzgerald: As President Trump has said, the U.S. intends to run Venezuela. I'm still waiting for how the U.S. government intends to define 'running Venezuela'. I'm going to assume, and I hate to assume, but I'll assume that the goal will be to work closely with the current Venezuelan government to transition to a democracy and allow elections, something like that. So that will just be my assumption in lieu of any comments or any guidelines coming out of the White House.
The Cipher Brief: You understand the history, the politics, the culture of Venezuela better than most Americans. Where do you think some of the bumps in the road will come as the U.S. tries to figure out and define, as you put it, what running Venezuela really means?
Fitzgerald: It's a very diverse country. It's an incredibly rich resource country. People talk about the oil and the petroleum, but it's not only that. It could be one of the largest gold producers in the world. It's amazing the amount of natural resources that Venezuela has, yet 25 years after President Chávez was elected as president, it's one of the poorest countries in Latin America.
I think one of the hurdles that they're going to have is the brain drain. You don't have a strong cadre. A great example is Pedevesa, [Petróleos de Venezuela],the state run oil company. Back in the 90's, Pedevesa was considered one of the most efficient and best run oil companies in the world. Compared to even the private companies, it was a machine because they owned everything from downstream to upstream. They owned the drilling, they owned the pipelines, they owned the refineries, they owned the oil tankers, they owned the refineries in the U.S., they owned the distribution through their Citco company here. It was just an amazing company, and it was always held up as a model for state run companies. Of course, with the election of President Hugo Chávez, and then in 2002, the general strike when he just fired all of the Pedevesa members - even today, if you look around at the Chevrons, Exxons, the BPs, you'll find a large amount of former Pedevesa employees because they all migrated to the private petroleum companies because they were that good.
So, one of the biggest challenges is that Venezuela's going to need the financial means to really rebuild itself. I was last in Venezuela in 2013, and I'd been there in the early '90s, and it looked exactly the same. The infrastructure was terrible. Nothing had been modernized or built. So instead, what the Maduro and the Chavez government had done, was basically used Pedevesa as their cash cow to really distribute that money to themselves, steal the money, or distribute it to their followers. There was no effort to modernize the infrastructure or to do the necessary maintenance in the oil fields. That's why I think they're producing maybe 10% to 15% of the amount of oil they were at their peak.
So for me, that's really the key. How do you get Pedevesa up and running so it becomes a profitable company again that can actually provide the necessary resources for the country to rebuild itself?
Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.
The Cipher Brief: If you were looking into your crystal ball, and you had to guess, will there be enough political stability with the U.S. involvement to be able to allow for this infrastructure to be rebuilt? How difficult is that political component going to be?
Fitzgerald: I think it's twofold. Not only the political component, but the security component. How do you transition from basically a dictatorship to some form of transparent democracy, which I think is the White House's goal. You do that via Delcy Rodríguez and the current Venezuelan government. As you know, the PSUV, which is the United Socialist Party of Venezuela, which is Maduro's party, they control every apparatus of government, whether it's the Supreme Court, the judicial branch, the legislative branch, the executive branch, it's owned by them. There is no transparency right now. How do you get away from that? How do you rebuild these institutions so they become functional again and in some type of democratic transparent manner? That has to be a principal goal.
Number two, the security situation. You have maybe 20% to 25% of the population supporting Maduro and the PSUV. I would argue most of these people are supporting the party because they benefit from the party. They're either on the payrolls, they have some type of sweetheart deal, or they're able to conduct their illegal activities. The security forces are not hardcore ideologues. I think with the death of Chávez in 2013, he was the last ideologue you had as far as the Bolivarian revolution. My experience working with these people is that they're just in it for their own self-enrichment. Nobody really drank the Kool-Aid and said, "I want to be a Bolivarian revolutionary." I mean, this might have happened during the earlier stages when Chávez was first elected, but through the decades, it's become just an empty suit. Nobody really believes in any type of revolution.
On the security side, getting back to that, you have a disruptive element. You have this organization called the Colectivos, which is kind of a non-official goon squad that is supported by the government, basically comprised of criminals and local bullies. During demonstrations, they're the ones who go out there and start beating people and stuff like that. But you have the security services themselves as well. The rank and file. I think if you can do something like we did maybe in the Haiti occupation and in Panama where we actually formed an interim security force — I can't talk about the Haitian National Police nowadays as an effective force — but at the time in 1994, they became an effective enough security force, which provided security to the populace. That led the whole population to believe that there was hope.
I think that's going to be key along with the political transition. Can you provide security? Can you provide faith that people will adhere to the rules and regulations? How you do that? It's a good question.
Venezuela's a little different than most Latin countries. There is no national police force, other than the National Guard, which currently, if you talk to our DEA colleagues they'd probably say it's one of the largest drug cartels on the continent right now. Like the United States, Venezuela is divided into the state and municipal police forces.
For example, Caracas has two major police forces. You have the city of Caracas Police Force, and then you have the Miranda State Police Force, which is about maybe a third of Caracas, and then the rest is by the city of Caracas. Then you go out to the different states in Venezuela. They each have their own police force, and the large cities all have their police force. Years ago, they tried to form this Bolivarian national police agency. We're trying to incorporate this. It's never really worked because these police forces are all influenced and run by the local politicians.
So, that could work to our advantage as far as being able to work independently of the government and work with these local institutions to not only enhance their capability, but kind of vet them, cleanse them.
The Cipher Brief: How do you think Russia and China are assessing what''s next in Venezuela? What are the losses here and what are the opportunities here for each of them?
Fitzgerald: Let's talk about China first because that's probably going to be the most important for Venezuela. China must be extremely careful about how they handle this because they have literally billions and billions of dollars in loans that they provided the Bolivarian government. And one of their concerns, no doubt is that if you have a new democratic government, they could come in and say, "You know something? These loans that you signed with China, we don't consider them valid. We think they're illegal, and we're going to nullify all the loans." And right now, China's getting paid back in petroleum. So, China's got to be worried.
That means that if you're China, you're going to make nice with any new government because you don't want to be in a situation where they just say, "We consider these agreements you made with former government officials as illegal, and we will no longer honor them." So I don't see China being a spoiler. I see them willing to work with any new government coming into power because they have a lot of financial stake in what happens in Venezuela.
Russia, on the other hand, has very little commerce here. Russia's main trade with Venezuela is in arms. Venezuela's never even been able to pay back the loans or the purchases they made on some of the weapons systems they bought. Iran's another one. Iran's been there for decades now. It's entrenched. They've been allowed to work pretty much without limits in Venezuela, going back to, I think it was 2012, and the assassination attempt on the Saudi Ambassador in Washington. That was all being run out of, or being facilitated by, the Iranian embassy in Caracas.
So, it's going to affect all of their relationships. Iran's been more important than they realize for their oil industry as far as providing the parts and the 'know how' to maintain the oil fields and some of their refineries. A lot of that's coming from Iran. The big thing here that people don't realize is that there's one ingredient that's important for Venezuelan petroleum and if you don't have this, you really can't produce the amount of petroleum you need. Even at today's rate, you can't produce it. So Iran's been a major provider of this substance.
The Cipher Brief: How are drug cartels likely looking at this? And what about Cuba?
Fitzgerald: I would love to be in Cuba right now and listen to what they're saying about this. I mean, this really must be a shocker for them. Number one, for their security service. They just had a major failure because it's very well known that all of President Maduro's inner security was being provided by the Cubans. They're the only people he trusted. To a greater extent, they're out of security. Plus all their security services were being managed by the Cuban CI officers. The Cubans don't do it for free. So Venezuela pays the tab for that, and no doubt it's a greatly enhanced bill that they were getting from the Cuban government for President Maduro's security.
On the other end, as you know, Suzanne, the petroleum is just as vital to the Cuban economy. It's not all of it, but it's a major percentage of the petroleum that Cuba uses to include refined products that are provided by Venezuela at incredibly reduced rates that Venezuela knows Cuba will never repay. So, they have billions of dollars in debts to Venezuela and although they're technically selling the petroleum to Cuba, there's pretty much an understanding that it's not going to be repaid. So that's going to be a big blow to Cuba right now.
The Cipher Brief: What are the indicators that you're going to be watching for next that give you some clue as to where things might be headed?
Fitzgerald: Well, my big indicator is what's the plan? I'm sure they're huddling together both in the IC and in the State Department and the White House trying to figure out, 'Okay, how can we transition the current government to some type of viable democratic government and allow for a free election?' And there's probably been a million plans thrown out there. They just haven't figured out which one they're going to use. So I think that's what I'm waiting for is what the administration intends to roll out as their plan and how they intend to run Venezuela.
I think one of the big things here as far as Venezuela goes, is how to actually rebuild the country. It's going to require the private sector. The U.S. government is not going to be some nation builder like we tried to do in Iraq. And the great thing is that Venezuela has the resources that are quite sought after in the world where I think you're going to get a lot of interest from the private sector.
For example, a friend of mine asked the other day about the construction that would be needed. You're going to see some of the major construction companies needed to go in there and just rebuild the cities and the streets and everything. It's just the infrastructure there that hasn't been really modernized or updated in decades. So I think there is going to be a lot of interest in that. I think that interest by the private sector will also encourage the government to become as transparent and as democratic as it can be. So look for that too. And it's just not all about oil — it's minerals, construction, and the electric grid - it's across the board.
The Cipher Brief is your place for expert-driven national security insights. Read more in The Cipher Brief because National Security is Everyone’s Business
Login
