Normal view

There are new articles available, click to refresh the page.

Before yesterdayMain stream

The Cipher Brief
Iran at the Breaking Point: How Afghanistan and Iraq Still Inform U.S. Strategy 23 January 2026 at 12:11

Iran at the Breaking Point: How Afghanistan and Iraq Still Inform U.S. Strategy

By: Ryan Simons

23 January 2026 at 12:11

EXPERT PERSPECTIVE — Iran is experiencing its most consequential period of internal unrest in years. Nationwide demonstrations driven by economic collapse, social grievance, and political frustration have been met with force, mass arrests, and near-total information control. The scale and coordination of the response suggest a regime that feels threatened but not unmoored, confident in its ability to absorb pressure while preventing fragmentation.

This moment has reignited debate in Washington about escalation, leverage, and the possibility—explicit or implicit—of regime collapse. That debate is familiar. The United States has confronted similar moments before, most notably in Afghanistan and Iraq, where early assumptions about pressure, legitimacy, and endurance proved wrong.

This article is not an argument for restraint or intervention. It is a warning drawn from experience: without understanding how competition unfolds below the level of open conflict - the gray zone - pressure alone does not produce favorable outcomes. Iran today sits at the center of a problem the United States has repeatedly misunderstood - not the use of force, but what comes before and after it.

Afghanistan and Iraq: Where Strategy Slipped

In Afghanistan, the United States removed the Taliban from power quickly. In Iraq, Saddam Hussein’s regime collapsed even faster. In both cases, the decisive phase of the conflict ended early. What followed was the harder contest—one defined less by firepower and more by local power structures, informal authority, and external interference operating quietly and persistently.

In Afghanistan, as I witnessed firsthand, regional actors adapted faster than Washington. Iran, Pakistan, Russia, and later China treated the conflict as a long game. They invested in relationships, cultivated influence, and positioned themselves for the post-U.S. environment years before the withdrawal. The result was not an immediate defeat on the battlefield, but a strategic hollowing-out of the state.

Iraq followed a similar trajectory. Iranian-aligned militias embedded themselves within neighborhoods, religious institutions, and political parties. Over time, they became inseparable from the state itself. U.S. military dominance did not prevent this. In fact, it often obscured it, until the architecture of influence was already in place.

The lesson from both cases is straightforward: control of territory is temporary; control of networks endures.

Iran Is Not Afghanistan or Iraq — But the Pattern Rhymes

Iran today is often discussed as if pressure will produce rapid political change. That assumption ignores how power is organized inside the Islamic Republic.

Iran’s security model is deliberately social. The Basij is not simply a paramilitary force; it is embedded across society—universities, workplaces, neighborhoods, religious institutions. Its purpose is not only repression, but surveillance, mobilization, and ideological reinforcement. This structure was built to survive unrest, sanctions, and isolation.

Externally, Iran has exported the same logic. In Iraq, allied militias function simultaneously as armed actors, political movements, and social providers. In Afghanistan, Iran preserved influence across regime changes, maintaining access to key actors even after the fall of the Republic. These are not improvisations; they are the product of decades of learning.

It is worth remembering that Iran was not a spectator during the U.S. presence in Afghanistan and Iraq. It observed American methods up close—what worked, what failed, and where patience outperformed power. Tehran adapted accordingly.

Why Escalation Without Preparation Backfires

Moments of internal unrest often create pressure for external action. Yet Afghanistan and Iraq show that collapse—real or perceived—creates its own risks.

Removing a regime does not dismantle informal power structures. It often accelerates their consolidation. Networks that survive pressure are the ones that define what comes next. Iran’s internal system is designed precisely for this kind of stress: decentralized, redundant, and socially embedded.

There is also a strategic paradox at play. External pressure can validate internal narratives of siege and foreign threat, strengthening coercive institutions rather than weakening them. Information controls, security mobilization, and proxy signaling are not reactions; they are rehearsed responses.

This is why simplistic comparisons—whether to Eastern Europe, Latin America, or past protest movements, are misleading. Iran’s political ecosystem is closer to the environments the United States faced in Kabul and Baghdad than many in Washington are willing to admit.

Who’s Reading this? More than 500K of the most influential national security experts in the world.

Need full access to what the Experts are reading?

None of this suggests that Iran is immune to pressure or that its current trajectory is stable. Economic distress, generational change, and legitimacy erosion are real. But history cautions against assuming that pressure equals control or that unrest equals opportunity.

The more relevant question for U.S. policymakers is not whether Iran is vulnerable, but whether the United States is prepared to operate effectively in the space that follows vulnerability.

That preparation requires understanding how authority is distributed beneath formal institutions, recognizing how coercive and social systems reinforce one another, and anticipating how regional actors adapt during periods of instability.

These are the same lessons Afghanistan and Iraq offered lessons learned too late.

Iran’s current unrest has reopened a familiar debate in Washington about pressure, leverage, and escalation. But Afghanistan and Iraq should have settled that debate long ago. The United States did not lose those conflicts because it lacked military power; it lost because it underestimated how authority, loyalty, and influence actually function inside contested societies.

Iran is not a blank slate, nor is it a fragile state waiting to collapse under external strain. It is a system built to absorb pressure, manage unrest, and outlast moments of crisis. Any approach that treats unrest as an opportunity without first understanding what follows it risks repeating the same strategic error the United States has already made—twice.

The choice facing U.S. policymakers is therefore not whether to act, but how to act without misunderstanding the terrain. Escalation without preparation does not produce control; it produces consequences that others are better positioned to manage. If Washington has truly learned from Afghanistan and Iraq, it will recognize that the most dangerous moment is not the collapse of order, but the false confidence that comes before it.

History will not judge the United States on whether it applied pressure. It will judge whether it understood what that pressure would unleash.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief.

The Cipher Brief
The Kremlin Files: Russia’s Way to the Gray Zone 21 January 2026 at 14:53

The Kremlin Files: Russia’s Way to the Gray Zone

The Cipher Brief

By: Ryan Simons

21 January 2026 at 14:53

THE KREMLIN FILES / COLUMN — Russian hybrid warfare, often referred to in the West as “gray zone” conflict, has transitioned from theoretical concept to prominent headlines, particularly following the invasion of Ukraine and the Kremlin’s campaigns of sabotage, disinformation, and targeted intelligence actions across Europe and the U.S. What defines Russian-style gray warfare, or hybrid war? What are its doctrinal roots, and how well do these foundations align with assumptions in Western security discussions? To explore these questions, this article analyzes the writings of Russian military thinkers and the views of Russian military and intelligence agencies—covering their terminology, doctrines, and their evolving grasp of non-kinetic conflict.

This is the first in a two-part series by Sean Wiswesser on Russian gray zone, or hybrid warfare

Gray zone operations in the West are generally seen as actions that influence the course of a conflict or harm an adversary without crossing into direct kinetic attacks. For Russia, at the core of the gray zone is the concept of “non-contact war” (bezkontaktnaya voina), which is part of a larger doctrinal framework under which gray warfare, also called “new generation warfare” by the Russians, falls. This is not a new concept in Russian military thinking, but it has developed over decades. By examining its evolution over the past thirty years through Russian sources and military thinkers, we can better understand how Moscow uses these concepts today—and how they influence the conflicts we may face now and in the future, enabling the U.S. and our allies to respond more effectively.

There are two main components of Russian gray warfare. Russians rarely use the term hybrid war, which exists in Russian only as a borrowed term from English. The first concept is non-contact warfare - the concept of preparing and softening the battlefield, then minimizing ground engagements for their troops whenever possible. The second concept is Russian intelligence active measures, also known as measures of support. This is also an old idea in Russian intelligence circles, but one that has been expanded and intensified in recent decades, incorporating new elements such as cyber operations and cognitive warfare.

We will briefly discuss each of these concepts below, along with Russia’s gray-zone developments up to its deployments into Ukraine in 2014. In the second part of this series, we will analyze Russia’s doctrine as it was applied in the years immediately leading up to and through the full-scale invasion of Ukraine, while also considering another key factor for Russia—their ability to evolve and adapt.

Non-Contact Warfare: Origins and Russian Military Necessities

Non-contact warfare developed from what the Russian General Staff and other military thinkers called sixth-generation warfare. The concept grew from the “reconnaissance strike complex” theory and the so-called “revolution in military affairs” at the end of the Cold War. As the Soviet Union disintegrated and the U.S. demonstrated overwhelming air power with NATO and other allies during the Persian Gulf war, former Soviet and Russian generals were not fools. They understood they could not keep pace with the new advancements in air warfare and the technological edge of NATO weapons systems.

Russian General Staff thinkers recognized that the Russian Air Force could not match TTPs (techniques, tactics, and procedures), the number of pilot training hours, or the advanced systems that the U.S. and NATO could field, especially given their significantly reduced military budget following the Soviet Union's collapse. This operational shortfall was further emphasized by the targeted bombing campaigns and overwhelming force deployed by U.S./NATO forces in the Balkan campaigns of the mid-1990s.

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

In short, Russian military planners recognized they could not keep pace. NATO airpower and the reach of the alliance into all sorts of regions and conflict zones posed a significant challenge for the Russian military and its intelligence services. One of the lessons they understood was that massed tank formations alone would not win wars in the 21st century. Throughout the 1990s and into the early 2000s, several important writings were produced by prominent Russian general staff figures, such as Generals Slipchenko and Gareev, as well as the future Chief of Staff of the Russian military and currently the commander of the Russian forces in the Ukraine war, Valeriy Gerasimov.

Slipchenko is credited in Russia with coining the phrase “sixth generation warfare” more than twenty years ago. According to Slipchenko, this new form of warfare signified a shift from nuclear-based conflict (which he called “fifth generation”) toward information-enabled, precision-strike, so-called non-contact wars (he authored a book with that same title). These wars would be fought at a distance, relying on airpower, command, control, intelligence, surveillance, reconnaissance (C4ISR), and long-range precision strikes, rather than large ground forces. He and Gareev published a book in Russia in 2004 titled On Future Wars, which became influential in many Russian military circles. In this work, Slipchenko and Gareev emphasized the importance of studying non-contact warfare and firmly stated that Russia must adapt to it, or else “Russia would not survive.”

During that same period, Russia’s Air Force struggled significantly in the 1990s and 2000s to adopt precision-guided munitions (PGMs). Russia never fully integrated them or appropriately trained them on their use, which was evident in its prolonged conflicts with Chechen separatists. Most ground-attack operations during that period, from the mid to late 1990s, relied on “dumb bombs” and massed artillery on the battlefield. This resulted in the Russian air force’s poor performance in the 2008 Georgian conflict, when an outmanned Georgian military embarrassingly shot down several Russian fighter-bombers.

In the summer of 2008, responding to Georgia launching an incursion to retake South Ossetia, Russia responded with overwhelming force, sending an entire army to occupy swaths of Abkhazia, Ossetia, and also northern Georgia from Poti to Gori and the edges of Tbilisi. But while their force ratios led to quick success on the ground, the Russian air force did not perform as well in the air. In addition to air losses to ground-based air defense and friendly fire, Russian precision strikes did not go off as planned. Russia’s performance could be summed up as ineffective from the air. They were not able to project over-the-horizon warfare in the ways that Russian military planners had envisioned for non-contact war.

The first widespread and successful use of Russian PGMs would come still later, mostly during Russia’s involvement in Syria, where Russian squadrons were rotated for training and gained exposure to actual combat. Before that, many pilots had not experienced any combat outside of Chechnya.

Russia’s Air Force underwent a series of reforms due to these failures. It was reorganized and renamed the Russian Aerospace Forces (the VKS) in 2015 as a result of many of these reforms, or what were claimed to be reforms. When the full-scale invasion happened in 2022, Russia’s VKS, like much of its military, was still trying to evolve from its targeted reforms and these earlier developmental challenges. They attempted a limited shock-and-awe offensive but failed miserably in areas such as battle damage assessment and other key aspects of a true air campaign (the second article in this series will touch on these issues in more detail).

However, military reforms and adaptations in the Russian Air Force were not meant to stand alone. Russian kinetic actions were intended to be supported by other elements in non-contact warfare, aimed at softening the battlefield and undermining an adversary’s ability to fight. Prominent among these were active measures focused on information operations.

Active Measures, Measures of Support, and Non-state Actors

Returning to Russian arms doctrine, Slipchenko and other figures on the General Staff argued that, in the post–Cold War world, especially after observing the 1991 Gulf War and the dominance of US airpower, massing military forces was no longer effective. The world saw how Saddam’s large army, with thousands of tanks and armored vehicles, was destroyed from the air. Slipchenko claimed that future wars will focus on disrupting enemy systems, including military, economic, social, and other so-called “information means.”

This was not a new concept for Russia and its intelligence agencies—the FSB, GRU, and SVR (collectively the Russian intelligence services or RIS). The RIS would play a key role by using a well-known Russian technique—active measures, or as the RIS calls them today, measures of support. These tactics aim to weaken the enemy's ability to fight through malign influence, political interference, and disinformation. The Russians use state agencies and means, like their intelligence services, but also so-called non-state actors, like organized crime, private mercenaries, hacker groups, and many others, to carry out these and other hybrid actions as proxies.

The doctrinal approach of gray war, or new generation warfare, was gaining attention in Russia just as Putin's reign started. His rule coincided with the growing influence of the RIS within the government. It was natural for the RIS to take on roles the military was not equipped to perform, and Putin was quick to authorize them. One of the first tests for their active measures and gray war was Russia’s brief war with Georgia in 2008. As noted above, and while their military’s performance was mixed, their intelligence services were very active in the information arena. Russia flooded international media with its version of events. Their still-growing “RTV” news network promoted stories of atrocities they claimed were committed by the Georgian military. Europe and the U.S. were caught off guard and unprepared by the conflict; there was little to no meaningful response to Russia’s military actions, and no high costs or reprisals. It was a lesson Russia would remember.

After Georgia in 2008, while reforms were introduced in the air force in particular, the doctrinal debates continued. Building on Slipchenko’s ideas, writers from the General Staff, such as General Chekinov and General Bogdanov, further developed the doctrine they called “new-generation warfare.” Their work emphasized scripted roles in conflict for the information-psychological struggle, subversion, and cyber operations, while traditional large-scale combat operations became, by comparison, less prominent.

In 2013, the current Russian Chief of Staff, Valeriy Gerasimov, gave a speech in which he also advocated for a constant “second front” of information operations against Russia’s enemies to weaken their ability to wage war. This speech and a later article became known in some circles in the West as the “Gerasimov doctrine,” although it was never officially called that in Russia.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Gerasimov’s speech and article focused on shifting Russia's attention to countering the so-called “color revolutions” that occurred in the first decade of this century in Ukraine, Georgia, and Kyrgyzstan. They were, and still are, viewed as a direct threat to Russia’s national security and to Putin’s dictatorship. Russia cannot tolerate functioning democracies and freedom on its borders.

By combining Gerasimov’s contributions with those of Slipchenko, Gareev, and others, the Russian military developed a concept of non-contact warfare that planned for long-range strikes executed after weakening the enemy through non-kinetic means. They de-emphasized large ground formations because, according to the theory, they should not be necessary. Russian measures of support are designed to weaken an adversary through disinformation, misinformation, malign influence on politics, and other methods. This would become the battle plan the Russians would attempt to implement in Ukraine in 2014 (and again, with adjustments, in 2022).

As cyber has taken a greater role in society and the mass media, the Russian grey zone approach has also increasingly included RIS cyber operations and online media manipulation to support “reflexive control,” an old Russian intelligence concept from the 1960s. The term reflects the notion of influencing an adversary to act in a desired way without the enemy’s awareness. Gerasimov and the military, along with leaders of the RIS, knew from Russia’s poor performance in Georgia that they were not ready for war with NATO or any strong peer-level adversary. They needed help to weaken any adversary with a capable armed force before actual war.

Syria and Ukraine would be the new testing grounds for this concept in practice, with a heavy reliance on the intelligence services to help prepare the battlefield before and through the military’s engagement. Their perceived successes in both theaters would, over time, convince the Russian intelligence services, its military, and most importantly, President Putin that Russia was ready for a much larger task— an attack on and seizure of the entire territory of Ukraine.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Cipher Brief
The Coast Guard's Mission in the Gray Zone 18 January 2026 at 18:00

The Coast Guard's Mission in the Gray Zone

The Cipher Brief

By: Suzanne Kelly

18 January 2026 at 18:00

OPINION — U.S. defense planning rests on the assumption that wars are fought abroad, by expeditionary forces, against defined adversaries. For decades, those assumptions held. But today, many of the most consequential security challenges facing the United States violate all three. They occur closer to home, below the threshold of armed conflict, and in domains where sovereignty is enforced incrementally.

The shift has exposed a chronic mismatch between how the United States defines its defense priorities and how it allocates resources and respect. While defense discourse continues to stubbornly emphasize power projection and high-end conflict, many of today’s challenges revolve around the more modest and rote enforcement of U.S. territorial integrity and national sovereignty - functions that are vital to U.S. strategic objectives yet lack the optical prestige of winning wars abroad.

Sitting at the center of this gap between prestige and need is the U.S. Coast Guard, whose mission profile aligns directly with America’s most important strategic objectives - the enforcement of sovereignty and homeland defense - yet remains strategically undervalued because its work rarely resembles the celebrated and well-funded styles of conventional warfighting. In an era of increased gray-zone competition and persistent coercion, the failure to properly appreciate the Coast Guard threatens real strategic fallout.

In the third decade of the 21st century, U.S. defense planning remains heavily oriented toward expeditionary warfighting and high-end kinetic conflict. Budget conversations still revolve around Ford-class supercarriers, F-35 fighters, and A2/AD penetration. This orientation shapes not only force design and budget allocations, but also institutional prestige and political capital. The services associated with visible combat power, with the Ford-class and the F-35, continue to dominate strategic discourse—even as many of the most persistent security challenges confronting the United States unfold close to home, in the gray-zone, without the need for fifth-generation air power or heavy armor.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

At the most basic level, any nation’s military exists primarily to defend territorial integrity, enforce sovereignty, and protect the homeland. Power projection, forward presence, and deterrence abroad are important—but they are secondary functions derived from the primary purpose of homeland defense. Yet U.S. defense discourse often treats homeland defense as a background condition when it should be revered as the first priority. The result is a blind spot in how security resources are evaluated and allocated.

The Coast Guard operates at a unique point where law enforcement, military authority, and sovereign enforcement all converge. On any given day, the Coast Guard may board foreign-flagged vessels suspected of sanctions violations, police maritime borders against illicit trafficking, secure ports that underpin global supply chains, and maintain a persistent presence in contested spaces, like the Arctic, without inviting escalation. The Coast Guard is equipped to intercept illegal fishing fleets, escort commercial shipping through sensitive waterways, and assert jurisdiction in legally ambiguous areas. These activities rarely resemble traditional warfighting, they rarely result in a Hollywood blockbuster, and they can be accomplished without nuclear-powered submarines or intercontinental ballistic missiles. But these are not peripheral activities—they are arguably amongst the most important daily functions the U.S. military undertakes.

Distinct among the military branches, the Coast Guard operates under a legal framework that is uniquely suited to today’s security environment. Under Title 14 status, the Coast Guard falls within the Department of Homeland Security, conducting law enforcement and regulatory missions on a daily basis. Yet, when needed, the service can transition to Title 10 status, under the Department of Defense, and operate as an armed service when required. This agility allows the Coast Guard to remain continuously engaged across the spectrum of competition, whether enforcing U.S. law in peacetime, managing escalation in gray-zone encounters, or integrating seamlessly into military operations. Few other elements of U.S. power can move so fluidly between legal regimes.

Still, despite such strategic relevance, the Coast Guard suffers from a persistent optical problem. U.S. defense culture has long privileged services and missions associated with visible, kinetic combat—those that lend themselves to clear narratives of victory, sacrifice, and heroism. The Coast Guard’s work rarely fits that cinematic mold. Its success is measured not in territory seized or targets destroyed, but in disruptions prevented, borders enforced, and crises that never materialize. Inherently quiet work with outcomes that reflect a force operating exactly as designed, although without generating institutional prestige or political support. In a system that rewards the loudest and the brightest, the Coast Guard’s quiet enforcement of sovereignty is easy to overlook.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Continuing to overlook the value of the Coast Guard carries strategic consequences. Specifically, persistent underinvestment in the Coast Guard weakens maritime domain awareness, reduces sustained presence in key waterways, and narrows the set of tools available to manage gray-zone competition. As adversaries increasingly rely on legal ambiguity, deniable actors, and incremental pressure to test U.S. resolve, gaps in enforcement become opportunities. In this environment, the absence of credible, continuous sovereignty enforcement invites probing behavior that becomes harder to deter over time.

Advocacy for the Coast Guard does not require reassigning prestige, or elevating one service at the expense of others. It is merely an argument for strategic alignment. If territorial integrity, sovereignty enforcement, and homeland defense are truly core national-security priorities, then the institutions most directly responsible for those missions should be treated accordingly. As competition increasingly unfolds in the gray-zone between peace and war, the United States will need forces designed not only to win conflicts—but to prevent them from starting in the first place.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

The Cipher Brief
The Country’s First ‘Cognitive Advantage’ Chief: Influence Is the New Battlefield 16 January 2026 at 14:33

The Country’s First ‘Cognitive Advantage’ Chief: Influence Is the New Battlefield

The Cipher Brief

By: Ryan Simons

16 January 2026 at 14:33

WEEKEND INTERVIEW — In an era when foreign adversaries can shape public sentiment with a well-timed meme and a handful of AI-driven accounts, the U.S. government is racing to redefine what national power looks like in the information age.

At the center of that effort is Shawn Chenoweth, the country’s first Director of Cognitive Advantage - a role designed to help the United States compete in the domain where modern influence, persuasion, and political outcomes are increasingly decided.

What, exactly, does a Director of Cognitive Advantage do? It’s not a title most Americans encounter, and it sits far outside the familiar contours of diplomacy, military force, or economic leverage. But as Chenoweth explains, the contest for influence no longer stays neatly within those lanes either.

His focus is often on the gray space - where information, perception, culture, and behavior collide, and where adversaries like China, Russia, Iran, and North Korea are operating with staggering resources and strategic focus.

In this Cipher Brief conversation, Chenoweth breaks down how cognitive operations actually work, why the U.S. has struggled to keep pace, and what it means to give the President an “information option” that’s not simply kinetic or economic.

He offers rare, candid insight into how technology, AI, and social platforms—from TikTok to algorithmically driven personas—are reshaping the battlespace faster than policymakers can write doctrine.

Our conversation is a deep dive into one of the least understood - but perhaps most consequential - fronts of modern national security. Our conversation has been lightly edited for length and clarity.

Shawn Chenoweth

Shawn Chenoweth is the Director of Cognitive Advantage at the US National Security Council.

The Cipher Brief: How do you explain the role of the director of Cognitive Advantage?

Chenoweth: When you look at traditional elements of military power, you probably think of the DIME construct. It's not a perfect construct, but it's pretty good. DIME, is broken down into Diplomatic, Information, Military and Economic, and it's very clear who owns the Diplomatic, Military, and Economic components. But there hasn't been, at least in several decades, a good example of where people have really come to the president and the administration with an "I" option, for Information. And it's a shame because when you actually look at the DIME construct, you don't want to break it into stove pipes. We should think of it as a cell. Each of those elements acts as part of a functioning cell, and removing any of those elements means you have an imperfect or failing cell.

So, I was asked to help put the "I" back in DIME so that we can provide additional options and advantages across the other elements of DIME to national power and provide the president with opportunities to accomplish the Administration’s objectives that aren't just warheads on foreheads or threatening economics or expending political leverage. We can enhance those things, but we can also gain advantages by using cognitive effects through the information environment.

Kelly: Let’s set the stage a bit further. If you were to explain to the average American what is happening in terms of cognitive warfare in the gray zone – the area where conflict occurs below the level of warfare - how would you describe it?

Chenoweth: I think if you look through your military histories, philosophers, politicians, political science, it's all pretty clear. You can pick out the elements. They all have one underlying thread, which is that political victory is the one that matters at its core. That's really what we're talking about. Nothing's changed. How human beings are connected, how technology is affected has certainly changed. But what we really care about is what people do in the real world and the geophysical world, the world we live in.

So, the point of a cognitive advantage is to leverage that so that human beings are taking behaviors favorable to outcomes, to national objectives, which most of the time are also - in the case of the United States - favorable in their own right. So it's core. And that is what we're driving to get: those advantages in what people do in the real world through their sensing, to make decisions that come back to the real world and have the effects that you want.

Kelly: Can you give an example of what that would look like?

Chenoweth: Let's say you're negotiating for a piece of land or a base that you need for overflight intel collection. You're going to conduct a trade-off in negotiations. Maybe it's going to look like, - if you pay more, you'll get more - based off what the value proposition is. But very rarely is it that blatant and simple. So, what you want to be able to do is understand, what advantage would we need in the negotiation? What's actually driving this other party other than maybe just cost or just danger? What’s the risk calculus?

There are cultural nuances that affect things: their understanding of influence, political implications. So, the point would be to understand why they would be interested in this in the first place? What advantage does it give them? What are the cultural nuances? Why wouldn't they do this in the first place? Why aren't they taking this action and what can we do to make sure that the outcome is what we want?

There are other areas where that applies across the spectrum.

Let's say we're conducting counter-terrorism operations, and we know an objective tends to use a particular cafe. Well, what if they were using a different one that day? What can we do to influence them to go to a place that's more favorable for options to decrease our own risk calculus, either because we want to conduct a kinetic strike or make an arrest? Maybe we can't find them. So, what if we use that for our intel collection and our methods to basically make them come up on comms and change their behavior so it's easier to find them, collect on them, and build the data so that we can conduct physical actions to stop or disrupt them? And you can kind of see how that applies across the board.

If you know more than the person you're dealing with, chances are that you're going to be better at accomplishing your outcome. It’s very similar with the werewolf theory. It's a game where two people are chosen to be the werewolf of the village and everyone else in the group doesn't know who the werewolf is. Most of the time the people who are the werewolves win the game because they have an information advantage over everyone else playing the game. So, it's a human norm.

And again, I point out that nothing's new under the sun. It's just that we haven't really thought through the implications of what it means in the information age that we live in - where everyone is connected through software defined radios. We're a long way away from direct sensing where it's communication and things happening in the real world. Now we have sort of indirect sensing where you're fed data feeds and everything else. We can affect cognitive behavior in ways we never imagined, and we really haven't thought through just as we can reach people and sell items. And if I want to find a person whose favorite color is red, who's a military age male who's really into Magnum PI, I can find that person thanks to their radio, and I can craft messages specifically for someone who fits that demographic and move them in a particular direction. That's the first time in history that that's been the case.

Kelly: You have a background that combines both government and private sector experience. Given that technology is being rapidly developed in the private sector, how do you think that background gives you an advantage in this role?

Chenoweth: There are a lot of people who've served in the military and have been contractors but just by happenstance, I happen to have been in a lot of critical locations at critical times. I think one of the advantages that has brought me is that I saw the frustration within the military when the contracting apparatus didn't work. I was also empowered by industry to go and fix a lot of those structures and enable the government to do it, and now I'm getting afforded the opportunity to work on policy to make the system really hum.

I think the advantage with that is that when it comes to the information space, there's no control. And I try to emphasize this to any policy maker or power broker or decision maker that I can find. You can put an armored brigade in an intersection - fully equipped, fully supported – and a U.S. Armored Brigade could own that intersection. There are things you can control. But when it comes to the information space, there is no control. It is constantly shifting, constantly changing. You have a binary decision. You are either going to participate, preferably at a level that matters, or not, and whatever's going to happen is going to happen.

So, you could find yourself in an advantageous information space in the morning, lose it by the late morning, get a stalemate in the afternoon, and win it back in the afternoon – just to lose it again at the end of the day. And when you wake up the next morning, you're going to have to do it all over again. There is no, "We have information dominance and we're done and we can crack our beers and go on with other things."

That's not how this works because every day new information is being injected into the system. People are changing and developing new opinions. Things are occurring and people are going to react to those things, change their opinions, adapt, age out, age in, so those cultural references may change. It's a constant flux. One of the things that from the U.S. government side we're getting our head around is that we need an information carrier group constantly operating afloat in the information environment, effectively. One that’s engaged 24/7 to affect these changes.

The Cipher Brief is partnering with the Information Professionals Association and the National Center for Narrative Intelligence to bring you Pinnacle 2026: Gray Zone Convergence: Cognitive Security at the Intersection of Influence, Innovation, and Shared Interests. Register for the February 9-10 conference now to secure your spot.

Kelly: It's not just the United States that has gotten pretty good at understanding the impact of cognitive advantage. We see these tactics from China and Russia being used with stunning success. In this role, how focused are you on their activities when it comes to doing the exact same thing that you're tasked with doing?

Chenoweth: They absolutely practice these activities. I call them the ‘CRINKETT’. Every challenge we're generally dealing with falls in the CRINKETTS. It's China, Russia, Iran, North Korea, Terrorists and Trans[national] criminals. And particularly for the nation states, this is exactly how they want to compete.

From their perspective, there are two ways to deal with the United States: asymmetrically and stupidly, largely because of our economic and military power. They get that. They're not interested in a kinetic fight; that is an awful prospect. So the way they want to do this is in gray zone activities, in the information space, in the cognitive domain.

And they outspend us. I'm not going to say necessarily outperform, but I'll say if you want to compete at a level that matters, they outspend us, period. Iran probably spends around $1.8 billion plus-minus a year, maybe more with their proxies and everything else they do in this particular space. Russia - post Ukraine invasion, spends about $2.6 billion, something like that. China - 48 plus billion dollars a year. The U.S., if I take all of the activities from the DoD, the State Department and everything else, and you put those together, you might approach $1.2 billion.

It doesn't mean we're executing those funds either. It just means that that's what we've allocated. When you think about how we outspend to have an advantage on the other parts of DIME, we're hideously underperforming here. And again, all props to the administration. They're acutely aware of this and the support I've had at the National Security Council and across the elements of government - the departments and agencies - has been stellar. And we're going to continue to work on this and get it right because we have three and a half more years of President Trump's administration to get this right, do the reps and sets, and make this a durable policy so that the American people can start enjoying those benefits that come when we're really focused on this space.

Kelly: What does success look like for you in this role and how do you measure it?

Chenoweth: Measurement has always been a funny thing. People will constantly tell me how hard it is to measure these activities. And what I’ve found time and time again is that we're actually pretty good at these activities. The issues with the measurements are, again, participating at a scale that matters. We need to measure behavior change, and in order to do that, we need to have clear objectives. What are we after?

The big part of that is who is the target audience that has the agency to do the thing we want? We spend a lot of time making plans and CONOPS [Concept of Operations] on sub-target audiences that don't actually have the agency – in hopes that they affect agency - and that's perfectly fine. But why are we doing assessments against this? We spend a lot of time and money generating assessments to target audiences that don't have the agency you want. So, let's focus on the target audience that has the agency and let's do this at scale.

For example; I'm in the DC area and I can go down to the Potomac River, drop a bucket of water in the river, and I have objectively molecularly increased the amount of water in the Potomac. There isn't a sensor on this planet that is going to detect that molecular change.

The fact is that you might be having an effect, but you don't have a sensor that is going to pick that up. So, you need to increase your scale or customize your sensing system to the effect you're having. That tends to be where the assessments fall apart.

I’ve heard all the time for decades now that assessments are so hard. I don't find that to be true. What I find is that you've sacrificed assessments for effect, which is fine. It's risk calculus. If I had a low amount of resources and I decided to put as much into the effect I've wanted, that's fine. But at the end of the day, you're looking for the real behavior change in the targeted audience that matters. What are the sensors you have on that and what are you doing to collect that data: public opinion, research surveys, building the networks. We're going to see this exacerbate further as the AI revolution continues at pace.

Kelly: How is technology impacting what you're trying to do, your mission, and then how are you also working with the private sector because the private sector is controlling so much of the technology and the innovation that the government needs to work with. So how are you doing that?

Chenoweth: One of the challenges I see emerging from AI is that there's sort of an assumption that AI will fix all your woes. I've seen the best tools out there do one thing: they model the data they have, and that's the core issue. We don't have the data. So again, I'm back to there's not a whole lot of new things under the sun. And the AI models are really good, and it can allow you to find new insights from the data that you have, but new data needs to be created. So, sacrificing collection methodologies and new approaches to gather the data at the foot of a model is terrible.

The AI snake oil salesman I would deal with in industry all the time would come in and say, ‘Oh, you're interested in that? I could absolutely model you the thing.’ Cool. How does that work? ‘Well, all you have to do is provide me the data and we'll put all this together and give you the insights.’ I'm like, whoa. We don't have the data either. No one has the data. That's kind of the problem. So, let's be honest about what we're doing.

AI is going to be a great boon for industry and for the government and everyone else under the sun. It's going to obviously have impact, but I think as that moves forward, we need to start looking at how we actually employ it. Building an agent or a token for every worker so that they're augmented by an AI that does the thing that they themselves may not be good at or saving them time is going to be amazing, but it needs to be undergirded by being able to detect what's actually happening out in the real world. And those two things are not necessarily - not interrelated. As I said, most things are kind of a whole cell that operate in one unit, and we can't necessarily bifurcate these things and then expect good outcomes.

Former Senior CIA Executive Dave Pitts wrote a three-part series exclusively for The Cipher Brief on what the U.S. can do to become more competitive in the Gray Zone. Subscriber+Members can read it here. Need access? We can help with that.

Kelly: So you have a mission that is difficult to measure, is hugely impactful, adversaries are using it as well against American citizens effectively, and in some cases, those adversaires are dedicating a lot more resources to this. If you could explaine to the average U.S. citizen how they might be targeted by cognitive operations that are conducted by U.S. adversaries, what would you tell them to look for?

Chenoweth: You need to be mindful of sources obviously. When I look at the construct of how we approach cognitive warfare, I think one of the biggest problems I've had for at least the last 10 years has been the construct of dis- and misinformation. My issue isn't the dis- and misinformation construct. It's the overuse of it.

Disinformation and misinformation are things. They have meaning. But they mean something that is true and people use it for things that are not true. For example, disinformation are lies. The person projecting the information knows it's a lie. They're doing it to accomplish an objective. The bigger problem of disinformation is misinformation. Those are people who are sharing those lies, not knowing they are lies, or taking things out of context like satire, et cetera, and propagating as if it were truth. Those are what those are.

But not everything we have to deal with falls into that construct. There are two other portions to this that we have to be mindful of.

One is missing information, which used to mean that the target audience wasn't informed enough to make a correct decision, favorable to them or anyone else. ‘It's a tragedy that your family member died and you should mourn their loss, but stop touching the body. That's how you're spreading Ebola’, right? Pretty straightforward, pretty simple.

Now that we're dealing with nation states with deep pockets, that's been flipped up on its head and they're practicing active missing information, where they will provide wire services into a country saying, ‘Congratulations, you can use our wire service for free and we'll provide you all the stuff, and that's your biggest cost except for labor. Isn't that wonderful? The catch is that you just have to use our wire service’.

If you think [contextual] stories are going to get into the press through those channels, good luck. This isn't happening in the third world. These are happening in major countries and places that would shock you.

Imagine something like, ‘If you run this story, all our connected businesses that are connected through us or other means are going to pull their advertising budget from you.’ So again, good luck talking about the story in your environment. No one's going to touch it. No influencer wants a piece of it because they're going to lose their incentive structure and their revenue stream. It's things like that.

On the other side of the coin, and the bigger problem, is the rhetoric information. These are the things that aren't necessarily true or false. They are framed by your value system, how you view things, what you think truth actually is.

There are people out there who will say, I think a communist socialist form of government that is highly authoritarian is more stable and therefore better than a liberal democracy. There are people who believe that, and just by saying, well, history would prove you otherwise, it's not a good enough argument. You need to engage with those people at a scale that matters and be prepared to win the argument.

We've seen this time again on the counter-terrorism front where we would shut down the comms of a nobody, and suddenly that person would come back with the reputation that was so valuable, and now they're a terrorist thought leader because the Western world thought that they were so dangerous they needed to be shut down instead of just accepting the fact, that maybe we should just engage with this guy because no one's ever heard of him and maybe we should just point out that he's a moron.

There are ways to deal with this, and just because we don't like something doesn't mean it's a lie to the person that's spreading it. They might believe it. Before we just title something disinformation and say, well, it's a lie and we can ignore it — that is not adequate in the modern era where everyone is connected because, again, this person has connective tissue to the internet. They have web platforms. They can be just as connected as a government if they should choose to be and if they have the popularity, because at its core, regardless of whether or not you're a government or a celebrity or anything else, you are fighting for attention.

Kelly: It’s sometimes difficult for busy Americans to navigate the information space today and know what to believe without inviting some serious time into the source. Do you look at part of your mission in this role as helping people understand more of the context they need in order to make good decisions?

Chenoweth: I've been more on the side dealing with foreign audiences. But even in that regard, I think that it really matters to ask what are the things that we know to be what we feel are objective truths and things that matter? Things that we want target audiences to know because we know it would be better for them and better for our objectives?

And then what are the things where we just want to make sure that if a debate needs to be had, we facilitate the debate so that the target audience, particularly with an American target audience - which again, it's not my forte, we don't do that in government or shouldn't — that needs to be facilitated by Americans pointing out to each other that we do need to have these debates and come to kind of consensus, understanding that there will be disagreements.

Kelly: Do you think your job is going to be even more important in the future or maybe less?

Chenoweth: I've never thought the job wasn't important. I think the thing I'm enjoying right now is that everyone's kind of getting their head around what this means. The overused expression that ‘We need to do some things on Facebook,’ when you would have policymakers say, ‘Well, I'm concerned that that would destroy Amazon and internet commerce’ and your head would explode as you're trying to explain, ‘That's just not how the internet works, man.’

We can be comfortable operating on these platforms and doing things that we need to do without destroying internet commerce or the internet. And now I think a lot of policy makers and industry are all connected. They're a lot more comfortable doing these things. Now is the time when we need to get to where the resources and the permissions really match the ability to get us where we need to be.

I've generally not found too many authority problems. I generally find permissions problems. I find that when it comes to authorities, you almost always find that every organization actually has a framework that allows them to do things. It's just that someone somewhere in the chain can say no and is all too comfortable saying no, because, particularly in the past administration, they were very comfortable at avoiding risk and not as comfortable at managing risk. And that is a dynamic that we have to change. The world is a risky place, and we need to be out there participating in it, throwing our elbows around and managing the risk, not avoiding it.

Kelly: How hard of a job is it to give the U.S. the cognitive advantage in today’s world?

Chenoweth: It's hard, tremendously hard because you're talking about changing culture. I don't think the activity itself and the policy and the things that can be done are hard. I think the hard part will be changing the culture and changing people's mindsets.

We've talked about the fact that there used to be three domains: physical domain, information domain and cognitive domain. We have to explore the information domain and actually call it what it is. There is the physical domain, the geophysical domain. But I like the ‘kill web’ approach. A good kill web will constitute a kill chain that is disrupted, and we have to get out of just a kill chain. We need to get into a kill web mentality when it comes to cognitive effects.

Kelly: Explain what you mean by a “kill web”?

Chenoweth: You have your geophysical world where things exist in the real world, the place where we all live. When it comes to the information domain, though, it used to consolidate a bunch of things.

The reality is that when we break that down into a kill web, you're looking from your physical domain up to your logic layer. The internet is not some amorphous cloud that wanders around. It's composed of a system of systems that live in the real world. It's data centers, servers, modems, et cetera. Where does that infrastructure actually exist? Sometimes the files are in the computer. So, we need to be mindful of where does that work? How does the internet, how do these structures work, the mobile networks, et cetera.

From there, it then creates the digital layer, where all the trons are that exist. You can have effects, that's where your real cyberspace comes into play. That's how the mobile devices work, but that is just data.

Then it goes up to the persona entity level. These are the real human beings, sometimes fake human beings, they're personas, organizations but entities that potentially could be targeted or addressed or engaged, et cetera.

And then there's the cognitive space. The trick in the cognitive space is what happens in the mind. And that mind is influenced by the sensing that goes up through that chain when they process it. You're able to interdict on its way up or influence, and you're able to influence on the way down when a decision is made.

For example, when something happens in the real world, it's communicated to a decision maker, but it's going to go through the logic layer transmitted through sensors, computers, emails, phones, et cetera, to people and entities who are going to process it themselves, communicate it to a decision maker who's going to make a decision based off that information, or an individual or a bunch of individuals.

They're all going to make decisions on how to react to that or not react to that. And that's going to go back down to the physical world when they say, ‘I don't really like what is happening’, or maybe ‘I do like what's happening. Let's do the thing’. They're going to communicate that down to ‘Yes, launch the missiles’, or ‘Let's have a protest’. So, you can affect the chain up. You can affect the chain down, but that's how it works.

We as the United States have a pipe that exists inside that kill web structure - so does everyone else. And it doesn't matter if you're a nation state or a family or an individual. You have your sensing sources.

As I mentioned earlier, the direct conversations between people in the real world - even now, you and I are communicating completely over that entire structure - and that structure could be affected on the way up as we're communicating to when this is finally produced and goes back out to the real world where suddenly I have AI effects on me and I'm saying things I never meant to say, but the rest of the world's now interpreting that.

I didn't say that, that wasn't my cognitive decision, but you intercepted on the way down and now you would inadvertently affect everyone else's cognitive approach to what I'm communicating.

Kelly: What does the future from a technology and AI standpoint really look like?

Chenoweth: It's having fundamental changes. It's going to be interesting to see what happens in the entertainment industry as AI takes over and suddenly people can have more access. We've seen how the music industry went through huge change just on streaming music. We're about to witness what this is going to look like from our more traditional platforms. We've seen how things move from streaming. I think there is a level of adaptation that's going to go with that.

One of the things that needs to be addressed is how exactly we're going to engage. There is a point where we need to be comfortable with giving sort of guidance to the AIs - human in the loop - but if you think that you're going to be able to review every single message that needs to go out in an AI-driven world, you're out of your mind.

So, you need to be able to be comfortable generating for your target audience profiles and give sort of thematic guidance and let the AI do some level of engagements against foreign audiences to steer conversations in a particular direction, or at least identify where a conversation might be going so you can intervene when it looks like decisions are being made in a bad way, and then find out if that is an open and honest cultural nuance thing where it is about engagement or if it's being steered by your opponent.

I think that we are not far, and we're probably already in a game, where there are AIs versus AIs as we speak in the information environment.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Cipher Brief
Coast Guard, Sovereignty, and Homeland Defense 16 January 2026 at 10:31

Coast Guard, Sovereignty, and Homeland Defense

The Cipher Brief

By: Ryan Simons

16 January 2026 at 10:31

OPINION — U.S. defense planning rests on the assumption that wars are fought abroad, by expeditionary forces, against defined adversaries. For decades, those assumptions held. But today, many of the most consequential security challenges facing the United States violate all three. They occur closer to home, below the threshold of armed conflict, and in domains where sovereignty is enforced incrementally.

The shift has exposed a chronic mismatch between how the United States defines its defense priorities and how it allocates resources and respect. While defense discourse continues to stubbornly emphasize power projection and high-end conflict, many of today’s challenges revolve around the more modest and rote enforcement of U.S. territorial integrity and national sovereignty—functions that are vital to U.S. strategic objectives yet lack the optical prestige of winning wars abroad.

Sitting at the center of this gap between prestige and need is the U.S. Coast Guard, whose mission profile aligns directly with America’s most important strategic objectives—the enforcement of sovereignty and homeland defense—yet remains strategically undervalued because its work rarely resembles the celebrated and well-funded styles of conventional warfighting. In an era of increased gray-zone competition and persistent coercion, the failure to properly appreciate the Coast Guard threatens real strategic fallout.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

The Cipher Brief
Uber Krysha: How Russia Turns Crime into Power—and Poison 14 January 2026 at 06:30

Uber Krysha: How Russia Turns Crime into Power—and Poison

The Cipher Brief

By: Ethan Masucol

14 January 2026 at 06:30

OPINION — Current discussion of Russian "hybrid warfare" tends to revolve around concepts like disinformation, proxy militias, cyber operations, sabotage, and psychological manipulation designed to fragment, confuse, and demoralize Russia's opponents—and the respective roles these play in Russian military and national security doctrine. Yet one essential dimension remains underdeveloped in the broader debate: the organic integration of criminal structures and methods into Russia's strategic toolkit. Russia's system does more than merely operate in a "gray zone." It has become a gray state, sustained by an "Uber Krysha," a super-protection racket in which the Kremlin fuses its security apparatus with organized crime to project influence and intimidation both at home and abroad.

The enabling mentality behind this fusion can be directly tied to Russia's pre-revolutionary period. Although no longer ideologically communist, Russia's current ruling elite, led by President Vladimir Putin, has very much inherited the Bolsheviks' comfort with adopting criminal methods in the pursuit of regime objectives. Before 1917, Lenin's Bolshevik Party financed its operations partly through armed robberies justified as the expropriation of bourgeois wealth for the sake of the proletarian struggle. The Bolsheviks were revolutionary in ideology but gangster in practice, rationalizing robbery and violence not as moral lapses, but as necessary transgressions—crime rebranded as virtue in the service of power.

Furthermore, during the early years of the USSR, the communist regime was defiantly, even boastfully, dismissive in its rejection of “bourgeois” legal norms. Its November 1918 decree On Red Terror (yes, it was called that) is a good case in point. It formally authorized the secret police, the Cheka, to summarily arrest and execute perceived opponents of the revolution without trial, which it proceeded to do in the tens of thousands. In doing so, the new revolutionary state openly and unapologetically signaled to its people and to the world that it would not be bound by the ordinary moral limits of civilized life. Terror was not a regrettable excess, but a management tool. This was not moral confusion, it was moral disregard elevated to state policy, with a legacy that has left a deep imprint on the political DNA of contemporary Russia.

Even as the Soviet state engaged in its bloody ideological experiment, common criminality thrived in the workers' paradise. The inefficient Soviet economic system brought chronic scarcity, which, as it does everywhere, spawned smuggling and black-market behaviors. The state imposed tight controls, but the security services did not shy away from making expedient use of criminal gangs as instruments of control to help impose a brutal order among inmates in its sprawling GULAG camp system, or using petty thieves and prostitutes to report on dissidents and foreigners.

When the Soviet Union collapsed, however, these controls dissolved, and the roles suddenly reversed. In 1991 the Soviet security apparatus imploded, and many KGB and GRU officers migrated to the emerging oligarchic and criminal economy left in its wake. There they became security chiefs, "political technologists," oil traders, and gangsters, using their skills and muscle to help these entities provide a "krysha" (roof)—similar in meaning to "protection" in Western mafia parlance—by combining inside connections, intelligence tradecraft, violence, and financial engineering. When Putin—himself a KGB veteran whose purview over foreign trade and city assets as St. Petersburg’s Deputy Mayor brought him into contact with port rackets, fuel schemes, and the Tambov crime syndicate—rose to the presidency in 1999, he re-asserted state primacy not by dismantling this nexus, but by mastering it. Putin's Kremlin in effect became the Uber Krysha, the ultimate protection roof above the oligarchs, security chiefs, and crime bosses. The bargain was clear: enjoy your wealth and impunity, but serve the state—effectively Putin—when called. Loyalty was enforced not by law or shared purpose, but by leverage, fear, and mutual criminal exposure.

What took place after 1991, however, was more than merely a case of inverted and re-inverted primacy. The unprecedented circulation of cadres that occurred during this period fostered a profound organizational and behavioral cross-pollination between intelligence, oligarchic, and criminal elements resulting in a qualitatively new and insidious mutation that is today’s Russia—Putin's Russia. The 1990s saw an outflow of KGB and GRU officers who "pollenated" the criminal/oligarchic economy with their tradecraft, tools, and government connections. Putin’s reconsolidation of state power in the 2000s then saw a return flow creating a "reverse-pollination" as ex-intelligence officers brought their new underworld relationships, financial channels, and expanded operational flexibility back to the security services.

Among contemporary scholars, the historian and journalist Mark Galeotti stands out as the leading theorist and interpreter of this phenomenon, pointing out how modern Russia's power projection depends on cultivating deniability through criminal intermediaries. Galeotti's concept of the Kremlin as a "political-criminal nexus" and his description of its global "crimintern" offers a crucial corrective to more conventional security studies frameworks. Where others see diffusion of state control as a weakness, Galeotti sees design—a pragmatic outsourcing of coercion and corruption to actors who maintain loyalty through mutual dependence. In this arrangement, the lines between mafia, mercenaries, business, and ministries are blurred.

Russia's asymmetric tactics abroad leveraging smuggling networks, compromising criminal entanglement (kompromat), cyber hacking, illicit financing, and global shadow operations by semi-private mercenary groups, like the Wagner Group and the Africa Corps, extend this logic internationally. Liaisons between the Russian intelligence and crime groups across Europe also give Moscow access to local networks for espionage, intimidation, and assassinations that can act faster, at lower cost, and with more deniability than professional intelligence officers. But while most analysts tend to focus on this as a blending of tools—military, intelligence, cyber, informational— Galeotti’s insight is sharper: the blend itself is criminal in nature, structurally fusing coercion, corruption, and deceit into a governing logic—not as a breakdown of state power, but as its deliberate expression. Yet you will never find this asymmetric dimension acknowledged in Russian doctrinal writings despite its widespread exploitation in Russian actions.

Policymakers in the Western democracies struggle mightily to wrap their minds around this phenomenon. Their siloed agencies—CIA for HUMINT, NSA for SIGINT/cyber, DOD for military, and FBI for crime, etc.—operate under strict legal separations between these domains to protect civil liberties. Effective in their respective arenas, they are vulnerable when adversaries operate across boundaries. Russia’s mafia-state collapses these distinctions and thrives in the weeds, exploiting moral disregard and legal ambiguity to create jurisdictional confusion and cognitive overload that stymie efforts at response.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

And yet for all its advantages, the inherent pathologies of this criminal-state fusion contain the seeds of its own decay. Its reliance on criminal intermediaries corrodes institutional coherence. Loyalty is transactional, not ideological, and emptied of moral meaning. The fates of figures like Yevgeniy Prigozhin and various siloviki-linked oligarchs demonstrate how rapidly beneficiaries can become threats once their ambitions outgrow the tolerance of the Center. Moreover, by incentivizing enrichment over competence, criminal methods undermine professionalism within the military, intelligence services, government bureaucracy, and the private sector. Corruption pervades procurement, logistics, and governance, eroding capacity even as it funds loyalty. This was clearly evident in the shocking underperformance of Russia's military and intelligence operations in Ukraine.

Internationally, what appears cunning in the short term produces isolation in the long term. Russia's growing reputation as a mafia state alienates legitimate partners, of which it now has few, and hollows out whatever moral legitimacy it once had. Putin's Uber Krysha model is unsustainable in the long run because it requires continuous motion. It cannot stand on genuine law or trust, only perpetual leverage and fear, with tools that must be continuously re-coerced. The Russian people and others who are caught in its reach exist in an environment of moral blackmail that breeds cynicism rather than solidarity. Galeotti's moral edge, implicit in his scholarship, lies in showing that the criminal state is not merely a threat to others, it is a tragedy for Russia itself.

To fully understand Russian asymmetric warfare today, we must appreciate its blending of the state and criminal domains and recognize that Moscow hasn't simply rewritten the rules of war for the gray zone, it has blurred the lines between law and criminality and has itself become a gray state. It is the malignant ethos of this new Russian Uber Krysha state—the normalization of moral disregard—that, more than any cyber weapon or troll farm, has become its most dangerous export.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief, because national security is everyone’s business.

The Cipher Brief
Venezuela’s Key Takeaways for the World 6 January 2026 at 09:49

Venezuela’s Key Takeaways for the World

The Cipher Brief

By: Ethan Masucol

6 January 2026 at 09:49

CIPHER BRIEF EXPERT INTERVIEW – While the U.S. operation to detain Venezuelan president Nicolas Maduro took just hours to execute, a full assessment of its global impact will take weeks or months to fully understand in part, because of the complicated dynamic connecting the country’s assets, allies and oil.

“Venezuela is what I would call one of those hyphenated accounts,” says Norm Roule, a global energy expert who also served as former National Intelligence Manager for Iran at ODNI. “Venezuela in and of itself is important, but it's also Venezuela/oil, Venezuela/Russia, Venezuela/China, Venezuela/Cuba. There are a lot of different accounts and issues that must be taken into consideration.”

Venezuela’s partners depend on it for various strategic reasons: Cuba for economic support, Iran for political alignment in Latin America, and China for a notable share of its oil imports. The United States, meanwhile, is signaling a major shift in how it intends to assert influence in the Western Hemisphere.

Cipher Brief Executive Editor Brad Christian talked with Roule, a leading global consultant on Middle East and Energy issues, about what is likely to happen next as the U.S. signals a major shift in how it intends to assert influence in the Western Hemisphere. Their conversation has been lightly edited for length and clarity.

Norman T. Roule

Norman Roule is a geopolitical and energy consultant who served for 34 years in the Central Intelligence Agency, managing numerous programs relating to Iran and the Middle East. He also served as the National Intelligence Manager for Iran (NIM-I)\n at ODNI, where he was responsible for all aspects of national intelligence policy related to Iran.

THE INTERVIEW

The Cipher Brief: The Trump administration recently released an updated national security strategy that weighed heavily on the Western hemisphere. Are we seeing perhaps the first kind of inclination that this is going to actually be something to pay close attention to?

Roule: Absolutely. And I think the national security strategy is something that every one of the Cipher Brief's readers and listeners should pull out today. Look at it again, because I can assure you that policymakers around the world - in both our partner and adversary countries - are certainly doing so. If you look at events in Venezuela and read that national security strategy, a number of themes come forward.

The U.S. will be the dominant power in the Western hemisphere. In Venezuela, we saw a display of massive U.S. power and skill in the form of our military intelligence and technology. This is very similar to the display that the world witnessed in Iran last June. So, this is coming very, very close to two sets of actions. And I think this is meant to be seen also, as the president alluded to in his press conference, as a visible reset of what he described as a previous erosion of U.S. military power in his predecessor's administration.

This is also showing that the U.S. is now capable of executing what was described by the Chairman of the Joint Chiefs of Staff as an extraordinarily large and complicated military and intelligence operation, without being leaked. This did not require foreign partners. And it also did not require the disruption of regional commercial air operations. If you listen to what the chairman talked about, this involved 150 aircraft from multiple locations descending upon another country. And other than closing the airspace for a short period of time, commercial air traffic was not disrupted. But you're seeing some other things that are also notable. The U.S. will undertake regime change when it perceives that the existing regime threatens core U.S. national security interests.

This also represents another U.S. blow against a Chinese partner in the Western hemisphere following the Trump administration's actions in Panama. The operation also took place on the anniversary of the killing of Iranian Quds Force leader General Qassem Soleimani in 2020 as well as the surrender of Manuel Noriega in 1990.

These are both examples of the long arm of the U.S. government. And certainly, the United States may have thought that the selection of this date would dampen any commemorations by the Iranian government for Soleimani's death in Tehran. Which would have been difficult enough given the ongoing demonstrations in Tehran. But the ripples from this Venezuela operation will be global. And I think the national security strategy puts some meat on the bone with this operation.

The Cipher Brief: Just looking at the intelligence that was needed to pull off an operations like this for a moment, what do you think this says about U.S. intelligence and what would have gone into that for this particular operation?

Roule: Well, it tells you a couple of things. It tells you that first, the intelligence was exquisite and up to date. But it also tells you that the intelligence was integrated into the military operation with an intimacy, with care, so that our military personnel were able to move with extraordinary speed to get to the location as quickly as humanly possible. We've seen this in the past with the operation against Osama bin Laden. This is just another example of the close integration between the U.S. intelligence communication and our amazing and extraordinary special forces personnel. I can't speak highly enough of those extraordinary and humble operators.

This also shows you the breadth of that intelligence community. The intelligence agencies that were cited included, the National Security Agency (NSA), the Central Intelligence Agency (CIA), and the National Geospatial-Intelligence Agency (NGA). So, you're getting a sense of some very broad intelligence capabilities which were brought to bear and then integrated.

The president, I believe, also mentioned that a house had been built in advance. I mean, you're just watching some incredible intelligence capability that was brought to bear by people on the ground over many months. It shows courage, it shows tenacity, it shows you the resources that were pulled together. And it also shows an ability to compartment this information and to prevent a leak. The U.S. government is doing what it's supposed to do. And in a world where we're often complaining about government, the American people and our partners should be gratified that our tax dollars are being well spent. And that the U.S. intelligence community and the military are performing superbly.

The Cipher Brief: There's a lot of connective tissue between Venezuela and the rest of the world when you consider the oil industry, including China. As an energy expert, can you share what’s top of mind for you on the broader impact on the oil and energy markets?

Roule: Maybe the best way to answer that is to just explain a little bit about the Venezuelan oil system. First, the operation did not occur near Venezuelan oil production. Upstream oil operations are not located near Caracas, although exports and storage are highly sensitive to obviously, as you correctly put it, a U.S. maritime enforcement of a U.S. embargo.

Most of Venezuela's oil production, about two thirds, is derived from what is known as the Orinoco belt. And oil production from this Orinoco belt had fallen to about 498,000 barrels by the end of December, which is about a 25% drop from just a couple of weeks earlier. And it's been shutting down because they're running out of storage space because Venezuela can't export oil because of the blockade. So, they're trying to put the oil anywhere they can. They've put it in their own storage, they've put it in ships that are docked. They're putting it in almost in teacups at this point because they are running out of space to store the oil that they're producing.

Let's talk about the oil that is produced in Venezuela. They produce it from tar sands. It's extra heavy. It's a heavy type of crude oil and there are relatively few refineries that can process this grade of oil. It's difficult to extract. It's expensive to extract. Chinese refineries in 2025 tended to get a majority of Venezuelan exports. That amount ranged from 75 to 90% depending upon the amount. But even here, the Chinese tended to put much of that oil in their own storage. And China and Russia tend to be the two big players in Venezuela. For China, it is transactional. Chinese buyers look at it as a way to purchase cheap oil that they again put in storage. It's about 4% of China's exports and China again, has used a shadow fleet of intermediaries to purchase this oil. If China were to lose access to this, it's a problem. But because much of this has gone into storage and there are other suppliers out there in Saudi Arabia and other places, they could make this up.

Russia's a different story. Russia is an enabler of the Venezuelan oil industry. Because Venezuela's oil is so tar heavy, in essence, they need to import naphtha from Russia and this dilutes the ore and eco output and makes it blendable and then shippable. So, Russia sends in naphtha, it blends the stuff down and then stuff can then be exported. What would happen if suddenly Venezuela is opened up? Well, a couple of things.

First, because the oil market is relatively well supplied, people would look at it and ask, ‘where are the investment opportunities?’ If you look at the places where the world has changed suddenly and investment opportunities occurred, production didn't dramatically change. Let's take Iraq and Libya for example.

In Iraq, it took about a dozen years to get back to the level of pre-Saddam. And at that point, China was a major player. The U.S. is now returning to Iraq. In Libya, we're now a number of years after the fall of Gaddafi, and they are still about 25% below production levels under Gaddafi.

And again, the U.S. is returning. Much of it does depend upon the security of the country and the stability of the country. So, the president's comments about running Venezuela the right way really does strike at the heart of what happens in the oil industry.

The Cipher Brief: Devil’s Advocate here: how does it compete with Texas’ output? What does the U.S. do with that oil? Is it going to be sold to China?

Roule: The president and the Secretary of State have talked about stolen oil. What does this refer to? Is there a U.S. case there? I'll leave it to others to talk about the amounts and so forth but when this is talked about, this refers to a 2007 Venezuela expropriation of what I believe was then Conoco Phillips or ExxonMobil investments. That Venezuela did indeed expropriate. So, there is indeed a legal case of Venezuela nationalization of U.S. assets for which the U.S. was not compensated. If Venezuela's government did change and if U.S. oil companies were to go in, could the oil industry be dramatically changed? Yes, but it would depend upon security.

Maybe my final comment would be that Chevron has been heavily invested there, and they have maintained a very mature and stable outlook for the country. If you hear Chevron’s CEO speak about Chevron's investments, they've been very levelheaded and unflappable about national security events. So, I think you're going to see them stay there as well. And I think when you listen to the president's comments about how the U.S. would run Venezuela, he seemed fairly confident that the U.S. oil industry would play a role there. Which makes one think that there have been some sort of discussions in this regard playing out in some way in the background.

The Cipher Brief: At the most recent Cipher Brief Threat Conference, there was a lot of discussion around the idea of global conflict and some people believe that we are at the precipice of World War III. Certainly everyone agrees that global disruption is at fairly unprecedented levels. What is your thinking on this?

Roule: We are in a different world, but we're in a world of permanent gray zone conflict. But gray zone is defined and very, very differently. Gray zone was once defined by Iranian militias and it was defined by drone attacks or cyberattacks that were non-attributed. But we now have drone attacks or drone flights in Europe that come from God knows where, but they're Russian. We have Chinese routine harassment for more than a decade in the South China Sea. We have routine theft of intellectual property by China and North Korea, which in and of itself is a type of attack against our economy. But it's not necessarily a traditional gray zone attack. Because the people who are often involved in gray zone operations only see a certain number of colors on the palate. But the theft of intellectual property is just another form of attack.

We're in that kind of a world and the people who are running the countries, they don't need to launch a war per se. They need to launch a series of short, sharp conflicts. Or short, sharp attacks. Now they said these could lead to a war if people believe we don't care about certain areas. And I do think there is the issue of what could happen in Taiwan in 2026. That should be a worry for everyone.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

The Cipher Brief
A Trained Eye Sees Strategic Patterns in Venezuela 4 January 2026 at 15:59

A Trained Eye Sees Strategic Patterns in Venezuela

The Cipher Brief

By: Suzanne Kelly

4 January 2026 at 15:59

OPINION -- Venezuela presents a long-standing challenge tied to narcotics trafficking and transnational criminal networks. For years, the country has functioned as a major transit hub for illicit drug flows, money laundering, and organized crime, with direct consequences for U.S. domestic security and for stability across the Western Hemisphere. These realities alone justify sustained U.S. attention.

But criminal activity does not explain Venezuela’s full strategic significance. What distinguishes Venezuela today is not only the scale of illicit activity, but the conditions surrounding it: political isolation, economic dependence, weakened institutions, and contested legitimacy.

These conditions are familiar. These are precisely the environments external adversarial powers exploit in the gray zone to embed influence and preserve leverage without crossing the threshold of open conflict.

In such settings, influence is not imposed abruptly. It is embedded gradually, normalized through routine engagement, and retained for use when pressure mounts. That method, rather than any single triggering event - is what places Venezuela squarely within the scope of longer-term U.S. strategic concern.

Assessing Venezuela this way does not require assumptions about covert orchestration or crisis direction by outside states. It requires recognizing a recurring competitive approach that has played out repeatedly in fragile and isolated systems: establish access early, avoid responsibility for governance, and preserve optionality as conditions deteriorate.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

A Pattern Observed Across Multiple Theaters

Recent Cipher Brief analysis has highlighted that strategic competition increasingly unfolds below the threshold of armed conflict. In states facing internal stress or external isolation, influence is rarely asserted through overt coercion. Instead, it is accumulated through sustained presence, access to institutions, and normalization of engagement — creating leverage that can be exercised selectively during moments of crisis.

This pattern is not theoretical. It is consistent across actors and regions, even where tactics differ.

China: Economic and Technical Presence as Strategic Infrastructure

China’s approach relies on economic and technical engagement as strategic infrastructure. Commercial projects, administrative systems, and digital platforms provide access long before crises emerge. Over time, this presence enables intelligence collection, political influence, and situational awareness without requiring overt security commitments or visible military footprints.

The value of this approach lies in patience. By embedding early and remaining engaged through periods of instability, China preserves optionality when political alignments shift or governance weakens. Influence accumulated quietly can later be activated to protect strategic equities, shape outcomes, or constrain competitors’ freedom of maneuver.

This model avoids ownership. It does not require Beijing to stabilize fragile states or assume responsibility for their internal failures. Access is sufficient. Optionality is the objective.

Russia: Security Engagement and Access Without Ownership

Russia applies a more security-centric variant of the same logic. Moscow’s engagement with sanctioned governments or non-recognized actors has repeatedly prioritized intelligence access, operational insight, and regional buffers rather than political alignment or long-term stabilization.

By maintaining relationships across formal and informal power structures, Russia ensures continued relevance during periods of transition or escalation. This posture allows Moscow to influence events without absorbing the costs associated with governance, reconstruction, or economic support.

Here again, the emphasis is not control but access. Engagement is calibrated to preserve leverage while avoiding entanglement — a model designed to expand or contract as circumstances dictate.

Iran: Network Persistence and Crisis Adaptability

Iran’s approach centers on the durability of networks rather than institutions. Elite cultivation, security penetration, and proxy relationships are established early and maintained quietly. When political systems weaken or collapse, these networks remain intact.

The advantage is resilience. Preexisting relationships allow rapid recalibration during crises without the need to rebuild influence under pressure. This approach is particularly effective in environments where authority is fragmented and legitimacy contested.

Across cases, Iran’s method demonstrates how influence survives regime change when it is rooted in people, systems, and incentives rather than formal state structures.

Key Analytic Distinction

Across these approaches, a central distinction applies: Presence and enablement do not equal operational control. But sustained presence creates optionality — the ability to act, influence, or constrain outcomes when conditions shift. That optionality, accumulated quietly over time, is what allows external powers to convert instability into strategic advantage without triggering direct confrontation.

Venezuela as a Permissive Strategic Environment

Venezuela now exhibits many of the conditions that have enabled this form of competition elsewhere. Politically, it remains isolated and internally polarized, with contested legitimacy and eroded institutions. Economically, it is dependent on external partners and vulnerable to leverage through finance, energy, and technology. Strategically, it occupies a sensitive position - proximate to the United States, central to regional migration flows, and endowed with significant energy resources.

Open-source reporting has documented sustained external engagement consistent with these vulnerabilities. Chinese firms maintain long-term financial and energy exposure, while Chinese technology has been linked to state administrative and digital systems. Russia has pursued military cooperation and security ties with the Maduro government over several years. Iran has expanded defense-related cooperation, including activities now cited in U.S. sanctions actions.

None of this establishes direct operational control over events in Venezuela. That distinction matters. Modern competition does not depend on command-and-control relationships. It depends on positioning — ensuring access, protecting equities, and shaping the environment so that options exist when pressure mounts.

From this perspective, Venezuela is not an abrupt escalation point. It is the maturation of a permissive environment.

U.S. National Interests at Stake

Viewed through this lens, the U.S. interests implicated extend beyond narcotics enforcement.

Security and Intelligence Access: Adversarial access or technical presence in the Western Hemisphere creates intelligence and counterintelligence risks. Proximity amplifies the strategic consequences, particularly during crises when early warning and situational awareness are decisive.

Regional Stability: Venezuela’s instability already fuels migration flows, strains neighboring states, and sustains criminal economies. External actors that selectively stabilize the regime — without addressing governance or legitimacy - risk prolonging instability while insulating it from internal pressure.

Energy and Economic Leverage: Venezuela’s energy sector remains strategically significant. External involvement that secures preferential access or shields operations from pressure can distort markets and complicate sanctions, reducing U.S. leverage over time.

Alliances and Credibility: Regional partners watch not only U.S. actions, but their durability. Episodic pressure without strategic continuity reinforces perceptions that U.S. engagement is temporary, a perception that competitors routinely exploit.

The Risk of Tactical Action Without Strategic Effect

Military or law-enforcement action can disrupt illicit networks and impose immediate costs. But disruption alone rarely dismantles the access structures external powers cultivate over years.

When political or economic stress intensifies, those structures often remain intact, allowing competitors to protect their equities and adapt quickly. Pressure that is not paired with a longer-term access-denial strategy risks plateauing or incentivizing deeper external involvement.

In Venezuela, criminal disruption addresses symptoms. It does not, by itself, degrade the political, economic, and intelligence ecosystems that enable adversarial positioning. Without sustained follow-through, tactical success can coexist with strategic stagnation.

Narrative, Legitimacy, and the Competitive Space

Competition below the threshold of war is also a contest over legitimacy. External powers rarely challenge U.S. actions on operational grounds alone. Instead, they exploit ambiguity, sovereignty narratives, and perceptions of disproportion.

These narratives gain traction when objectives appear narrow, temporary, or disconnected from a broader political strategy. Countering them does not require rhetorical escalation. It requires clarity, about purpose, duration, and the outcomes the United States seeks to prevent or enable.

Strategic Implications Going Forward

Venezuela should be assessed as part of a broader competitive environment in which external actors exploit fragility, isolation, and economic dependence to secure enduring access.

Experience from other regions points to several implications:

Denying durable access matters more than disrupting individual activities.

Time favors persistent presence over episodic pressure.

Clarity of purpose constrains adversarial narratives.

Regional confidence and allied coordination reduce competitive space.

In this environment, success is measured not only by disruption, but by whether competitors are prevented from converting instability into lasting advantage.

Venezuela reinforces a familiar reality: in an era of competition below the threshold of war, strategic outcomes are shaped less by single actions than by whether access, influence, and legitimacy are denied over time.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Cipher Brief
2025: 10 Events That Changed the World 22 December 2025 at 06:00

2025: 10 Events That Changed the World

The Cipher Brief

By: Ethan Masucol

22 December 2025 at 06:00

SPECIAL REPORT — In a turbulent year, one of the biggest national security stories came in the form of a document.

The administration’s National Security Strategy (NSS), released earlier this month, upends longstanding U.S. policy toward allies and adversaries alike. It ranks drug trafficking and illegal immigration as top threats to U.S. security, places a heavy emphasis on the Western Hemisphere, criticizes Europe and downplays security challenges from China and Russia.

Eight years ago, Trump's first NSS said that “China and Russia challenge American power, influence, and interests, attempting to erode American security and prosperity.” The new NSS doesn’t name Russia as a threat to the U.S. – stating instead that “strategic stability with Russia” is a goal of American policy. Europe is presented as a bigger challenge; the U.S. should “help Europe correct its current trajectory,” which the NSS says has been damaged by immigration and a risk of “civilizational erasure.”

As for China, the document focuses on economic competition – trade, infrastructure, and technology. References to Taiwan and the South China Sea come later, and they include warnings that other Asian nations must carry a greater burden; “the American military cannot, and should not have to, do this alone.”

“The north star of great-power competition with China and Russia—around which the first Trump administration built bipartisan consensus—is gone,” Rebecca Lissner, Senior Fellow for U.S. foreign policy at the Council on Foreign Relations, wrote of the new NSS. The objective now, she said, is a “mutually advantageous economic relationship with Beijing.”

Not surprisingly, European leaders were furious about the pivot to a more Russia-friendly posture, and what the European Council President called “political interference” in the affairs of Europe.

Glenn Corn, a former CIA Senior Executive, called the document’s treatment of Europe a “shock.”

“Europeans are not the enemy,” Corn told The Cipher Brief. “And I doubt the Russians will stand side by side with us on the battlefield and support us the way that our European partners have done.”

The new NSS won praise from at least one global capital. Kremlin spokesman Dmitry Peskov said its emphasis on restoring strategic stability with Moscow “correspond in many ways” to Russia’s own vision.

Infographic with a map of the Americas showing the areas where the United States has carried out attacks against alleged drug trafficking boats in the Caribbean Sea and the Pacific Ocean since September 2, 2025, as well as the number of people killed in these attacks, as of December 16 (Graphic by AFP via Getty Images)

Missiles on the Water

While the focus on narcotrafficking was clear from the early days of Trump’s second term, the heavy U.S. military deployments and air strikes in the Caribbean took experts by surprise. The aerial campaign began with a September missile attack on a small boat that killed 11 people; a second strike that day took the lives of two survivors who were clinging to the upturned vessel. The follow-on strike sparked criticism in Congress – including from Republicans – and charges that it might have violated maritime laws.

As of mid-December, at least 25 strikes had followed, including some in the Pacific, resulting in the deaths of more than 90 people alleged to have been smuggling drugs on the water. The Trump administration justified the attacks as necessary to stem a flow of fentanyl – which Trump labeled “a weapon of mass destruction” that has killed tens of thousands of Americans. Legal experts questioned whether passengers in these boats — even if they were found to have been carrying narcotics — could be considered enemy combatants. Others noted that fentanyl and its precursors are sourced primarily from China and Mexico — not Venezuela.

A separate question loomed, as the year wound down: were the strikes a prelude to military action against Venezuela, and its president, Nicolas Maduro?

Beyond the U.S. military buildup, there were several signs in December that a move against Venezuela may be in the offing: reports that the U.S. was exploring “day-after” scenarios in the event of Maduro’s ouster; the seizure of a Venezuelan tanker that was said to be transporting sanctioned oil to Iran; and President Trump’s December 16 announcement of a naval blockade of sanctioned oil tankers from Venezuela.

“Maduro has become the epicenter for a range of activities the U.S. is determined to roll back,” Ambassador Patrick Duddy, Former U.S. Ambassador to Venezuela, told The Cipher Brief. “Seizure of the oil tanker signals that the U.S. has decided to take more active measures to achieve its goals.

Infographic with a map showing the location of strikes carried by Israel against Iran since June 13, 2025, according to data reported by the ISW (Graphic by AFP) (Graphic by VALENTINA BRESCHI,SYLVIE HUSSON,OLIVIA BUGAULT/AFP via Getty Images)

The U.S. and Israel Attack Iran

It would have been unthinkable only two years ago: a U.S.-Israeli war against Iran that provoked almost no meaningful response.

The attacks came in June – Israeli strikes on Iran’s nuclear sites and military infrastructure that were followed by American airstrikes on three nuclear installations. Iran fired missiles at a U.S. base in Qatar but its overall retaliation was minimal, a consequence of earlier Israeli campaigns that weakened Iranian air defenses and its various militias in the Middle East. The 12-day war damaged elements of Iran’s nuclear program and laid bare a tectonic shift in the region: Iran and its “axis of resistance” had been badly weakened.

For decades, war-gaming scenarios had warned that any attack against Iran would carry risks of a conflagration, given the likelihood of a coordinated response from Iran, Hezbollah, Hamas and the Houthi militia in Yemen. Now the paradigm has shifted.

“The U.S. joined Israel in military operations and people thought that had been a red line in the past,” Norman Roule, a former National Intelligence Manager for Iran at ODNI, told The Cipher Brief. “For the nuclear negotiations and other talks going forward, Iran now has to deal with a new world where there is this precedent.”

As the year ended, Iran remained a shell of what it had been, and reports suggested its leaders were conflicted about the way forward. Would the country recognize its weaknesses and move towards a rapprochement with the West — a move that might bring sanctions relief and usher in a new security dynamic in the region? Or would hardliners carry the day, resorting to one of the last levers Iran has – its nuclear program?

“If you're in Iran, you have to make a strategic decision,” Roule said. “‘If we restart the program, will the United States and Israel attack?’ They've got to ask, ‘If we do this, will we survive?’”

U.S. President Donald Trump and Ukrainian President Volodymyr Zelensky meet in the Oval Office at the White House on February 28, 2025 in Washington, DC. (Photo by Andrew Harnik/Getty Images)

Zelensky’s Oval Office Blowup – and the Rollercoaster that Followed

For Ukraine’s President Volodymyr Zelensky, 2025 brought wild swings of fortune, on the battlefield and in the global halls of power.

An Oval Office meeting on February 28 marked the low point – the encounter during which President Trump and Vice President JD Vance berated Zelensky for what they saw as insufficient gratitude towards the U.S. and – in Trump’s words – a failure to understand that Ukraine “has no cards” in the war against Russia.

The meeting “was a horrible disappointment and almost a shock to the system,” former NATO Supreme Allied Commander General Philip Breedlove told us that day. “There was only one winner…and that is Vladimir Putin.”

But fortune’s wheel took turns in Zelensky’s favor. Trump’s subsequent meetings with Zelensky – at the Vatican in April and the June NATO summit – warmed the relationship; the NATO summit itself saw Trump pivot back toward the alliance and its support for Ukraine; and then – in a startling outburst – Trump in July turned his ire towards Russian President Vladimir Putin. “We get a lot of bull**** thrown at us by Putin,” Trump said.

Alas for Zelensky, at year’s end the pendulum looked to have swung back once more. Trump’s envoys were again pushing Russia-friendly peace proposals, which included the surrender of territory beyond what Russia has already occupied. In an interview with Politico, Trump said of Zelensky, “He’s gonna have to get on the ball and start accepting things…cause he’s losing.” It sounded like a gentler version of the treatment Zelensky had gotten on that February day in the Oval Office.

Photo by Wojtek Laski/Getty Images

A Tu-95 bomber aircraft takes off for a night patrol flies out of Engels-2 airbase on August 7, 2008 in Engels, Russia. (Photo by Wojtek Laski/Getty Images)

Operation “Spiderweb” – and What Came After

It was Ukraine’s greatest military success in 2025 – and it happened far from Ukrainian territory. An operation dubbed “Spiderweb” smuggled 117 drone weapons into Russia and unleashed them against several airfields on June 1, damaging or destroying dozens of Russian warplanes. The mission was months in the planning, the drones were smuggled on prefabricated cabins disguised as hunting lodges, and unsuspecting Russians were paid to drive the trucks that moved the cabins.

“Spiderweb” showcased Ukraine's special operations capabilities and was followed by more long-range sabotage. As The Cipher Brief reported, subsequent attacks targeted Russian refineries and other sites tied to the oil sector.

“It’s very impressive,” Balazs Jarabik, a former European Union diplomat and analyst for RPolitik, told The Cipher Brief. The energy-sector attacks, he said, were “making the Russian war effort more expensive, and creating shortages so the Russian people feel the pain of the war.”

By year’s end, Ukraine had carried out an estimated 160 strikes on Russia’s oil sector – the campaign reached as far as the Siberian city of Tyumen, some 1200 miles east of Moscow, and included strikes against vessels alleged to be working in Russia’s so-called "shadow fleet” of tankers carrying sanctioned oil.

“Ukraine’s theory of victory now includes destroying Russia’s energy sector,” Lt. Gen. Ben Hodges, a former commander of U.S. Army Forces in Europe, told The Cipher Brief. “They’ve developed capabilities that can reach great distances with precision, exposing Russia’s vulnerability – its inability to protect critical infrastructure across its vast landscape.”

Palestinians flock to the Netzarim Corridor to receive limited food supplies as hunger deepens across Gaza amid ongoing Israeli attacks and blockade, on August 4, 2025. (Photo by Hassan Jedi/Anadolu via Getty Images)

A Peace Deal for Gaza

It was President Trump’s signature diplomatic achievement: a truce in Gaza reached just days before the two-year anniversary of Hamas’ October 7, 2023 massacre.

The deal’s first phase took hold, albeit in violent fits and starts – the return of hostages, the freeing of Palestinian prisoners in Israeli jails, and a fresh flow of international aid for Gaza. But that may have been the easy part. As the year drew to a close, there were sporadic breaks in the ceasefire, and the fate of the deal’s next phases remained unclear.

The Trump administration’s plan for Gaza included the deployment of an international stabilization force and creation of an international “Board of Peace” (led by Trump himself) to oversee the implementation of the next phases – the transition of governance to Palestinians not affiliated with Hamas, and the beginning of a multi-billion-dollar reconstruction. The deal also included language offering a conditional pathway to Palestinian autonomy over its territories.

But as of mid-December, the announcement of the Board had been delayed, and the New York Times reported that while the U.S. was pressing other nations to contribute troops to a 8,000-member force for Gaza, it had yet to win any commitments. Countries were said to be worried their troops might be ensnared in fresh fighting; and the UN Security Council resolution to deploy the force gave no precise terms of engagement. Nor was there agreement on the makeup of a transitional government.

As these hurdles appeared, reports suggested Hamas was rebuilding its presence in the territory.

“Who’s really calling the shots there?” Ralph Goff, a former CIA Senior Executive, asked at The Cipher Brief’s annual Threat Conference, speaking of the uncertainty inside Gaza. “I remain pretty pessimistic on the idea of any kind of internal governing force being able to compete with Hamas at this point.”

By year’s end, two things were clear: the Gaza ceasefire itself was a welcome achievement after two years of carnage; and uncertainty hung over the truce’s critical next phases. This was one major story that will continue to unfold — with hope but also apprehension — well into 2026.

The commissioning and flag-presenting ceremony of the Fujian, China's first aircraft carrier equipped with electromagnetic catapults, is held at a naval port in Sanya City, south China's Hainan Province, on Nov. 5, 2025. (Photo by Li Gang/Xinhua via Getty Images)

China's Military Boom

China held a “Victory Day” parade in September – its way of marking 80 years since the end of World War II – and it was above all a show of military prowess. 12,000 troops marched alongside an arsenal of newly-minted battle tanks and rocket launchers, drone weapons and hypersonic missiles, and more. It was a fitting symbol for a year in which China turbocharged its military buildup.

As The Cipher Brief reported, China took a “leap forward” in drone weaponry in 2025: a huge new “stealth endurance drone,” mosquito-sized “micro drones,” and the deployment of a new “drone mothership.” The latter, known as the Jiu Tian, was billed as the world’s largest drone carrier – an 11-ton aircraft that is itself an uncrewed aerial vehicle. According to the South China Morning Post, the Jiu Tian can hold 100 smaller UAVs and carry them more than 4,000 miles.

“They have the production, they have large inventory and now they also have the AI,” Dr. Michael Raska, a professor at the Military Transformation Programme at the S. Rajaratnam School of International Studies, told The Cipher Brief. “With all these combined, they have been experiencing a leap forward in the quality and quantity of all their drones.”

China also made leaps in maritime power. In November, the People’s Liberation Army Navy (PLAN) commissioned the 80,000-ton Fujian, the country’s third aircraft carrier and largest to date. A week later came news that the Sichuan, one of the world’s largest amphibious assault ships, would be ready for deployment next year.

Retired Rear Admiral Mike Studeman, a former Commander of the Office of Naval Intelligence, told The Cipher Brief that China had achieved its longstanding goal of building “a world-class Navy,” which had surpassed the size of the U.S. fleet.

“It's not just not in the numbers, it's in the quality,” RADM Studeman said. “These ships are modern by any standard.”

“It's impressive,” another former Rear Admiral, Mark Montgomery, told The Cipher Brief. “They're building a hundred merchant ships for every one we build, and two warships for every one we build.”

The Trump Administration issued an executive order in April to jumpstart the U.S. shipbuilding industry and restore “American maritime dominance,” but experts said the U.S. faces an uphill road. As The Cipher Brief reported, China is on track to have a 425-ship fleet by 2030, while the U.S. Navy currently has fewer than 300 deployable battle-force vessels – a total which may drop as aging ships are retired faster than new ones are put to water.

Police cars are seen on November 17, 2025 close to the railways that were damaged in an explosion on the rail line in Mika, next to Garwolin, central Poland, after the line presumably was targeted in a sabotage act. (Photo by Wojtek Radwanski/AFP via Getty Images)

Europe Wakes Up to the “Gray-Zone” War

2025 was the year when Europe formally recognized – and began to respond to – a growing threat from the east: the so-called “gray-zone” war attributed to Moscow.

These attacks mushroomed in 2025 – from cyberattacks to railway bombings, the cutting of undersea cables to drone incursions into Poland and the Baltic states, and more. Experts said they were designed to be difficult to trace, and non-kinetic, so as not to draw a military response; as The Cipher Brief reported, the Kremlin was likely “aiming to create disruption without triggering escalation.”

But there were also signs that European leaders were waking up to the gravity of the threat.

NATO’s Secretary General Mark Rutte warned repeatedly of the dangers, and the alliance moved to improve detection and deterrence measures.

Nations took steps of their own. Finland acquired hundreds of drone jammers and outfitted border forces with high-end drone detectors; leaders from Poland, the Czech Republic and the Baltic states said they might shoot down Russian aircraft if Moscow continued its provocations; in a September speech to the United Nations, Polish Foreign Minister Radoslaw Sikorski went so far as to warn Moscow that “if another missile or aircraft enters our space without permission, deliberately or by mistake, and gets shot down and the wreckage falls on NATO territory, please don’t come here to whine about it.”

Even nations far from the Russian frontier were waking up to the dangers; Ireland unveiled a €1.7 billion, five-year defense plan that included systems to counter drones and protect undersea cables from Russian sabotage. And in her first public speech, MI6 chief Blaise Metreweli described the gray-zone threat bluntly: “The new frontline is everywhere,” she said.

Writing in The Cipher Brief, former Senior CIA Executive Dave Pitts stressed the need “to change the risk calculation.”

“We need to think of deterrence and response as a team sport - an Article 5 mindset,” Pitts wrote. “Gray-zone attacks that go unanswered reward our adversaries and reinforce the idea that there are more gains than risk…and encourage more attacks.”

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

Heavy trucks haul earth and rock at the construction site of Wubian Xiangshang Reservoir on the top of Pandao Mountain in Zhangye, China, on March 3, 2025. (Photo by Costfoto/NurPhoto via Getty Images)

America’s Rare Earth Crisis

Not long ago, rare earth minerals rarely made global headlines. 2025 was the year when that changed. And for the U.S. government, it was also the year in which rare earths took center stage.

Two basic facts underscored the urgency: rare earths are essential building blocks for everything from smart phones to home appliances to cars to all manner of military equipment and weapon systems; and China now produces an estimated 60 percent of the world’s rare earths and processes nearly 90 percent of them. The U.S. Geological Survey said that in 2024, the U.S. imported more than 95 percent of the total rare earths that it consumed.

Those realities spurred multiple U.S. efforts to change the dynamic: deals with Australia and Japan; negotiations with other resource-rich countries, including Congo, Indonesia, Kazakhstan and Malaysia; and threats to annex mineral-rich Greenland. Even the negotiations with Russia and Ukraine reportedly included plans for U.S. firms to invest in rare-earth extraction in Russia.

China’s imposition of rare-earth export restrictions only heightened the concerns – and while those were lifted as part of a deal with Washington, the message was clear: China’s rare-earths dominance now poses a huge problem for the U.S., and gives China a powerful lever in any future negotiations with Washington.

Susan Miller, a Former Assistant Director of the CIA’s China Mission Center, called the rare earth access “vital” to U.S. technology and national security.

“We democracies must do more to assure we have continuous access to these metals, and we also need to start producing more,” Miller told The Cipher Brief. “All democracies must focus on this issue; we must act now.”

$Intel Chiefs Detail Top Threats \u2013 and Get a Grilling Over Signal Leak$

Then-National Security Agency Director General Timothy Haugh, FBI Director Kash Patel, Director of National Intelligence Tulsi Gabbard, Central Intelligence Agency Director John Ratcliffe, and then-Defense Intelligence Agency Director Jeffrey Kruse appear during a Senate Committee on Intelligence Hearing on March 25, 2025 in Washington, DC. (Photo by Andrew Harnik/Getty Images)

The Overhaul of the Intelligence Community

Before his return to the White House, Donald Trump promised to remake the U.S. intelligence community (IC). “We will clean out all of the corrupt actors in our national security and intelligence apparatus,” Trump said soon after the 2024 election.“The departments and agencies that have been weaponized will be completely overhauled.”

In 2025, it was a promise he kept.

There were widespread cuts in staffing at the CIA, FBI, and the Cybersecurity and Infrastructure Security Agency (CISA), and the biggest reductions appeared to come at the Office of the Director of National Intelligence (ODNI), which coordinates the 18 agencies of the IC. Roughly 40% of ODNI staff were cut, including the elimination or consolidation of the Foreign Malign Influence Center and some cyber threat units into other agencies.

Other high-level dismissals drew particular attention: National Intelligence Council acting head Mike Collins was fired after presenting an assessment on Venezuela that contradicted the White House line; and NSA Director Gen. Timothy Haugh lost his job after Trump “influencer” Laura Loomer questioned his loyalty to the administration.

Depending who you asked, the changes were a much-needed streamlining of a bloated intelligence apparatus; a reorganization to focus less on Russia and China and more on border security and drug trafficking; or a Trump-driven retaliation against institutions and individuals he had blamed for investigations or views with which he disagreed.

The high-level firings troubled several experts. Jon Darby, a longtime NSA veteran who served as director of operations, told The Cipher Brief he was “very disheartened” by Gen. Haugh’s ouster. “We need an explanation of the underlying rationale,” he said.

Beth Sanner, a Cipher Brief expert who served as Deputy Director for National Intelligence at ODNI, warned of a broader politicization of the IC.

“The intelligence community is not like asking people to hit the easy button and the ‘I agree with you’ button,” she said. “That's not our role. Our role is to say what we think and why we think it…The intelligence community isn't always right. But when done correctly and behind closed doors, I cannot understand why anybody would say that presenting an intelligence assessment that disagreed with policy needed to stop, or was an example of deep state. It's not. And it's really important.”

All that said, the nature of the IC makes it difficult, even at the end of a tumultuous year for the various agencies, to know precisely what the impact of the “overhaul” has been – or will be in the future.

Fingers on laptop. (Photo by Silas Stein/picture alliance via Getty Images)

A Cybersecurity “Watershed”

It seemed like a headline from a science fiction journal. An artificial intelligence system had conducted a large-scale espionage operation.

But it wasn’t science fiction – or fake news. The AI giant Anthropic confirmed the first real-world case of the use of an AI system to do exactly that.

“Today marks a watershed in cybersecurity,” Jennifer Ewbank, a former Deputy Director of the Central Intelligence Agency for Digital Innovation, told The Cipher Brief. “AI has now crossed from tool to operator,” Ewbank said, “blurring the line between human intent and machine execution...a threshold has been crossed.”

Anthropic said that Chinese state-sponsored hackers had exploited its Claude AI system to carry out cyberattacks on corporations and foreign governments in September, and that the hackers had succeeded with only minimal human oversight. Anthropic’s threat intelligence chief said the campaign had targeted about 30 entities, and represented a new level of AI-enabled hacking. The hackers posed as security auditors and successfully breached several systems, accessing privileged accounts and private data before being blocked.

The good news? The number of breaches and scale of the damage appeared small, and no U.S. government agencies were compromised. But the incident gave ammunition to doomsayers who have warned of AI nightmares – and showed that AI is already a valuable tool for hackers and state-backed cyber operations.

Experts called it the latest code-red warning for securing AI systems and deploying effective cyber defenses. As Ewbank put it, “This is no longer a hypothetical threat being researched in a lab.”

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief.

The Cipher Brief
Russia is Waging a Sabotage Shadow War on Europe 10 December 2025 at 13:10

Russia is Waging a Sabotage Shadow War on Europe

The Cipher Brief

By: Ethan Masucol

10 December 2025 at 13:10

DEEP DIVE — In the darkness of night on November 15, a massive explosion ripped through a stretch of the Warsaw-Lublin railway line close to Mika, Poland, severing a critical logistics route used to ship military equipment and aid eastward from Warsaw toward the Ukrainian border.

The blast, caused by a C-4 explosive device, damaged the tracks and a passing freight train’s wagon floor, halting rail traffic and sending ripples of alarm through Poland, one of Ukraine’s staunchest allies.

Polish authorities quickly confirmed sabotage, charging three Ukrainian nationals — Oleksandr K., Yevhenii I., and Volodymyr B. — with executing the plot under Russian direction. The incident was not a lone act but part of a growing wave of covert operations targeting railways, ports, and pipelines across Europe, aimed at undermining support for Kyiv.

Ivana Stradner, a research fellow at the Foundation for Defense of Democracies, characterizes these actions to The Cipher Brief as Russia “waging a long, low-cost pressure campaign that targets not only the battlefield but everyday life across EU countries.”

Polish prosecutors outlined the operation’s chilling precision. In September 2025, Volodymyr B., arrested on November 20 and charged on November 22, drove Yevhenii I. to the sabotage site for reconnaissance, enabling the selection of the explosive placement. Oleksandr K. and Yevhenii I., the primary perpetrators acting on behalf of Russian intelligence, planted the device and a metal clamp intended to derail a train, then fled to Belarus, where Poland’s extradition requests remain pending.

Immediately following the attack, Foreign Minister Radoslaw Sikorski characterized it as “state terror.” Warsaw closed Russia’s last consulate in Gdansk, and thousands of soldiers were deployed nationwide to protect critical infrastructure. The Kremlin, nonetheless, rebuffed the accusations as “Russophobia” and vowed to retaliate by severing Polish diplomatic ties. This exchange of moves points, however, to a larger trend: the use of subtle, sophisticated attacks aimed at crippling Ukraine’s supply lines without triggering a full-blown escalation.

Proxies in the Shadows: Recruiting the Unwitting

Moscow’s strategy for sabotage is built on proxies, using local citizens and displaced people to carry out attacks and maintain Russia’s plausible deniability. The situation in Poland is particularly disturbing, where the involvement of Ukrainian nationals exposes an aggressive recruitment campaign aimed at vulnerable youth from their war-torn home country. Ukrainian security services have documented a sharp rise, reporting that Russian operatives have entrapped over 170 minors in the last 18 months, often luring them through Telegram channels disguised as job boards or casual chats.

The recruitment base consists of migrants from Eastern Europe and Russian-speaking citizens of countries where the sabotage operations are carried out. They are often individuals with criminal histories or financial problems. What begins as innocuous tasks — snapping photos of buildings or mailing postcards — escalates to planting bombs or torching vehicles, often with payments that seem too good to refuse.

Head of Ukraine’s National Police Juvenile Prevention Department, Vasyl Bohdan, described the ploy’s subtlety: “For the most part, the children don’t understand what is happening, or that it’s very serious.” Experts note that Russian operatives often begin by masquerading as sympathetic figures to build trust with their targets. Once the relationship is established, they leverage compromising material to secure compliance through blackmail. In one recent instance in Ivano-Frankivsk, two teenagers were promised $1700 each and thus embedded a device that detonated remotely, killing one and maiming the other.

“Russia’s intelligence services use Ukrainians inside NATO states because it blurs the political story and creates deniability, especially since many recruits are young, economically vulnerable, and have no prior ideological profile,” Natalya Goldschmidt, CEO of Lightning Associates LLC, a strategic geopolitical consulting firm focusing on Russia, Eurasia, and Latin America, tells The Cipher Brief. “Most of the initial interactions now happen through encrypted apps and seemingly low‑stakes’ tasks, such as taking photos of infrastructure, moving small packages, or counting vehicles, which makes these pipelines hard to spot before an operation moves from reconnaissance to action."

Ukraine’s countermeasures have gained traction, with police and NGOs flooding schools and camps with warnings, partnering with celebrities like boxer Oleksandr Usyk to drill home the dangers. Reports of attempted recruitments have surged to 74 this year, and successful cases have plummeted, as Bohdan noted: the number of successful child recruitment cases has decreased “exponentially over the past year.”

According to Goldschmidt, Moscow’s hybrid operations and cognitive warfare are most effective against a Europe already fragmented by domestic political crises, economic fatigue, and unresolved debates over migration and identity.

“The most worrying escalation over the next year or so is not one spectacular act, but a carefully timed cluster of incidents that together amount to a strategic shock: rail disruptions and warehouse fires at a critical moment for aid to Ukraine, damage to energy or data links in Northern Europe, and Russian drones killing or seriously injuring someone on NATO territory, all wrapped in enough ambiguity to delay a unified response,” she cautioned.

This proxy model extends well into Europe.

In October, Romanian intelligence smashed a parallel operation by arresting two Ukrainian citizens. The pair had smuggled bomb components — incendiary devices disguised in car parts and headphones — into Bucharest, targeting the Nova Post headquarters, a Ukrainian courier firm moving vital aid. In addition to thermite and barium nitrate, the packages included counter-surveillance measures, exhibiting classic Russian tradecraft. According to investigators, the duo is part of a wider network acting under Moscow’s direction, which has allegedly targeted Nova Post sites in Poland and elsewhere.

The threat became clearer that same week when Poland detained eight suspects tied to planned infrastructure attacks. Officials in Europe attribute these coordinated operations to Russian elite formations, notably GRU Unit 29155. General Andrei Averyanov leads the unit and is part of a dedicated sabotage hub under General Vladimir Alekseev, which marshals over 20,000 Spetsnaz operatives.

Hybrid Echoes: Testing the Article 5 Threshold

The sabotage wave laps at diverse shores, blending old-school explosives with cutting-edge disruptions to fray Europe’s logistical sinews.

There have been several cases of undersea fibre cable damage or destruction in the Baltic under murky circumstances, prompting high-level investigations. From Germany to the Nordic states, prosecutors and security services have reported a pattern of suspected sabotage in fires and parcel-incendiary incidents that have scorched logistics hubs and defense manufacturing sites.

At the same time, GPS and navigation jamming across the Baltic and northeastern Europe has surged — European ministers and national regulators report daily interference that has disrupted flights and aviation operations, and they warn of substantial economic impacts. In September, mass drone overflights and cross-border incursions, including a large wave of drones into Poland and a 19-September violation of Estonian airspace by MiG-31s, prompted NATO consultations and temporary airport closures in the region.

These disruptions, while seemingly tactical, tie directly into a broader strategic calculus aimed at testing NATO’s unity and response mechanisms.

The strategic heart of the issue is NATO’s collective defense clause. Stradner also notes that, “Vladimir Putin has been candid about his desire to discredit NATO’s Article 5 in which members pledge to treat an attack against one ally as an attack against all.” She argues that because Putin, “Trained as a KGB operative, is well versed in so-called ‘active measures,’” his goal is to challenge the alliance.

Alexander Graef, Senior Policy Fellow at the European Leadership Network, however, contends to The Cipher Brief that “the actual impact of these sabotage acts on the flow of aid to Ukraine remains extremely limited.”

In his view, the activities are primarily aimed “less at disrupting logistics than at influencing public opinion in Western societies by trying to convince voters that further support for Ukraine carries unacceptable risks.” He stresses that this strategy “rests on a misreading of Western threat perceptions,” as such actions tend to “reinforce the opposite conclusion: that Russia is a growing danger and that support for Ukraine, as well as investment in defense, must increase further.”

“The Article 5 threshold remains deliberately high. Invoking it requires consensus within the North Atlantic Council. It is hard to imagine such agreement emerging in response to low-level sabotage, ambiguous incidents, or non-lethal disruptions,” Graef said. Therefore, Moscow does indeed appear to be “calibrating its operations to stay well below that line. Still, it is not achieving its intended political effects.”

George Barros, Russia Team & Geospatial Intelligence Team Lead at the Institute for the Study of War, concurs to The Cipher Brief that Russia is “boiling the frog and NATO member states have so far elected to not treat Russian acts of war against them as they truly are.”

“Russia has already passed the threshold with its sabotage actions, manned aircraft airspace incursions, and missiles entering the airspace of Poland and Romania. Russia seeks to normalize this activity so that NATO de facto approves a new normal, in which case we don’t treat Russian acts of war seriously,” he noted. “The West has far too long allowed Russia to operate against us with relative impunity. The West must seize the strategic initiative from Russia and begin imposing dilemmas on Russia.”

Yet even as these operations escalate, analysts say Russia is careful to keep them calibrated just below the line that would trigger NATO’s collective-defense clause.

The problem with Article 5, as experts observe, is that the ‘hybrid’ qualities of ambiguity and deniability – which, it is feared, Russia would manipulate to come close to the Article 5 threshold without reaching it – can paralyze the institutional and political mechanisms of collective defense.

“Putin does this all the time. It’s the same pattern — gray-zone hybrid operations run out of the GRU,” former CIA station chief Daniel Hoffman, tells The Cipher Brief. “Operating against enemies on foreign soil with impunity and facing no repercussions. They’re sending a message.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Fortifying the Front: Europe’s Counteroffensive

While concerns over Russian interference deepen, Europe tries to fortify its infrastructure. In response to September’s airspace breaches, EU defense ministers accelerated deployment of a “drone wall” along the eastern flank.

To harden against airspace violations, Graef advises that measures must be tailored, noting that while airspace violations require increased internal coordination, harmonized rules of engagement, and improved information sharing, sabotage is primarily the responsibility of “police, counterintelligence services, and judicial authorities.”

He maintains that if Russia’s objective is to weaken European support, then “demonstrating political unity is in itself an important countermeasure.”

Maksym Skrypchenko, nonresident scholar in the Russia Eurasia Program, points out that, from Kyiv’s purview, European governments’ measures to protect infrastructure are catastrophically insufficient.

“Russia is several steps ahead, while Europe is acting reactively rather than proactively. Russian embassies remain operational, and Russian tourists continue to travel, which is being exploited not only for information gathering and influence operations but also for sabotage,” he tells The Cipher Brief. “European countries need to start with basic steps: acknowledge that they have a single major threat. Once this acknowledgment happens, the next step should be decisive action – ceasing the purchase of Russian energy resources, blocking Russia’s shadow fleet, expelling Russian diplomat-spies, strengthening infrastructure protection, and investing in acquiring Ukrainian anti-drone systems, to name a few.”

While some analysts discuss limited, deniable counter-sabotage in response, Graef warns that “such activities carry significant risks.”

“They can easily fuel an action–reaction cycle without generating meaningful deterrent effects,” he asserted, highlighting that the focus should remain on strengthening resilience, improving attribution, and coordinating clear response thresholds rather than “entering a covert tit-for-tat that neither deters nor stabilizes.

In the face of this persistent, multi-layered threat, Stradner believes the ultimate answer lies in deterrence through strength.

“We should not fear escalations as kindness is weakness for Putin, and he only understands the language of power,” she noted, underscoring that the consequences of continued inaction and ambiguity in the face of Moscow’s “new generation warfare.”

“Until NATO resolves the lack of clarity regarding Article 5’s threshold for acts of aggression warranting collective defense, Russia will continue to sabotage without the consequences of all-out war, and the Western response to this hybrid war will remain reactive and insufficient,” Stradner added.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Cipher Brief
The War You Can’t See: Gray Zone Operations Are Reshaping Global Security 30 October 2025 at 13:22

The War You Can’t See: Gray Zone Operations Are Reshaping Global Security

The Cipher Brief

By: Brad Christian

30 October 2025 at 13:22

EXPERT PERSPECTIVE -- In the middle of the night, with no witnesses, a single ship flagged out of Hong Kong drags its anchor across the Baltic Sea. In silence, it severs a vital gas pipeline and the digital cables that link northern capitals. By morning, millions lose connectivity, financial transactions stall, and energy grids flicker on the edge.

The culprit vanishes behind flags of convenience, leaving blame circulating in diplomatic circles while Moscow and others look on, exploiting maritime ambiguity and the vulnerabilities of Europe's lifelines.

Meanwhile, in Warsaw and Vilnius, shoppers flee as flames engulf two of the largest city malls. Investigators soon discover the arsonists are teenagers recruited online, guided by encrypted messages, and paid by actors connected to hostile state agencies. The chaos sows fear, erodes social trust, and sends shockwaves through European communities—proxy sabotage that destabilizes societies while providing plausible deniability to those orchestrating the acts.

Thousands of kilometers away, Chinese dredgers and coast guard vessels silently transform disputed reefs into fortified islands in the South China Sea. With no declaration of war and no pitched battles, new airstrips and bases appear, steadily shifting maritime boundaries and economic interests. Each construction project redraws the strategic realities of an entire region, forcing neighbors and distant powers alike to reckon with incremental, shadowy coercion and efforts to change the status quo.

In early 2024, Chinese state-sponsored hackers, known as "Volt Typhoon," penetrated U.S data repositories and embedded themselves deep within the control systems of U.S. critical infrastructure, including communication networks, energy grids, and water treatment facilities.

Then-FBI Director Christopher Wray described it as a pre-positioning of capabilities by China that can be turned on whenever Beijing wanted - wreaking havoc and causing real-world harm to American citizens and communities. China has denied any connection to these attacks on U.S. sovereignty.

And just weeks ago, around 20 Russian drones violated Poland’s airspace. Russia’s denials were predictable and since then, Russian drones and jets have violated airspace in Romania, Estonia, and over the Baltic Sea.

Were these threats, tests of capability and resolve, provocations, or demonstrations—or maybe all of the above? Just as NATO will develop a set of lessons-learned for future incursions, it’s also likely that Russia learned from these episodes and will recalibrate future incursions.

Threaded almost invisibly through all of these gray zone activities, and countless others like them, is cognitive warfare—a persistent tool of our adversaries. It is an assault on cognition. The information and decision spaces are flooded with weaponized narratives, AI-powered disinformation, synthetic realities, and the coercive use of redlines and intimidation.

The goal is clear—deceive, change how we see the world, fracture societies, destroy faith in institutions and partnerships, erode trust, challenge and replace knowledge and belief, coerce and intimidate; and perhaps most importantly; undermine decision autonomy. It is here, in the crowded intersection of AI; cyber; traditional tools such as narratives and storytelling; and cognition; that today’s most urgent battles are fought.

These are all operations in the gray zone. We all use somewhat different terms for this, but let me share the definition of the gray zone that I think works well.

The gray zone is the geopolitical space between peace and war where adversaries work to advance their own national interests while attacking and undermining the interests of their adversaries and setting the conditions for a future war without triggering a military response.

We might refer to attacks in the gray zone as gray warfare. It is the domain of ambiguity, deniability, and incremental aggression calculated to limit deterrence and discourage persuasive response.

The 2026 Cipher Brief HONORS Awards are open for nominations. Find out more at www.cipherbriefhonors.com

Today, it is the space where global competition, particularly great power competition, is playing out.

Why are we seeing more gray zone activity today?

First, great power competition is intensifying. This includes great powers, middle powers, and impacts almost every other nation. Almost every nation has a role to play, even if involuntary: competitor, ally and supporter, enabler, spoiler, surrogate, or innocent bystander and victim. Like the African proverb says, “When elephants fight, it is the grass that suffers.”

But great powers will go to great lengths to avoid 21^st Century superpower conflict, primarily because of the fear of unintended losses and damage to national power that could take decades to recover. The catastrophic damage to nations and militaries from WWII are distant—but still vivid—reminders of the impact of a war of great powers.

Today, just look at the unprecedented loss of national power by Russia in indirect superpower conflict. Superpower conflict has consequences. Given these strategic considerations, the gray zone and gray warfare provide an effective strategic alternative to conventional war. Our adversaries have calculated that there are more gains than risks in the gray zone, and that any risks they do face are acceptable.

Second, technology levels the playing field, creating new opportunities for gray zone attacks. Cyberattacks, even those that are disrupted, lead to more effective cyber capabilities by our adversaries. AI-driven cognitive warfare now delivers persuasive content with unprecedented global access and immediacy. Small kinetic drones can be wielded by state and non-state actors to pose both kinetic and cognitive threats. Technology also enables adversaries to conceal their operations and increase non-attribution. Even simple technologies have the potential to generate strategic effects in the gray zone.

Third, surrogates and proxies offer expanded reach, ambiguity, and impact

Little Green Men, hired criminals, ghost ships, unknown assassins and saboteurs, and shadowy companies that help evade sanctions blur attribution, providing bad actors with a veneer of deniability while increasing their reach, impact, and lethality. On a broader scale, Houthi attacks on global shipping and North Korean soldiers fighting Ukraine elevate the effects of this ambiguous warfare to a higher level. This trend is likely to intensify in the future.

Fourth, it is important to address the direct impacts of Russia’s war on Ukraine on an increase in gray zone attacks. Russia’s significant loss of national power and limited battlefield gains have created pressure on the Kremlin to reassert relevance, project power, and potentially punish antagonists. This dynamic almost certainly means a continued escalation of gray zone activities targeting Europe and aimed at destabilizing the continent. Many experts believe the Baltics and the Balkans may be particularly vulnerable.

That Russian gray bullseye is crowded—the U.S. is also a traditional target, and more Russia activity to undermine and weaken the U.S. is coming, despite Putin’s offers of renewed diplomatic and economic cooperation.

Finally, there are more gray zone attacks because real deterrence and persuasive responses to gray attacks are challenging, and our adversaries know it. In other words, gray zone attacks in most cases are relatively low cost, often effective, provide a level of deniability, and frustrate efforts at deterrence and response.

Our adversaries have calculated that they can hide behind ambiguity and deniability to violate sovereignty, ignore national laws and international norms, and engage in activities such as political coercion, sabotage, and even assassinations without triggering an armed response.

This “no limits” approach exploits the openness, legal norms, and ethical standards of democratic societies, making coordinated, timely, and effective response more difficult.

So, what can we do?

The most important outcome of our actions is to change the risk calculation of our adversaries. Gray zone attacks that go unanswered reward our adversaries and reinforce the idea that there are more gains than risk in the gray zone and encourage more attacks. Further, our adversaries calculate, often accurately, that our reasonable concerns for avoiding escalation will lead to indecision, weak responses, or the acceptance of false choices.

We need improved and shared gray zone intelligence to see through the fog of disinformation, synthetic realities, false risks and threats, and an overload of information by our adversaries to understand what is taking place in the gray zone. This not only strengthens our operations to counter gray zone attacks but it helps our citizens, communities, and countries to understand, recognize, reject, and remain resilient in the face of gray zone attacks.

We have to employ “strategic daylighting” to expose and put into context the gray zone activity by our adversaries—stripping away deniability and laying bare nefarious and illegal actions—knowing that our adversaries will go to great lengths to conceal, defend, and attack our efforts to expose their activities.

We have to speak frankly and convincingly to our adversaries and of course, we have to back up our words with persuasive action. Empty warnings and rhetoric will fall short. Changing the risk calculation of our adversaries means real consequences across a broad spectrum—public, diplomatic, economic, legal, informational, or even kinetic. It means a strategy on how to respond - not just a series of hasty responses. Real deterrence will result from planning and strategy; not decisions in the moment based on immediate circumstances.

Finally, we need to think of deterrence and response as a team sport - an “Article 5 mindset.” Our adversaries will seek to divide and isolate. Collective, unified action and resolve can form a powerful deterrent.

Of course, none of this is new. All of us need a solid understanding of the problems and the likely best solutions and implementation remains the greatest challenge.

We can go a long way with a good strategy, good partners, and resolve which seems like a reasonable place to start.

This Cipher Brief expert perspective by Dave Pitts is adapted from a speech he recently delivered in Sarajevo. Comments have been lightly edited for clarity. All statements of fact, opinion, or analysis expressed are my own and do not reflect the official positions or views of the US Government. Nothing in my remarks should be construed as asserting or implying US Government authentication of information or endorsement.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Cipher Brief
Why the U.S. Is Losing the Cognitive Competition 16 October 2025 at 00:05

Why the U.S. Is Losing the Cognitive Competition

The Cipher Brief

By: Ethan Masucol

16 October 2025 at 00:05

EXPERT OPINION — In order for the U.S. to successfully compete for global influence against its adversaries and to avoid a kinetic fight, we must excel at cognitive warfare; that is military activities designed to affect attitudes and behaviors. This type of warfare is a subset of irregular warfare (IW) and combines sensitive activities to include information operations, cyber, and psychological operations to meet a goal. To develop these kinds of operations, the U.S. needs intelligence professionals who are creative and experts in their field. Additionally, the U.S. intelligence and operations sectors need to be comfortable working together. Finally, the U.S. needs decision makers who are willing to take risks and employ these methods. Without these components, the U.S. is doomed to fail in competing against its adversaries who practice cognitive warfare against us on a regular basis.

U.S. focus on IW and its subset, cognitive warfare, has been erratic. The U.S. struggles with adapting its plans to the use of cognitive warfare while our leaders have consistently called for more expertise for this type of warfare. In 1962, President Kennedy challenged West Point graduates to understand: "another type of war, new in its intensity, ancient in its origin, that would require a whole new kind of strategy, a wholly different kind of force, forces which are too unconventional to be called conventional forces…" Over twenty years later, in 1987, Congress passed the Nunn-Cohen Amendment that established Special Operations Command (SOCOM) and the Defense Department’s Special Operations and Low-Intensity Conflict (SO/LIC) office. Another twenty years later, then Secretary of Defense Robert Gates said that DoD needed “to display a mastery of irregular warfare comparable to that which we possess in conventional combat.”

After twenty years of best practices of IW in the counter terrorism area, the 2020 Irregular Warfare Annex to the National Defense Strategy emphasized the need to institutionalize irregular warfare “as a core competency with sufficient, enduring capabilities to advance national security objectives across the spectrum of competition and conflict.” In December 2022, a RAND commentary pointed out that the U.S. military failed to master IW above the tactical level. I submit, we have failed because we have focused on technology at the expense of expertise and creativity, and that we need to balance technology with developing a workforce that thinks in a way that is different from the engineers and scientists that create our weapons and collection systems.

Adversaries Ahead of Us

IW and especially cognitive warfare is high risk and by definition uses manipulative practices to obtain results. Some policy leaders are hesitant to use this approach to develop influence strategies which has resulted in the slow development of tools and strategies to counter our adversaries. U.S. adversaries are experts at IW and do not have many of the political, legal, or oversight hurdles that U.S. IW specialists have.

Chinese military writings highlight the PRC’s use of what we would call IW in the three warfares. This involves using public opinion, legal warfare, and psychological operations to spread positive views of China and influence foreign governments in ways favorable to China. General Wang Haijiang, commander of the People's Liberation Army's (PLA) Western Theatre Command, wrote in an official People’s Republic of China (PRC) newspaper that the Ukraine war has produced a new era of hybrid warfare, intertwining “political warfare, financial warfare, technological warfare, cyber warfare, and cognitive warfare.” The PRC’s Belt and Road Initiative and Digital Silk Road are prime examples of using economic coercion as irregular warfare. Their Confucius Centers underscore how they are trying to influence foreign populations through language and cultural training.

Russia uses IW to attempt to ensure the battle is won before military operations begin and to enhance its conventional forces. Russia calls this hybrid war and we saw this with the use of “little green men” going into Crimea in 2014 and the use of the paramilitary Wagner forces around the world. Russia also has waged a disinformation campaign against the U.S. on digital platforms and even conducted assassinations and sabotage on foreign soil as ways to mold the battle space toward their goals.

What Is Needed

U.S. architects of IW seem to primarily focus on oversight structures and budget, and less on how to develop an enduring capability.

Through the counterterrorism fight, the U.S. learned how to use on-the-ground specialists, develop relationships at tribal levels, and understand cultures to influence the population. The U.S. has the tools and the lessons learned that would enable a more level playing field against its adversaries, but it is not putting enough emphasis on cognitive warfare. A key to the way forward is to develop SOF personnel and commensurate intelligence professionals to support the SOF community who understand the people, the geography, and the societies they are trying to influence and affect. We then must go further and reward creativity and cunning in developing cognitive warfare strategies.

The Department of Defense and the intelligence community have flirted with the need for expertise in the human domain or social cultural sphere for years. The Department of Defense put millions of dollars into socio cultural work in the 2015-time frame. This focus went away as we started concentrating more on near peer competition. Instead, we focused on technology, better weapons and more complex collection platforms as a way to compete with these adversaries. We even looked to cut Human Intelligence (HUMINT) to move toward what some call a lower risk approach to collection—using technology instead of humans.

SOF personnel are considered the military’s most creative members. They are chosen for their ability to adapt, blend in, and think outside the box. This ingenuity needs to be encouraged. We need a mindful balancing of oversight without stifling that uniqueness that makes IW so successful. While some of this creativity may come naturally, we need to ensure that we put in place training that speaks to inventiveness, that pulls out these members’ ability to think through the impossible. Focused military classes across the services must build on latest practices for underscoring creativity and out of the box thinking. This entrepreneurial approach is not typically rewarded in a military that is focused on planning, rehearsals, and more planning.

Focusing on Intelligence and Irregular Warfare

An important part of the equation for irregular warfare is intelligence. This foundation for irregular warfare work is often left out in the examination of what is needed for the U.S. to move IW forward. In the SOF world, operators and intelligence professionals overlap more than in any other military space. Intelligence officers who support IW need to have the same creative mindset as the operators. They also need to be experts in their regional areas—just like the SOF personnel.

The intelligence community’s approach to personnel over the past twenty or so years works against support for IW. Since the fall of the Soviet Union, the intelligence community has moved from an expertise-based system to one that is more focused on processes. We used to have deep experts on all aspects of the adversary—analysts or collectors who had spent years focused on knowing everything about one foreign leader or one aspect of a country’s industry and with a deep knowledge of the language and culture of that country. With many more adversaries and with collection platforms that are much more expensive than those developed in the early days of the intelligence community, we cannot afford the detailed expert of yore anymore. The current premise is that if you know the processes for writing a good analytical piece or for being a good case officer, the community can plug and play you in any context. This means, we have put a premium on process while neglecting expertise. As with all things—we need to balance these two important aspects of intelligence work.

To truly understand and use IW, we need to develop expert regional analysts and human intelligence personnel. Those individuals who understand the human domain that they are studying. We need to understand how the enemy thinks to be able to provide that precision to the operator. This insight comes only after years of studying the adversary. We need to reward those experts and celebrate them just as much as we do the adaptable plug and play analyst or human intelligence personnel. Individuals who speak and understand the nuances of the languages of our adversaries, who understand the cultures and patterns of life are the SOF member’s best tool for advancing competition in IW. Developing this workforce must be a first thought, not an afterthought in the development of our irregular warfare doctrine.

CIA Director William Casey testified before Congress in 1981:

“The wrong picture is not worth a thousand words. No photo, no electronic impulse can substitute for direct on the scene knowledge of the key factors in a given country or region. No matter how spectacular a photo may be it cannot reveal enough about plans, intentions, internal political dynamics, economics, etc. Technical collection is of little help in the most difficult problem of all—political intentions. This is where clandestine human intelligence can make a difference.”

Not only are analytical experts important in support of IW but so are HUMINT experts. We have focused on technology to fill intelligence gaps to the detriment of human intelligence. The Defense Intelligence enterprise has looked for ways to cut its HUMINT capability when we should be increasing our use of HUMINT collection and HUMINT enabled intelligence activities. In 2020, Defense One reported on a Defense Intelligence Agency (DIA) plan to cut U.S. defense attaches in several West African countries and downgrade the ranks of others in eight countries. Many advocate for taking humans out of the loop as much as possible. The theory is that this lowers the risk for human capture or leaks. As any regional expert will tell you, while satellites and drones can provide an incredible amount of intelligence from pictures to bits of conversation, what they cannot provide is the context for those pictures or snippets of conversation. As Director Casey inferred, it is only the expert who has lived on the ground, among the people he/she is reporting on who can truly grasp nuances, understanding local contexts, allegiances, and sentiments.

While it is important to continue to upgrade technology and have specialists who fly drones and perform other data functions, those functions must be fused with human understanding of the adversary and the terrain. While algorithms can sift through vast amounts of data, human operatives and analysts ensure the contextual relevance of this data. Technologies cannot report on the nuances of feelings and emotions. The regional experts equip SOF operators with the nuanced understanding required to navigate the complexities that make up the “prior to bang” playing field. This expertise married with cunning and creativity will give us the tools we need to combat our adversary in the cognitive warfare domain.

Conclusion

The need for contextual, human-centric understanding for being able to develop plans and operations for cognitive warfare that can compete with our adversaries and keep us from a kinetic fight is paramount. Those who try to make warfare or intelligence into a science miss the truth, that to be proficient in either, art is a must. We need expertise to be able to decipher the stories, motives, and aspirations that make cognitive warfare unique. Regional intelligence experts discern the patterns, motives and vulnerabilities of adversaries; key needs for developing IW campaigns and for influencing individuals and societies. We need seasoned human intelligence personnel, targeters, and analysts who are experts on the adversary to be able to do this. We also need to develop and reward creativity, which is a must for this world.

We also have to be upfront and acknowledge the need to manipulate our adversaries. U.S. decision makers must concede that to win the next war, cognitive warfare is a must and it is essential for these leaders to take calculated risks to mount those campaigns to influence and manipulate.

The cost of cognitive warfare is but a rounding error when compared to the development of new technical intelligence collection platforms and the platforms’ massive infrastructures. This rounding error is a key lynchpin for irregular warfare and irregular warfare is our most likely avenue for avoiding a kinetic war. Human operatives, out of the box thinking, and expert analysts and human intelligence personnel are the needed bridges that connect data into actionable insights to allow our SOF community to practice the type of irregular warfare we have proven historically that the U.S..S. can provide and must provide to counter our adversaries and win the cognitive war we are currently experiencing.

Who’s Reading this? More than 500K of the most influential national security experts in the world. Need full access to what the Experts are reading?

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

The Cipher Brief
The Hidden Leverage of Digital Chokepoints 6 October 2025 at 10:59

The Hidden Leverage of Digital Chokepoints

The Cipher Brief

By: Ethan Masucol

6 October 2025 at 10:59

EXPERT PERSPECTIVE — When we think about the arteries of global power, images of oil pipelines or shipping lanes often come to mind. They are visible, tangible, and easy to picture on a map. The digital world has its own arteries, equally vital but far less visible: undersea cables, satellites, and semiconductor supply chains. These systems allow our economies to function, our militaries to coordinate, and our societies to remain connected.

We rarely stop to consider how very fragile they are. A fiber-optic cable lying quietly on the seabed, a satellite orbiting high above, or a single Dutch firm making the machines that build the world’s most advanced chips? Each represents a potential point of failure. And when one of them falters, whether by accident or design, the consequences ripple instantly across the globe. What makes this even more concerning is that adversaries understand their potential value. They have studied the geography of our digital world with the same intensity that past powers studied maritime routes. Increasingly, they are testing ways to hold these chokepoints at risk, not in open war, but in the murky space called the gray zone.

Consider the seabed. Nearly all intercontinental internet traffic runs not through satellites, as many imagine, but along the ocean floor. The “cloud” is, in truth, anchored to the seabed. These cables are resilient in some respects, yet highly vulnerable in others. Russia has long deployed specialized vessels (such as the Yantar) to loiter near critical routes, mapping them and raising concerns about sabotage. The People’s Republic of China has taken subtler approaches. On several occasions, cables linking Taiwan’s outlying islands have been cut by Chinese vessels in incidents they described as accidental. Taipei viewed them, by contrast, as deliberate acts of pressure that left communities offline for weeks.

Nature has been no less disruptive. A volcanic eruption severed Tonga’s only international cable in 2022, cutting off connectivity entirely. A landslide off Côte d’Ivoire in 2024 damaged four cables at once, leaving more than a dozen African states scrambling to restore service. These episodes remind us that chokepoints need not be destroyed to reveal their importance.

For China, the issue is a strategic one. Through its Digital Silk Road initiative, Beijing has financed and built cables across Asia, Africa, and Europe. Chinese firms now sit at landing stations and repair depots. In times of peace these investments look like connectivity. In times of crisis, they can become instruments of leverage or coercion.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The same logic applies in orbit. Satellites and global navigation systems act as the nervous system of modern life. They time banking transactions, guide aircraft, and support military operations. Disrupting them unsettles the rhythms of daily existence. Russia previewed this dynamic in 2022 when it launched a cyberattack against the Viasat KA-SAT network on the first day of its invasion of Ukraine. Thousands of modems across Europe went dark, cutting off critical communications. More routinely, Russian jamming and spoofing around Kaliningrad and Moscow have disoriented navigation systems, with civilian pilots suddenly reporting the loss of GPS mid-flight.

China has created its own path through BeiDou, a rival to GPS that is already woven into infrastructure and commerce across large swaths of the world. Countries adopting BeiDou for civilian uses also create dependencies that, in a crisis, could become channels of influence. China’s so-called inspector satellites, capable of shadowing Western systems in orbit, serve as a reminder that the domain is contested and difficult to police. Jamming, spoofing, or orbital surveillance are rarely attributable in real time. They can be dismissed as interference or technical glitches even when deliberate. That ambiguity is precisely what makes them effective tools of gray-zone leverage.

Vulnerability also extends to the factories that produce the silicon chips powering the digital age. No chokepoint illustrates fragility more starkly than semiconductors. Advanced chips are the foundation of artificial intelligence, modern weapons systems, consumer electronics, modern automobiles, and more. Yet their production is concentrated in very few hands. One company in Taiwan manufactures most of the world’s leading-edge chips. A single Dutch firm produces the extreme ultraviolet lithography machines needed to make them. And China has demonstrated repeatedly how control over upstream minerals can be wielded as leverage. Restrictions on gallium, germanium, and graphite have caused immediate price spikes and sent Western companies scrambling for alternatives.

The global chip shortage during the pandemic provided a glimpse of how disruption can have cascading impacts. Automotive plants shut down, electronics prices soared, and entire supply chains stalled. That was the result of market forces. In a geopolitical crisis, disruption would be intentional, targeted, and likely more devastating.

None of these vulnerabilities exist in isolation. Together, they form part of a broader and comprehensive strategy, particularly for China, where digital infrastructure has become a deliberate instrument of national power. Through the Digital Silk Road, through export controls on critical minerals, through investments in semiconductor capacity, through an ambitious national AI strategy, and BeiDou’s global adoption, Beijing is systematically building positions of leverage.

Is this preparation for an open assault on global systems? Maybe not, but it is a strategy designed for options in the gray zone. By holding digital chokepoints at risk, China can complicate allied decision-making and cast doubt on the reliability of critical systems, thereby slowing or obstructing responses at moments when speed is decisive. The ambiguity of each incident – whether it appears to be an accident, a policy choice, or something more calculated – becomes a tool of coercion.

The reality is that these risks cannot be eliminated. The very efficiency of the digital age depends on concentration. A single company leads in chipmaking, a limited set of satellites provides global timing, and relatively few cables carry the world’s data vast distances across the open ocean. Efficiency brings tremendous capability, but it also brings fragility. And fragility invites exploitation.

The counterweight must be resilience. That means redundant routes and suppliers, pre-positioned repair capacity, diversified supply chains, hardened infrastructure, and rehearsed recovery plans. The point is to recover and regain capacity as quickly as possible. To do so requires deeper public-private partnerships and closer coordination among allies, since no nation can protect these domains on its own. Resilience is not a one-time investment but a cultural shift. A culture that assumes disruption will come, prepares for it, and ensures that no single outage or shortage can paralyze us.

History offers some perspective. Nations once fought to control straits, canals, and oil fields. They still do so today, but increasingly our chokepoints are digital, hidden from sight yet just as consequential. Whoever shapes them, shapes the balance of global power.

Global stability today depends on foundations that are often invisible. Fiber-optic cables under the sea, satellites crossing the skies, and factories producing chips with microscopic precision form the backbone of our digital age. They showcase human ingenuity while highlighting profound vulnerabilities. Recognizing the duality of innovation’s promise alongside its fragility may be the most important step toward protecting what matters most in the digital age. And, yes, we must defend these technologies. But it’s about something bigger. It’s about ensuring that the digital world we depend on remains a source of strength, and not a lever of coercion.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. Government. Nothing in the contents should be construed as asserting or implying U.S. Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Cipher Brief
Seizing a 21st Century Cognitive Advantage 1 October 2025 at 00:25

Seizing a 21st Century Cognitive Advantage

The Cipher Brief

By: Ethan Masucol

1 October 2025 at 00:25

EXPERT PERSPECTIVE — In 1943, a body washed up on a beach in Huelva, Spain. It was the body of a Royal Marine officer, Major William Martin. Martin was carrying papers, cuffed to his wrist in a briefcase, suggesting that the Allies would invade Greece and Sardinia, not Sicily. Spain was officially neutral, but a few Spanish officials sympathetic to the Nazis allowed German agents to discreetly photograph the documents before Spain quietly passed the documents to the British. Those British officials appeared to be in a state of panic over the lost briefcase.

Would this opportunistic espionage expose a critical Allied operation? In reality, Major William Martin never existed. The body was that of Glyndwr (“Glendure”) Michael, a Welsh drifter who died from consuming rat poison. You probably recognize this as Operation Mincemeat. British intelligence developed this incredible ruse, with American approval, and painstakingly developed a plan for the body to wash up near Huelva Spain and provided background and a personal story for Michael that allowed the body to pass convincingly as a Royal Martine officer who perished at sea while delivering sensitive documents.

The Germans took the bait. Convinced by this fabricated narrative, Hitler diverted significant forces away from Sicily. When the Allies landed in Sicily, they encountered far less resistance than expected, saving countless lives and accelerating the collapse of Axis defenses in southern Europe.

Beyond innovation and sheer audacity, this was a master class in story-telling, in knowing the pressures facing the target audience (Hitler), in creating a believable altered reality, in understanding how information moved through Nazi circles and among those who enabled them and, most importantly, in persuading our adversaries to make consequential decisions that advanced our interests over theirs. It was cognitive warfare on the offense, it represented a cognitive advantage during a perilous period, and it remains a reminder of the timeless power of cognitive persuasion.

History has many other examples of where commanders and leaders have stepped beyond traditional thinking and conventional operations into the information and cognitive space to confuse our adversaries, to win the day, and, at times, to change history.

Is this important today? Let us put cognitive warfare in strategic perspective.

First, great power competition is intensifying and the stakes are high.

The U.S is now facing the most significant global challenges than at any time in our history. We face more capable peer adversaries, more aspiring regional nations, and more proxy threats than ever before. The global environment is more uncertain than ever, and our place in it is not guaranteed. If we are to remain the global leader, we’ll have to be ready for today’s and tomorrow’s rapidly evolving competition and warfare. We must look to prioritize and commonly orient our Nation’s capabilities toward actively maneuvering and gaining advantage across the cognitive landscape to help ensure our security interests, and to actively deny any adversary their own advantage.

Second, great powers will go to great lengths to avoid direct military engagement that could have catastrophic consequences. Russia has lost the equivalent of what would be one of the world’s largest militaries and it has experienced a massive reduction in national power in the war with Ukraine. We also know the examples from WWII when nations and great militaries were defeated and even decimated as a result of great power conflict.

China has advocated winning without fighting for decades, and it still does. Khrushchev famously said “We will take American without firing a shot. We do not have to invade the U.S. We will destroy you from within.” Putin is a believer and practitioner in that approach.

Their approaches are not a mystery. Our adversaries have telegraphed how they plan to attack us, and to defeat us, without direct military engagement.

Third, given those considerations, our adversaries are increasingly relying on operations in the gray zone, or gray warfare, to advance their national interests and to take steps to undermine and weaken the United States, without risking a superpower conflict. They have prioritized their resources, decisions, and actions toward this end.

China and Russia, and even Iran and North Korea, believe there are more gains than risks in the gray zone, and any risks they do face are manageable, so we should expect them to expand their activities. If we solely maintain an unblinking stare at the conventional military capabilities of our adversaries, we might miss the real war already well underway in the gray zone.

Finally—cognitive warfare stands as the most prevalent and consequential activity our adversaries conduct in the gray zone.

This is not your grandfather’s Cold War disinformation. This is an assault on cognition, powered by advanced technology and enabled by an information environment that provides camouflage, infrastructure, and operational resources for our adversaries. Ultimately, cognitive warfare is a contest for truth and knowledge—a struggle to shape perception, control understanding, and influence both the decision-making process and its outcomes.

Never before in history have individuals, organizations, societies, and nations faced such a sustained assault on our ability to make our own decisions—our autonomy to think, decide, and act in our own best interests. From our adversaries’ perspective, controlling perceptions, manufacturing realities, steering decision-making, intimidation as persuasion, decision fatigue, and manufactured false choices make for persuasive and effective strategy.

In this global information landscape, where technology levels the playing field, any individual or group, and state or non-state actors can reach global audiences almost immediately. Thousands of internet sites, fake users, fabricated organizations, bots, and willing surrogates, managed by Russia, China, Iran, and North Korea, wage cognitive warfare against the U.S., our allies, and our partners at unprecedented scale and velocity. Artificial intelligence now serves as a force multiplier—amplifying reach, supercharging deception, automating the manipulation of public opinion, and constricting time in the information maneuver space.

As individuals and groups within America, this is everything from how we see the world, how we vote, how we invest, whom and what we trust, which policies we support or oppose, and who we believe are our friends and partners—locally, regionally, and globally.

For national security leaders, policymakers, and corporate and military decision-makers, our adversaries seek to influence consequential decisions on issues like Ukraine, Taiwan, trade, military posture, supply chains, alliances, participation in international organizations, technology development, and a host of other issues that could tip the balance in our adversaries’ favor.

For China, Russia, Iran, and North Korea, this is integrated national strategy where the instruments of national power—government, private sector, and surrogates—are combined to achieve strategic impact. Further, the willingness of our adversaries to defy international law; challenge economic interests, and violate the sovereignty and laws of every country including the U.S.; engage in bribery, political coercion, sabotage, and assassinations—essentially a “no limits” approach” to cognitive warfare—gives them considerable leverage—made more effective by our lack of focused emphasis on recognizing, prioritizing and taking action to mass and commonly orient our great national strengths.

If we are to make consequential decisions with confidence, we must have high certainty in the information we receive, value, and share. In the cognitive domain, truth is a strategic asset—precious, powerful, and fragile. To endure, it must be shielded from the relentless assault of manipulation, coercion, and altered realities initiated by our adversaries to shape the strategic landscape and create influence attack vectors intended to undermine and disable our ability to do the same.

Churchill recognized both the strategic value and fragile nature of truth in a time of conflict. He famously said, “In wartime, the truth [is] so precious that it should always be attended by a bodyguard of lies.” The lesson is clear. Today, just as in 1943, we must seize and defend the cognitive advantage if we are to navigate these equally perilous times.

What do we need to do to achieve a cognitive advantage?

- First, we need to reassert a strong U.S. national narrative.

In the cognitive domain, our national narrative is both sword and shield. It projects power, influence, and advances our interests. It tells the story of our values, our history, our aspirations, our view of the world, and our resolve and is reinforced by actions and deeds. Our military and economic strength and our global leaderships are strong parts of this narrative. It supports confidence in our actions, our institutions, and our commitments. It also counters adversary narratives and actions that seek to undermine America within our own borders and across the world. We all know today that our national narrative is being questioned by some at home and abroad. Regardless of how we see the political environment, we must articulate and advance a strong seamless U.S. national narrative as foundational to a cognitive advantage. We must take this on.

- Second, we need to empower our master storytellers.

Our master storytellers are not just communicators; they are architects of persuasion. We all know this; we read, we watch movies, and we listen. Facts are fleeting, but stories remain with us—they shape how we feel which in turn drives how we behave. In the cognitive domain, well-crafted stories—including those tailored to navigate today’s hyper-technical environment and chaotic information environment—shape threat perceptions, influence our perception of reality, sustain resolve, and can tip the balance in competition or conflict.

Adversaries recognize the power of narrative and weaponize it; even the truth is more persuasive when it is delivered as part of a compelling story. History proves the advantage: in cognitive warfare, facts alone rarely shift outcomes—compelling narratives and persuasive storytelling do. As in 1943, our edge will be defined by those who can craft and deliver the stories that influence minds and shape events. Yes, we need our master storytellers as much today as we did in 1943.

- Third, we need to see and understand our adversaries’ capabilities and intentions in the cognitive domain—where perception, knowledge, and decision-making are contested. Our adversaries, of course, go to great lengths to mask and conceal their activities. It is time for cognitive intelligence—intelligence in and about the cognitive domain and our ability to reliably understand how, where, and why adversaries seek to shape our thinking and decisions—to emerge as a priority.

- Fourth, we need a sustain a technological edge in AI, Cognitive Science, Cyber, and other technologies that force our adversaries to go on the defensive. China in particular is working to take that advantage from us by its own means but also by stealing U.S. data, technologies, and intellectual property to use against us. We must safeguard the extraordinary capabilities of U.S. technologies—including those small, bold startups—that not only provide a critical national security advantage but are also relentlessly targeted by our adversaries.

- Fifth—and critically important—we need to plan, organize and drive designed strategies and actions across our governmental institutions, international partners, and private sector at the intersections of shared security interests to defend against adversary tactics that target our economic, military, infrastructure, informational and Cyber pillars of security each fueled by human perception, reasoning, and effective decision-making. If you remember anything from this article, please remember this. As a priority, we need a strategy and a commitment to play offense in a quiet but relentless manner that confuses our adversaries, shatters their confidence, and forces them—not us—to deal with the uncertainties of cognitive warfare.

- Finally, if all of this is to work, we need to harness the incredible intellectual power, critical thinking, and collaboration among government, private sector, academia, and in many cases, our allies. We need to work at the nexus of shared interests. In this collaboration; we need leaders; not to overly prescribe or to build bureaucracy, but to inspire, convene, add clarity of purpose, and to enable the incredible capability this community offers. We must use the power to convene to commonly inform and set conditions for mutually beneficial action and outcomes, and to help close the relationship seams used by our adversaries as attack vectors.

For our leaders, a reminder that when relegated to small tasks and small thinking, influence operations in the cognitive domain will achieve small results. This is a time for vision, for big thoughts, innovation, and audacity. With those attributes, and thinking back to the remarkable achievements of 1943, today’s operations in the cognitive domain can and will do remarkable things.

Those elements, we believe, are the foundation of a cognitive advantage. If we are successful, it means we have a sustained ability to protect our decision-making autonomy at all levels; we preserve domestic and allied social cohesion; we retain global influence, credibility and narrative power; we expose and undermine adversary efforts at cognitive warfare; and we achieve U.S. objectives without resulting in direct conflict. Challenging?—Yes. Attainable?—Certainly.

A final word. Last June, Dave Pitts visited Normandy for the 80^th Anniversary of D-Day—which was our last conventional war of great powers. It was a war that resulted in a devastating loss of human life and unprecedented destruction. Omaha Beach, the Drop Zones around St. Mere Eglise, and the American Cemetery were vivid reminders. That war established the U.S as a global superpower and established a world order that has lasted 80 years. It also enshrined in history the “Greatest Generation.”

Today, authoritarian rule is on the rise, national sovereignty around the world is being undermined, and the global order as we know it is under attack. Once again, our preeminence, leadership, and resolve are being challenged. Let’s be clear, the next war—a quieter war, a gray war—is already underway. The outcome of that war will be as consequential as conventional war.

Cognitive warfare may very well be the defining contest of this era—a generational challenge—given the threats it poses to U.S. national security, our place and influence in the world, and our commitment to our own self-determination. If you are a professional in this space—government, private sector, academia, and ally—this is clearly your time.

Today, we are surrounded by threats, but we are also surrounded by opportunities, by extraordinary expertise, and by willing partners. The challenges ahead are formidable, but so are our experiences and capabilities as a nation. The incredible resolve, sacrifice, and refusal to fail—hallmarks of the Greatest Generation—are woven into the fabric of America and will continue to serve us well. Securing our future now demands leadership, collaboration, a bias for action, and adaptability—the hallmarks of this generation. We have what it takes.

Yes, confidence is clearly justified—but we must just as clearly match that confidence with decisive action. Time is not on our side as others have already decided to prioritize cognitive related strategies. It is time to take a bold step forward in the cognitive domain and to seize the cognitive advantage.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Cipher Brief
Europe Must Prepare for the Long War 30 September 2025 at 10:01

Europe Must Prepare for the Long War

The Cipher Brief

By: Ethan Masucol

30 September 2025 at 10:01

OPINION — Russian drones are forcing airports to close and fighter jets are breaching NATO airspace – clear signals of Moscow’s widening hybrid campaign. The cost imbalance is stark, with Europe spending hundreds of thousands to destroy drones worth a fraction of that. Emboldened by this asymmetry, Vladimir Putin is escalating with growing confidence, betting that the West will stop short of real retribution, like giving Ukraine long-range missiles to destroy his drone factories.

Russia began its escalation on Sept. 9 by sending drones into Polish airspace, followed by an incursion into Romania. Days later, a Russian fighter jet breached Estonian airspace. In recent weeks, drones have been shutting down airports in Denmark and Norway.

Moscow is intensifying its hybrid warfare campaign against Europe in the hope of pressuring governments into concessions. At the same time, Putin depends on a state of constant confrontation to sustain his regime.

Months of U.S. diplomacy with Moscow under the Trump administration have also achieved little. President Donald Trump insists he is always “two weeks” away from a decision, but the Kremlin calculates it can outlast Ukraine on the battlefield, fracture European unity, and sap American interest. Russia remains defiant, refusing meaningful negotiations.

As Le Monde observed, Russian diplomacy follows familiar Soviet patterns: table maximalist demands, stage symbolic talks, issue threats, then offer only token concessions. George Kennan, the American diplomat who defined early Cold War strategy, once noted that the Soviets “will ask for the moon, demand the moon, and accept nothing less.”

John Sullivan, U.S. ambassador to Moscow from 2020 to 2022, echoed the same view, describing Russian negotiations as “maximalist demands, surrender nothing, paranoia to the nth degree.” Europe must strip away all false illusions that the war will end anytime soon.

Any sort of peace agreement that resembles the Budapest Memorandum or Minsk agreements will surely bring a much bigger war to Europe in the future. And the Trump administration has shown itself to be an unreliable ally. But that’s not necessarily a bad thing, if Europe can take advantage and scale its own capabilities and European defense firms.

At the same time, Washington’s own priorities are shifting. According to POLITICO, The Pentagon’s new draft defense strategy places homeland and Western Hemisphere security above countering China or Russia.

To Trump’s credit, in just a few months he has pushed Europe to take the Russian threat more seriously than some capitals managed in three years of full-scale war. Germany, the continent’s largest economy, had announced sweeping ambitions to rebuild its military after the invasion. But once it became clear that Ukraine would not collapse, Berlin grew complacent, and much of its investment drive – including the much-touted €100 billion “special fund” – faltered.

However, Washington’s retreat also presents Europe with a chance to take greater ownership of its security and lessen its reliance on the United States. In our new Henry Jackson Society report, European Defence Autonomy: Identifying Key Companies and Projects to Replace U.S. Capabilities, my co-author Mykola Kuzmin and I argue that Europe now has a strategic opportunity to leverage its own European defense sector to prepare for a future war with Russia if it comes to that. It is better to be prepared than left scrambling when the moment of crisis arrives.

Europe cannot afford to rely on the U.S. for its core defense capabilities – nor on the whims of individuals like Elon Musk, shown by his restricting of Starlink access in Ukraine in Kherson and occupied-Crimea. Starlink’s unrivaled 8,000-satellite constellation highlights Europe’s dependence, with alternatives like Eutelsat OneWeb far smaller and prohibitively expensive. At the same time, Russia is developing a $5 billion satellite internet system called Rassvet, intended as an alternative to Starlink, with plans to launch nearly 300 satellites by 2030.

This technological push comes alongside its aggressive use of drones to overwhelm Ukrainian air defenses. Russia has been overwhelming Ukrainian cities with nightly drone attacks and has flown over 530 surveillance drones across Germany this year to monitor Western arms shipments, including near Bundeswehr bases. Yet German forces cannot shoot them down due to legal limits.

If Moscow is already doing this with its hybrid war, the scale of a full-scale war will be far greater. The economics of war are quickly being transformed in Ukraine. That is why Europe must invest in low-cost drone interceptors and other scalable technologies. Relying on million-dollar American Patriot interceptor missiles for every drone attack is simply unsustainable.

Russia and China have a booming drone-alliance and the Axis of Evil is helping one another grow technologically. Iran, North Korea, and Venezuela are all gaining technologically through cooperation with one another.

Deborah Fairlamb, co-founder of Green Flag Ventures, a venture capital fund for Ukrainian startups said, “Chinese components continue to be found in downed Russian drones, and a number of Chinese nationals have been documented alongside Russian troops – indicating that tactical and technological lessons are being shared between Russia, China, and North Korea.”

The continent also has a booming defense tech sector, and I have embedded with frontline units using European technologies like the Vector drone. As the Financial Times noted, “Europe now boasts three defence start-ups with a ‘unicorn’ valuation of more than €1bn: drone makers Helsing, Quantum Systems, and Tekever.”

Lyuba Shipovich, CEO of Dignitas Ukraine highlighted that Estonia has multiple companies now working on robotics. “We don’t have many of their systems here because they’re expensive, but some are comparable to Ukrainian designs,” said Shipovich.

Estonia-based Milrem Robotics has found success in Ukraine, and its THeMIS unmanned ground vehicle (UGV) is being used on the front. Milrem’s THeMIS UGVs are proving their worth in Ukraine – so much so that Russia offered a bounty for capturing them intact.

Crucially, Europe has Ukraine on its side, which is now a global drone superpower. “What does carry undeniable value for the West, however, is the experience and insight of Ukrainian engineers,” said Vitaliy Goncharuk, CEO of A19Lab and former Chairman of the Artificial Intelligence Committee of Ukraine.

But Kyiv urgently needs more funding to scale weapons production, and Europe should focus on fully integrating Ukraine into its broader defense sector. The tempo of war is accelerating, with innovation cycles now measured in mere weeks and months. As one European diplomat put it: “The speed of innovation is so quick: It’s a six-week cycle and then it’s obsolete.”

The war is now a technological race and Ukrainian engineers are at the forefront. Oleksandra Ustinova, a Ukrainian member of parliament said, “Ukraine has developed technologies under real battlefield conditions that the rest of the world will want in the next five years.”

In fact, Kyiv has the capacity to produce millions of drones, but money remains the limiting factor. “Ukraine can produce 8–10 million FPVs annually but can only afford to buy about 4.5 million in 2025,” said Serhii Kuzan, chairman of the Ukrainian Security and Cooperation Center and former Ministry of Defense adviser. “Scaling requires European and international investment, via direct funding or joint ventures.”

Together with Ukraine, Europe can become an AI superpower and prepare for the future of automated warfare. It is Kyiv that is now educating the Europeans on how to build a “drone wall” to defend itself. But technology alone won’t decide the war, as will power is needed. The larger geopolitical stakes remain clear for the European alliance.

When Russia first invaded Ukraine in 2014 and the world failed to stop the seizure of Crimea, it fractured the international order that had held for decades. The longer Moscow wages its current war and if it secures any permanent gains, the more emboldened it will become. Russia sees itself as an empire, and empires expand. Europe must prepare accordingly, ready to fight alone if necessary.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Cyber Defense Mag
Black Hat USA 2025 – AI, Innovation, and the Power of the Cybersecurity Community 13 August 2025 at 14:07

Black Hat USA 2025 – AI, Innovation, and the Power of the Cybersecurity Community

Cyber Defense Mag

By: Gary

13 August 2025 at 14:07

By Gary Miliefsky, Publisher of Cyber Defense Magazine Black Hat, the cybersecurity industry’s most established and in-depth security event series, has once again proven why it remains the go-to gathering...

The post Black Hat USA 2025 – AI, Innovation, and the Power of the Cybersecurity Community appeared first on Cyber Defense Magazine.

Backyard Gardener
What to do in your Garden – September Gardening To do list 1 September 2022 at 11:01

What to do in your Garden – September Gardening To do list

Backyard Gardener

By: Frederick Leeth

1 September 2022 at 11:01

Provided is a list of tasks you need to perform in your garden during September. Please understand your gardening zone which is identified in the menu above. Look for Hardiness Zones. Zone 1 Sow wildflower seeds Water to winterize trees and shrubs Clean up vegetable and perennial gardens Plant spring-blooming bulbs Apply winterizing formula lawn fertilizer (with high potassium) Clean […]

The post What to do in your Garden – September Gardening To do list appeared first on Backyard Gardener.