EXPERT PERSPECTIVE -- In the middle of the night, with no witnesses, a single ship flagged out of Hong Kong drags its anchor across the Baltic Sea. In silence, it severs a vital gas pipeline and the digital cables that link northern capitals. By morning, millions lose connectivity, financial transactions stall, and energy grids flicker on the edge.

The culprit vanishes behind flags of convenience, leaving blame circulating in diplomatic circles while Moscow and others look on, exploiting maritime ambiguity and the vulnerabilities of Europe's lifelines.

Meanwhile, in Warsaw and Vilnius, shoppers flee as flames engulf two of the largest city malls. Investigators soon discover the arsonists are teenagers recruited online, guided by encrypted messages, and paid by actors connected to hostile state agencies. The chaos sows fear, erodes social trust, and sends shockwaves through European communities—proxy sabotage that destabilizes societies while providing plausible deniability to those orchestrating the acts.

Thousands of kilometers away, Chinese dredgers and coast guard vessels silently transform disputed reefs into fortified islands in the South China Sea. With no declaration of war and no pitched battles, new airstrips and bases appear, steadily shifting maritime boundaries and economic interests. Each construction project redraws the strategic realities of an entire region, forcing neighbors and distant powers alike to reckon with incremental, shadowy coercion and efforts to change the status quo.

In early 2024, Chinese state-sponsored hackers, known as "Volt Typhoon," penetrated U.S data repositories and embedded themselves deep within the control systems of U.S. critical infrastructure, including communication networks, energy grids, and water treatment facilities.

Then-FBI Director Christopher Wray described it as a pre-positioning of capabilities by China that can be turned on whenever Beijing wanted - wreaking havoc and causing real-world harm to American citizens and communities. China has denied any connection to these attacks on U.S. sovereignty.

And just weeks ago, around 20 Russian drones violated Poland’s airspace. Russia’s denials were predictable and since then, Russian drones and jets have violated airspace in Romania, Estonia, and over the Baltic Sea.

Were these threats, tests of capability and resolve, provocations, or demonstrations—or maybe all of the above? Just as NATO will develop a set of lessons-learned for future incursions, it’s also likely that Russia learned from these episodes and will recalibrate future incursions.

Threaded almost invisibly through all of these gray zone activities, and countless others like them, is cognitive warfare—a persistent tool of our adversaries. It is an assault on cognition. The information and decision spaces are flooded with weaponized narratives, AI-powered disinformation, synthetic realities, and the coercive use of redlines and intimidation.

The goal is clear—deceive, change how we see the world, fracture societies, destroy faith in institutions and partnerships, erode trust, challenge and replace knowledge and belief, coerce and intimidate; and perhaps most importantly; undermine decision autonomy. It is here, in the crowded intersection of AI; cyber; traditional tools such as narratives and storytelling; and cognition; that today’s most urgent battles are fought.

These are all operations in the gray zone. We all use somewhat different terms for this, but let me share the definition of the gray zone that I think works well.

The gray zone is the geopolitical space between peace and war where adversaries work to advance their own national interests while attacking and undermining the interests of their adversaries and setting the conditions for a future war without triggering a military response.

We might refer to attacks in the gray zone as gray warfare. It is the domain of ambiguity, deniability, and incremental aggression calculated to limit deterrence and discourage persuasive response.

The 2026 Cipher Brief HONORS Awards are open for nominations. Find out more at www.cipherbriefhonors.com

Today, it is the space where global competition, particularly great power competition, is playing out.

Why are we seeing more gray zone activity today?

First, great power competition is intensifying. This includes great powers, middle powers, and impacts almost every other nation. Almost every nation has a role to play, even if involuntary: competitor, ally and supporter, enabler, spoiler, surrogate, or innocent bystander and victim. Like the African proverb says, “When elephants fight, it is the grass that suffers.”

But great powers will go to great lengths to avoid 21^st Century superpower conflict, primarily because of the fear of unintended losses and damage to national power that could take decades to recover. The catastrophic damage to nations and militaries from WWII are distant—but still vivid—reminders of the impact of a war of great powers.

Today, just look at the unprecedented loss of national power by Russia in indirect superpower conflict. Superpower conflict has consequences. Given these strategic considerations, the gray zone and gray warfare provide an effective strategic alternative to conventional war. Our adversaries have calculated that there are more gains than risks in the gray zone, and that any risks they do face are acceptable.

Second, technology levels the playing field, creating new opportunities for gray zone attacks. Cyberattacks, even those that are disrupted, lead to more effective cyber capabilities by our adversaries. AI-driven cognitive warfare now delivers persuasive content with unprecedented global access and immediacy. Small kinetic drones can be wielded by state and non-state actors to pose both kinetic and cognitive threats. Technology also enables adversaries to conceal their operations and increase non-attribution. Even simple technologies have the potential to generate strategic effects in the gray zone.

Third, surrogates and proxies offer expanded reach, ambiguity, and impact

Little Green Men, hired criminals, ghost ships, unknown assassins and saboteurs, and shadowy companies that help evade sanctions blur attribution, providing bad actors with a veneer of deniability while increasing their reach, impact, and lethality. On a broader scale, Houthi attacks on global shipping and North Korean soldiers fighting Ukraine elevate the effects of this ambiguous warfare to a higher level. This trend is likely to intensify in the future.

Fourth, it is important to address the direct impacts of Russia’s war on Ukraine on an increase in gray zone attacks. Russia’s significant loss of national power and limited battlefield gains have created pressure on the Kremlin to reassert relevance, project power, and potentially punish antagonists. This dynamic almost certainly means a continued escalation of gray zone activities targeting Europe and aimed at destabilizing the continent. Many experts believe the Baltics and the Balkans may be particularly vulnerable.

That Russian gray bullseye is crowded—the U.S. is also a traditional target, and more Russia activity to undermine and weaken the U.S. is coming, despite Putin’s offers of renewed diplomatic and economic cooperation.

Finally, there are more gray zone attacks because real deterrence and persuasive responses to gray attacks are challenging, and our adversaries know it. In other words, gray zone attacks in most cases are relatively low cost, often effective, provide a level of deniability, and frustrate efforts at deterrence and response.

Our adversaries have calculated that they can hide behind ambiguity and deniability to violate sovereignty, ignore national laws and international norms, and engage in activities such as political coercion, sabotage, and even assassinations without triggering an armed response.

This “no limits” approach exploits the openness, legal norms, and ethical standards of democratic societies, making coordinated, timely, and effective response more difficult.

So, what can we do?

The most important outcome of our actions is to change the risk calculation of our adversaries. Gray zone attacks that go unanswered reward our adversaries and reinforce the idea that there are more gains than risk in the gray zone and encourage more attacks. Further, our adversaries calculate, often accurately, that our reasonable concerns for avoiding escalation will lead to indecision, weak responses, or the acceptance of false choices.

We need improved and shared gray zone intelligence to see through the fog of disinformation, synthetic realities, false risks and threats, and an overload of information by our adversaries to understand what is taking place in the gray zone. This not only strengthens our operations to counter gray zone attacks but it helps our citizens, communities, and countries to understand, recognize, reject, and remain resilient in the face of gray zone attacks.

We have to employ “strategic daylighting” to expose and put into context the gray zone activity by our adversaries—stripping away deniability and laying bare nefarious and illegal actions—knowing that our adversaries will go to great lengths to conceal, defend, and attack our efforts to expose their activities.

We have to speak frankly and convincingly to our adversaries and of course, we have to back up our words with persuasive action. Empty warnings and rhetoric will fall short. Changing the risk calculation of our adversaries means real consequences across a broad spectrum—public, diplomatic, economic, legal, informational, or even kinetic. It means a strategy on how to respond - not just a series of hasty responses. Real deterrence will result from planning and strategy; not decisions in the moment based on immediate circumstances.

Finally, we need to think of deterrence and response as a team sport - an “Article 5 mindset.” Our adversaries will seek to divide and isolate. Collective, unified action and resolve can form a powerful deterrent.

Of course, none of this is new. All of us need a solid understanding of the problems and the likely best solutions and implementation remains the greatest challenge.

We can go a long way with a good strategy, good partners, and resolve which seems like a reasonable place to start.

This Cipher Brief expert perspective by Dave Pitts is adapted from a speech he recently delivered in Sarajevo. Comments have been lightly edited for clarity. All statements of fact, opinion, or analysis expressed are my own and do not reflect the official positions or views of the US Government. Nothing in my remarks should be construed as asserting or implying US Government authentication of information or endorsement.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

U.S. focus on IW and its subset, cognitive warfare, has been erratic. The U.S. struggles with adapting its plans to the use of cognitive warfare while our leaders have consistently called for more expertise for this type of warfare. In 1962, President Kennedy challenged West Point graduates to understand: "another type of war, new in its intensity, ancient in its origin, that would require a whole new kind of strategy, a wholly different kind of force, forces which are too unconventional to be called conventional forces…" Over twenty years later, in 1987, Congress passed the Nunn-Cohen Amendment that established Special Operations Command (SOCOM) and the Defense Department’s Special Operations and Low-Intensity Conflict (SO/LIC) office. Another twenty years later, then Secretary of Defense Robert Gates said that DoD needed “to display a mastery of irregular warfare comparable to that which we possess in conventional combat.”

After twenty years of best practices of IW in the counter terrorism area, the 2020 Irregular Warfare Annex to the National Defense Strategy emphasized the need to institutionalize irregular warfare “as a core competency with sufficient, enduring capabilities to advance national security objectives across the spectrum of competition and conflict.” In December 2022, a RAND commentary pointed out that the U.S. military failed to master IW above the tactical level. I submit, we have failed because we have focused on technology at the expense of expertise and creativity, and that we need to balance technology with developing a workforce that thinks in a way that is different from the engineers and scientists that create our weapons and collection systems.

Adversaries Ahead of Us

IW and especially cognitive warfare is high risk and by definition uses manipulative practices to obtain results. Some policy leaders are hesitant to use this approach to develop influence strategies which has resulted in the slow development of tools and strategies to counter our adversaries. U.S. adversaries are experts at IW and do not have many of the political, legal, or oversight hurdles that U.S. IW specialists have.

Chinese military writings highlight the PRC’s use of what we would call IW in the three warfares. This involves using public opinion, legal warfare, and psychological operations to spread positive views of China and influence foreign governments in ways favorable to China. General Wang Haijiang, commander of the People's Liberation Army's (PLA) Western Theatre Command, wrote in an official People’s Republic of China (PRC) newspaper that the Ukraine war has produced a new era of hybrid warfare, intertwining “political warfare, financial warfare, technological warfare, cyber warfare, and cognitive warfare.” The PRC’s Belt and Road Initiative and Digital Silk Road are prime examples of using economic coercion as irregular warfare. Their Confucius Centers underscore how they are trying to influence foreign populations through language and cultural training.

Russia uses IW to attempt to ensure the battle is won before military operations begin and to enhance its conventional forces. Russia calls this hybrid war and we saw this with the use of “little green men” going into Crimea in 2014 and the use of the paramilitary Wagner forces around the world. Russia also has waged a disinformation campaign against the U.S. on digital platforms and even conducted assassinations and sabotage on foreign soil as ways to mold the battle space toward their goals.

What Is Needed

U.S. architects of IW seem to primarily focus on oversight structures and budget, and less on how to develop an enduring capability.

Through the counterterrorism fight, the U.S. learned how to use on-the-ground specialists, develop relationships at tribal levels, and understand cultures to influence the population. The U.S. has the tools and the lessons learned that would enable a more level playing field against its adversaries, but it is not putting enough emphasis on cognitive warfare. A key to the way forward is to develop SOF personnel and commensurate intelligence professionals to support the SOF community who understand the people, the geography, and the societies they are trying to influence and affect. We then must go further and reward creativity and cunning in developing cognitive warfare strategies.

The Department of Defense and the intelligence community have flirted with the need for expertise in the human domain or social cultural sphere for years. The Department of Defense put millions of dollars into socio cultural work in the 2015-time frame. This focus went away as we started concentrating more on near peer competition. Instead, we focused on technology, better weapons and more complex collection platforms as a way to compete with these adversaries. We even looked to cut Human Intelligence (HUMINT) to move toward what some call a lower risk approach to collection—using technology instead of humans.

SOF personnel are considered the military’s most creative members. They are chosen for their ability to adapt, blend in, and think outside the box. This ingenuity needs to be encouraged. We need a mindful balancing of oversight without stifling that uniqueness that makes IW so successful. While some of this creativity may come naturally, we need to ensure that we put in place training that speaks to inventiveness, that pulls out these members’ ability to think through the impossible. Focused military classes across the services must build on latest practices for underscoring creativity and out of the box thinking. This entrepreneurial approach is not typically rewarded in a military that is focused on planning, rehearsals, and more planning.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Focusing on Intelligence and Irregular Warfare

An important part of the equation for irregular warfare is intelligence. This foundation for irregular warfare work is often left out in the examination of what is needed for the U.S. to move IW forward. In the SOF world, operators and intelligence professionals overlap more than in any other military space. Intelligence officers who support IW need to have the same creative mindset as the operators. They also need to be experts in their regional areas—just like the SOF personnel.

The intelligence community’s approach to personnel over the past twenty or so years works against support for IW. Since the fall of the Soviet Union, the intelligence community has moved from an expertise-based system to one that is more focused on processes. We used to have deep experts on all aspects of the adversary—analysts or collectors who had spent years focused on knowing everything about one foreign leader or one aspect of a country’s industry and with a deep knowledge of the language and culture of that country. With many more adversaries and with collection platforms that are much more expensive than those developed in the early days of the intelligence community, we cannot afford the detailed expert of yore anymore. The current premise is that if you know the processes for writing a good analytical piece or for being a good case officer, the community can plug and play you in any context. This means, we have put a premium on process while neglecting expertise. As with all things—we need to balance these two important aspects of intelligence work.

To truly understand and use IW, we need to develop expert regional analysts and human intelligence personnel. Those individuals who understand the human domain that they are studying. We need to understand how the enemy thinks to be able to provide that precision to the operator. This insight comes only after years of studying the adversary. We need to reward those experts and celebrate them just as much as we do the adaptable plug and play analyst or human intelligence personnel. Individuals who speak and understand the nuances of the languages of our adversaries, who understand the cultures and patterns of life are the SOF member’s best tool for advancing competition in IW. Developing this workforce must be a first thought, not an afterthought in the development of our irregular warfare doctrine.

CIA Director William Casey testified before Congress in 1981:

“The wrong picture is not worth a thousand words. No photo, no electronic impulse can substitute for direct on the scene knowledge of the key factors in a given country or region. No matter how spectacular a photo may be it cannot reveal enough about plans, intentions, internal political dynamics, economics, etc. Technical collection is of little help in the most difficult problem of all—political intentions. This is where clandestine human intelligence can make a difference.”

Not only are analytical experts important in support of IW but so are HUMINT experts. We have focused on technology to fill intelligence gaps to the detriment of human intelligence. The Defense Intelligence enterprise has looked for ways to cut its HUMINT capability when we should be increasing our use of HUMINT collection and HUMINT enabled intelligence activities. In 2020, Defense One reported on a Defense Intelligence Agency (DIA) plan to cut U.S. defense attaches in several West African countries and downgrade the ranks of others in eight countries. Many advocate for taking humans out of the loop as much as possible. The theory is that this lowers the risk for human capture or leaks. As any regional expert will tell you, while satellites and drones can provide an incredible amount of intelligence from pictures to bits of conversation, what they cannot provide is the context for those pictures or snippets of conversation. As Director Casey inferred, it is only the expert who has lived on the ground, among the people he/she is reporting on who can truly grasp nuances, understanding local contexts, allegiances, and sentiments.

While it is important to continue to upgrade technology and have specialists who fly drones and perform other data functions, those functions must be fused with human understanding of the adversary and the terrain. While algorithms can sift through vast amounts of data, human operatives and analysts ensure the contextual relevance of this data. Technologies cannot report on the nuances of feelings and emotions. The regional experts equip SOF operators with the nuanced understanding required to navigate the complexities that make up the “prior to bang” playing field. This expertise married with cunning and creativity will give us the tools we need to combat our adversary in the cognitive warfare domain.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Conclusion

The need for contextual, human-centric understanding for being able to develop plans and operations for cognitive warfare that can compete with our adversaries and keep us from a kinetic fight is paramount. Those who try to make warfare or intelligence into a science miss the truth, that to be proficient in either, art is a must. We need expertise to be able to decipher the stories, motives, and aspirations that make cognitive warfare unique. Regional intelligence experts discern the patterns, motives and vulnerabilities of adversaries; key needs for developing IW campaigns and for influencing individuals and societies. We need seasoned human intelligence personnel, targeters, and analysts who are experts on the adversary to be able to do this. We also need to develop and reward creativity, which is a must for this world.

We also have to be upfront and acknowledge the need to manipulate our adversaries. U.S. decision makers must concede that to win the next war, cognitive warfare is a must and it is essential for these leaders to take calculated risks to mount those campaigns to influence and manipulate.

The cost of cognitive warfare is but a rounding error when compared to the development of new technical intelligence collection platforms and the platforms’ massive infrastructures. This rounding error is a key lynchpin for irregular warfare and irregular warfare is our most likely avenue for avoiding a kinetic war. Human operatives, out of the box thinking, and expert analysts and human intelligence personnel are the needed bridges that connect data into actionable insights to allow our SOF community to practice the type of irregular warfare we have proven historically that the U.S..S. can provide and must provide to counter our adversaries and win the cognitive war we are currently experiencing.

Who’s Reading this? More than 500K of the most influential national security experts in the world. Need full access to what the Experts are reading?

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

EXPERT PERSPECTIVE — When we think about the arteries of global power, images of oil pipelines or shipping lanes often come to mind. They are visible, tangible, and easy to picture on a map. The digital world has its own arteries, equally vital but far less visible: undersea cables, satellites, and semiconductor supply chains. These systems allow our economies to function, our militaries to coordinate, and our societies to remain connected.

We rarely stop to consider how very fragile they are. A fiber-optic cable lying quietly on the seabed, a satellite orbiting high above, or a single Dutch firm making the machines that build the world’s most advanced chips? Each represents a potential point of failure. And when one of them falters, whether by accident or design, the consequences ripple instantly across the globe. What makes this even more concerning is that adversaries understand their potential value. They have studied the geography of our digital world with the same intensity that past powers studied maritime routes. Increasingly, they are testing ways to hold these chokepoints at risk, not in open war, but in the murky space called the gray zone.

Consider the seabed. Nearly all intercontinental internet traffic runs not through satellites, as many imagine, but along the ocean floor. The “cloud” is, in truth, anchored to the seabed. These cables are resilient in some respects, yet highly vulnerable in others. Russia has long deployed specialized vessels (such as the Yantar) to loiter near critical routes, mapping them and raising concerns about sabotage. The People’s Republic of China has taken subtler approaches. On several occasions, cables linking Taiwan’s outlying islands have been cut by Chinese vessels in incidents they described as accidental. Taipei viewed them, by contrast, as deliberate acts of pressure that left communities offline for weeks.

Nature has been no less disruptive. A volcanic eruption severed Tonga’s only international cable in 2022, cutting off connectivity entirely. A landslide off Côte d’Ivoire in 2024 damaged four cables at once, leaving more than a dozen African states scrambling to restore service. These episodes remind us that chokepoints need not be destroyed to reveal their importance.

For China, the issue is a strategic one. Through its Digital Silk Road initiative, Beijing has financed and built cables across Asia, Africa, and Europe. Chinese firms now sit at landing stations and repair depots. In times of peace these investments look like connectivity. In times of crisis, they can become instruments of leverage or coercion.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The same logic applies in orbit. Satellites and global navigation systems act as the nervous system of modern life. They time banking transactions, guide aircraft, and support military operations. Disrupting them unsettles the rhythms of daily existence. Russia previewed this dynamic in 2022 when it launched a cyberattack against the Viasat KA-SAT network on the first day of its invasion of Ukraine. Thousands of modems across Europe went dark, cutting off critical communications. More routinely, Russian jamming and spoofing around Kaliningrad and Moscow have disoriented navigation systems, with civilian pilots suddenly reporting the loss of GPS mid-flight.

China has created its own path through BeiDou, a rival to GPS that is already woven into infrastructure and commerce across large swaths of the world. Countries adopting BeiDou for civilian uses also create dependencies that, in a crisis, could become channels of influence. China’s so-called inspector satellites, capable of shadowing Western systems in orbit, serve as a reminder that the domain is contested and difficult to police. Jamming, spoofing, or orbital surveillance are rarely attributable in real time. They can be dismissed as interference or technical glitches even when deliberate. That ambiguity is precisely what makes them effective tools of gray-zone leverage.

Vulnerability also extends to the factories that produce the silicon chips powering the digital age. No chokepoint illustrates fragility more starkly than semiconductors. Advanced chips are the foundation of artificial intelligence, modern weapons systems, consumer electronics, modern automobiles, and more. Yet their production is concentrated in very few hands. One company in Taiwan manufactures most of the world’s leading-edge chips. A single Dutch firm produces the extreme ultraviolet lithography machines needed to make them. And China has demonstrated repeatedly how control over upstream minerals can be wielded as leverage. Restrictions on gallium, germanium, and graphite have caused immediate price spikes and sent Western companies scrambling for alternatives.

The global chip shortage during the pandemic provided a glimpse of how disruption can have cascading impacts. Automotive plants shut down, electronics prices soared, and entire supply chains stalled. That was the result of market forces. In a geopolitical crisis, disruption would be intentional, targeted, and likely more devastating.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

None of these vulnerabilities exist in isolation. Together, they form part of a broader and comprehensive strategy, particularly for China, where digital infrastructure has become a deliberate instrument of national power. Through the Digital Silk Road, through export controls on critical minerals, through investments in semiconductor capacity, through an ambitious national AI strategy, and BeiDou’s global adoption, Beijing is systematically building positions of leverage.

Is this preparation for an open assault on global systems? Maybe not, but it is a strategy designed for options in the gray zone. By holding digital chokepoints at risk, China can complicate allied decision-making and cast doubt on the reliability of critical systems, thereby slowing or obstructing responses at moments when speed is decisive. The ambiguity of each incident – whether it appears to be an accident, a policy choice, or something more calculated – becomes a tool of coercion.

The reality is that these risks cannot be eliminated. The very efficiency of the digital age depends on concentration. A single company leads in chipmaking, a limited set of satellites provides global timing, and relatively few cables carry the world’s data vast distances across the open ocean. Efficiency brings tremendous capability, but it also brings fragility. And fragility invites exploitation.

The counterweight must be resilience. That means redundant routes and suppliers, pre-positioned repair capacity, diversified supply chains, hardened infrastructure, and rehearsed recovery plans. The point is to recover and regain capacity as quickly as possible. To do so requires deeper public-private partnerships and closer coordination among allies, since no nation can protect these domains on its own. Resilience is not a one-time investment but a cultural shift. A culture that assumes disruption will come, prepares for it, and ensures that no single outage or shortage can paralyze us.

History offers some perspective. Nations once fought to control straits, canals, and oil fields. They still do so today, but increasingly our chokepoints are digital, hidden from sight yet just as consequential. Whoever shapes them, shapes the balance of global power.

Global stability today depends on foundations that are often invisible. Fiber-optic cables under the sea, satellites crossing the skies, and factories producing chips with microscopic precision form the backbone of our digital age. They showcase human ingenuity while highlighting profound vulnerabilities. Recognizing the duality of innovation’s promise alongside its fragility may be the most important step toward protecting what matters most in the digital age. And, yes, we must defend these technologies. But it’s about something bigger. It’s about ensuring that the digital world we depend on remains a source of strength, and not a lever of coercion.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. Government. Nothing in the contents should be construed as asserting or implying U.S. Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

EXPERT PERSPECTIVE — In 1943, a body washed up on a beach in Huelva, Spain. It was the body of a Royal Marine officer, Major William Martin. Martin was carrying papers, cuffed to his wrist in a briefcase, suggesting that the Allies would invade Greece and Sardinia, not Sicily. Spain was officially neutral, but a few Spanish officials sympathetic to the Nazis allowed German agents to discreetly photograph the documents before Spain quietly passed the documents to the British. Those British officials appeared to be in a state of panic over the lost briefcase.

Would this opportunistic espionage expose a critical Allied operation? In reality, Major William Martin never existed. The body was that of Glyndwr (“Glendure”) Michael, a Welsh drifter who died from consuming rat poison. You probably recognize this as Operation Mincemeat. British intelligence developed this incredible ruse, with American approval, and painstakingly developed a plan for the body to wash up near Huelva Spain and provided background and a personal story for Michael that allowed the body to pass convincingly as a Royal Martine officer who perished at sea while delivering sensitive documents.

The Germans took the bait. Convinced by this fabricated narrative, Hitler diverted significant forces away from Sicily. When the Allies landed in Sicily, they encountered far less resistance than expected, saving countless lives and accelerating the collapse of Axis defenses in southern Europe.

Beyond innovation and sheer audacity, this was a master class in story-telling, in knowing the pressures facing the target audience (Hitler), in creating a believable altered reality, in understanding how information moved through Nazi circles and among those who enabled them and, most importantly, in persuading our adversaries to make consequential decisions that advanced our interests over theirs. It was cognitive warfare on the offense, it represented a cognitive advantage during a perilous period, and it remains a reminder of the timeless power of cognitive persuasion.

History has many other examples of where commanders and leaders have stepped beyond traditional thinking and conventional operations into the information and cognitive space to confuse our adversaries, to win the day, and, at times, to change history.

Is this important today? Let us put cognitive warfare in strategic perspective.

First, great power competition is intensifying and the stakes are high.

The U.S is now facing the most significant global challenges than at any time in our history. We face more capable peer adversaries, more aspiring regional nations, and more proxy threats than ever before. The global environment is more uncertain than ever, and our place in it is not guaranteed. If we are to remain the global leader, we’ll have to be ready for today’s and tomorrow’s rapidly evolving competition and warfare. We must look to prioritize and commonly orient our Nation’s capabilities toward actively maneuvering and gaining advantage across the cognitive landscape to help ensure our security interests, and to actively deny any adversary their own advantage.

Second, great powers will go to great lengths to avoid direct military engagement that could have catastrophic consequences. Russia has lost the equivalent of what would be one of the world’s largest militaries and it has experienced a massive reduction in national power in the war with Ukraine. We also know the examples from WWII when nations and great militaries were defeated and even decimated as a result of great power conflict.

China has advocated winning without fighting for decades, and it still does. Khrushchev famously said “We will take American without firing a shot. We do not have to invade the U.S. We will destroy you from within.” Putin is a believer and practitioner in that approach.

Their approaches are not a mystery. Our adversaries have telegraphed how they plan to attack us, and to defeat us, without direct military engagement.

Third, given those considerations, our adversaries are increasingly relying on operations in the gray zone, or gray warfare, to advance their national interests and to take steps to undermine and weaken the United States, without risking a superpower conflict. They have prioritized their resources, decisions, and actions toward this end.

China and Russia, and even Iran and North Korea, believe there are more gains than risks in the gray zone, and any risks they do face are manageable, so we should expect them to expand their activities. If we solely maintain an unblinking stare at the conventional military capabilities of our adversaries, we might miss the real war already well underway in the gray zone.

Finally—cognitive warfare stands as the most prevalent and consequential activity our adversaries conduct in the gray zone.

This is not your grandfather’s Cold War disinformation. This is an assault on cognition, powered by advanced technology and enabled by an information environment that provides camouflage, infrastructure, and operational resources for our adversaries. Ultimately, cognitive warfare is a contest for truth and knowledge—a struggle to shape perception, control understanding, and influence both the decision-making process and its outcomes.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Never before in history have individuals, organizations, societies, and nations faced such a sustained assault on our ability to make our own decisions—our autonomy to think, decide, and act in our own best interests. From our adversaries’ perspective, controlling perceptions, manufacturing realities, steering decision-making, intimidation as persuasion, decision fatigue, and manufactured false choices make for persuasive and effective strategy.

In this global information landscape, where technology levels the playing field, any individual or group, and state or non-state actors can reach global audiences almost immediately. Thousands of internet sites, fake users, fabricated organizations, bots, and willing surrogates, managed by Russia, China, Iran, and North Korea, wage cognitive warfare against the U.S., our allies, and our partners at unprecedented scale and velocity. Artificial intelligence now serves as a force multiplier—amplifying reach, supercharging deception, automating the manipulation of public opinion, and constricting time in the information maneuver space.

As individuals and groups within America, this is everything from how we see the world, how we vote, how we invest, whom and what we trust, which policies we support or oppose, and who we believe are our friends and partners—locally, regionally, and globally.

For national security leaders, policymakers, and corporate and military decision-makers, our adversaries seek to influence consequential decisions on issues like Ukraine, Taiwan, trade, military posture, supply chains, alliances, participation in international organizations, technology development, and a host of other issues that could tip the balance in our adversaries’ favor.

For China, Russia, Iran, and North Korea, this is integrated national strategy where the instruments of national power—government, private sector, and surrogates—are combined to achieve strategic impact. Further, the willingness of our adversaries to defy international law; challenge economic interests, and violate the sovereignty and laws of every country including the U.S.; engage in bribery, political coercion, sabotage, and assassinations—essentially a “no limits” approach” to cognitive warfare—gives them considerable leverage—made more effective by our lack of focused emphasis on recognizing, prioritizing and taking action to mass and commonly orient our great national strengths.

If we are to make consequential decisions with confidence, we must have high certainty in the information we receive, value, and share. In the cognitive domain, truth is a strategic asset—precious, powerful, and fragile. To endure, it must be shielded from the relentless assault of manipulation, coercion, and altered realities initiated by our adversaries to shape the strategic landscape and create influence attack vectors intended to undermine and disable our ability to do the same.

Churchill recognized both the strategic value and fragile nature of truth in a time of conflict. He famously said, “In wartime, the truth [is] so precious that it should always be attended by a bodyguard of lies.” The lesson is clear. Today, just as in 1943, we must seize and defend the cognitive advantage if we are to navigate these equally perilous times.

What do we need to do to achieve a cognitive advantage?

- First, we need to reassert a strong U.S. national narrative.

In the cognitive domain, our national narrative is both sword and shield. It projects power, influence, and advances our interests. It tells the story of our values, our history, our aspirations, our view of the world, and our resolve and is reinforced by actions and deeds. Our military and economic strength and our global leaderships are strong parts of this narrative. It supports confidence in our actions, our institutions, and our commitments. It also counters adversary narratives and actions that seek to undermine America within our own borders and across the world. We all know today that our national narrative is being questioned by some at home and abroad. Regardless of how we see the political environment, we must articulate and advance a strong seamless U.S. national narrative as foundational to a cognitive advantage. We must take this on.

- Second, we need to empower our master storytellers.

Our master storytellers are not just communicators; they are architects of persuasion. We all know this; we read, we watch movies, and we listen. Facts are fleeting, but stories remain with us—they shape how we feel which in turn drives how we behave. In the cognitive domain, well-crafted stories—including those tailored to navigate today’s hyper-technical environment and chaotic information environment—shape threat perceptions, influence our perception of reality, sustain resolve, and can tip the balance in competition or conflict.

Adversaries recognize the power of narrative and weaponize it; even the truth is more persuasive when it is delivered as part of a compelling story. History proves the advantage: in cognitive warfare, facts alone rarely shift outcomes—compelling narratives and persuasive storytelling do. As in 1943, our edge will be defined by those who can craft and deliver the stories that influence minds and shape events. Yes, we need our master storytellers as much today as we did in 1943.

- Third, we need to see and understand our adversaries’ capabilities and intentions in the cognitive domain—where perception, knowledge, and decision-making are contested. Our adversaries, of course, go to great lengths to mask and conceal their activities. It is time for cognitive intelligence—intelligence in and about the cognitive domain and our ability to reliably understand how, where, and why adversaries seek to shape our thinking and decisions—to emerge as a priority.

- Fourth, we need a sustain a technological edge in AI, Cognitive Science, Cyber, and other technologies that force our adversaries to go on the defensive. China in particular is working to take that advantage from us by its own means but also by stealing U.S. data, technologies, and intellectual property to use against us. We must safeguard the extraordinary capabilities of U.S. technologies—including those small, bold startups—that not only provide a critical national security advantage but are also relentlessly targeted by our adversaries.

- Fifth—and critically important—we need to plan, organize and drive designed strategies and actions across our governmental institutions, international partners, and private sector at the intersections of shared security interests to defend against adversary tactics that target our economic, military, infrastructure, informational and Cyber pillars of security each fueled by human perception, reasoning, and effective decision-making. If you remember anything from this article, please remember this. As a priority, we need a strategy and a commitment to play offense in a quiet but relentless manner that confuses our adversaries, shatters their confidence, and forces them—not us—to deal with the uncertainties of cognitive warfare.

- Finally, if all of this is to work, we need to harness the incredible intellectual power, critical thinking, and collaboration among government, private sector, academia, and in many cases, our allies. We need to work at the nexus of shared interests. In this collaboration; we need leaders; not to overly prescribe or to build bureaucracy, but to inspire, convene, add clarity of purpose, and to enable the incredible capability this community offers. We must use the power to convene to commonly inform and set conditions for mutually beneficial action and outcomes, and to help close the relationship seams used by our adversaries as attack vectors.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

For our leaders, a reminder that when relegated to small tasks and small thinking, influence operations in the cognitive domain will achieve small results. This is a time for vision, for big thoughts, innovation, and audacity. With those attributes, and thinking back to the remarkable achievements of 1943, today’s operations in the cognitive domain can and will do remarkable things.

Those elements, we believe, are the foundation of a cognitive advantage. If we are successful, it means we have a sustained ability to protect our decision-making autonomy at all levels; we preserve domestic and allied social cohesion; we retain global influence, credibility and narrative power; we expose and undermine adversary efforts at cognitive warfare; and we achieve U.S. objectives without resulting in direct conflict. Challenging?—Yes. Attainable?—Certainly.

A final word. Last June, Dave Pitts visited Normandy for the 80^th Anniversary of D-Day—which was our last conventional war of great powers. It was a war that resulted in a devastating loss of human life and unprecedented destruction. Omaha Beach, the Drop Zones around St. Mere Eglise, and the American Cemetery were vivid reminders. That war established the U.S as a global superpower and established a world order that has lasted 80 years. It also enshrined in history the “Greatest Generation.”

Today, authoritarian rule is on the rise, national sovereignty around the world is being undermined, and the global order as we know it is under attack. Once again, our preeminence, leadership, and resolve are being challenged. Let’s be clear, the next war—a quieter war, a gray war—is already underway. The outcome of that war will be as consequential as conventional war.

Cognitive warfare may very well be the defining contest of this era—a generational challenge—given the threats it poses to U.S. national security, our place and influence in the world, and our commitment to our own self-determination. If you are a professional in this space—government, private sector, academia, and ally—this is clearly your time.

Today, we are surrounded by threats, but we are also surrounded by opportunities, by extraordinary expertise, and by willing partners. The challenges ahead are formidable, but so are our experiences and capabilities as a nation. The incredible resolve, sacrifice, and refusal to fail—hallmarks of the Greatest Generation—are woven into the fabric of America and will continue to serve us well. Securing our future now demands leadership, collaboration, a bias for action, and adaptability—the hallmarks of this generation. We have what it takes.

Yes, confidence is clearly justified—but we must just as clearly match that confidence with decisive action. Time is not on our side as others have already decided to prioritize cognitive related strategies. It is time to take a bold step forward in the cognitive domain and to seize the cognitive advantage.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. Government. Nothing in the contents should be construed as asserting or implying U.S. Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

OPINION — Russian drones are forcing airports to close and fighter jets are breaching NATO airspace – clear signals of Moscow’s widening hybrid campaign. The cost imbalance is stark, with Europe spending hundreds of thousands to destroy drones worth a fraction of that. Emboldened by this asymmetry, Vladimir Putin is escalating with growing confidence, betting that the West will stop short of real retribution, like giving Ukraine long-range missiles to destroy his drone factories.

Russia began its escalation on Sept. 9 by sending drones into Polish airspace, followed by an incursion into Romania. Days later, a Russian fighter jet breached Estonian airspace. In recent weeks, drones have been shutting down airports in Denmark and Norway.

Moscow is intensifying its hybrid warfare campaign against Europe in the hope of pressuring governments into concessions. At the same time, Putin depends on a state of constant confrontation to sustain his regime.

Months of U.S. diplomacy with Moscow under the Trump administration have also achieved little. President Donald Trump insists he is always “two weeks” away from a decision, but the Kremlin calculates it can outlast Ukraine on the battlefield, fracture European unity, and sap American interest. Russia remains defiant, refusing meaningful negotiations.

As Le Monde observed, Russian diplomacy follows familiar Soviet patterns: table maximalist demands, stage symbolic talks, issue threats, then offer only token concessions. George Kennan, the American diplomat who defined early Cold War strategy, once noted that the Soviets “will ask for the moon, demand the moon, and accept nothing less.”

John Sullivan, U.S. ambassador to Moscow from 2020 to 2022, echoed the same view, describing Russian negotiations as “maximalist demands, surrender nothing, paranoia to the nth degree.” Europe must strip away all false illusions that the war will end anytime soon.

Any sort of peace agreement that resembles the Budapest Memorandum or Minsk agreements will surely bring a much bigger war to Europe in the future. And the Trump administration has shown itself to be an unreliable ally. But that’s not necessarily a bad thing, if Europe can take advantage and scale its own capabilities and European defense firms.

At the same time, Washington’s own priorities are shifting. According to POLITICO, The Pentagon’s new draft defense strategy places homeland and Western Hemisphere security above countering China or Russia.

To Trump’s credit, in just a few months he has pushed Europe to take the Russian threat more seriously than some capitals managed in three years of full-scale war. Germany, the continent’s largest economy, had announced sweeping ambitions to rebuild its military after the invasion. But once it became clear that Ukraine would not collapse, Berlin grew complacent, and much of its investment drive – including the much-touted €100 billion “special fund” – faltered.

However, Washington’s retreat also presents Europe with a chance to take greater ownership of its security and lessen its reliance on the United States. In our new Henry Jackson Society report, European Defence Autonomy: Identifying Key Companies and Projects to Replace U.S. Capabilities, my co-author Mykola Kuzmin and I argue that Europe now has a strategic opportunity to leverage its own European defense sector to prepare for a future war with Russia if it comes to that. It is better to be prepared than left scrambling when the moment of crisis arrives.

Europe cannot afford to rely on the U.S. for its core defense capabilities – nor on the whims of individuals like Elon Musk, shown by his restricting of Starlink access in Ukraine in Kherson and occupied-Crimea. Starlink’s unrivaled 8,000-satellite constellation highlights Europe’s dependence, with alternatives like Eutelsat OneWeb far smaller and prohibitively expensive. At the same time, Russia is developing a $5 billion satellite internet system called Rassvet, intended as an alternative to Starlink, with plans to launch nearly 300 satellites by 2030.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

This technological push comes alongside its aggressive use of drones to overwhelm Ukrainian air defenses. Russia has been overwhelming Ukrainian cities with nightly drone attacks and has flown over 530 surveillance drones across Germany this year to monitor Western arms shipments, including near Bundeswehr bases. Yet German forces cannot shoot them down due to legal limits.

If Moscow is already doing this with its hybrid war, the scale of a full-scale war will be far greater. The economics of war are quickly being transformed in Ukraine. That is why Europe must invest in low-cost drone interceptors and other scalable technologies. Relying on million-dollar American Patriot interceptor missiles for every drone attack is simply unsustainable.

Russia and China have a booming drone-alliance and the Axis of Evil is helping one another grow technologically. Iran, North Korea, and Venezuela are all gaining technologically through cooperation with one another.

Deborah Fairlamb, co-founder of Green Flag Ventures, a venture capital fund for Ukrainian startups said, “Chinese components continue to be found in downed Russian drones, and a number of Chinese nationals have been documented alongside Russian troops – indicating that tactical and technological lessons are being shared between Russia, China, and North Korea.”

The continent also has a booming defense tech sector, and I have embedded with frontline units using European technologies like the Vector drone. As the Financial Times noted, “Europe now boasts three defence start-ups with a ‘unicorn’ valuation of more than €1bn: drone makers Helsing, Quantum Systems, and Tekever.”

Lyuba Shipovich, CEO of Dignitas Ukraine highlighted that Estonia has multiple companies now working on robotics. “We don’t have many of their systems here because they’re expensive, but some are comparable to Ukrainian designs,” said Shipovich.

Estonia-based Milrem Robotics has found success in Ukraine, and its THeMIS unmanned ground vehicle (UGV) is being used on the front. Milrem’s THeMIS UGVs are proving their worth in Ukraine – so much so that Russia offered a bounty for capturing them intact.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Crucially, Europe has Ukraine on its side, which is now a global drone superpower. “What does carry undeniable value for the West, however, is the experience and insight of Ukrainian engineers,” said Vitaliy Goncharuk, CEO of A19Lab and former Chairman of the Artificial Intelligence Committee of Ukraine.

But Kyiv urgently needs more funding to scale weapons production, and Europe should focus on fully integrating Ukraine into its broader defense sector. The tempo of war is accelerating, with innovation cycles now measured in mere weeks and months. As one European diplomat put it: “The speed of innovation is so quick: It’s a six-week cycle and then it’s obsolete.”

The war is now a technological race and Ukrainian engineers are at the forefront. Oleksandra Ustinova, a Ukrainian member of parliament said, “Ukraine has developed technologies under real battlefield conditions that the rest of the world will want in the next five years.”

In fact, Kyiv has the capacity to produce millions of drones, but money remains the limiting factor. “Ukraine can produce 8–10 million FPVs annually but can only afford to buy about 4.5 million in 2025,” said Serhii Kuzan, chairman of the Ukrainian Security and Cooperation Center and former Ministry of Defense adviser. “Scaling requires European and international investment, via direct funding or joint ventures.”

Together with Ukraine, Europe can become an AI superpower and prepare for the future of automated warfare. It is Kyiv that is now educating the Europeans on how to build a “drone wall” to defend itself. But technology alone won’t decide the war, as will power is needed. The larger geopolitical stakes remain clear for the European alliance.

When Russia first invaded Ukraine in 2014 and the world failed to stop the seizure of Crimea, it fractured the international order that had held for decades. The longer Moscow wages its current war and if it secures any permanent gains, the more emboldened it will become. Russia sees itself as an empire, and empires expand. Europe must prepare accordingly, ready to fight alone if necessary.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

OPINION — In early 2024, the American public received a stark warning from top U.S. security officials. Chinese state-sponsored hackers, known as "Volt Typhoon," had penetrated not just data repositories but embedded themselves deep within the control systems of U.S. critical infrastructure—including communication networks, energy grids, and water treatment facilities. As FBI Director Christopher Wray testified, the intent was a "pre-positioning of capabilities that can be turned on whenever they see fit" to "wreak havoc and cause real-world harm to American citizens and communities." This was not espionage in the traditional sense—it was operational preparation of the environment at a strategic scale.

No shots were fired, nor territory seized—yet this was an act of calculated, strategic hostility. Volt Typhoon is one battle in a much larger, undeclared conflict: the gray war the PRC is waging against the United States.

How did we get here? In the late 20th and early 21st centuries, the People’s Republic of China (PRC) began to formally articulate a new approach to conflict that diverged significantly from traditional warfare. This strategic evolution was first evident in 1999 with the publication of "Unrestricted Warfare" by two People's Liberation Army (PLA) colonels, Qiao Liang and Wang Xiangsui. This groundbreaking conceptualization expanded the battlefield beyond purely military engagements to encompass a vast array of domains, including economic, legal, and informational spheres.

Further solidifying this new paradigm, the PRC subsequently adopted the "Three Warfares" doctrine in 2003. This formalized framework specifically outlined three interconnected non-kinetic operations: psychological warfare, public opinion warfare, and legal warfare. Together, "Unrestricted Warfare" and the "Three Warfares" doctrine laid a profound intellectual and doctrinal foundation for China's strategy of confronting powers like the United States in ways that intentionally stopped short of direct military conflict. Despite their significant implications for global security and China's evolving approach to international relations, these paradigms largely escaped widespread public notice and critical scrutiny in the Western world at the time of their introduction. It’s hard to know precisely when China’s gray war began, but we can see the doctrinal basis for that war taking shape in 1999 and 2003.

Today, the gray zone can be described as the geopolitical space between peace and war where nations conduct activities to advance their national interests, attack and weaken their adversaries, and possibly set the conditions for a future war without triggering a military response. It is the domain of deniability, ambiguity, and incremental aggression. As scholar Hal Brands has argued, it is the preferred tool of revisionist powers seeking to challenge the existing order.

The PRC’s aggressive actions are not isolated, unconnected events to achieve tactical gains, but rather the gray zone is the central front in Beijing’s strategic competition with the United States. Its objective is not to defeat the United States on a conventional battlefield, but to orchestrate a strategic defeat by a thousand cuts—eroding American power, influence, and resilience, while reshaping the international order to suit Beijing’s ambitions, all without triggering a direct military response. Its ultimate aim is to achieve a victory so complete that by the time America recognizes the totality of its loss, the cost of reversing it will have become insurmountably high.

Defining Strategic Defeat in a Gray War

The concept of strategic defeat has historically been tied to the battlefield: the surrender of an army, the fall of a capital, the destruction of cities and infrastructure, the massive loss of life, the signing of a treaty on an adversary’s terms. In a gray war, the metrics of victory and defeat are fundamentally different. They are not measured in territory lost but in access and influence ceded, not in ships sunk but in alliances fractured and capabilities sidelined, not in casualties but in confidence shattered and decision autonomy undermined.

Strategic defeat in the context of a gray war can be defined as: The cumulative loss of relative power, autonomy, and global influence across cognitive, geopolitical, military, economic, and technological domains—resulting in a diminished ability to deter, resist, or effectively respond to an adversary’s actions and ambitions.

What does this mean in practical terms? For the United States, it would mean a future where the U.S. dollar is no longer the undisputed global reserve currency, weakening America’s ability to levy effective sanctions. It would mean a world where American security guarantees are no longer trusted by allies, forcing nations in the Indo-Pacific and Europe to accommodate Beijing’s demands.

For prospective partners, it would mean the path of least resistance is to align with a new center of gravity in Beijing. And for our global adversaries, it would signal that the era of American primacy is over, emboldening them to challenge the international norms the United States has long championed.

As the 2022 U.S. National Security Strategy states, the PRC is "the only competitor with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do it." Strategic defeat is the realization of that intent.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

The Six Fronts of China's Gray War

Beijing has evolved its original “Three Warfares” doctrine and is now waging a coordinated gray war across six interconnected fronts. Success on each axis is not necessary; rather, incremental gains in one area generate vulnerabilities in another, creating a cascading strategic effect. The struggle is not confined to the military domain but extends to economics, technology, diplomacy, and cognition itself. If left uncontested, Beijing could erode U.S. alliances, undermine deterrence, and shape a strategic environment in which America’s choices are constrained before conflict ever begins.

Dominate the Cognitive Environment

China seeks to control the global narrative, portraying itself as a responsible rising power while casting the United States as a declining, chaotic hegemon. PLA doctrine explicitly identifies the cognitive domain as a new battlefield, where perception and belief are as contested as territory.

The State Department’s Global Engagement Center – which was disbanded earlier this year – documented Beijing’s tactics: seeding pro-PRC messaging through foreign media, deploying bot networks to inflame divisions in democratic societies, and spreading disinformation on issues ranging from COVID-19’s origins to the integrity of U.S. elections. Through its United Front system—a unique blend of influence and interference activities, as well as intelligence operations that the CCP uses to shape its political environment—Beijing targets individuals, social and political groups, academia, business leaders, military leaders, policy makers and U.S. allies with persuasive narratives, manipulated imagery, and coercive pressure. It is an assault on cognition. The objective is to isolate the United States from its allies and demoralize the American public, thereby undermining the national capability—and will—to compete. This is a war over knowledge, belief, and decision-making autonomy—one that could prove decisive.

Limit U.S. Military Deterrence Options

The PLA has spent three decades developing a formidable Anti-Access/Area Denial capability. As detailed in the Pentagon’s annual China Military Power Report, this network of long-range anti-ship missiles, integrated air defenses, and advanced naval platforms is designed to make it prohibitively dangerous for U.S. forces to operate in the seas and skies around China's periphery. The goal is to neutralize America’s primary strength—its power projection—and create a scenario, particularly over Taiwan, where Washington hesitates to intervene.

The PRC’s intent is that intimidation, threats, and stated redlines add cognitive strength to its military deterrence and its efforts to shape U.S. military decisions to its advantage. PLA’s “deterrence by demonstration”—which employs constant aggressive maneuvers in the Taiwan Strait, missile launches, and aggressive intercepts—is designed to increase psychological pressure and a sense of inevitability, erode resolve, intimidate, and coerce decisions favorable to China. The rapid expansion of China’s nuclear arsenal (DF-41 ICBMs, new silos) also broadens Beijing’s deterrence toolkit.

It is likely that the PRC will be more provocative if it believes the United States is unlikely to respond for fear of escalation. Furthermore, Beijing closely observes the Western response to Russia’s war in Ukraine, treating it as a live-fire case study of Western resolve and military-industrial capacity, calibrating its own gray war accordingly in what amounts to a strategic partnership with Moscow.

Erode and Displace U.S. Power, Altering Geopolitical Norms

Where the U.S. once led in building the post-war international order, China now works diligently to co-opt or supplant it. Through initiatives like the Belt and Road Initiative, the PRC has used its vast economic resources to create dependencies, gaining political leverage and, in cases like Sri Lanka's Hambantota Port, control of strategic assets, while also working to undermine American access and influence. As the U.S. signals an intent to withdraw investments and presence from some countries and regions, the PRC will seek to fill those vacuums.

The PRC's construction and weaponization of new islands to change international boundaries in the South China Sea are also part of its strategy to create new geopolitical realities that expand PRC presence and influence. Simultaneously, Beijing has successfully placed its officials in key leadership positions within United Nations bodies, influencing the setting of international standards on everything from technology to aviation in ways that favor its own authoritarian model. PRC influence in the International Telecommunication Union and efforts to set standards for 5G, AI governance, and internet “sovereignty”—all erode the liberal international order in an attempt to sideline American influence.

Weaken and Compromise Essential U.S. National Systems

The Volt Typhoon intrusions are the most visible element of a concerted campaign to hold American critical infrastructure at risk and “prepare the battlefield,” but there are others. According to media reports, the PRC has attempted to penetrate and compromise, with mixed results, U.S. energy, water, communications, transportation, and information infrastructure as well as government organizations. U.S. space infrastructure and emerging AI infrastructure, such as data centers, are also vulnerable.

The PRC’s state-sponsored hackers have also engaged in persistent, widespread economic espionage, targeting U.S. corporations, universities, and research labs to steal the intellectual property that forms the backbone of the American economy. Former FBI Director Wray has stated that the PRC’s hacking program is larger than that of every other major nation combined. This front of the gray war aims to weaken America from within, creating systemic brittleness and giving Beijing coercive leverage in a crisis.

Manipulate Economic Dependencies and Supply Chains

For decades, the West viewed economic interdependence with China as a force for liberalization. Beijing, however, saw it as a strategic vulnerability to be cultivated and exploited. The PRC has weaponized its dominant position in critical supply chains, as seen when it restricted exports of gallium and germanium in 2023 in response to U.S. semiconductor controls. Its control over the processing of some 90% of the world’s rare earth minerals gives it a chokehold over inputs essential to the U.S. defense and technology industries. This economic statecraft, documented in case studies by the Peterson Institute for International Economics, is used to punish and coerce other nations, demonstrating to the world the costs of defying Beijing.

Other dependencies are equally concerning. The United States remains reliant on China for pharmaceuticals and active pharmaceutical ingredients , batteries, and solar panel components—sectors where Beijing could impose sharp costs on adversaries. Through such statecraft, China demonstrates the penalties for defiance and signals that economic integration is a vulnerability, not a safeguard.

Gain Technological Superiority over the U.S.

The final and perhaps most crucial front is the race for technological supremacy. Through state-directed policies like "Made in China 2025" and its "Military-Civil Fusion" strategy, the PRC is mobilizing the full power of its state and society to dominate the foundational technologies of the 21st century: artificial intelligence, quantum computing, biotechnology, and next-generation telecommunications.

China already leads the world in patent filings for AI, fintech, and quantum encryption. Leadership in these fields, as argued in reports by the Special Competitive Studies Project (SCSP), will not only drive future economic growth but will also confer decisive military and intelligence advantages. China’s theft of U.S. intellectual property has directly accelerated its technological advancement in both commercial and military sectors, often allowing Chinese firms and state entities to leapfrog developmental obstacles and compete globally with U.S. companies. The PRC is not merely seeking to catch up; it is determined to leapfrog the United States at any cost and write the rules for the next technological era.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

American Vulnerabilities and Responses

China's gray war strategy is effective because it expertly exploits the inherent vulnerabilities of an open, democratic society. The openness of the U.S. economy and academic institutions, a traditional source of strength, creates avenues for technology theft and malign influence. America’s political polarization, amplified by social media, is a fertile ground for PRC information operations. A chaotic global information environment, which is at the fingertips of information-hungry Americans, further provides infrastructure, camouflage, and endless surrogates for China’s cognitive warfare efforts.

The United States is not idle. It has finally awakened to the challenge. The 2022 CHIPS and Science Act represents a historic investment to restore domestic semiconductor manufacturing. Stricter export controls, led by the Commerce Department, aim to slow China's progress in advanced computing. New and strengthened alliances, chief among them the AUKUS pact with Australia and the United Kingdom, are designed to bolster collective deterrence in the Indo-Pacific.

These responses, while necessary, remain largely fragmented and they are created within the context and the confines of the “rules-based global order” that the PRC often ignores. As many analysts at institutions like the Center for a New American Security have argued, the U.S. government is still largely structured for a bygone era. It lacks the integrated, whole-of-government machinery required to effectively counter a holistic, long-term gray zone competitor. We are waging a networked war with a hierarchical bureaucracy, responding to discrete crises rather than waging a proactive, continuous campaign. And the tools that we often choose to employ, such as relying solely on diplomacy and limited assistance to regional allies to dissuade Beijing from asserting its sovereignty in the South China Sea, are unsuccessful in inducing PRC compliance.

China’s Confidence and Risks

Beijing’s confidence in this strategy is rooted in its own strategic culture and its perception of American decline. The Chinese Communist Party’s (CCP) ideology, especially under Xi Jinping, is saturated with the narrative of an "East rising and West declining," a belief that history is on China's side. This modern confidence is layered atop an ancient strategic tradition, epitomized by Sun Tzu, that prizes victory without direct conflict (shangbing fa mou). A gray war is the ultimate expression of this philosophy: to win by outmaneuvering, outwitting, and demoralizing the opponent until their will to resist collapses.

Yet, this strategy is fraught with risk—for China. In his book The Long Game, Rush Doshi argues that Beijing’s aggressive turn has prematurely awakened a sleeping giant, galvanizing the very anti-China coalition it sought to avoid. Every coercive trade action, every act of cyber aggression, and every belligerent statement pushes the United States. and its allies closer together. The greatest risk of all is miscalculation. A gray zone action over Taiwan—such as a declaration of a "quarantine"—could easily be misinterpreted, spiraling into a devastating hot war that would shatter China’s economic ambitions and potentially threaten the CCP’s grip on power.

Disrupting China's Gray War and Imposing Costs

Recognizing that we are in a gray war is the first, foundational step. Winning it requires a fundamental shift in American strategy from reaction to proaction. As noted in a previous Cipher Brief article, the U.S. has to rethink, retool, and reorient so that it is as prepared for a gray war as it is for traditional conflict; that has yet to be achieved. Further, the U.S. must understand and manage risk in the gray zone. The gray zone is filled with real threats, many things that aren’t real, and outright deception.

Russia, China, and Iran flood the information environment with false and manipulated information; fabricated organizations and events; persuasive but false national narratives; and calculated threats and intimidation intended to weaken our resolve, impair our judgment, and push us toward decisions that favor their interests. Despite this gray zone “fog of war”, the U.S. and its allies must move beyond simply defending against China's gray zone aggressions and begin to actively disrupt them, impose meaningful costs, and shift from a defensive to an offensive posture. A strategy to do so must include four key lines of effort:

First, systematic exposure. The United States must win the battle for truth by systematically declassifying and publicly attributing PRC gray zone activities in near-real-time. By stripping away the cloak of deniability from actions like Volt Typhoon or covert influence operations, Washington can rally domestic and international opinion, making it harder for Beijing to operate. This exposure can also occur at very senior levels. China should not be able to engage in trade or diplomatic talks with the United States without answering for its systematic attacks on U.S. sovereignty, institutions, critical infrastructure, and global influence.

Second, impose proportional costs. For too long, China’s gray zone actions have been low-cost and low-risk. Washington. must change the PRC’s risk-gain calculation, which currently demonstrates that the PRC sees more gains than risks in its gray zone actions. U.S.leaders must speak clearly to the PRC and other adversaries on the costs of their gray zone attacks. The United States must lead a coalition to develop a menu of pre-planned, rapid-response options. If China uses economic coercion against an ally, the G7 should respond with coordinated relief funds and joint legal challenges. If a Chinese entity is caught stealing intellectual property, it should face crippling sanctions.

Third, build collective resilience—not just at the national level, but across society and allied networks. Strengthening resilience means ensuring U.S. intelligence collection and analysis is sharply focused on evolving gray zone threats. The United States should deepen security, intelligence, and crisis response cooperation with core allies through frameworks like AUKUS and the so-called “Quad alliance” (an informal security dialogue involving Australia, India, Japan, and the United States), while also investing in broader multi-level partnerships that include the private sector and academia. The U.S. and its allies should pioneer an "economic NATO" model, creating shared safety nets and coordinated defense packages so that an economic or cyberattack against one is met with rapid collective support from all members.

Domestically, resilience is important because PRC cyberattacks, threats to critical infrastructure, and efforts to sow dissent, undermine U.S. institutions, interfere with supply chains, and influence U.S. decision-making can impact all Americans. Resilience starts with informed leadership at all levels of government and timely information sharing so communities and businesses can trust public information and know how to respond.

Finally, target the architects. Sanctions and other punitive measures should not only target corporate entities but also the specific Chinese Communist Party officials and PLA officers who design and direct these gray zone campaigns. Making the conflict personal for the individuals involved raises the stakes and can deter future aggression.

The challenge posed by China’s gray war is formidable, but it is not insurmountable. The United States stands at a critical juncture: either we continue to respond in a disjointed manner, or we forge a unified, proactive strategy to counter Beijing's multifaceted aggression. This demands an immediate, integrated, whole-of-nation response across all domains—governmental, private sector, and civil society—to systematically expose and build collective resilience against Beijing’s coercive actions. And it requires U.S. decisionmakers to overcome their fear of escalation and finally impose real costs on Beijing for engaging in gray warfare against the U.S. Failure to act decisively now risks a strategic defeat by incremental erosion, fundamentally reshaping the international order and diminishing American influence for generations to come.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. Government. Nothing in the contents should be construed as asserting or implying U.S. Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

EXPERT Q&A — Reports of damage to undersea cables across the world are on the rise, with suspected foul play in many of these incidents. These cables are crucial conduits for communications, financial transactions, Internet traffic and even intelligence, making them prime targets of gray zone tactics, from suspected Russian sabotage of Baltic Sea cables to alleged Chinese severing of cables in the Taiwan Strait. The Federal Communications Commission voted last Thursday to update U.S. rules on subsea cable development, aiming to streamline construction and better protect this critical undersea infrastructure.

The Cipher Brief spoke with Rear Admiral (Ret.) Mike Studeman, who served as Commander of the Office of Naval Intelligence, about what he says is an ongoing assault on undersea cables — including “outside-in” attacks like sabotage and “inside-out” attacks from embedded exploits — and how the U.S. and its allies can better defend the cables they rely on. Our conversation has been edited for length and clarity.

The Cipher Brief: What is the perceived danger that we're talking about here that the Congress is perhaps seeking to address?

RADM Studeman: It's very clear that the adversaries of the United States, the Chinas and the Russias of the world, are very keen on trying to get leverage in various ways against the United States and the West through critical infrastructure. The subsea cables are just one element of critical infrastructure.

But frankly, the statistics would blow people's minds. Ninety-nine percent of our Internet traffic goes through the undersea environment. When you think about the capacity of those cables, it's terabytes of information versus gigabytes of information through satellites. So essentially, when you go through satellites, it's like drinking a glass of water in terms of the amount of data throughput you get. But undersea cables, it's like trying to drink a large swimming pool worth of data. So we're highly dependent on those. $22 trillion of financial transactions are processed through undersea cables every day. We also have our defense, our national security, our intelligence riding those cables like everybody else with their streaming videos and emails and all the rest. So the threat there is significant, just like it would be on land-based sites with people trying to get into your communications, manipulate them, outright disrupt them through severing and cutting.

The Cipher Brief: The implication of the request made by the House would appear that this is less of a concern about the severing and cutting of cables, but more that Chinese companies, particularly the maintenance and repair companies, may be getting access to these cables,and then doing what? Is it tapping? What are we talking about here?

RADM Studeman: There's the outside-in and then the inside-out threats and it's worth bifurcating it in the beginning. So if you're talking about the six sea cables that were more than likely purposely cut by Russia and China since November 2024 in the Baltics and the Taiwan Strait, it shows you what can happen. Now there are natural ways cables get cut; 150 to 200 times each year cables are damaged by underwater volcanoes, dredging, fishing vessels accidentally dragging their anchors. But these are more purposeful nation state threats that we're seeing that are emerging. So there's no doubt about the outside-in, which means we got to track suspicious vessels.

But the inside out threat is just as significant and we need to be mindful of it. There's a lot of different equipment that can be at the terminal landing sites in between the subsea segments from optical repeaters to other junction points on sea cables that could potentially have malware in them that could perform a variety of functions when directed. So part of it is about espionage and the ability to shunt information into a place where Chinese and Russian intelligence can go through it, even if it's encrypted. They're hoping that later on with decryption capabilities they are working on that they could end up having all this data that they can back cast and decrypt to learn all sorts of secrets. So there's the shunting and the access to data. And there's also the ability to potentially exploit and disrupt from the inside with whatever functionality exists anywhere along the full length of those cables.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The Cipher Brief: How easy is it to say, we're not going to use those repair companies because they're associated with China, and we're just going to pivot and do it ourselves or figure out some other way? Is that something that can be changed on a dime? How hard is that?

RADM Studeman: We'll have to ask Microsoft, Google, Meta, and some other companies that question because the extent to which they're dependent and whether or not they have alternate ways of providing those services is really known better to them. But the report that got this going in the first place was that Microsoft was using Chinese companies to be involved in some of the maintenance work here.

I think we're doing the right thing. I think that there are alternate companies that can in fact provide these services and we need to get really wise about this and then hold the companies accountable to the national security requirements, which are legitimate, that we need them to be cooperative in to be safer and frankly more resilient because our adversaries wouldn't hesitate to use some of these exploitation techniques in the future. We can't be naive about this.

The Cipher Brief: Is there any evidence to your knowledge that this is more than a concern at the moment? In other words, any evidence that China has gotten into that big data fire hose that comes into this country or anywhere else for nefarious purposes?

RADM Studeman: I think it's 100% safe to say that the Chinese have been grabbing big data from all forms of communication that traverse the earth, including a substantial amount of U.S. and allied data that they have sitting there, which has been examined by their intelligence services, and could in the future, if encryption is broken, depending on what level it is, potentially also be something that they can analyze and go through. This is not some kind of theoretical threat. This is trying to stop something that's underway.

The Cipher Brief: And other than getting American or non-Chinese entities to do that work at the bottom of the ocean floor on the maintenance and repair side, is there anything else that you think ought to be done to address the threat?

RADM Studeman: I do think that when it comes to the manufacture of some of these cables that they're going, and discussions already exist about this, to put sensors of various types on there. There are normal anomalies and then other anomalies that could indicate that somebody's up to no good. There's signal distortions, there could be latency delays, there could be some anomalies after work is done in a certain segment of your cables. All those things deserve to have more sensors and therefore more analysis and more awareness because then you will know how to act appropriately to nip something in the bud, ideally, or to stop it soon after you detect it. But many cables are essentially dumb cables; they don't have enough of that sensing capability. So the newer ones should incorporate that technology that exists today. It's not hard, although it drives up the expense a little bit.

When it comes to the inside-out too, I do think that there are probably some software types and analytics that you could run against the data that the sensors provide. There's a different kind of tailored, maybe agentic AI which could be focused in this area too, to make sure you're not chasing your tail with false alarms. Trying to distinguish something that's truly, legitimately a concern versus something environmental or endemic to the running of the cable system altogether.

And then of course, you've already talked about steps to take with regard to identifying suspicious vessels that may be operating over these cables that may be up to no good. How do you deter that or how do you respond to that?

I also think that in terms of some of the resiliency efforts, we're gonna need to have more essentially underwater flyers, underwater drones. If you think about the Chinese and the Russian deep sea programs that have intent to go after cables, you need to examine them to make sure there's not a box that's been laid on top of them. Having some regular patrols, the Baltic states are currently doing that at the sort of air and surface level. And they're thinking about the desire for the undersea. We need to have more essentially drone flyers that are cheap, that can fly over the most critical cables out there. That to me is also where the future is going with all of these dangers that exist.

Opinions expressed are those of the interviewee and do not represent the views or opinions of The Cipher Brief.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

EXPERT Q&A — There is increasing focus on the vulnerability of undersea cables — a critical infrastructure which is key to much of global communications. They have been damaged in various hotspots around the world, with some incidents pointing to nefarious actors. Another threat beyond physical damage is the potential for intrusions and tapping, especially when it comes to U.S.-linked cables and China. Central to this issue is the dominance of Chinese companies in making, maintaining or repairing the cables linked to the U.S. In July, the chairs of three House committees wrote to the CEOs of Google, Meta, Microsoft, and Amazon to report on how exposed cables are to China in this way.

The Cipher Brief spoke with Beth Sanner, former Deputy Director of National Intelligence at ODNI, to assess the Chinese threat to undersea cables and why it is so challenging for the U.S. to mitigate the risk. Our conversation has been edited for length and clarity.

The Cipher Brief: What is the worry here? What's the kind of nightmare scenario? Why is the Congress asking the tech companies to report back on these things?

Sanner: So much of our communications flows through these cables, including encrypted classified information. There is a lot of stuff that is important. Not all of it is classified, of course — just everyday materials from financial transactions or people's connections to the internet. So there are obviously multiple reasons why we should consider undersea cables as part of U.S. critical infrastructure. But that critical infrastructure, unlike most of what we talk about, isn't only in the United States. In fact, all of this is outside the United States, and not even all of that connects directly to the United States. The vulnerability is so global because we are sending financial transactions between the United States and Singapore, for example, or even for China.

The Cipher Brief: There's no shortage of issues where the same concerns apply in terms of China having a hand in areas of our lives that involve data capture and data collection. Here, it's very hard to see how A, one would know exactly where that Chinese hand is, and B, let's say one of these companies comes back and says, well, we think that maybe a Chinese entity does some maintenance work. I imagine it's pretty hard to suddenly shift gears for Meta or Google or the other companies to say, okay, we'll just suddenly have another maintenance company that isn't Chinese.

Sanner: Right, so let's break that down a little bit. First, the way that information flows over these lines, it's very hard to restrict where things go. The messaging traffic tends to go on the lines that have the least amount of resistance and the most efficiency. So, your data can be going almost anywhere.

And we know that the FCC is going to be meeting in August and considering, and I would wager that they are going to, banning any Chinese equipment in cables that connect to the United States. (Editor’s Note: On August 7, 2025 the FCC banned the use of equipment and services from Chinese companies on its “Covered List” and other agencies’ lists of entities deemed national security threats on any future undersea cables connecting to the U.S.)

That suggests to me that there might be a problem that we don't know about. Is there the use of Chinese components even inside the cables connecting to the United States? I can tell you all cables connecting to U.S. military installations around the world, that I know of, though there could be exceptions, I think are handled by the American company called Subcom, which is owned by Cerberus, which Steve Feinberg, the now Deputy Secretary of Defense, was the co-CEO of until very recently.

But we just heard that Microsoft, in their cloud computing, with the U.S. DOD is using Chinese engineers for part of the maintenance of the cloud. And so it makes you wonder, I suppose it's possible that people are doing stupid things like using pieces like switching devices. Those switching devices direct the transmission of the light, or they could shut it down. What if those components, just like components that we recently heard were embedded in solar panels in the grid in Texas, are transmitting back or somehow controlled by China? I don't know, this is beyond my engineering capability, but I would say that we might have a problem there.

And then the third problem I would say is that this idea of the repairs, because most cables that are cut are accidentally cut. But if we rely on China for repairs, then something can be inserted in that process to tap that particular cable. And that can go on then indefinitely.

The Cipher Brief: We were just talking about some of the reporting that some of the big think tanks have done, CSIS in particular, that suggests that whereas Chinese companies and entities are not the market leaders when it comes to the construction of these cables that are reaching U.S. shores, they have a big chunk of the market, two companies in particular, when it comes to repair work.

Back to the first question, from your intelligence community background, how worrisome is that?

Sanner: Well, that is the ability to insert a tap automatically. That's how it is done. So, any time a Chinese ship repair operation is happening by the company that's a subsidiary of Huawei or the other company, all of these companies report back to Beijing and certainly can be not even compelled, just told to do that mission. So I consider that an absolutely high risk.

Now, my understanding is that Cerberus and Subcom are beginning a fleet of repair ships. They have two ships in this fleet of cable repair ships, according to one article that I read in Reuters. That's all I know is open source, of course. And so I think the United States understands this weakness. But my understanding, too, is that those Chinese ships have repaired 25% of the cables that have been cut. So again, our information can be on lines that are outside of our ecosystem. And I will say that, in terms of the overarching issue here, this is a private sector endeavor, right? There are no government owned cable lines. Not really. This is a private sector deal. And so this is where public private partnership needs to work.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The Cipher Brief: Your point about American companies now getting involved in the repair work, the House committee that looks at China and national security issues has been so aggressive in everything from TikTok to all these other things. Undersea cables have been around for a while. You would think it would not have taken this long to do what you just said, which is have American companies go out and do this if they're so worried about it. Any thoughts as to why?

Sanner: Somebody's got to pay for the contract to have it because I think we've just counted on the private sector to do this.

The Cipher Brief: And then the other question, are we at a stage now with this sort of thing that if the company has any ties to Beijing that one has to be worried about it?

Sanner: I do think that it's true that anything that's connected to China is bad. We know that China's inside our critical infrastructure in the United States, right? And they are there to pre-position themselves in case of war, or maybe even as a preemptive thing to prevent us from interfering in, for example, a Taiwan invasion.

So I would think that undersea cables are no different when it comes to the United States, but I think we have a broader issue of the potential of a concerted effort to cut cables around the world because there's very little we can do to prevent that except in very defined geographic areas. So NATO last year set up a working group focused on undersea cables and the protection of them. And they're working on developing systems like AI systems and remote sensing in order to monitor what's going on and also to use that sensing to track the particular ships that they think are problematic, either from the gray tankers or these cargo ships that they know are problematic. We would need to replicate that in the Pacific. And who is going to do that? We don't have a NATO in the Pacific.

And so I think that that is a real challenge for us down the line. We can't just think of this as a geographic problem that begins and ends with what connects to the United States. I keep seeing this. It's like, well, we don't care what happens in Ukraine or we don't care what happens, we're here in America. That just does not work anymore. Our geography is wonderful and it protects us from some things, but when it comes to cyber and space and undersea cables, communications, that is not enough. So we have to think globally.

Opinions expressed are those of the interviewee and do not represent the views or opinions of The Cipher Brief.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

OPINION — In 2016, I sat across the table from China’s Director of Operations for the Ministry of State Security (MSS). Their visit to Kabul was tightly scripted, speaking only from prepared documents, with translators on hand, and never deviating from the line. The meeting was part of a broader intelligence dialogue between the MSS and Afghanistan’s National Directorate of Security (NDS), which I led at the time.

Their concern was focused and unyielding: the presence of Uyghur militants affiliated with the East Turkestan Islamic Movement (ETIM) in Afghanistan. While our engagement was primarily with the Ministry of State Security (MSS)—China’s civilian intelligence service—it’s important to note that other Chinese intelligence elements were also present and active in Afghanistan. These included PLA military intelligence officers (previously known as 2PLA), operating under diplomatic cover and conducting parallel HUMINT efforts.

That engagement was just one example of how China quietly but assertively embeds intelligence influence in developing nations. While Beijing’s actions may be framed as counterterrorism cooperation or economic engagement, the deeper pattern reveals a calculated gray zone strategy—operating below the threshold of open conflict through long-term penetration and influence—which deserves close scrutiny as U.S.-China competition escalates globally.

From Economics to Intelligence in Afghanistan

In the 2000s, China’s Afghan presence was commercially driven. The $3 billion Mes Aynak copper mine contract reflected its resource-focused strategy. Intelligence collection remained passive, primarily routed through commercial and diplomatic channels.

But after 2014, Beijing’s calculus shifted. The emergence of ISIS and the growing presence of Uyghur militants in northeastern Afghanistan—particularly Badakhshan Province, which borders China’s Xinjiang region—prompted MSS to take more direct action. China feared that ETIM fighters fleeing conflict zones, often via Turkey, were regrouping near its border.

Chinese intelligence officers, including those from the MSS and the PLA’s military intelligence, expanded its footprint inside the Chinese Embassy in Kabul and began targeting local Afghan influencers—especially Members of Parliament from affected provinces. These officials were invited to “vacations” in China, where they were offered cash, hosted with care, and asked to share intelligence about their regions. Their relatives were offered scholarships and Chinese-language education. MSS leveraged these officials to target provincial governors, police commanders, and community leaders for further influence.

Subscriber+Members have exclusive access to the Open Source Collection Daily Brief, keeping you up to date on global events impacting national security. It pays to be a Subscriber+Member.

Engaging the NDS: A Partnership with Limits

Eventually, MSS sought formal engagement with the Afghan intelligence community. Initially cautious due to our close relationships with the CIA and other Western agencies, the Chinese approached both the Office of the President and senior NDS officials. High-ranking Chinese delegations, including Politburo members and MSS deputy directors, visited Kabul and opened dialogue.

Their primary interest was not in Afghanistan’s broader stability or democracy—it was in neutralizing ETIM.

In 2016, we established a joint counterterrorism unit: eight MSS officers working alongside a dozen Afghan case officers and analysts. While the collaboration was framed as mutual, Chinese officials were assertive and fixated. They would repeatedly push intelligence partners to focus on specific targets, often raising the same names in meetings with senior Afghan and even U.S. officials.

MSS offered technical support to NDS, particularly in signals intelligence (SIGINT), which comprised 80% of our raw intelligence. While this support came through MSS channels, it is likely that PLA cyber and signals units—previously known as 3PLA and now part of the PLA’s Information Support Force—were also involved behind the scenes or in an advising capacity. Our assessment found MSS prioritized learning NDS’s capabilities over improving them. We rejected offers of equipment and sensitive technical aid and kept our digital infrastructure tightly compartmentalized.

China’s intelligence architecture is multilayered. In addition to the Ministry of State Security (MSS), agencies such as the People’s Liberation Army (PLA) Intelligence Bureau of the Joint Staff Department (formerly known as 2PLA), the PLA’s Cyberspace Force and Information Support Force (formerly 3PLA), and the Political Work Department of the Central Military Commission (previously the General Political Department Liaison Office, or GPDLO) each conduct overseas intelligence, HUMINT, and influence operations—often under diplomatic, journalistic, or commercial cover. This complexity often goes unnoticed but is central to understanding China’s gray zone activities.

China’s Strategic Apathy Toward the Republic

Unlike many of Afghanistan’s partners, China demonstrated no interest in preserving the Afghan Republic. As the U.S.-Taliban peace talks advanced and President Biden’s withdrawal plan crystallized, MSS showed no concern for institutional continuity. Instead, they accelerated covert outreach to Taliban factions—replicating their northeast strategy of assistance, relationship-building, and targeted intelligence requests.

Chinese intelligence services continued to focus on ETIM. While the MSS was the primary interlocutor, other entities reportedly provided technical training and surveillance support to the Taliban’s General Directorate of Intelligence (GDI). Following the Taliban’s takeover, former Afghan SIGINT officers reported observing Chinese technicians inspecting GDI’s signals intelligence infrastructure—raising concerns about potential Chinese access to post-Republic systems. This growing alignment now extends beyond Kabul into Afghanistan’s strategic peripheries.

In Badakhshan province Chinese companies are operating mining projects in districts such as Shignan, Shahre Bozorg, Raghha, and Yaftal Payen. Presented as economic development, these projects let Chinese intelligence surveil border zones and track Uyghur militants. The mining operations likely serve dual purposes: resource extraction and the embedding of forward intelligence assets under the cover of commercial engagement.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Beyond Afghanistan: A Global Gray Zone Pattern

Afghanistan is far from an outlier. China’s intelligence and influence playbook extends broadly across the developing world, leveraging economic presence as a key tool for long-term strategic penetration in what can best be described as gray zone competition.

Pakistan offers a critical case study. Having lived there as a refugee from 1988 to 2001, I witnessed firsthand how China evolved from an economic partner to a deep intelligence and defense collaborator. Throughout the 1980s and 1990s, China steadily deepened its role in Pakistani infrastructure, defense, and nuclear development—significantly strengthening Islamabad’s strategic posture against India. This relationship has since matured into a robust intelligence and military alliance.

Chinese technologies, including surveillance platforms and drones, have reportedly been deployed in recent Indo-Pakistani confrontations—marking their first use in live regional conflict. Meanwhile, Pakistan’s heavy dependence on Chinese investment through the China-Pakistan Economic Corridor (CPEC) has facilitated deeper Chinese Intelligence entrenchment, disguised as security cooperation.

This pattern extends beyond Asia. In Africa, Huawei’s surveillance systems in countries like Uganda enable Chinese intelligence access, while in Latin America, Peru’s Chancay port conceals Chinese intelligence operations, much like Afghanistan’s mining projects. Investments often conceal surveillance and intelligence. This covert encroachment threatens state sovereignty, undermines alliances, and demands a comprehensive U.S.-led response to counter China’s gray zone strategy.

Strategic Lessons for the United States

China’s engagement with developing nations is not always adversarial. In some cases, its presence has contributed to regional forums, infrastructure development, and even security coordination. But it’s also carefully calculated. Chinese intelligence agencies do not operate randomly—they target areas of strategic concern, build long-term leverage, and prioritize influence over ideology.

The United States should avoid dismissing these efforts as mere economic opportunism. When the U.S. withdrew from Afghanistan, it left behind a vacuum that China quickly filled—not only through commercial activity, but by embedding Chinese intelligence influence inside Taliban intelligence.

This pattern is not unique to Afghanistan. Based on firsthand experience with how China operates covertly under the banner of economic engagement, it is highly likely that similar influence operations are unfolding in other countries where Chinese investment and development projects are expanding. The U.S. must take a more proactive approach—scrutinizing Chinese activities beyond just trade and tariffs—and develop a clearer understanding of how China embeds intelligence and influence networks in fragile or strategically significant nations.

America still has leverage. Hundreds of thousands of Afghans were trained through U.S. military, educational, and governance programs. This young diaspora represents a future democratic force. Rather than cede the ground, Washington should support the formation of a credible Afghan opposition—one that reflects the will of the Afghan people and preserves their connections to the democratic world.

China’s intelligence services have mastered the art of quiet influence. What starts as economic cooperation evolves into deep-rooted intelligence presence—often without the host nation fully realizing the shift. In Afghanistan and beyond, Chinese intelligence has successfully positioned itself to secure Beijing’s interests while eroding U.S. influence.

Understanding—and countering—this strategy requires not just vigilance, but a long-term investment in allies, civil society, and the information domain in the developing world.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

CIPHER BRIEF REPORTING — The Federal Communications Commission (FCC) and members of Congress are warning that China may be engaged in underwater espionage – accessing government and private-sector data that travel via the vast global network of undersea cables.

The FCC voted Thursday to accelerate the deployment of American-made submarine cable systems, and prohibit the use of technology manufactured in China in any subsea cables that reach the United States. And last month the chairs of three House committees wrote to the CEOs of Google, Meta, Microsoft, and Amazon, asking them to identify the extent to which the subsea cable systems they use are produced, maintained, or repaired by China-based firms.

In their letter to the big tech companies, the members of Congress called undersea cables “one of the most strategically significant, and increasingly vulnerable, components of the world’s digital infrastructure…powering not only global commerce and innovation but also the core operational systems of national security, intelligence, and defense,” and they warned that the cables could “become a backdoor for espionage, disruption, or exploitation of U.S. data and communications assets.”

More broadly, the undersea cable questions are the latest in a series of concerns about actions taken by Beijing to infiltrate American critical infrastructure, following cyberattacks and breaches of U.S. water systems, power grids and other networks.

“The Chinese have been grabbing big data from all forms of communication that traverse the earth, including a substantial amount of U.S. and allied data,” Rear Admiral (Ret.) Mike Studeman, a former Commander of the Office of Naval Intelligence, told The Cipher Brief. “This is not some kind of theoretical threat. This is trying to stop something that's underway.”

The potential infiltration of the undersea cable network is “a significant threat,” Nick Thompson, a former CIA paramilitary officer and Naval Special Warfare Development Group operator, told The Cipher Brief. “China has invested heavily in cable repair infrastructure, and combined with its constant nefarious maritime activity throughout the world, it’s logical to elevate the risks to the highest levels of [the U.S.] government.”

Sabotage and espionage on the ocean floor

As The Cipher Brief has reported, undersea cables have become a vast and largely unseen piece of critical global infrastructure. Roughly 650 cables cover more than 800,000 miles of ocean floor, carrying a staggering 98 percent of the world’s data – everything from e-mail traffic to military communications to an estimated $22 trillion in financial transactions processed every day.

“When you think about the capacity of those cables, it's terabytes of information versus gigabytes of information through satellites,” Rear Adm. Studeman said. “When you go through satellites, it's like drinking a glass of water in terms of the amount of data throughput. But undersea cables, it's like trying to drink a large swimming pool worth of data. And so the threat is significant…people trying to get into your communications, manipulate them, or outright disrupt them through severing and cutting.”

The U.N. estimates that between 150-200 incidents of undersea cable damage occur each year, and while most are accidents involving dredging operations, dragged anchors, or natural disasters, cables have also been targeted by saboteurs, operating in what one report called the “gray zone of deniable attacks short of war.”

Russia and China have been accused of intentionally severing cables, particularly in the Baltic Sea and the waters near Taiwan. In one of the most widely-reported cases, Taiwan said that two submarine cables leading to its island of Matsu had been cut in 2023, causing widespread internet outages. Taiwan blamed two Chinese vessels for the damage, and officials in Taipei said they had documented 27 incidents since 2018 of Chinese vessels damaging undersea cables that served the island.

China and Russia have denied tampering with any undersea cables.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The latest concerns are less about cutting cables, and more about the entities that manufacture and maintain the undersea network. More than 90 percent of the world’s subsea cables are manufactured and installed by four private firms: the American SubCom, France’s Alcatel Submarine Networks, Japan’s Nippon Electric Company and China’s HMN Technologies. According to a report by the Center for Strategic and International Studies (CSIS), HMN, formerly known as Huawei Marine Networks Co., Ltd., has been the world’s fastest-growing subsea cable builder over the past decade, and accounts for 18 % of the cables currently on the ocean floor.

HMN and the State-controlled Chinese firm S.B. Submarine Systems (SBSS) are also major players in the cable repair space – and they routinely underbid other companies for the repair work. According to CSIS, HMN Technologies’ bids for undersea cable projects are priced 20 to 30 percent lower than its rivals.

“If we rely on China for repairs, then something can be inserted in that process to tap that particular cable,” Beth Sanner, a former Deputy Director for National Intelligence at the ODNI, told The Cipher Brief. “Anytime a Chinese ship repair operation is happening…all of these companies report back to Beijing. So I consider that an absolutely high risk.”

Thompson noted that China offers an unparalleled suite of maintenance and repair services for the subsea cable networks – they have “available assets, they have the technical skill, and their services are much cheaper than Western companies,” he said. And the CSIS report warned of frequent repairs done by “high-risk vendors, some of whom are Chinese.” It found that “the overreliance on Chinese repair ships due to limited alternatives in the marketplace is another vulnerability…There are concerns that Chinese cable repair companies such as SBSS could tap undersea data streams.”

Erin Murphy, a Deputy Director at CSIS and expert on the undersea cable issue, likened the cable-repair issue to the questions any consumer might face when looking for a quick and effective fix.

“When you have a cable that needs to be repaired, you basically get in a queue to get a cable repair ship,” she told The Cipher Brief. “And sometimes it's Chinese. This doesn't mean that all Chinese ships are ready for espionage and ready for damage, but when there is a need to repair cables, you’ve got to go with the first-come, first-serve.”

Rear Adm. Studeman made the distinction between “outside-in” sabotage – the cable-cutting incidents – and “inside-out operations” that might be carried out in maintenance or repair work.

“The inside-out threat is just as significant and we need to be mindful of it,” Studeman said. Access to the cables, he said, allows U.S. adversaries to either capture data or sabotage the cables themselves.

“Part of it is about espionage and the ability to shunt information into a place where Chinese and Russian intelligence can go through it,” he said. “Even if it's encrypted, they're hoping that later on with decryption capabilities they are working on that they could end up having all this data that they can decrypt, and learn all sorts of secrets.”

Everyone needs a good nightcap. Ours happens to come in the form of a M-F newsletter that keeps you up to speed on national security. Sign up today.

What to do about the problem?

The recent congressional requests of the four tech juggernauts are essentially a probe of their exposure to undersea espionage. The letters went to those four companies for a good reason: Amazon, Google, Meta, and Microsoft own or lease roughly half of all undersea bandwidth.

The committees asked the companies to submit detailed information on the subsea cable systems they use – the companies that manufacture and maintain them, and whether any China-linked “system elements” are used in the cables. The tech firms were also asked to provide lists of entities that had been contracted to work on the cables since Jan 1, 2018, information about how they monitor the traffic of foreign-flagged vessels near the cables, and “the physical and cyber safeguards put in place by each company to protect the cables during this maintenance or repair.”

The letters referenced Russia as well, but the focus was on China. The committees requested answers by August 4, and a briefing from each company by August 8, 2025.

After the deadlines passed, a source close to the committees would say only that the tech firms had responded and that “we have meetings set up” on the issue. The Cipher Brief reached out to Meta, Microsoft, Google and Amazon for comment but we have not heard back from them.

Whatever the companies report, experts are convinced of the risks, and many have offered potential solutions. One obvious remedy would involve turning to American companies to do the maintenance and repair work. Experts have called for growth in the Cable Security Fleet program, through which Congress has funded two privately-owned U.S. ships to repair hundreds of cables that reach the U.S.

Among other ideas: Build more cables. As CSIS’s Murphy said, “It comes down to a redundancy issue. The more cables that you lay…the more redundancy you build in.” Others have suggested establishing “a cable corridor,” in which critical cables are concentrated, meaning commercial vessels know to avoid the area, and monitoring is relatively easy. The drawback is that a malign actor would presumably learn about the location of “corridor” as well.

Rear Adm. Studeman and others have suggested the use of technology to upgrade the cable network, ensuring that more undersea cables are “smart,” and equipped with sonar to detect breaks easily. He suggested that sensors be placed in cables that would detect anomalies and “indicate that somebody's up to no good.” Such anomalies might include signal distortions, latency delays, and any hints that repair work had been done in a questionable manner.

“All those things deserve to have more sensors and therefore more analysis and more awareness,” Studeman said, “because then you will know how to act appropriately to nip something in the bud, or to stop it soon after you detect it.”

Ultimately, the concerns about infiltrating undersea cables amount to one more worry for national security officials who are already concerned that China has breached a range of critical systems in the U.S.

“We know that China's inside our critical infrastructure in the United States,” Sanner said. “And they are there to pre-position themselves in case of war, or maybe even as a preemptive thing to prevent us from interfering in, for example, a Taiwan invasion. So I would think that undersea cables are no different when it comes to the United States.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.