THE KREMLIN FILES / COLUMN — Russian hybrid warfare, often referred to in the West as “gray zone” conflict, has transitioned from theoretical concept to prominent headlines, particularly following the invasion of Ukraine and the Kremlin’s campaigns of sabotage, disinformation, and targeted intelligence actions across Europe and the U.S. What defines Russian-style gray warfare, or hybrid war? What are its doctrinal roots, and how well do these foundations align with assumptions in Western security discussions? To explore these questions, this article analyzes the writings of Russian military thinkers and the views of Russian military and intelligence agencies—covering their terminology, doctrines, and their evolving grasp of non-kinetic conflict.

This is the first in a two-part series by Sean Wiswesser on Russian gray zone, or hybrid warfare

Gray zone operations in the West are generally seen as actions that influence the course of a conflict or harm an adversary without crossing into direct kinetic attacks. For Russia, at the core of the gray zone is the concept of “non-contact war” (bezkontaktnaya voina), which is part of a larger doctrinal framework under which gray warfare, also called “new generation warfare” by the Russians, falls. This is not a new concept in Russian military thinking, but it has developed over decades. By examining its evolution over the past thirty years through Russian sources and military thinkers, we can better understand how Moscow uses these concepts today—and how they influence the conflicts we may face now and in the future, enabling the U.S. and our allies to respond more effectively.

There are two main components of Russian gray warfare. Russians rarely use the term hybrid war, which exists in Russian only as a borrowed term from English. The first concept is non-contact warfare - the concept of preparing and softening the battlefield, then minimizing ground engagements for their troops whenever possible. The second concept is Russian intelligence active measures, also known as measures of support. This is also an old idea in Russian intelligence circles, but one that has been expanded and intensified in recent decades, incorporating new elements such as cyber operations and cognitive warfare.

We will briefly discuss each of these concepts below, along with Russia’s gray-zone developments up to its deployments into Ukraine in 2014. In the second part of this series, we will analyze Russia’s doctrine as it was applied in the years immediately leading up to and through the full-scale invasion of Ukraine, while also considering another key factor for Russia—their ability to evolve and adapt.

Non-Contact Warfare: Origins and Russian Military Necessities

Non-contact warfare developed from what the Russian General Staff and other military thinkers called sixth-generation warfare. The concept grew from the “reconnaissance strike complex” theory and the so-called “revolution in military affairs” at the end of the Cold War. As the Soviet Union disintegrated and the U.S. demonstrated overwhelming air power with NATO and other allies during the Persian Gulf war, former Soviet and Russian generals were not fools. They understood they could not keep pace with the new advancements in air warfare and the technological edge of NATO weapons systems.

Russian General Staff thinkers recognized that the Russian Air Force could not match TTPs (techniques, tactics, and procedures), the number of pilot training hours, or the advanced systems that the U.S. and NATO could field, especially given their significantly reduced military budget following the Soviet Union's collapse. This operational shortfall was further emphasized by the targeted bombing campaigns and overwhelming force deployed by U.S./NATO forces in the Balkan campaigns of the mid-1990s.

Need a daily dose of reality on national and global security issues? Subscribe to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

In short, Russian military planners recognized they could not keep pace. NATO airpower and the reach of the alliance into all sorts of regions and conflict zones posed a significant challenge for the Russian military and its intelligence services. One of the lessons they understood was that massed tank formations alone would not win wars in the 21st century. Throughout the 1990s and into the early 2000s, several important writings were produced by prominent Russian general staff figures, such as Generals Slipchenko and Gareev, as well as the future Chief of Staff of the Russian military and currently the commander of the Russian forces in the Ukraine war, Valeriy Gerasimov.

Slipchenko is credited in Russia with coining the phrase “sixth generation warfare” more than twenty years ago. According to Slipchenko, this new form of warfare signified a shift from nuclear-based conflict (which he called “fifth generation”) toward information-enabled, precision-strike, so-called non-contact wars (he authored a book with that same title). These wars would be fought at a distance, relying on airpower, command, control, intelligence, surveillance, reconnaissance (C4ISR), and long-range precision strikes, rather than large ground forces. He and Gareev published a book in Russia in 2004 titled On Future Wars, which became influential in many Russian military circles. In this work, Slipchenko and Gareev emphasized the importance of studying non-contact warfare and firmly stated that Russia must adapt to it, or else “Russia would not survive.”

During that same period, Russia’s Air Force struggled significantly in the 1990s and 2000s to adopt precision-guided munitions (PGMs). Russia never fully integrated them or appropriately trained them on their use, which was evident in its prolonged conflicts with Chechen separatists. Most ground-attack operations during that period, from the mid to late 1990s, relied on “dumb bombs” and massed artillery on the battlefield. This resulted in the Russian air force’s poor performance in the 2008 Georgian conflict, when an outmanned Georgian military embarrassingly shot down several Russian fighter-bombers.

In the summer of 2008, responding to Georgia launching an incursion to retake South Ossetia, Russia responded with overwhelming force, sending an entire army to occupy swaths of Abkhazia, Ossetia, and also northern Georgia from Poti to Gori and the edges of Tbilisi. But while their force ratios led to quick success on the ground, the Russian air force did not perform as well in the air. In addition to air losses to ground-based air defense and friendly fire, Russian precision strikes did not go off as planned. Russia’s performance could be summed up as ineffective from the air. They were not able to project over-the-horizon warfare in the ways that Russian military planners had envisioned for non-contact war.

The first widespread and successful use of Russian PGMs would come still later, mostly during Russia’s involvement in Syria, where Russian squadrons were rotated for training and gained exposure to actual combat. Before that, many pilots had not experienced any combat outside of Chechnya.

Russia’s Air Force underwent a series of reforms due to these failures. It was reorganized and renamed the Russian Aerospace Forces (the VKS) in 2015 as a result of many of these reforms, or what were claimed to be reforms. When the full-scale invasion happened in 2022, Russia’s VKS, like much of its military, was still trying to evolve from its targeted reforms and these earlier developmental challenges. They attempted a limited shock-and-awe offensive but failed miserably in areas such as battle damage assessment and other key aspects of a true air campaign (the second article in this series will touch on these issues in more detail).

However, military reforms and adaptations in the Russian Air Force were not meant to stand alone. Russian kinetic actions were intended to be supported by other elements in non-contact warfare, aimed at softening the battlefield and undermining an adversary’s ability to fight. Prominent among these were active measures focused on information operations.

Active Measures, Measures of Support, and Non-state Actors

Returning to Russian arms doctrine, Slipchenko and other figures on the General Staff argued that, in the post–Cold War world, especially after observing the 1991 Gulf War and the dominance of US airpower, massing military forces was no longer effective. The world saw how Saddam’s large army, with thousands of tanks and armored vehicles, was destroyed from the air. Slipchenko claimed that future wars will focus on disrupting enemy systems, including military, economic, social, and other so-called “information means.”

This was not a new concept for Russia and its intelligence agencies—the FSB, GRU, and SVR (collectively the Russian intelligence services or RIS). The RIS would play a key role by using a well-known Russian technique—active measures, or as the RIS calls them today, measures of support. These tactics aim to weaken the enemy's ability to fight through malign influence, political interference, and disinformation. The Russians use state agencies and means, like their intelligence services, but also so-called non-state actors, like organized crime, private mercenaries, hacker groups, and many others, to carry out these and other hybrid actions as proxies.

The doctrinal approach of gray war, or new generation warfare, was gaining attention in Russia just as Putin's reign started. His rule coincided with the growing influence of the RIS within the government. It was natural for the RIS to take on roles the military was not equipped to perform, and Putin was quick to authorize them. One of the first tests for their active measures and gray war was Russia’s brief war with Georgia in 2008. As noted above, and while their military’s performance was mixed, their intelligence services were very active in the information arena. Russia flooded international media with its version of events. Their still-growing “RTV” news network promoted stories of atrocities they claimed were committed by the Georgian military. Europe and the U.S. were caught off guard and unprepared by the conflict; there was little to no meaningful response to Russia’s military actions, and no high costs or reprisals. It was a lesson Russia would remember.

After Georgia in 2008, while reforms were introduced in the air force in particular, the doctrinal debates continued. Building on Slipchenko’s ideas, writers from the General Staff, such as General Chekinov and General Bogdanov, further developed the doctrine they called “new-generation warfare.” Their work emphasized scripted roles in conflict for the information-psychological struggle, subversion, and cyber operations, while traditional large-scale combat operations became, by comparison, less prominent.

In 2013, the current Russian Chief of Staff, Valeriy Gerasimov, gave a speech in which he also advocated for a constant “second front” of information operations against Russia’s enemies to weaken their ability to wage war. This speech and a later article became known in some circles in the West as the “Gerasimov doctrine,” although it was never officially called that in Russia.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Gerasimov’s speech and article focused on shifting Russia's attention to countering the so-called “color revolutions” that occurred in the first decade of this century in Ukraine, Georgia, and Kyrgyzstan. They were, and still are, viewed as a direct threat to Russia’s national security and to Putin’s dictatorship. Russia cannot tolerate functioning democracies and freedom on its borders.

By combining Gerasimov’s contributions with those of Slipchenko, Gareev, and others, the Russian military developed a concept of non-contact warfare that planned for long-range strikes executed after weakening the enemy through non-kinetic means. They de-emphasized large ground formations because, according to the theory, they should not be necessary. Russian measures of support are designed to weaken an adversary through disinformation, misinformation, malign influence on politics, and other methods. This would become the battle plan the Russians would attempt to implement in Ukraine in 2014 (and again, with adjustments, in 2022).

As cyber has taken a greater role in society and the mass media, the Russian grey zone approach has also increasingly included RIS cyber operations and online media manipulation to support “reflexive control,” an old Russian intelligence concept from the 1960s. The term reflects the notion of influencing an adversary to act in a desired way without the enemy’s awareness. Gerasimov and the military, along with leaders of the RIS, knew from Russia’s poor performance in Georgia that they were not ready for war with NATO or any strong peer-level adversary. They needed help to weaken any adversary with a capable armed force before actual war.

Syria and Ukraine would be the new testing grounds for this concept in practice, with a heavy reliance on the intelligence services to help prepare the battlefield before and through the military’s engagement. Their perceived successes in both theaters would, over time, convince the Russian intelligence services, its military, and most importantly, President Putin that Russia was ready for a much larger task— an attack on and seizure of the entire territory of Ukraine.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

DEEP DIVE — In the darkness of night on November 15, a massive explosion ripped through a stretch of the Warsaw-Lublin railway line close to Mika, Poland, severing a critical logistics route used to ship military equipment and aid eastward from Warsaw toward the Ukrainian border.

The blast, caused by a C-4 explosive device, damaged the tracks and a passing freight train’s wagon floor, halting rail traffic and sending ripples of alarm through Poland, one of Ukraine’s staunchest allies.

Polish authorities quickly confirmed sabotage, charging three Ukrainian nationals — Oleksandr K., Yevhenii I., and Volodymyr B. — with executing the plot under Russian direction. The incident was not a lone act but part of a growing wave of covert operations targeting railways, ports, and pipelines across Europe, aimed at undermining support for Kyiv.

Ivana Stradner, a research fellow at the Foundation for Defense of Democracies, characterizes these actions to The Cipher Brief as Russia “waging a long, low-cost pressure campaign that targets not only the battlefield but everyday life across EU countries.”

Polish prosecutors outlined the operation’s chilling precision. In September 2025, Volodymyr B., arrested on November 20 and charged on November 22, drove Yevhenii I. to the sabotage site for reconnaissance, enabling the selection of the explosive placement. Oleksandr K. and Yevhenii I., the primary perpetrators acting on behalf of Russian intelligence, planted the device and a metal clamp intended to derail a train, then fled to Belarus, where Poland’s extradition requests remain pending.

Immediately following the attack, Foreign Minister Radoslaw Sikorski characterized it as “state terror.” Warsaw closed Russia’s last consulate in Gdansk, and thousands of soldiers were deployed nationwide to protect critical infrastructure. The Kremlin, nonetheless, rebuffed the accusations as “Russophobia” and vowed to retaliate by severing Polish diplomatic ties. This exchange of moves points, however, to a larger trend: the use of subtle, sophisticated attacks aimed at crippling Ukraine’s supply lines without triggering a full-blown escalation.

Proxies in the Shadows: Recruiting the Unwitting

Moscow’s strategy for sabotage is built on proxies, using local citizens and displaced people to carry out attacks and maintain Russia’s plausible deniability. The situation in Poland is particularly disturbing, where the involvement of Ukrainian nationals exposes an aggressive recruitment campaign aimed at vulnerable youth from their war-torn home country. Ukrainian security services have documented a sharp rise, reporting that Russian operatives have entrapped over 170 minors in the last 18 months, often luring them through Telegram channels disguised as job boards or casual chats.

The recruitment base consists of migrants from Eastern Europe and Russian-speaking citizens of countries where the sabotage operations are carried out. They are often individuals with criminal histories or financial problems. What begins as innocuous tasks — snapping photos of buildings or mailing postcards — escalates to planting bombs or torching vehicles, often with payments that seem too good to refuse.

Head of Ukraine’s National Police Juvenile Prevention Department, Vasyl Bohdan, described the ploy’s subtlety: “For the most part, the children don’t understand what is happening, or that it’s very serious.” Experts note that Russian operatives often begin by masquerading as sympathetic figures to build trust with their targets. Once the relationship is established, they leverage compromising material to secure compliance through blackmail. In one recent instance in Ivano-Frankivsk, two teenagers were promised $1700 each and thus embedded a device that detonated remotely, killing one and maiming the other.

“Russia’s intelligence services use Ukrainians inside NATO states because it blurs the political story and creates deniability, especially since many recruits are young, economically vulnerable, and have no prior ideological profile,” Natalya Goldschmidt, CEO of Lightning Associates LLC, a strategic geopolitical consulting firm focusing on Russia, Eurasia, and Latin America, tells The Cipher Brief. “Most of the initial interactions now happen through encrypted apps and seemingly low‑stakes’ tasks, such as taking photos of infrastructure, moving small packages, or counting vehicles, which makes these pipelines hard to spot before an operation moves from reconnaissance to action."

Ukraine’s countermeasures have gained traction, with police and NGOs flooding schools and camps with warnings, partnering with celebrities like boxer Oleksandr Usyk to drill home the dangers. Reports of attempted recruitments have surged to 74 this year, and successful cases have plummeted, as Bohdan noted: the number of successful child recruitment cases has decreased “exponentially over the past year.”

According to Goldschmidt, Moscow’s hybrid operations and cognitive warfare are most effective against a Europe already fragmented by domestic political crises, economic fatigue, and unresolved debates over migration and identity.

“The most worrying escalation over the next year or so is not one spectacular act, but a carefully timed cluster of incidents that together amount to a strategic shock: rail disruptions and warehouse fires at a critical moment for aid to Ukraine, damage to energy or data links in Northern Europe, and Russian drones killing or seriously injuring someone on NATO territory, all wrapped in enough ambiguity to delay a unified response,” she cautioned.

This proxy model extends well into Europe.

In October, Romanian intelligence smashed a parallel operation by arresting two Ukrainian citizens. The pair had smuggled bomb components — incendiary devices disguised in car parts and headphones — into Bucharest, targeting the Nova Post headquarters, a Ukrainian courier firm moving vital aid. In addition to thermite and barium nitrate, the packages included counter-surveillance measures, exhibiting classic Russian tradecraft. According to investigators, the duo is part of a wider network acting under Moscow’s direction, which has allegedly targeted Nova Post sites in Poland and elsewhere.

The threat became clearer that same week when Poland detained eight suspects tied to planned infrastructure attacks. Officials in Europe attribute these coordinated operations to Russian elite formations, notably GRU Unit 29155. General Andrei Averyanov leads the unit and is part of a dedicated sabotage hub under General Vladimir Alekseev, which marshals over 20,000 Spetsnaz operatives.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Hybrid Echoes: Testing the Article 5 Threshold

The sabotage wave laps at diverse shores, blending old-school explosives with cutting-edge disruptions to fray Europe’s logistical sinews.

There have been several cases of undersea fibre cable damage or destruction in the Baltic under murky circumstances, prompting high-level investigations. From Germany to the Nordic states, prosecutors and security services have reported a pattern of suspected sabotage in fires and parcel-incendiary incidents that have scorched logistics hubs and defense manufacturing sites.

At the same time, GPS and navigation jamming across the Baltic and northeastern Europe has surged — European ministers and national regulators report daily interference that has disrupted flights and aviation operations, and they warn of substantial economic impacts. In September, mass drone overflights and cross-border incursions, including a large wave of drones into Poland and a 19-September violation of Estonian airspace by MiG-31s, prompted NATO consultations and temporary airport closures in the region.

These disruptions, while seemingly tactical, tie directly into a broader strategic calculus aimed at testing NATO’s unity and response mechanisms.

The strategic heart of the issue is NATO’s collective defense clause. Stradner also notes that, “Vladimir Putin has been candid about his desire to discredit NATO’s Article 5 in which members pledge to treat an attack against one ally as an attack against all.” She argues that because Putin, “Trained as a KGB operative, is well versed in so-called ‘active measures,’” his goal is to challenge the alliance.

Alexander Graef, Senior Policy Fellow at the European Leadership Network, however, contends to The Cipher Brief that “the actual impact of these sabotage acts on the flow of aid to Ukraine remains extremely limited.”

In his view, the activities are primarily aimed “less at disrupting logistics than at influencing public opinion in Western societies by trying to convince voters that further support for Ukraine carries unacceptable risks.” He stresses that this strategy “rests on a misreading of Western threat perceptions,” as such actions tend to “reinforce the opposite conclusion: that Russia is a growing danger and that support for Ukraine, as well as investment in defense, must increase further.”

“The Article 5 threshold remains deliberately high. Invoking it requires consensus within the North Atlantic Council. It is hard to imagine such agreement emerging in response to low-level sabotage, ambiguous incidents, or non-lethal disruptions,” Graef said. Therefore, Moscow does indeed appear to be “calibrating its operations to stay well below that line. Still, it is not achieving its intended political effects.”

George Barros, Russia Team & Geospatial Intelligence Team Lead at the Institute for the Study of War, concurs to The Cipher Brief that Russia is “boiling the frog and NATO member states have so far elected to not treat Russian acts of war against them as they truly are.”

“Russia has already passed the threshold with its sabotage actions, manned aircraft airspace incursions, and missiles entering the airspace of Poland and Romania. Russia seeks to normalize this activity so that NATO de facto approves a new normal, in which case we don’t treat Russian acts of war seriously,” he noted. “The West has far too long allowed Russia to operate against us with relative impunity. The West must seize the strategic initiative from Russia and begin imposing dilemmas on Russia.”

Yet even as these operations escalate, analysts say Russia is careful to keep them calibrated just below the line that would trigger NATO’s collective-defense clause.

The problem with Article 5, as experts observe, is that the ‘hybrid’ qualities of ambiguity and deniability – which, it is feared, Russia would manipulate to come close to the Article 5 threshold without reaching it – can paralyze the institutional and political mechanisms of collective defense.

“Putin does this all the time. It’s the same pattern — gray-zone hybrid operations run out of the GRU,” former CIA station chief Daniel Hoffman, tells The Cipher Brief. “Operating against enemies on foreign soil with impunity and facing no repercussions. They’re sending a message.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Fortifying the Front: Europe’s Counteroffensive

While concerns over Russian interference deepen, Europe tries to fortify its infrastructure. In response to September’s airspace breaches, EU defense ministers accelerated deployment of a “drone wall” along the eastern flank.

To harden against airspace violations, Graef advises that measures must be tailored, noting that while airspace violations require increased internal coordination, harmonized rules of engagement, and improved information sharing, sabotage is primarily the responsibility of “police, counterintelligence services, and judicial authorities.”

He maintains that if Russia’s objective is to weaken European support, then “demonstrating political unity is in itself an important countermeasure.”

Maksym Skrypchenko, nonresident scholar in the Russia Eurasia Program, points out that, from Kyiv’s purview, European governments’ measures to protect infrastructure are catastrophically insufficient.

“Russia is several steps ahead, while Europe is acting reactively rather than proactively. Russian embassies remain operational, and Russian tourists continue to travel, which is being exploited not only for information gathering and influence operations but also for sabotage,” he tells The Cipher Brief. “European countries need to start with basic steps: acknowledge that they have a single major threat. Once this acknowledgment happens, the next step should be decisive action – ceasing the purchase of Russian energy resources, blocking Russia’s shadow fleet, expelling Russian diplomat-spies, strengthening infrastructure protection, and investing in acquiring Ukrainian anti-drone systems, to name a few.”

While some analysts discuss limited, deniable counter-sabotage in response, Graef warns that “such activities carry significant risks.”

“They can easily fuel an action–reaction cycle without generating meaningful deterrent effects,” he asserted, highlighting that the focus should remain on strengthening resilience, improving attribution, and coordinating clear response thresholds rather than “entering a covert tit-for-tat that neither deters nor stabilizes.

In the face of this persistent, multi-layered threat, Stradner believes the ultimate answer lies in deterrence through strength.

“We should not fear escalations as kindness is weakness for Putin, and he only understands the language of power,” she noted, underscoring that the consequences of continued inaction and ambiguity in the face of Moscow’s “new generation warfare.”

“Until NATO resolves the lack of clarity regarding Article 5’s threshold for acts of aggression warranting collective defense, Russia will continue to sabotage without the consequences of all-out war, and the Western response to this hybrid war will remain reactive and insufficient,” Stradner added.

U.S. focus on IW and its subset, cognitive warfare, has been erratic. The U.S. struggles with adapting its plans to the use of cognitive warfare while our leaders have consistently called for more expertise for this type of warfare. In 1962, President Kennedy challenged West Point graduates to understand: "another type of war, new in its intensity, ancient in its origin, that would require a whole new kind of strategy, a wholly different kind of force, forces which are too unconventional to be called conventional forces…" Over twenty years later, in 1987, Congress passed the Nunn-Cohen Amendment that established Special Operations Command (SOCOM) and the Defense Department’s Special Operations and Low-Intensity Conflict (SO/LIC) office. Another twenty years later, then Secretary of Defense Robert Gates said that DoD needed “to display a mastery of irregular warfare comparable to that which we possess in conventional combat.”

After twenty years of best practices of IW in the counter terrorism area, the 2020 Irregular Warfare Annex to the National Defense Strategy emphasized the need to institutionalize irregular warfare “as a core competency with sufficient, enduring capabilities to advance national security objectives across the spectrum of competition and conflict.” In December 2022, a RAND commentary pointed out that the U.S. military failed to master IW above the tactical level. I submit, we have failed because we have focused on technology at the expense of expertise and creativity, and that we need to balance technology with developing a workforce that thinks in a way that is different from the engineers and scientists that create our weapons and collection systems.

Adversaries Ahead of Us

IW and especially cognitive warfare is high risk and by definition uses manipulative practices to obtain results. Some policy leaders are hesitant to use this approach to develop influence strategies which has resulted in the slow development of tools and strategies to counter our adversaries. U.S. adversaries are experts at IW and do not have many of the political, legal, or oversight hurdles that U.S. IW specialists have.

Chinese military writings highlight the PRC’s use of what we would call IW in the three warfares. This involves using public opinion, legal warfare, and psychological operations to spread positive views of China and influence foreign governments in ways favorable to China. General Wang Haijiang, commander of the People's Liberation Army's (PLA) Western Theatre Command, wrote in an official People’s Republic of China (PRC) newspaper that the Ukraine war has produced a new era of hybrid warfare, intertwining “political warfare, financial warfare, technological warfare, cyber warfare, and cognitive warfare.” The PRC’s Belt and Road Initiative and Digital Silk Road are prime examples of using economic coercion as irregular warfare. Their Confucius Centers underscore how they are trying to influence foreign populations through language and cultural training.

Russia uses IW to attempt to ensure the battle is won before military operations begin and to enhance its conventional forces. Russia calls this hybrid war and we saw this with the use of “little green men” going into Crimea in 2014 and the use of the paramilitary Wagner forces around the world. Russia also has waged a disinformation campaign against the U.S. on digital platforms and even conducted assassinations and sabotage on foreign soil as ways to mold the battle space toward their goals.

What Is Needed

U.S. architects of IW seem to primarily focus on oversight structures and budget, and less on how to develop an enduring capability.

Through the counterterrorism fight, the U.S. learned how to use on-the-ground specialists, develop relationships at tribal levels, and understand cultures to influence the population. The U.S. has the tools and the lessons learned that would enable a more level playing field against its adversaries, but it is not putting enough emphasis on cognitive warfare. A key to the way forward is to develop SOF personnel and commensurate intelligence professionals to support the SOF community who understand the people, the geography, and the societies they are trying to influence and affect. We then must go further and reward creativity and cunning in developing cognitive warfare strategies.

The Department of Defense and the intelligence community have flirted with the need for expertise in the human domain or social cultural sphere for years. The Department of Defense put millions of dollars into socio cultural work in the 2015-time frame. This focus went away as we started concentrating more on near peer competition. Instead, we focused on technology, better weapons and more complex collection platforms as a way to compete with these adversaries. We even looked to cut Human Intelligence (HUMINT) to move toward what some call a lower risk approach to collection—using technology instead of humans.

SOF personnel are considered the military’s most creative members. They are chosen for their ability to adapt, blend in, and think outside the box. This ingenuity needs to be encouraged. We need a mindful balancing of oversight without stifling that uniqueness that makes IW so successful. While some of this creativity may come naturally, we need to ensure that we put in place training that speaks to inventiveness, that pulls out these members’ ability to think through the impossible. Focused military classes across the services must build on latest practices for underscoring creativity and out of the box thinking. This entrepreneurial approach is not typically rewarded in a military that is focused on planning, rehearsals, and more planning.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

Focusing on Intelligence and Irregular Warfare

An important part of the equation for irregular warfare is intelligence. This foundation for irregular warfare work is often left out in the examination of what is needed for the U.S. to move IW forward. In the SOF world, operators and intelligence professionals overlap more than in any other military space. Intelligence officers who support IW need to have the same creative mindset as the operators. They also need to be experts in their regional areas—just like the SOF personnel.

The intelligence community’s approach to personnel over the past twenty or so years works against support for IW. Since the fall of the Soviet Union, the intelligence community has moved from an expertise-based system to one that is more focused on processes. We used to have deep experts on all aspects of the adversary—analysts or collectors who had spent years focused on knowing everything about one foreign leader or one aspect of a country’s industry and with a deep knowledge of the language and culture of that country. With many more adversaries and with collection platforms that are much more expensive than those developed in the early days of the intelligence community, we cannot afford the detailed expert of yore anymore. The current premise is that if you know the processes for writing a good analytical piece or for being a good case officer, the community can plug and play you in any context. This means, we have put a premium on process while neglecting expertise. As with all things—we need to balance these two important aspects of intelligence work.

To truly understand and use IW, we need to develop expert regional analysts and human intelligence personnel. Those individuals who understand the human domain that they are studying. We need to understand how the enemy thinks to be able to provide that precision to the operator. This insight comes only after years of studying the adversary. We need to reward those experts and celebrate them just as much as we do the adaptable plug and play analyst or human intelligence personnel. Individuals who speak and understand the nuances of the languages of our adversaries, who understand the cultures and patterns of life are the SOF member’s best tool for advancing competition in IW. Developing this workforce must be a first thought, not an afterthought in the development of our irregular warfare doctrine.

CIA Director William Casey testified before Congress in 1981:

“The wrong picture is not worth a thousand words. No photo, no electronic impulse can substitute for direct on the scene knowledge of the key factors in a given country or region. No matter how spectacular a photo may be it cannot reveal enough about plans, intentions, internal political dynamics, economics, etc. Technical collection is of little help in the most difficult problem of all—political intentions. This is where clandestine human intelligence can make a difference.”

Not only are analytical experts important in support of IW but so are HUMINT experts. We have focused on technology to fill intelligence gaps to the detriment of human intelligence. The Defense Intelligence enterprise has looked for ways to cut its HUMINT capability when we should be increasing our use of HUMINT collection and HUMINT enabled intelligence activities. In 2020, Defense One reported on a Defense Intelligence Agency (DIA) plan to cut U.S. defense attaches in several West African countries and downgrade the ranks of others in eight countries. Many advocate for taking humans out of the loop as much as possible. The theory is that this lowers the risk for human capture or leaks. As any regional expert will tell you, while satellites and drones can provide an incredible amount of intelligence from pictures to bits of conversation, what they cannot provide is the context for those pictures or snippets of conversation. As Director Casey inferred, it is only the expert who has lived on the ground, among the people he/she is reporting on who can truly grasp nuances, understanding local contexts, allegiances, and sentiments.

While it is important to continue to upgrade technology and have specialists who fly drones and perform other data functions, those functions must be fused with human understanding of the adversary and the terrain. While algorithms can sift through vast amounts of data, human operatives and analysts ensure the contextual relevance of this data. Technologies cannot report on the nuances of feelings and emotions. The regional experts equip SOF operators with the nuanced understanding required to navigate the complexities that make up the “prior to bang” playing field. This expertise married with cunning and creativity will give us the tools we need to combat our adversary in the cognitive warfare domain.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Conclusion

The need for contextual, human-centric understanding for being able to develop plans and operations for cognitive warfare that can compete with our adversaries and keep us from a kinetic fight is paramount. Those who try to make warfare or intelligence into a science miss the truth, that to be proficient in either, art is a must. We need expertise to be able to decipher the stories, motives, and aspirations that make cognitive warfare unique. Regional intelligence experts discern the patterns, motives and vulnerabilities of adversaries; key needs for developing IW campaigns and for influencing individuals and societies. We need seasoned human intelligence personnel, targeters, and analysts who are experts on the adversary to be able to do this. We also need to develop and reward creativity, which is a must for this world.

We also have to be upfront and acknowledge the need to manipulate our adversaries. U.S. decision makers must concede that to win the next war, cognitive warfare is a must and it is essential for these leaders to take calculated risks to mount those campaigns to influence and manipulate.

The cost of cognitive warfare is but a rounding error when compared to the development of new technical intelligence collection platforms and the platforms’ massive infrastructures. This rounding error is a key lynchpin for irregular warfare and irregular warfare is our most likely avenue for avoiding a kinetic war. Human operatives, out of the box thinking, and expert analysts and human intelligence personnel are the needed bridges that connect data into actionable insights to allow our SOF community to practice the type of irregular warfare we have proven historically that the U.S..S. can provide and must provide to counter our adversaries and win the cognitive war we are currently experiencing.

Who’s Reading this? More than 500K of the most influential national security experts in the world. Need full access to what the Experts are reading?

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

DEEP DIVE — When Secret Service agents swept into an inconspicuous building near the United Nations General Assembly late last month, they weren’t tracking guns or explosives. Instead, they dismantled a clandestine telecommunications hub that investigators say was capable of crippling cellular networks and concealing hostile communications.

According to federal officials, the operation seized more than 300 devices tied to roughly 100,000 SIM cards — an arsenal of network-manipulating tools that could disrupt the cellular backbone of New York City at a moment of geopolitical tension. The discovery, officials stressed, was not just a one-off bust but a warning sign of a much broader national security vulnerability.

The devices were designed to create what experts call a “SIM farm,” an industrial-scale operation where hundreds or thousands of SIM cards can be manipulated simultaneously. These setups are typically associated with financial fraud or bulk messaging scams. Still, the Secret Service warned that they can also be used to flood telecom networks, disable cell towers, and obscure the origin of communications.

In the shadow of the UN, where global leaders convene and security tensions are high, the proximity of such a system raised immediate questions about intent, attribution, and preparedness.

“(SIM farms) could jam cell and text services, block emergency calls, target first responders with fake messages, spread disinformation, or steal login codes,” Jake Braun, Executive Director of the Cyber Policy Initiative at the University of Chicago and former White House Acting Principal Deputy National Cyber Director, tells The Cipher Brief. “In short, they could cripple communications just when they’re needed most.”

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

How SIM Farms Work

At their core, SIM farms exploit the fundamental architecture of mobile networks. Each SIM card represents a unique identity on the global communications grid. By cycling through SIMs at high speed, operators can generate massive volumes of calls, texts, or data requests that overwhelm cellular infrastructure. Such floods can mimic the effects of a distributed denial-of-service (DDoS) attack, except the assault comes through legitimate carrier channels rather than obvious malicious traffic.

“SIM farms are essentially racks of modems that cycle through thousands of SIM cards,” Dave Chronister, CEO of Parameter Security, tells The Cipher Brief. “Operators constantly swap SIM cards and device identifiers so traffic appears spread out rather than coming from a single source.”

That makes them extremely difficult to detect.

“They can mimic legitimate business texts and calls, hide behind residential internet connections, or scatter equipment across ordinary locations so there’s no single, obvious signal to flag,” Chronister continued. “Because SIM farms make it hard to tie a number back to a real person, they’re useful to drug cartels, human-trafficking rings and other organized crime, and the same concealment features could also be attractive to terrorists.”

That ability to blend in, experts highlight, is what makes SIM farms more than just a criminal nuisance.

While SIM farms may initially be used for financial fraud, their architecture can be easily repurposed for coordinated cyber-physical attacks. That dual-use nature makes them especially appealing to both transnational criminal groups and state-backed intelligence services.

Who Might Be Behind It?

The Secret Service, however, has not publicly attributed the network near the UN to any specific individual or entity. Investigators are weighing several possibilities: a transnational fraud ring exploiting the chaos of UN week to run large-scale scams, or a more concerning scenario where a state-backed group positioned the SIM farm as a contingency tool for disrupting communications in New York.

Officials noted that the operation’s sophistication suggested it was not a low-level criminal endeavor. The hardware was capable of sustained operations against multiple carriers, and its sheer scale — 100,000 SIM cards — far exceeded the typical scale of fraud schemes. That raised the specter of hostile governments probing U.S. vulnerabilities ahead of potential hybrid conflict scenarios.

Analysts note that Russia, China, and Iran have all been implicated in blending criminal infrastructure with state-directed cyber operations. Yet, these setups serve both criminals and nation-states, and attribution requires more details than are publicly available.

“Criminal groups use SIM farms to make money with scams and spam,” said Braun. “State actors can use them on a bigger scale to spy, spread disinformation, or disrupt communications — and sometimes they piggyback on criminal networks.”

One source in the U.S. intelligence community, who spoke on background, described that overlap as “hybrid infrastructure by design.”

“It can sit dormant as a criminal enterprise for years until a foreign government needs it. That’s what makes it so insidious,” the source tells The Cipher Brief.

From Chronister’s purview, the “likely explanation is that it’s a sophisticated criminal enterprise.”

“SIM-farm infrastructure is commonly run for profit and can be rented or resold. However, the criminal ecosystem is fluid: nation-states, terrorist groups, or hybrid actors can and do co-opt criminal capabilities when it suits them, and some state-linked groups cultivate close ties with criminal networks,” he said.

The Broader National Security Blind Spot

The incident during the United Nations General Assembly also underscores a growing blind spot in U.S. protective intelligence: telecommunications networks as contested terrain. For decades, federal resources have focused heavily on cybersecurity, counterterrorism, and physical threats. At the same time, the connective tissue of modern communications has often been treated as a commercial domain, monitored by carriers rather than security agencies.

The Midtown bust suggests that assumption no longer holds. The Secret Service itself framed the incident as a wake-up call.

“The potential for disruption to our country’s telecommunications posed by this network of devices cannot be overstated,” stated U.S. Secret Service Director Sean Curran. “The U.S. Secret Service’s protective mission is all about prevention, and this investigation makes it clear to potential bad actors that imminent threats to our protectees will be immediately investigated, tracked down and dismantled.”

However, experts warn that U.S. defenses remain fragmented. Carriers focus on fraud prevention, intelligence agencies monitor foreign adversaries, and law enforcement investigates domestic crime. The seams between those missions are precisely where SIM farms thrive.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Hybrid Warfare and the Next Front Line

The rise of SIM farms reflects the evolution of hybrid warfare, where the boundary between criminal activity and state action blurs, and adversaries exploit commercial infrastructure as a means of attack. Just as ransomware gangs can moonlight as proxies for hostile intelligence services, telecom fraud networks may double as latent disruption tools for foreign adversaries.

Additionally, the threat mirrors patterns observed abroad. In Ukraine, officials have reported Russian operations targeting cellular networks to disrupt battlefield communications and sow panic among civilians. In parts of Africa and Southeast Asia, SIM farms have been linked to both organized crime syndicates and intelligence-linked influence campaigns.

That same playbook, experts caution, could be devastating if applied in the heart of a global city.

“If activated during a crisis, such networks could flood phone lines, including 911 and embassy hotlines, to sow confusion and delay coordination. They can also blast fake alerts or disinformation to trigger panic or misdirect first responders, making it much harder for authorities to manage an already volatile situation,” Chronister said. “Because these setups are relatively cheap and scalable, they are an inexpensive but effective way to complicate emergency response, government decision-making, and even protective details.”

Looking Ahead

The dismantling of the clandestine telecom network in New York may have prevented an imminent crisis, but experts caution that it is unlikely to be the last of its kind. SIM farms are inexpensive to set up, scalable across borders, and often hidden in plain sight. They represent a convergence of cyber, criminal, and national security threats that the U.S. is only beginning to treat as a unified challenge.

When it comes to what needs to be done next, Braun emphasized the importance of “improving information sharing between carriers and government, investing in better tools to spot hidden farms, and moving away from SMS for sensitive logins.”

“Treat SIM farms as a national security threat, not just telecom fraud. Limit access to SIM farm hardware and punish abuse. Help smaller carriers strengthen defenses,” he continued. “And streamline legal steps so takedowns happen faster.”

Chronister acknowledged that while “carriers are much better than they were five or ten years ago, as they’ve invested in spam filtering and fraud analytics, attackers can still get through when they rotate SIMs quickly, use eSIM provisioning, or spread activity across jurisdictions.”

“Law enforcement and intelligence have powerful tools, but legal, technical, and cross-border constraints mean detection often outpaces confident attribution and rapid takedown. Make it harder to buy and cycle through SIMs in bulk and strengthen identity verification for phone numbers,” he added. “Require faster, real-time information-sharing between carriers and government during traffic spikes, improve authentication for public alerts, and run regular stress-tests and red-team exercises against telecom infrastructure. Finally, build joint takedown and mutual-assistance arrangements with allies so attackers can’t simply reconstitute operations in another country.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

EXPERT PERSPECTIVE — In 1943, a body washed up on a beach in Huelva, Spain. It was the body of a Royal Marine officer, Major William Martin. Martin was carrying papers, cuffed to his wrist in a briefcase, suggesting that the Allies would invade Greece and Sardinia, not Sicily. Spain was officially neutral, but a few Spanish officials sympathetic to the Nazis allowed German agents to discreetly photograph the documents before Spain quietly passed the documents to the British. Those British officials appeared to be in a state of panic over the lost briefcase.

Would this opportunistic espionage expose a critical Allied operation? In reality, Major William Martin never existed. The body was that of Glyndwr (“Glendure”) Michael, a Welsh drifter who died from consuming rat poison. You probably recognize this as Operation Mincemeat. British intelligence developed this incredible ruse, with American approval, and painstakingly developed a plan for the body to wash up near Huelva Spain and provided background and a personal story for Michael that allowed the body to pass convincingly as a Royal Martine officer who perished at sea while delivering sensitive documents.

The Germans took the bait. Convinced by this fabricated narrative, Hitler diverted significant forces away from Sicily. When the Allies landed in Sicily, they encountered far less resistance than expected, saving countless lives and accelerating the collapse of Axis defenses in southern Europe.

Beyond innovation and sheer audacity, this was a master class in story-telling, in knowing the pressures facing the target audience (Hitler), in creating a believable altered reality, in understanding how information moved through Nazi circles and among those who enabled them and, most importantly, in persuading our adversaries to make consequential decisions that advanced our interests over theirs. It was cognitive warfare on the offense, it represented a cognitive advantage during a perilous period, and it remains a reminder of the timeless power of cognitive persuasion.

History has many other examples of where commanders and leaders have stepped beyond traditional thinking and conventional operations into the information and cognitive space to confuse our adversaries, to win the day, and, at times, to change history.

Is this important today? Let us put cognitive warfare in strategic perspective.

First, great power competition is intensifying and the stakes are high.

The U.S is now facing the most significant global challenges than at any time in our history. We face more capable peer adversaries, more aspiring regional nations, and more proxy threats than ever before. The global environment is more uncertain than ever, and our place in it is not guaranteed. If we are to remain the global leader, we’ll have to be ready for today’s and tomorrow’s rapidly evolving competition and warfare. We must look to prioritize and commonly orient our Nation’s capabilities toward actively maneuvering and gaining advantage across the cognitive landscape to help ensure our security interests, and to actively deny any adversary their own advantage.

Second, great powers will go to great lengths to avoid direct military engagement that could have catastrophic consequences. Russia has lost the equivalent of what would be one of the world’s largest militaries and it has experienced a massive reduction in national power in the war with Ukraine. We also know the examples from WWII when nations and great militaries were defeated and even decimated as a result of great power conflict.

China has advocated winning without fighting for decades, and it still does. Khrushchev famously said “We will take American without firing a shot. We do not have to invade the U.S. We will destroy you from within.” Putin is a believer and practitioner in that approach.

Their approaches are not a mystery. Our adversaries have telegraphed how they plan to attack us, and to defeat us, without direct military engagement.

Third, given those considerations, our adversaries are increasingly relying on operations in the gray zone, or gray warfare, to advance their national interests and to take steps to undermine and weaken the United States, without risking a superpower conflict. They have prioritized their resources, decisions, and actions toward this end.

China and Russia, and even Iran and North Korea, believe there are more gains than risks in the gray zone, and any risks they do face are manageable, so we should expect them to expand their activities. If we solely maintain an unblinking stare at the conventional military capabilities of our adversaries, we might miss the real war already well underway in the gray zone.

Finally—cognitive warfare stands as the most prevalent and consequential activity our adversaries conduct in the gray zone.

This is not your grandfather’s Cold War disinformation. This is an assault on cognition, powered by advanced technology and enabled by an information environment that provides camouflage, infrastructure, and operational resources for our adversaries. Ultimately, cognitive warfare is a contest for truth and knowledge—a struggle to shape perception, control understanding, and influence both the decision-making process and its outcomes.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

Never before in history have individuals, organizations, societies, and nations faced such a sustained assault on our ability to make our own decisions—our autonomy to think, decide, and act in our own best interests. From our adversaries’ perspective, controlling perceptions, manufacturing realities, steering decision-making, intimidation as persuasion, decision fatigue, and manufactured false choices make for persuasive and effective strategy.

In this global information landscape, where technology levels the playing field, any individual or group, and state or non-state actors can reach global audiences almost immediately. Thousands of internet sites, fake users, fabricated organizations, bots, and willing surrogates, managed by Russia, China, Iran, and North Korea, wage cognitive warfare against the U.S., our allies, and our partners at unprecedented scale and velocity. Artificial intelligence now serves as a force multiplier—amplifying reach, supercharging deception, automating the manipulation of public opinion, and constricting time in the information maneuver space.

As individuals and groups within America, this is everything from how we see the world, how we vote, how we invest, whom and what we trust, which policies we support or oppose, and who we believe are our friends and partners—locally, regionally, and globally.

For national security leaders, policymakers, and corporate and military decision-makers, our adversaries seek to influence consequential decisions on issues like Ukraine, Taiwan, trade, military posture, supply chains, alliances, participation in international organizations, technology development, and a host of other issues that could tip the balance in our adversaries’ favor.

For China, Russia, Iran, and North Korea, this is integrated national strategy where the instruments of national power—government, private sector, and surrogates—are combined to achieve strategic impact. Further, the willingness of our adversaries to defy international law; challenge economic interests, and violate the sovereignty and laws of every country including the U.S.; engage in bribery, political coercion, sabotage, and assassinations—essentially a “no limits” approach” to cognitive warfare—gives them considerable leverage—made more effective by our lack of focused emphasis on recognizing, prioritizing and taking action to mass and commonly orient our great national strengths.

If we are to make consequential decisions with confidence, we must have high certainty in the information we receive, value, and share. In the cognitive domain, truth is a strategic asset—precious, powerful, and fragile. To endure, it must be shielded from the relentless assault of manipulation, coercion, and altered realities initiated by our adversaries to shape the strategic landscape and create influence attack vectors intended to undermine and disable our ability to do the same.

Churchill recognized both the strategic value and fragile nature of truth in a time of conflict. He famously said, “In wartime, the truth [is] so precious that it should always be attended by a bodyguard of lies.” The lesson is clear. Today, just as in 1943, we must seize and defend the cognitive advantage if we are to navigate these equally perilous times.

What do we need to do to achieve a cognitive advantage?

- First, we need to reassert a strong U.S. national narrative.

In the cognitive domain, our national narrative is both sword and shield. It projects power, influence, and advances our interests. It tells the story of our values, our history, our aspirations, our view of the world, and our resolve and is reinforced by actions and deeds. Our military and economic strength and our global leaderships are strong parts of this narrative. It supports confidence in our actions, our institutions, and our commitments. It also counters adversary narratives and actions that seek to undermine America within our own borders and across the world. We all know today that our national narrative is being questioned by some at home and abroad. Regardless of how we see the political environment, we must articulate and advance a strong seamless U.S. national narrative as foundational to a cognitive advantage. We must take this on.

- Second, we need to empower our master storytellers.

Our master storytellers are not just communicators; they are architects of persuasion. We all know this; we read, we watch movies, and we listen. Facts are fleeting, but stories remain with us—they shape how we feel which in turn drives how we behave. In the cognitive domain, well-crafted stories—including those tailored to navigate today’s hyper-technical environment and chaotic information environment—shape threat perceptions, influence our perception of reality, sustain resolve, and can tip the balance in competition or conflict.

Adversaries recognize the power of narrative and weaponize it; even the truth is more persuasive when it is delivered as part of a compelling story. History proves the advantage: in cognitive warfare, facts alone rarely shift outcomes—compelling narratives and persuasive storytelling do. As in 1943, our edge will be defined by those who can craft and deliver the stories that influence minds and shape events. Yes, we need our master storytellers as much today as we did in 1943.

- Third, we need to see and understand our adversaries’ capabilities and intentions in the cognitive domain—where perception, knowledge, and decision-making are contested. Our adversaries, of course, go to great lengths to mask and conceal their activities. It is time for cognitive intelligence—intelligence in and about the cognitive domain and our ability to reliably understand how, where, and why adversaries seek to shape our thinking and decisions—to emerge as a priority.

- Fourth, we need a sustain a technological edge in AI, Cognitive Science, Cyber, and other technologies that force our adversaries to go on the defensive. China in particular is working to take that advantage from us by its own means but also by stealing U.S. data, technologies, and intellectual property to use against us. We must safeguard the extraordinary capabilities of U.S. technologies—including those small, bold startups—that not only provide a critical national security advantage but are also relentlessly targeted by our adversaries.

- Fifth—and critically important—we need to plan, organize and drive designed strategies and actions across our governmental institutions, international partners, and private sector at the intersections of shared security interests to defend against adversary tactics that target our economic, military, infrastructure, informational and Cyber pillars of security each fueled by human perception, reasoning, and effective decision-making. If you remember anything from this article, please remember this. As a priority, we need a strategy and a commitment to play offense in a quiet but relentless manner that confuses our adversaries, shatters their confidence, and forces them—not us—to deal with the uncertainties of cognitive warfare.

- Finally, if all of this is to work, we need to harness the incredible intellectual power, critical thinking, and collaboration among government, private sector, academia, and in many cases, our allies. We need to work at the nexus of shared interests. In this collaboration; we need leaders; not to overly prescribe or to build bureaucracy, but to inspire, convene, add clarity of purpose, and to enable the incredible capability this community offers. We must use the power to convene to commonly inform and set conditions for mutually beneficial action and outcomes, and to help close the relationship seams used by our adversaries as attack vectors.

Need a daily dose of reality on national and global security issues? Subscriber to The Cipher Brief’s Nightcap newsletter, delivering expert insights on today’s events – right to your inbox. Sign up for free today.

For our leaders, a reminder that when relegated to small tasks and small thinking, influence operations in the cognitive domain will achieve small results. This is a time for vision, for big thoughts, innovation, and audacity. With those attributes, and thinking back to the remarkable achievements of 1943, today’s operations in the cognitive domain can and will do remarkable things.

Those elements, we believe, are the foundation of a cognitive advantage. If we are successful, it means we have a sustained ability to protect our decision-making autonomy at all levels; we preserve domestic and allied social cohesion; we retain global influence, credibility and narrative power; we expose and undermine adversary efforts at cognitive warfare; and we achieve U.S. objectives without resulting in direct conflict. Challenging?—Yes. Attainable?—Certainly.

A final word. Last June, Dave Pitts visited Normandy for the 80^th Anniversary of D-Day—which was our last conventional war of great powers. It was a war that resulted in a devastating loss of human life and unprecedented destruction. Omaha Beach, the Drop Zones around St. Mere Eglise, and the American Cemetery were vivid reminders. That war established the U.S as a global superpower and established a world order that has lasted 80 years. It also enshrined in history the “Greatest Generation.”

Today, authoritarian rule is on the rise, national sovereignty around the world is being undermined, and the global order as we know it is under attack. Once again, our preeminence, leadership, and resolve are being challenged. Let’s be clear, the next war—a quieter war, a gray war—is already underway. The outcome of that war will be as consequential as conventional war.

Cognitive warfare may very well be the defining contest of this era—a generational challenge—given the threats it poses to U.S. national security, our place and influence in the world, and our commitment to our own self-determination. If you are a professional in this space—government, private sector, academia, and ally—this is clearly your time.

Today, we are surrounded by threats, but we are also surrounded by opportunities, by extraordinary expertise, and by willing partners. The challenges ahead are formidable, but so are our experiences and capabilities as a nation. The incredible resolve, sacrifice, and refusal to fail—hallmarks of the Greatest Generation—are woven into the fabric of America and will continue to serve us well. Securing our future now demands leadership, collaboration, a bias for action, and adaptability—the hallmarks of this generation. We have what it takes.

Yes, confidence is clearly justified—but we must just as clearly match that confidence with decisive action. Time is not on our side as others have already decided to prioritize cognitive related strategies. It is time to take a bold step forward in the cognitive domain and to seize the cognitive advantage.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. Government. Nothing in the contents should be construed as asserting or implying U.S. Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief