Intelligence - Atlantic Council https://www.atlanticcouncil.org/issue/intelligence/ Shaping the global future together Tue, 13 Aug 2024 19:02:32 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.atlanticcouncil.org/wp-content/uploads/2019/09/favicon-150x150.png Intelligence - Atlantic Council https://www.atlanticcouncil.org/issue/intelligence/ 32 32 NATO must recognize the potential of open-source intelligence https://www.atlanticcouncil.org/blogs/new-atlanticist/nato-must-recognize-the-potential-of-open-source-intelligence/ Tue, 13 Aug 2024 19:02:28 +0000 https://www.atlanticcouncil.org/?p=780661 By taking steps to use OSINT more effectively, NATO can preempt, deter, and defeat its adversaries’ efforts to expand their influence and undermine the security of member states.

The post NATO must recognize the potential of open-source intelligence appeared first on Atlantic Council.

]]>
Air Marshal Sir Christopher Harper is a former UK military representative to NATO and served as director general of the NATO International Military Staff from 2013 to 2016. He is a nonresident senior fellow with the Transatlantic Security Initiative in the Atlantic Council’s Scowcroft Center for Strategy and Security and an adviser to companies, including Accenture and Adarga, which provide AI tools for processing open-source information, including for public-sector clients.

Robert Bassett Cross is a former British Army officer and the founder and CEO of the UK-headquartered AI software developer Adarga. He is a nonresident senior fellow at the Forward Defense practice of the Atlantic Council’s Scowcroft Center for Strategy and Security and an honorary research fellow at the University of Exeter’s Strategy and Security Institute.


Writing in 1946, just a few years before NATO was founded, Director of the US Office of Strategic Services Bill Donovan knew precisely how valuable publicly available information could be.

“[E]ven a regimented press,” he wrote, “will again and again betray the national interest to a painstaking observer . . . Pamphlets, periodicals, scientific journals are mines of intelligence.”

Today, seventy-five years after the Alliance was formed, such open-source intelligence (OSINT) is more important—and more powerful—than ever. However, underinvestment in OSINT capabilities and a culture favoring classified data currently hold back member states’ intelligence-collection potential. To fully utilize the available technology to detect threats from adversaries, NATO member states must overcome these barriers to embrace open-source intelligence enabled by artificial intelligence (AI).

Understanding the threat landscape

OSINT can help leaders get a fast, up-to-date understanding of their operating environment. If you want to know who’s doing what, where, and when, then an open-source specialist can quickly tell you.

If, for example, you want to find out who’s jamming GPS systems in the Baltic region, the relevant data isn’t hard to come by. Similarly, OSINT analysts can provide insights into issues ranging from the effectiveness of Iran’s attack on Israel (and the Israeli response) to China’s current role in fueling the Russian war machine. 

In recent years, it has become increasingly clear that, in addition to insight into current and recent events, OSINT can help leaders forecast what an adversary might be planning to do weeks, months, or even years from now.

By exploiting OSINT more fully and by integrating it into the wider intelligence cycle, NATO can preempt, deter, and defeat its adversaries’ efforts to expand their influence and undermine the security of member states. Here are several ways that OSINT can be used:

  1. Across the physical domains of land, air, sea, and space, NATO can exploit publicly and commercially available data to explore an adversary’s order of battle and—more importantly—monitor changes in the strength and disposition of its military units and formations to infer its intent.
  2. In the cyber domain, NATO can leverage commercially available information to detect and counter the penetration of networks governing critical infrastructure, as well as those related to research organizations, academic institutions, and technology developers.
  3. In the information space, OSINT can help NATO identify, understand, and counter influence campaigns, specifically when it comes to the detection and attribution of disinformation and misinformation.
  4. NATO can draw on vast swaths of open-source data to infer long-term strategic intent. Every subtle change to a government’s policies, every adjustment to its economic positioning and investment strategy, every new law and regulation it enacts, every new treaty and trade agreement—all of these can help the Alliance reverse engineer an adversary’s confidential playbooks.

Given the vast quantity, complexity, and diversity of the data, it is vital that NATO employs AI to extract the maximum value from it—to enhance analysts’ abilities, accelerate the analysis cycle, and build a reliable, contextual understanding of what Donovan called “the strategy developing silently behind the mask.”

The barriers to OSINT adoption

While AI is, of course, an emerging technology, its utility is already being realized across industries and sectors outside defense. From corporate intelligence and advisory services to finance and media, more and more private-sector organizations are using AI to make sense of the information environment, drawing on an ever-expanding range of sources to manage risk, identify opportunities, and adapt to geopolitical volatility.

However, the barriers to its widespread adoption and effective exploitation in political and military circles remain considerable. A paper published in 2022 by the Royal United Services Institute (RUSI), in collaboration with the Centre for Emerging Technology and Security and the Alan Turing Institute, identified three in particular.

First, there are tradecraft barriers relating to the methodologies governing everything from the analysis of publicly available information to the evaluation and dissemination of the resulting intelligence. Second, there are resourcing barriers stemming from underinvestment in the requisite tools, technologies, data sets, and training.

The third barrier identified by the RUSI authors—and the most daunting one—is cultural. Presented with so much open-source data, analysts and decision makers tend to favor classified information and internal data sets. These sources and insights are easier to trust and are imbued with what the authors call “the perceived power of the ‘secret’ label.” 

Speaking at the Eurosatory exhibition in Paris in June, US Major General Matthew Van Wagenen, deputy chief of staff for operations at NATO, confirmed how great this cultural barrier is. Up to 90 percent of “what Western militaries are looking for,” he said, can be derived from open sources:

This is a revolution in how we look at information. The ways of discerning information through classical means and techniques, tactics, and procedures that militaries have been adapted to—that’s really an old model of doing business. The new open source that’s out there right now, and the speed of information and relevance of information is coming, this is how things need to be looked at.

It is reasonable to believe that the tradecraft and resourcing barriers can be overcome. Methodologies are evolving swiftly, as are the requisite technologies. In fact, many of the tools NATO needs to capitalize on OSINT already exist. New AI applications are coming online almost every week. But if NATO fails to overcome the cultural barrier, it risks going into the next conflict underinformed and ill-prepared.

How AI-enabled OSINT can earn NATO leaders’ confidence

The cultural barrier to AI-enabled OSINT cannot be surmounted simply by decree or directive. Nor can it be overcome by intelligence professionals alone. The technology—and the discipline—must earn the justified confidence of civilian leaders and military commanders across the international staff, the military committee, and the supporting agencies. This could happen if AI-enabled OSINT were applied first to the simplest intelligence-gathering tasks before being applied to the most complex. To borrow the terminology made famous by former US Defense Secretary Donald Rumsfeld, NATO should apply the discipline to corroborating “known knowns,” resolving “known unknowns,” and surfacing “unknown unknowns.”

Corroborating “known knowns”: NATO should start by recognizing where the skills of the human analyst currently outperform even the most sophisticated models, and where AI can best be applied to elevate these skills. This means asking the right kind of questions, and employing OSINT to corroborate what is already known and to triangulate insights gathered from well-established secret sources. In this way, NATO can begin to overcome the skepticism that’s too often associated with publicly available information and OSINT. 

Resolving “known unknowns”: With so much data to draw on, it is essential that NATO uses AI to help collate, process, and (where necessary) translate that data so it is ready for analysts to interpret. If AI-enabled OSINT can prove useful to intelligence professionals in this capacity, those professionals may be more willing to apply it to the most complex and valuable intelligence tasks of all—surfacing risks and opportunities that civilian and military leaders would otherwise struggle to identify.

Surfacing “unknown unknowns”: Perhaps the greatest contribution that AI can make to the intelligence-gathering discipline is identifying patterns and connections that are invisible to the human eye. Dedicated, AI-powered information-intelligence applications that synthesize publicly available information with proprietary data can help analysts and decision makers tease out insights they would otherwise miss.

This combination of publicly available information with classified data will enable NATO analysts to give military and political leaders a uniquely rich, nuanced, and highly contextualized understanding of the operating environment. Decision makers at every level will be able to examine intelligence from every angle, and apply their experience and imagination to infer an adversary’s intentions based on the interplay of evidence.

The critical need for human-machine teaming

The necessary tools and methodologies exist. What’s missing is the determination to get these tools into users’ hands, to supply the requisite training, and to capitalize on the integrated output derived from all sources of intelligence, open-source and otherwise.

OSINT is becoming known among some intelligence professionals as “the intelligence of first resort.” Compared with clandestine methods of information gathering and analysis, OSINT is fast, low-cost, and low-risk. But if it can be combined with those same methods then NATO’s analysts and leadership will have an enduring competitive edge, with access to the kind of strategic information that would likely be, in Bill Donovan’s words, “of determining influence in modern war.”


NATO’s seventy-fifth anniversary is a milestone in a remarkable story of reinvention, adaptation, and unity. However, as the Alliance seeks to secure its future for the next seventy-five years, it faces the revanchism of old rivals, escalating strategic competition, and uncertainties over the future of the rules-based international order.

With partners and allies turning attention from celebrations to challenges, the Atlantic Council’s Transatlantic Security Initiative invited contributors to engage with the most pressing concerns ahead of the historic Washington summit and chart a path for the Alliance’s future. This series will feature seven essays focused on concrete issues that NATO must address at the Washington summit and five essays that examine longer-term challenges the Alliance must confront to ensure transatlantic security.

The post NATO must recognize the potential of open-source intelligence appeared first on Atlantic Council.

]]>
Sailing through the spyglass: The strategic advantages of blue OSINT, ubiquitous sensor networks, and deception https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/sailing-through-the-spyglass-the-strategic-advantages-of-blue-osint-ubiquitous-sensor-networks-and-deception/ Thu, 08 Aug 2024 10:43:41 +0000 https://www.atlanticcouncil.org/?p=781627 In today’s technologically enabled world, the movements of every vessel—from nimble fishing boats to colossal aircraft carriers—can be meticulously tracked by a massive network of satellites and sensors. With every ripple on the ocean’s surface under scrutiny, surprise naval maneuvers will soon be relics of the past.

The post Sailing through the spyglass: The strategic advantages of blue OSINT, ubiquitous sensor networks, and deception appeared first on Atlantic Council.

]]>
In today’s technologically enabled world, the movements of every vessel—from nimble fishing boats to colossal aircraft carriers—can be meticulously tracked by a massive network of satellites and sensors. With every ripple on the ocean’s surface under scrutiny, surprise naval maneuvers will soon be relics of the past. The vast expanse of the world’s oceans will no longer be shrouded in mystery, but illuminated by data streams flowing from millions of eyes and ears aware of every movement from space to seabed.

Open-source intelligence (OSINT) refers to intelligence derived exclusively from publicly or commercially available information that addresses specific intelligence priorities, requirements, or gaps. OSINT encompasses a wide range of sources, including public records, news media, libraries, social media platforms, images, videos, websites, and even the dark web. Commercial technical collection and imagery satellites also provide valuable open-source data. The power of OSINT lies in its ability to provide meaningful, actionable intelligence from diverse and readily available sources.

Thanks to technological advances, OSINT can provide early warning signs of a conflict to come long before it actually breaks out. On land, the proliferation of inexpensive and ubiquitous sensor networks has rendered battlefields almost transparent, making surprise maneuvers more difficult. Through open-source data from smartphones and satellites, persistent OSINT provides early warning of mobilization and other key indicators of military maneuvers. This capability is further augmented by artificial intelligence (AI)-enhanced reconnaissance and real-time data analysis, which have proven remarkably effective in modern conflicts including in Ukraine, Azerbaijan, Gaza and Israel, and Sudan. As this paradigm extends to maritime operations, it brings unique challenges and characteristics compared to land operations.

As technology races forward, Blue OSINT stands out as a key tool in the arsenal of contemporary naval warfare during global great-power competition. Blue OSINT harnesses data from commercial satellites, social media, and other publicly available sources to specifically enhance maritime domain awareness, identify emerging threats, and inform strategic decisions.

The current state of Blue OSINT across the spectrum of conflict points to an accelerating technology-driven evolution enabling maritime security and sea-control missions. The US Navy (USN) can enhance Blue OSINT collection with its own commercially procured sensor networks and bespoke uncrewed systems to shape operational environments, prevent and resolve conflicts, and ensure accessibility of sea lines of communications.

Commercially procured sensors span a wide array of technologies, including sonar and acoustic sensors, as well as video and seismic devices that are utilized to detect activities in strategic locations. These sensors can function independently or operate from uncrewed systems, providing flexibility and adaptability in various maritime operations. For instance, uncrewed aerial systems (UAS) equipped with high-resolution cameras and radar can deliver persistent surveillance over expansive oceanic areas, while uncrewed underwater vehicles (UUVs) with sonar capabilities can monitor subsea activities, such as submarine movements and underwater installations. These uncrewed platforms enable the continuous collection of critical data, enhancing the Navy’s situational awareness and operational readiness without putting sailors at risk.

For the US Navy to best support the joint force and maintain its strategic edge, it must integrate ubiquitous sensor networks and Blue OSINT into naval strategies adapted for tomorrow’s increasingly complex maritime environment. The Navy’s multiyear Project Overmatch is a good start to developing its “network of networks” and contributing to the Joint All-Domain Command and Control (JADC2) program.

With escalating tensions in the South China Sea, conventional forces are stretched thin and face asymmetric threats such as the People’s Liberation Army Navy (PLAN)’s undersea sensing arrays and China’s maritime militia forces. Integrating Blue OSINT and sensor networks into the Navy’s strategies complements traditional naval power, while allowing intelligence missions to be conducted at lower risk and cost. Moreover, the open-source nature of this information enhances the Navy’s ability to share information and collaborate with allies and partners while bypassing cumbersome security classification issues. By relying on easily shareable information, the Navy can better synchronize efforts with partner navies, making command of the sea a more coordinated and viable endeavor.

The impact of evolving open-source intelligence on warfare

Feature OSINT Traditional Intelligence
Source of data Commercial satellites, social media, public sources HUMINT, SIGINT, classified sources
Coverage Global, real-time updates, highly accessible Selective, based on specific operational requirements
Cost Low cost, leveraging existing commercial infrastructure High cost, involving extensive human and technical resources
Risk Low risk, minimal direct exposure Higher risk, involves clandestine operations
Data volume Extremely high, necessitates AI and advanced analytics Moderate to high, manageable with traditional methods
Ease of sharing High, fewer classification issues Low, often restricted by security classifications
Data warning Effective, provides pre-conflict indicators Effective, but often limited by operational scope
Deception tactics Requires advanced techniques to counteract Relies on traditional counterintelligence and technical methods
Collaboration Enhances collaboration with allies using open data Limited, restricted sharing due to classification
Operational impact Supports continuous monitoring and quick response Supports deep, targeted insights into adversaries

The table above provides a comparison between OSINT and traditional intelligence methods, highlighting the strengths and weaknesses of each approach. OSINT offers global, real-time updates at a lower cost by leveraging existing commercial infrastructure. This approach presents a lower risk, as it involves minimal direct exposure and facilitates easier information sharing due to fewer classification issues.

On the other hand, traditional intelligence methods such as human intelligence (HUMINT) and signals intelligence (SIGINT) provide selective, targeted insights based on specific operational requirements. These methods often involve higher costs and risks due to the need for extensive human and technical resources, as well as the nature of clandestine operations. While traditional intelligence can offer deep, targeted insights, it is often limited by operational scope and security classification issues, making information sharing more challenging.

In the maritime domain, these distinctions are particularly significant. The concept of Blue OSINT integrates these principles specifically for naval operations, emphasizing the need for continuous monitoring and rapid-response capabilities.

Blue OSINT and persistent maritime monitoring

In the pre-conflict stage, global satellite coverage and social media provide a wealth of data that can map maritime activity with unprecedented detail. Nonprofit organizations like Global Fishing Watch use commercial satellite constellations to track ships and monitor maritime activity. Increased affordability and accessibility of satellite technology have enabled nongovernmental and commercial entities to contribute to maritime domain awareness in new ways. For instance, maritime radar emissions—once the exclusive domain of military and intelligence satellites—are now easily observable and “tweetable,” allowing for vessel identification to be accomplished more easily when actors execute deceptive techniques. Similarly, platforms like X (formerly Twitter) host numerous “ship spotting” accounts, where enthusiasts post photos and updates of vessels passing through strategic chokepoints and major straits, further enriching the available data.

Through persistent monitoring and large-scale data analysis, Blue OSINT can be used to significantly mitigate the challenge of monitoring large exclusive economic zones (EEZs). It offers a cost-effective alternative to traditional patrols, allowing these navies to adopt a more targeted approach when deploying their limited resources. By embracing Blue OSINT, naval forces can enhance their surveillance and response capabilities without a heavy financial burden, ensuring that these forces remain agile and effective in their maritime operations. Additionally, data streams from ubiquitous sensor networks can be coupled with Blue OSINT collection to give naval intelligence experts near-endless amounts of data in support of complex reconnaissance operations, without placing sailors and special operators at increased risk to collect it.

In addition to myriad opportunities for intelligence collection, using Blue OSINT presents technological challenges for the US Navy. The sheer volume of data generated by ubiquitous sensor networks and Blue OSINT tools necessitate substantial investments in software and analytic tools to manage and interpret this information effectively. Intelligence professionals must sift through endless amounts of data to identify actionable insights. Even the most skilled analysts need software and computer processing that can help organize and parse raw data.

To address these challenges, the US Navy and other maritime forces are ramping up investments in commercially procured sensor networks and cutting-edge analytic tools. In June 2024, the National Geospatial-Intelligence Agency issued its first-ever commercial solicitation for unclassified technology to help track illicit fishing in the Pacific. Such investments aim to access, exploit, and process the massive amounts of data generated, a key step to achieving comprehensive maritime domain awareness. Better software and analytic tools can help maximize the potential of Blue OSINT and sensor networks, ensuring that intelligence analysts can better inform decision-makers at the speed of relevance.

Strategic deployment of distributed sensors

While Blue OSINT provides valuable insights into chokepoints and shipping lanes, it does not yet offer comprehensive coverage of the open ocean. Its effectiveness is greater in populated and coastal areas, where the density of electronic devices and human activity is significantly higher than on the high seas. Moreover, OSINT data can often be easily manipulated, presenting challenges in ensuring the accuracy and reliability of the information gathered. For example, although ships emitting Automatic Identification System (AIS) signals can be tracked on the web, navies are aware that bad actors often tamper with their transponders in order to disguise their locations, ultimately limiting the signals’ reliability.

To bypass these limitations of open-source data, navies and intelligence agencies can enhance their Blue OSINT capabilities by augmenting them with strategically deployed clandestine sensor networks in key locations, such as harbors, straits, and other critical chokepoints. This combination of data flows allows for effective monitoring and data collection on vessel movements, communications, and adversary intentions. Additionally, other covert sensors can be hidden on the seabed or disguised on civilian vessels, like fishing boats, in regions such as the South China Sea. Using distributed sensors along with Blue OSINT data ensures continuous and comprehensive maritime situational awareness, even in areas less frequented by military assets.

However, fixed sensor networks alone are insufficient to cover the dynamic maritime environment. Deploying a mobile network of distributed sensors necessitates a diverse array of platforms and technologies. While military satellites, ships, and aircraft equipped with advanced sensors can offer intermittent coverage, they are costly and limited in number, and their findings are less easily shareable with partners and allies. To bridge these gaps, allied navies should invest in affordable and scalable solutions such as uncrewed surface vehicles (USVs), UUVs, and UASs. Outfitted with various sensors, these platforms can effectively detect and track adversary movements, ensuring that navies maintain situational awareness across the vast expanse of the Pacific Ocean and other critical regions.

Small UASs launched from naval ships can be used to rapidly surveil large swaths of sea, providing real-time data on both surface and subsurface activities. Recognizing the strategic advantage of uncrewed systems, China has taken a bold step to outpace the US Navy by developing an aircraft carrier specifically designed to launch and recover UASs, rather than sophisticated manned platforms like the J-20 fighter jet. This significant investment in a carrier solely for uncrewed vehicles by the PLAN should prompt the United States to reconsider, and potentially adjust, its future resourcing strategy. Similarly, USVs can conduct long-duration patrols at a fraction of the cost of manned ship operations, exemplified by Saildrone vessels patrolling the Indian Ocean, providing the USN a robust sensor network. UUVs, deployed from submarines or surface ships, can monitor subsea activities, such as the movement of submarines and other submersible assets.

By monitoring the air, sea, and underwater environments, uncrewed vehicles and their sensors can significantly enhance overall maritime situational awareness. However, these tools are only effective if they are integrated into a cohesive architecture that combines traditional intelligence, surveillance, and reconnaissance (ISR) with Blue OSINT data and affordable long-term leave-behind sensors. Project Overmatch exemplifies how to achieve this integration by developing a network that links sensors, shooters, and command nodes across all domains. For instance, Project Overmatch aims to leverage advanced data analytics, artificial intelligence, and secure communications to create a unified maritime operational picture, enabling faster and more informed decision-making. By incorporating these elements, the US Navy can ensure that uncrewed vehicles and their sensors are effectively utilized to maintain operational superiority in the maritime domain.

Moreover, the low-signature nature of some of these sensors increases the odds that they can operate undetected by adversaries, providing a strategic advantage. By deploying sensors in unexpected locations, and disguising them as civilian assets in some cases, navies can gather intelligence without alerting potential threats to their presence.

Blue OSINT and sensor networks in conflict

While Blue OSINT collection and distributed sensor networks can easily collect data in uncontested waters, they have immediate applications to modern maritime conflict as well. For instance, in the event of a cross-strait invasion by the People’s Republic of China (PRC), the transparency provided by Blue OSINT would make it difficult for navies to maneuver undetected. Satellites and social media continuously monitor naval piers, strategic chokepoints, and even some open ocean areas, making it increasingly difficult to achieve tactical surprise. Historical instances—such as Japan’s attack on Pearl Harbor, the D-Day invasion, or the successful surprise dash to transit the English Channel by the German fleet during World War II—would be much harder to achieve in the modern era due to the pervasive nature of Blue OSINT.

In the context of a potential Taiwan invasion, Blue OSINT would likely be used to detect and closely follow Chinese naval activities, including the movement of amphibious assault ships and submarines. OSINT analysts frequently examine satellite imagery of Chinese shipyards and military installations, which could provide early indications of mobilization.

However, relying solely on satellite imagery and AIS for Blue OSINT is insufficient. Multi-intelligence capabilities are essential to provide a comprehensive assessment. For instance, in 2020, two commercial firms collaborated to use radio frequency and synthetic aperture radar collection to detect Chinese illegal, unregulated, and unreported fishing near the Galapagos EEZ. This open-source technique revealed the ability to identify fishing vessels that turned off their AIS to cross into the EEZ. In a future conflict with China, the same methodology of combining multiple Blue OSINT sources could be used to identify and track vessels of the People’s Armed Forces Maritime Militia (PAFMM). This would bypass the AIS vulnerabilities that the PAFMM traditionally exploits to avoid detection, while also revealing its intentions as directed by the PLAN.

The Russo-Ukraine conflict revealed how OSINT can thwart surprise maneuvers and provide crucial targeting data deep behind enemy lines. However, it also underscores the limitations of OSINT in sparsely populated environments, such as the open ocean. For example, in December 2023, as missiles flew over the Red Sea, 18 percent of global container-ship capacity was rerouted. While civilian mariners and commercial shipping significantly contribute to Blue OSINT during peacetime, their absence in a high-risk conflict scenario would shift the burden more heavily onto satellite and uncrewed systems.

Deception and stealth

While the US Navy can take advantage of these technologies, its adversaries can, and almost certainly will, do the same. The US Navy and its allies must develop countermeasures to mitigate the risks posed by sensor networks while also leveraging its benefits. One approach is to invest in advanced deception tactics designed to mislead adversaries. These include the use of decoys, electronic warfare, and signal spoofing to create false targets and confuse enemy sensors. The Navy has been quietly developing these tools to obscure its true movements and intentions, ultimately confounding adversaries and making it harder for them to accurately target US forces.

In addition to deception, the United States and its allies need to enhance their naval stealth capabilities to evade adversaries’ distributed sensor networks. This involves not only minimizing the electromagnetic signatures of their vessels, but also employing innovative designs and operational tactics to reduce their radar cross-sections and avoid detection.

Distributed sensors in conflict

The ability to complement Blue OSINT with distributed sensors will be a decisive factor in near-term conflict dynamics. Just as frontline units in Ukraine are detected and targeted by cheap drones and stationary sensors, naval forces can be identified and pinpointed by similar systems at sea. Distributed sensors can provide continuous monitoring and data collection, ensuring that navies can maintain situational awareness and respond swiftly to emerging threats.

Three pillars are necessary to distribute sensors effectively across the ocean.

First, large conventional fleets play a critical role in maritime strategy. These fleets must be capable of extended operations and diverse missions, providing the backbone of naval presence, power projection, sea lines of communication, and, ultimately, sea control. During the COVID-19 pandemic, the US Navy demonstrated its endurance with record-length deployments, showcasing an advantage that could be significant in future maritime campaigns.

Second, organic reconnaissance drones are essential. Each destroyer and aircraft carrier should be equipped with its own fleet of multi-domain drones to conduct surveillance and gather intelligence. Currently, US carrier strike groups rely on land-launched surveillance drones, which are vulnerable and limited in number. Integrating organic drones into each vessel would enhance situational awareness and operational flexibility, allowing for more effective and autonomous intelligence-gathering capabilities.

Third, large fleets of affordable USVs and UUVs can deploy sensors across the ocean, increasing sensor hours at sea and improving maritime domain awareness. The first Replicator tranche is equipping forces with thousands of attritable systems to turn the Taiwan Strait into “an unmanned hellscape,” demonstrating the strategic value of uncrewed systems in contested waters. Moreover, the Navy is experimenting with diverse types of uncrewed platforms, aiming to create a distributed fleet architecture that is even more lethal than today’s carrier-centric fleet. These unmanned systems provide a cost-effective means to enhance surveillance and reconnaissance capabilities across vast oceanic areas, ensuring that the Navy can maintain a strategic advantage in both peacetime and conflict scenarios.

Recommendations

To maximize the efficacy of maritime domain awareness, it is crucial to integrate data from both Blue OSINT and ubiquitous sensor networks. While these two systems of data collection are largely distinct, their combined use can significantly enhance the accuracy and comprehensiveness of intelligence assessments and naval warfare.

  1. Leverage Blue OSINT. Significant investment in artificial intelligence and advanced analytics is necessary to manage and interpret the endless amounts of data generated by open-source intelligence. By fostering a coordinated approach to maritime security, Blue OSINT can facilitate easier information sharing with allies and partners, but only if its utilization is preplanned. Collaborative pathways for Blue OSINT data collection, processing, and analysis must take shape early in the concept and planning phases. This collaborative effort will significantly enhance collective situational awareness and operational effectiveness, making it easier for navies to synchronize their efforts. Additionally, complementing Blue OSINT with traditional intelligence collection such as HUMINT and SIGINT provides a comprehensive threat assessment. By integrating these capabilities, navies can more easily attain a well-rounded understanding of adversary actions.
  2. Commercially procure distributed sensing capabilities and networks. The US Navy must invest in Replicator-style unmanned platforms that can affordably deploy sensors across maritime battlefields, similar to the use of small UAS for land reconnaissance. These commercially procured distributed sensing platforms will significantly enhance the Navy’s ability to continuously and comprehensively monitor vast areas, improving overall maritime domain awareness.
  3. Recognize a new maritime operating environment. The US Navy must prepare for protracted missions away from easily monitored ports and chokepoints while penetrating adversary-controlled, denied waters. This mission set requires a robust logistical framework capable of supporting extended deployments in remote and contested waters. By developing sophisticated tactics to deceive and confuse distributed sensor networks, the Navy can minimize its visibility to adversaries and maintain strategic surprise. This necessitates investing in advanced deception technologies such as electronic warfare, signal spoofing, and decoys to create false targets and obscure true movements. Additionally, enhancing the stealth capabilities of vessels through innovative designs and operational practices will further ensure that naval forces can evade detection and operate effectively in a sensor-saturated environment. By embracing these realities, the Navy can sustain its operational effectiveness and strategic advantage across the competition continuum.

Conclusion

In an era of distributed sensing networks and Blue OSINT, adaptation is not just about leveraging technology but also about evolving operational doctrines to meet the challenges of contemporary maritime conflicts. By integrating Blue OSINT capabilities, deploying distributed sensors, and countering (and employing) deception, naval forces can maintain an asymmetric advantage in the increasingly visible and contested maritime domain.

The success of modern naval operations hinges on the ability to swiftly adapt to technological advancements and evolving threats. Navies must transcend beyond traditional methods and embrace innovative strategies to remain agile and effective. This demands a concerted effort from all levels of naval leadership, from policymakers to forward operators, to implement these changes.

On the unforgiving sea, only those who rapidly transform to the era of Blue OSINT will avoid the abyss, with the rest risk sinking into obsolescence as adversaries gain decisional advantage. Navies that fail to adjust to the realities of Blue OSINT and sensor networks risk ending up like the Russian Black Sea Fleet: at the bottom of the ocean.

Authors

Guido L. Torres is a nonresident senior fellow with the Atlantic Council’s Forward Defense Program and the executive director of the Irregular Warfare Initiative.

Austin Gray is co-founder and chief strategy officer of Blue Water Autonomy. He previously worked in a Ukrainian drone factory and served in US naval intelligence.

Related content

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Sailing through the spyglass: The strategic advantages of blue OSINT, ubiquitous sensor networks, and deception appeared first on Atlantic Council.

]]>
Polymeropoulos on a Cipher Brief podcast about Havana Syndrome https://www.atlanticcouncil.org/insight-impact/in-the-news/polymeropoulos-cipher-brief-havana-syndrome-podcast/ Mon, 20 May 2024 15:50:30 +0000 https://www.atlanticcouncil.org/?p=767552 On May 20, Forward Defense nonresident senior fellow Marc Polymeropoulos spoke on a Cipher Brief podcast titled “Is Russia Attacking U.S. Government Employees Using High-Energy Weapons?” about Havana Syndrome.

The post Polymeropoulos on a Cipher Brief podcast about Havana Syndrome appeared first on Atlantic Council.

]]>

On May 20, Forward Defense nonresident senior fellow Marc Polymeropoulos spoke on a Cipher Brief podcast titled “Is Russia Attacking U.S. Government Employees Using High-Energy Weapons?” about Havana Syndrome.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Polymeropoulos on a Cipher Brief podcast about Havana Syndrome appeared first on Atlantic Council.

]]>
Eftimiades quoted in Nikkei Asia https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-quoted-in-nikkei-asia/ Wed, 08 May 2024 13:49:44 +0000 https://www.atlanticcouncil.org/?p=763206 Nicholas Eftimiades was quoted in Nikkei Asia in an article about suspected Chinese spies in Germany and the UK.

The post Eftimiades quoted in Nikkei Asia appeared first on Atlantic Council.

]]>

On April 28, Forward Defense nonresident senior fellow Nicholas Eftimiades was quoted in Nikkei Asia in an article about suspected Chinese spies in Germany and the UK. Eftimiades was quoted as saying, “They are attempting to drive a wedge between Europe and the United States, implementing a divide-and-conquer strategy.” He was also quoted warning about a  “possibility of retaliation — even arbitrary arrests of Europeans in China.”

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades quoted in Nikkei Asia appeared first on Atlantic Council.

]]>
Polymeropoulos cited in The Spectator “Is Havana Syndrome real?” https://www.atlanticcouncil.org/insight-impact/in-the-news/polymeropoulos-havana-syndrome-spectator/ Sun, 05 May 2024 17:47:23 +0000 https://www.atlanticcouncil.org/?p=763406 On May 5, Forward Defense nonresident senior fellow Marc Polymeropoulos was cited in a Spectator article by John Foreman about Havana Syndrome.

The post Polymeropoulos cited in The Spectator “Is Havana Syndrome real?” appeared first on Atlantic Council.

]]>

On May 5, Forward Defense nonresident senior fellow Marc Polymeropoulos was cited in a Spectator article by John Foreman about Havana Syndrome.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Polymeropoulos cited in The Spectator “Is Havana Syndrome real?” appeared first on Atlantic Council.

]]>
Eftimiades published in intelNews on Chinese espionage https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-published-in-intelnews-on-chinese-espionage/ Fri, 03 May 2024 15:55:00 +0000 https://www.atlanticcouncil.org/?p=774553 Nicholas Eftimiades published an article titled "Tradecraft observations on the Reichenbach/Fischer espionage case" in intelNews.

The post Eftimiades published in intelNews on Chinese espionage appeared first on Atlantic Council.

]]>

On May 3, Forward Defense nonresident senior fellow Nicholas Eftimiades published an article titled “Tradecraft observations on the Reichenbach/Fischer espionage case” in intelNews, detailing the alleged Chinese agents’ export of sensitive military technology from Germany.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades published in intelNews on Chinese espionage appeared first on Atlantic Council.

]]>
Eftimiades on Spectator TV https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-on-spectator-tv/ Thu, 02 May 2024 00:15:03 +0000 https://www.atlanticcouncil.org/?p=761284 Nicholas Eftimiades was interviewed by the UK's Spectator TV. He discussed China's recent espionage activities throughout Europe.

The post Eftimiades on Spectator TV appeared first on Atlantic Council.

]]>

On April 29, Forward Defense nonresident senior fellow Nicholas Eftimiades was interviewed by the UK’s Spectator TV. Referencing China’s recent espionage activities throughout Europe, Eftimiades asserted that “this is the largest scale series of intelligence activities we have seen in modern history.”

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades on Spectator TV appeared first on Atlantic Council.

]]>
Great power competition is back. What does that mean for US special operations forces? https://www.atlanticcouncil.org/blogs/new-atlanticist/great-power-competition-is-back-us-special-operations-forces/ Fri, 19 Apr 2024 17:41:57 +0000 https://www.atlanticcouncil.org/?p=758210 With their wide array of capabilities, US special operations forces can play a central role in strategic competition.

The post Great power competition is back. What does that mean for US special operations forces? appeared first on Atlantic Council.

]]>
After 9/11, US special operations forces (USSOF) became well known for direct-action missions that captivated the public’s imagination and demonstrated unparalleled tactical success. The highly publicized raids, precision strikes, and elimination of terrorist threats solidified USSOF’s reputation as the tip of the spear in the US military’s arsenal.

In recent years, however, the global security environment has changed. Adversaries such as Russia and China are using a broad spectrum of diplomatic, informational, military, and economic tactics to challenge the US-led order and achieve their global aims. This return of strategic competition has drawn attention away from the surgical, direct-action operations so prominent during the height of the war on terror, and toward confronting the sophisticated strategies of near-peer adversaries.

So what does this mean for special operations forces?

USSOF will continue to have a central role in the era of renewed strategic competition—but only if there is a broader appreciation and application of USSOF’s capabilities, which extend far beyond just raids and precision strikes. Too often at present, however, USSOF’s distinct capabilities and expertise are overlooked or misunderstood among the broader national security community.

Some of these operations will require applying the operational tactics USSOF focused on since 9/11 to new challenges.

In the face of an evolving and increasingly complex global threat environment, USSOF represents a uniquely versatile component of the US Joint Force. It possesses an array of capabilities that, if fully leveraged, could significantly enhance US force posture. To do so, USSOF must shift its mindset and planning toward strategic competition. There must also be a concerted effort from the services and the Joint Force to integrate USSOF’s unique capabilities more effectively, and the broader defense community must take steps to make the most of the multifaceted value that USSOF brings to the table.

To begin with, USSOF must extend its reach into non-kinetic operations and expand its irregular warfare approach to address the advanced strategies of adversaries such as China and Russia. Some of these operations will require applying the operational tactics USSOF focused on since 9/11 to new challenges. For example, USSOF’s well-honed capabilities for navigating denied and niche environments, including underground operations—an important asset in past counterterrorism missions—are now vital for filling strategic gaps in unconventional warfare scenarios. The salience of this capability is evident, for example, if an adversary uses complex tunnel networks, and it represents just one aspect of USSOF’s highly specialized tactics, techniques, and procedures that can be transitioned to new strategic roles.

This transition will also require adapting USSOF’s strength in new ways. Some of this is already underway—for example, modernizations in naval capabilities are set to boost USSOF’s undersea warfare proficiency, which will help counter rivals such as China in contested spaces. USSOF should continue to prepare for the challenges posed by strategic competition by enhancing its cyber and space capabilities, investing in emerging fields such as artificial intelligence, and bolstering civil-affairs expertise for functioning in extreme and complex operating environments. Clear and decisive communication between the US assistant secretary of defense for special operations and low-intensity conflict and the United States Special Operations Command is vital to define the strategic contributions of special operations within the Department of Defense.

Yet embracing these changes also presents challenges, particularly for USSOF to define and measure its own success. The often-preventive nature of USSOF’s missions, which are aimed at deterring adversaries and shaping their behavior, requires a nuanced approach to evaluating effectiveness. Establishing clear objectives and metrics for strategic competition will be essential, enabling USSOF to quantify its successes and adapt its strategies accordingly.

At the same time, USSOF must maintain its proficiency in essential ongoing tasks, such as combating violent extremist organizations, countering terrorism, and managing weapons of mass destruction. Doing so is necessary so that the United States avoids strategic distractions, such as a preventable terrorist attack.

USSOF works extensively in the information domain, pushing back against propaganda and disinformation from adversaries.

As USSOF adapts its mindset and planning to meet the challenges posed by strategic competition, the Joint Force and the broader interagency must find ways to understand and maximize USSOF’s capabilities. To do so, decision makers across the Joint Force must properly recognize the full range of USSOF’s potential roles, particularly before conflict breaks out.

Unfortunately, some of these potential roles are under-resourced and underleveraged. For example, USSOF’s civil affairs and psychological operations capabilities, though currently underutilized, are essential for strategic competition. The sole brigade responsible for civil affairs is tasked with everything from economic analysis to liaising with civilian government agencies on the ground. With sufficient resources, it could expand its civil-military cooperation in volatile areas, support local governance, and respond to increasingly frequent natural disasters. Notably, United States Marine Forces Special Operations Command’s linguistic and cultural expertise, as demonstrated in long-term operations in the Philippines, highlights the value of investing more in these capacities, especially in strategic areas such as the Indo-Pacific.

Other roles for USSOF are better funded but are still underappreciated across the Department of Defense. USSOF works extensively in the information domain, pushing back against propaganda and disinformation from adversaries. According to General Richard Clarke, former commander of US Special Operations Command, commanders he visited on deployment spent about 60 percent of their time working in the information space. Such work will likely continue, since Russia and China show a growing interest in using information warfare to try to counter US strategic objectives worldwide. Despite this, unfilled billets in the Army’s Special Operations military information support operations were recently cut. This decision signals a troubling undervaluation of these vital capabilities.

If the potential capabilities that USSOF brings to strategic competition are better understood, then these capabilities are more likely to be supported, developed, and implemented in ways that will help shape the strategic environment effectively. Moreover, the capabilities will need to be integrated into a cohesive strategy across the Joint Force, coordinating USSOF’s presence within all seven geographic combatant commands and interagency partners. Doing so would allow USSOF’s capabilities to bridge the divides between different combatant command zones, which could improve the overall US strategic posture in competitive regions and facilitate improved intelligence sharing.

By enhancing USSOF’s capabilities and recognizing its value in strategic competition, the interagency and Department of Defense can ensure it effectively continues to protect US interests and contribute to global stability. Thus equipped, USSOF will remain adept at confronting modern conflict dynamics and asserting US international strategic priorities.


Alyxandra Marine is an assistant director with the Forward Defense program at the Atlantic Council. The recommendations from this piece are explained in further detailed in Stealth, speed, and adaptability: The role of special operations forces in strategic competition.

The post Great power competition is back. What does that mean for US special operations forces? appeared first on Atlantic Council.

]]>
Polymeropoulos coauthored for Politico about intelligence sharing and combatting transnational terrorist groups https://www.atlanticcouncil.org/insight-impact/in-the-news/polymeropoulos-intelligence-sharing-terrorism-politico/ Tue, 02 Apr 2024 14:52:25 +0000 https://www.atlanticcouncil.org/?p=755101 On April 2, Forward Defense nonresident senior fellow Marc Polymeropoulous coauthored “The Surprising Intelligence Community Outreach to Russia” for Politico about combatting the threat posed by transnational terrorist groups like ISIS-K. He warns that the United States must be careful when engaging with other nations for intelligence sharing and basic counterterrorism exchanges, as such outreach […]

The post Polymeropoulos coauthored for Politico about intelligence sharing and combatting transnational terrorist groups appeared first on Atlantic Council.

]]>

On April 2, Forward Defense nonresident senior fellow Marc Polymeropoulous coauthored “The Surprising Intelligence Community Outreach to Russia” for Politico about combatting the threat posed by transnational terrorist groups like ISIS-K.

He warns that the United States must be careful when engaging with other nations for intelligence sharing and basic counterterrorism exchanges, as such outreach can sometimes morph into more issues that intelligence professionals must face.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Polymeropoulos coauthored for Politico about intelligence sharing and combatting transnational terrorist groups appeared first on Atlantic Council.

]]>
Polymeropoulos quoted in USA Today about the “Havana Syndrome” and the US intelligence community https://www.atlanticcouncil.org/insight-impact/in-the-news/polymeropoulos-havana-syndrome/ Mon, 01 Apr 2024 14:24:54 +0000 https://www.atlanticcouncil.org/?p=754365 On April 1, Forward Defense Nonresident Senior Fellow Marc Polymeropoulos reacted to a ’60 Minutes’ report that named the Russian military intelligence unit behind the mysterious “Havana Syndrome,” neurological symptoms that US diplomats and spies have reported suffering from for nearly a decade.

The post Polymeropoulos quoted in USA Today about the “Havana Syndrome” and the US intelligence community appeared first on Atlantic Council.

]]>

On April 1, Forward Defense Nonresident Senior Fellow Marc Polymeropoulos reacted to a ’60 Minutes’ report that named the Russian military intelligence unit behind the mysterious “Havana Syndrome,” neurological symptoms that US diplomats and spies have reported suffering from for nearly a decade.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Polymeropoulos quoted in USA Today about the “Havana Syndrome” and the US intelligence community appeared first on Atlantic Council.

]]>
Polymeropoulos spoke with The Insider on suffering from “Havana Syndrome” https://www.atlanticcouncil.org/insight-impact/in-the-news/polymeropoulos-testimony-havana-syndrome/ Sun, 31 Mar 2024 19:56:54 +0000 https://www.atlanticcouncil.org/?p=754565 On March 31, Forward Defense Nonresident Senior Fellow Marc Polymeropoulos spoke with The Insider on his suffering from “Havana Syndrome” after his 26 year career as an operations officer with the Central Intelligence Agency (CIA).

The post Polymeropoulos spoke with The Insider on suffering from “Havana Syndrome” appeared first on Atlantic Council.

]]>

On March 31, Forward Defense Nonresident Senior Fellow Marc Polymeropoulos spoke with The Insider on his suffering from “Havana Syndrome” after his 26 year career as an operations officer with the Central Intelligence Agency (CIA).

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Polymeropoulos spoke with The Insider on suffering from “Havana Syndrome” appeared first on Atlantic Council.

]]>
Groen writes in The Cipher Brief about cryptocurrency and national security https://www.atlanticcouncil.org/insight-impact/in-the-news/groen-digital-battlefield-criminal-terrorism-cipher-brief/ Tue, 26 Mar 2024 16:50:00 +0000 https://www.atlanticcouncil.org/?p=752397 Michael Groen writes about combatting illicit actors and nation states with blockchain intelligence on the digital battlefield.

The post Groen writes in The Cipher Brief about cryptocurrency and national security appeared first on Atlantic Council.

]]>

On March 26, Forward Defense Nonresident Senior Fellow Michael Groen coauthored an article for The Cipher Brief titled “Preparing for a Digital Battlefield: National Security and Cryptocurrency” about combatting illicit actors and nation states with blockchain intelligence. He emphasized that sanctions enforcement and counterterrorism success must include digital tools and techniques to investigate, seize, and disrupt transactions in evolving domains to protect national security.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Groen writes in The Cipher Brief about cryptocurrency and national security appeared first on Atlantic Council.

]]>
Vinograd on CBS “Face the Nation” about the recent ISIS terrorist attack in Moscow, US border security, and more https://www.atlanticcouncil.org/insight-impact/in-the-news/vinograd-cbs-face-the-nation-intelligence-vetting-architecture/ Sun, 24 Mar 2024 19:41:36 +0000 https://www.atlanticcouncil.org/?p=752220 Samantha Vinograd speaks about increasing resources for vetting architecture and intelligence sharing to improve national security.

The post Vinograd on CBS “Face the Nation” about the recent ISIS terrorist attack in Moscow, US border security, and more appeared first on Atlantic Council.

]]>

On March 24, Forward Defense Nonresident Senior Fellow Samantha Vinograd appeared on CBS “Face the Nation” with Margaret Brennan discussing the recent terrorist attack carried out by ISIS-K in Moscow and southern US border security. She also spoke about the criticality of supplying resources for vetting architecture, intelligence sharing, and enhancing information arrangements with international partners.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Vinograd on CBS “Face the Nation” about the recent ISIS terrorist attack in Moscow, US border security, and more appeared first on Atlantic Council.

]]>
Eftimiades on NucleCast by ANWA Deterrence Center https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-on-nuclecast-by-anwa-deterrence-center/ Wed, 20 Mar 2024 19:47:30 +0000 https://www.atlanticcouncil.org/?p=749687 Eftimiades was interviewed on NucleCast by ANWA Deterrence Center, where he discussed  China's whole of society approach to espionage and the methods that they use to implement this approach.

The post Eftimiades on NucleCast by ANWA Deterrence Center appeared first on Atlantic Council.

]]>

On March 12, Forward Defense nonresident senior fellow Nicholas Eftimiades was interviewed on “NucleCast,” hosted by the ANWA Deterrence Center. He discussed China’s whole-of-society approach to espionage and the methods that Chinese actors use to implement this approach.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades on NucleCast by ANWA Deterrence Center appeared first on Atlantic Council.

]]>
Polymeropoulos cited on RawStory about concerns of Trump politicizing intelligence https://www.atlanticcouncil.org/insight-impact/in-the-news/polymeropoulos-trump-politicizing-intelligence/ Mon, 18 Mar 2024 15:52:15 +0000 https://www.atlanticcouncil.org/?p=750967 Marc Polymeropoulos notes that there will be negative effects for allies' information sharing if Trump continues to politicize intelligence.

The post Polymeropoulos cited on RawStory about concerns of Trump politicizing intelligence appeared first on Atlantic Council.

]]>

On March 18, Forward Defense Nonresident Senior Fellow Marc Polymeropoulos was cited about the negative effects that Trump’s politicization of intelligence would have on gathering and sharing information, particularly with American allies.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Polymeropoulos cited on RawStory about concerns of Trump politicizing intelligence appeared first on Atlantic Council.

]]>
Will the US crack down on TikTok? Six questions (and expert answers) about the bill in Congress. https://www.atlanticcouncil.org/blogs/new-atlanticist/will-the-us-crack-down-on-tiktok-six-questions-and-expert-answers-about-the-bill-in-congress/ Wed, 13 Mar 2024 23:42:14 +0000 https://www.atlanticcouncil.org/?p=747735 The US House has just passed a bill to force the Chinese company ByteDance to either divest from TikTok or face a ban in the United States.

The post Will the US crack down on TikTok? Six questions (and expert answers) about the bill in Congress. appeared first on Atlantic Council.

]]>
The clock is ticking. On Wednesday, the US House overwhelmingly passed a bill to force the Chinese company ByteDance to divest from TikTok, or else the wildly popular social media app would be banned in the United States. Many lawmakers say the app is a national security threat, but the bill faces an uncertain path in the Senate. Below, our experts address six burning questions about this bill and TikTok at large.

1. What kind of risks does TikTok pose to US national security?

Chinese company ByteDance’s ownership of TikTok poses two specific risks to US national security. One has to do with concerns that the Chinese Communist Party (CCP) could use its influence over the Chinese owners to use TikTok’s algorithm for propaganda purposes. Addressing this security concern is tricky due to legal protections for freedom of expression. The other risk, and the one addressed through the current House legislation, has to do with the ability of the CCP to use Chinese ownership of TikTok to access the massive amount of data that the app collects on its users. This could include data on everything from viewing tastes, to real-time location, to information stored on users’ phones outside of the app, including contact lists and keystrokes that can reveal, for example, passwords and bank activity.

Sarah Bauerle Danzman is a resident senior fellow with the Economic Statecraft Initiative in the Atlantic Council’s GeoEconomics Center.

This debate is not over free speech or access to social media: The question is fundamentally one of whether the United States can or should force a divestment of a social media company from a parent company (in this case ByteDance) if the company can be compelled to act under the direction of the CCP. We have to ask: Does the CCP have the intent or ability to compel data to serve its interests? There is an obvious answer here. We know that China has already collected massive amounts of sensitive data from Americans through efforts such as the Office of Personnel Management hack in 2015. Recent unclassified reports, including from the Office of the Director of National Intelligence, show the skill and intent of China to use personal data for influence. And the CCP has the legal structure in place to compel companies such as ByteDance to comply and cooperate with CCP requests.

Meg Reiss is a nonresident senior fellow at the Scowcroft Strategy Initiative of the Atlantic Council’s Scowcroft Center for Strategy and Security.

2. Are those risks unique to TikTok?

TikTok is not an unproblematic platform, and there are real and significant user risks that could pose dangers to safety and security, especially for certain populations. However, focusing on TikTok ignores broader vulnerabilities in the US information ecosystem that put Americans at risk. An outright ban of TikTok as currently proposed—particularly absent clearer standards for all platforms—would not meaningfully address these broader risks and would in fact potentially undermine US interests in a much more profound way.

As our recent report outlines in detail, a ban is unlikely to achieve the intended effect of meaningfully curbing China’s ability to gather sensitive data on Americans or to conduct influence operations that harm US interests. It also may contribute to a global curbing of the free flow of data that is essential to US tech firms’ ability to innovate and maintain a competitive edge.

Kenton Thibaut is a senior resident China fellow at the Atlantic Council’s Digital Forensic Research Lab.

Some have argued that TikTok, while on the aggressive end of the personal data collection spectrum, collects similar data to what other social media companies collect. However, the US government would counter with two points: First, TikTok has a history of skirting data privacy rules, such as those limiting data collection on children and those that prevent the collection of phone-specific identifiers called MAC numbers, and therefore the company cannot be trusted to handle sensitive personal data in accordance with the law. And second, unlike other popular apps, TikTok is ultimately beholden to Chinese regulations. This includes the 2017 Chinese National Intelligence Law that requires Chinese companies to hand over a broad range of information to the Chinese government if asked. Because China’s legal system is far more opaque than the United States’, it is unclear if the US government or its citizens would even know if the Chinese government ever asked for this data from TikTok. While TikTok’s management has denied supplying the Chinese government with such data, insider reports have uncovered Chinese employees gaining access to US user data. In other words, the US government has little reason to trust that ByteDance is keeping US user data safe from the CCP.

—Sarah Bauerle Danzman

3. What does the House bill actually do?

There are two important, related bills. The one that passed the House today is the Protecting Americans from Foreign Adversary Controlled Applications Act, which forces divestment. It is not an outright ban, and it is intended to address the real risk of ByteDance—thus TikTok—falling under the jurisdiction of China’s 2017 National Intelligence Law, which compels Chinese companies to cooperate with the CCP’s requests. However, divestment doesn’t completely solve for the additional potential risks of the CCP using TikTok in a unique or systemic way for data collection, algorithmic tampering (e.g. what topics surface or don’t surface to users), or information operations (e.g. an influence campaign unique to TikTok as opposed to on other platforms as well). Second, the Protecting Americans’ Data from Foreign Adversaries Act, which cleared a House committee last week, more directly addresses a broader risk of blocking the Chinese government’s access to the type of data that TikTok and many other social media platforms collect on the open market. The former without the latter is an incomplete approach to protecting Americans’ data from the CCP—and even the two combined falls short of a federal data privacy standard.

Graham Brookie is vice president and senior director of the Digital Forensic Research Lab.

There is no question China seeks to influence the American public and harvests large amounts of data on American citizens. As our recent report illuminates however, the Chinese state’s path to these goals depends very little on TikTok.

Today’s actions in the House underscore the disjointed nature of the US approach to governing technology. Rather than focus on TikTok specifically, it would be both legally and geopolitically wiser to pass legislation that sets standards for everyone, and not just one company. That could mean setting standards for what actions or behavior by any social media company would be unacceptable (for example on the use of algorithms or collection and selling of data). Or Congress could focus on prohibiting companies that are owned by states proven to have conducted hostile actions toward US digital infrastructure to operate in the United States. That would certainly include TikTok (and many other companies). This bill takes a halfway approach, both tying itself explicitly to TikTok owner ByteDance and hinting that it could apply to “other social media companies.”

Rose Jackson is the director of the Democracy and Tech Initiative at the Digital Forensic Research Lab.

The recently passed House bill, if it were to become law, would create a pathway to force the divestment of Chinese ownership in TikTok or ban the app from app stores and web hosting sites. Unlike previous attempts by the Trump administration to ban the app outright or force a divestment through the Committee on Foreign Investment in the United States, the Protecting Americans from Foreign Adversary Controlled Applications Act would not just affect TikTok. Instead, the legislation would create a process through which the US government could designate social media apps that are considered to be under the control of foreign adversaries as national security threats. Once identified as threats, the companies would have 180 days to divest from the foreign ownership or be subject to a ban.

—Sarah Bauerle Danzman

4. What would be some of the global ripple effects of a TikTok ban?

The United States has always opposed efforts by authoritarian nations seeking to build “great firewalls” around themselves. This model of “cyber sovereignty” sees the open, interoperable, and free internet as a threat, which is why countries like China already have a well-funded strategy to leverage global governance platforms to drive the development of a less open and more authoritarian-friendly version. A TikTok ban would ironically benefit authoritarian governments as they seek to center state-level action (over multi-stakeholder processes) in internet governance. TikTok should not lead the United States to abandon its longstanding commitment to the values of a free, open, secure, and interoperable internet.

A ban could generate more problems than it would solve. What the United States should consider instead is passing federal privacy laws and transparency standards that apply to all companies. This would be the single most impactful way to address broader system vulnerabilities, protect US values and commitments, and address the unique risks related to TikTok’s Chinese ownership, while avoiding the potential significant downsides of a ban. 

Kenton Thibaut

5. What do you make of TikTok’s response, particularly in pushing its users to flood Capitol Hill with calls?

Members of Congress were rightfully alarmed by TikTok’s use of its platform to send push notifications encouraging users to call their representatives. However, Uber and Lyft used this exact same tactic in California when trying to defeat legislation that would have required it to provide benefits to its drivers. If we try to solve “TikTok” and not the broader issue TikTok is illuminating, we will keep coming back to these same issues over and over again. 

—Rose Jackson

6. How is China viewing this debate?

The CCP has a tendency to throw a lot of spaghetti at the wall in an attempt to make its arguments, in this case that the divestment of TikTok from its Chinese parent company ByteDance is unnecessary. When the CCP has justified the internment of Uyghurs, it has thrown out everything from defending its repression based on terrorist beliefs across the population to claiming that it was just helping with social integration and developing work programs. The CCP has already made claims that the divestment would cause investors to lose faith in the US market and that it shows a fundamental weakness and abuse of national security. Expect many different versions of these arguments and more. But all the anticipated pushback will be focused on diverting the public argument away from the fundamental concern: The Chinese government can, under law, force a Chinese company to share information. 

—Meg Reiss

The post Will the US crack down on TikTok? Six questions (and expert answers) about the bill in Congress. appeared first on Atlantic Council.

]]>
Eftimiades on Think JSOU on the China’s espionage methodology https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-on-think-jsou-on-the-chinas-espionage-methodology/ Mon, 04 Mar 2024 16:50:26 +0000 https://www.atlanticcouncil.org/?p=730171 Nicholas Eftimiades discusses the role of intelligence operations in the strategic competition between the United States and China.

The post Eftimiades on Think JSOU on the China’s espionage methodology appeared first on Atlantic Council.

]]>

On February 20, Forward Defense nonresident senior fellow Nicholas Eftimiades was interviewed on Joint Special Operations University’s webinar, Think JSOU. He discussed China’s espionage methodology from his 2020 book, Chinese Espionage Operations and Tactics.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades on Think JSOU on the China’s espionage methodology appeared first on Atlantic Council.

]]>
Eftimiades in iNews on Chinese espionage https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-in-inews-on-chinese-espionage/ Wed, 31 Jan 2024 19:22:19 +0000 https://www.atlanticcouncil.org/?p=730170 Nicholas Eftimiades discusses the role of intelligence operations in the strategic competition between the United States and China.

The post Eftimiades in iNews on Chinese espionage appeared first on Atlantic Council.

]]>

On January 31st, Forward Defense nonresident senior fellow Nicholas Eftimiades was quoted in iNews discussing Chinese espionage and the West’s inability to counter it.

We’re under siege. Everywhere you look, something different is happening

Nicholas Eftimiades

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades in iNews on Chinese espionage appeared first on Atlantic Council.

]]>
Dean quoted in the Australian Financial Review on protecting AUKUS technology https://www.atlanticcouncil.org/insight-impact/in-the-news/dean-quoted-in-the-australian-financial-review-on-protecting-aukus-technology/ Tue, 23 Jan 2024 18:47:30 +0000 https://www.atlanticcouncil.org/?p=735039 On January 22, IPSI nonresident senior fellow Peter Dean was quoted in an Australian Financial Review article, where he explained that Australian private sector security arrangements are insufficient to protect sensitive AUKUS technology.

The post Dean quoted in the Australian Financial Review on protecting AUKUS technology appeared first on Atlantic Council.

]]>

On January 22, IPSI nonresident senior fellow Peter Dean was quoted in an Australian Financial Review article, where he explained that Australian private sector security arrangements are insufficient to protect sensitive AUKUS technology.

The post Dean quoted in the Australian Financial Review on protecting AUKUS technology appeared first on Atlantic Council.

]]>
Eftimiades in SpyTalk on Chinese soldier training with US contractors https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-in-spytalk-on-chinese-soldier-training-with-us-contractors/ Mon, 22 Jan 2024 23:51:36 +0000 https://www.atlanticcouncil.org/?p=730172 Nicholas Eftimiades discusses the role of intelligence operations in the strategic competition between the United States and China.

The post Eftimiades in SpyTalk on Chinese soldier training with US contractors appeared first on Atlantic Council.

]]>

On January 19, Forward Defense nonresident senior fellow Nicholas Eftimiades was quoted in SpyTalk discussing the failure of US intelligence to detect PLA military training happening inside the US by unwitting former Navy SEALS and Army Special Forces who operate as contractors.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades in SpyTalk on Chinese soldier training with US contractors appeared first on Atlantic Council.

]]>
Gericke featured on episode of NucleCast podcast https://www.atlanticcouncil.org/insight-impact/in-the-news/gericke-featured-on-episode-of-nuclecast-podcast/ Wed, 17 Jan 2024 19:17:43 +0000 https://www.atlanticcouncil.org/?p=735064 On January 16, IPSI nonresident senior fellow Brad Gericke spoke on an episode of NucleCast, a podcast produced by the Advanced Nuclear Weapons Alliance Deterrence Center. He discussed the situation leading up to Russia’s invasion of Ukraine and the perspective of the intelligence community during this time. 

The post Gericke featured on episode of NucleCast podcast appeared first on Atlantic Council.

]]>

On January 16, IPSI nonresident senior fellow Brad Gericke spoke on an episode of NucleCast, a podcast produced by the Advanced Nuclear Weapons Alliance Deterrence Center. He discussed the situation leading up to Russia’s invasion of Ukraine and the perspective of the intelligence community during this time. 

The post Gericke featured on episode of NucleCast podcast appeared first on Atlantic Council.

]]>
The sentencing of a US Navy sailor is a window into Chinese espionage. Here’s how the US should respond. https://www.atlanticcouncil.org/blogs/new-atlanticist/the-sentencing-of-a-us-navy-sailor-is-a-window-into-chinese-espionage-heres-how-the-us-should-respond/ Sat, 13 Jan 2024 17:09:30 +0000 https://www.atlanticcouncil.org/?p=724859 China’s intelligence services recognize that national security information does not have to be classified to provide them with value.

The post The sentencing of a US Navy sailor is a window into Chinese espionage. Here’s how the US should respond. appeared first on Atlantic Council.

]]>
The United States and its allies and partners are under constant threat from pervasive efforts by China to collect intelligence, though this rarely makes it into the public eye. This week provided a clear reminder of this threat. On January 8, US Navy sailor Wenheng Zhao, who pled guilty in October 2023 in the Central District of California to one count of conspiring with a foreign intelligence officer and one count of receiving a bribe, was sentenced to twenty-seven months in prison and ordered to pay a $5,500 fine.

Zhao was one of two active duty US servicemembers indicted in August 2023 for providing sensitive US military information to China. The second, Jinchao Wei, was indicted for violating an espionage statute and multiple export violations in the Southern District of California. According to the indictment, he was granted US citizenship while the alleged illegal activities were taking place. (Wei is, of course, presumed innocent until proven guilty in a court of law.)

These two cases are playing out as tensions remain high between the United States and China, even after the November 2023 meeting between US President Joe Biden and Chinese leader Xi Jinping. In response to these court cases, there will be an understandable temptation for the United States to react by doing something to address Chinese espionage, and perhaps even pressure for systemic changes to the US counterintelligence approach. But big, sudden changes often create new and potentially greater vulnerabilities. Instead, policymakers should respond carefully and deliberately by seizing this moment to manage counterintelligence and security risks more effectively over the long term.

This can be done by decreasing the probability of future similar events from occurring, while avoiding creating new risks. Specifically, the response should consider focusing on prevention via training, enhanced information-sharing with allies and partners, and a shift to a more holistic risk-based personnel security approach for all US military members.

Intelligence collection doesn’t always mean stealing classified secrets

These two cases suggest that China’s intelligence services recognize that national security information does not have to be classified to provide them with value.  

Although both Zhao and Wei reportedly had secret-level security clearances, they were not assigned to particularly sensitive military occupational specialties, and there are no indications within the indictments that they passed classified information to Beijing’s intelligence services.

Wei was assigned to the USS Essex amphibious assault ship, which operates as a “Lightning carrier,” a platform for fifth generation F-35B Lightning strike aircraft. He allegedly used his phone to take photos that he provided to China’s intelligence services, while also providing information regarding potential vulnerabilities of the USS Wasp class of US Navy ship.

Zhao reportedly provided Chinese intelligence with information regarding the electrical system for a storage facility at a base in Okinawa housing a Ground/Air Task-Oriented Radar system. This radar system is used for expeditionary warfare that supports Marines in a contested or potentially contested maritime area—the kind of warfare that would matter in a conflict in the Western Pacific.

Given China’s resources, these were low-cost operations relative to the information allegedly received and a high return on investment to enhance Beijing’s hard power. As compensation for their alleged activities, Wei reportedly received between $10,000 and $15,000, while Zhao received the equivalent of almost $15,000.  

Three new steps to bolster counterintelligence and security

While these cases shed light on national security risks for the United States and its allies and partners, they also present the opportunity to justify new options for Washington to respond. That response should not, for example, be to limit the opportunities for foreign nationals to serve honorably in the US military or take measures that could damage recruitment and retention. Rather, it should take careful, measured steps to reinforce the foundations of counterintelligence and security. There are three steps policymakers should take next:

1. Focus more on prevention relative to treatment

In the medical community, doctors think of solutions in terms of prevention and treatment. For national security, the United States must do both, but in this instance, prevention—via training—should be the focus.

Specifically, the Department of Defense should enhance its counterintelligence threat awareness and reporting training program. This can be done by increasing the frequency of the training, presenting the information in different ways, and requiring a signed acknowledgement of responsibility from the training recipient. Such prevention measures would require additional resources for the Department of Defense counterintelligence and security system, but it would be worth the cost since the enhanced training requirements would decrease risk and potential costs overall.

2. Mobilize allies and partners to work together on counterintelligence

While protecting the integrity of the criminal justice process, the United States should consider sharing as much information as possible with its allies and partners about the methods that China’s intelligence services use to conduct their operations, particularly US allies and partners in the Indo-Pacific, since they are likely being targeted using similar methods. 

Specifically, the US counterintelligence community should host periodic events with its allies and partners to exchange information regarding how Beijing’s intelligence services target military members. This will help educate their military personnel regarding the evolving threat, including the types of cover used to approach potential targets. In the case of Zhao, the Chinese intelligence officer reportedly portrayed himself to Zhao as a maritime economic researcher, who needed information in order to “inform investment decisions.”

3. Establish a more holistic approach to personnel security that better integrates counterintelligence

Finally, the Department of Defense should consider enhancing the current security clearance-based system with a more holistic, risk-based personnel security approach. This would include those US military members who do not require access to classified information.

How might this work? There are various policies and systems already in place for personnel security and information security, especially for individuals who hold top secret security clearances and those who work in sensitive compartmented information facilities (SCIFs). Those important safeguards for security clearance holders should remain, but there are currently disconnects between security considerations (Do the duties of a position require working with sensitive information?) and counterintelligence findings (What information might China or other countries want?). The goal, then, should be to more closely integrate security and counterintelligence. Such an approach would fuse counterintelligence information regarding the evolving capabilities and intentions of foreign intelligence services with information about the duties of the position.

The risks of national security information being provided to foreign intelligence services have always existed and can never be eliminated, so the objective should be to optimally manage those risks. This could best be accomplished by investing in training, increasing sharing with allies and partners, and shifting to a more holistic risk-based personnel security approach for all US military members. 

Given the long-term and dynamic challenges of US-China strategic competition, now is the time to adapt US counterintelligence and security policy to effectively meet those challenges posed by China’s intelligence collection efforts.


Andrew Brown is a nonresident fellow with the Atlantic Council’s Indo-Pacific Security Initiative, where he specializes in defense and intelligence issues. He was previously a criminal investigator with the Department of Defense and was assigned to the Office of the Director of National Intelligence (ODNI).

The views expressed in this article are the author’s and do not reflect those of the Department of Defense or ODNI.

The post The sentencing of a US Navy sailor is a window into Chinese espionage. Here’s how the US should respond. appeared first on Atlantic Council.

]]>
Hinata-Yamaguchi quoted in NK News on trilateral information sharing https://www.atlanticcouncil.org/insight-impact/in-the-news/hinata-yamaguchi-quoted-in-nk-news-on-trilateral-information-sharing/ Wed, 20 Dec 2023 20:18:43 +0000 https://www.atlanticcouncil.org/?p=726830 On December 19, IPSI nonresident senior fellow Ryo Hinata-Yamaguchi was quoted in NK News on US-Japan-ROK trilateral sharing of information on North Korean missile launches. 

The post Hinata-Yamaguchi quoted in NK News on trilateral information sharing appeared first on Atlantic Council.

]]>

On December 19, IPSI nonresident senior fellow Ryo Hinata-Yamaguchi was quoted in NK News on US-Japan-ROK trilateral sharing of information on North Korean missile launches. 

The post Hinata-Yamaguchi quoted in NK News on trilateral information sharing appeared first on Atlantic Council.

]]>
Panikoff interviewed by Scripps News on Israel’s intelligence failure on Hamas attack https://www.atlanticcouncil.org/insight-impact/in-the-news/panikoff-interviewed-by-scripps-news-on-israels-intelligence-failure-on-hamas-attack/ Thu, 07 Dec 2023 20:44:42 +0000 https://www.atlanticcouncil.org/?p=694277 The post Panikoff interviewed by Scripps News on Israel’s intelligence failure on Hamas attack appeared first on Atlantic Council.

]]>

The post Panikoff interviewed by Scripps News on Israel’s intelligence failure on Hamas attack appeared first on Atlantic Council.

]]>
Panikoff quoted in CBC, The National on significance of Hamas terror attack https://www.atlanticcouncil.org/insight-impact/in-the-news/panikoff-quoted-in-cbc-the-national-on-significance-of-hamas-terror-attack/ Thu, 07 Dec 2023 20:44:38 +0000 https://www.atlanticcouncil.org/?p=694288 The post Panikoff quoted in CBC, The National on significance of Hamas terror attack appeared first on Atlantic Council.

]]>

The post Panikoff quoted in CBC, The National on significance of Hamas terror attack appeared first on Atlantic Council.

]]>
Advancing US-Colombia cooperation on drug policy and law enforcement https://www.atlanticcouncil.org/in-depth-research-reports/report/advancing-us-colombia-cooperation-on-drug-policy-and-law-enforcement/ Thu, 30 Nov 2023 13:00:00 +0000 https://www.atlanticcouncil.org/?p=705700 Consumption and price of the drug has remained stable in the United States in recent years. However, the current trend of falling coca leaf and cocaine prices in Colombia present a natural incentive for coca growers to find alternative forms of income, which could mean a higher rate of success for alternative development programs.

The post Advancing US-Colombia cooperation on drug policy and law enforcement appeared first on Atlantic Council.

]]>
A report by the Atlantic Council’s US-Colombia Advisory Group; honorary co-chaired by Senator Ben Cardin (D-MD) and Senator Bill Hagerty (R-TN)

With Geoff Ramsey and Isabel Chiriboga

Executive summary

On September 7, 2023, the Petro administration presented a new strategy to combat the illicit drug trade in Colombia—at a time when illicit coca cultivation is at an all-time high. The strategy’s emphasis on rural development and on offering viable economic alternatives for illicit crop growers, as well as changing counternarcotics priorities in Washington, provide a set of new opportunities for US-Colombia collaboration.

The United States and Colombia have a thirty-year track record of collaboration on this issue. Yet there is still a long road ahead, especially considering the growing concerns over the proliferation of organized crime in Colombia and the region writ large. In this context, progress on US-Colombia counternarcotics cooperation will require a delicate balance between reducing large-scale coca cultivation and building the capacity of security services to disrupt organized criminal networks, as well as investing in the rural communities most affected by this phenomenon.

At the same time, there is a growing recognition in the United States that the illicit drug trade is a shared responsibility primarily fueled by demand. Consumption and price have remained stable in the United States in recent years. However, the current trend of falling coca leaf and cocaine prices in Colombia present a natural incentive for coca growers to find alternative forms of income, which could mean a higher rate of success for alternative development programs and crop-substitution efforts if combined with a comprehensive law enforcement strategy.

The United States and Colombia should continue to collaborate closely to address the problems arising from the supply and demand for illicit drugs in this global context. This is crucial considering the emergence of new drug markets in West Africa and Europe, as well as the connections of certain trafficking organizations to fentanyl production. These dynamics, as well as a lack of state presence and the absence of economic alternatives in many parts of rural Colombia, have created longstanding challenges for both countries. Moving forward, it is crucial that both nations align their strategies to make the most impactful use of US assistance. The recommendations presented here are meant to bolster the approach to a decades-old problem.

US-Colombia Advisory Group recommendations

1. Enhance international cooperation efforts to dismantle organized crime groups and bolster interdiction operations.

Under Colombian law, any individual arrested by a Colombian authority at sea must be presented to a judicial officer within forty-eight hours. In practice, this means that offshore patrol vessels (OPVs) must leave their station. During that time, there is a gap in maritime coverage. The United States can support Colombia by offering essential equipment and training to incorporate advanced technology into OPVs. This could involve leveraging video processing techniques to facilitate due process during apprehensions at sea, thus negating the need for the vessel to return to port, while ensuring the protection of the rights of the accused and full compliance with Colombian law.

2. Define precise and inclusive guidelines for the manual eradication of “industrial” plantations, while working to develop additional metrics to measure progress.

In replacing coca and other illicit crops with other industrial-scale agricultural yields, several factors should be considered. These include the type of industrial crops best suited for coca-growing areas, the presence of an external market for large-scale production, and the fulfilment of sanitary and phytosanitary (SPS) standards overseas so that these products can have a guaranteed market access. To comply with these requirements, the Colombian government should promote public and private alliances to produce industrial-scale crops with SPS standards approved.

3. Strengthen coordination efforts between national and local governance on rule of law and state presence in conflict-torn communities.

The Petro administration should enhance coordination efforts between the national government and local authorities. While the current drug and security strategies outline fundamental areas for progress, they can better incorporate perspectives from local government at the level of cities and municipalities. These include persistent budgetary concerns exacerbated by growing migration pressures and the need for greater coordination on the implementation of nationwide policies.

4. Expand and strengthen US-led capacity-building programs for the prevention and detection of money laundering and financial crimes, with a focused emphasis on cyber-based illicit transactions.

Certain sectors, including banking, gold mining, legal advisory, and real estate are particularly vulnerable to money laundering. To address this, Colombian law enforcement, military forces, and intelligence units should enhance existing partnerships with their US counterparts to significantly upscale training and capacity-building with an emphasis on cyber-based illicit transactions. Special attention should be given to small financial cooperatives and credit providers, which are at a higher risk of unwittingly facilitating illegal transactions.

5. Advance the implementation of a holistic bilateral counternarcotic agenda through a careful balance of effective drug policies.

The United States and Colombia should prioritize policies that will mitigate the escalating violence and security challenges Colombia faces. This includes enhanced cooperation efforts on real-time intelligence sharing on drug trafficking including routes, money laundering, and key individuals, and promoting advanced technologies for surveillance, interdiction, and data analytics to combat traffickers. Once the security situation is under control cooperation should focus on making those conditions sustainable through long-term social programs.

6. Work with affected communities to develop an environmentally sustainable approach to transition to legal crop cultivation while mitigating further environmental damage.

The United States could be a key partner in accompanying the Colombian government in shaping the preservation of the Amazon, as it will require restructuring a portion of Colombia’s debt to allocate the saved funds toward initiatives focused on forest preservation, sustainable land use, and community development. To achieve this, both countries can begin by collaborating on a detailed framework that outlines specific conservation targets and reforestation goals to then decide on the allocation of saved debt funds toward a combination of projects, particularly in areas with coca cultivation.

7. Advocate for the creation of a multilateral trust fund that can provide sustained funding for crop substitution and alternative development programs to curb the growing illicit drug-production trend.

Colombia’s new anti-drug strategy carries an estimated cost exceeding $21 billion over the next decade. To secure international support and incentivize donors to contribute to the long-term success of crop substitution and an alternative development program, we propose the establishment of a trust fund led by a recognized international financial institution. Given that the World Bank has a proven track record of efficiently mobilizing resources through trust funds,1 it may be best suited to leverage its extensive convening power on both the international stage and within individual countries.

About the US-Colombia Advisory Group

Since its founding in 2017, the Advisory Group has been co-chaired by Senators Roy Blunt (R-MO) and Ben Cardin (D-MD). This year, upon Senator Blunt’s retirement, Senator Bill Hagerty (R-TN) assumes the honorary chairmanship alongside Senator Cardin.

Senators Cardin and Hagerty are both members of the Senate Foreign Relations Committee, where, in addition to other assignments, Senator Cardin serves as Chairman and Senator Hagerty as Ranking Member of the Subcommittee on State Department & USAID Management, International Operations, & Bilateral International Development. The two senators bring additional regional and global expertise to their honorary co-chairmanship: Senator Cardin is a member of the Subcommittee on Western Hemisphere, Transnational Crime, Civilian Security, Democracy, Human Rights, & Global Women’s Issues; and Senator Hagerty is a member of the Subcommittee on East Asia, The Pacific, & International Cybersecurity Policy.

In 2023-2024, the Advisory Group will provide a concrete plan on how to navigate the potential changes in US-Colombia relations. A new administration in Colombia represents a unique opportunity to work with an increasingly diverse set of actors in the public, private, and civil society sectors to deepen US-Colombia economic and diplomatic ties. The Advisory Group will advance concrete recommendations where the United States and Colombia can advance long-lasting peace and socio-economic prosperity that mutually benefits each country.


About the writers

Geoff Ramsey is a senior fellow at the Atlantic Council’s Adrienne Arsht Latin America Center. Ramsey is a leading expert on US policy towards Venezuela and has traveled regularly to the country for the last decade. Before joining the Atlantic Council, Ramsey directed the Venezuela program at the Washington Office on Latin America where he led the organization’s research on Venezuela and worked to promote lasting political agreements aimed at restoring human rights, democratic institutions, and the rule of law. Prior to that, he carried out research and reporting on security and human-rights issues in Colombia, Uruguay, and Brazil with InSight Crime and as a consultant for the Open Society Foundations. His work has been published or cited in Foreign Policy, the New York Times, the Wall Street Journal, the Washington Post, the Economist, and other major media outlets. Ramsey earned a master’s degree in international affairs from the American University School of International Service, as well as a bachelor of arts in international studies with a minor in Spanish from American University.

Isabel Chiriboga is a program assistant at the Atlantic Council’s Adrienne Arsht Latin America Center, where she contributes to the center’s work on Colombia, Ecuador, Peru and Chile. She also helps steward the Center’s Advisory Council. During her time at the Atlantic Council, she has supported the work of the US-Colombia Advisory Group, the US-Chile Integration Program and the center’s programming around the International Monetary Fund and World Bank meetings. Her work has been published in Foreign Policy, Miami Herald, The National InterestGlobal Americans and the New Atlanticist. Prior to her time at the Atlantic Council, Chiriboga worked as a research assistant at the London School of Economics’ Department of International Relations conducting research on the impact of land inequality in Argentina’s democratization. Prior to that, she worked at the embassy of Ecuador in Washington, where she supported the trade agreement negotiations process between Ecuador and the United States. Originally from Ecuador, Chiriboga has lived in the United States, Spain, and the United Kingdom. She has a bachelor’s degree in international economics and international affairs from Trinity University. Chiriboga also completed a year-long study abroad program at the London School of Economics.  

About the Center Director

Jason Marczak is the Vice President and Senior Director of the Atlantic Council’s Adrienne Arsht Latin America Center, joining the center in 2013 for its launch. He has more than twenty years of expertise in regional economics, politics, and development, working with policymakers and private-sector leaders to shape public policy. Marczak has also been an adjunct professor at the George Washington University’s Elliott School of International Affairs since 2016. Among his previous positions, he served as director of policy at Americas Society/Council of the Americas in New York City and co-founder of Americas Quarterly magazine. Marczak is a frequent English- and Spanish-language contributor to major media outlets, and a sought-after speaker, and has testified before the US Congress on key regional developments. He holds a bachelor’s degree from Tufts University and a master’s degree in international affairs and economics from the Johns Hopkins University Paul Nitze School of Advanced International Studies.


US-Colombia Advisory Group

We are beyond grateful to our US-Colombia Advisory Group members for their passion, commitment, expertise, and leadership. Members who provided crucial input and have decided to have their names associated with this report are listed below.

Honorary Co-Chairs

The Hon. Ben Cardin
US Senator (D-MD)
United States

The Hon. Bill Hagerty
US Senator (R-TN)
United States

Members

Alejandro Mesa

Ambassador Anne Patterson

Ambassador Carolina Barco

Ambassador Kevin Whitaker

Ambassador P. Michael McKinley

Ambassador Paula Dobriansky

Ambassador Rand Beers

Ambassador Roger Noriega

Ambassador William Brownfield

Angela Tafur

Cynthia Arnson

Felipe Ardila

Josefina Klinger

Juan Esteban Orduz

Kristie Pellecchia

Minister Maria Claudia Lacouture

Minister Mabel Torres

Minister Mauricio Cardenas

Michael Shifter

Muni Jensen

Stephen Donehoo

Steve Hege

Acknowledgments

We would like to thank Adrienne Arsht for her generous support, without which the work of this Advisory Group would not have been possible.

Foremost, thank you to Senator Bill Hagerty (R-TN) and Senator Ben Cardin (D-MD) for their leadership as honorary co-chairs of this group. It is always a true pleasure and honor to work with them and to see how successful bipartisan efforts come to fruition. Thank you to Robert Zarate, Nick Checker, Lucas Da Pieve, Michael Manucy, Tom Melia, Brandon Yoder, Stephanie Oviedo, and Aidan Maese-Czeropski for facilitating the unwavering cooperation of our honorary co-chairs.

Isabel Chiriboga, Adrienne Arsht Latin America Center (AALAC) program assistant, was an instrumental force behind this project from start to finish. She played a key role in coordinating the Advisory Group, drafting the report, and organizing multiple strategy sessions. We also thank Enrique Millán-Mejía, AALAC consultant, who provided crucial expertise, important feedback, and logistical support for this project, and Lucie Kneip for her research and editorial support throughout the publication process. The success of this project is also thanks to the leadership of Jason Marczak and Geoff Ramsey, who worked to convene the Advisory Group and whose passion for a prosperous US-Colombia strategic partnership is reflected in this brief.

For decisive input, thorough research, and as an exceptional adviser on the topic we thank Ambassador Kevin Whitaker. For their precise editorial assistance and flexibility, we thank Cate Hansberry and Mary Kate Aylward and Beverly Larson. We would also like to extend our thanks to Nancy Messieh, Andrea Ratiu, and Romain Warnault for their design of another Adrienne Arsht Latin America Center publication.

The Adrienne Arsht Latin America Center broadens understanding of regional transformations and delivers constructive, results-oriented solutions to inform how the public and private sectors can advance hemispheric prosperity.

The post Advancing US-Colombia cooperation on drug policy and law enforcement appeared first on Atlantic Council.

]]>
Jo quoted in BBC on suspension of ROK-DPRK military pact https://www.atlanticcouncil.org/insight-impact/in-the-news/jo-quoted-in-bbc-on-suspension-of-rok-dprk-military-pact/ Fri, 24 Nov 2023 21:30:52 +0000 https://www.atlanticcouncil.org/?p=715601 On November 22, IPSI nonresident senior fellow Bee Yun Jo was quoted in a BBC article on South Korea’s partial suspension of a 2018 military pact with North Korea following Pyongyang’s recent spy satellite launch. On November 23, Jo was quoted in another BBC article on North Korea’s promise to fully suspend the pact, explaining […]

The post Jo quoted in BBC on suspension of ROK-DPRK military pact appeared first on Atlantic Council.

]]>

On November 22, IPSI nonresident senior fellow Bee Yun Jo was quoted in a BBC article on South Korea’s partial suspension of a 2018 military pact with North Korea following Pyongyang’s recent spy satellite launch. On November 23, Jo was quoted in another BBC article on North Korea’s promise to fully suspend the pact, explaining that “because North Korea was not adhering to the agreement in the first place, the possibility of limited collision has always been there.”

The post Jo quoted in BBC on suspension of ROK-DPRK military pact appeared first on Atlantic Council.

]]>
Rich Outzen joins WION News on Gaza information war https://www.atlanticcouncil.org/insight-impact/in-the-news/rich-outzen-joins-wion-news-on-gaza-information-war/ Wed, 15 Nov 2023 14:14:08 +0000 https://www.atlanticcouncil.org/?p=720213 The post Rich Outzen joins WION News on Gaza information war appeared first on Atlantic Council.

]]>

The post Rich Outzen joins WION News on Gaza information war appeared first on Atlantic Council.

]]>
Roberts featured as guest on San Francisco Experience podcast https://www.atlanticcouncil.org/insight-impact/in-the-news/roberts-featured-as-guest-on-san-francisco-experience-podcast/ Fri, 20 Oct 2023 19:06:30 +0000 https://www.atlanticcouncil.org/?p=715529 On October 19, IPSI/GCH nonresident senior fellow Dexter Tiff Roberts spoke on an episode of the San Francisco Experience podcast, where he discussed the recent meeting of the Five Eyes intelligence chiefs in Silicon Valley. He explained that this unprecedented meeting was a response to a massive push in Chinese espionage to steal cutting-edge technology. […]

The post Roberts featured as guest on San Francisco Experience podcast appeared first on Atlantic Council.

]]>

On October 19, IPSI/GCH nonresident senior fellow Dexter Tiff Roberts spoke on an episode of the San Francisco Experience podcast, where he discussed the recent meeting of the Five Eyes intelligence chiefs in Silicon Valley. He explained that this unprecedented meeting was a response to a massive push in Chinese espionage to steal cutting-edge technology. With the PRC ramping up its espionage efforts against tech companies, he explained that this meeting was a warning call to these companies to put anti-espionage protections in place immediately. 

The post Roberts featured as guest on San Francisco Experience podcast appeared first on Atlantic Council.

]]>
Cartin quoted in Politico on Huawei use in Germany https://www.atlanticcouncil.org/insight-impact/in-the-news/cartin-quoted-in-politico-on-german-huawei-use/ Mon, 16 Oct 2023 19:35:53 +0000 https://www.atlanticcouncil.org/?p=707689 On October 15, IPSI nonresident senior fellow Josh Cartin was quoted in a Politico article on continued attempts by the United States to convince Germany to curb its use of Huawei technology. Cartin explained that “having a Chinese company that is strongly susceptible to the [Communist Party of China] leading the globe in a foundational […]

The post Cartin quoted in Politico on Huawei use in Germany appeared first on Atlantic Council.

]]>

On October 15, IPSI nonresident senior fellow Josh Cartin was quoted in a Politico article on continued attempts by the United States to convince Germany to curb its use of Huawei technology. Cartin explained that “having a Chinese company that is strongly susceptible to the [Communist Party of China] leading the globe in a foundational technology was not only a security problem, but a major economic problem.”  

The post Cartin quoted in Politico on Huawei use in Germany appeared first on Atlantic Council.

]]>
Atkins on Industrial Cybersecurity Pulse podcast https://www.atlanticcouncil.org/insight-impact/in-the-news/atkins-on-industrial-cybersecurity-pulse-podcast/ Sat, 14 Oct 2023 20:54:08 +0000 https://www.atlanticcouncil.org/?p=707772 On October 13, IPSI nonresident senior fellow Victor Atkins spoke on an episode of the Industrial Cybersecurity Pulse Cybersecurity Awareness Month podcast series. He discussed issues such as patching organizational and personal cyber vulnerabilities, IT/OT integration, and emerging technologies such as AI and machine learning. Atkins noted that with the increasing automation of critical infrastructure […]

The post Atkins on Industrial Cybersecurity Pulse podcast appeared first on Atlantic Council.

]]>

On October 13, IPSI nonresident senior fellow Victor Atkins spoke on an episode of the Industrial Cybersecurity Pulse Cybersecurity Awareness Month podcast series. He discussed issues such as patching organizational and personal cyber vulnerabilities, IT/OT integration, and emerging technologies such as AI and machine learning. Atkins noted that with the increasing automation of critical infrastructure sectors from communications to shipping, the target for cyberattacks is increasing; however, he explained, private-sector threat intelligence entities are increasing opportunities to discover and respond to these threats. 

The post Atkins on Industrial Cybersecurity Pulse podcast appeared first on Atlantic Council.

]]>
Nusairat in ISPI: Jordan: internal security first  https://www.atlanticcouncil.org/insight-impact/in-the-news/nusairat-in-ispi-jordan-internal-security-first/ Fri, 13 Oct 2023 21:35:23 +0000 https://www.atlanticcouncil.org/?p=693916 The post Nusairat in ISPI: Jordan: internal security first  appeared first on Atlantic Council.

]]>

The post Nusairat in ISPI: Jordan: internal security first  appeared first on Atlantic Council.

]]>
Wechsler mentioned in Formiche on the Israel-Hamas war https://www.atlanticcouncil.org/insight-impact/in-the-news/wechsler-mentioned-in-formiche-on-the-israel-hamas-war/ Tue, 10 Oct 2023 18:28:46 +0000 https://www.atlanticcouncil.org/?p=689737 For the American think tanker, there are a number of questions — from the future of the Strip to new fronts, from regional integration to domestic politics — that Israel is asking itself in deciding the timing and methods of the counter-offensive against Hamas

The post Wechsler mentioned in Formiche on the Israel-Hamas war appeared first on Atlantic Council.

]]>

For the American think tanker, there are a number of questions — from the future of the Strip to new fronts, from regional integration to domestic politics — that Israel is asking itself in deciding the timing and methods of the counter-offensive against Hamas

From a purely military point of view, Hamas lost the war the moment it decided to start it. Israel is a far superior power, and in the aftermath of the terrorist attacks by Hamas, the Israeli public appears deeply shocked, incredibly united and firmly resolute in the work to be done.

William F. Wechsler

The post Wechsler mentioned in Formiche on the Israel-Hamas war appeared first on Atlantic Council.

]]>
Eftimiades in South China Morning Post and The Wire China https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-in-south-china-morning-post-and-the-wire-china/ Tue, 10 Oct 2023 17:48:19 +0000 https://www.atlanticcouncil.org/?p=691564 Nicholas Eftimiades discusses the role of intelligence operations in the strategic competition between the United States and China.

The post Eftimiades in South China Morning Post and The Wire China appeared first on Atlantic Council.

]]>

On October 7, Forward Defense nonresident senior fellow Nicholas Eftimiades was quoted in South China Morning Post discussing the role of intelligence operations in the strategic competition between the United States and China.

He was also quoted in The Wire China, highlighting the geopolitical implications of commercial competition over communications satellites.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades in South China Morning Post and The Wire China appeared first on Atlantic Council.

]]>
Donovan quoted by Energy Intelligence on US response to Russia’s LNG https://www.atlanticcouncil.org/insight-impact/in-the-news/donovan-quoted-by-energy-intelligence-on-us-response-to-russias-lng/ Thu, 28 Sep 2023 20:28:39 +0000 https://www.atlanticcouncil.org/?p=688606 Read the full article here.

The post Donovan quoted by Energy Intelligence on US response to Russia’s LNG appeared first on Atlantic Council.

]]>
Read the full article here.

The post Donovan quoted by Energy Intelligence on US response to Russia’s LNG appeared first on Atlantic Council.

]]>
Cynkin interviewed by Yonhap News on intelligence approaches to Russia-North Korea partnership https://www.atlanticcouncil.org/insight-impact/in-the-news/cynkin-interviewed-by-yonhap-news-on-intelligence-approaches-to-russia-north-korea-partnership/ Tue, 19 Sep 2023 17:32:00 +0000 https://www.atlanticcouncil.org/?p=685112 On September 17, IPSI nonresident senior fellow Thomas Cynkin was quoted in Yonhap News. Cynkin suggested that the United States may benefit from declassifying and disclosing more information related to trade activity between North Korea and Russia, as it did with intelligence on Russian military action prior to the invasion of Ukraine. He explained that […]

The post Cynkin interviewed by Yonhap News on intelligence approaches to Russia-North Korea partnership appeared first on Atlantic Council.

]]>

On September 17, IPSI nonresident senior fellow Thomas Cynkin was quoted in Yonhap News. Cynkin suggested that the United States may benefit from declassifying and disclosing more information related to trade activity between North Korea and Russia, as it did with intelligence on Russian military action prior to the invasion of Ukraine. He explained that this approach could help prevent North Korea from acquiring Russian military technology by creating international pressure on Russia to uphold international nonproliferation laws. 

The post Cynkin interviewed by Yonhap News on intelligence approaches to Russia-North Korea partnership appeared first on Atlantic Council.

]]>
Warrick in The Hill on the Foreign Intelligence Surveillance Act https://www.atlanticcouncil.org/insight-impact/in-the-news/warrick-in-the-hill-on-the-foreign-intelligence-surveillance-act/ Mon, 04 Sep 2023 18:51:41 +0000 https://www.atlanticcouncil.org/?p=680692 Thomas S. Warrick discusses renewing section 702 of the Foreign Intelligence Surveillance Act

The post Warrick in The Hill on the Foreign Intelligence Surveillance Act appeared first on Atlantic Council.

]]>

On September 3, Forward Defense nonresident senior fellow Thomas S. Warrick published an article in The Hill on the importance of renewing section 702 of the Foreign Intelligence Surveillance Act.

Before Dec. 31, Congress should renew, with reforms, section 702 of the Foreign Intelligence Surveillance Act, which authorizes targeted collection of communications by foreign terrorists and other foreign adversaries.

Thomas S. Warrick

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Warrick in The Hill on the Foreign Intelligence Surveillance Act appeared first on Atlantic Council.

]]>
How modern militaries are leveraging AI https://www.atlanticcouncil.org/in-depth-research-reports/report/how-modern-militaries-are-leveraging-ai/ Mon, 14 Aug 2023 13:00:00 +0000 https://www.atlanticcouncil.org/?p=663286 Tate Nurkin and Julia Siegel explore the implications of incorporating artificial intelligence into military operations and the challenges of the US Department of Defense's adoption of human-machine teaming.

The post How modern militaries are leveraging AI appeared first on Atlantic Council.

]]>

Table of contents

The importance of human-machine teaming and key insights

Modern militaries must embrace HMT or risk conceding military edge to competitors effectively leveraging AI and autonomy.

Machines are becoming ubiquitous across the twenty-first-century battlespace, and modern militaries must embrace human-machine teaming (HMT) or risk conceding military edge to competitors effectively leveraging artificial intelligence (AI) and autonomy.1 This report investigates the implications of the increasing incorporation of AI into military operations with a particular focus on understanding the parameters, advantages, and challenges to the US Department of Defense’s (DOD’s) adoption of the concept of HMT.2

Key takeaways

Looking through the lens of three military applications for HMT, the authors arrive at the following conclusions.

  • HMT has the potential to change warfare and solve key operational challenges: AI and HMT could potentially transform conflict and noncombat operations by increasing situational awareness, improving decision-making, extending the range and lethality of human operators, and gaining and maintaining advantage across the multi-domain fight. HMT can also drive efficiencies in many supporting functions such as logistics, sustainment, and back-office administration, reducing the costs and timelines of these processes and freeing up humans to carry out higher-value tasks within these mission areas.
  • DOD must expand its definitions for HMT: Definitions of HMT should be expanded to include the breadth of human interactions with autonomous uncrewed systems and AI agents, including those that have no physical form (e.g., decision support software). Extending the definition beyond interactions between humans and robots allows DOD to realize the wide-ranging use cases for HMT—ranging from the use of lethal weapon systems and drone swarms in high-intensity warfare to leveraging algorithms to fuse data and realize virtual connections in the information domain.
  • HMT development and employment must prioritize human-centric teaming: AI development is moving at an impressive pace, driving potential leaps ahead in machine capability and placing a premium on ensuring the safety, reliability, and trustworthiness of AI agents. As much attention must be dedicated to developing the competencies, comfort levels, and trust of human operators to effectively exploit the value of HMT and ensure humans stay at the center of human-machine teams.
  • DOD must move from the conceptual to the practical: HMT as a concept is gaining momentum within some elements of the DOD enterprise. Still, advocates for increased AI and HMT adoption stress the need to move the conversation from the conceptual to the practical—transitioning capability development into the real-time testing and employment of HMT capabilities, as has been demonstrated by the Navy’s experimentation with AI through Task Force 59—to better articulate and demonstrate the operational advantages HMT can deliver.
  • Experimentation is crucial to building trust: Iterative, real-world experimentation in which humans develop new operational concepts, test the limits of their machine teammates, and better understand their breaking points, strengths, and weaknesses of machines in a range of environments will play a key role in speeding HMT adoption. This awareness is also essential to human operators as they develop the trust in their AI teammates required to effectively capitalize on the potential of HMT.
  • DOD must address bureaucratic challenges to AI adoption: DOD’s risk-averse culture and siloed bureaucracy is slowing acquisition, experimentation, and adoption of HMT concepts and capabilities. Increasing the agility and flexibility of the acquisition process for HMT capabilities, iterative experimentation, incentives to take on risks, and digital literacy across the force are necessary to overcome these adoption challenges.
The Legged Squad Support System is experimental technology being tested by the Marine Corps Warfighting Lab. It is programmed to follow an operator through terrain, carrying heavy loads like water and food. Credit: US Marine Corps, Matthew Callahan: https://www.dvidshub.net/image/1445811/meeting-ls3-marines-experiment-with-military-robotics.

Definitions and components of HMT

HMT refers to the employment of AI and autonomous systems alongside human decision-makers, analysts, operators, and watchkeepers. HMT combines the capabilities of intelligent humans and machines in concert to achieve a military outcome. At its core, HMT is a relationship with four equally important elements:

  • Human(s): An operator (or operators) that provides inputs for and tests machines, as well as leverages their outputs;
  • Machine(s): Ranging from an AI and machine learning (ML) algorithm to a drone swarm, the machine holds a degree of agency to make determinations and supports a specified mission; and
  • Interaction(s): The way in which the human(s) and machine(s) interface to meet a shared mission.
  • Interface(s): The mechanisms and displays through which humans interact with machines.

Back to top

Applications of human-machine teaming

HMT is most frequently envisioned narrowly as the process of humans interacting with anywhere from one to several hundred or more autonomous uncrewed systems. In its most basic form, this vision of HMT is not new: Humans have collaborated with intelligent machines for decades—with early machine talents epitomized in 1997 by supercomputer Deep Blue defeating world champion Gary Kasparov in a game of chess—and militaries have long tested concepts to move the needle in this critical capability. The recent impressive pace of development in AI as well as in robotics, however, is driving increased consideration of the new capabilities, efficiencies, and advantages these technologies can enable.

The “loyal wingman” concept is a frequently cited example of this manifestation of HMT in which a human pilot controls the tasking and operations of a handful of relatively inexpensive, modular, attritable autonomous uncrewed aerial systems (UAS). These wingman aircraft can fly forward of the crewed aircraft to carry out a range of missions, including electronic attack or defense, intelligence, surveillance, and reconnaissance (ISR), or strike, or as decoys to attract fire away from other assets and “light up” enemy air defenses.

Interest in this manifestation of HMT has increased not just in the United States but also in most modern militaries. In addition to the United States, Australia, China, Russia, the United Kingdom, Turkey, and India all have at least one active loyal wingman development program, while the sixth-generation fighter efforts Global Combat Air Programme (United Kingdom, Italy, Japan), Next Generation Air Dominance programs (US Air Force and Navy), and Future Combat Air System (Germany, France, Spain) involve system of systems concepts of airpower that stress both HMT and machine-machine teaming.

As important as this category of HMT is and will continue to be to emerging military capabilities, discussion of HMT should include the full breadth of human interaction with AI agents (which learn from and make determinations based on their environments, experiences, and inputs), including the overwhelming majority of interactions that occur with algorithms that possess no physical form. Project Maven is one example of how DOD and now the National Geospatial-Intelligence Agency use this category of HMT to autonomously detect, tag, and trace objects or humans of interest from various forms of media and collected intelligence, enabling human analysts and operators to prioritize their areas of focus.

HMT can provide multiple layers of overlapping advantages to the United States and its allies and partners.

Beyond imagery analysis and target identification, nonphysical manifestations of HMT can support a range of important tasks such as threat detection and data processing and analysis. It is essential to military efficacy in operational environments marked by significant increases in speed, complexity, and available data. They also can generate efficiencies in logistics and sustainment, training, and back-office administrative tasks that reduce costs and timelines for execution.

By combining the processing power and decision support capabilities of AI with the social intelligence and judgment of humans and, in some cases, the force-multiplying effects of uncrewed systems with different degrees of autonomy, HMT can provide multiple layers of overlapping advantages to the United States and its allies and partners, including those high-level advantages listed in Figure 1.

Figure 1: High-level description of three layers of HMT value.

These values are already being acknowledged and recognized in some parts of DOD, though they are likely to intensify or expand as technologies and concepts associated with HMT progress. Source: Tate Nurkin. Images from Microsoft Icons database.

DOD recognition of the current and future multilayered value of HMT as part of broader efforts to “accelerate the adoption of AI and the creation of a force fit for our time” has increased. Still, several persistent challenges to adoption of AI and HMT endure throughout the Pentagon. To accelerate and deepen HMT adoption, the DOD must commit to an approach that aligns development efforts and private sector engagement, creating flexibility for acquisition officials to scale HMT solutions across the defense enterprise. This approach must be complemented by:

  • Continued and increased focus on building trust between humans and machine partners;
  • Leading in establishing best practices and norms around ethics and safety;
  • Aggressive and iterative experimentation; and
  • Clear and consistent messaging

These elements are crucial to realizing the value and advantages HMT can deliver across the multi-domain future fight.

Back to top

Demonstrating advantage through use cases

Use cases serve as a means of better understanding how HMT can provide value and lead to advantage in and across several missions and environments. Certainly, practitioners have seen or experienced use cases in various settings—including through war games and analysis of the ongoing war in Ukraine—and the slow nature of HMT adoption may call into question the utility of use cases. Still, highlighting the varied and, in certain instances, underappreciated applications of HMT can help demonstrate the different contexts in which HMT acts as a force multiplier and how this capability can support the US military in meeting the demands of the modern battlefield.

However, changing the perceptions of HMT across a large organization such as DOD is an iterative task and requires the frequent reinforcement of its value, especially as the technologies and concepts supporting HMT create new or enhanced opportunities. The three use cases discussed below are far from inclusive—our workshops and research explored several other compelling use cases—but the authors chose them because they reflect the layered value of HMT in serving missions and meeting operational threats and challenges being urgently considered by defense planners, as described in Table 1.3

Table 1: A high-level review of the advantages of each of the case studies discussed in this briefing.

Use cases of HMTKey advantages
A2/AD conflictThe use of masses of expendable and attritable systems to penetrate A2/AD environments, sustain forces, and extend the range of effects from crewed platforms operating outside A2/AD cordons.

Finding, fixing, and tracking key nodes and threats in a data-rich environment.

Providing situational awareness at the edge.
Sense-making and targetingEnhancing situational awareness and threat detection through data processing and fusion improves situational awareness and threat detection and ensures decisions are made at the speed of relevance.

Finding connections that human analysts and operators did not know were present.

Supporting humans in target identification and prioritization across domains.

Improving precision of effects by recommending to human decision-makers the most applicable kinetic or non-kinetic weapon to engage targets.
Presence, prioritization, and deterrenceExtending the range of high-value crewed assets through the use of ISR meshes that incorporate several uncrewed systems.

Identifying anomalies and disruptions in activity patterns across geographically dispersed theaters.

Prioritizing threats and ensuring efficient resource allocation based on AI-driven assessments.

Aggressive and iterative experimentation in real-world environments builds trust between operators and their machine partners.

Anti-access and area-denial (A2/AD): Coping with mass, range, and attrition

Determining how to conduct operations in an A2/AD environment is a clear priority for defense planners. This is especially the case in the Indo-Pacific, where the military modernization effort of the People’s Republic of China has emphasized utilizing pervasive multi-domain sensors and a surfeit of kinetic and non-kinetic strike assets to establish cordons in which US and allied forces are highly vulnerable to enemy fires and, in the worst-case scenario, unable to operate effectively.

HMT will not mitigate all risks of operating against robust A2/AD systems, though it can help US and allied forces better manage these risks in several ways, including in processing and analyzing large and complex datasets to support better and faster human decision-making.

Teaming uncrewed systems, crewed assets, and human operators

Reducing risk to human operators does not mean eliminating this risk, and the use of attritable uncrewed aerial systems (UAS) and uncrewed surface vehicles (USVs) will still incur costs.

The use of attritable and expendable uncrewed systems, in conjunction with crewed assets and human controllers and decision-makers, can achieve several important objectives in the A2/AD context. Most notably, these smaller, less expensive, generally modular systems can be used to saturate A2/AD systems, identify enemy defenses, and force adversaries to expend their deep stores of munitions—all while extending the operating range of higher-value crewed and uncrewed assets and reducing the risks to crewed assets and their human operators.

The use of attritable and expendable uncrewed systems, in conjunction with crewed assets and human controllers and decision-makers, can achieve several important objectives in the A2/AD context.Attritable or reusable systems are those that are considerably lower cost than higher-end uncrewed systems such as the MQ-9 Reaper.4 Most notably, these smaller, less expensive, generally modular systems can be used to saturate A2/AD systems, identify enemy defenses, and force adversaries to expend their deep stores of munitions—all while extending the operating range of higher-value crewed and uncrewed assets and reducing the risks to crewed assets and their human operators.

To that end, reducing risk to human operators does not mean eliminating this risk, and the use of attritable uncrewed aerial systems (UAS) and uncrewed surface vehicles (USVs) will still incur costs. Moreover, even attritable systems and their payloads can be worth several million dollars. New calculations of value as well as increased capacity to reconstitute systems must keep pace with expected levels of attrition to ensure the right sizing of HMT-enabling force structures.

Sense-making and decision support: Enhanced situational awareness and improved decision-making at the pace of relevance

The A2/AD environment also serves as an example of how machines can support humans in the crucial and increasingly demanding task of sense-making—the art of interpreting and fusing data for enhanced decision-making.

Sense-making in A2/AD environments

A2/AD environments will be characterized by an abundance of complex datasets and both signal and noise across domains including in the electromagnetic spectrum. The amount of data available to operators will be overwhelming. Multi-domain sensors and surveillance and strike assets will be actively operating and engaging with both friendly and adversary forces, creating a need for AI agents to help process and filter data and feed relevant information back to the warfighter. The result will be to improve the quality and speed at which human operators filter data and then fix and track critical nodes in adversary A2/AD systems. This high-level A2/AD example reveals one context in which AI-enabled data fusion and processing of complex datasets can increase situational awareness and speed up decision-making. But the applications of this sense-making are impressively broad, including in increasing the speed and precision of identifying targets, determining appropriate kinetic or non-kinetic weapons to use to strike the target, and ensuring precision of effects.

Targeting: Joint all-domain command and control (JADC2)

Marine Corps Forces Cyberspace Command observe computer screens in the cyber operations center at Fort Meade. Credit: US Marine Corps, Jacob Osborne, https://www.315aw.afrc.af.mil/News/Photos/igphoto/2002752944/.

DOD’s “connect everything” JADC2 effort offers another example of how HMT can be applied to support improved targeting and speeding up sensor-to-shooter processing. As a January 2022 Congressional Research Service report observed, “JADC2 intends to enable commanders to make better decisions by collecting data from numerous sensors, processing the data using AI algorithms to identify targets, then recommending the optimal weapon—both kinetic and non-kinetic—to engage the target.” While JADC2 is still largely a concept rather than an architecture for future military operations, the US military is already using AI to help find and track possible targets or entities of interest on the battlefield. In September 2021, Secretary of the US Air Force Frank Kendall acknowledged that the Air Force had “deployed AI algorithms for the first time to a live operational kill chain” to provide “automated target recognition.” Kendall noted that by doing so, the Air Force hoped to “significantly reduce the manpower-intensive tasks of manually identifying targets—shortening the kill chain and accelerating the speed of decision-making.”

AI in the intelligence field

Sense-making through human-machine teams is also shaping the future of disciplines such as intelligence analysis and mission planning (see sidebar below), in which AI-enabled data fusion, pattern and anomaly detection, and research and analysis support are helping analysts manage and exploit the explosion in available sources and data. Tasks that would take days for humans to perform can now be performed in hours, allowing humans to concentrate on the most relevant pieces of information derived from large datasets. For example, through the war in Ukraine, the Ukrainian Armed Forces are already using natural language processing tools that leverage AI to translate and analyze intercepted Russian communications, saving analysts time and allowing them to focus on key messages and intelligence. The use of AI is not only speeding up analysis but also demonstrating value in bringing “unknown knowns”—observed but ignored or forgotten connections, insights, and information—to the attention of an analyst and articulating the value or quality of information to the human decision-maker.5

Large language models for intelligence and planning activities

The release of Chat GPT-4 in March 2023 has led to discussion of how DOD can leverage similar large language model (LLM) tools to support intelligence activities. There is understandable concern that the current sophistication of LLMs and their tendency to “hallucinate”—make up information that is incorrect—would make extensive use or reliance on these tools premature, or even counterproductive.

However, experimentation with LLMs would be useful in better understanding where and how these tools can add value, especially as they become more reliable. An April 2023 War on the Rocks article detailed how the US Marine Corps’ School of Advanced Warfighting is using war games to explore how LLMs can assist humans in military planning. These systems were used to provide, connect, and visualize different layers of information and levels of analysis—such as strategic-level understanding of regional economic relationships and more-focused analysis of dynamics in a specific country—which planners then used to refine possible courses of action and better understand the adversary’s system.

Tasks that would take days for humans to perform can now be performed in hours, allowing humans to concentrate on the most relevant pieces of information derived from large datasets.

In January 2023, the Intelligence Advanced Research Projects Activity (IARPA), situated within the Office of the Director of National Intelligence, announced a program known as REASON (Rapid Explanation, Analysis, and Sourcing Online). The program will use AI-enabled software to improve human-authored intelligence assessment products. The software reviews human-authored reporting and automatically generates recommendations for additional sources the human may not be aware of or did not use and also offers suggestions of how to improve the analytical quality of the report, performing the role of an autonomous red-team reviewer. This program offers a step in the right direction, demonstrating one of many ways in which AI can help humans make connections between data and sources and improve analysis and decision-making.6

Presence, prioritization, and deterrence: Coping with distance and complexity

The US military faces significant, varied, and frequently dispersed challenges across its geographic combatant commands. Take, for example, US Indo-Pacific Command (INDOPACOM). INDOPACOM covers more of the globe than any other combatant command and is home to the DOD’s “pacing challenge” of China, a range of potential military and geopolitical hot spots, several US allies and partners, and a growing list of security challenges. While differing in its prioritization, US Central Command (CENTCOM) is similarly complex in nature. CENTCOM covers nearly 4 million square miles, an area that includes key waterways and shipping lanes, active conflicts, ethnic and sectarian violence, and a diverse set of threats to regional security and US national interests.

HMT offers a solution to meet an increasingly sophisticated threat landscape while operating with insufficient resources.

The Central Command area of responsibility. Source: US Central Command

While each command faces unique problem sets, the size and complexity of today’s security challenges are straining the limited number of forces available to deter, identify, assess, or respond to a fast-moving threat or crisis in a timely manner. HMT offers a solution to meet an increasingly sophisticated threat landscape while operating with insufficient resources.

Exporting Task Force 59: A sandbox for AI experimentation and integration

In September 2021, CENTCOM’s 5th Fleet established Task Force 59—the Navy’s testing ground for unmanned systems and AI—to experiment with teaming human operators and both smart robots and AI agents to increase presence across the region, provide persistent and expanded maritime domain awareness (MDA), and prioritize threats for in-demand crewed and high-value assets.

Task Force 59’s experimentation efforts combine AI and uncrewed systems—particularly USVs but also vertical take-off and landing UAS, which are valuable in expanding the coverage of the Navy’s ISR networks in the region—and are further amplified by cooperation with partners and allies. In comments at the February 2023 International Defence Conference in Abu Dhabi, 5th Fleet Commander Vice Admiral Brad Cooper explained that each of the small USVs with which Task Force 59 is experimenting can extend the range of ISR networks by thirty kilometers, meaning that even a modest investment in smart uncrewed systems can deliver a significant increase in MDA.7

A MANTAS T-12 unmanned surface vessel operates alongside a US Coast Guard patrol boat during exercise New Horizon, which was Task Force 59’s first at-sea evolution since its establishment. Credit: US Central Command https://www.centcom.mil/MEDIA/IMAGERY/igphoto/2002880797/.

AI agents then process the millions of data points collected by the uncrewed systems to create an understanding of normal patterns of life, which, in turn, serves as a baseline for AI agents to identify anomalies that require further investigation by human operators and watchkeepers. In doing so, human-machine teams can cultivate a deeper understanding of the operational environment, moving toward a predictive model in which the DOD can possibly anticipate and prevent future threats and prioritize allocation of limited resources to areas that AI agents determined are most vulnerable to disruption.

Building on the success of the Navy’s Task Force 59, both the Army and Air Force components of CENTCOM have stood up task forces to experiment with emerging technology and HMT concepts. The Army component, Task Force 39, was established in November 2022 to advance experimentation in counter-small UAS solutions that can be scaled not just within CENTCOM environments but across the DOD. The Air Force’s Task Force 99 was stood up in October 2022 as an operational task force to pair unmanned and digital technologies to improve air domain awareness in much the same way that Task Force 59 seeks to improve MDA by expanding presence and anticipating emergent threats. Lieutenant General Alexus Grynkewich, commander of CENTCOM’s Air Force component, stated in February 2023 that the objective is “not just tracking objects in the air, but maybe finding things that could be on the ground about to be launched into the air and how those could be a threat to us.”

The applicability of this HMT approach is not limited to CENTCOM; indeed, it is now being adopted in other commands. In April 2023, the US Navy announced the expansion of its experimentation with unmanned and AI tools into US Southern Command’s 4th Fleet to increase MDA awareness in a region with its own particular dynamics, threats, and MDA requirements. Notably, 4th Fleet is taking a different approach to adoption of HMT lessons and new HMT capabilities, deciding to integrate them into its command and staff structure rather than through the standing up of a discrete task force. While these task forces provide valuable models for quickly bringing off-the-shelf technologies to the warfighter, the challenge rests in scaling these solutions across services and domains (and the defense enterprise at large).

Back to top

Pathways to HMT adoption at scale and pace

The pace of AI and HMT technology development has exceeded the capacity of the DOD to adopt these technologies at scale. To more fully realize the advantages of HMT, DOD must:

  • Address several cultural, bureaucratic, and organizational challenges;
  • Ensure continued focus on HMT ethics, safety, and agency;
  • Embrace rapid and realistic experimentation of HMT; and
  • Develop the human component and enhance trust in their machine teammates.

Culture, acquisition, and melting the “frozen middle”

Organizational and cultural constraints radiate across the DOD, affecting the way the enterprise acquires and adopts the technologies, concepts, and capabilities necessary to enable HMT. Innovation and adoption are hindered by DOD’s “frozen middle”—layers of relatively senior military and civilian personnel within DOD bound by an underlying set of inherited assumptions, incentives, and instincts that are resisting the adaptive, collaborative practices necessary for adoption of HMT concepts and capabilities at pace and scale. These organizational layers and bureaucratic proclivities have a cascading effect as they embed in a DOD acquisition system. According to former Secretary of Defense Mark Esper and former Secretary of the Air Force Deborah Lee James, co-chairs of the Atlantic Council’s Commission on Defense Innovation Adoption, the effect is slowing adoption by requiring multiple levels of review “because incentives do not exist to be bold and to move fast.”

Organizational “tribalism” also has an enervating effect on the DOD’s acquisition of key technologies and adoption of HMT-relevant capabilities. Examples of cross-service and cross-command collaboration do exist. Workshop participants highlighted joint projects on AI transparency between service laboratories and the ability of the US Special Operations Command, as a functional command, to work across regions and services. Far more frequently, though, disjointed development and vendor engagement and procurement efforts have been the norm. To achieve the necessary momentum for adoption across DOD—and, most importantly, the salutary outcomes of this adoption—requires an increased willingness to share and subsequently align research, information, development efforts, acquisition models, and best practices across the department and, particularly, the services.

In June 2022, David Tremper, director for electronic warfare in the Office of the Under Secretary of Defense for Acquisition and Sustainment, provided an example of how DOD siloes slow adoption of HMT-enabling capabilities. Tremper highlighted an incident in which the Navy developed an electronic warfare algorithm that was of interest to the Army, though transfer of the algorithm could not take place without a memorandum of understanding (MoU) between the two service’s labs. It took nine months for the lab that developed the algorithm to approve the transfer, and, after eighteen months, the MoU was determined to be inadequate to support the algorithm migration. According to Tremper, “one service just lawyered up against the other . . . and prevented a critical capability . . . from going from one service to another service.” This example highlights the hurdles blocking the services from learning and gaining from one another’s strides in HMT; the cross-service applicability of HMT solutions is critical to avoid a service unnecessarily depleting its resources in a field where its sister service has already paved the way.

An officer places an XRS-150 X-ray generator in front of a simulated downed unmanned aerial system. Credit: US Air National Guard, Brigette Waltermire https://www.dvidshub.net/image/6485647/379th-esfs-and-eod-team-up-counter-uas-training.

To melt this frozen middle and reduce cultural and organizational obstacles to HMT adoption, the DOD must center its efforts around three high-level aims. First, acquisition reform is a necessary and foundational step. The ability to develop, build, and acquire advanced platforms and systems with longer development times remains important to achieving DOD missions. There is also growing and urgent demand for the technologies and capabilities enabling HMT, such as software and lower-cost uncrewed systems, across the Pentagon. The program-centric system used to acquire and develop many advanced platforms—with the development of requirements, budgets, and capabilities completed individually for hundreds of programs—is not optimized for the rapid acquisition of the innovative technologies and capabilities developed by traditional defense suppliers and the commercial sector.

While the objective of this report is not to provide a comprehensive set of recommendations for acquisition reform, two principles are useful in guiding this reform: 1) the need for increased flexibility and agility within the acquisition process, enabling response to changing technologies and requirements; and 2) new incentives that stimulate an enhanced degree of risk tolerance.8

Second, among the workforce setting requirements for and working alongside machine teammates, a lack of understanding surrounding HMT and its applications is slowing adoption. The human element of this equation must be adequately prioritized through recruitment, retention, and training programs. Specifically, DOD must provide its personnel with opportunities to enhance digital literacy and understanding of the technologies, concepts, and applications of HMT capabilities within not just the acquisition force and those that set requirements but also among many senior decision-makers.

The human element of this equation must be adequately prioritized through recruitment, retention, and training programs.

Third, DOD should work to press the limits of existing authorities for “quick wins” in support of rapid acquisition and experimentation, similar to the Task Force 59 model. According to Schuyler Moore, CENTCOM’s chief technology officer, one of the key lessons of command innovation efforts is “that [CENTCOM] can actually work with the existing [authorities] fairly flexibly” and officers must consider “whether or not the authority exists or whether it’s simply never been tried before.9 Officers must be incentivized to use their own ingenuity as a tool for testing new HMT capabilities and demonstrating operational successes.

The human component: Trust and training

Building and calibrating appropriate levels of human trust in AI teammates is essential to HMT adoption across the DOD. This discussion typically begins with several actions designed to ensure the reliability—that is, the trustworthiness—of AI agents, such as establishment and implementation of effective best practices for the design, rigorous testing, iterative experimentation, and deployment of AI-enabled machines. Enhancing data security is another frequently cited component of building trust: Humans cannot trust algorithms if they lack faith in the integrity of the data being processed or used to train the algorithm.

Limitations in AI transparency (i.e., how machines perceive the environments they are in) and explainability (i.e., how machines come to decisions) pose another challenge. While not prohibitive to the employment of HMT in many missions and contexts, reducing the “black box” nature of AI outputs will have a positive impact on the capacity for humans to trust their machine teammates and, in turn, on the pace of adoption for the range of HMT applications.

Increased experimentation—in terms of frequency, rigor, and realism—can enhance the human operator’s understanding of how an AI agent reached a certain conclusion. The DOD must embrace accelerated experimentation across a diverse set of scenarios and use cases. By asking humans to “try to break the technology,” operators and analysts can develop a better understanding of the limits, strengths, and weaknesses of their AI-enabled teammates as well as any possible unexpected behaviors. Rapid and aggressive experimentation in conditions that replicate real-world operational conditions has been a regularly highlighted feature of Task Force 59’s success to date, though there is concern that this practice has not been adopted broadly across DOD.

Human trust in machines, however, is only one part of the discussion of the human component of HMT. At least as much attention should be focused on building up the competencies and confidence of humans to effectively engage with and employ their machine partners. Humans will require just as much preparation and training as their machine teammates to become effective team leaders and to ensure that the value of human-machine teams is realized. In a worst-case scenario, adequate human training will help avoid a circumstance in which ineffectual human engagement with machines (the inability to recognize a hallucinating machine, for example) or unnecessary interference with machine operations could lead to mistakes that carry deleterious tactical, operational, or strategic outcomes. One salient example is seen in the Marine Corps experimentation with LLMs. Experiment organizers noted that the tendency of these models to hallucinate means “falsification is still a human responsibility” and that “absent a trained user, relying on model-produced outputs risks confirmation bias,” risking the potential of individuals “prone to [acting] off the hallucinations of machines.”

Project Convergence is the joint force experimenting with speed, range, and decision dominance to achieve overmatch and inform the Joint Warfighting Concept and Joint All Domain Command and Control. Credit: Army Futures Command, https://www.dvidshub.net/image/7502734/project-convergence-2022-2-yorks-experimanal-company.

This is especially the case in situations in which a general-purpose machine or set of machines is interacting with multiple humans rather than just one human controller. Protocols for determining who is in control, whose priorities are executed, and how to manage contradictory instructions become essential.

Ethics, agency, judgment, and reliability: Maintaining leadership and retaining relevance

DOD efforts to maintain leadership at home and internationally in establishing AI and HMT ethics and safety guidelines should be viewed as a process to follow rather than an end state to be achieved.

Pathways to adoption of HMT at speed and scale do not solely rely on the DOD doing things radically differently or applying new incentives and structures. Rather, they can build on the momentum of ongoing initiatives.

The DOD has already expended commendable energy in understanding and addressing questions of ethics, safety, alignment, and agency—all of which emerged as acute areas of interest and concern during the project workshops. The DOD, in collaboration with other parts of the US government, has been proactive in articulating its positions on key questions of ethics and safety around AI development and use for military purposes since first adopting principles for AI ethics in February 2020. In February 2023, at the conclusion of the Responsible AI in the Military Domain conference, the US Department of State released a “Political Declaration on Responsible Military Use of Artificial Intelligence and Autonomy” as the foundation for the establishment of international norms and standards for the development and use of military AI. The document includes twelve best practices that emphasize concepts such as safe and secure development, extensive testing, and human control and oversight, among others, that endorsing states should implement.

These principles and best practices as well as current laws, policies, and regulations provide a useful foundation for resolving critical questions about agency, such as:

  • Which component of the human-machine teams makes decisions under what circumstances?
  • When might the machine’s judgment supersede that of the commander?
  • What implications will these answers have on recruitment, reskilling, and retention of talent?
  • How does the United States avoid or mitigate tactical events and AI/HMT mistakes that have significant strategic consequences?
  • How do we judge the possible risk of AI-enabled decision-making in kill chains relative to the current and demonstrated risk of human error in these decisions?
A Hyundai Rotem HR-Sherpa uncrewed ground vehicle on display at the International Defence Exhibition & Conference in Abu Dhabi in February 2023. The image behind and above the vehicle demonstrates one operational concept in which a human operator controls and works in tandem with the Sherpa. Training and trust are required to ensure that these concepts are designed and executed in ways that effectively exploit the advantages of HMT. Credit: Tate Nurkin.

Still, as technologies, concepts, applications, and competitions evolve, new questions are likely to be raised. Old practices may need to be iteratively revisited to ensure that adoption efforts remain relevant, current, and appropriate. DOD efforts to maintain leadership at home and internationally in establishing AI and HMT ethics and safety guidelines should be viewed as a process to follow rather than an end state to be achieved.

Understanding knock-on effects of HMT incorporation

DOD adoption of HMT into military operations will elicit responses from competitors and lead to changing risks, competitions, opportunities, and doctrine. For example, the use of HMT-enabled UAS swarms could shift targeting priorities from forward-deployed machines to the human controllers and decision-makers situated well behind contested environments. Another example can be found in the use of an AI-enabled machine to patrol a contested border, which could reduce immediate risk to human life and, as a result, reduce risks of rapid escalation. However, immediate loss of life may not be the only escalation pathway perceived by an adversary. If destroying autonomous systems is lower stakes than firing on humans, how many downed UASs would the United States tolerate? Alternatively, what if the AI-enabled machine recommends or makes a bad decision that leads to an unprovoked loss of life in the adversary state?

The United States and its allies should intensify examination of these types of what-if scenarios associated with HMT adoption. First, to preempt arguments that DOD has not thought through the long-term implications of HMT employment, and then to determine the most efficacious concepts of use and prepare for possible future risks. A combination of iterative tabletop, seminar-style, and live war games and model-based simulations would be especially useful in identifying and preparing for longer-term implications of HMT. These exercises could then inform live testing of HMT concepts and capabilities.

Shaping the narrative around military applications of HMT

Mixed feelings and misperceptions about the DOD’s use of AI and uncrewed systems persist within the defense enterprise and the US polity and society more broadly. Despite an increase in the number of young personnel who are considered to be more intuitively inclined to technological adoption, pockets of stubbornness and contrarianism, and efforts to protect institutional equities, remain throughout the force. In addition, some social and political perspectives on HMT may be skewed by fears of fully autonomous weapons systems and singularities in which AI overcomes human control with devastating consequences. Identifying and managing the variety of strategic, operational, social, and philosophical concerns about accelerating HMT adoption will necessitate a coherent and consistent campaign to shape the narrative around military AI use and HMT. This narrative should stress:

  • The demonstrated and prospective advantages HMT will provide to warfighters and decision-makers, and the budgetary efficiencies that could be gained through deeper adoption of HMT;
  • The measures DOD is taking to ensure the safe and ethical development and use of AI and to build humans’ trust in machines; and
  • The centrality of human agency to human-machine teams.
Army researchers publish a paper suggesting how future soldiers will communicate in complex and autonomous environments. Credit: Army Research Laboratory, T’Jae Ellis, https://www.dvidshub.net/image/6611058/evaluating-human-agent-team-performance.

Back to top

Summary of recommendations and conclusion

The United States’ AI strides are not occurring in a vacuum; if the Pentagon is slow to adopt HMT at scale, it risks conceding military edge to strategic competitors like China that view AI as a security imperative.

HMT offers several advantages to twenty-first-century militaries. As such, the DOD must invest sufficient time and resources to address the challenges to adoption discussed above. Catalyzing HMT adoption will necessitate a combination of new ideas, procedures, and incentives, as well as intensification of promising ongoing adoption acceleration efforts, especially related to the following areas:

  • Developing an enterprise-wide approach to HMT adoption that builds on and provides sufficient money and authority to the establishment of centralized structures such as the Chief Digital and Artificial Intelligence Office to ensure that requirements, capability, infrastructure, and strategy development as well as procurement and vendor engagement are mutually reinforcing across the DOD.
  • Rapid, iterative, and aggressive experimentation in settings that replicate the challenges of a real-world operational environment will facilitate adoption by helping humans test and understand the breaking points of HMT technologies. Different levels of experimentation can also build human trust in their AI teammates necessary to optimize HMT value.
  • Melting the “frozen middle” through reforms that increase incentives for moving quickly, align DOD and congressional reform priorities, and reinforce efforts to ensure an enterprise-wide—rather than service-by-service or command-by-command—approach to HMT adoption. The Atlantic Council Commission on Defense Innovation Adoption has developed several specific recommendation sthat apply to the acquisition and adoption of HMT capabilities.10
  • Articulating and demonstrating the multilayered value of HMT in gaining advantage over competitors and potential adversaries in a future operational environment characterized by significantly increased pace of operations, amount of available data, and complexity of threats.
  • Continuing to lead on issues of agency and ethics by prioritizing the ethical and responsible development and use of trustworthy AI and keeping humans—and human judgment—at the center of human-machine teams. The US government and private sector should revisit and update guidelines around agency and ethics to reflect contemporaneous technology development trends and capabilities.
  • Development of strategic messages that highlight the value and safety of HMT for consumption by DOD and congressional stakeholders as well as American society more broadly.

The United States’ AI strides are not occurring in a vacuum; if the Pentagon is slow to adopt HMT at scale, it risks conceding military edge to strategic competitors like China that view AI as a security imperative. Machines and AI agents are becoming ubiquitous across the twenty-first-century battlespace, and the onus is on DOD to demonstrate, communicate, and realize HMT’s value to achieving future missions and national objectives.

Back to top

Acknowledgements

To produce this report, the authors conducted a number of interviews and workshops. Listed below are some of the individuals consulted and whose insights informed this report. The analysis and recommendations presented here are those of the authors alone and do not necessarily represent the views of the individuals consulted. Moreover, the named individuals participated in a personal, not institutional, capacity. 

  • Maj Ezra Akin, USMC, technical PhD analyst, Commandant’s Office of Net Assessment
  • Samuel Bendett, adjunct senior fellow, Technology and National Security Program, Center for a New American Security
  • August Cole, nonresident senior fellow, Forward Defense, Scowcroft Center for Strategy and Security, Atlantic Council
  • Owen J. Daniels, Andrew W. Marshall fellow, Center for Security and Emerging Technology, Georgetown University
  • Phil Freidhoff, vice president for human centered design projects, 2Mi
  • Dr. Gerald F. Goodwin, senior research scientist, personnel sciences, US Army Research Institute for the Behavioral and Social Sciences
  • Dr. Neera Jain, associate professor, School of Mechanical Engineering, Purdue University
  • LCDR Marek Jestrab, USN, senior US Navy fellow, Forward Defense, Scowcroft Center for Strategy and Security, Atlantic Council
  • Zak Kallenborn, policy fellow, Schar School of Policy and Government, George Mason University
  • Harry Kemsley OBE, president, government and national security, Janes Group
  • Dr. Margarita Konaev, nonresident senior fellow, Forward Defense, Scowcroft Center for Strategy and Security, Atlantic Council
  • Justin Lynch, nonresident senior fellow, Forward Defense, Scowcroft Center for Strategy and Security, Atlantic Council
  • Dr. Joseph Lyons, principal research psychologist, Air Force Research Laboratory
  • Brig Gen Patrick Malackowski, USAF (ret.), director, F-16, conventional weapons, and total force, Lockheed Martin Corporation
  • Col Michelle Melendez, USMC, senior US Marine Corps fellow, Forward Defense, Scowcroft Center for Strategy and Security, Atlantic Council
  • Rob Murray, nonresident senior fellow, Forward Defense, Scowcroft Center for Strategy and Security, Atlantic Council
  • Dr. Julie Obenauer-Motley, senior national security analyst, Johns Hopkins University Applied Physics Lab
  • John T. Quinn II, head, futures branch, concepts and plans division, Marine Corps Warfighting Lab
  • Dr. Laura Steckman, program officer, trust and influence, Air Force Office of Scientific Research

Back to top

Sponsored By

Lockheed Martin

This report was generously sponsored by Lockheed Martin Corporation. The report is written and published in accordance with the Atlantic Council Policy on Intellectual Independence. The authors are solely responsible for its analysis and recommendations. The Atlantic Council and its donors do not determine, nor do they necessarily endorse or advocate for, any of this report’s conclusions.

About the authors

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

1    This paper uses the term human-machine teaming (HMT) to signify both the teaming of human operators with semiautonomous machines (sometimes referred to as manned-unmanned teaming) and interactions between humans and AI agents that do not take physical form.
2    From November 2022 to June 2023, the authors held workshops and interviews with defense and national security experts and practitioners to help inform their research.
3    HMT’s relevance to the future of cognitive and information warfare, anticipatory logistics and resilient sustainment, training, and military medicine were all raised through project interviews and workshops.
4    The generally acknowledged cost range for attritable or reusable aircraft is $2 million to $20 million, though there is no consensus as to whether this cost range includes only the aircraft or also includes mission systems. While designed to be reused, the significantly lower cost of these systems in comparison to high-value uncrewed systems and advanced crewed systems means that they can be placed into contested environments in advance of more-expensive platforms with a considerably reduced risk to force structure cost, especially if paired with in-theater means of reconstituting these systems. Expendable systems are even lower cost than attritable systems and are most often designed for a single use. Loitering munitions are one category of expendable uncrewed systems.
5    Phone interview with Harry Kemsley, president of Government and National Security, Janes, January 31, 2023.
6    Phone interview with Harry Kemsley, president of Government and National Security, Janes, January 31, 2023.
7    One of the authors, Tate Nurkin, attended the conference on February 19, 2023, and moderated the panel in which these comments were made
8    In April 2023, the Atlantic Council’s Commission on Defense Innovation Adoption released its interim report, which offers actionable recommendations to engender these changes. Lofgren et al., Atlantic Council Commission on Defense Innovation Adoption Interim Report.
9    “US Central Command Chief Technology Officer Schuyler Moore and Innovation Oasis Winner Sgt. Mickey Reeve Press Briefing,” US Central Command”.
10    Lofgren et al., Atlantic Council Commission on Defense Innovation Adoption Interim Report

The post How modern militaries are leveraging AI appeared first on Atlantic Council.

]]>
Bayoumi in The Globe and Mail and Canadian Forces College discussing Canada’s need for an updated national security strategy https://www.atlanticcouncil.org/insight-impact/in-the-news/bayoumi-in-the-globe-and-mail-discussing-canadas-need-for-an-updated-national-security-strategy/ Thu, 03 Aug 2023 17:30:59 +0000 https://www.atlanticcouncil.org/?p=669893 Imran Bayoumi authors an article for The Globe and Mail discussing Canada's imperative for an updated National Security Strategy.

The post Bayoumi in The Globe and Mail and Canadian Forces College discussing Canada’s need for an updated national security strategy appeared first on Atlantic Council.

]]>
original source

On August 3, Scowcroft Strategy Initiative Assistant Director Imran Bayoumi authored a Globe and Mail piece arguing for the need to update Canada’s National Security Strategy to accompany the recent creation of a National Security Council. Not only will an updated strategy help define what the present government perceives as a threat, Bayoumi argues, but it can also serve as a much-needed guide for resource allocation between the various agencies responsible for national defense and intelligence activities. The article was featured on Canadian Forces College’s Spotlight on Military News and International Affairs.

The most recent Canadian national security strategy was released in 2004, and it is a document now vastly out of touch with the current threat environment. That strategy posited terrorism as the primary threat facing Canada, a previously accurate but now outdated notion. An updated national security strategy must touch on the current threats affecting Canada’s security, such as great-power competition, Russia’s war in Ukraine, and China’s repeated interference in Canadian politics.

Imran Bayoumi

The post Bayoumi in The Globe and Mail and Canadian Forces College discussing Canada’s need for an updated national security strategy appeared first on Atlantic Council.

]]>
Cheverton in War on the Rocks on enhancing allied defense cooperation https://www.atlanticcouncil.org/insight-impact/in-the-news/cheverton-in-war-on-the-rocks-on-enhancing-allied-defense-cooperation/ Mon, 24 Jul 2023 18:59:02 +0000 https://www.atlanticcouncil.org/?p=672564 Deborah Cheverton identifies the three main areas in US defense strategy to improve integrated deterrence and US-allied cooperation.

The post Cheverton in War on the Rocks on enhancing allied defense cooperation appeared first on Atlantic Council.

]]>

On July 24, Forward Defense visiting senior fellow Deborah Cheverton co-authored a commentary in War on the Rocks identifying three areas of reform for US-allied defense cooperation: information sharing, export and technology controls, and joint strategic planning.  The authors discussed how integrated deterrence can be enhanced by better coordination in these areas, especially through flagship initiatives like AUKUS.  

Without bold action by military leaders, the administration, and Congress, the “allies and partners” strand of the National Defense Strategy will remain a bumper-sticker slogan rather than a real source of advantage in the strategic competition with U.S. adversaries

Deborah Cheverton

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Cheverton in War on the Rocks on enhancing allied defense cooperation appeared first on Atlantic Council.

]]>
Putin’s biggest mistake was believing Ukrainians were really Russians https://www.atlanticcouncil.org/blogs/ukrainealert/putins-biggest-mistake-was-believing-ukrainians-were-really-russians/ Tue, 18 Jul 2023 17:53:43 +0000 https://www.atlanticcouncil.org/?p=665093 Vladimir Putin insists Ukrainians and Russians are "one people" and appears to have genuinely believed his invading army would be welcomed. It is now clear this was a catastrophic miscalculation, writes Roman Solchanyk.

The post Putin’s biggest mistake was believing Ukrainians were really Russians appeared first on Atlantic Council.

]]>
Vladimir Putin’s decision to launch the full-scale invasion of Ukraine was based on a series of disastrous miscalculations. The most significant of these was his belief that Ukrainians are really Russians. Putin has long insisted Ukrainians and Russians are “one people” who have been artificially separated by the fall of the USSR. For Putin, this separation has come to symbolize the perceived historical injustice of the Soviet collapse, which he has previously described as the “greatest geopolitical catastrophe” of the twentieth century. In February 2022, he set out to correct this alleged “injustice,” once and for all.

Putin’s fundamental misreading of Ukraine is now plain to see. Far from welcoming Russia’s invasion, the Ukrainian nation united and rose up in resistance. What was anticipated by the Kremlin as a brief and victorious military campaign has instead become the biggest European war since World War II. But if the scale of Putin’s blunder is obvious, it is important to note that he is far from the only Russian harboring such delusions. Russia’s elites and Russian society as a whole tend to assume everything that needs to be known (or is worth knowing) about Ukraine and Ukrainians has long been known and requires no further inquiry. This helps to explain why until fairly recently, there were hardly any academic or analytical centers in Russia devoted specifically to Ukrainian studies.

Today’s Russian attitudes toward Ukraine reflect centuries of imperial Russian and Soviet nationality policy. In the former case, Ukrainians (and Belarusians) were officially viewed as components of a larger, supranational “all-Russian people” that also included the Russians themselves. Meanwhile, for most of the Soviet period, the Ukrainian, Belarusian, and Russian republics were seen as the Slavic core and foundation for another supranational entity, the “Soviet people.”

The similarity between the imperial and Soviet views is unmistakable, albeit with one dissonant nuance: Soviet nationality policy, while doing all it could to erase Ukrainian national identity, at the same time officially recognized the Ukrainian Soviet Socialist Republic as a state entity and Ukrainians as a separate nationality. Putin has been highly critical of Lenin for this approach, and has claimed the Bolshevik leader was personally responsible for “creating” Ukraine. This line of thinking reached what may be seen as its logical conclusion with Putin’s insistence that Ukrainians and Russians are “one people.” By denying the existence of a separate Ukrainian national identity, Putin brought the legitimacy of Ukrainian statehood into question and set the stage for the current war.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Russian misconceptions about Ukraine are in part due to the simplistic notion that ethnic Russians and Russian-speakers in Ukraine, as well as those who express an affinity for Russian culture or share Russia’s antagonism toward the EU, NATO, and the West in general, all fall within the same “pro-Russian” category. Likewise, Many Russians have been all too ready to assume that any Ukrainian expressing nostalgia for the Soviet era is waiting to be “liberated” by Moscow. These misconceptions have been echoed by numerous commentators in the West, who have similarly treated evidence of favorable Ukrainian attitudes toward modern Russia or the Soviet past as indications of a desire for some form of Russian reunion.

In reality, being “pro-Russian” is understood one way in Ukrainian cities like Donetsk, Kramatorsk, or Mariupol, and quite differently in Moscow, Omsk, or Tomsk. During the initial stages of Russian aggression against Ukraine in April 2014, the Kyiv International Institute of Sociology conducted a wide-ranging poll in the eight southeastern Ukrainian provinces (excluding Crimea) targeted by the Kremlin. This revealed that 70 percent of respondents were against separation from Ukraine and unification with Russia, while just 15 percent were in favor.

If separation from Ukraine was not on their wish list, what did they in fact want? A relative majority of 45 percent preferred the decentralization of power and greater rights for their region; another 25 percent favored a federated Ukraine, while only 19 percent were happy with the existing relationship with Kyiv. Other surveys conducted at around the same time yielded similar findings.

Unsurprisingly, Russia’s full-scale invasion has further shaped Ukrainian attitudes toward issues of national identity. Today, the people of Ukraine are more consolidated as a political nation than at any time since regaining independence more than thirty years ago. According to the Razumkov Centre, 94 percent of respondents in a May 2023 survey expressed pride in their Ukrainian citizenship; 74 percent expressed feelings of patriotism and love for their country; and 71 percent were ready to come to its defense, either with weapons in hand or as participants in volunteer support groups.

Meanwhile, negative attitudes toward Russia and Russian citizens have skyrocketed. At the end of 2019, only 20 percent of Ukrainians held negative attitudes toward Russians; six months after the start of the full-scale Russian invasion in September 2022, 80 percent of respondents asserted that they would not allow Russians into Ukraine. In terms of attitudes toward Russia, the turnaround has been even more drastic. In early February 2022, about a week before the Russian invasion, 34 percent of Ukrainians held positive views of Russia. That number dropped to just two percent three months later, with 92 percent saying they viewed the country in a negative light.

With the war clearly going badly for the Kremlin, there could now be a glimmer of hope for some reality-based adjustments to Russian illusions about Ukraine. Russian MP Konstanin Zatulin, who is well known for championing the plight of Russian “compatriots” abroad and promoting aggressive policies toward Ukraine, has recently questioned the wisdom of denying Ukrainian identity. “I would be happy if there was no Ukraine, but if we continue to constantly repeat that there is no Ukraine and no Ukrainians,” this will only strengthen their resistance on the battlefield, he noted at a June 2023 forum in Moscow.

Zatulin’s comments hint at growing recognition in Russia that widely held beliefs about Ukraine’s indivisibility from Russia are both inaccurate and unhelpful. However, resistance to the entire notion of Ukrainian statehood is so deeply ingrained in Russian society that it may take generations before the attitudes underpinning the current war are no longer dominant.

Roman Solchanyk is author of “Ukraine and Russia: The Post-Soviet Transition” (2001). He has previously served as a senior analyst at the Radio Free Europe/Radio Liberty Research Institute and the RAND Corporation.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.

Follow us on social media
and support our work

The post Putin’s biggest mistake was believing Ukrainians were really Russians appeared first on Atlantic Council.

]]>
Garlauskas and Culver Panelists for VOA Show https://www.atlanticcouncil.org/insight-impact/in-the-news/garlauskas-and-culver-panelists-for-voa-show/ Thu, 06 Jul 2023 17:38:17 +0000 https://www.atlanticcouncil.org/?p=665777 On June 30, Markus Garlauskas and Global China Hub Nonresident Senior Fellow John Culver were the guests for Voice of America’s Washington Talk panel discussion show, which focuses on North and South Korean audiences and is often watched by the US Korea analysis and policy community. The discussion focused on the new North Korea intelligence […]

The post Garlauskas and Culver Panelists for VOA Show appeared first on Atlantic Council.

]]>

On June 30, Markus Garlauskas and Global China Hub Nonresident Senior Fellow John Culver were the guests for Voice of America’s Washington Talk panel discussion show, which focuses on North and South Korean audiences and is often watched by the US Korea analysis and policy community. The discussion focused on the new North Korea intelligence estimate, other North Korea developments and various Korea-China issues. The show aired in the region and was posted on YouTube on July 1.

The post Garlauskas and Culver Panelists for VOA Show appeared first on Atlantic Council.

]]>
Garlauskas on the Capital Cable https://www.atlanticcouncil.org/insight-impact/in-the-news/garlauskas-on-the-capital-cable/ Fri, 30 Jun 2023 17:31:19 +0000 https://www.atlanticcouncil.org/?p=665769 On June 29, Markus Garlauskas was the guest for the Center for Strategic and International Studies’ Capital Cable talk show. The moderator, retired US Ambassador Mark Lippert, introduced the show by highlighting Garlauskas’ New Atlanticist piece on the new North Korea intelligence estimate. The discussion that followed addressed a wide range of defense and security […]

The post Garlauskas on the Capital Cable appeared first on Atlantic Council.

]]>

On June 29, Markus Garlauskas was the guest for the Center for Strategic and International Studies’ Capital Cable talk show. The moderator, retired US Ambassador Mark Lippert, introduced the show by highlighting Garlauskas’ New Atlanticist piece on the new North Korea intelligence estimate. The discussion that followed addressed a wide range of defense and security issues related to Korea.

The post Garlauskas on the Capital Cable appeared first on Atlantic Council.

]]>
Reading between the lines of the new North Korea intelligence estimate https://www.atlanticcouncil.org/blogs/new-atlanticist/reading-between-the-lines-of-the-new-north-korea-intelligence-estimate/ Wed, 28 Jun 2023 22:38:20 +0000 https://www.atlanticcouncil.org/?p=660176 The US intelligence community has just released its National Intelligence Estimate on North Korea, a watershed analysis. But more is worth adding to the discussion.

The post Reading between the lines of the new North Korea intelligence estimate appeared first on Atlantic Council.

]]>
June 22 marked a watershed moment for analysis of North Korea. For the first time in over a decade, the US intelligence community publicly released a National Intelligence Estimate (NIE) on North Korea, titled “North Korea: Scenarios for Leveraging Nuclear Weapons Through 2030.” Completed in January 2023, this NIE is more than thirty years more recent than all the previously released North Korea NIEs, which date back to the 1980s or before.

The new NIE lays out three pathways through 2030 for how North Korean leader Kim Jong Un’s strategy could evolve as his nuclear weapons capabilities improve. The NIE concludes that the by far most likely pathway is for Kim to leverage his nuclear capability for “coercion, potentially including non-nuclear lethal attacks, aimed at advancing the North’s goals.” It also delineates two additional low-likelihood pathways: North Korea could employ an offensive strategy to dominate the Korean Peninsula through the use of force, or it could turn to a defensive strategy, in which nuclear weapons are used solely as a deterrent. According to the estimate, Kim is most likely to continue pursuing coercion because he will be “confident that his growing nuclear capabilities will deter any unacceptable retaliation or consequences” but that he would not actually attack with them unless he “believes his regime is in peril.”

As a former National Intelligence Officer for North Korea who led the development of NIEs, I see this document as monumental in my particular niche, but some additional context is needed to understand why. Since the 1950s, NIEs have been the US intelligence community’s most authoritative written judgments on national security issues, developed through a collaborative process led by the Office of the Director of National Intelligence’s National Intelligence Council (NIC) and its predecessor organizations. This new NIE is a tantalizing glimpse of the US intelligence community’s larger strategic intelligence picture on North Korea, even as it necessarily represents only the tip of the iceberg of a much longer classified document.

What is perhaps most remarkable about the latest NIE is that it highlights very recent key intelligence community judgments about North Korea. This is a major and unusual step, given that this practice was largely halted after the declassification of key judgments in the 2007 NIE on Iran’s nuclear program caused a number of public controversies. It also marks a change from how the intelligence community has generally approached public assessments of North Korea. Though US intelligence leaders have openly described North Korea as a “hard target,” they have generally been guarded in their assessments of Pyongyang’s capabilities and how they know what they know. With a few exceptions (many of them during the “fire and fury” period of 2017) most of the intelligence community’s publicly released assessments have been small portions of the larger Annual Threat Assessment provided to Congress. 

Given this history, and the fact that the NIE does not address the possibility that North Korea will give up its nuclear weapons, it could have been withheld on the unfair grounds that it could be interpreted as an implicit rebuttal to the longstanding US policy of negotiating the denuclearization of North Korea. It is therefore a testament to the sincerity of Director of National Intelligence Avril Haines’s commitment to transparency that this NIE was released. 

Even with its notable and welcome transparency, however, it does not give a full picture of the strategic North Korea nuclear challenge. There are (at least) three areas that are worth adding to the discussion.

First, China. The NIE’s analysis related to Beijing is guarded and subtle, particularly compared to how much intelligence leaders openly focus on the threat. While Washington publicly and loudly grapples with the premise that the United States and the People’s Republic of China (PRC) will likely be in a heightened state of military confrontation or outright war over Taiwan before 2030, these key judgments do not explicitly address the possibility, much less explore the massive implications this has for Korea. The declassified NIE does warn, among other factors, that an offensive strategy would “become more likely” if Kim believed he could “maintain China’s support” or “if [Kim] concluded that [an] international crisis presented a last chance to accomplish revisionist goals.” As current National Intelligence Officer Sydney Seiler acknowledged to me last week, the need to consider North Korea’s potential to escalate during a Taiwan crisis is a “no brainer.” That the key judgments omit this subject is neither surprising nor troubling to me as a former NIO. I know how hard it is to keep this document’s scope manageable and the challenges of considering hypotheticals piled upon hypotheticals. However, readers should keep in mind that the risk of North Korea using its nuclear weapons, or taking the offensive in general, could be much greater in the event of a US-PRC conflict.

Second, South Korea. Specifically, it is important to recognize Seoul’s potential to field its own nuclear arms. If Kim pursues a strategy of coercion, as the NIE judges he most likely will, and “may be willing to take greater conventional military risks, believing that nuclear weapons will deter an unacceptably strong US or South Korean response,” the value of South Korean nuclear capability to counter such threats would fuel the already-strong South Korean public sentiment for the country to acquire nuclear weapons. It would, however, be impolitic to warn that April’s Washington Declaration, wherein South Korean President Yoon Suk Yeol pledged to forgo nuclear weapons, may not last beyond the end of his constitutional single term in 2027. The window between a decision for nuclear weapons and operational capability would be a logical time for a preventive attack, a concrete example of the general “now or never crisis” the NIE cites as a driver for an offensive.  

Third, military and policy prescriptions. These are outside the remit of the NIC and violate intelligence analysis tradecraft standards, so it makes sense that they are not included in the NIE. However, several logical strategic-level policy and military recommendations could be derived from this estimate’s judgments. At least three come to mind immediately:

  • First, the United States should not politically recognize North Korea as a de facto or de jure legitimately nuclear-armed state in the hope that this would lead it to be a defensively focused “responsible” power, given how unlikely this is to happen. 
  • Second, the United States and South Korea should ensure that their primary efforts in deterrence of North Korea are focused on the most likely threat. US and allied efforts at deterrence should not be content with just deterring an “all-out” military offensive or nuclear strikes. They should also counter as much as possible the sort of incremental creeping coercive escalation that could either fatally undermine the security of South Korea and the US position in the region over time or could spin out of control into an escalating conflict. 
  • Third, the United States and South Korea should recognize that, though it is not the most likely scenario, they must be prepared to fight a nuclear war with North Korea. Washington and Seoul must contend with the unpleasant reality that there is a plausible set of conditions, particularly in the context of a hypothetical US-PRC war or a South Korean decision for nuclear arms, that could lead North Korea to undertake an offensive use of nuclear weapons. 

Though this NIE is neither the first nor the last word on the implications of North Korea’s growing nuclear capabilities, it is a huge step forward for public and classified policy debates. The NIE provides the intellectual foundation to prepare for a long struggle with an increasingly well-armed and coercive North Korea, instead of abandoning the principle of denuclearizing North Korea in a vain attempt to secure peace or embarking on the reckless path of embracing preventive war in fear that Kim will strike first. The NIE demarcates the field in which the United States and its allies must be prepared to play a high-stakes game—a contest in which the PRC’s aggression and South Korea’s own nuclear weapons could have game-changing consequences.


Markus Garlauskas served as the national intelligence officer for North Korea, leading the US intelligence community’s strategic analysis of North Korea from 2014 to 2020. He is the director of the Indo-Pacific Security Initiative at the Scowcroft Center for Strategy and Security of the Atlantic Council, and tweets at @Mister_G_2.

The post Reading between the lines of the new North Korea intelligence estimate appeared first on Atlantic Council.

]]>
Russian War Report: Wagner attempts to draft gamers as drone pilots https://www.atlanticcouncil.org/blogs/new-atlanticist/russian-war-report-wagner-drafts-gamers/ Thu, 22 Jun 2023 18:12:27 +0000 https://www.atlanticcouncil.org/?p=658059 Russian PMC Wagner Group is encouraging gamers to apply to serve as drone pilots in the war against Ukraine while Ukrainian forces advance on the eastern front.

The post Russian War Report: Wagner attempts to draft gamers as drone pilots appeared first on Atlantic Council.

]]>
As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report

Security

Ukrainian counteroffensive sees advances in Zaporizhzhia and eastern Ukraine

Wagner attempts to draft gamers as UAV pilots

Tracking narratives

Deripaska blames hackers after his website briefly takes credit for potential war crime

Rumors of alleged death of popular pro-Kremlin war correspondent gain traction on Twitter

Ukrainian counteroffensive sees advances in Zaporizhzhia and eastern Ukraine

On June 19, Ukrainian forces launched counteroffensive actions in at least three areas and appear to have made gains in Zaporizhzhia and eastern Ukraine. The Telegram channel of Russian military blogger WarGonzo reported that Ukrainian forces continued attacks northwest, northeast, and southwest of Bakhmut and advanced near Krasnopolivka. Ukrainian Deputy Defense Minister Hanna Maliar announced that over the past week Ukrainian troops advanced up to seven kilometers in the direction of Zaporizhzhia and retook 113 square kilometers of territory. Russian Telegram channels also reported that fighting was ongoing south and southwest of Orikhiv on June 19. Zaporizhzhia and Donetsk oblasts continue to be the most active areas of the frontline, as the Ukrainian army attempts to advance in the directions of Novodarivka, Pryutne, Makarivka, Rivnopil, Novodanylivka, and Robotyne.

On June 17, the Russian Ministry of Defense claimed that Ukrainian forces conducted ground attacks west and south of Kreminna. It also stated that the Russian army had repelled Ukrainian attacks on the Avdiivka-Donetsk sector. Meanwhile, Ukrainian forces continued operations around Velyka Novosilka near the border between Donetsk and Zaporizhzhia oblasts. 

According to Ukrainian forces, Russian forces conducted offensive actions in Donetsk and Luhansk oblasts. The Ukrainian military reported forty-five combat engagements with Russian forces near Yampolivka, Torske, Hryhorivka, Spirne, Avdiyivka, Krasnohorivka, Marinka, Pobieda, Novomykhailivka, and Donetsk’s Dibrova and Orikhovo-Vasylivka. According to Ukraine, the Russian army continued to shell villages in the direction of Marinka, Zaporizhzhia, Kherson, Lyman, and Kupiansk. Ukraine also alleged that Russian forces launched Kalibr cruise missiles from a submarine in the Black Sea and Shahed drones from the eastern coast of the Sea of Azov.

On June 20, Kyrylo Budanov, chief of the Main Directorate of Intelligence for the Ministry of Defense of Ukraine, alleged that Russian troops mined the Zaporizhzhia nuclear power plant’s cooling pond, which is necessary for the safe operation of the plant. According to Budanov, if Russia triggers an explosion, there is a “high probability that there will be significant problems.” Budanov did not provide any evidence to support the allegation, and the statement cannot be independently verified at this time. If true, however, it would put the nuclear plant at greater risk of a significant accident. The power plant complex, Europe’s largest, has been under occupation since February 2022.

On January 22, the governor of Russian-occupied Crimea accused Ukraine of targeting a bridge that connects the peninsula to Kherson Oblast, near the village of Chonhar. In a Telegram post, Vladimir Sal’do alleged that Ukraine struck the bridge with “British Storm Shadow missiles,” creating a hole in the middle of the bridge.

As fierce hostilities continue in eastern and southern Ukraine, there are signs of a new wave of arrests in Russia, including of people with ties to Ukraine. On June 20, Russian state media outlet RIA Novosti announced that a woman of Ukrainian origin was detained in Saransk and charged with treason.

Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

Wagner attempts to draft gamers as UAV pilots

A June 19 Telegram post from Russian opposition news outlet Verstka claimed that Wagner Group is encouraging gamers to apply to serve as unmanned aerial vehicle pilots in the war against Ukraine. The media outlet reported that no prior military experience was required to apply for the position. Posts from Wagner emerged on Vkontakte the same day, inviting gamers with experience in “manipulating joysticks in flight simulators” to enroll.

Wagner ad recruiting gamers as UAV pilots. (Source: VK)
Wagner ad recruiting gamers as UAV pilots. (Source: VK)

Verstka, which contacted a Wagner recruiter as part of its reporting, stated that the campaign aims to recruit soldiers to pilot “copters and more serious machines.” In this particular context, “copters” (коптеры) is a reference to commercial drones that are sold to the public and have been widely used in the war against Ukraine. A May 19 investigation published by the Organized Crime and Corruption Reporting Project found that Chinese manufacturers have reportedly continued to provide Russian armed forces with DJI drones through third parties in Kazakhstan. 

Verstka also noted that in 2022, the Russian defense ministry attempted to recruit gamers with a targeted ad campaign that invited them to play “with real rules, with no cheat codes or saves.”

Valentin Châtelet, research associate, Brussels, Belgium

Deripaska blames hackers after his website briefly takes credit for potential war crime

The Russian-language website of Russian industrialist and US-sanctioned oligarch Oleg Deripaska briefly displayed an article appearing to take credit for deporting Ukrainian children to Russian-occupied Crimea in partnership with Kremlin official Maria Lvova-Belova, who is already facing an International Criminal Court arrest warrant for allegedly deporting children. 

Yaroslav Trofimov, chief foreign affairs correspondent at the Wall Street Journal, noted the article’s appearance and disappearance in a June 15 tweet. Trofimov shared screengrabs of the article, which by that time had already been deleted from Deripaska’s Russian-language website, deripaska.ru. A complete copy of the article can be found at the Internet Archive.

Later in the article, it added, “Separately, the Fund and personally Oleg Vladimirovich [Deripaska] express their gratitude to Maria Lvova-Belova and her project ‘In Hands to Children,’ which not only provided methodological materials, but also found an opportunity to send employees for psychological work with affected babies.” In March 2023, the ICC issued an arrest warrant for Lvova-Belova and Russian President Vladimir Putin, alleging they are responsible for unlawful deportation and transport of children from Russian-occupied parts of Ukraine to the Russian Federation.

In a response to Russian independent news outlet Meduza, which also covered the incident, a team of representatives for Deripaska called the article a “gross fake press-release” and blamed hackers for the article’s appearance. “The team added that Deripaska ‘unequivocally condemns the separation of children from their parents’ and that he is ‘one of the very few prominent Russian industrialists who openly criticizes the fratricidal war and consistently advocates for peace in Ukraine, as well as a reduction in global military spending,’” Meduza noted.

Eto Buziashvili, research associate, Tbilisi, Georgia

Rumors of alleged death of popular pro-Kremlin war correspondent gain traction on Twitter

Rumors are spreading online that claim Ukrainian forces killed pro-Kremlin war correspondent Semyon Pegov, who operates an influential group of social media accounts under the name Wargonzo. The rumor first spread on Twitter on June 19 following the release of a graphic video from the 73rd Naval Center of Operations documenting how Ukrainian special forces unit had shot Russian soldiers in trenches. On June 19, Pegov’s Twitter account disregarded the allegations as fake. Wargonzo’s Telegram account has continued to operate as usual.

DFRLab analysis conducted with the social media monitoring software Meltwater Explore revealed that the most retweeted tweet came from the pro-Ukraine Twitter account @GloOouD, which stated, “LOOKS LIKE RUSSIAN TERRORISTS AND WAR REPORTER SEMEN PEGOV WAS KILLED BY UKRAINIAN SPECIAL FORCES.” The account shared a screenshot of a low-quality video frame depicting a red-bearded man that bears resemblance to Pegov.

Screenshot of @GloOouD’s tweet suggesting that Semyon Pegov was killed by Ukrainian special forces. (Source: @GloOouD/archive)
Screenshot of @GloOouD’s tweet suggesting that Semyon Pegov was killed by Ukrainian special forces. (Source: @GloOouD/archive)

The DFRLab confirmed that the video frame depicting Pegov’s look-alike was extracted from the graphic video posted posted by the 73rd Naval Center of Operations. The video’s metadata indicates the clip was created on June 18, 2023, at 22:16:07 GMT+0300. However, the video shows events occurring in daylight.

Pegov’s most recent public appearance was on June 13 during a meeting between Putin and Russian war correspondents. The Kremlin-controlled Channel One Russia broadcast the meeting on June 18.

Comparison of the red-bearded man from the 73rd Naval Center of Operations’ video and Pegov talking at a press conference. (Source: @ukr_sof/archive, top; Perviy Kanal/archive, bottom)
 
- Nika Aleksejeva, Resident Fellow, Riga, Latvia
Comparison of the red-bearded man from the 73rd Naval Center of Operations’ video and Pegov talking at a press conference. (Source: @ukr_sof/archive, top; Perviy Kanal/archive, bottom)

Nika Aleksejeva, resident fellow, Riga, Latvia

The post Russian War Report: Wagner attempts to draft gamers as drone pilots appeared first on Atlantic Council.

]]>
The way for the US to ensure Gulf security is through partnership, not policing https://www.atlanticcouncil.org/blogs/menasource/the-way-for-the-us-to-ensure-gulf-security-is-through-partnership-not-policing/ Tue, 20 Jun 2023 17:37:59 +0000 https://www.atlanticcouncil.org/?p=657047 As the United States continues to work with the Gulf on security, expect blips. Despite that, Washington can get this partnership back on course.

The post The way for the US to ensure Gulf security is through partnership, not policing appeared first on Atlantic Council.

]]>
Earlier this month, US Secretary of State Antony Blinken traveled to Riyadh to meet with Gulf Cooperation Council (GCC) foreign ministers and the GCC secretariat. There, he mentioned how deeply the United States is invested in partnering with Gulf countries to build a brighter future for the region. In pursuit of that future, the United States should assist GCC countries with Gulf security as true partners—not as a policeman in the neighborhood.

The concept of Gulf security is not new. It was always top of mind for those who inhabited its shores. Historians have written of Russian Tsars’ desires to push south to the Gulf. This desire can be seen in the language of the purported will of Peter the Great from 1725. He advised his descendants to “approach as near as possible to Constantinople and India. Whoever governs there will be the true sovereign of the world. Consequently, excite continual wars, not only in Turkey but in Persia… Penetrate as far as the Gulf, advance as far as India.” The Carter Doctrine, outlined in US President Jimmy Carter’s State of the Union Address in January 1980, committed the United States to use military force, if necessary, to defend its national interests in the Gulf—the doctrine was a direct response to the Soviet Union’s entry into Afghanistan the year prior. 

Generations of US strategic thinkers have spoken of US opposition to threats lodged by any country aiming to control the waters or air space of the Gulf and the adjacent Arabian Sea. Those thinkers focused on what would impede the peaceful relations that the United States and its allies have enjoyed with Gulf countries—countries that have energy resources that make them important for the global economy. 

In over forty years, many realities have changed. US imports of Gulf energy supplies declined. By contrast, US exports to the region have expanded many times over. The parties and conditions that would likely pose a threat to US trade and other relationships with the Gulf are now largely located within the region. In the 1980s and early 1990s, it was the Iraq-Iran War and the Iraqi invasion of Kuwait. Recently, it has been nonstate terrorist groups and Iran. 

In addition, the countries with which the United States has friendly relations don’t depend on the United States to do the job of Gulf security for them. These countries do want Washington to be a reliable partner in support of their individual and collective defense efforts. This is also the goal of the United States. Through diplomacy and through working with the US private sector, Gulf countries’ militaries have been connected to military contacts with US companies and joint exercises conducted by the US Central Command. That fits what the Arab countries in the region need, and it fits what the US political system can accept. 

This takes me back to the Iranian attacks on tankers and other commercial vessels in the final years of the Iran-Iraq War. I was the US ambassador to the United Arab Emirates at the time. Together with other US envoys to the Gulf Cooperation Council (GCC) countries, I was called back to Washington in early 1987 for consultations at the US State Department. 

Interested in regular updates?

Sign up for the MENASource newsletter, highlighting pieces that follow democratic transitions and economic changes throughout the region.



  • This field is for validation purposes and should be left unchanged.

The Kuwaiti government had formally requested that the United States put its flags on Kuwaiti oil tankers in order to gain the protection of US naval warships. The Kuwaitis promised to reimburse the United States handsomely for the flagging operation and to steadfastly maintain it was merely a commercial arrangement. Kuwait wished to shun any overt military alliance with the United States; for example, it did not even welcome US Navy ship visits. Indeed, the United States only had a small contingent of warships in the Gulf at the time, homeported in Manama, Bahrain. The answer from Washington was negative. The Kuwaitis then redirected their request to the Soviet Union. 

When the group of US envoys and I gathered in the State Department, it was clear that the White House and top US politicians were still disinclined to make a major commitment to protect neutral-flag shipping in the Gulf, despite the unanimity among those of us coming from our posts in the region—we were in favor of some kind of positive response. After a half day of talks, we were told that then US President Ronald Reagan did not want to allow an opportunity for the Soviet Union to bring its military force into the Gulf. So, for that reason (however flawed it may be), Operation Earnest Will was born.

The United States committed to sending a military presence sufficient to protect neutral-flag commercial shipping without spending time quibbling over whether the GCC countries were actually neutral in the Iran-Iraq War. When I returned to Abu Dhabi, I received a warm welcome from Sheikh Zayed bin Sultan Al Nahyan, who was then the president of the United Arab Emirates (UAE), and soon after from the rulers of the UAE’s other six emirates and from Sheikh Mohammed bin Rashid Al Maktoum, the minister of defense. At the time, the UAE was a confederation that granted only limited federal powers and separated military commands across Dubai and several other northern emirates. Even without actual authority outside Abu Dhabi, a young rising star in the Abu Dhabi military command, Sheikh Mohamed bin Zayed, along with Dubai’s Sheikh Mohammed bin Rashid, eventually became key contacts for me as the United States ramped up its military presence in the Gulf. 

When I had arrived at my post in September 1986, the United States was limited to a mere four visits per year by its Navy warships and had very limited military relationships with the UAE emirates. By the time I left in October 1989, the United States had a large number of Navy ship visits, refueling and even making critical ship repairs at the large (and, at the time, new) port of Jebel Ali, as well as at established ports from Abu Dhabi to the city of Fujairah. The United States was also on its way to becoming a major supplier of military aircraft to the UAE. The rulers of the seven emirates were seeking joint military exercises as well as ship visits. Moreover, the leaders of these individual emirates had responded to the crisis of the tanker wars and various other demands by strengthening federal powers. 

Because the United States responded to the GCC countries during their time of need (the so-called Tanker War), a strategic partnership formed—one that became the foundation for cooperation to reverse the Iraqi military occupation of Kuwait in 1990. The success of Operation Desert Storm gave the United States political credibility to bring GCC countries and other Arab countries to the Madrid Conference, a peace conference geared toward reviving the Israeli-Palestinian peace process, at the end of 1991. Those talks between Israel and the United States built upon peace between Egypt and Israel negotiated with the help of the United States at Camp David in September 1978 and the peace treaty between those two former military adversaries in March 1979. Camp David, the Madrid Conference, and Israel’s growing relationships with countries ranging from the UAE in the east and Morocco in the west laid the foundation for normalization. In a shrewd move, the Trump administration labeled this growing interaction as the “Abraham Accords.” The Biden administration has continued to play a role as a convenor and mediator. 

As the Biden administration continues to play this role, it and Congress will find that the Arab countries of the GCC want to do their part when it comes to Gulf security. They are not expecting the United States to be the policeman of their neighborhood. Along with other key Arab and global leaders, they will welcome the United States as a partner in facing shared strategic interests. 

Defense coalitions have historically been tricky, requiring skill and mid-course corrections. As the United States continues to work with the Gulf on security, expect blips, such as the report of a UAE withdrawal from the Combined Maritime Forces, a US-led maritime coalition. But if the United States shows that it is ready to work together with Gulf countries, Washington can get this partnership back on course. Read more about improving Gulf security frameworks in our latest report here.

David Mack is a nonresident senior fellow with the Atlantic Council’s Middle East Programs, a former deputy assistant secretary of state for Near East affairs, and a former US ambassador to the United Arab Emirates.

The post The way for the US to ensure Gulf security is through partnership, not policing appeared first on Atlantic Council.

]]>
US-China lessons from Ukraine: Fueling more dangerous Taiwan tensions https://www.atlanticcouncil.org/in-depth-research-reports/report/us-china-lessons-from-ukraine/ Thu, 15 Jun 2023 20:31:43 +0000 https://www.atlanticcouncil.org/?p=647648 The lessons that Washington and Beijing appear to be learning from Russia's war against Ukraine could set the stage for a crisis over Taiwan in the next few years.

The post US-China lessons from Ukraine: Fueling more dangerous Taiwan tensions appeared first on Atlantic Council.

]]>
Table of contents

China’s assumptions and lessons learned
US assumptions and lessons learned
Europe’s lessons learned
Implications of conflicting lessons for deterrence
Policy recommendations
Conclusion

Acknowledgements
About the authors

The lessons that Washington and Beijing appear to be learning from Russia’s February 2022 invasion of Ukraine, and from Ukraine’s resistance and counteroffensive, could set the stage for a crisis over Taiwan in the next few years. This grim prospect is driven by the United States and China arraying themselves for a strategic rivalry since 2017 through the continuing trade war, economic decoupling, and increasing rhetorical and military positioning for confrontation over Taiwan. In light of the Chinese military’s threatening gestures, belligerent rhetoric, and other recent actions that read like they could be preparation for war, there is a danger that the successive warnings by senior US military commanders that Chinese CCP General Secretary and President Xi Jinping has already decided to use military force in the near term could become the proverbial tail wagging the dog — and could impose a logic that makes a US-China war more likely, rather than enhancing deterrence.1 Therefore, the key question for the United States and its allies is how an increasingly truculent and belligerent Chinese leadership can be incentivized to walk back from the brink. This paper examines what lessons China, the United States, and European allies have drawn from the Ukraine conflict and how such lessons have shaped these actors’ strategic assumptions. It concludes with a discussion of policy recommendations for the transatlantic community confronting the possibility of a US-China conflict over Taiwan.

China’s assumptions and lessons learned

Even as Beijing modulates its public statements in support of Moscow, China’s strategic assumptions from before the Ukraine invasion likely have not changed, and may depend on the longer-term outcome in Ukraine. That includes the prospect of an outcome that Vladimir Putin can claim as a Russian “victory,” in which Russia continues to hold territory and forecloses Ukraine’s NATO or European Union (EU) integration.

China is likely to apply the following strategic assumptions as it digests lessons learned from the Ukraine war.

According to Beijing, the United States is an adversarial, declining hegemony that will be antagonistic to China’s rise for the foreseeable future, and which will seek to foment instability within China and hostility on its periphery. In Beijing’s view, US antagonism to China is now structural and bipartisan. China’s previous self-imposed restraint, as it chose to prioritize stable US relations and drive economic reform and growth, is therefore moribund. For the Chinese Communist Party (CCP), the relatively peaceful global and regional environment that prevailed in the late bipolar Cold War and the post-Cold War period is severely challenged, as Xi told President Joe Biden in their March 18 call.“2 Economic growth and rising prosperity are still important, but diminishing, sources of regime legitimacy. Defense of the CCP system, fueled by nationalism, expanded party control, while more active cooperation with Russia and other US adversaries, such as Iran, is becoming more prominent. Xi made this explicit in his speech to China’s National People’s Congress on March 6: “Western countries led by the United States have implemented all-around containment, encirclement and suppression of China, which has brought unprecedented severe challenges to our country’s development.”3

Economic growth and rising prosperity are still important, but diminishing, sources of regime legitimacy.

Giant screen displays a live broadcast of Chinese President Xi Jinping delivering a speech during the closing ceremony of the National People’s Congress (NPC), in Beijing. (Tingshu Wang via Reuters)

Another key view in Beijing is that Russia is China’s strategic partner. This status was further elevated on the eve of Russia’s invasion of Ukraine, when Russian President Putin and Xi met in Beijing and signed a joint statement on February 4, 2022.“4 Throughout the war in Ukraine, China’s leaders have reiterated their stance, most recently during visits to Moscow by Xi and by China’s top foreign affairs official Wang Yi in early 2023.5 The two countries are unlikely to ever have a formal mutual-defense treaty, but intensified cooperation in many spheres—including military coordination, intelligence sharing, energy, and trade—will continue and even accelerate.6 Even before its invasion of Ukraine, Russia was the junior partner in the bilateral relationship, but Beijing has deep strategic interest in ensuring that Moscow—and Putin personally—remains a viable ally in blunting US power and coordinating at the United Nations. Most importantly, Beijing has a strategic need to keep Russia from internal turmoil or international setbacks that could result in the rise of a regime that is hostile to China. One of the greatest gifts to Beijing of the Sino-Russian rapprochement that started during the 1990s, and truly took off from the mid-2000s, was a passive 4,200-kilometer border that enabled China to focus military modernization on naval, rather than land, warfare for potential conflict with the United States and Japan over Taiwan, or with India or Vietnam over border and maritime sovereignty disputes, respectively. The fact that Russia had dared to commit an estimated 97 percent of its entire forces to the fight in Ukraine by mid-February 2023 and, thus, baring its far-eastern borders, is a testament to this.7

Third, in the view of China’s leadership, the EU can act as a Western counterweight to perceived US hostility to China, and Beijing has at times tweaked its approach when deemed necessary to try to stabilize its ties to Europe. The EU lacked unanimity about following Washington’s lead, or did so only slowly and with less intensity, on hostile trade action and efforts to isolate China internationally prior to Russia’s invasion. In late April, inflammatory comments from China’s ambassador to France Lu Shaye, who essentially denied the sovereignty of former Baltic states, sparked an outcry across Europe and beyond.8 Shortly thereafter, Xi held his long-awaited call with Ukrainian President Zelenskyy,9 and separately, the Chinese Government voted in favor of a UN resolution containing language that explicitly acknowledges “the aggression by the Russian Federation against Ukraine,” a sharp departure from Beijing’s previous neutral UN voting patterns on Ukraine.10 While these moves are largely symbolic and mark a slight tactical rather than a strategic shift, they underscore Beijing’s willingness to make adjustments to try to maintain favorable relations with Europe, given the value Chinese leaders place on the region as a counterbalance to the United States.

However, China’s refusal to condemn the war against Ukraine and its enabling stance toward Russia have galvanized worries, particularly in Eastern European countries, over the trustworthiness of the Chinese government.11 On January 30, Czechia’s president-elect made it a point to accept a phone call from Taiwan’s President Tsai Ing-Wen, in a stark departure from previous practice.12 US intelligence made public in February 2023 that China was considering lethal arms supplies to Russia, causing grave concern in European capitals.13 Should Beijing actually deliver arms or ammunition to Russia despite its assurances to the contrary, China’s relations with much of Europe could be stretched past the breaking point and, indeed, there are signs of worsening strain, such as the aforementioned call between the Czech president-elect and President Tsai and his intention to plan a personal meeting with her, an unprecedented step from any Western leader; the withdrawal of the Baltic states from the Chinese 17+1 format; and, following similar decisions by many other European countries, Germany’s decision after long hesitation to finally ban and remove key components delivered by Chinese telecoms firms Huawei and ZTE from its fifth-generation (5G) network.14 At the same time, German leaders have continued to reach out diplomatically to China in the hopes of avoiding a complete Cold War-style economic decoupling scenario. On the other hand, European Commission President Ursula von der Leyen’s March 30, 2023, speech on EU relations with China put the future of the shelved Comprehensive Agreement on Investment (CAI) firmly in doubt.15

How the CCP and the People’s Liberation Army (PLA) ultimately digest strategic lessons from Russia’s war on Ukraine, therefore, will depend on that conflict’s course, the longer-term effects of Western sanctions on Russia and the global economy, and myriad other aspects, including elections in the United States and Taiwan in 2024.

Beijing has deep strategic interest in ensuring that Moscow—and Putin personally—remains a viable ally in blunting US power.

Vladimir Putin and President of the People’s Republic of China Xi Jinping made statements for the media following the Russian-Chinese talks on March 21, 2023. (Mikhail Tereshenko, TASS via Russian Presidential Press and Information Office)

Beijing likely is also watching closely to see how deeply entrenched in—or distracted by—the Ukraine conflict the United States becomes, where it contributes the lion’s share of direct military aid, including key munitions and weapons platforms that are in short supply; Ukraine is currently expending US annual production of nine thousand HIMARS missiles every two months.16 As Russia continues to achieve reduced war aims in the east and south, the war seems likely to continue for the foreseeable future. It presents new opportunities for fissures in the Alliance, and reduced US strategic standing headed into US presidential elections in 2024 that are likely to be even more disruptive than previous election campaigns after former US President Donald Trump’s March 30 grand-jury indictment on business-fraud charges.17 Partly because of Washington’s massive arms support for Ukraine, its deliveries of key weapons and munitions already sold to Taiwan have been significantly delayed.18

But one momentous strategic implication of Russia’s invasion is probably already clear to Xi and the CCP. For the first time since the end of the Cold War, the prospect of major-power military conflict, and even nuclear-weapons use, is again a characteristic of the global order. Russia’s gamble in Ukraine that it could quickly defeat a non-NATO European neighbor and secure its near abroad has so far failed, but US-led Western unity and imposition of sanctions against Moscow have the earmarks of a protracted conflict that could drive new instability. If Beijing concludes that this is a characteristic of geopolitics and great-power competition in the twenty-first century, it could increase Chinese preparations for military conflict in Asia with either the United States or its proxies.

The deepening enmity of US-China strategic rivalry since 2017 has already eroded core CCP assumptions that competition would remain bounded by nuclear deterrence, deep economic integration, shared stewardship of financial stability, and cooperation on global challenges such as pandemics and climate. The Western reaction to the Russian war against Ukraine is likely to reinforce these judgments, and may be amplifying Beijing’s assessment that the United States is on a trajectory to pursue overthrow of the CCP as a strategic goal.

Even China’s February 24 “Position on the Political Settlement of the Ukraine Crisis” seemingly centers most around its affirmation of “sovereignty” as the key thing to be respected—crucially, without ever mentioning Ukraine’s sovereignty in particular, nor calling Russia’s invasion of Ukrainian sovereign territory an invasion, let alone illegal, despite this being a peace template for the Ukraine war.19 This implies the text has more to do with reaffirming China’s position on Taiwan and offering support to Russia than being an actual attempt to mediate. In calling to freeze the conflict, it would cement Russian territorial gains; ending the “unilateral” sanctions would again benefit Russia; and “promoting post-conflict reconstruction” would presumably benefit Chinese infrastructure companies. Beijing’s proposal on its face seems decidedly tilted toward Moscow or self-serving goals.

US assumptions and lessons learned

While dealing with the Russian aggression against Ukraine, the US government has not reduced its attention on the strategic challenge posed by China. At the time of the invasion, the Biden administration was aggressively focused on continuing and expanding Trump-era strategic competition with China. Even as Washington openly warned of intelligence regarding Moscow’s intentions, it continued adversarial policies and alliance building directed at China. It has since announced multiple rounds of technology restrictions on Chinese companies, and signed the CHIPS and Science Act to revitalize US semiconductor leadership.20 Moreover, the president has personally eroded US strategic ambiguity on US military commitments to Taiwan—despite National Security Council (NSC) staff “clarifications” after each repeated instance that US policy has not, in fact, changed.

While dealing with the Russian aggression against Ukraine, the US government has not reduced its attention on the strategic challenge posed by China.

President Joe Biden talks to workers as CEO of TSMC C. C. Wei and Chairman of TSMC Mark Liu look on during a visit to TSMC AZ’s first Fab (Semiconductor Fabrication Plant) in P1A (Phase 1A), in Phoenix, Arizona. (REUTERS/Jonathan Ernst)

In its National Defense Strategy (NDS) released last year, the Biden administration focused on homeland defense challenges posed by Russia and China, rather than simply on military contingencies in the Indo-Pacific or Europe.21 This sends a strong message that the world is actively contested now, and that the Department of Defense and all of the US government are not just preparing for potential kinetic conflict, but engaged already in active operations to disadvantage China—tantamount to a new Cold War. Moreover, the NDS’ emphasis on “integrated deterrence” with allies and partners will underscore the threat to China of the United States designating Taiwan as a “key non-NATO ally,” potentially breaking existing US policy barriers to a virtual defense guarantee.

The United States is likely to apply the following lessons learned from the Ukraine war as it prepares for potential future conflict with China.

The United States sees public intelligence disclosures of Russian plans to invade Ukraine since November 2021 as a major success, despite failing to deter Russia or realize major pre-war Alliance (or Ukrainian government) preparation for the attack.22 The credibility that Washington gained when Russia invaded in February helped drive the immediate post-invasion international reaction (the reverse of the 2003 Iraq weapons of mass destruction (WMD) fiasco) and resulted in even more comprehensive sanctions than were threatened pre-invasion to deter Russia. Senior US military and administration warnings of Beijing’s “2027 plans” echo US intelligence warnings about Ukraine, albeit without the same specificity and high confidence.23

Similarly for the United States, a Russian military “paper tiger” perception can be applied to the PLA in a Taiwan scenario that draws on the usual tropes.

  • “China hasn’t fought a major war since 1979” and, therefore, its military operational abilities may be more limited than expected.
  • “Amphibious invasion across 100NM Taiwan Strait is far more challenging than Russian land invasion of Eastern Ukraine,” due to the enormous inherent complexity of a Normandy-style amphibious landing and the PLA’s insufficient lift capacity for the task.
  • “Economic sanctions work, imposing a heavy burden for Moscow, thereby increasing regime insecurity, which can deter Beijing from taking action on Taiwan.”24

The key lesson Washington probably finds applicable to a Taiwan 2027 scenario is the importance of providing both conventional and non-conventional support, including intelligence sharing and equipment, in the runup to, and during, any conflict. In the case of Ukraine, Kyiv’s ability to blunt Moscow’s invasion was enabled by the strengthening of Ukraine’s resilience and resistance post-2014. While the United States and its NATO allies have not directly intervened in Ukraine, they maintain military equipment, intelligence, and economic/communications lifelines that have helped deny Russia its original war aims. Specifically, deliveries of new weapons (Javelin, Stingers, artillery/HIMARS, antiship missiles), near-real-time battlefield intelligence and targeting, and initial success in the public-relations/propaganda/information domain seemed to have blunted Russian hybrid warfare and aligned developed world/Global North opinion behind Ukraine and NATO. However, it is far from clear how well Taiwan could be resupplied in the event of a blockade, if at all. As an island nation, Taiwan has no cross-border sanctuaries for stockpiling and delivery of key military and civilian supplies. And while Russia has been restrained from striking NATO members on Ukraine’s western and southwestern borders, US bilateral allies in the Pacific have no NATO-like structure for collective defense.

A lesson the United States so far seems resistant to learning from Ukraine is that nuclear deterrence by the aggressor (Russia in the case of Ukraine, China in Taiwan) enables conventional war and blunts outside major-power intervention.25 The United States and its NATO allies are strongly united in resisting pressure from pundits to enforce a no-fly zone over Ukraine, break the Russian blockade of Ukraine’s Black Sea ports, or other ideas that could risk direct NATO-Russian war. China could very well conclude that inducing self-deterrence in Western capitals has worked well in Ukraine, and is a promising approach for Taiwan.26 On the other hand, nuclear deterrence works both ways. One could speculate how things would stand today had Ukraine been given a security guarantee akin to NATO’s Article Five in time, and whether this would not have effectively deterred a Russian attack.27 When President Biden conversely ruled out military intervention on behalf of Ukraine during the lead-up to the attack, deterrence was arguably weakened rather than strengthened. Rather than appreciating the transparency and reliability displayed by the United States, and accepting the olive branch it represents, an authoritarian aggressor might see preemptive self-constraint as a weakness to be exploited.

The more the United States talks up the prospect of a 2027 Taiwan war scenario, the more it will turn to buttressing Taiwan’s “resilience”—regardless of whether Taiwan wants this, given the island’s failure to buttress its own defense during twenty-five years of rapid PLA modernization and growing tensions on the strait.28

The more the United States talks up the prospect of a 2027 Taiwan war scenario, the more it will turn to buttressing Taiwan’s “resilience”—regardless of whether Taiwan wants this

US Senate Majority Leader Chuck Schumer (D-NY) announces that he will unveil a new package of legislation to address competition with China. (REUTERS via Craig Hudson)

So far, the drumbeat in US media, from Congress, and among some members of the current administration is to be prepared for direct US military intervention to defend Taiwan from a Chinese military attack. The United States, and its allies and partners, should assume that China would be at least as determined as Russia to wield its rapidly expanding nuclear-capable forces (and space/counterspace and cyber capabilities) to deter direct US intervention. China has stated numerous times that it would be prepared to declare a state of war today if it saw Taipei, Washington, or Tokyo violate the understandings that have preserved the peace since at least 1979. The main potential triggers for this are: Chinese perceptions that Taiwan is moving irrevocably away from the possibility of unification and toward the founding of a new state under the moniker “Taiwan” at some future point; a renewed Taiwanese effort to acquire nuclear weapons; or a return to a quasi-formal US military-security relationship with Taiwan, including through stationing US forces on the island or integrating Taiwan into the US alliance sphere through actions such as inviting it to participate in regional or bilateral military exercises or in Alliance intelligence-sharing arrangements. At the same time, China itself through its threatening actions has been doing the most to upend the understandings that constituted the peaceful status quo in the Taiwan Strait, forcing Taiwan, other regional actors such as Japan, and the United States to reposition themselves.

Europe’s lessons learned

Europe as a whole—comprising not just the EU, but also the United Kingdom, Norway, and other key non-EU states—has rather divergent regional security cultures. Former Eastern Bloc countries, for instance, have been far more alert to the risks posed by a belligerent Russia than have Western European countries that have never been under Russian occupation. European lessons learned from the Ukraine war, therefore, differ markedly in each region. For countries with a traditional Russia-friendly outlook—in particular, Germany, France, and Austria—the Ukraine war came as a shock and was met with initial disbelief and disorientation, giving way to a painful process of finding a new security paradigm.29 Other countries—such as the Nordics, Baltics, and Central and Eastern European (CEE) countries—were not as surprised, and indeed felt vindicated after decades of open disregard for their warnings.30 With the exception of Finland, most European countries discovered that their previous strategies of reaping a “peace dividend” by shrinking the armed forces and neglecting societal preparedness for crises and war had backfired.31 Collectively, Europe has learned (or is learning) five primary lessons.32

First, a real effort to bolster collective defense through tangible capabilities was urgently required, after countries paid only lip service to NATO commitments (such as the pledge to commit 2 percent of gross domestic product (GDP) to defense spending). This includes the need to ramp up production of defense goods in support of Ukraine during what could be a long struggle.33

Second, Europe learned the dangers of energy dependence on Russia. Prior to the war, Germany had dismissed concerns voiced by its eastern neighbors, the United States, and especially Ukraine that Nord Stream 2 would make Germany dependent and vulnerable to coercion, while also massively weakening Ukraine’s geopolitical situation. These warnings were proven right and have led to a painful reorientation process in Germany (dubbed the “Zeitenwende”) that is still in full swing more than a year after the war started, and is far from concluded.34 Intense debates still surround the questions of rebuilding German military capability, lethal arms supplies for Ukraine, and the future orientation of Germany’s Russia policy. As Germany is a key member state of both the EU and NATO, due to its size and geographic location, its unresolved security-political identity crisis negatively impairs both these organizations, leading to impatience—particularly among the Eastern European states—and a diminished German stance.35

China’s dubious role in the Ukraine war definitely has the potential to make China “lose Europe,” even if China refrains from delivering arms and ammunition to Russia.

German Foreign Minister Annalena Baerbock and Chinese Foreign Minister Qin Gang attend a joint press conference at the Diaoyutai State Guesthouse in Beijing, China. (Suo Takekuma/Pool via REUTERS)

Third, Europe has recognized China’s apparent role in the Ukraine war as a covert supporter and enabler of the Russian aggressor, and the consequences this realization has for the security of critical infrastructures in Europe that were built with Chinese technology.36 Rather than supporting Ukraine and using its influence on Russia to stop the war, China has bolstered Russia diplomatically and economically, stopping just short of violating Western sanctions that would endanger China’s economy, while failing to condemn the invasion and effectively calling in its February 2023 “Position” for a freezing of the conflict that would reward Russia’s aggression with territorial gains.37 Particularly among the post-socialist EU and NATO member states in the Baltics and in CEE, this has led to intense distrust of China and disillusionment regarding the official EU formula of China as a “partner, competitor and rival” of the EU.38 The final outcome of this reevaluation will largely depend on China’s further actions of support for Russia—or its refraining from such support, as it may be. Against the backdrop of negative experiences with Chinese “wolf warrior diplomats” during the pandemic, and following coercive diplomacy, China’s dubious role in the Ukraine war definitely has the potential to make China “lose Europe,” even if China refrains from delivering arms and ammunition to Russia.39 Previous Chinese Foreign Minister Wang Yi’s hostile stance during the February 2023 Munich Security Conference, and a rather aggressive first speech by China’s new Foreign Minister Qin Gang, do not seem to offer much hope in this regard.40

Moreover, Europeans have come to realize that war over Taiwan could break out, despite the risk of nuclear escalation and despite the huge economic constraints in place, and regardless of the political risk such a war would pose to China’s leaders.41 Given Putin’s complete disregard for such constraints when following through with his attack plan, Europeans have had to accept that their assumptions about the economic rationale as a deterring factor in security-political decision-making of autocratic countries can no longer be relied upon, and that military forms of deterrence are ultimately more meaningful.42 The notion that China’s even greater degree of economic dependence on the outside world than Russia’s would serve as sufficient deterrent against military adventurism, therefore, might not hold. Consequently, there has been a palpable uptick in European analyses and discussions surrounding the risk of escalation in the Taiwan Strait, possible military and economic consequences, and Europe’s role in such a scenario, while exchanges with Western and South Pacific NATO partner states have markedly increased. French President Macron’s initiative during his early April 2023 China visit of implying that Taiwan is not Europe’s problem was quickly rebutted across European capitals, and Germany’s Foreign Minister Annalena Baerbock made it a point during her subsequent China visit to name war over Taiwan a “horror scenario” that would send “shock waves” around the world and deeply affect Europe.43

Finally, European countries in general, and NATO members in particular, have a newfound appreciation of the United States as the ultimate security provider for European NATO member states. Particularly in Germany and France, the realization that a European “strategic autonomy” remains a pipe dream for the foreseeable future due to lack of capabilities, and the fact that Ukraine’s defense effort would likely not be viable without massive US support, has been an unwelcome, yet necessary, reality check.44 Finland and Sweden’s applications for NATO accession are a testament to the indispensability of the nuclear umbrella provided by US forces to frontline NATO states. Russia’s decision to withdraw from the New Strategic Arms Reduction Treaty (New START), the nuclear blackmail it employed to keep Western countries from intervening on behalf of Ukraine, and China’s massive expansion of its nuclear arsenal all run counter to European hopes of creating effective arms-control regimes and working toward nuclear threat reduction.45 Six years after the International Campaign to Abolish Nuclear Weapons (ICAN) was awarded the Nobel Peace Prize, Europeans are needing to accept that there is currently no substitute for nuclear deterrence in the face of the Russian—and, potentially, the Chinese—threat, and that the global trend points toward more nuclear-armed states in the medium term rather than successful arms reduction.46 This also implies a newfound sense of European vulnerability to exposure, should the United States become tied down in a conflict with China. All in all, Europe is still reeling from the shock of the war and the challenge it poses to long-held assumptions of economic interdependence and institutionalism as the effective and civilized way to resolve conflicts. Regardless of the war’s ultimate outcome, it is already clear that its humanitarian, economic, political, and security consequences massively complicates the way European states will calibrate their exchanges with China going forward.

Implications of conflicting lessons for deterrence

The collision of these conflicting “lessons” could result in a deterrence trap. If the US increasingly acts on its conviction that China plans to attack on its own initiative in the next few years, the United States is likely to put enormous pressure on Taiwan to prepare to become the next Ukraine, and its self-imposed restraints on security assistance will further erode. US fear of a Chinese attack would increasingly drive a deepening cycle that is bound to cross at least some of China’s red lines.

Deterrence traps, of course, usually have more than one moving part; for its part, China’s actions drive this dangerous dynamic more strongly than those of the United States. China keeps moving the red lines, conducting increasingly provocative military operations around Taiwan, creating provocative situations (such as its “blockade drill” after Speaker Nancy Pelosi’s August 2022 visit to Taiwan, which included the unprecedented shooting of ballistic missiles over the island), and intensifying efforts to choke off Taiwan’s international breathing space.47 Honduras’ switch to China leaves Taipei with only thirteen formal diplomatic partners as of April 2023, demonstrating that Beijing’s “checkbook diplomacy” threatens to flip others soon and making Taipei more reliant on the United States, Japan, and the EU to prevent greater isolation. And, crucially, if war over Taiwan ever breaks out, it will have been because China chose to use lethal force against Taiwan for the first time since 1958, not the other way around.

Upping the military ante to some degree seems necessary as long as China is changing its military posture and behaving aggressively.

An F/A-18E Super Hornet flies over the flight deck of the Navy’s only forward-deployed aircraft carrier USS Ronald Reagan in the South China Sea. (US Navy)

The key question, therefore, is what steps Washington, Taipei, and others can take to preserve a stable status quo without fueling tensions. Upping the military ante to some degree seems necessary as long as China is changing its military posture and behaving aggressively. The United States is far from alone in seeing a military threat from China, as that perception is shared within much of the region (including Japan, Australia, Vietnam, the Philippines etc.), and even Europeans are becoming increasingly worried, despite remaining relatively inattentive to the military details of China’s behavior.

The Ukraine war, therefore, offers all sides a chance to learn how such a situation can be avoided: signaling weakness and indecisiveness on the part of the West before February 24, in any case, was not helpful in avoiding the Ukraine war. In the case of China, there is no reason to assume that signaling weakness and indecisiveness will yield any better outcome. In other words, there is a chance to drive home to China the great risks of going to war, and to signal allied resolve in aiming to avoid a second scenario of the same type as that in Ukraine. However, the Ukraine example has limits when applied to Taiwan, where China’s decision to use force—either to convince Washington or Taipei to reverse actions that cross Beijing’s long-established “red lines” (formal independence, a US military alliance) or to compel unification—likely would not be as opportunistic, or as lacking in constructive strategic aims, as Moscow’s decision to invade Ukraine.

Policy recommendations

The collision of these conflicting “lessons” identified by the United States, China, and Europe could result in a deterrence trap, and China’s actions drive this dangerous dynamic more strongly than those of the United States. However, Washington, Taipei, Brussels, and others can still play important roles in preserving stability without fueling tensions.

  • Allies must analyze, and urgently address, the reasons why deterrence failed in Ukraine. A key lesson to draw from the Ukraine war should be the realization that deterrence failed for a number of reasons, including naiveté and wishful thinking; a willingness among allies to make themselves overly dependent on Russian energy supplies; a lack of resolve in showing a unified front before aggression; and disregard for basic military preparedness among most of the allies.
  • Non-kinetic scenarios might be China’s favored option for subduing Taiwan, and could be difficult to effectively address as allies. In light of the military difficulties Russia is experiencing in Ukraine, which came as a surprise to the Chinese leadership, it can be assumed that China might prefer non-military or less decisive options of coercing Taiwan if at all possible, short of a PRC perception that Taiwan has taken actions tantamount to a declaration of independence or an explicit US defense commitment. Allies should wargame and prepare for such non-kinetic scenarios, including blockades, hybrid attacks, and subversion, because a less than clear-cut case of aggression might prove far more difficult to react to as united allies than a clearly attributable violation of the United Nations (UN) Charter as in the case of the Ukraine war.
  • Information warfare over Taiwan presents a key challenge for allies. Just like Russia, China is highly effective at using information and psychological warfare to its advantage. Likeminded countries in the transatlantic and Indo-Pacific communities should identify and address, in a timely fashion, any false narratives China is spreading to sow discord among them or to shape perceptions in the Global South that are detrimental to the goal of upholding the UN Charter and the principles of the rules-based international order.
  • “Anti-colonial” and “anti-hegemonial” self-justifying narratives by aggressor states targeting audiences in the Global South should be countered more effectively. China and Russia are jointly positioning themselves as “anti-hegemonial” champions of a multipolar world order and, in some cases, are successful despite the fact that Russia is fighting to regain a former colony, or that the PRC threatens war as it seeks “reunification” over Taiwan, which it has never controlled. Transatlantic allies should, therefore, make sure to correct this self-representation by publicly addressing China’s violations of its own 2013 Friendship and Cooperation Treaty with Ukraine, signed by Xi Jinping himself, in which China reinforced the security guarantee extended to Ukraine in recognition of its voluntary relinquishment of its nuclear arms via the Budapest Memorandum (Article 2); pledged to assist Ukraine in the protection of its territorial integrity (Article 5), promised not to take any action prejudicial to the sovereignty, security or territorial integrity of Ukraine (Article 6), and is bound to hold “urgent consultations” with Ukraine to develop measures to counter a threat in case of a crisis (Article 7).48 Despite China’s obligations under this treaty, Xi didn’t reach out to Zelenskyy until more than a year after the Russian invasion began.49 Ukraine, for its part, has always upheld its treaty obligations to China.50
  • Allies should not put too much hope in a “wedge” strategy. Though some political leaders still harbor hopes of driving a wedge between China and Russia, and incentivizing China to work against Russia, there is currently no reason to believe such an approach might yield viable results. Rather, based on recent Chinese leaders’ consistent actions and rhetoric, allies should assume that Beijing continues to share Russia’s strategic vision of challenging, and fundamentally revising, the international rules-based order (as laid out in their joint statement of February 4, 2022). China can, at best, be hindered from throwing its full weight behind Russia in this war, but not weaned from Russia as long as Xi Jinping is in power, due to the countries’ mutual synergies and shared geopolitical interests.51
  • Sharing intelligence can bolster credibility and unity among allies and beyond. The US strategy of sharing intelligence prior to the Ukraine war, and the accuracy of that intelligence, was highly effective in foiling a Russian surprise attack and bolstering US credibility among allies. This approach should also be continued with regard to China’s military actions in the Western Pacific. Care should be taken, however, not to repeat the mistake of sharing unreliable assessments, as in the infamous Iraq “weapons of mass destruction” analysis, which damaged US credibility in Europe at the time.

Although NATO is chiefly concerned with the European theater, its member states represent a sizeable share of global GDP, and the economic deterrence they can provide toward China is not to be discounted.

French President Emmanuel Macron talks to other European leaders during the second day of the European Union leaders summit in Brussels, Belgium October 18, 2019. (Aris Oikonomou/Pool via REUTERS)

  • Frustrations notwithstanding, European allies make valuable contributions to security. From the US perspective, notwithstanding its predilection toward working with the United Kingdom and its existing frustrations with large EU and NATO partners Germany and France, Europe as a whole should not be discounted as a valuable security partner—including as a partner for routine engagement to better understand and track China’s capabilities and intent toward Taiwan in the military, economic, information, and political domains. In particular, the Nordic, Baltic, and many CEE states, and NATO as an organization, have proven capable of quickly drawing meaningful security-related conclusions from the Ukraine war. NATO accession by Finland, soon followed by Sweden’s, can be expected to improve NATO’s effectiveness as a whole, since at least Finland is going to be a net security provider—for instance, in a scenario of the Baltic states coming under threat. Although NATO is chiefly concerned with the European theater, its member states represent a sizeable share of global GDP, and the economic deterrence they can provide toward China is not to be discounted.

Conclusion

The lessons that Washington and Beijing appear to be learning from Russia’s February 2022 invasion of Ukraine and Ukraine’s resistance and counteroffensive, in terms of military effectiveness and deterrence, could set the stage for a crisis over Taiwan in the next few years if those lessons are not accompanied by simultaneous efforts to defuse tensions where that is possible. European allies, just like US allies in Asia, can—and should—play a key role in this. For that, it is necessary to think of Eastern Europe and the Western Pacific not as two distinct theaters, but as interlinked theaters where events in one will inevitably have repercussions in the other. In other words, despite the cost, supporting Ukraine is not a detraction from deterring China if it leads to an outcome in which Russian aggression is thwarted, as that also enhances deterrence regarding Taiwan. At the same time, when the United States is focusing more strongly on the Western Pacific, Europeans need to cease seeing this as “abandoning Europe,” and instead step up their own game to bolster the rules-based international order both at home and abroad, with the means at their disposal.

Understanding more closely why deterrence failed in Ukraine, and exploring how these lessons could be applied to enhancing deterrence, bolstering diplomatic initiatives, and, thereby, hopefully defusing tensions over Taiwan should be high on the agenda of the entire Alliance. After all, all members share the same interest, as does China: finding out how to avoid sleepwalking into a global war.

Acknowledgements

This publication was produced under the auspices of a project conducted in partnership with the Norwegian Ministry of Foreign Affairs focused on the impact of China on the transatlantic relationship.

About the authors

John K. Culver is a nonresident senior fellow with the Atlantic Council’s Global China Hub and a former Central Intelligence Agency (CIA) senior intelligence officer with thirty-five years of experience as a leading analyst of East Asian affairs, including security, economic, and foreign-policy dimensions.

Previously as national intelligence officer for East Asia from 2015 to 2018, Culver drove the Intelligence Community’s support to top policymakers on East Asian issues and managed extensive relationships inside and outside government. He produced a large body of sophisticated, leading-edge analysis and mentored widely on analytic tradecraft. He also routinely represented the Intelligence Community to senior US policy, military, academic, private-sector and foreign-government audiences.

Culver is a recipient of the 2013 William L. Langer Award for extraordinary achievement in the CIA’s analytic mission. He was a member of the Senior Intelligence Service and CIA’s Senior Analytic Service. He was also awarded the Distinguished Career Intelligence Medal.

Dr. Sarah Kirchberger is a nonresident senior fellow with the Scowcroft Center for Strategy and Security. She serves as head of Asia-Pacific Strategy and Security at the Institute for Security Policy at Kiel University (ISPK) and vice president of the German Maritime Institute (DMI). Her current work focuses on maritime security in the Asia-Pacific region, emerging technologies in the maritime sphere, Russian–Chinese military-industrial relations, China’s arms industries, and China’s naval and space development.

Before joining ISPK she was assistant professor of contemporary China at the University of Hamburg, and previously worked as a naval analyst with shipbuilder TKMS Blohm + Voss. She is the author of Assessing China’s Naval Power: Technological Innovation, Economic Constraints, and Strategic Implications (2015). Her earlier work includes a monograph on informal institutions in the Chinese and Taiwanese political systems as well as studies of reform discourses within the Communist Party of China and of Mainland Chinese perceptions of Taiwan’s post-war transformation. She completed undergraduate and graduate studies in Sinology, Political Science and Archaeology in Hamburg, Taipei, and Trier and holds an MA and a PhD in Sinology from the University of Hamburg.

The Transatlantic Security Initiative, in the Scowcroft Center for Strategy and Security, shapes and influences the debate on the greatest security challenges facing the North Atlantic Alliance and its key partners.

The Global China Hub researches and devises allied solutions to the global challenges posed by China’s rise, leveraging and amplifying the Atlantic Council’s work on China across its fifteen other programs and centers.

1    John A. Tirpak, “IISS: China’s Aggressive Exercises Near Taiwan Are a ‘New Normal,’’ Air & Space Forces Magazine, February 7, 2022, https://www.airandspaceforces.com/iiss-china-aggressive-exercises-near-taiwan-new-normal/; Keoni Everington, “China Reportedly Approves Resolution to Make ‘Taiwan Separatists’ Kill List,” Taiwan News, March 7, 2023, https://www.taiwannews.com.tw/en/news/4828473; “China’s New Reservist Law: Preparing for War,” TableChina, February 9, 2023, https://table.media/china/en/opinion/chinas-new-military-service-law-preparing-for-war; Jude Blanchette and Ryan Hass, “To Deter Beijing, What the United States Says Matters,” Center for Strategic and International Studies, February 2, 2023, https://www.csis.org/analysis/deter-beijing-what-united-states-says-matters.
2    President Xi Jinping Has a Video Call with US President Joe Biden,” Ministry of Foreign Affairs of the People’s Republic of China, March 19, 2022, https://www.fmprc.gov.cn/mfa_eng/zxxx_662805/202203/t20220319_10653207.html.
3    “When Xi Jinping Visited the Members of the CPPCC Meeting, He Emphasized That the Private Economy Should Be Correctly Guided to Develop in a Healthy and High-Quality Way. Wang Huning, Cai Qiding, Ding Xuexiang and Xue Xiang Participated in the Visit and Discussion,” Xinhua, March 6, 2023, http://www.news.cn/politics/leaders/2023-03/06/c_1129417096.htm.
4    Joint Statement of the Russian Federation and the People’s Republic of China on the International Relations Entering a New Era and the Global Sustainable Development,” President of Russia, April 6, 2023, http://en.kremlin.ru/supplement/5770.
5    “Wang Yi Meets with Russian Foreign Minister Sergey Lavrov,” Ministry of Foreign Affairs of the People’s Republic of China, February 22, 2023, https://www.fmprc.gov.cn/mfa_eng/wjdt_665385/wshd_665389/202302/t20230224_11030933.html; Nectar Gan, “China’s Xi Jinping Makes ‘Journey of Friendship’ to Moscow Days after Putin’s War Crime Warrant,” CNN, March 20, 2023, https://edition.cnn.com/2023/03/20/china/china-xi-putin-russia-visit-analysis-intl-hnk-mic/index.html.
6    Michael Kofman, “The Emperors League: Understanding Sino-Russian Defense Cooperation,” War on the Rocks, August 6, 2020, http://warontherocks.com/2020/08/the-emperors-league-understanding-sino-russian-defense-cooperation/.
7    Jon Jackson, “Russia Has 97 Percent of Army Deployed in Ukraine: U.K.,” Newsweek, February 15, 2023, https://www.newsweek.com/russia-97-percent-army-deployed-ukraine-1781430.
8    Simone McCarthy, “Chinese ambassador sparks European outrage over suggestion former Soviet states don’t exist,” CNN, April 25, 2023, https://www.cnn.com/2023/04/24/china/china-ambassador-lu-shaye-baltic-soviet-states-europe-intl-hnk/index.html.
9    Simone McCarthy, “With Zelensky call, Xi Jinping steps up bid to broker peace – but does he have a plan?” CNN, April 27, 2023, https://www.cnn.com/2023/04/27/china/china-ukraine-xi-jinping-zelensky-call-analysis-intl-hnk/index.html.
10    Jorge Liboreiro, “China and India vote for UN resolution with a reference to Russia’s ‘aggression’ against Ukraine,” EuroNews, May 2, 2023, https://www.euronews.com/my-europe/2023/05/02/china-and-india-vote-for-un-resolution-with-a-reference-to-russias-aggression-against-ukra.
11    Ivana Karásková, “How China Lost Central and Eastern Europe,” Mercator Institute for China Studies, April 22, 2022, https://www.merics.org/en/short-analysis/how-china-lost-central-and-eastern-europe.
12    Stuart Lau, “New Czech President Risks China’s Rage with Call to Taiwanese Leader,” Politico, January 30, 2023, https://www.politico.eu/article/petr-pavel-czech-president-elect-taiwan-tsai-ing-wen-china-military/.
13    Sophia Barkoff, “CIA Confirms Possibility of Chinese Lethal Aid to Russia,” CBS News, February 25, 2023, https://www.cbsnews.com/news/cia-director-bill-burns-china-russia-lethal-aid/.
14    Milda Seputyte and Ott Tammik, “Latvia, Estonia Join Lithuania in Abandoning Eastern Europe-China Cooperation,” Bloomberg, August 11, 2022, https://www.bloomberg.com/news/articles/2022-08-11/baltic-states-abandon-eastern-european-cooperation-with-china?leadSource=uverify%20wall; Sarah Marsh and Andreas Rinke, “Germany Could Ban China’s Huawei, ZTE from Parts of 5G Networks—Source,” Reuters, March 7, 2023, https://www.reuters.com/technology/germany-set-ban-chinas-huawei-zte-parts-5g-networks-source-2023-03-07.
15    Speech by the President on EU-China Relations,” European Commission, March 30, 2023, https://ec.europa.eu/commission/presscorner/detail/en/speech_23_2063; Stuart Lau, “EU’s von Der Leyen Calls for Tougher Policy on China Ahead of Beijing Visit,” Politico, March 30, 2023, https://www.politico.eu/article/eus-ursula-von-der-leyen-xi-jinping-calls-for-tougher-policy-on-china-ahead-of-beijing-visit.
16    Jonathan Masters and Will Merrow, “How Much Aid Has the U.S. Sent Ukraine? Here Are Six Charts,” Council on Foreign Relations, February 22, 2023, https://www.cfr.org/article/how-much-aid-has-us-sent-ukraine-here-are-six-charts; Kinsey Lindstrom, “Army Celebrates Production of 50,000th GMLRS Rocket and Its Continued Evolution,” Defense Visual Information Distribution Service, January 12, 2021, https://www.dvidshub.net/news/386831/army-celebrates-production-50000th-gmlrs-rocket-and-its-continued-evolution.
17    Kara Scannell, et al., “Donald Trump Indicted by Manhattan Grand Jury on More than 30 Counts Related to Business Fraud,” CNN, March 30, 2023, https://edition.cnn.com/2023/03/30/politics/donald-trump-indictment/index.html.
18    Ellen Nakashima, “Taiwan Frustrated by Weapons Delays, Key Lawmaker Finds in Stealth Visit,” Washington Post, February 22, 2023, https://www.washingtonpost.com/national-security/2023/02/22/taiwan-weapons-china-gallagher.
19    “China’s Position on the Political Settlement of the Ukraine Crisis,” Ministry of Foreign Affairs of the People’s Republic of China, February 24, 2023, https://www.fmprc.gov.cn/mfa_eng/zxxx_662805/202302/t20230224_11030713.html.
20    “CHIPS and Science Act Will Lower Costs, Create Jobs, Strengthen Supply Chains, and Counter China,” White House, August 9, 2022, https://www.whitehouse.gov/briefing-room/statements-releases/2022/08/09/fact-sheet-chips-and-science-act-will-lower-costs-create-jobs-strengthen-supply-chains-and-counter-china.
21    “2022 National Defense Strategy,” US Department of Defense, October 27, 2022, https://media.defense.gov/2022/Oct/27/2003103845/-1/-1/1/2022-NATIONAL-DEFENSE-STRATEGY-NPR-MDR.PDF.
22    Julian E. Barnes and Adam Entous, “The U.S. Intelligence Playbook to Expose Russia’s Ukraine War Plans,” New York Times, February 23, 2023, https://www.nytimes.com/2023/02/23/us/politics/intelligence-russia-us-ukraine-china.html.
23    Hope Yen, “CIA Chief: China Has Some Doubt on Ability to Invade Taiwan,” Associated Press, February 26, 2023, https://apnews.com/article/russia-ukraine-taiwan-politics-united-states-government-eaf869eb617c6c356b2708607ed15759.
24    Nahal Toosi and Lara Seligman, “The U.S. Overestimated Russia’s Military Might. Is It Underestimating China’s?” Politico, June 15, 2022, https://www.politico.com/news/2022/06/15/china-military-00039786.
25    Keir Giles, “Russia’s Nuclear Blackmail Is a Spectacular Success for Putin,” CNN, March 29, 2023, https://www.cnn.com/2023/03/29/opinions/russia-putin-nuclear-blackmail-belarus-giles/index.html.
26    Harlan Ullman, “Self-Deterrence Does Not Work,” Hill, March 14, 2022, https://thehill.com/opinion/national-security/597985-self-deterrence-does-not-work.
27    Wilhelmine Preussen, “NATO Membership for Ukraine Would Have Prevented War, Says Finland’s PM,” Politico,  January 17, 2023, https://www.politico.eu/article/nato-membership-ukraine-would-have-prevented-russia-war-finland-sanna-marin-prime-minister-says.
28    Gunter Schubert, “Is Taiwanese Society Ready to Face a Belligerent China?” CommonWealth Magazine, June 9, 2021, https://english.cw.com.tw/article/article.action?id=3007.
29    Isabel Muttreja and Bernhard Blumenau, “How Russia’s Invasion Changed German Foreign Policy,” Chatham House, November 18, 2022, https://www.chathamhouse.org/2022/11/how-russias-invasion-changed-german-foreign-policy; Sylvie Kauffmann, “There Are Too Many Russian Skeletons in France’s Closets,” Le Monde, February 8, 2023, https://www.lemonde.fr/en/opinion/article/2023/02/08/there-are-too-many-russian-skeletons-in-france-s-closets_6014938_23.html; “Russia-Friendly Austria Breaks with Its Neutrality: ‘Enough Is Enough,’” Vindobona, March 2, 2022, https://www.vindobona.org/article/russia-friendly-austria-breaks-with-its-neutrality-enough-is-enough.
30    Kristin Haugevik Øyvind Svendsen, “More Alignment in Nordic States’ Security and Defence Policies,” Norsk Utenrikspolitisk Institutt, December 8, 2021, https://www.nupi.no/en/news/more-alignment-in-nordic-states-security-and-defence-policies; Sinéad Baker, “After Years of Being Ignored, the Countries That Know Putin’s Russia the Best Have Been Proved Totally Right,” Business Insider, October 8, 2022, https://www.businessinsider.com/countries-that-warned-about-russia-have-been-vindicated-2022-9; David Hutt, “Central and Eastern Europe Want More Security Clout. Will Increased Spending Be Enough?” Euronews, February 14, 2023, https://www.euronews.com/my-europe/2023/02/14/central-and-eastern-europe-want-more-security-clout-will-increased-spending-be-enough.
31    Teri Schultz, “In Defense, Finland Prepares for Everything,” Deutsche Welle, October 4, 2017, https://www.dw.com/en/finland-wins-admirers-with-all-inclusive-approach-to-defense/a-40806163.
32    Max Bergmann, Ilke Toygür, and Otto Svendsen, “A Continent Forged in Crisis: Assessing Europe One Year into the War,” Center for Strategic and International Studies, February 26, 2023, https://www.csis.org/analysis/continent-forged-crisis-assessing-europe-one-year-war.
33    “EU Agrees 2-Billion-Euro Ammunition Plan for Ukraine,” France24, March 20, 2023, https://www.france24.com/en/live-news/20230320-eu-hammers-out-2-bn-euro-ammunition-plan-for-ukraine.
34    “Policy Statement by Olaf Scholz, Chancellor of the Federal Republic of Germany and Member of the German Bundestag, 27 February 2022 in Berlin,” Bundesregierung, February 27, 2022, https://www.bundesregierung.de/breg-en/news/policy-statement-by-olaf-scholz-chancellor-of-the-federal-republic-of-germany-and-member-of-the-german-bundestag-27-february-2022-in-berlin-2008378.
35    Lucas Robinson, “Germany’s Identity Crisis: European Security After Russia’s Invasion of Ukraine,” EGF, April 7, 2022, https://egfound.org/2022/04/germanys-identity-crisis-european-security-after-russias-invasion-of-ukraine; Piotr Buras, “East Side Story: Poland’s New Role in the European Union,” European Council on Foreign Relations, February 16, 2023, https://ecfr.eu/article/east-side-story-polands-new-role-in-the-european-union.
36    Stuart Lau, “You Ain’t No Middleman: EU and NATO Slam China’s Bid to Be a Ukraine Peacemaker,” Politico, February 24, 2023, https://www.politico.eu/article/ukraine-war-russia-china-negotiations-diplomacy-nato-europe-diplomacy-peacemaker.
37    “China’s Position on the Political Settlement of the Ukraine Crisis.”
38    Josep Borrell, “The EU Needs a Strategic Approach for the Indo-Pacific,” Delegation of the European Union to the United States of America, March 12, 2021, https://www.eeas.europa.eu/eeas/eu-needs-strategic-approach-indo-pacific_en?s=253.
39    Chun Han Wong and Chao Deng, “China’s ‘Wolf Warrior’ Diplomats Are Ready to Fight,” Wall Street Journal, May 19, 2020, https://www.wsj.com/articles/chinas-wolf-warrior-diplomats-are-ready-to-fight-11589896722; Matthew Reynolds and Matthew P. Goodman, “China’s Economic Coercion: Lessons from Lithuania,” Center for Strategic and International Studies, May 6, 2022, https://www.csis.org/analysis/chinas-economic-coercion-lessons-lithuania.
40    “China in the World,” Munich Security Conference, last visited April 12, 2023, https://securityconference.org/en/msc-2023/agenda/event/china-in-the-world.
41    “Taiwan Strait Crisis: Implications for Europe,” Central European Institute of Asian Studies, October 2, 2022, https://ceias.eu/taiwan-strait-crisis-implications-for-europe.
42    Anniki Mikelsaar, “Taiwan and Europe—Far Away, Not Worlds Apart,” International Centre for Defence and Security, August 16, 2022, https://icds.ee/en/taiwan-and-europe-far-away-not-worlds-apart.
43    Nicolas Camut, “Macron’s China remarks are a ‘disaster’ for Europe, EU conservative leader says,” Politico, April 17, 2023,  https://www.politico.eu/article/macrons-china-remarks-disaster-for-europe-eu-conservative-leader-says-us-manfred-weber-italian-daily-corriere-della-sera/; Philip Oltermann, “German foreign minister warns of ‘horror scenario’ in Taiwan strait,” The Guardian, April 14, 2023,  https://www.theguardian.com/world/2023/apr/14/germany-annalena-baerbock-warns-horror-scenario-taiwan-strait-china.
44    Fraser Cameron, “EU Strategic Autonomy—A Perennial Pipe Dream?” European Policy Centre, January 27, 2022, https://www.epc.eu/en/publications/EU-strategic-autonomy-A-perennial-pipe-dream~4565a0.
45    Mary Ilyushina, Robyn Dixon, and Niha Masih, “Putin Says Russia Will Suspend Participation in New START Nuclear Treaty,” Washington Post, February 21, 2023, https://www.washingtonpost.com/world/2023/02/21/putin-speech-ukraine-state-of-nation; “2022 China Military Power Report,” US Department of Defense, 2002, https://media.defense.gov/2022/Nov/29/2003122279/-1/-1/1/2022-MILITARY-AND-SECURITY-DEVELOPMENTS-INVOLVING-THE-PEOPLES-REPUBLIC-OF-CHINA.PDF.
46    Max Bergmann and Sophia Besch, “Why European Defense Still Depends on America,” Foreign Affairs, March 7, 2023, https://www.foreignaffairs.com/ukraine/why-european-defense-still-depends-america.
47    Greg Torode and Yew Lun Tian, “Risks Mount from China Drills near Taiwan during Pelosi Visit—Analysts,” Reuters, August 3, 2022, https://www.reuters.com/world/china/risks-mount-china-drills-near-taiwan-during-pelosi-visit-analysts-2022-08-03.
48    “INDOPACOM Report: ‘PRC-Russia Cooperation—Spotlighting PRC’s Continued Support to Russia Despite Legal Commitments to Ukraine,’” Andrew S. Erickson (blog), February 25, 2023, https://www.andrewerickson.com/2023/02/indopacom-report-prc-russia-cooperation-spotlighting-prcs-continued-support-to-russia-despite-legal-commitments-to-ukraine; “中华人民共和国和乌克兰友好合作条约[PRC-Ukraine Treaty of Friendship & Cooperation]”, People’s Republic of China Treaty Database, Dec. 5, 2013, http://treaty.mfa.gov.cn/tykfiles/20180718/1531877012440.pdf.
49    Simone McCarthy, “With Zelensky call, Xi Jinping steps up bid to broker peace – but does he have a plan?” CNN, April 27, 2023, https://www.cnn.com/2023/04/27/china/china-ukraine-xi-jinping-zelensky-call-analysis-intl-hnk/index.html.
50    “2013 PRC-Ukraine Treaty of Friendship & Cooperation/Joint Communiqué: Russian, Ukrainian & Chinese Documents, Context, Timeline,” Andrew S. Erickson (blog), August 21, 2022,https://www.andrewerickson.com/2022/08/2013-prc-ukraine-treaty-of-friendship-cooperation-joint-communique-russian-ukrainian-chinese-documents-context-timeline.
51    Kofman, “The Emperors League.”

The post US-China lessons from Ukraine: Fueling more dangerous Taiwan tensions appeared first on Atlantic Council.

]]>
Webster quoted in the Wall Street Journal on Chinese exports of armored trucks to Russia https://www.atlanticcouncil.org/insight-impact/in-the-news/webster-quoted-in-the-wall-street-journal-on-chinese-exports-of-armored-trucks-to-russia/ Fri, 09 Jun 2023 20:00:40 +0000 https://www.atlanticcouncil.org/?p=671968 The post Webster quoted in the Wall Street Journal on Chinese exports of armored trucks to Russia appeared first on Atlantic Council.

]]>

The post Webster quoted in the Wall Street Journal on Chinese exports of armored trucks to Russia appeared first on Atlantic Council.

]]>
Ukraine’s summer counteroffensive will aim to keep the Russians guessing https://www.atlanticcouncil.org/blogs/ukrainealert/ukraines-summer-counteroffensive-will-aim-to-keep-the-russians-guessing/ Wed, 07 Jun 2023 21:00:33 +0000 https://www.atlanticcouncil.org/?p=653160 Speculation is mounting that Ukraine's hotly anticipated summer counteroffensive may be underway but initial stages are likely to feature probes and diversionary attacks rather than a big push, writes Peter Dickinson.

The post Ukraine’s summer counteroffensive will aim to keep the Russians guessing appeared first on Atlantic Council.

]]>
Is Ukraine’s hotly anticipated counteroffensive finally underway? That is the question dominating much of the international media this week following reports from both the Ukrainian and Russian sides of a significant upswing in activity along the front lines in southern and eastern Ukraine.

This speculation is understandable; after all, expectations have been mounting since early 2023 over an offensive that is being widely billed as a potential turning point in the sixteen-month war. It may be more helpful, however, to view Ukraine’s counteroffensive as a rolling series of local probes and thrusts rather than a single big push to penetrate Russian defenses and secure a decisive breakthrough.

Talk of a coming Ukrainian counteroffensive began following the liberation of Kherson from Russian occupation in late 2022. In the six months since that last major military success, Ukraine has sent tens of thousands of fresh troops for training in NATO countries and received unprecedented amounts of Western military aid including modern battle tanks, cruise missiles, armored personnel carriers, and enhanced air defense systems. With these newly trained and equipped formations now believed to be largely in position, observers have been watching for indications that the offensive is indeed underway. Ukrainian President Volodymyr Zelenskyy added to the sense of anticipation by declaring in a June 3 interview with the Wall Street Journal: “We are ready” for the counteroffensive.

Anyone expecting to witness major battles is set to be disappointed, at least for the time being. While the long lines of opposing trenches and emphasis on artillery duels has led many to compare the fighting in Ukraine to the horrors of World War I, few expect the Ukrainian military to begin its counteroffensive by going “over the top” and attempting to smash through Russian lines with their newly formed brigades. Instead, Ukrainian commanders will likely seek to test Russian defenses at a number of locations along the length of the 1,000-kilometer front in a bid to stretch Vladimir Putin’s invasion force and identify weak points to exploit.

A series of recent cross-border incursions into the Russian Federation conducted by Ukrainian-backed Russian militias may be part of these efforts. While militarily insignificant in terms of size or territorial gains, the raids have proved a major personal embarrassment for Putin and could force Moscow to reduce its military presence in Ukraine in order to bolster the badly exposed home front.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

As they look to advance, Ukraine’s troops will face formidable obstacles. Russia has not sat idly by during the past half-year; it has created a defense in depth in anticipation of Ukraine’s coming attack that includes several lines of trenches and other fortifications.

Russia appears to have provided an indication of its resolve early on June 6 by blowing up the Kakhovka dam and power plant on the Dnipro River in southern Ukraine. While Moscow officially denies destroying the dam, initial analysis points to Russian responsibility. A June 7 New York Times article referencing engineering and munitions experts concluded that a deliberate explosion inside the Russian-controlled dam “most likely caused its collapse.” The ensuing ecological disaster has flooded the surrounding area, virtually ruling out a Ukrainian thrust across the river toward Crimea.

Moscow’s preparations for the Ukrainian counteroffensive certainly look impressive, but questions remain over the morale of Russian troops, with a steady stream of video addresses posted to social media in recent months indicating widespread demoralization among mobilized Russian soldiers complaining of poor conditions, suicidal tactics, and heavy losses. In contrast, Ukrainian morale is believed to be high, despite the large numbers of casualties incurred during intense fighting over the winter and spring months around the eastern Ukrainian city of Bakhmut.

Crucially, Ukraine’s troops are defending their homes and have a clear vision of what they are fighting for, while Russia has struggled to articulate its war aims or define what a potential victory could look like. In the heat of the coming summer counteroffensive, this morale factor could play a critical role.

Most commentators agree that the primary military objective of Ukraine’s summer counteroffensive is to cut the land bridge running across southern Ukraine that connects Russia itself and the occupied Donbas region with the Crimean peninsula. If this is achieved, it would isolate large numbers of Russian troops in Crimea and south Ukraine while dealing a painful blow to Russian prestige.

Ultimately, Ukraine’s stated goal remains the liberation of Crimea itself, which has been under Russian occupation since 2014. A successful advance toward Crimea would leave the peninsula exposed to Ukrainian airstrikes and could spark a political crisis inside Russia. The military failures of the past sixteen months have already led to significant infighting among different elements within the Russian establishment; if Crimea itself is threatened, the international community must brace for a major escalation in Putin’s nuclear threats as he attempts to ward off what would be a catastrophic defeat.

Many believe a showdown over the fate of Crimea will serve as the end game of the entire war. But before we approach that point, Ukraine must first deploy its fresh forces effectively and overcome Russia’s deeply entrenched army on the mainland. This will involve much maneuvering and diversionary attacks before any major advances are attempted.

Ukraine’s successful 2022 campaigns may offer the best indication of what to expect from the summer counteroffensive. In August 2022, Ukrainian officials loudly trumpeted a counteroffensive in the south to retake Kherson. When Russia duly dispatched many of its best units to meet the expected Ukrainian attack, Ukraine struck instead in the thinly defended east and liberated most of the Kharkiv region. With Russia still reeling from this defeat and scrambling to hold the line, the Ukrainian military then renewed its southern offensive and forced Russia to abandon Kherson.

This masterclass in the art of military deception rightfully won Ukraine considerable plaudits. Ukrainian commanders will be looking to spring some similar surprises in the months ahead. Their stated goal is the complete liberation of Ukrainian territory, but they will aim to keep the Russians guessing as to exactly how they plan to achieve this.

Peter Dickinson is the editor of the Atlantic Council’s UkraineAlert service.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.

Follow us on social media
and support our work

The post Ukraine’s summer counteroffensive will aim to keep the Russians guessing appeared first on Atlantic Council.

]]>
The 5×5—Cross-community perspectives on cyber threat intelligence and policy https://www.atlanticcouncil.org/content-series/the-5x5/the-5x5-cross-community-perspectives-on-cyber-threat-intelligence-and-policy/ Tue, 30 May 2023 04:01:00 +0000 https://www.atlanticcouncil.org/?p=649392 Individuals with experience from the worlds of cyber threat intelligence and cyber policy share their insights and career advice.

The post The 5×5—Cross-community perspectives on cyber threat intelligence and policy appeared first on Atlantic Council.

]]>
This article is part of The 5×5, a monthly series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the 5×5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at SHandler@atlanticcouncil.org.

A core objective of the Atlantic Council’s Cyber Statecraft Initiative is to shape policy in order to better secure users of technology by bringing together stakeholders from across disciplines. Cybersecurity is strengthened by ongoing collaboration and dialogue between policymakers and practitioners, including cyber threat intelligence analysts. Translating the skills, products, and values of these communities between each other can be challenging but there is prospective benefit, as it helps drive intelligence requirements and keeps policymakers abreast of the latest developments and realities regarding threats. For younger professionals, jumping from one community to another can appear to be a daunting challenge.

We brought together five individuals with experience from both the worlds of cyber threat intelligence and cyber policy to share their experiences, perspectives on the dynamics between the two communities, and advice to those interested in transitioning back and forth.

#1 What’s one bad piece of advice you hear for threat intelligence professionals interested in making a transition to working in cyber policy?

Winnona DeSombre Bernsen, nonresident fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council

“I have not heard bad pieces of advice specifically geared toward threat intelligence professionals, but I was told by someone once that if I wanted to break into policy, I could not focus on cyber. This is mostly untrue: the number of cyber policy jobs in both the public and the private sectors are growing rapidly, because so many policy problems touch cybersecurity. Defense acquisition? Water safety? Civil Rights? China policy? All of these issues (and many more!) touch upon cybersecurity in some way. However, cyber cannot be your only focus! As most threat intelligence professionals know, cybersecurity does not operate in a vacuum. A company’s security protocols are only as good as the least aware employee, and a nation-state’s targets in cyberspace usually are chosen to further geopolitical goals. Understanding the issues that are adjacent to cyber in a way that creates sound policy is important when making the transition.” 

Sherry Huang, program fellow, Cyber Initiative and Special Projects, William and Flora Hewlett Foundation

“I would not count this as advice, but the emphasis on getting cybersecurity certifications that is persistent in the cyber threat intelligence community is not directly helpful to working in the cyber policy space. Having technical knowledge and skills is always a plus, but in my view, having the ability to translate between policymakers and technical experts is even more valuable in the cyber policy space, and there is not a certification for that.” 

Katie Nickels, nonresident senior fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council; director of intelligence, Red Canary

“I think there is a misconception that to work in cyber policy, you need to have spent time on Capitol Hill or at a think tank. I have found that to be untrue, and I think that misconception might make cybersecurity practitioners hesitant to weigh in on policy matters. The way I think of it is that cyber policy is the convergence of two fields: cybersecurity and policymaking. Whichever field is your primary one, you will have to learn about the other. Practitioners can absolutely learn about policy.” 

Christopher Porter, nonresident senior fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council

“When intelligence professionals think about policy work, they often experience a feeling of personal control—‘now I get to make the decisions!’ So there is a temptation to start applying your own pet theories or desired policy outcomes and start working on persuasion. That is part of it, but in reality policymaking looks a lot like intelligence work in one key aspect—it is still a team sport. You have to have buy-in from a lot of stakeholders, many of whom will have different perspectives or intellectual approaches to the same problem. Even if you share the same goal, they may have very different tools. So just as intelligence is a team sport, policymaking is too. That is a reality that is not reflected in a lot of academic preparation, which emphasizes theoretical rather than practical policymaking.” 

Robert Sheldon, director of public policy & strategy, Crowdstrike

“I sometimes hear people treating technical career paths and policy career paths as binary–and I do not think that is the direction that we are headed as a community. People currently working in technical cybersecurity disciplines, including threat intelligence, should consider gaining exposure to policy work without fully transitioning and leaving their technical pursuits behind. This is a straightforward way to make ongoing, relevant contributions to a crowded cyber policy discourse.”

#2 What about working in threat intelligence best prepared you for a career in cyber policy, or vice versa?

Desombre Bernsen: “Threat intelligence gave me two key skills: the first is the ability to analyze a large-scale problem. Just like threat intelligence analysts, cyber policymakers must look through large systems to find chokepoints and potential vulnerabilities, while also making sure that the analytic judgments one makes about the system are sound. This skill enables one to craft recommendations that best fit the problem. The second skill is the ability to tailor briefings to different principal decisionmakers. Threat intelligence is consumed by network defenders and C-suite executives alike, so understanding at what level you are briefing is key. A chief information security officer does not care about implementing YARA rules, just like a network defender does not want their time wasted with a recommendation on altering their company-wide phishing policies. Being able to figure out what the principal cares about, and to tailor recommendations to the audience best able to action on them is applicable to the cyber policy field as well. When briefing a company or government agency, knowing their risk tolerance and organization mission, for example, helps tailor the briefing to help them understand what they can do about the problem.” 

Huang: “Being a cyber threat intelligence analyst gave me exposure to a wide variety of issues that are top of mind for government and corporate clients. In a week, I could be writing about nation-state information operations, briefing clients on cybersecurity trends in a certain industry, and sorting through data dumps on dark web marketplaces. Knowing a bit about numerous cyber topics made it easier for me to identify interest areas that wanted to pursue in the cyber policy space and, more importantly, allows me to easily understand and interact with experts on different cyber policy issue areas, which is helpful in my current role.” 

Nickels: “The ability to communicate complex information in an accessible way is a skill I learned from my threat intelligence career that has translated well to policy work. Threat intelligence is all about informing decisions, so there are many overlaps with writing to inform policy.” 

Porter: “In Silicon Valley, it is typical to have a position like ‘chief solutions architect.’ I have spent most of my career in intelligence being the ‘chief problems architect.’ It is the nature of the job to look for threats, problems, and shortcomings. Policymakers have the inverse task—to imagine a better future and build it, even if that is not the path we are on currently. But still, I think policymakers need to keep in mind how their plans might fail or lead to unintended consequences. When it comes to cybersecurity, new policies almost never eliminate a threat, they only change its shape. Much like the end to Ghostbusters, you get to choose the kind of problem you are going to face, but not whether or not you face one. Anyone with a background in intelligence will be ready for that step, where you have to imagine second- and third-order implications beyond the first-order effect you are seeking to have.” 

Sheldon: “Working as an analyst early in my career taught me a lot about analytical methods and rigor, evidence quality, and constructing arguments. Each of these competencies apply directly to policy work.”

#3 What realities of working in the threat intelligence world do you believe are overlooked by the cyber policy community?

Desombre Bernsen: “The cyber policy community has not yet realized that threat intelligence researchers and parts of the security community themselves—similarly to high level cyber policy decisionmakers—are targets of cyberespionage and digital transnational repression. North Korea, Russia, China, and Iran have all targeted researchers and members of civil society in cyberspace. Famously, North Korea would infect Western vulnerability researchers, likely to steal capabilities. In addition, threat intelligence researchers lack the government protections many policymakers have. Researchers that publicly lambast US adversaries can be targeted and threatened online by state-backed trolls. Protections for these individuals are few and far between—CISA just this year rolled out a program for protecting civil society members targeted by transnational repression, so I hope it gets expanded soon.” 

Huang: “Most of the time, threat intelligence analysts (at least in the private sector) do not hear from clients after a report has gone out and do not have visibility into whether their analysis and recommendations are helpful or have real-world impact. Feedback, whether positive or constructive, can help analysts fine-tune their craft and improve future analysis.” 

Nickels: “I think the cyber policy community largely considers threat intelligence to be information to be shared about breaches, often in the form of indicators like IP addresses. While that can be one aspect of it, they may not recognize that threat intelligence analysts consider much more than that. Broadly, threat intelligence is about using an understanding of how cyber threats work to make decisions. Under that broad definition, cyber policymakers have a significant need for threat intelligence—if policymakers do not know how the threats operate, they cannot determine how to create policies to help organizations better protect against them.” 

Porter: “There are aspects of the work—such as attribution—that are more reliable and not as difficult as imagined. Conversely, there are critical functions, like putting together good trends data or linking together multiple different pieces of evidence, that can be very difficult and time-intensive but seem simple to those outside the profession. So there is always a little bit of education that needs to take place before getting into a substantive back-and-forth, where the cyber intelligence community needs to explain a little bit about how they are doing their work, and the strengths and limitations of that so that everyone has the same assumptions and understands one another’s perspective.” 

Sheldon: “The policy community sometimes lacks understanding of the sources and methods that threat intelligence practitioners leverage in their analysis. This informs the overall quality of their work, the skill needed to produce it, timeliness, extensibility, the possibility for sharing, and so on. All of these are good reasons for the two communities to talk more about how they do their work.”

More from the Cyber Statecraft Initiative:

#4 What is the biggest change in writing for a threat intelligence audience vs. policymakers? 

Desombre Bernsen: “The scope is much broader. Threats to a corporate system are confined largely to the corporate system itself, but the world of geopolitics has far more players and many more first- and second-order effects of the policies you recommend.” 

Huang: “Not having to be as diligent about confidence levels! Jokes aside, it is similar in that being precise in wording and being brief and to the point are appreciated by both audiences. However, I do find that a policy audience often cares more about the forward-looking aspect and the ‘so what?’” 

Nickels: “The biggest difference is that when writing for policymakers, you are expected to express your opinion! As part of traditional intelligence doctrine, threat intelligence analysts avoid injecting personal opinions into their assessments and try to minimize the effects of their cognitive biases. Intelligence analysts might write about potential outcomes of a decision, but should not weigh in on which decision should be made. However, policymakers want to hear what you recommend. It can feel freeing to be able to share opinions, and it remains valuable to try to hedge against cognitive biases because it allows for sounder policy recommendations.” 

Porter: “Threat intelligence professionals are going to be very interested in how the work gets done, as the culture—to some degree—borrows from academic work, in terms of rewarding reproducibility of results and sharing of information. But, strictly speaking, policymakers do not care about that. Their job is to link the findings in those reports to the broader strategic context. One really only need to show enough of how the intelligence work was done to give the policymaker confidence and help them use the intelligence appropriately without understating or overstating the case. The result is that for policy audiences you end up starting from the end of the story—instead of a blog post or white paper building up to a firm conclusion, you talk about the conclusion and, depending on the level of technical understanding and skepticism on the part of the policymaker, may or may not get into the story of how things were pieced together at all.” 

Sheldon: “Good writing in both disciplines has much in common. Each should be concise, include assertions and evidence, provide context, and make unknowns clear. But there are perhaps fewer ‘product types’ relevant to core threat intelligence consumers and, in some settings, analysts can assume some fundamental knowledge base among their audience.” 

#5 Where is one opportunity to work on policy while still in industry that most people miss?

Desombre Bernsen: “You absolutely can work on policy issues while working in threat intelligence! I cannot just choose one, but I highly recommend searching for non-resident fellowship programs in think tanks (ECCRI, Atlantic Council, etc.), speaking at conferences on threat trends and their policy implications, and doing more policy through corporate threat wargaming internally.” 

Huang: “Volunteering at conferences that involve the cyber policy community, such as Policy@DEF CON and IGF-USA. These are great opportunities to support policy-focused discussions and to have deeper interactions with peers in the cyber policy space.” 

Nickels: “In the United States, one commonly missed opportunity is to reach out to elected representatives with opinions on cybersecurity legislation. Cybersecurity practitioners can also be on the lookout for opportunities to provide comments that help shape proposed regulations affecting the industry. For example, the Commerce Department invited public comments to proposed changes to the Wassenaar Arrangement around export controls of security software, and cybersecurity practitioners weighed in on how they felt the changes would influence tool development.” 

Porter: “That will vary greatly from company to company; almost universally though, you will have the opportunity to help your colleagues and future generations by providing mentorship and career development opportunities. Personnel is policy, so in addition to thinking about particular policies you might want to shape, think also about how you can shape the overall policymaking process by helping others make the most of their talents. It will take years, but, in the long run, those are the kinds of changes that are most lasting.” 

Sheldon: “Regardless of your current role, you can read almost everything relevant to the policy discourse. National strategies, executive orders, bills, commission and think tank reports, and so on are all publicly available. Unfortunately, many in the policy community are only skimming, but reading these sources deeply and internalizing them is a great basis to distinguish yourself in a policy discussion. Also, there are more opportunities than ever to read and respond to Requests for Comment from the National Institute of Standards and Technology and other government agencies, and these frequently include very technical questions.”

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

The post The 5×5—Cross-community perspectives on cyber threat intelligence and policy appeared first on Atlantic Council.

]]>
Russian War Report: Russia fires barrage at Kyiv while UK promises ‘kamikaze’ drones https://www.atlanticcouncil.org/blogs/new-atlanticist/russian-war-report-russia-fires-barrage-at-kyiv-while-uk-promises-kamikaze-drones/ Fri, 19 May 2023 11:00:00 +0000 https://www.atlanticcouncil.org/?p=647090 A series of Russian missile strikes directed at Kyiv were largely intercepted while the UK promises hundreds of drones. In Poland, a missile "cover up" controversy.

The post Russian War Report: Russia fires barrage at Kyiv while UK promises ‘kamikaze’ drones appeared first on Atlantic Council.

]]>
As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report. 

Security

New barrage of missiles targets Ukraine as UK promises hundreds of ‘kamikaze’ drones

Russian missile from December found in Polish forest sparks ‘cover-up’ controversy

Another barrage of missiles targets Ukraine as UK promises hundreds of ‘kamikaze’ drones

On May 16, Russian media reported that the Russian army had strengthened its positions in the Bakhmut area. According to Russian reports, four battalions have deployed around Bakhmut to prevent Ukrainian advances. The Russian Ministry of Defense said that its forces are focused on repelling Ukrainian counterattacks. Ukraine’s Deputy Defense Minister Hanna Maliar said on May 15 that Russian forces are deploying additional airborne forces to defend their flanks in Bakhmut. Russian forces appear to have made limited gains within Bakhmut.  

Another wave of Russian attacks targeted Ukraine with missiles and drones. The General Staff of the Ukrainian Armed Forces reported that, in the early hours of May 16, Russia launched six Kh-47 Kinzhal missiles from six MiG-31K aircraft at Kyiv, in addition to nine Kalibr missiles and ten S-400 and Iskander-M missiles that targeted other areas. Ukraine said its air defenses shot down most of the missiles, including six Kinzhal missiles and nine drones, of which six were Iranian-made Shahed-131/136s drones. The Russian defense ministry claimed—and US officials later confirmed—that one of the Kinzhal missiles struck a Patriot missile defense system in Kyiv. A US official told CNN that the US-made Patriot system likely suffered damage but was not destroyed. 

Elsewhere, the dam connected to the Russian-controlled Kakhovka hydroelectric power plant appears to be gushing water. A video taken on May 11 appears to show powerful streams of water flowing through the dam, which sits across the Dnipro River. The Ukrainian Center for Journalistic Investigations reported that the damage to the dam was caused by Russia. The report also cited Russian Telegram channels that claimed Russian positions were flooded and that a soldier had died as a result.  

Meanwhile, allied military aid continues to flow into Ukraine, albeit at a slower pace. On May 15, the United Kingdom said it would send Ukraine hundreds of custom-built ‘kamikaze’ drones. According to The Telegraph, the drones will have a range of more than 200 kilometers, comparable to an artillery shell. Their delivery to Ukraine is expected in the coming months.  

The German company Hensoldt said it will deliver six more TRML-4D radars compatible with the IRIS-T air defense system to Ukraine. These radars were introduced in 2018 and can detect and track up to 1,500 aerial targets at a distance of ten meters up to 250 kilometers, with an altitude reaching thirty kilometers. The radars can be used for detecting inconspicuous targets, such as hovering helicopters or low-flying cruise missiles. The combined value of the radar stations is €100 million ($108 million). Currently, Ukraine has only four TRML-4D radar systems. 

In addition, Ukraine joined the NATO Cooperative Cyber Defense Centre of Excellence on May 16, with the Ukrainian flag raised near the center’s headquarters, in Tallinn, Estonia. The center comprises thirty-one nations who exchange information, conduct research and specialist training, and undergo cyber military exercises.

Ruslan Trad, resident fellow for security research, Sofia, Bulgaria 

Russian missile from December found in Polish forest sparks ‘cover-up’ controversy

On May 10, Polish broadcaster RMF reported on preliminary findings from the Polish Air Force Institute of Technology, which found that, on December 16, 2022, a Russian KH-55 cruise missile landed in Polish territory. The missile was not discovered until April 27, 2023, when a woman came across the remains of an air-to-surface missile while riding a horse through a forest. The Russian rocket reportedly flew 300 kilometers into Polish airspace before landing in a forest in Zamość, near the northern city of Bydgoszcz, 265 kilometers northwest of Warsaw. The missile was reportedly launched from a Russian plane flying over Belarusian territory. On December 16, 2022, Russian forces fired at least seventy-six missiles toward Ukraine.  

The delayed discovery of the missile has sparked discussions about whether the Polish government tried to cover up the incident. Ukraine reportedly informed Polish armed forces on December 16 that an object, which could be a missile, was approaching Polish air space. Polish radars also spotted an unspecified object but later lost track of it near Bydgoszcz. Polish Armed Forces Operational Command reportedly initiated an immediate search, but according to Polish media outlet Onet citing high-ranking unnamed sources, the Ministry of Defense decided to halt the search after attempts to find the object were unsuccessful. RMF reported that the armed forces did not notify the prosecutor’s office about the airspace violation, meaning the investigation was not launched until months after the missile landed on Polish territory. Prime Minister Mateusz Morawiecki and President Andrzej Duda also claimed that they were not immediately notified about the incident and only learned of it in April 2023.  

On May 11, Defense Minister Mariusz Blaszczak claimed that Operational Commander of the Polish Armed Forces Tomasz Piotrowski had “failed to carry out his duties by not informing me about the object that appeared in Polish airspace, nor informing the Government Centre for Security and other services associated with the procedures.” Blaszczak also claimed that Piotrowski had “failed to launch a sufficient search for the object.” However, Chief of General Staff of the Polish Armed Forces Rajmund Andrzejczak argued on May 11 that he immediately informed his superiors about the incident, in accordance with standard procedure. Poland’s TVN24 reported that, on December 19, Blaszczak met with Piotrowski and Andrzejczak at a Christmas event for Polish soldiers.  

Donald Tusk, leader of the main opposition Civic Platform party, demanded Blaszczak’s resignation, accusing him of hiding “behind Polish generals.”

Givi Gigitashvili, research associate, Warsaw, Poland

The post Russian War Report: Russia fires barrage at Kyiv while UK promises ‘kamikaze’ drones appeared first on Atlantic Council.

]]>
Russian War Report: Russia wages an invisible war with radar waves and Russian music across borders https://www.atlanticcouncil.org/blogs/new-atlanticist/russian-war-report-russia-wages-invisible-war-with-radar-waves/ Fri, 12 May 2023 19:06:30 +0000 https://www.atlanticcouncil.org/?p=645296 Russian surveillance has increased on Ukraine's border. Meanwhile a museum in Estonia hung a large poster depicting Putin as a war criminal.

The post Russian War Report: Russia wages an invisible war with radar waves and Russian music across borders appeared first on Atlantic Council.

]]>
As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report. 

Security

Interference on satellite imagery suggests Russia is increasing its means to surveil border activity

Zelenskyy says Ukraine preparing for “new events” as Transnistrian official asks for increased Russian troop presence

Tracking narratives

Prigozhin accuses Russian defense ministry of creating “shell hunger” in Bakhmut

Russian city organizes Victory concert on riverbank facing Estonia

Interference on satellite imagery suggests Russia is increasing its means to surveil border activity

A May 6 satellite image caught by the Sentinel-1 satellite of the European Space Agency revealed an interference pattern that was recorded stretching 172 kilometers in north-eastern Ukraine. This pattern almost exactly covers the border between the Russian city of Belgorod and Kharkiv, Ukraine’s second most populous city. The interference was cast as a result of electromagnetic emissions caught within the 5Ghz range, also known as the NATO C-band. Open source researcher Brady Africk first reported the pattern. 

Radar interference captured along the Ukraine-Russia border. (Source: @Bradyafr/archive) 

The imagery shows several layers of pink straight lines, which are different from patterns usually observed by analysts. In a January 2023 edition of the Russian War Report, the DFRLab reported an interference pattern with bulkier interferences that was attributed to a potential anti-air defense missile system deployed in the Krasnodar Krai region. 

Additionally, similar patterns were recorded throughout April 2023. The DFRLab compiled imagery data from April 14 to April 21 that shows how Russia may have increased its deployment of military radars and anti-air defense systems in the region. The April 29 drone attack against an oil depot in Crimea also indicates that Russia could have been building up its defense systems in the southern occupied territories of Ukraine. 

A map based on the aggregated Sentinel-1 imagery over the Azov Sea showing several interference patterns. (Source: DFRLab via ESA Sentinel-1) 

The May 6 interference pattern resembles the one cast over mainland Crimea in April, suggesting similarity in the type of devices or equipment responsible for its emission. This assessment indicates that Russia could be transitioning towards further deployments of defense systems and military-class radar monitoring on its borders with Ukraine and in occupied territories.  

Valentin Châtelet, Research Associate, Security, Brussels, Belgium

Zelenskyy says Ukraine preparing for “new events” as Transnistrian official asks for increased Russian troop presence

The Russian army carried out a large-scale missile and drone strike over Ukrainian territory in the early hours of May 8. The General Staff of the Ukrainian Armed Forces reported on May 8 that Russian forces launched sixteen missiles at Kharkiv, Kherson, Mykolaiv, and Odesa, and that Ukrainian troops shot down all thirty-five launched Shahed drones. A drone appears to have hit a tall building in Kyiv, possibly after being shot down. There were also reports that falling debris caused other damage. The drone strike is one of the largest attacks on Kyiv since February 2022. 

Ukrainian President Volodymyr Zelenskyy announced on May 7 that Ukrainian forces are preparing for “new events” in May or June 2023, an indication that Ukrainian forces may be preparing to conduct counter-offensive operations. Ukrainian military sources said that Russian forces continue to transfer equipment, ammunition, and supplies to prepare for defensive operations. 

Footage from Bakhmut on May 5 shows the possible use of incendiary shells against the remaining areas held by the Ukrainian army. The footage suggests ammunition is available, despite Wagner’s Yevgeny Prigozhin claiming the group does not have enough ammunition in Bakhmut. 

Footage from Bakhmut on May 5 shows the possible use of incendiary shells against the remaining areas held by the Ukrainian army.

Meanwhile, the evacuation of civilians from Russian-occupied frontline towns in the Zaporizhzhia region has led to fuel shortages, problems with ATMs, and connectivity issues, according to Enerhodar Mayor Dmytro Orlov. He added that Russian forces have reportedly removed medical equipment from the city’s hospital, asked patients to evacuate, and closed several hospital wards.  

Elsewhere, conflicting reports are emerging from the Orikhiv region. The city is in north Zaporizhzhia Oblast, eight-five kilometers from Melitopol. On May 3, Russian media claimed that Ukrainian forces were trying to attack Orikhiv. On the same day, Vladimir Rogov, a member of the Zaporizhzhia occupation administration, told the media that the situation in the direction of Orikhiv was under control, adding that Ukraine’s army is conducting surveillance. The Zaporizhzhia region is critical to Russia because of its proximity to Melitopol. On May 9, Russian Telegram channels reported their belief that the Ukrainian army had completed preparations for a counter-offensive and that Orikhiv would be among the areas that would come under pressure. In addition, reports emerged that the Russian Volunteer Corps, fighting for Ukraine, is conducting attacks against Russian forces in Orikhiv. The Russian Volunteer Corps is a paramilitary unit that claimed responsibility for an attack in Russia’s Bryansk region in March 2023. The same unit published a video on May 9 claiming they are actively fighting against Russian forces in Orikhiv.  

The Russian government does not recognize that Russian actors are fighting on the side of Ukraine, shifting responsibility for the attacks to Ukrainian forces. The strengthening of such military units is a trend that likely causes concern within the Russian command structure. Moscow will likely continue to deny the participation of Russians in the battles against Russian forces. However, as Ukraine prepares a possible counter-offensive, the Russian command could use the presence of Russian volunteers as propaganda, creating a state of paranoia and suspicion to attack opposition groups within Russia. The video footage of the Russian Volunteer Corps received attention among Russian opposition groups, like Rospartizan, who on May 9 attacked the liberal opposition for not taking arms against the Russian government.  

Lastly, Leonid Manakov, Transnistria’s representative in Moscow, asked Russia to increase the number of Russian forces in Transnistria due to claims of “terrorist risks.” His request follows reports that Moldovan authorities detained members of the pro-Russian Shor party in April and May. US officials warned in March that individuals linked to Russian military intelligence were planning staged protests against the Moldovan government. Russia is unlikely to increase its military presence in Transnistria, especially when considering a possible Ukrainian counter-offensive. However, the risk of infiltrations and attempts to destabilize Moldova remains, including through disinformation and fear-mongering, which would serve Russia’s military goals in the Odesa region and western Ukraine.

Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria 

Prigozhin accuses Russian defense ministry of creating “shell hunger” in Bakhmut

In a press release published on May 6, Wagner financier Yevgeny Prigozhin revealed more details about the group’s ongoing dispute with the Russian Ministry of Defense (MoD). Prigozhin said that in October 2022, in cooperation with Sergei Surovikin, General of the Russian Armed Forces, Wagner launched “Operation Bakhmut Meat Grinder” to provoke Ukrainian President Volodymyr Zelenskyy into sending as many Ukrainian forces as possible to defend the city. Prigozhin argued that taking control of Bakhmut was not a key objective of the operation; rather, the primary goal was “grinding the units of the Armed Forces of Ukraine” to allow the Russian army respite to restore its combat capability. Prigozhin stated that Wagner killed about 50,000 Ukrainian soldiers in Bakhmut and prevented Ukraine’s counter-offensive.

The statement claimed that Wagner has successfully managed to occupy 1,500 square kilometers of Ukrainian land and seventy-one settlements, while the Russian MoD has suffered setbacks and defeats on the frontlines. Prigozhin purported that the Russian army faced a lack of control and discipline, was embroiled in mobilization scandals, and had supply problems. He asserted that to compensate for their failures and envy towards Wagner, the MoD took counter-actions against Wagner, prohibiting it from recruiting Russian prisoners as volunteers and reducing the supply of ammunition to 30 percent of the amount Wagner required, followed by a further decrease to 10 percent. Other measures reportedly taken by the Russian MoD included suspending issuing orders and medals to dead Wagner fighters, denying personnel transfers from Africa to Ukraine, and disabling special communication systems.

Prigozhin added that to impose a complete “shell blockade” on Wagner, the Russian MoD fired Colonel General Mikhail Mizintsev, who led the siege of Mariupol in 2022 and later became deputy ninister of defense overseeing logistics and supplies. After leaving the MoD, Mizintsev reportedly joined Wagner as a deputy commander. Prigozhin said that most of Wagner’s fighters and commanders left the Russian army to join Wagner because they had lost confidence in the MoD. Due to this, he ruled out the possibility of Wagner integrating into the MoD. 

After seven months of carrying out “Operation Bakhmut Meat Grinder,” Prigozhin concluded that Wagner has lost its combat potential. He claimed that between October 2022 and May 2023, Wagner received 38 percent of the ammunition requested from the MoD and 30 to 40 percent of the tanks, artillery, and armored vehicles required for combat missions. He added that Wagner currently has 30,000 soldiers on combat missions in Bakhmut, while Ukraine has around 35,000 troops in the area, and its numbers would need to be three times higher to achieve success. He suggested that “shell hunger” resulted in two-thirds of Wagner’s losses and killed “tens of thousands” of Russian soldiers.

Givi Gigitashvili, Research Associate, Warsaw, Poland

Russian city organizes Victory concert on riverbank facing Estonia

The Russian city of Ivangorod, separated by a small river from the Estonian city of Narva, organized a May 9 Victory Day concert for residents of Narva, a predominately Russian-speaking town with a large Russian population. This is the first time Ivangorod has organized a May 9 concert on the riverbank, opposite the Narva Museum. In response, the Narva Museum hung a large poster on the exterior of the building depicting Russian President Vladimir Putin with blood-like spatter over his face and the text “Putin War Criminal.” 

The decision to host the “large format” concert on the Narva riverbank for “Narva inhabitants to see” was made at the “federal level,” according to Aleksandr Sosnin, head of the Ivangorod administration, during an April 12 press conference.

Videos shared online show that scores of people gathered in Narva to listen to the concert. LenTV24, a pro-Kremlin regional infotainment YouTube channel, reported an altercation between a younger man carrying a Ukrainian flag–more than five hundred Ukrainian refugees reside in Narva–and an older man who attacked him. The altercation was captured on video and spread on Telegram and Facebook. Zhanna Ryabceva, a member of the Russian Duma, shared the video on Telegram. It was then shared approximately one thousand times, including by sixteen public Telegram groups and channels, according to Telegram monitoring tool TGStat. Later, the video, with a caption identical to the one used in Ryabceva’s post, was published by at least three Facebook accounts that identified as being based in Russia. One of the accounts, Ruslon Bely, was previously involved in amplifying a Secondary Infektion influence operation targeting Denmark with a forged letter that alleged Greenland was seeking independence and closer cooperation with the United States.

Nika Aleksejeva, Resident Fellow, Riga, Latvia

The post Russian War Report: Russia wages an invisible war with radar waves and Russian music across borders appeared first on Atlantic Council.

]]>
The 5×5—Cryptocurrency hacking’s geopolitical and cyber implications https://www.atlanticcouncil.org/content-series/the-5x5/the-5x5-cryptocurrency-hackings-geopolitical-and-cyber-implications/ Wed, 03 May 2023 04:01:00 +0000 https://www.atlanticcouncil.org/?p=641955 Experts explore the cybersecurity implications of cryptocurrencies, and how the United States and its allies should approach this challenge.

The post The 5×5—Cryptocurrency hacking’s geopolitical and cyber implications appeared first on Atlantic Council.

]]>
This article is part of The 5×5, a monthly series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the 5×5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at SHandler@atlanticcouncil.org.

In January 2023, a South Korean intelligence service and a team of US private investigators conducted an operation to interdict $100 million worth of stolen cryptocurrency before its hackers could successfully convert the haul into fiat currency. The operation was the culmination of a roughly seven-month hunt to trace and retrieve the funds, stolen in June 2022 from a US-based cryptocurrency company, Harmony. The Federal Bureau of Investigation (FBI) attributed the theft to a team of North Korean state-linked hackers—one in a string of massive cryptocurrency hauls aimed at funding the hermit kingdom’s illicit nuclear and missile programs. According to blockchain analysis firm Chainalysis, North Korean hackers stole roughly $1.7 billion worth of cryptocurrency in 2022—a large percentage of the approximately $3.8 billion stolen globally last year.

North Korea’s operations have brought attention to the risks surrounding cryptocurrencies and how state and non-state groups can leverage hacking operations against cryptocurrency wallets and exchanges to further their geopolitical objectives. We brought together a group of experts to explore cybersecurity implications of cryptocurrencies, and how the United States and its allies should approach this challenge.

#1 What are the cybersecurity risks of decentralized finance (DeFi) and cryptocurrencies? What are the cybersecurity risks to cryptocurrencies?

Eitan Danon, senior cybercrimes investigator, Chainalysis

Disclaimer: Any views and opinions expressed are the author’s alone and do not reflect the official position of Chainalysis. 

“DeFi is one of the cryptocurrency ecosystem’s fastest-growing areas, and DeFi protocols accounted for 82.1 percent of all cryptocurrency stolen (totaling $3.1 billion) by hackers in 2022. One important way to mitigate against this trend is for protocols to undergo code audits for smart contracts. This would prevent hackers from exploiting vulnerabilities in protocols’ underlying code, especially for cross-chain bridges, a popular target for hackers that allows users to move funds across blockchains. As far as the risk to cryptocurrencies, the decentralized nature of cryptocurrencies increases their security by making it extraordinarily difficult for a hostile actor to take control of permissionless, public blockchains. Transactions associated with illicit activity continue to represent a minute portion (0.24 percent) of the total crypto[currency] market. On a fundamental level, cryptocurrency is a technology—like data encryption, generative artificial intelligence, and advanced biometrics—and thus a double-edged sword.” 

Kimberly Donovan director, Economic Statecraft Initiative, and Ananya Kumar, associate director of digital currencies, GeoEconomics Center, Atlantic Council

“We encourage policymakers to think about cybersecurity vulnerabilities of crypto-assets and services in two ways. The first factor is the threat of cyberattacks for issuers, exchanges, custodians, or wherever user assets are pooled and stored. Major cryptocurrency exchanges like Binance and FTX have had serious security breaches, which has led to millions of dollars being stolen. The second factor to consider is the use of crypto-assets and crypto-services in money-laundering. Often, attackers use cryptocurrencies to receive payments due to the ability to hide or obfuscate financial trails, often seen in the case of ransomware attacks. Certain kinds of crypto-services such as DeFi mixers and aggregators allow for a greater degree of anonymity to launder money for criminals, who are interested in hiding money and moving it quickly across borders.” 

Giulia Fanti, assistant professor of electrical and computer engineering, Carnegie Mellon University

“The primary cybersecurity risks (and benefits) posed by DeFi and cryptocurrencies are related to lack of centralized control, which is inherent to blockchain technology and the philosophy underlying it. Without centralized control, it is very difficult to control how these technologies are used, including for nefarious purposes. Ransomware, for example, enables the flow of money to cybercriminial organizations. The primary cybersecurity risks to cryptocurrencies on the other hand can occur at many levels. Cryptocurrencies are built on various layers of technology, ranging from an underlying peer-to-peer network to a distributed consensus mechanism to the applications that run atop the blockchain. Attacks on cryptocurrencies can happen at any of these layers. The most widely documented attacks—and those with the most significant financial repercussions—are happening at the application layer, usually exploiting vulnerabilities in smart contract code (or in some cases, private code supporting cryptocurrency wallets) to steal funds.” 

Zara Perumal, chief technology officer, Overwatch Data

“Decentralized means no one person or institution is in control. It also means that no one person can easily step in to enforce. In cases like Glupteba, fraudulent servers or data listed on a blockchain can be hard to take down in comparison to cloud hosted servers where companies can intervene. Cybersecurity risks to cryptocurrencies include endpoint risk, since there is not a centralized party to handle returning accounts as the standard ways of credential theft is a risk to cryptocurrency users. There is a bigger risk in cases like crypto[currency] lending, where one wallet or owner holds a lot of keys and is a large target. In 2022, there were numerous high-profile protocol attacks, including the Wormhole, Ronin, and BitMart attacks. These attacks highlight the risks associated with fundamental protocol vulnerabilities via blockchain, smart contracts or user interface.”

#2 What organizations are most active and capable of cryptocurrency hacking and what, if any, geopolitical impact does this enable for them?

Danon: “North Korea- and Russia-based actors remain on the forefront of crypto[currency] crime. North Korea-linked hackers, such as those in the Lazarus Group cybercrime syndicate, stole an estimated $1.7 billion in 2022 in crypto[currency] hacks that the United Nations and others ­­have assessed the cash-strapped regime uses to fund its weapons of mass destruction and ballistic missiles programs. Press reporting about Federation Tower East—a skyscraper in Moscow’s financial district housing more than a dozen companies that convert crypto[currency] to cash—has highlighted links between some of these companies to money laundering associated with the ransomware industry. Last year’s designations of Russia-based cryptocurrency exchanges Bitzlato and Garantex for laundering hundreds of millions of dollars’ worth of crypto[currency] for Russia-based darknet markets and ransomware actors cast the magnitude of this problem into starker relief and shed light on a diverse constellation of cybercriminals. Although many pundits have correctly noted that Russia cannot ‘flip a switch’ and run its G20 economy on the blockchain, crypto[currency] can enable heavily sanctioned countries, such as Russia, North Korea, and others, to project power abroad while generating sorely needed revenue.” 

Donovan and Kumar: “We see actors from North Korea, Iran, and Russia using both kinds of cybersecurity threats described above to gain access to money and move it around without compliance. Geopolitical implications include sanctioned state actors or state-sponsored actors using the technology to generate revenue and evade sanctions. Hacking and cyber vulnerabilities are not specific to the crypto-industry and exist across digital infrastructures, specifically payments architecture. These threats can lead to national security implications for the private and public entities accessing or relying on this architecture.” 

Perumal: “Generally, there are state-sponsored hacking groups that are targeting cryptocurrencies for financial gain, but also those like the Lazarus Group that are disrupting the cryptocurrency industry. Next, criminal hacking groups may both use cryptocurrency to receive ransom payments or also attack on chain protocols. These groups may or may not be associated with a government or political agenda. Many actors are purely financially motivated, while other government actors may hack to attack adversaries without escalating to kinetic impact.”

#3 How are developments in technology shifting the cryptocurrency hacking landscape?

Danon: “The continued maturation of the blockchain analytics sector has made it harder for hackers and other illicit actors to move their ill-gotten funds undetected. The ability to visualize complex crypto[currency]-based money laundering networks, including across blockchains and smart contract transactions, has been invaluable in enabling financial institutions and crypto[currency] businesses to comply with anti-money laundering and know-your-customer requirements, and empowering governments to investigate suspicious activity. In some instances, hackers have chosen to let stolen funds lie dormant in personal wallets, as sleuths on crypto[currency] Twitter and in industry forums publicly track high-profile hacks and share addresses in real-time, complicating efforts to off-ramp stolen funds. In other instances, this has led some actors to question whether this transparency risks unnecessary scrutiny from authorities. For example, in late April, Hamas’s military wing, the Izz al-Din al-Qassam Brigades, publicly announced that it was ending its longstanding cryptocurrency donation program, citing successful government efforts to identify and prosecute donors.” 

Donovan and Kumar: “Industry is responding and innovating in this space to develop technology to protect and/or trace cyber threats and cryptocurrency hacks. We are also seeing the law enforcement, regulatory, and other government communities develop the capability and expertise to investigate these types of cybercrimes. These communities are taking steps to make public the information gathered from their investigations, which further informs the private sector to safeguard against cyber operations as well as technology innovations to secure this space.” 

Fanti: “They are not really. For the most part, hacks on cryptocurrencies are not increasing in frequency because of sophisticated new hacking techniques, but rather because of relatively mundane vulnerabilities in smart contracts. There has been some research on using cutting-edge tools such as deep reinforcement learning to try to gain funds from smart contracts and other users, particularly in the context of DeFi. However, it is unclear to what extent DeFi users are using such tools; on-chain records do not allow observers to definitively conclude whether such activity is happening.” 

Perumal: “As the rate of ransomware attacks rises, cryptocurrency is more often used as a mechanism to pay ransoms. For both that and stolen cryptocurrency, defenders aim to track actors across the blockchain and threat actors increase their usage mixers and microtransactions to hide their tracks. A second trend is crypto-jacking and using cloud computing from small to large services to fund mining. The last development is not new. Sadly, phishing and social engineering for crypto[currency] logins is still a pervasive threat and there is no technical solution to easily address human error.”

More from the Cyber Statecraft Initiative:

#4 What has been the approach of the United States and allied governments toward securing this space? How should they be approaching it?

Danon: “The US approach toward securing the space has centered on law enforcement actions, including asset seizures and takedowns with partners of darknet markets, such as Hydra Market and Genesis Market. Sanctions in the crypto[currency] space, which have dramatically accelerated since Russia’s invasion of Ukraine last February, have generated awareness about crypto[currency] based money laundering. However, as is the case across a range of national security problems, the United States has at times over relied on sanctions, which are unlikely to change actors’ behavior in the absence of a comprehensive strategy. The United States and other governments committed to AML should continue to use available tools and data offered by companies like Chainalysis to disrupt and deter bad actors from abusing the international financial system through the blockchain. Given the blockchain’s borderless and unclassified nature, the United States should also pursue robust collaboration with other jurisdictions and in multilateral institutions.” 

Donovan and Kumar: “The United States and its allies are actively involved in this space to prevent regulatory arbitrage and increase information sharing on cyber risks and threats. They have also increased communication with the public and private sectors to make them aware of cyber risks and threats, and are making information available to the public and industry to protect consumers against cybercrime. Government agencies and allies should continue to approach this issue by increasing public awareness of the threats and enabling industry innovation to protect against them.” 

Fanti: “One area that I think needs more attention from a consumer protection standpoint is smart contract security. For example, there could be more baseline requirements and transparency in the smart contract ecosystem about the practices used to develop and audit smart contracts. Users currently have no standardized way to evaluate whether a smart contract was developed using secure software development practices or tested prior to deployment. Standards bodies could help set up baseline requirements, and marketplaces could be required to report such details. While such practices cannot guarantee that a smart contract is safe, they could help reduce the prevalence of some of the most common vulnerabilities.” 

Perumal: “Two recent developments from the US government are the White House cybersecurity strategy and the Cybersecurity and Infrastructure Security Agency’s (CISA) move to ‘secure by default.’ They both emphasize cooperation with the private sector to move security of this ecosystem to cloud providers. While the system is inherently decentralized, if mining or credential theft is happening on major technology platforms, these platforms have an opportunity to mitigate risk. The White House emphasized better tracing of transactions to “trace and interdict ransomware payments,” and CISA emphasizes designing software and crypto[currency] systems to be secure by default so smaller actors and users bear less of the defensive burden. At a high level, I like that this strategy moves protections to large technology players that can defend against state actors. I also like the focus on flexible frameworks that prioritize economics (e.g., cyber liability) to set the goal, but letting the market be flexible on the solution—as opposed to a prescriptive regulatory approach that cannot adapt to new technologies. In some of these cases, I think cost reduction may be a better lever than liability, which promotes fear on a balance sheet, however, I think the push toward financially motivated goals and flexible solutions is the right direction.”

#5 Has the balance of the threats between non-state vs. state actors against cryptocurrencies changed in the last five years? Should we be worried about the same entities as in 2018?

Danon: “Conventional categories of crypto[currency]-related crime, such as fraud shops, darknet markets, and child abuse material, are on the decline. Similarly, the threat from non-state actors, such as terrorist groups, remains extremely low relative to nation states, with actors such as North Korea and Russia continuing to leverage their technical sophistication to acquire and move cryptocurrency. With great power competition now dominating the policy agenda across many capitals, analysts should not overlook other ways in which states are exercising economic statecraft in the digital realm. For example, despite its crypto[currency] ban, China’s promotion of its permissioned, private blockchain, the Blockchain-based Service Network, and its central bank digital currency, the ‘digital yuan,’ deserve sustained research and analysis. Against the backdrop of China’s rise and the fallout from the war on Ukraine, it will also be instructive to monitor the efforts of Iran, Russia, and others to support non-dollar-pegged stablecoins and other initiatives aimed at eroding the dollar’s role as the international reserve currency.” 

Donovan and Kumar: “More is publicly known now on the range of actors in this space than ever. Agencies such as CISA, FBI, and the Departments of Justice and the Treasury and others have made information available and provided a wide array of resources for people to get help or learn—such as stopransomware.gov. Private blockchain analytics firms have also enabled tracing and forensics, which in partnership with enforcement can prevent and punish cybercrime in the crypto[currency] space. Both the knowledge about ransomware and awareness of ransomware attacks have increased since 2018. As the popularity of Ransomware as a Service rises, both state and non-state actors can cause destruction. We should continue to be worried about cybercrime in general and remain agnostic of the actors.” 

Perumal: “State actors continue to get more involved in this space. As cryptocurrencies and some digital currencies based on the blockchain become more mainstream, attacking it allows a more targeted geopolitical impact. In addition to attacks by governments (like Lazarus Group), a big recent development was China’s ban on cryptocurrency, which moved mining power from China to other parts of the world, especially the United States and Russia. This changed attack patterns and targets. At a high level, we should be worried about both financially-motivated and government-backed groups, but as the crypto[currency] market grows so does the sophistication of attacks and attackers.”

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

The post The 5×5—Cryptocurrency hacking’s geopolitical and cyber implications appeared first on Atlantic Council.

]]>
What Russian mercenaries tell us about Russia https://www.atlanticcouncil.org/commentary/podcast/what-russian-mercenaries-tell-us-about-russia/ Thu, 27 Apr 2023 14:17:06 +0000 https://www.atlanticcouncil.org/?p=640202 Host and nonresident senior fellow Alia Brahimi speaks with Russian defence analyst Pavel Luzin about what the proliferation of Russian mercenaries abroad tells us about Russia at home.

The post What Russian mercenaries tell us about Russia appeared first on Atlantic Council.

]]>

In Season 1, Episode 2 of the Guns for Hire podcast, host Alia Brahimi speaks with the Russian defence analyst Pavel Luzin about what the proliferation of Russian mercenaries abroad tells us about Russia at home. They explore the domestic forces that gave rise to the Kremlin’s co-optation of Russian mercenaries, how they are funded by the Russian federal budget, and the effects mercenaries are already having on Russian society. They also discuss how Russia’s strategy of playing the troublemaker in Libya won it a seat at the table in determining Libya’s future.

 

“Hundreds of thousands of veterans will come back sooner or later to Russia and it will be a political economy and social disaster. It will be [a] high level of violence”

Pavel Luzin, Russian defence analyst

Find the Guns For Hire podcast on the app of your choice

About the podcast

The Guns for Hire podcast is a production of the Atlantic Council’s North Africa Initiative. Taking Libya as its starting point, it explores the causes and implications of the growing use of mercenaries in armed conflict.

The podcast features guests from many walks of life, from ethicists and historians to former mercenary fighters. It seeks to understand what the normalisation of contract warfare tells us about the world as we currently find it, but also about the future of the international system and about what war could look like in the coming decades.

Further reading

Through our Rafik Hariri Center for the Middle East and Scowcroft Middle East Security Initiative, the Atlantic Council works with allies and partners in Europe and the wider Middle East to protect US interests, build peace and security, and unlock the human potential of the region.

The post What Russian mercenaries tell us about Russia appeared first on Atlantic Council.

]]>
Russian War Report: Russian army presses on in Bakhmut despite losses https://www.atlanticcouncil.org/blogs/new-atlanticist/russian-war-report-russian-army-presses-on-in-bakhmut-despite-losses/ Fri, 14 Apr 2023 17:34:44 +0000 https://www.atlanticcouncil.org/?p=636784 Bakhmut remains a major conflict zone with dozens of attacks on Ukrainian forces there, despite Russian forces sustaining heavy losses.

The post Russian War Report: Russian army presses on in Bakhmut despite losses appeared first on Atlantic Council.

]]>
As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report. 

Security

Russian army presses on in Bakhmut despite losses

Russia enacts “e-drafting” law

Drone imagery locates new burial site east of Soledar

Russian hackers target NATO websites and email addresses

Russian army presses on in Bakhmut despite losses

The General Staff of the Ukrainian Armed Forces recorded fifty-eight attacks on Ukrainian troop positions on April 9 and 10. Of these attacks, more than thirty were in the direction of Bakhmut, and more than twenty were in the direction of Marinka and Avdiivka. Russian forces also attempted to advance toward Lyman, south of Dibrova.

Documented locations of fighting April 1-13, 2023; data gathered from open-source resources. (Source: Ukraine Control Map, with annotations by the DFRLab)
Documented locations of fighting April 1-13, 2023; data gathered from open-source resources. (Source: Ukraine Control Map, with annotations by the DFRLab)

On April 10, Commander of the Eastern Group of Ukrainian Ground Forces Oleksandr Syrskyi said that Russian forces in Bakhmut increasingly rely on government special forces and paratroopers because Wagner units have suffered losses in the recent battles. Syrskyi visited Bakhmut on April 9 to inspect defense lines and troops deployed to the frontline. According to the United Kingdom’s April 10 military intelligence report, Russian troops are intensifying tank attacks on Marinka but are still struggling with minimal advances and heavy losses. 

On April 13, Deputy Chief of the Main Operational Directorate of Ukrainian Forces Oleksiy Gromov said that Bakhmut remains the most challenging section on the frontline as Russian forces continue to storm the city center, trying to encircle it from the north and south through Ivanivske and Bohdanivka. According to Ukrainian estimates, during a two-week period, Russian army and Wagner Group losses in the battle for Bakhmut amounted to almost 4,500 people killed or wounded. To restore the offensive potential in Bakhmut, Russian units that were previously attacking in the direction of Avdiivka were transferred back to Bakhmut.

On April 8, Commander of the Ukrainian Air Forces Mykola Oleshchuk lobbied for Ukraine obtaining F-16 fighter jets. According to his statement, Ukrainian pilots are now “hostages of old technologies” that render all pilot missions “mortally dangerous.” Oleshchuk noted that American F-16 jets would help strengthen Ukraine’s air defense. Oleshchuk said that even with a proper number of aircraft and pilots, Ukrainian aviation, which is composed of Soviet aircraft and missiles, may be left without weapons at some point. He noted the F-16 has a huge arsenal of modern bombs and missiles. The commander also discussed the need for superiority in the air and control of the sea. Currently, Russian aviation is more technologically advanced and outnumbers Ukraine, meaning Ukraine cannot adequately protect its airspace. In order for the Ukrainian army to advance and re-capture territory occupied by Russia, it will require substantial deliveries of aviation and heavy equipment like tanks, howitzers, and shells. 

April 10, Ukrainian forces reported they had spotted four Russian ships on combat duty in the Black Sea, including one armed with Kalibr missiles. Another Russian ship was spotted in the Sea of Azov, along with seven in the Mediterranean, including three Kalibr cruise missile carriers. 

Meanwhile, according to Ukrainian military intelligence, Russia plans to produce Kh-50 cruise missiles in June. If confirmed, this could potentially lead to increased missile strikes against Ukraine in the fall. The Kh-50 missiles in the “715” configuration are intended to be universal, meaning they can be used by many Russian strategic bombers, including the Tu-22M3, Tu-95MS, and Tu-160.

Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Russia enacts “e-drafting” law

On April 11, the Russian State Duma approved a bill reading allowing for the online drafting of Russian citizens using the national social service portal Gosuslugi. One day later, the Russian Federal Council adopted the law. The new law enables military commissariats, or voenkomat, to send mobilization notices to anyone registered in the Gosuslugi portal. Contrary to the traditional in-person delivery of paper notices, the digital mobilization order will be enforced immediately upon being sent out to the user; ordinarily, men drafted for mobilization could dispute the reception of the notice during the twenty-one-day period after the notice was sent. As of 2020, 78 million users were reportedly registered in the Gosuslugi portal, nearly two-thirds of the Russian population.

Alongside the adoption of the digital mobilization notices are newly adopted restrictions regarding unresponsive citizens. Those who fail to appear at their local military commissariat in the twenty-day period following notice will be barred from leaving the country and banned from receiving new credit or driving a car. Of the 164 senators who took part in the vote, only one voted against the bill; Ludmila Narusova argued that the law had been adopted exceptionally hastily and that the punishments against “deviants” who do not respond to the notice are “inadequate.”

As explained by Riga-based Russian news outlet Meduza, the law also states that reserves could be populated with those who legally abstained from military service until the age of twenty-seven, due to an amendment in the bill that allows for personal data to be shared with the Russian defense ministry in order to establish “reasonable grounds” for mobilization notices to be sent out. Several institutions across the country will be subject to the data exchange, including the interior ministry, the federal tax office, the pension and social fund, local and federal institutions, and schools and universities.

Valentin Châtelet, Research Associate, Security, Brussels, Belgium

Drone imagery locates new burial site east of Soledar

Images released by Twitter user @externalPilot revealed a new burial site, located opposite a cemetery, in the village of Volodymyrivka, southeast of Soledar, Donetsk Oblast. The DFRLab collected aerial imagery and assessed that the burial site emerged during the last week of March and the first week of April. The city of Soledar has been under Russian control since mid-January. The burial site faces the Volodymyrivka town cemetery. Drone footage shows several tombs with no apparent orthodox crosses or ornaments. Analysis of the drone imagery indicates around seventy new graves have been dug on this site. A DFRLab assessment of satellite imagery estimates the surface area of the burial site amounts to around thirteen hectares.

Location of new burial site east of Soledar, Volodymyrivka, Donetsk Oblast. (Source: PlanetLab, with annotations by the DFRLab)
Location of new burial site east of Soledar, Volodymyrivka, Donetsk Oblast. (Source: PlanetLab, with annotations by the DFRLab)

Valentin Châtelet, Research Associate, Security, Brussels, Belgium

Russian hackers target NATO websites and email addresses

On April 8, the pro-war Russian hacktivist movement Killnet announced they would target NATO in a hacking operation. On April 10, they said they had carried out the attack. The hacktivists claimed that “40% of NATO’s electronic infrastructure has been paralyzed.” They also claimed to have gained access to the e-mails of NATO staff and announced they had used the e-mails to create user accounts on LBGTQ+ dating sites for 150 NATO employees.

The hacktivists forwarded a Telegram post from the KillMilk channel showing screenshots of one NATO employee’s e-mail being used to register an account on the website GayFriendly.dating. The DFRLab searched the site for an account affiliated with the email but none was found.

Killnet also published a list of e-mails it claims to have hacked. The DFRLab cross-checked the e-mails against publicly available databases of compromised e-mails, like Have I been Pwned, Avast, Namescan, F-secure, and others. As of April 13, none of the e-mails had been linked to the Killnet hack, though this may change as the services update their datasets.

In addition, the DFRLab checked the downtime of the NATO websites that Killnet claims to have targeted with distributed denial of service (DDoS) attacks. According to IsItDownRightNow, eleven of the forty-four NATO-related websites (25 percent) were down at some point on April 10.  

Nika Aleksejeva, Resident Fellow, Riga, Latvia

The post Russian War Report: Russian army presses on in Bakhmut despite losses appeared first on Atlantic Council.

]]>
Game-changers: Implications of the Russo-Ukraine war for the future of ground warfare https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/game-changers-implications-of-the-russo-ukraine-war-for-the-future-of-ground-warfare/ Mon, 03 Apr 2023 16:30:00 +0000 https://www.atlanticcouncil.org/?p=631638 T.X. Hammes describes the most significant gamechangers for ground warfare from the Russo-Ukraine war and the lessons that US, allied, and partner policymakers should draw from the conflict for their own force posture and development.

The post Game-changers: Implications of the Russo-Ukraine war for the future of ground warfare appeared first on Atlantic Council.

]]>
FORWARD DEFENSE
ISSUE BRIEF

What does the record of combat in the year since Russia began its full-scale invasion of Ukraine herald about the future character of ground war? Defense analysts are split on whether the conflict manifests transformative change or merely reinforces the verities of ground combat. On the one hand, the bulk of each side’s formations are armed with decades-old equipment and trained in Soviet-era tactics. However, both forces are adapting, and the Ukrainian military is demonstrating an impressive propensity to improvise and innovate. In particular, Russia was not prepared for Ukraine’s convergence of new capabilities in command and control, persistent surveillance, and massed, precision fires which are changing the game of ground warfare.

Want to learn more? Watch the launch event.

Verities of ground combat

The Russo-Ukraine war has reinforced important continuities in military operations. These include the importance of preparation, logistics, and industrial capacity which are the core components needed to sustain a capable force. The war has also driven home the importance of both massed and precision fires. Cannon artillery has played a central role in the war, firing about two million rounds to date. Ukrainian forces have also adeptly employed long-range High Mobility Artillery Rocket Systems (HIMARS) to dramatically damage Russian ammunition resupply. Artillery fires have been, and will continue to be, crucial for supporting maneuver, degrading adversary communications and logistical capabilities, and destroying or suppressing adversary artillery. Consequently, the industrial capacity to produce the necessary ammunition, maintenance equipment, and systems to replace losses, will remain a defining feature of military preparedness.

Game-changers

The Ukrainian military has combined existing and new technologies to develop three capabilities that are dramatically altering the dynamics on the battlefield. First, Ukraine has developed truly connected, high-speed command and control. Second, Ukraine has access to near-persistent surveillance of the battlespace. Third, Ukraine’s skilled use of precision artillery, drones, and loitering munitions demonstrated how their smaller, lighter forces could defeat Russia’s offensive.

Recommendations

  • Recognize that these game-changing capabilities are giving new and powerful advantages to defenders in ground combat.
  • Structure and organize forces to operate in an environment of ubiquitous surveillance.
  • Prepare for ground combat in which large numbers of “semiautonomous” loitering munitions dominate the battlefield.
  • Recognize ground-based missiles and drones as key instruments of air power.
  • Engage the commercial sector as a key source of technology and innovation.

Generously sponsored by

Maxar Technologies
SAIC

About the author

T.X. Hammes

Distinguished Research FellowInstitute for National Strategic Studies, National Defense University

Dr. Thomas X. Hammes joined Institute for National Strategic Studies in June 2009. His areas of expertise include future conflict, the changing character of war, military strategy, operational concepts, and insurgency. Dr. Hammes earned a Bachelor of Science from the Naval Academy in 1975 and holds a Masters of Historical Research and a Doctorate in Modern History from Oxford University. He is a Distinguished Graduate from the Canadian National Defence College. He has published three books: Deglobalization and International Security; The Sling and the Stone: On War in the 21st Century; and The 1st Provisional Marine Brigade, the Corps’ Ethos, and the Korean War. He has also published over 160 articles. His publications have been used widely in staff and defense college curricula in the US, UK, Canada, Australia, and Singapore. Dr. Hammes has lectured extensively at leading academic and military institutions in the United States and abroad. Prior to his retirement from active duty, Dr. Hammes served 30 years in the Marine Corps to include command of an intelligence battalion, an infantry battalion and the Chemical Biological Response Force. He participated in military operations in Somalia and Iraq and trained insurgents in various locations.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Game-changers: Implications of the Russo-Ukraine war for the future of ground warfare appeared first on Atlantic Council.

]]>
The problem with India’s app bans https://www.atlanticcouncil.org/blogs/southasiasource/the-problem-with-indias-app-bans/ Mon, 27 Mar 2023 20:33:24 +0000 https://www.atlanticcouncil.org/?p=628678 The Indian government needs to build a comprehensive, transparent, and accountable means of addressing data privacy and security risks.

The post The problem with India’s app bans appeared first on Atlantic Council.

]]>
TikTok is front and center in the US debate on technology, privacy, cybersecurity, and US-China relations. Yet, the app has also been subject to conversation about national security in another country: India. Just before the Trump administration issued its executive order in August 2020 attempting to ban TikTok in the United States (later struck down in multiple courts and then withdrawn by the Biden administration in June 2021), New Delhi banned TikTok in June 2020. In the time since, India expanded this strategy, banning hundreds of other apps in the country—many with links to China—citing national security and sovereignty justifications.

The most recent iteration was in February, when the Indian government initiated a process to ban 138 betting apps and ninety-four lending apps, many of which it claimed have links to China. Authorities walked a few of these bans back after Indian companies like LazyPay and Kissht reportedly demonstrated they had no such links. Some US policymakers have praised India’s app bans, namely Federal Communications Commission Commissioner Brendan Carr, who said in January of this year that India set an “incredibly important precedent” by banning TikTok from the country.

But India’s app bans are not an example of constructive, careful, and established policy and process on the risks posed by foreign technology companies, products, and services.

Government overreach with no transparency

The administration of Prime Minister Narendra Modi is grossly mistaken in playing hundreds of rounds of whack-a-mole against Chinese apps. The bans were imposed with very little transparency and little or no public consultation. They were followed up by state orders—which went largely unquestioned—for internet service providers (ISPs) in India to filter out Indians’ access to TikTok servers. To top it off, India has no comprehensive privacy regime—exactly what it needs to better protect Indian citizens’ data, including from the undemocratic Modi government.

Instead, the country is witnessing overreaching government policies that make sweeping assessments of mobile apps behind closed doors, with few avenues of recourse by the public. Citizens’ data, meanwhile, remains vulnerable to widespread abuse.

India has banned hundreds of apps since the first round of app expulsions in June 2020. The government banned fifty-nine Chinese apps in June 2020, forty-seven apps in July 2020, 118 apps in September 2020, and forty-three apps in November 2020. In February 2022, over a year after the prior set of bans, New Delhi announced fifty-four new app bans. Most recently, in February 2023, the government initiated a process to ban 232 apps; the exact number of banned applications is unclear due to a lack of media coverage on subsequent walk-backs.

A data analysis of the bans indicates that they focus heavily on utility apps, photo and video apps, social media apps, messaging and social networking apps, and gaming apps. In many of these cases, New Delhi has asserted that the apps are prejudicial to the national security and sovereignty of India. Clearly, this language was selected because it pulls from Section 69(A) of India’s Information Technology Act of 2000, the legislation which the Indian government invokes with these bans. The provision states that:

“Where the Central Government or a State Government or any of its offers specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient to do so, in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offense relating to or above or for investigation of any offense, it may be subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.”

With each of these app bans, the Indian government has given little public notice or none at all. For example, the scramble in the wake of the February 2023 bans—where companies in India were banned because of alleged links to China, though they subsequently demonstrated nothing of the sort—suggests the companies were not approached or notified by the government prior to the bans’ public announcement. New Delhi has also consistently provided insufficient information on its reasoning for the bans. As the nonprofit Internet Freedom Foundation in India wrote after the first round of June 2020 bans, “currently we only have a press release and not the actual order,” which is needed “since it contains the reasons for the ban which are important when we try to assess the legality and validity of the ban.” The lack of public notice is especially significant given that the actions did not target a single app or company at once; instead, each round of bans threw dozens or even more than one hundred apps out of India at a time.

Governments need to provide a clear public explanation (if not also evidence) for decisions to restrict a tech company, product, or service’s market access for “security” reasons. This is because not every risk posed by a technology company, product, or service is the same. Consider a hypothetical example: a social media platform could raise questions about the risk of corporate data abuse; foreign government data access; foreign government content manipulation; addictiveness for children; and so on. Each of these are different concerns requiring unique diagnoses and policy responses. Hence, broadly claiming “security” and “sovereignty” is an insufficient justification for a complete ban—just as US policymakers who initially said “TikTok is owned by a Chinese firm” were not properly breaking down the perceived risks. Democracies (even if backsliding) should provide the public, the private sector, and civil society with explanations for their tech policy decisions. 

In India’s case, the state has failed to properly do so time and time again with these bans.

A lack of due process for ban policies

The process for India’s app bans is also highly concerning. The so-called IT Blocking Rules from 2009 laid out regulations for how these types of bans should take place (as required in Section 69(B) of the Information Technology Act). But, as the Internet Freedom Foundation noted in June 2020, it was unclear if the Indian government’s decision to enact these bans followed the proper process—to include holding a pre-decisional hearing. Process rarely makes for interesting conversation, but it’s vital. How a government reviews tech companies, products, and services for security risks; how it makes determinations about those risks; whether it consults with outside voices on those risks; and how it communicates those risks and that process to the public all shape whether government security reviews are nuanced, transparent, and accountable.

Even if one agrees with the result of a ban—such as expelling TikTok from India—how the Modi government arrived there, and its unilateral power to block and censor in this area, are still great reasons for concern. There has been woefully insufficient press attention, in India and even more so in the West, to the fact that New Delhi quickly got Apple and Google to remove apps from their stores and then ordered ISPs, at least in TikTok’s case, to filter Indians’ web traffic to block access to servers.

There is also a strong political dimension to these actions. When the Indian government first started banning China-linked apps in June 2020, including TikTok, it followed an India-China border clash in which twenty Indian soldiers and four Chinese soldiers reportedly died. That India’s app bans were compared to “digital counterstrikes” from India to China underscore the fact that the move was heavily politically motivated, meant to signal to the Indian public that the Modi government was responding, and to China that India was willing to constrain Chinese apps’ market access. New Delhi was able to signal resolve against Beijing (at least in its mind), defending Indian “sovereignty” (as per the ban press release) without taking military action.

Modi’s administration has also been increasing pressure on tech companies operating in India. For instance, there was significant media reporting about Facebook, India, and the ruling Bharatiya Janata Party (BJP); in addition to underinvesting in content moderation in India and many other countries, Facebook reportedly had internal pushes to relax its rules for BJP officials spreading hate speech because the users in question belonged to the party in power. Indian police also raided (empty) Twitter offices in 2021—a move reminiscent of the Russian government’s coercive tactics—after the company applied a “manipulated media” label to a tweet from a BJP official. Even with discussions of data localization in India, one of the many motivations at play was the Indian government’s interest in applying pressure to—and holding leverage over—tech companies operating there. 

The app bans fit within this broader context of tech company coercion and state efforts to increase control of the tech environment.

No data privacy regime means “anything goes”

Lastly, India has no comprehensive privacy law. The new Digital Personal Data Protection Bill is a mixed bag for privacy but has some improvements over the previous legislation (the Personal Data Protection Bill) which had broad data localization requirements among other things. Negotiations are still ongoing. Yet, that is exactly the point: the Modi government has banned hundreds and hundreds of apps, many with links to China, in the past 2.5 years, while India is still without a law to constrain corporate data collection, rein in the sale of Indians’ data by data brokers, and place guardrails around expanding Indian government surveillance.

Without a doubt, the Chinese government is heavily engaged in espionage against countries around the world—India included—and it’s safe to assume that most if not all Chinese tech firms must answer to Beijing when asked. China is not micromanaging all companies all the time (as that would be unwieldy) but the risks of Chinese state influence on Chinese tech firms are certainly present. 

The Indian government needs to build a comprehensive, transparent, and accountable means of addressing data privacy and security risks. Playing endless rounds of arbitrary whack-a-mole against apps—with little to no public consultation—is a step in the wrong direction with serious consequences.

The author thanks Rose Jackson for comments on an earlier draft of this article.

Justin Sherman (@jshermcyber) is a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative and the founder and CEO of Global Cyber Strategies, a Washington, DC-based research and advisory firm.

The South Asia Center is the hub for the Atlantic Council’s analysis of the political, social, geographical, and cultural diversity of the region. ​At the intersection of South Asia and its geopolitics, SAC cultivates dialogue to shape policy and forge ties between the region and the global community.

The post The problem with India’s app bans appeared first on Atlantic Council.

]]>
Defeating the Wagner Group https://www.atlanticcouncil.org/commentary/podcast/defeating-the-wagner-group/ Thu, 23 Mar 2023 14:39:42 +0000 https://www.atlanticcouncil.org/?p=626622 Host and nonresident senior fellow Alia Brahimi speaks with author and former mercenary Dr. Sean McFate about his three-pronged strategy for defeating the Wagner Group.

The post Defeating the Wagner Group appeared first on Atlantic Council.

]]>

In Season 1, Episode 1 of the Guns for Hire podcast, host Alia Brahimi speaks with the author and former mercenary Dr. Sean McFate about his three-pronged strategy for defeating the Wagner Group. They also discuss internal dynamics within the Kremlin-linked private military company, the dangerously outsized influence of its leader in the war in Ukraine, and Sean’s argument that there’s nothing more unconventional today than a conventional war– and that this is borne out by the way that Russia is fighting in Ukraine.

 

“There’s this natural schism, between for-profit and not-for-profit warriors. Let’s just widen that schism in the Russian instance.”

Sean McFate, author and former mercenary

Find the Guns For Hire podcast on the app of your choice

About the podcast

The Guns for Hire podcast is a production of the Atlantic Council’s North Africa Initiative. Taking Libya as its starting point, it explores the causes and implications of the growing use of mercenaries in armed conflict.

The podcast features guests from many walks of life, from ethicists and historians to former mercenary fighters. It seeks to understand what the normalisation of contract warfare tells us about the world as we currently find it, but also about the future of the international system and about what war could look like in the coming decades.

Further reading

Through our Rafik Hariri Center for the Middle East and Scowcroft Middle East Security Initiative, the Atlantic Council works with allies and partners in Europe and the wider Middle East to protect US interests, build peace and security, and unlock the human potential of the region.

The post Defeating the Wagner Group appeared first on Atlantic Council.

]]>
The 5×5—Conflict in Ukraine’s information environment https://www.atlanticcouncil.org/content-series/the-5x5/the-5x5-conflict-in-ukraines-information-environment/ Wed, 22 Mar 2023 04:01:00 +0000 https://www.atlanticcouncil.org/?p=625738 Experts provide insights on the war being waged through the Ukrainian information environment and take away lessons for the future.

The post The 5×5—Conflict in Ukraine’s information environment appeared first on Atlantic Council.

]]>
This article is part of The 5×5, a monthly series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the 5×5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at SHandler@atlanticcouncil.org.

Just over one year ago, on February 24, 2022, Russia launched a full-scale invasion of neighboring Ukraine. The ensuing conflict, Europe’s largest since World War II, has not only besieged Ukraine physically, but also through the information environment. Through kinetic, cyber, and influence operations, Russia has placed Ukraine’s digital and physical information infrastructure—including its cell towers, networks, data, and the ideas that traverse them—in its crosshairs as it seeks to cripple Ukraine’s defenses and bring its population under Russian control. 

Given the privately owned underpinnings of the cyber and information domains by technology companies, a range of local and global companies have played a significant role in defending the information environment in Ukraine. From Ukrainian telecommunications operators to global cloud and satellite internet providers, the private sector has been woven into Ukrainian defense and resilience. For example, Google’s Threat Analysis Group reported having disrupted over 1,950 instances in 2022 of Russian information operations aimed at degrading support for Ukraine, undermining its government, and building support for the war within Russia. The present conflict in Ukraine offers lessons for states as well as private companies on why public-private cooperation is essential to building resilience in this space, and how these entities can work together more effectively. 

We brought together a group of experts to provide insights on the war being waged through the Ukrainian information environment and take away lessons for the United States and its allies for the future. 

#1 How has conflict in the information environment associated with the war in Ukraine compared to your prior expectations?

Nika Aleksejeva, resident fellow, Baltics, Digital Forensic Research Lab (DFRLab), Atlantic Council

“As the war in Ukraine started, everyone was expecting to see Russia conducting offensive information influence operations targeting Europe. Yes, we have identified and researched Russia’s coordinated information influence campaigns on Meta’s platforms and Telegram. These campaigns targeted primarily European countries, and their execution was unprofessional, sloppy, and without much engagement on respective platforms.” 

Silas Cutler, senior director for cyber threat research, Institute for Security and Technology (IST)

“A remarkable aspect of this conflict has been how Ukraine has maintained communication with the rest of the world. In the days leading up to the conflict, there was a significant concern that Russia would disrupt Ukraine’s ability to report on events as they unfolded. Instead of losing communication, Ukraine has thrived while continuously highlighting through social media its ingenuity within the conflict space. Both the mobilization of its technical workforce through the volunteer IT_Army and its ability to leverage consumer technology, such as drones, have shown the incredible resilience and creativity of the Ukrainian people.” 

Roman Osadchuk, research associate, Eurasia, Digital Forensic Research Lab (DFRLab), Atlantic Council: 

“The information environment was chaotic and tense even before the invasion, as Russia waged a hybrid war since at least the annexation of Crimea and war in Eastern Ukraine in 2014. Therefore, the after-invasion dynamic did not bring significant surprises, but intensified tension and resistance from Ukrainian civil society and government toward Russia’s attempts to explain its unprovoked invasion and muddle the water around its war crimes. The only things that exceeded expectations were the abuse of fact-checking toolbox WarOnFakes and the intensified globalization of the Kremlin’s attempts to tailor messages about the war to their favor globally.” 

Emma Schroeder, associate director, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council

“The information environment has been a central space and pathway throughout which this war is being fought. Russian forces are reaching through that space to attack and spread misinformation, as well as attacking the physical infrastructure underpinning this environment. The behavior, while novel in its scale, is the continuation of Russian strategy in Crimea, and is very much living up to expectations set in that context. What has surpassed expectations is the effectiveness of Ukrainian defenses, in coordination with allies and private sector partners. The degree to which the international community has sprung forward to provide aid and assistance is incredible, especially in the information environment where such global involvement can be so immediate and transformative.” 

Gavin Wilde, senior fellow, Technology and International Affairs Program, Carnegie Endowment for International Peace

“The volume and intensity of cyber and information operations has roughly been in line with my prior expectations, though the degree of private and commercial activity was something that I might not have predicted a year ago. From self-selecting out of the Russian market to swarming to defend Ukrainian networks and infrastructure, the outpouring of support from Western technology and cybersecurity firms was not on my bingo card. Sustaining it and modeling for similar crises are now key.” 

 
#2 What risks do private companies assume in offering support or partnership to states engaged in active conflict?

Aleksejeva: “Fewer and fewer businesses are betting on Russia’s successful economical future. Additionally, supporting Russia in this conflict in any way is morally unacceptable for most Western companies. Chinese and Iranian companies are different. As for Ukraine, supporting it is morally encouraged, but is limited by many practicalities, such as supply chain disruptions amid Russia’s attacks.” 

Cutler: “By providing support during conflict, companies risk becoming a target themselves. Technology companies such as Microsoft, SentinelOne, and Cloudflare, which have publicly reported their support for Ukraine, have been historically targeted by Russian cyber operations and are already familiar with the increased risk. Organizations with pre-conflict commercial relationships may fall under new scrutiny by nationally-aligned hacktivist groups such as Killnet. This support for one side over the other—whether actual or perceived—may result in additional risk.” 

Osadchuk: “An important risk of continuing business as usual [in Russia] is that it may damage a company’s public image and test its declared values, since the continuation of paying taxes within the country-aggressor makes the private company a sponsor of these actions. Another risk for a private company is financial, since the companies that leave a particular market are losing their profits, but this is incomparable to human suffering and losses caused by the aggression. In the case of a Russian invasion, one of the ways to stop the war is to cut funding for and, thus, undermine the Russian war machine and support Ukraine.” 

Schroeder: “Private companies have long provided goods and services to combatants outside of the information environment. The international legal framework restricting combatants to targeting ‘military objects’ provides normative protection, as objects are defined as those ‘whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage’ in a manner proportional to the military gain foreseen by the operation. This definition, however, is still subject to the realities of conflict, wherein combatants will make those decisions to their own best advantage. In the information environment, this question becomes more complicated, as cyber products and services often do not fall neatly within standard categories and where private companies themselves own and operate the very infrastructure over and through which combatants engage. The United States and its allies, whether on a unilateral of supranational basis, work to better define the boundaries of civilian ‘participation’ in war and conflict, as the very nature of the space means that their involvement will only increase.” 

Wilde: “On one hand, it is important not to falsely mirror onto others the constraints of international legal and normative frameworks around armed conflict to which responsible states strive to adhere. Like Russia, some states show no scruples about violating these frameworks in letter or spirit, and seem unlikely to be inhibited by claims of neutrality from companies offering support to victimized states. That said, clarity about where goods and services might be used for civilian versus military objectives is advisable to avoid the thresholds of ‘direct participation’ in war outlined in International Humanitarian Law.”

#3 What useful lessons should the United States and its allies take away from the successes and/or failures of cyber and information operations in Ukraine?

Aleksejeva: “As for cyber operations, so far, we have not seen successful disruptions achieved by Russia of Ukraine and its Western allies. Yes, we are seeing constant attacks, but cyber defense is much more developed on both sides than before 2014. As for information operations, the United States and its allies should become less self-centered and have a clear view of Russia’s influence activities in the so-called Global South where much of the narratives are rooted in anti-Western sentiment.” 

Cutler: “Prior to the start of the conflict, it was strongly believed that a cyber operation, specifically against energy and communication sectors, would act as a precursor to kinetic action. While a WannaCry or NotPetya-scale attack did not occur, the AcidRain attack against the Viasat satellite communication network and other attacks targeting Ukraine’s energy sector highlight that cyber operations of varying effectiveness will play a role in the lead up to a military conflict.” 

Osadchuk: “First, cyber operations coordinate with other attack types, like kinetic operations on the ground, disinformation, and influence operations. Therefore, cyberattacks might be a precursor of an upcoming missile strike, information operation, or any other action in the physical and informational dimensions, so allies could use cyber to model and analyze multi-domain operations. Finally, preparation for and resilience to information and cyber operations are vital in mitigating the consequences of such attacks; thus, updating defense doctrines and improving cyber infrastructure and social resilience are necessary.” 

Schroeder: “Expectations for operations in this environment have exposed clear fractures in the ways that different communities define as success in a wartime operation. Specifically, there is a tendency to equate success with direct or kinetic battlefield impact. One of the biggest lessons that has been both a success and a failure throughout this war is the role that this environment can play. Those at war, from ancient to modern times, have leveraged every asset at their disposal and chosen the tool they see as the best fit for each challenge that arises—cyber is no different. While there is ongoing debate surrounding this question, if cyber operations have not been effective on a battlefield, that does not mean that cyber is ineffective, just that expectations were misplaced. Understanding the myriad roles that cyber can and does play in defense, national security, and conflict is key to creating an effective cross-domain force. 

Wilde: “Foremost is the need to check the assumption that these operations can have decisive utility, particularly in a kinetic wartime context. Moscow placed great faith in its ability to convert widespread digital and societal disruption into geopolitical advantage, only to find years of effort backfiring catastrophically. In other contexts, better trained and resourced militaries might be able to blend cyber and information operations into combined arms campaigns more effectively to achieve discrete objectives. However, it is worth reevaluating the degree to which we assume offensive cyber and information operations can reliably be counted on to play pivotal roles in hot war.”

More from the Cyber Statecraft Initiative:

#4 How do comparisons to other domains of conflict help and/or hurt understanding of conflict in the information domain?

Aleksejeva: “Unlike conventional warfare, information warfare uses information and psychological operations during peace time as well. By masking behind sock puppet or anonymous social media accounts, information influence operations might be perceived as legitimate internal issues that polarize society. A country might be unaware that it is under attack. At the same time, as the goal of conventional warfare is to break an adversary’s defense line, information warfare fights societal resilience by breaking its unity. ‘Divide and rule’ is one of the basic information warfare strategies.” 

Cutler: “When looking at the role of cyber in this conflict, I think it is critical to examine the history of Hacktivist movements. This can be incredibly useful for understanding the influences and capabilities of groups like the IT_Army and Killnet.” 

Osadchuk: “The information domain sometimes reflects the kinetic events on the ground, so comparing these two is helpful and could serve as a behavior predictor. For instance, when the Armed Forces of Ukraine liberate new territories, they also expose war crimes, civilian casualties, and damages inflicted by occupation forces. In reaction to these revelations, the Kremlin propaganda machine usually launches multiple campaigns to distance themselves, blame the victim, or even denounce allegations as staged to muddy the waters for certain observers.” 

Schroeder: “It is often tricky to carry comparisons over different environments and context, but the practice persists because, well, that is just what people do—look for patterns. The ability to carry over patterns and lessons is essential, especially in new environments and with the constant developments of new tools and technologies. Where these comparisons cause problems is when they are used not as a starting point, but as a predetermined answer.” 

Wilde: “It is problematic, in my view, to consider information a warfighting ‘domain,’ particularly because its physical and metaphorical boundaries are endlessly vague and evolving—certainly relative to air, land, sea, and space. The complexities and contingencies in the information environment are infinitely more than those in the latter domains. However talented we may be at collecting and analyzing millions of relevant datapoints with advanced technology, these capabilities may lend us a false sense of our ability to control or subvert the information environment during wartime—from hearts and minds to bits and bytes.”

#5 What conditions might make the current conflict exceptional and not generalizable?

Aleksejeva: “This war is neither ideological nor a war for territories and resources. Russia does not have any ideology that backs up its invasion of Ukraine. It also has a hard time maintaining control of its occupied territories. Instead, Russia has many disinformation-based narratives or stories that justify the invasion to as many Russian citizens as possible including Kremlin officials. Narratives are general and diverse enough, so everyone can find an explanation of the current invasion—be it the alleged rebirth of Nazism in Ukraine, the fight against US hegemony, or the alleged historical right to bring Ukraine back to Russia’s sphere of influence. Though local, the war has global impact and makes countries around the world pick sides. Online and social media platforms, machine translation tools, and big data products provide a great opportunity to bombard any internet user in any part of the world with pro-Russia massaging often tailored to echo historical, racial, and economic resentments especially rooted in colonial past.” 

Cutler: “During the Gulf War, CNN and other cable news networks were able to provide live coverage of military action as it was unfolding. Now, real-time information from conflict areas is more broadly accessible. Telegram and social media have directly shaped the information and narratives from the conflict zone.” 

Osadchuk: “The main difference is the enormous amount of war content, ranging from professional pictures and amateur videos after missile strikes to drone footage of artillery salvos and bodycam footage of fighting in the frontline trenches—all making this conflict the most documented. Second, this war demonstrates the need for drones, satellite imagery, and open-source intelligence for successful operations, which distances it from previous conflicts and wars. Finally, it is exceptional due to the participation of Ukrainian civil society in developing applications, like the one alerting people about incoming shelling or helping find shelter; launching crowdfunding campaigns for vehicles, medical equipment, and even satellite image services; and debunking Russian disinformation on social media.” 

Schroeder: “One of the key lessons we can take from this war is the centrality of the global private sector to conflict in and through the information environment. From expedited construction of cloud infrastructure for the Ukrainian government to Ukrainian telecommunications companies defending and restoring services along the front lines to distributed satellite devices, providing flexible connectivity to civilians and soldiers alike, private companies have undoubtedly played an important role in shaping both the capabilities of the Ukrainian state and the information battlespace itself. While we do not entirely understand the incentives that drove these actions, an undeniable motivation that will be difficult to replicate in other contexts is the combination of Russian outright aggression and comparative economic weakness. Companies and their directors felt motivated to act due to the first and, likely, free to act due to the second. Private sector centrality is unlikely to diminish and, in future conflicts, it will be imperative for combatants to understand the opportunities and dependencies that exist in this space within their own unique context.” 

Wilde: “My sense is that post-war, transatlantic dynamics—from shared norms to politico-military ties—lent significant tailwinds to marshal resource and support to Ukraine (though not as quickly or amply from some quarters as I had hoped). The shared memory of the fight for self-determination in Central and Eastern Europe in the late 1980s to early 1990s still has deep resonance among the publics and capitals of the West. These are unique dynamics, and the degree to which they could be replicated in other theaters of potential conflict is a pretty open question.”

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

The post The 5×5—Conflict in Ukraine’s information environment appeared first on Atlantic Council.

]]>
In brief: C4ISR – A five-step guide to maintaining NATO’s comparative military edge over the coming decade https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/in-brief-c4isr-a-five-step-guide-to-maintaining-natos-comparative-military-edge-over-the-coming-decade/ Thu, 16 Mar 2023 14:11:14 +0000 https://www.atlanticcouncil.org/?p=624208 The Atlantic Council presents a five step guide to maintaining NATO's comparative military edge over the coming decade.

The post In brief: C4ISR – A five-step guide to maintaining NATO’s comparative military edge over the coming decade appeared first on Atlantic Council.

]]>

Top lines

  • C4ISR, which stands for command and control, communications, computers, intelligence, surveillance and reconnaissance, is the nervous system of the military.
  • NATO’s current C4ISR systems and thinking do not meet all of the Alliance’s needs. The relevance of such systems in the future will only grow. Mounting threats and challenges to NATO will raise requirements for better awareness, decision making, and rapid response.
  • NATO should seize the momentum and unity that Russia’s invasion of Ukraine has generated, and use it to update its C4ISR.

WORTH A THOUSAND WORDS

C4ISR is the backbone on which NATO awareness, decisions, and action rely, yet the complexity of the system makes its modernization both difficult and essential.

Credit: NATO

THE DIAGNOSIS

Amid historical neglect and focus on crisis response, C4ISR capabilities for collective defense lag behind the level of ambition necessary for the currently volatile geopolitical environment.

With Russia’s war in Ukraine drastically changing the context of European security and defense, the speed of understanding, decision-making, and action among allies are more important than ever. NATO’s strength lies in its ability to collectively decide and act, organize, and integrate. However, the C4ISR capabilities that allow the allies to do that—and much more—remain under resourced and much less effective than required. While much has been done to improve NATO C4ISR over the past decade, much work remains.

NATO has a unique opportunity to leverage the current sense of unity, urgency and shared vision among allies to build the C4ISR architecture the Alliance needs for the future. The time to act is now, when the war in Ukraine is providing a treasure trove of lessons for the Alliance, ranging from the requirements to be ready from day one for any NATO mission (also called day zero readiness) to the important role the private industry plays in the security and resilience of any modern nation state. Early progress can also prepare the Alliance for emerging threats and challenges, such as China’s rise and climate change. The political decisions and level of ambition set by the June 2022 Madrid Summit Declaration and NATO 2022 Strategic Concept—the most important of which include those related to strengthening NATO deterrence and defense and increasing focus on innovation and emerging and disruptive technologies—will be guiding and shaping the requirements and development of the NATO C4ISR architecture of the future.

THE PRESCRIPTION

How to seize the moment

There are five critical steps transatlantic decision-makers can take to modernize NATO C4ISR and help the Alliance maintain its military edge against potential adversaries in an increasingly contested geopolitical environment. Improving  NATO’s C4ISR capabilities will give NATO a relevant and credible nervous system equal to the challenges ahead.

  1. Share more data and intelligence.

    Shared data, information and intelligence are fuel for C4ISR. The uncomfortable truth is that data and intelligence sharing is not at the level it can or needs to be. This also means that the opportunity cost of not sharing sometimes can be enormous. With the right political will and tailored security measures, the vast amounts of data and intelligence collected by NATO and its member states could be better exploited for the benefit of collective security and defense.
  2. Transform digitally.

    Digital transformation, intended to address digitalization, connectivity, data frameworks and data management, is a nascent effort that is fundamental for strengthening security and defense and improving resilience. The digital revolution is intertwined with  C4ISR architecture, because a more technologically advanced C4ISR edge can help the Alliance achieve significant increases in speed, security, and effectiveness in command and control, communications, data and intelligence analysis, decision-making, operations, and interoperability. Proceeding along this journey is particularly important as the Alliance is trying to shift to a new concept of operations, effective multi-domain operations, which entails the integration of kinetic and non-kinetic efforts, across all warfighting domains, at speed and scale.
  3. Implement new concepts, policies, and plans to clarify C4ISR requirements.

    To outthink and outpace potential adversaries, NATO must act now to develop the future C4ISR architecture it needs. Several efforts underway, such as the new NATO Force Model, Alliance Multi Domain Operations Concept, Allied Command Operations Command and Control (C2) assessment, and NATO’s Joint Intelligence Surveillance and Reconnaissance (JISR) Vision 2030+, will directly influence future NATO C4ISR requirements. NATO must provide a definition for C4ISR in an allied context, build a shared understanding among allies around that definition, and ensure coherence in planning, capability and concept development.
  4. Modernize, augment, and acquire capabilities to meet new C4ISR requirements.

    There are a few practical steps NATO should take to maintain its technological and military edge in the future. This includes transforming existing C4ISR force structure, improving NATO’s ability to receive national and commercial space-based information, reducing gaps in integrated air and missile defense (IAMD), developing greater electronic warfare capabilities, and investing in and promoting innovation and adoption of emergent and disruptive technologies such as Artificial Intelligence, autonomy, space-based capabilities, and quantum computing.
  5. Continue to invest in C4ISR interoperability, readiness, resilience, innovation, and adaptation.

    NATO’s strength lies in its ability to collectively decide and act, organize, and integrate. NATO C4ISR forces and capabilities provide the interoperable structure and digital backbone into which member states plug for collective awareness, decision-making, and action. Investing in C4ISR readiness, resilience, and capabilities is a direct contribution to greater potential of the Alliance itself.

BOTTOM LINES

NATO needs a modern and well-defined C4ISR architecture to keep pace with the rapidly changing operational environment and achieve its mission of securing and defending its thirty allies and their interests. Ultimately, the question is not whether NATO will need to evolve and develop its C4ISR capabilities, but whether it can do so in time to meet the ever-growing threats to the Alliance. In its current state, NATO C4ISR will be severely challenged to guarantee the security and defense of the Alliance against the threats it expects to face over the coming decade.

Although C4ISR underpins the success of every NATO operation, its criticality remains underappreciated. However, transatlantic decision-makers right now have the perfect opportunity to implement the recommendations above and set forth the path for the necessary modernization of NATO’s C4ISR architecture. NATO stands stronger and more united than ever. Allied defense investments are rising. Additionally, the foundations of a future C4ISR architecture and its components are progressing in various stages of development and planning. NATO must prioritize C4ISR in light of these positive developments, helping it leapfrog from an underappreciated piece of the puzzle to a key enabler for the Alliance’s defense and deterrence.

Like what you read? Dive deep into our full report.

NATO C4ISR

Report

Mar 16, 2023

The future of NATO C4ISR: Assessment and recommendations after Madrid

By Gordon B. “Skip” Davis Jr.

Current C4ISR capabilities, concepts, policies, and processes do not meet all of the Alliance’s needs. While much has been done to improve NATO C4ISR over the past decade, much work remains.

China Conflict

Related program

The Transatlantic Security Initiative, in the Scowcroft Center for Strategy and Security, shapes and influences the debate on the greatest security challenges facing the North Atlantic Alliance and its key partners.

Subscribe for more content

Subscribe for events and publications on transatlantic security

Sign up for updates from the Atlantic Council’s Transatlantic Security Initiative, covering the debate on the greatest security challenges facing the North Atlantic Alliance and its key partners.



  • This field is for validation purposes and should be left unchanged.

The post In brief: C4ISR – A five-step guide to maintaining NATO’s comparative military edge over the coming decade appeared first on Atlantic Council.

]]>
The future of NATO C4ISR: Assessment and recommendations after Madrid https://www.atlanticcouncil.org/in-depth-research-reports/report/the-future-of-nato-c4isr-assessment-and-recommendations-after-madrid/ Thu, 16 Mar 2023 13:36:35 +0000 https://www.atlanticcouncil.org/?p=621883 Current C4ISR capabilities, concepts, policies, and processes do not meet all of the Alliance’s needs. While much has been done to improve NATO C4ISR over the past decade, much work remains.

The post The future of NATO C4ISR: Assessment and recommendations after Madrid appeared first on Atlantic Council.

]]>

Table of contents

Foreword
Premise
Introduction
Threats and challenges shaping NATO C4ISR
Lessons from the Russia-Ukraine war for NATO C4ISR and future needs

Multi-domain operations
Day zero readiness
NATO Intelligence Enterprise (NIE)
Persistence and survivability
Multidisciplinary intelligence and fusion
Tasking, Collection, Processing, Exploitation, and Dissemination (TCPED)
Cyber
The role of private industry
Digitalization, connectivity, and Big Data
Decisions taken at the Madrid Summit and work underway affecting NATO C4ISR

Multi-domain warfighting
Digital Transformation
Strengthened deterrence and defense posture
Robust, resilient, and integrated command structure and enhanced C2 arrangements
Global awareness
Innovation and EDTs
Defense investment
Recommendations: Share, transform, implement, modernize and invest

1. Share more data and intelligence
2. Transform digitally
3. Implement new concepts, policies, and plans to clarify requirements for NATO C4ISR
4. Modernize, augment, and acquire capabilities to meet new C4ISR requirements
5. Continue to invest in NATO C4ISR interoperability, readiness, resilience, innovation, and adaptation
Conclusion

Glossary
About the author

Foreword

Even as Russia’s illegal and unprovoked war in Ukraine rages, the transatlantic community is seeking to integrate lessons from the battlefield to adapt its defense planning for a rapidly changing world. Already, one lesson is clear: In a contested Europe, allies need to have better awareness of the operating environment. The speed and quality of decision-making and execution must improve. Effective and ethical NATO decision-making must be translated into operational effects. NATO must prioritize the modernization and integration of its command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) architecture to keep pace with the rapidly changing operational environment.

While a complex concept, C4ISR is most easily understood as the “nervous system” of the military. It is essential to everyday operations, automatic responses, and the complicated processes inherent to large enterprises. Rapid and fundamental changes in our security environment—including the return of large-scale war in Europe, China’s growing global ambitions, climate change, and the transformative potential of emerging technologies—require an immediate and critical examination of NATO’s C4ISR architecture. Modernizing C4ISR is necessary to maintain a competitive advantage against state-based adversaries, other systemic challenges, and threats yet to materialize—all of which could overturn the rules-based international order NATO is dedicated to preserving.

The platform offered by NATO’s new Strategic Concept for strengthening defense and deterrence while leveraging emerging and disruptive technologies provides a unique window of opportunity for transatlantic decision-makers. It is NATO’s C4ISR capabilities that will enable a relevant and credible NATO “nervous system” equal to the challenges ahead.

To that end, this study by the Atlantic Council—the culmination of a year of research and interviews by NATO’s former deputy assistant secretary general for defense investment—offers a detailed roadmap to achieve this goal. This comprehensive report offers an expert treatment on the topic of C4ISR modernization to help transatlantic decision-makers, operational forces, the expert and policy community, and military technology watchers alike better understand the challenges and opportunities inherent to NATO’s C4ISR architecture. Importantly, it imagines the possibilities for C4ISR modernization through a series of thoughtfully considered recommendations.

Ultimately, the question is not whether NATO will need to evolve and develop its C4ISR capabilities, but whether it can do so in time to meet the gathering threats to the Alliance. I believe this extensive study skillfully sets forth the path for the necessary modernization of NATO’s C4ISR architecture.

Gen. James E. Cartwright, USMC (Ret.)
Board Director
Atlantic Council 
Former Vice Chairman of the Joint Chiefs of Staff

Premise

NATO needs to urgently respond to changing requirements, leverage the potential of technology and innovation, and address critical issues to provide the command and control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) architecture that Alliance leaders and forces need to maintain their comparative military advantage over the coming decade.

Current C4ISR capabilities, concepts, policies, and processes do not meet all of the Alliance’s needs. While much has been done to improve NATO C4ISR over the past decade, much work remains. Russia’s war in Ukraine and other threats and challenges, including from China and climate change, have added a sense of urgency to this task. Russian aggression, in particular, has tested some aspects of NATO C4ISR and provided initial lessons learned in terms of its strengths, vulnerabilities, and shortfalls.

NATO has a unique window of opportunity to leverage the current sense of urgency, newfound cohesion among allies, and an agreed vision to build the C4ISR architecture it needs for the future.

NATO needs to first provide a clarifying definition of C4ISR architecture, which does not currently exist. A defined C4ISR architecture would harmonize defense planning efforts across multiple domains, enable aggregation and assessment of related capability targets, and ensure greater coherence in concept and capability development.

The trajectory of NATO C4ISR is impacted by political ambitions. These include Digital Transformation, increasing resilience, understanding the security implications of climate change, reducing defense impacts on climate change (e.g., reducing the use of fossil fuels, energy consumption, carbon emissions, toxic waste, and contaminants), and raising the level of NATO common funding.

Political decisions and ambitions announced in the June 2022 Madrid Summit Declaration and NATO 2022 Strategic Concept—the most important of which include those related to strengthening deterrence and defense and increasing focus on innovation and emerging and disruptive technologies—will shape the NATO C4ISR architecture of the future.

Read our in-brief summary of the report

Executive Summary

Mar 16, 2023

In brief: C4ISR – A five-step guide to maintaining NATO’s comparative military edge over the coming decade

By Transatlantic Security Initiative

The Atlantic Council presents a five step guide to maintaining NATO’s comparative military edge over the coming decade.

Defense Policy Defense Technologies

Introduction

The context of European security and defense has drastically changed since Russia invaded Ukraine on February 24, 2022. The war has upended conventional wisdom on Russia’s willingness to use violence, exposed the destructiveness of modern weapons and barbarity of an undisciplined force, and revealed Russian hubris and the limits of Russian power.

On the flip side, the war has strengthened the bond between NATO and the European Union (EU). NATO and EU leaders have taken an unprecedented level of coordinated decisions and actions to impose costs on Russia, defend Europe from further aggression, and support Ukraine in its battle for survival and independence. Alliance and EU leaders have also begun to seriously address other challenges affecting security, such as energy, climate change, and China.

Russia’s war has highlighted the power of united action while exposing the limits of Alliance adaptation to date and identifying vulnerabilities and shortfalls that allies and EU member states must address to ensure their security and defense.

More than ever, the speed of understanding, decision-making, and action are important in modern warfare. Russia has demonstrated on multiple occasions over the past fifteen years that it is capable of rapid decision-making, assembly, and maneuver that has arguably challenged NATO’s ability to respond at the speed of relevance. Georgia in 2008, Ukraine in 2014, annual strategic exercises, and frequent combat readiness tests are all examples.

NATO has improved intelligence sharing and its defense posture since 2014, the year Russia annexed the Crimean Peninsula from Ukraine and began its support to separatists in the Donbas. These improvements have enabled a cohesive and coherent NATO response to the Russian military buildup in 2021 and subsequent invasion of Ukraine in 2022. Whether NATO can effectively identify, prepare for, and defend against Russian aggression toward an ally anywhere in Europe without significant additional posture adjustments is in question.1

NATO command and control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) structures, capabilities, and processes enable effective political and military awareness, decision-making, and action.2 These capabilities encompass an array of land, air, maritime, cyber, and space systems, platforms, and applications that can be owned and operated by all thirty allies (which may soon be thirty-two with Finland and Sweden joining the Alliance),3 by a group of allies (e.g., multinational formations), or by single nations contributing to NATO missions, operations, and activities.

The time to act is now. NATO allies currently enjoy unprecedented cohesion, share an agreed and clear vision for the future, and are motivated by a common sense of urgency, all imbued by the ongoing Russian war on Ukraine.

Despite a growth in collective and national capabilities over the past ten years, NATO C4ISR capabilities remain under resourced, vulnerable, and much less effective than required. Supporting concepts, policies, and procedures related to NATO C4ISR need urgent revision. Many are under development. NATO is engaging industry and the broader private sector, but the latter’s role is not yet fully leveraged. In its current state, NATO C4ISR will be severely challenged to guarantee the security and defense of the Alliance against the threats and challenges it expects to face over the coming decade.4

NATO Secretary General Jens Stoltenberg displays the Strategic Concept booklet during his news conference at a NATO summit in Madrid, Spain June 29, 2022. REUTERS/Susana Vera

The time to act is now. NATO allies currently enjoy unprecedented cohesion, share an agreed and clear vision for the future, and are motivated by a common sense of urgency, all imbued by the ongoing Russian war on Ukraine. Defense investment is rising and the foundations of a future C4ISR architecture and its components are in various stages of development or planning.

NATO and national capabilities must be interoperable and more integrated within and across domains to deliver multidomain effects. The Alliance needs a modern and well-defined C4ISR architecture to achieve its ambition of securing and defending the Alliance and its interests. NATO must improve and further enable its C4ISR with common structure, policies, concepts, frameworks, standards, procedures, and connectivity. NATO must also modernize and integrate current capabilities and acquire new capabilities. Allies need to further increase sharing of data and intelligence, interoperability, and national contributions (forces, platforms, systems, people, and resources) to strengthen NATO C4ISR.

NATO C4ISR policy recommendations

To maintain a comparative advantage against potential adversaries and challengers, NATO allies must 1) share more data and intelligence; 2) transform digitally; 3) implement new concepts, policies, and plans to clarify C4ISR requirements; 4) modernize, augment, and acquire capabilities to meet new C4ISR requirements; and 5) continue to invest in C4ISR interoperability, readiness, resilience, innovation, and adaptation.

Threats and challenges shaping NATO C4ISR

Russia’s war against Ukraine is a major inflection point for NATO, which is in the midst of a long-term effort to improve its deterrence and defense. NATO’s response to Russian aggression has been to assure and defend allies, deter Russia, and support Ukraine. This response has included a surge in the employment of NATO-owned C4ISR forces such as the NATO Alliance Ground Surveillance Force (NAGSF);5 still at Initial Operational Capability and the NATO Airborne Early Warning and Control Force (NAEW&CF).6 National joint intelligence, surveillance, and reconnaissance (JISR) assets have contributed to Alliance shared awareness. NATO cooperation with the EU has led to a united front in communications and complementary actions by EU and non-EU allies on sanctions against Russia, energy security, and support to Ukraine.

Russia “poses the most significant and direct threat” to NATO,7 but there are other threats and challenges that the Alliance must also face or prepare for. Other threats identified by NATO include terrorism in all its forms, missiles from Iran, and cyber and hybrid attacks. All of these threats require constant vigilance, early warning, intelligence, rapid response, and defense and security capabilities enabled by NATO C4ISR.

Among the challenges identified by NATO, China and climate change are the most significant, along with regional instability and strategic shocks. China’s policies and its rising economic, financial, diplomatic, informational, and military power pose a multitude of challenges to NATO’s security, interests, and values. NATO C4ISR must enable shared awareness of China’s policies, actions, and growing military and civilian capabilities. NATO C4ISR must be resilient and respond to Chinese cyber and hybrid activities and favorably compete with Chinese technological advancements and norm-setting efforts.

With respect to climate, NATO C4ISR must contribute to awareness and understanding of the security implications of climate change and contribute to the reduction and mitigation of adverse impacts on climate. Similarly, NATO C4ISR must be able to contribute to anticipation and response related to regional instability and strategic shocks. The addition of crisis prevention to the previous core task of crisis management in the 2022 Strategic Concept highlights a NATO ambition to ensure sufficient awareness (only provided by an effective C4ISR architecture) to understand potential challenges in time to proactively shape, attenuate, or mitigate them.

Preparing for and facing the other threats and challenges listed above implies an ability to cooperate with a broad range of partner organizations and nations, including sharing information and intelligence, and an adequate level of interoperability for coordinated responses. Interaction and combined action with partners will both contribute to and set demands on NATO C4ISR.

Lessons from the Russia-Ukraine war for NATO C4ISR and future needs

The ongoing Russian war in Ukraine is providing a treasure trove of lessons for NATO. NATO is still gathering, processing, and internalizing these lessons, but many are already evident. Some are already captured in reports and articles from journalists, academia, industry, and civilian and military leaders. After reviewing open sources and interviewing several NATO civilian and military leaders, I have assembled the following lessons as most relevant to the future development of NATO C4ISR.

Multi-domain operations

NATO C4ISR must be able to support multi-domain operations (MDO) and deliver multi-domain effects. Much work in connectivity, integration, and interoperability is needed.

The Russian war on Ukraine is the first of its scale in Europe in the twenty-first century. No other recent conflict in Europe—Russia’s war on Georgia in 2008 or Ukraine from 2014 to February 24, 2022—has involved a similar number of military forces or employed such destructive power. Russia and Ukraine have employed or leveraged capabilities in all five domains—air, land, maritime, cyberspace, and space. Russia has struggled with coordinating joint action, let alone achieving multi-domain effects. “Russia has definitely showed us how not to fight,” said Rear Adm. Nicholas Wheeler, director of NATO Headquarters C3 Staff (NHQC3S).8 Ukraine appears to have had more success leveraging multi-domain capabilities. Ukrainian forces have effectively targeted and engaged Russian land and maritime forces using limited multi-source intelligence, aerial drones, maneuver and fires units, and commercial space-based open-source intelligence (OSINT) services from a variety of private companies.

The Russian war in Ukraine is a likely catalyst for NATO leaders to hasten the development of an Alliance MDO Concept. Additionally, NATO’s 2022 Strategic Concept highlights the importance of multi-domain forces and warfighting9 NATO has added cyber and space as operational domains over the past decade and has been working on an MDO concept for some time.10 Allied Command Transformation (ACT) and Allied Command Operations (ACO) delivered an Initial Alliance Concept for MDO in July 2022.11 NATO’s “working definition” of MDO is “the orchestration of military activities, across all domains and environments, synchronized with non-military activities, to enable the Alliance to deliver converging effects at the speed of relevance.”12

According to Headquarters (HQ) Supreme Allied Commander Transformation (SACT) Deputy Chief of Staff (DCOS) for Capability Development Lt. Gen. David Julazadeh, NATO leaders have directed the Strategic Commands to accelerate delivery and implementation of an Alliance MDO Concept.13

Day zero readiness

The scale of Russia’s military buildup and geographically broad and rapid employment of force against Ukraine have caused NATO civilian and military leaders to question whether the Alliance’s current plans and defense posture would have deterred or rapidly repelled a similar Russian assault against an ally, particularly a small nation.14 Could NATO respond with the speed, scale, and coherence needed to prevent initial success?

Day zero readiness

An informal NATO term referring to being mission-ready on the first day of a NATO mission (e.g. a network, a force, a headquarters).

Two ongoing efforts will help. First, a new Supreme Allied Commander Europe’s (SACEUR’s) Area of Responsibility (AOR)-Wide Strategic Plan (SASP) was approved earlier in 2022, but the underlying regional and subordinate strategic plans have yet to be completed and stitched together. Second, a new NATO Force Model approved at the Madrid Summit in June 2022 will address much of the speed, scale, and coherence lacking in current policies and posture by assigning a much larger number of forces (up to four hundred thousand) to regional plans.

Other efforts are in the works. The adapted command and control (C2) structure is not yet fit for purpose and ACO has been directed to conduct a comprehensive C2 assessment. NATO’s Air Command and Control System (ACCS) is woefully behind the times, and a transition plan to a future Air C2 system is in development. According to NATO Assistant Secretary General (ASG) for Operations Tom Goffus: “The NATO Crisis Response System [NCRS] was designed for out of area operations where NATO drives the timeline and has the luxury of time. Now we don’t have that time advantage.”15 The NCRS needs significant revision to enable day zero readiness for collective defense. Goffus is determined to drive such a revision.

The family of plans under development, the new NATO Force Model, and revised C2 structure and NCRS will influence future requirements for NATO C4ISR. NATO must review and update C4ISR requirements for standing defense and baseline activities, as well as exercise and enable rapid activation and deployment related to a short to no-notice collective defense scenario. 

NATO Intelligence Enterprise (NIE)

The NATO Intelligence Enterprise (NIE) surged, adapted, and delivered the intelligence political and senior military leaders needed to respond to the Russian war in Ukraine.16 This is good news. The decisions post-2014 to establish the NATO HQ Joint Intelligence and Security Division (JISD), increase JISR capabilities, and improve NATO’s indicators and warnings (I&W) system have all been validated. The capabilities and processes were not always ideal, but holistically the NIE enabled cohesion, collective decision-making, an effective military response, and effective communications for aggression against a partner nation. The bad news is these outcomes are related to, but not sufficient for, defense against a peer adversary.

NIE’s ability to function and deliver in a collective defense, multi-domain, and high-intensity combat situation requires further improvements in the C4ISR architecture. 

NATO-owned C4ISR capabilities like the Alliance Ground Surveillance17 (AGS) and Airborne Early Warning and Control System18 (AWACS) have proven their value in the current conflict in Ukraine, yet operations have exposed limitations in readiness, types of sensors, quantity of platforms, and connectivity.19 NATO ASG for Intelligence and Security David Cattler highlighted the positive: “NATO and nations contributed with data, platforms, and intelligence. The US shared and declassified intelligence in an unprecedented way and even small nations responded and contributed to specific requirements. Strategic and operational intelligence provided to allies was well coordinated between JISD and ACO.”20 That said, personalities drove much of the success in overcoming standing C4ISR issues in terms of sharing, declassification, coordination procedures between NATO HQ and ACO, and related budgetary issues.21

NATO’s Alliance Ground Surveillance (AGS) RQ-4D ”Phoenix” remotely piloted aircraft. Photo by NATO.

Persistence and survivability

One clear lesson from the Russian invasion of Ukraine, said former ACO DCOS Strategic Employment Maj. Gen. Philip Stewart, “is the need for persistent surveillance.”22 Persistent surveillance is fundamental for effective NATO deterrence and defense and crisis prevention and management because it provides military and political leaders the near-real-time awareness of threat I&W that enable timely decision-making and action. The ability to see and communicate the Russian buildup, invasion, and military action at the operational and tactical levels enabled shared awareness, decision-making, and response. The allies had the luxury of time in the case of Ukraine.

To ensure an effective response against a highly capable peer adversary, NATO needs persistent surveillance, which requires new structures, policies, processes, and capabilities. Persistent surveillance will likely demand a combination of assets from multiple domains. According to NATO ASG for Defense Investment (DI) Camille Grand, “The ability to use and fuse different tools will be critical to achieve persistent surveillance.”23 Both Russian and Ukrainian combatants have employed a vast array of drones, from high and medium-altitude long-endurance platforms to small and very small systems, with an array of capabilities for a variety of missions (including intelligence, surveillance, and reconnaissance, or ISR, and target acquisition). Increases in dedicated NATO and national capabilities from space, high, medium, and low altitude are needed to respond to strategic and operational intelligence requirements in a collective defense scenario.

One clear lesson from the Russian invasion of Ukraine is the need for persistent surveillance.

Former ACO DCOS Strategic Employment Maj. Gen. Philip Stewart

“The Alliance needs robust, in-depth, and survivable JISR platforms in the future,” Cattler said.24 Survivability of NATO C4ISR in modern warfare against a peer adversary is a critical requirement. NATO-owned AGS RQ-4s and AWACS E3As have limited survivability in a contested environment. NATO and national tactical communications are vulnerable to adversary electronic warfare (EW) capabilities. Future solutions may come from a combination of greater sensor range, stealth characteristics, electronic countermeasures, other performance characteristics, or next generation communications systems. Survivability of non-deployable and deployable NATO C2 is another aspect highlighted by the destructive effect of missiles employed in the Russia-Ukraine war. Passive measures like dispersion, displacement, alternate locations, concealment, and degraded operational procedures are all being reviewed or planned. Active measures like air and missile defense planning and deployment to protect NATO C2, not so much. That said, NATO has increased its air and missile defense posture along its eastern flank in the form of short deployments of air and land assets under NATO’s Air Shielding mission.25

Space-based intelligence (as well as other space-based services like communications, early warning, tracking, and guidance) offers a partial answer to the need for both persistent surveillance and survivability, as space-based capabilities are expected to expand rapidly in the coming years.26 National, military, and commercial space-based intelligence (imagery, communications, and electronic signatures) has the potential to contribute greatly to persistent surveillance. NATO will be more and more interested in protection, durability, and survivability of space-based assets, which must be addressed by nations and industry. Redundancy in space-based sensors and assets and the decreasing cost of replacement and remote maintenance may offset some of the need for survivability.

Multidisciplinary intelligence and fusion

Imagery intelligence (IMINT), signals intelligence (SIGINT),27 and OSINT played a key role in unmasking Russian intent and disinformation from the national to tactical level, as well as in targeting. Allies, NATO, Ukraine, and Russia have all exploited space-based data and information (imagery, signals, signatures) for intelligence analysis and production. Ukraine has combined commercially available space-based data and crowdsourced information (technically both part of OSINT) to effectively identify and engage key Russian targets (e.g., leadership, C2 and logistic nodes, and major platforms), refute Russian official narratives, and identify war crimes and war criminals.

There is a need for improvements in NATO’s multidisciplinary intelligence capabilities and ability to collect, fuse, and process such intelligence. The Alliance has powerful all-weather sensors in its NATO-owned AGS (Synthetic Aperture Radar, Ground Movement Target Indicator), but no electrical-optical (EO), infrared (IR), full-motion video (FMV), or SIGINT capabilities.28 The latter capabilities are key for collective defense and a broad range of other crisis and security operations. NATO SIGINT (provided through national contributions) has contributed to strategic shared awareness and decision-making but is still too compartmentalized and often overclassified to be fused and used meaningfully at the operational and tactical levels. NATO has no NATO-owned SIGINT sensors or platforms, and its EW capabilities are a long-standing shortfall at the tactical level.

Two initiatives underway can partially address NATO’s need for SIGINT and OSINT. First, the Alliance Persistent Space Surveillance29 (APSS) initiative set up in April 2022 and formally launched in February 2023 is a key step toward enabling NATO’s collection of national contributions and commercial contracting of space-based data, products, and services.30 Second, the NATO Public Diplomacy Division’s (PDD) Information Environment Assessment (IEA) project (supported by JISD and ACT) is prototyping an artificial intelligence (AI) tool to help NATO professionals sort and analyze vast amounts of print, media, and online information.31 The APSS and IEA initiatives deserve expansion and acceleration in delivery to meet NATO’s current and future C4ISR needs.

Tasking, Collection, Processing, Exploitation, and Dissemination (TCPED)

TCPED is the information management process that NATO and other military or government organizations use to synchronize intelligence and operational efforts to acquire and deliver intelligence in response to specific requirements.32 An effective and responsive TCPED process is fundamental to NATO’s ability to deliver timely and relevant intelligence in response to strategic political and operational military demands. The NIE’s response to the Russia-Ukraine crisis as well as observations of the combatants in the war have highlighted the need for vastly improved capacity for TCPED.

NATO’s TCPED process is operating at a level below its potential and short of strategic and operational need. Speed and efficiency of the TCPED process are already challenged by current levels of structure, data, assets, and analysts. According to NAEW&C Force Commander Maj. Gen. Tom Kunkel, “NATO leaves so much data on the cutting floor.”33 Matters would only be worse if NATO were fully engaged in a modern conflict attempting to execute MDO.

AI and machine learning (ML) tools, along with improved data management and connectivity, could offer relatively cheap solutions (as opposed to major equipment programs) to vastly improve the speed, efficiency, and effectiveness of the NATO TCPED process (from the strategic to tactical levels).

You can’t cyber your way across a river.

Gen. Patrick Sanders, Chief of Britain’s General Staff

Cyber

The role of cyber in the Russia-Ukraine war has been surprising. Pre-invasion, leaders and analysts generally expected the Ukrainian government and military to succumb to the crippling effects of Russia’s “overwhelming” cyber capabilities. That has not happened.

According to Cattler, open sources reveal that Russia deployed destructive cyber malware against Ukrainian government and military C2, rendered systems inoperable, and sabotaged an Internet provider that both Ukrainian police and military depend on. All of this was evidence of “good cyber reconnaissance ahead of time by Russia,” he said.34 However, he added, Russian cyber operations were “not coordinated with conventional ops” nor exploited.35 The reasons are likely a mix of restraint on the part of Russia; a limited ability of Russia to coordinate cyber and other domain effects; the competence of Ukrainian military, government, and private citizens in restoring and protecting systems and services; and significant assistance to Ukraine from powerful private companies like SpaceX and Microsoft (see more on this later).

Locked Shields, cyber defence exercise organized by NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia April 10, 2019. REUTERS/Ints Kalnins

There are also limits to cyber effects. Chief of Britain’s General Staff, Gen. Patrick Sanders, said: “You can’t cyber your way across a river.”36 But you might be able to stop a river crossing (see more on this later). While cyber-related lessons from Russia’s war on Ukraine have yet to be comprehensively gathered, Cattler said: “Allies have recognized that cyberspace is contested at all times and cyber defense underpins the broader deterrence and defense posture.”37 Cyberspace is an enabler of C4ISR and an operational domain for cyber operations, activities, and effects related to C4ISR. Cyber represents great potential and opportunities as well as risk and vulnerabilities. NATO must build cyber resilience in its C4ISR architecture and capabilities, leverage private sector expertise and services, and incorporate voluntary national contributions of cyber ISR.

The role of private industry

Private industry has played an outsized role in enabling the Ukrainian response to the Russian aggression, and providing security, resilience, communications, and intelligence to Ukraine and allies alike—all key elements and enablers of C4ISR. SpaceX’s decision to provide thousands of Starlink terminals to enable satellite communications and Internet services for Ukrainian private and public users has been a game changer.38 Microsoft’s support to Ukraine and other countries under Russian cyberattack has enabled understanding of the threat, capabilities to secure data and networks and enable resilience, and provided a comprehensive strategy for response.39 According to NATO ASG for Emerging Security Challenges David van Weel, Microsoft’s talent, expertise, and tools are critical for NATO cyber defense and data management.40

Private companies like Maxar, BlackSky, and Planet (imagery) and HawkEye 360 (signals) are providing AI-enabled space-based services to Ukraine and NATO allies.41 Commercial data, information, and services provided to Ukraine and the allies have been used to confirm Russian military locations and actions (including atrocities and war crimes) and refute disinformation. According to Van Weel, one commercial AI tool is being prototyped by the NATO Intelligence Fusion Center42 (NIFC) to save hours of costly analyst time spent counting aircraft from massive amounts of collected imagery. This tool has enabled near-real-time analysis of Russian air assets and battle damage as well as cueing of changes to existing status.43

NATO Communications and Information Agency (NCIA) General Manager Ludwig Decamps offered that “perhaps we need to add industry as another domain of operations.”44 Noting that NATO already depends on industry for critical services and innovative responses to military need, Decamps added: “How do we include in our planning to account for industry’s expertise, inherent responsibilities, and potential contributions?”45 NATO engagement with industry includes a robust relationship through the NATO Industrial Advisory Group (NIAG),46 which includes national industry delegations from all allies, and recently launched NATO initiatives like Defense Innovation Accelerator for the North Atlantic (DIANA)47 and the NATO Innovation Fund.48

There have been several NATO initiatives and policy efforts over the past five years to increase engagement with parts of the private sector that produce some of the most advanced and innovative technologies. Developed for commercial use, these technologies could also respond to defense requirements.

Until recently, many start-ups and small and medium-sized enterprises (SMEs) rarely engaged with NATO for a variety of reasons, including lack of visibility of NATO needs, lack of experience in NATO procurement processes, concerns over the capital investment needed to compete, and a general view that NATO focused on large, complex systems that were the bailiwick of major primes or consortiums of traditional defense industry.49

Local residents use a Starlink terminal, amid Russia’s attack on Ukraine, in Chasiv Yar, Donetsk region, Ukraine January 31, 2023. REUTERS/Oleksandr Ratushniak

NATO-Industry Forums (NIFs),50 multinational cooperation in capability development,51 internal NATO HQ trials,52 ACT innovation initiatives,53 NCIA industry key events,54 and NATO policy efforts to address emerging and disruptive technologies (EDTs)55 are all examples of NATO engaging nontraditional industry partners to leverage their creative and innovation potential. Among this broad list of efforts, multinational cooperation in capability development has provided the most concrete, albeit still limited, results. DIANA, specifically, will focus on engaging and leveraging start-ups and SMEs, which until recently (prior to 2019) had been under-represented or less represented in NATO engagements with industry.56

The importance of these initiatives in engaging the private sector and leveraging its technology, innovation, and expertise, including that of promising start-ups and SMEs, to develop creative solutions to NATO military problems at pace has only grown due to the ongoing war in Ukraine.

Digitalization, connectivity, and Big Data

Interrelated to many of the previous lessons identified are the importance of digitalization of information (including signals, print, and electronic media), connectivity (efficient, secure, robust, and resilient networks), common data frameworks (standard protocols and interfaces), and data management tools to enable data sharing and Big Data exploitation. More comprehensive intelligence analysis (as well as research in general) has long been hampered by several limitations: the number of documents or signals available in digital form, disconnected private and public data silos containing exploitable information, the lack of common protocols and interfaces to access and share data, and the lack of data management tools in general. While data management and cloud services have become the norm in the private sector, the public defense sector has been wary and slow to adopt. But necessity is the mother of invention and Ukraine is a particularly relevant proving ground.

A prominent example of digitally enabled C4ISR that has been used to rapidly target and destroy Russian forces is the Ukrainian-developed and British-enabled GIS Arta application.57 Described as “Uber-style technology” providing situational awareness and rapid targeting, the system is fed by “real-time battlefield data from reconnaissance drones, rangefinders, smartphones, GPS [global positioning system] and NATO-donated radars.”58 The system then identifies targets and “rapidly selects artillery, mortar, missile or combat drone units that are within range.”59 Rapid calculation of firing options and alerting of firing units has cut the (Ukrainian) military’s targeting time from twenty minutes to one.60

A prominent example of digitally enabled C4ISR that has been used to rapidly target and destroy Russian forces is the Ukrainian-developed and British-enabled GIS Arta application.

Microsoft’s ability to connect, secure, and exploit data globally is another example of effective Big Data management and exploitation. While digitalization is proceeding, NATO connectivity currently falls short of requirements to effectively link NATO HQ, commands, forces, other bodies, and nations in peacetime, let alone crisis or conflict. A common data framework is not yet operational, data management tools are rudimentary, and data sharing is far below potential. Former NATO Director General of the International Military Staff (DGIMS) Lt. Gen. Hans-Werner Wiermann advocated for a NATO digital backbone to enable connectivity and a military Internet of Things (IoT) to connect C2, systems, sensors, and shooters. The envisioned military IoT would support applications for all manner of military assessment, planning, coordination, and execution functions.61

As a result of impetus from the Russia-Ukraine war, other NATO efforts, and productive collaboration across NATO HQ and Strategic Commands, Wiermann’s ambition expanded to a more comprehensive Digital Transformation (DT) concept.62 This DT concept would address digitalization, connectivity, data frameworks, and management tools across the NATO Enterprise. According to Julazadeh, “The nascent NATO DT effort is similar to the US Joint All Domain Command and Control (JADC2) effort, but a bit broader as it encompasses transforming people, processes, and technology. DT is recognized as a sine qua non component of NATO MDO.”63 NATO DT will also enable the design of a future NATO C4ISR architecture.

This is not a complete list of lessons relating to C4ISR to be gained from the Russia-Ukraine war, but it provides a good starting point for identifying recommendations for the improvement and further development of NATO C4ISR. Other lessons related to NATO C4ISR, such as the variety of missions autonomous systems can perform, the importance of counter-unmanned aircraft system (C-UAS) capabilities in protecting C4ISR, the importance of EW capabilities, and how to replicate aspects of Ukraine’s whole-of-society response to Russian aggression in a whole-of-enterprise NATO effort to adapt, modernize, and transform, will be included in this report’s final set of recommendations.

Russia-Ukraine war lessons for NATO C4ISR

• Multi-domain operations • Day zero readiness • NIE surged, adapted, and delivered • Persistence and survivability • Multidisciplinary intelligence and fusion • Tasking, Collection, Processing, Exploitation, and Dissemination • Cyber • Role of private industry • Digitalization, connectivity, and Big Data

In summary, NATO and the allies have gained valuable lessons related to C4ISR from the Alliance’s response to Russian aggression and from the employment of C4ISR capabilities by both Russia and Ukraine.

Decisions taken at the Madrid Summit and work underway affecting NATO C4ISR

Russian aggression and other threats and challenges, including from China and climate change, resulted in a historic NATO summit in Madrid in June 2022. A new NATO 2022 Strategic Concept was approved clearly delineating the threats and challenges facing the Alliance, revising NATO’s three core tasks (deterrence and defense, crisis prevention and management, and cooperative security), and laying out key lines of effort for adapting the Alliance politically and militarily for 2030 and beyond.64 Political decisions and ambitions announced in the Summit Declaration and in the Strategic Concept, the most important of which include those related to achieving a strengthened deterrence and defense and an increased focus on innovation and EDTs, will shape the requirements and development of NATO’s C4ISR architecture.

Other political ambitions impacting the trajectory of NATO C4ISR include DT, increased resilience, understanding the security implications of climate change, reducing defense impacts on climate change (e.g., reducing the use of fossil fuels, energy consumption, carbon emissions, toxic waste and contaminants), and increasing the level of NATO common funding.

The following analysis summarizes decisions taken at the Madrid Summit, the expected follow-through on these decisions, and other ongoing adaptation efforts previously decided and impacting NATO C4ISR.

NATO’s 2022 Strategic Concept broadly sets the context for C4ISR architecture and requirements in its description of threats and challenges expected over the coming decade, and the political guidance under NATO’s three revised core tasks.65 The concept refers to decisions taken at and prior to the Madrid Summit and has critical implications for the enablement, development, and employment of NATO C4ISR..

Multi-domain warfighting

NATO’s 2022 Strategic Concept sets an ambition for multi-domain warfighting and multi-domain forces.66 NATO has taken an initial step toward this end by adopting a working definition for MDO (as previously noted).67 To achieve NATO’s level of ambition with respect to multi-domain warfighting several more steps are required, such as an approved Alliance MDO Concept, revised Allied Joint Doctrine, improved awareness of threats and opportunities in all domains, upgrades and improvements in capabilities, and secure use of and access to cyberspace and space capabilities. Multi-domain warfighting also requires trained and educated leaders and professionals, trained and exercised forces in MDO, a data-centric approach, and, above all, a cultural shift and new mindset.68

The level of effort will be demanding, but the expected outcome is worth the effort: greater shared understanding, collaboration, and synchronization of capabilities and activities across domains to achieve multi-domain effects. MDO concept development and implementation will be enabled by ACT’s Warfare Development Agenda, DT, and NATO initiatives related to innovation and EDTs. According to Julazadeh, HQ SACT DCOS for Capability Development, NATO leaders are pressing for accelerated delivery of an Alliance MDO Concept by 2023.69 Given the breadth and complexity of MDO and the need for supporting studies this is a stretch goal for NATO’s Strategic Commands, but its approval and implementation will be revolutionary for the Alliance. Future C4ISR architecture and capabilities will have to be designed, optimized, integrated, and interoperable to support multi-domain warfighting and full-spectrum operations at the speed of relevance.

Digital Transformation

As mentioned earlier, DT is intended to address digitalization, connectivity, data frameworks, and data management tools across the NATO Enterprise. DT is intended to enable significant increases in speed, security, and effectiveness in C2, communications, data analysis, intelligence analysis and dissemination, decision-making, operations, and interoperability. Proceeding along this journey will make NATO more agile, resilient, and capable of seizing and maintaining the initiative in peacetime and conflict.

Much of the vision under development is not new and many strands have been under development for some time. Former NCIA General Manager Kevin Scheid was a strong advocate of digitally transforming NATO and had initiated an effort known as “NCIA’s digital endeavor” to modernize and improve the security of NATO’s communications and information infrastructure and services.70 Wiermann, the former NATO DGIMS, advocated for development of a NATO digital backbone, which in his view would constitute the new NATO added value to nations in the information age.71

The current effort includes both initiatives and is broader and more ambitious. The effort will address the entire NATO Enterprise and include political approval by nations of a vision in fall 2022 and an implementation plan (ideally with resource assessment) by 2023.72 According to NHQC3S Deputy Director Marco Criscuolo, a three-step concurrent process (modernization, optimization, and transformation) is necessary to address the complexity and uncertainty of a DT journey.73

NATO Digital Transformation Steps

1. Modernization 2. Optimization 3. Transformation

In brief, in step one—modernization—the current main effort includes continuing modernizing existing capabilities and resourcing ongoing programs and projects such as Information Technology Modernization and related network, data, and cybersecurity initiatives. Step two—optimization—includes reviewing and cohering the numerous and currently disconnected capability programs to build synergies, gain efficiencies, and develop better processes, including adopting current off-the-shelf capabilities. Step three—transformation—begins as NATO gains an understanding of the potential of related technologies and tools, starts to adopt them, then revises structures, processes, and capabilities, and builds in resilience (in cyber, space, and physical infrastructure).74

DT will enable connectivity between data pools and access to and exploitation of data across the NATO Enterprise. NATO Enterprise coherence will be driven by top-down guidance and internalized principles (a whole-of-enterprise approach). DT will rely on a new organizational culture and mindset that is digitally savvy and data centric. It will also rely on greater engagement with industry to leverage its expertise and services, and greater integration and interoperability, the latter supported by the active setting and shaping of standards. DT will also rely on an agility in capability development and resource management (budgetary and human capital) and a modern approach to obsolescence management that do not currently exist.

DT will influence and enable the design of future C4ISR architecture and capabilities and improve the integration, connectivity, ability to manage and exploit Big Data, and the quality and speed of C4ISR processes.

Strengthened deterrence and defense posture

The Alliance’s decision to “strengthen our deterrence and defense posture to deny any potential adversary any possible opportunities for aggression”75 is a major change in strategy and has multiple implications for future NATO C4ISR. In particular, the enhanced NATO posture will increase requirements for persistent surveillance and improved awareness of potential threats, a rapid and more effective intelligence process, a revised and robust C2 structure, and resilient and secure networks.

A strengthened posture will be enabled by a new NATO Force Model,76 which will identify and assign around three hundred thousand allied forces at high readiness (ready to move in less than thirty days) to a family of NATO strategic and regional defense plans for the first time since the Cold War.

C4ISR assets from NATO and national services will be an integral part of the NATO Force Model and support the requirements in the SASP and family of regional and subordinate strategic plans. C4ISR architecture and capabilities must also support a strengthened integrated air and missile defense (IAMD) through improved ISR for shared awareness, early warning, and tracking, and improved air and surface-based C2 systems. Persistent surveillance is needed to support the Alliance’s I&W requirements. There will certainly be shortfalls in available assets and interoperability.

Strengthened IAMD is an important and new commitment associated with the 2022 Strategic Concept; it is a must to respond to the broad range of Russian air and missile capabilities, which can threaten allied populations, forces, and infrastructure from any direction given their ranges and mobility. Strengthened IAMD should include greater day zero connectivity and integration of existing IAMD-related C2 nodes, sensors, and effectors; new and improved IAMD capabilities; and an improved Air C2 system. The Air C2 system is already the focus of a transition effort by allies in conjunction with NCIA and ACO that seeks to address numerous shortfalls in the existing system while concurrently planning for the upgrades and development of an Air C2 system that can meet future needs. This transition effort should be accelerated. In particular, a strengthened IAMD should prioritize the ability to detect and defeat the broad range of tactical ballistic and cruise missiles in the current and future Russian inventory. This includes closing the low-altitude surveillance gap to detect and track cruise missiles across SACEUR’s AOR.

Ongoing planning, force generation, and future exercises will identify C4ISR shortfalls and refine future C4ISR requirements to meet the demands of an improved NATO posture, including persistent surveillance and strengthened IAMD.

New NATO Force Model

Robust, resilient, and integrated command structure and enhanced C2 arrangements

NATO leaders recognize that the strengthened deterrence and defense posture they envision must be enabled by an improved Alliance C2 structure, parts of which do not yet exist. ACO’s C2 structure currently includes one strategic headquarters (Supreme Headquarters Allied Powers Europe; SHAPE), three joint force commands (JFCs) (Brunssum, Naples, and Norfolk), three service component commands (Air, Maritime, and Land Commands), a theater logistics command (Joint Support and Enabling Command), and several operational commands (e.g., Striking Forces NATO, the NATO Airborne Early Warning and Control Force, and NATO Alliance Ground Surveillance Force).

The existing structure was designed for maximum flexibility and options to respond to multiple crises of different scale and operational requirements, primarily outside SACEUR’s AOR. It was not optimized for collective defense. The JFCs do not have regional geographic boundaries or AORs. Maritime and Land Commands are neither manned nor trained for C2 of large-scale or AOR-wide operations. Staffs at strategic and operational levels lack critical expertise in key warfighting competencies (e.g., targeting, cyber defense and response, and space support).

Current ACO C2 structure and supporting command, control, communications, and computers (C4) systems (i.e., the current Air Command Control System, Federated Mission Network, Land tactical C2) are not yet fit for modern multi-domain warfare against a peer adversary. Viable Joint, Land, and Maritime C2 structures for an AOR-wide defense accommodating two new allies in the north (Finland and Sweden) will be priorities to establish. According to International Military Staff (IMS) Director of Plans and Capabilities Maj. Gen. Karl Ford, “SHAPE is working on a C2 assessment which will identify the drivers of change, review current capabilities and shortfalls, and propose design principles for future NATO C2.”77

The assessment will look at C2 in three time horizons in order to capture short, medium, and long-term NATO adaptation needs. First, NATO C2 here and now and how to achieve the Concept for the Deterrence and Defense of the Euro-Atlantic Area (DDA) with the current NATO Command Structure and thirty allies. This stage aims to respond to current NATO needs, within the current membership format. Second, decision-makers are exploring NATO C2 needs for a potential thirty-two-nation Alliance, which would operate based on an MDO Concept and with a DT plan in place. This stage represents a much-expanded level of ambition, with NATO C2 over a contiguous northern region able to coordinate and execute cross-domain effects increasingly enabled by DT. Finally, the third stage will include SACT’s vision of NATO C2 out to 2040 carrying out MDO and tailored to future challenges and threats that are expected to be increasingly persistent, boundless, and simultaneous from multiple state and non-state actors as well as from changes in the physical and social environment.78 The third time horizon will be informed and enabled by the NATO Warfighting Capstone Concept (NWCC) and Warfare Development Agenda to get there.79

The NATO Force Structure must also be reviewed. This includes assessing requirements, overlaps, and gaps, in some cases rationalized (numbers of tactical headquarters), in some cases reinforced (creating sufficient manpower and expertise for MDO and peer combat), aligned with plans, and integrated with the NATO Command Structure (i.e., ACO and JFCs). The 2022 Strategic Concept’s increased emphasis on resilience will require increased understanding and intelligence sharing of cyber and other related threats to civilian infrastructure. It will also require sustained investment to meet resilience targets (notably to improve cybersecurity and defense for NATO networks, national communications, transportation, health systems, and financial networks).

DT and increased cyber resilience will need to account for an enhanced NATO Command Structure integrated with a rationalized NATO Force Structure and connected to national forces associated with the new NATO Force Model and NATO plans.

Global awareness

Enhanced shared, situational, and global awareness are all referenced in the 2022 Strategic Concept.80 The first, enhanced shared awareness, implies improved collective awareness enabled by better intelligence sharing and more effective NATO C4ISR to enable timely and relevant intelligence for political and military leaders. The second, situational awareness, likewise implies timely and relevant intelligence and the addition of persistent surveillance of threat indicators that can rapidly evolve and thus require rapid response. The third, global awareness, refers to the need to monitor and analyze data and intelligence related to global factors such as climate change, pandemics, and strategic shocks emanating from abroad that could affect the Alliance. Global awareness also applies to China and Russia and their related activities and influence across the globe that impact Alliance security, interests, and values.

NATO’s revised core tasks include deterrence by denial and crisis prevention. China and climate change are now characterized as long-term challenges. The revised tasks and long-term challenges will lead to new or revised strategic and operational intelligence requirements. Revised intelligence requirements will justify and generate a need for persistent, multidisciplinary, data-enabled, multi-domain NATO JISR and higher-quality and faster analysis to enable shared awareness, decision-making, and action at the speed of relevance (speed is more of a requirement for crisis and conflict than for long-term challenges).

Intelligence to enable awareness for crisis prevention and addressing long-term challenges will need to integrate inputs from a variety of national, regional, and organizational partners, and commercial providers (e.g., space industry, media, and data; computing; and network service and security providers). For example, broader NATO understanding of China would be enabled by financial, commercial, and science and technology data and analysis and greater information sharing with Indo-Pacific partners. NATO climate policy will require better analytics to understand and respond to the security implications of climate change and require greater NATO and national efforts to incorporate aspects of climate change mitigation in defense infrastructure and capability development (e.g., greater energy efficiency and use of sustainable energy sources, better monitoring of defense impacts on climate, reduced waste production, reduced carbon emissions, etc.).81

The approval of JISR Vision 2030+ by the North Atlantic Council (NAC) in Spring 2022 will enable enhanced awareness, multi-domain warfighting, and other aspects of the 2022 Strategic Concept. Giorgio Cioni, director of Armament and Aerospace Capabilities in NATO’s Defense Investment Division, said the new JISR vision “includes a series of strategic outcomes, the overall purpose of which are to render JISR architecture more robust.”82

Cioni said the strategic outcomes include: “1) increased investment in collection capabilities, looking beyond existing NATO-owned platforms and payloads (AGS and AWACS), achieving persistent surveillance through a combination of capabilities and services; 2) expanding the APSS initiative to collect and acquire space-based data, products, and services to improve NATO indicators & warnings and strategic anticipation; 3) improving PED [Processing, Exploitation, and Dissemination] with capabilities and tools to ensure timely and efficient analysis; 4) achieving coherence and integration of different programs contributing to the NATO C4ISR network of sensors, C2 nodes and systems, and effectors; 5) review of the JISR TCPED process to ensure it can cope with more data and capabilities (sensors, platforms, AI and ML tools) and support decentralized MDO operations; 6) enhance the human element of ISR, ensuring training and education of leaders, operators, intelligence professionals involved in ISR or end users of its output.”83

NATO’s level of ambition for global awareness will lead to much greater demands to provide persistent, multidisciplinary, data-enabled, and multi-domain NATO JISR. It will also instigate higher-quality and faster analysis which the new JISR Vision 2030+ and the existing JISR Capability Development Strategy should help NATO and its member states deliver.

NATO’s Nine Priority Technology Areas

Innovation and EDTs

NATO is currently focused on protecting and fostering adoption of EDTs in “nine priority technology areas:” AI, data, autonomy, quantum-enabled technologies, biotechnology, hypersonic technologies, space, novel materials and manufacturing, and energy and propulsion.84 The 2022 Strategic Concept states NATO’s aims for innovation and EDTs.85

NATO has always focused on innovation as a critical element of maintaining its technological edge. However, since 2018 it has redoubled internal efforts to develop policy and external work to engage industry and the private sector to capture the potential of innovative technologies, concepts, applications, and processes.

Advanced, rapidly developing technologies have captured the attention of NATO leaders and led to a series of policies and plans related to EDTs. At the 2021 Brussels Summit, for example, NATO leaders agreed to stand up DIANA and a NATO Innovation Fund.86

According to Van Weel, NATO ASG for Emerging Security Challenges, the Alliance is learning how to promote innovation tailored to its needs. “We can create [a location and context to meet and discuss a particular topic], communicate what we want to achieve, and leverage civilian and commercial expertise,” he said.87 Van Weel also explained that for DIANA, “nations will collectively agree on strategic guidance developed from end users.” The strategic guidance will include a set of prioritized defense needs developed by NATO Military Authorities (who set NATO defense requirements) and informed by the armaments community (consisting of the Conference of National Armaments Directors, or CNAD, and its subordinate structure, which are responsible for supporting capability delivery of NATO defense needs)88 and the Science & Technology Organization (STO), which focuses on horizon scanning of technology developments and enabling collaboration in research and development (R&D).

This strategic guidance for DIANA will subsequently be transformed by the DIANA executive into challenge programs for the private sector. These challenge programs will articulate prioritized defense problems that will be shared with industry to seek potential solutions, much like how national security challenges are used by the US Defense Advanced Research Projects Agency to guide US government investment in private sector technology. NATO engagements to date have demonstrated that two-way communications with high-tech enterprises are more than just an opportunity for NATO to communicate needs.89 This dialogue also exposes business opportunities that commercial enterprise may not know exist. “Many private sector companies don’t know they can help in the defense and security field,” said Van Weel.90

DIANA and the NATO Innovation Fund are being designed specifically to enable delivery of solutions versus simply to promote R&D. “DIANA will not just provide access to dual-use commercial solutions, but it will help mature them,” said Van Weel. “Start-ups need founders, venture capital, business coaching, networking, and solution iteration between end users and industry. DIANA will make sure there is a connection with defense primes. The end of program is to showcase to all allies what solutions have been identified to respond to the agreed problems. Go to the Conference of National Armaments Directors, etc. And the NATO Innovation Fund can come in and put equity into a start-up company to help it scale up.”91

NATO efforts to promote innovation and investment in EDTs will also help allies retain interoperability.92 Interoperability by design is to be baked into capability development supported by DIANA and the NATO Innovation Fund. National efforts in R&D are less likely to be so inspired. Market competition and differing levels of available funding and technology across the Alliance will continue to create gaps in compatibility and interoperability. Without increased commitment by allies to ensure NATO interoperability as a requirement in the development of advanced technology, gaps will persist or increase.

Most of the nine priority technology areas that NATO EDT efforts are focused on will enable improvements in NATO C4ISR and consequently improve the speed and effectiveness of NATO intelligence, decision-making, and operational processes. Here are key points for four priority technology areas most relevant to NATO C4ISR:

Expansion of AI and ML use cases and rapid adoption and scaling up of promising solutions will be critical for achieving NATO’s ambition for C4ISR.

AI, ML, and Big Data services and tools have already been identified for their potential to enable future NATO C4ISR.1 A few AI and ML use cases as described earlier are already underway (e.g., IEA’s tool and NIFC’s aircraft counting tool). These use cases are trials or proofs of principle to demonstrate that technology can improve speed and quality of output and provide new capabilities that respond to unmet needs.

Autonomy promises cost-effective solutions across multiple domains which can increase endurance, reach, survivability, and performance of C4ISR in contested environments while reducing risk to operators.

Autonomy is a field of rapid development for NATO and involves land, maritime, and aerial systems.2 It is significantly enabled by AI, ML, and Big Data services and tools. The NAGSF and future Alliance Future Surveillance and Control (AFSC) 3 are likely to be a subset of future aerial autonomous capabilities available to the Alliance. Land and maritime unmanned systems also promise great potential in delivering C4ISR capabilities. The NATO Maritime Unmanned Systems Initiative is a multinational effort and a splendid example of what collaboration between public and private sector approaches can achieve in terms of vision, capability development, and experimentation.4 NATO’s Project X (testing use cases for unmanned aircraft systems, or UAS, enabled by AI) is another excellent example of private-public collaboration and innovation.5 Finally, countering adversary UAS capabilities is crucial for battlefield success as has been demonstrated in conflicts from the Middle East to Ukraine. C-UAS capabilities are a growing field of NATO collaboration with the private sector. NATO is testing C-UAS interoperability standards with both military and commercial capabilities. 6

Quantum technology in computers, communications, and sensors promises revolutionary changes for NATO C4ISR. 7

Quantum computers will provide vastly improved processing speeds and capacity to enable data processing and exploitation to include decryption of current methods of secure communications. Quantum communications will enable improved security and unbreakable encryption. Quantum sensors will provide multispectral abilities to locate and identify objects previously undiscoverable due to cover and concealment, including objects in buildings or underground and submarines under water. Of these three applications of quantum technology, NATO has already begun R&D projects and tests related to quantum communications. 8

Exponential increases in space-based capabilities over the coming decade will impact C4ISR requirements and resilience and enable C4ISR architecture and capabilities.

Space-related technology is included in EDTs, but managed under a distinct NATO Space Policy, which recognizes the role of national contributions from space-faring nations, but also unique NATO space support requirements (i.e., communications, intelligence, early warning, targeting, positioning, navigation, and timing). 9 NATO has had its own satellite communications capability for years, but in 2020 a group of allies contracted NCIA to expand its transmission capacity and improve the capabilities of NATO ground stations. 10 More recently, NATO has established a Space Center at ACO’s Air Command (AIRCOM) in Germany, 11 a Space Situational Awareness Capability at NATO HQ, 12 and a Space Center of Excellence in France.13

Defense investment

NATO’s 2022 Strategic Concept mentions the importance of fulfilling the 2014 Defense Investment Pledge,93 which was created to ensure adequate investment in defense in support of an ambitious NATO Readiness Action Plan94 agreed at the 2014 Wales Summit.95 The NATO Readiness Action Plan and increased defense investment were meant to adapt NATO politically and militarily in response to Russia’s illegal annexation of Crimea earlier that year and its ongoing aggression against Ukraine. The pledge commits NATO allies to spend 2 percent of their gross domestic product (GDP) on defense by 2024 and to ensure 20 percent of defense spending is allocated for “major new equipment, including research and development.”96

In the 2022 Strategic Concept, allies further commit “to provide the full range of required capabilities,” “ensure that increased national defence expenditures and NATO common funding will be commensurate with the challenges of a more contested security order,” and “increase our investments in emerging and disruptive technologies to retain our interoperability and military edge.”97 These new commitments are the sine qua non foundation for strengthening deterrence and defense and achieving the level of ambition NATO has set for adapting its political and military instruments of power to meet the threats and challenges of the coming decade.

NATO C4ISR structure and NATO-owned capabilities (e.g., AGS, AWACS, AFSC, JISR, Air C2 System, and Federated Mission Network) figure prominently in NATO’s current defense investment programs and projects. Capability targets for national C4ISR are likely to increase in NATO’s next defense planning cycle because of the new strategic environment and a new level of ambition to prepare for “high-intensity, multi-domain warfighting against nuclear-armed peer-competitors.”98 Both NATO-owned and national capabilities will consequentially be the object of future increases in defense spending.

In addition to supporting the costs of NATO’s common military and civilian structure (i.e., manpower, operations, and sustainment), NATO common funding also supports collective defense investment in C4ISR capability development, which is of great political interest and subject to significant collective oversight and governance. Attempts to streamline and accelerate common-funded capability development and oversight have produced limited positive results to date. Low risk tolerance for early or any failure, detailed reporting requirements, and limited options for accelerated procurement are some of the main issues.99 Upgrades of information technology (IT), which rapidly become obsolete, are taken as distinct collective decisions instead of being embedded in upfront requirements. Upgrades and modernization of major capabilities like NATO-owned AGS have been similarly delayed. Hence the need to review how NATO manages obsolescence in the modern age. The private sector provides ample examples of faster capability development and the NIAG has provided tailored advice on how to improve agility in acquisition.100 Allies have not achieved the acceleration and expansion of common-funded capability development they desire, which has frustrated NATO military, civilian staff, and agencies involved. Further change is needed.

The biggest challenges will be in achieving the cultural shift and sustained sense of purpose needed to enable a whole-of-enterprise approach in the face of inevitable resistance to change and competing domestic and global challenges.

The NWCC, approved in 2021, managed by ACT, and supervised by the Allied Chiefs of Defense, should be a major driver of military innovation and investment over the coming decade, specifically concept and capability development.101 While details in open sources are scarce, the NWCC will be managed through a Warfare Development Agenda that includes imperatives (e.g., cognitive superiority, multi-domain command, integrated multi-domain defense) and principles (e.g., right people, data centric technology, day zero integration, persistent disruptive preparation) which are meant to influence national and NATO C4ISR development and delivery decisions.102 The ability to synchronize ACT’s Warfare Development Agenda across NATO and nations and with existing NATO defense planning and capability development processes will be a daunting task. ACT has a direct role in common-funded capability development but has not yet leveraged its authorities and abilities to support national and multinational capability development.

NATO ambition is high for its innovation and EDT adoption efforts, both of which are meant to direct investment into capability development that enables NATO’s military edge. Initial efforts like DIANA, the NATO Innovation Fund, use cases for AI, and ongoing work to develop strategies for individual EDTs are all promising. Engagement with industry and the broader private sector is strong and growing. Similar to DT efforts, success in NATO innovation efforts will rely on an agility in investing in capability development and resource management (budgetary and human capital) that does not exist within NATO’s current structure and processes. DIANA and the NATO Innovation Fund will offer alternative development and resourcing options to include bilateral, multilateral, and multinational programs. Scaling up solutions to provide NATO-wide enterprise capabilities would require common funding and be subject to NATO governance that has been historically resistant to higher risk and decentralized control. To achieve NATO’s level of ambition, the Alliance will need to embrace a whole-of-enterprise effort, ensure sustained commitment and investment, and change the way it currently does business with regard to common-funded capabilities.

Decisions taken at the Madrid Summit and work underway affecting NATO C4ISR

• Multi-domain warfighting • Digital Transformation • Strengthened deterrence and defense posture • Robust, resilient, and integrated command structure and enhanced C2 arrangements • Global awareness • Innovation and EDTs • Defense investment

Deductions from the Madrid Summit and other recent developments include the following. NATO’s 2022 Strategic Concept and recent policy decisions, including the political commitment to increase defense investment, have set the context for future NATO C4ISR. The foundation for future NATO C4ISR is being built through existing programs and initiatives, supporting concepts, assessments, and plans under development. The devil will be in the implementation of decisions taken and others still to be taken. The biggest challenges will be in achieving the cultural shift and sustained sense of purpose needed to enable a whole-of-enterprise approach in the face of inevitable resistance to change and competing domestic and global challenges.

The importance of investing in NATO C4ISR innovation. Photo by NCI Agency

Recommendations: Share, transform, implement, modernize and invest

Efforts are already underway to improve NATO C4ISR and more will follow as decisions taken at the Madrid Summit are implemented. Lessons and security implications from the Russia-Ukraine war for NATO C4ISR will and must be a priority for directing efforts and investment in C4ISR improvements, modernization, and future capability development. Due to its importance to effective Alliance security and defense, NATO C4ISR deserves special focus and effort to improve its multiple components (i.e., organizations, capabilities, networks, concepts, policies, processes, and people). NATO must change in several areas to maintain its technological and military edge and increase the likelihood of achieving the security and defense it deserves. The following recommendations build on positive momentum, leverage new concepts and initiatives, and offer suggestions for improvement, including adopting new efforts and approaches.

NATO C4ISR Policy Recommendations

To maintain a comparative advantage against potential adversaries and challengers, NATO and allies must 1) share more data and intelligence; 2) transform digitally; 3) implement new concepts, policies, and plans to clarify C4ISR requirements; 4) modernize, augment, and acquire capabilities to meet new C4ISR requirements; and 5) continue to invest in NATO C4ISR interoperability, readiness, resilience, innovation, and adaptation.

1. Share more data and intelligence

Sharing data and intelligence is first and foremost a matter of political will, as NATO relies on voluntary information sharing by its allies. Sharing requires trust in NATO, specifically that the Alliance can protect information shared. Sharing will always be a delicate subject, as not all nations trust NATO or one another to protect their shared data and intelligence in the face of aggressive espionage, cyber incidents, mishandling, and leaks. NATO and its member states collect vast amounts of data and intelligence that are not exploited for the benefit of collective security and defense or other Alliance aims.
Trust is enabled by modern and secure networks, a common data framework and standards respected by all, and an efficient and effective NIE, all of which act as guarantees that the information can be protected and effectively exploited by the Alliance. Much of this is in place, but two key elements require attention: political will (greater emphasis) and security (continued emphasis).

The NAC must commit politically to addressing obstacles and shortfalls in sharing. Shared data or shared intelligence do not appear in the 2022 Strategic Concept or Madrid Summit Declaration. Their absence may reflect a view of adequacy in current levels of sharing or discomfort in addressing the many national policy and technical issues that affect trust in NATO’s ability to protect data and intelligence.103 Technical issues also inhibit interoperability, which must be addressed through greater emphasis on common standards (see sections 4 and 5 below). Shared data, information, and intelligence are fuel for C4ISR. Sharing is not at the level it can and needs to be to ensure NATO maintains its comparative military advantage.104

Security, including cybersecurity, remains an issue. But cybersecurity, document security, and communications security are improving with policy emphasis, cyber adaptation efforts, improved security measures, and with improved supporting tools being put in place or planned for the future.

Officers analyze data coming in from the field at the trial control room during Unified Vision, NATO’s main event for Joint Intelligence, Surveillance and Reconnaissance. Photo by NATO.

A golden opportunity lies in the ability of NATO and its member states to tap into the potential of shared data and intelligence to exponentially improve the quality and speed of shared awareness, decision-making, and action. The opportunity cost of not sharing is enormous. For example, restricted sharing of intelligence on Russian violations of the Intermediate-Range Nuclear Forces (INF) Treaty complicated NATO consensus from 2014 to 2018 on US findings that the Russian 9M729 (or SSC-8) missile constituted a violation of the treaty.105 Earlier sharing of sensitive intelligence could have significantly accelerated common positions on Russian nuclear-capable missiles, leading to earlier decisions on mitigation and pressure on Russia to comply. By contrast, the early decision by the United States and other NATO allies to share sensitive intelligence on Russian intentions vis-à-vis Ukraine in early 2022 led to greater and timely shared awareness, clarity in communications, and timely consensus on decisions taken to assure and defend allies and deter Russia.106 Here are basic, but critical, recommendations for NATO:

  • Implement the NATO Data Exploitation Framework Policy (DEFP) agreed by Alliance defense ministers in October 2021. While details on the DEFP are not widely known, it is fundamental to establishing a common data framework across the NATO Enterprise to enable Big Data sharing, exchange, and exploitation. NATO Military Authorities (NMAs) have begun the implementation process, but it will require a whole-of-enterprise approach, with commitment from the nations, NATO HQ, and common funding. NCIA expertise and support will be critical. NATO should leverage the NIAG and look to industry for expertise and enabling services, such as cloud computing and Big Data management.
  • Task the NIE in conjunction with NMAs to assess and recommend critical improvements needed to enhance intelligence-sharing procedures and tools, specifically:
    • Mutually supporting strategic and operational intelligence management procedures for warfighting and crises,
    • Intelligence functional services fit for MDO, and
    • AI tools to assist in real-time exploitation of shared intelligence (including sorting, cueing, and other automated functions).
  • Set realistic and measurable objectives to share more data with metadata, information, and intelligence, both military and commercial, related to threats and challenges.

2. Transform digitally

DT is a nascent effort that is fundamental for strengthening security and defense and improving resilience. DT is a key enabler of MDO. In turn, effective MDO depend on multi-domain C4ISR. Multi-domain C4ISR is critical for delivering multi-domain effects through multi-domain awareness, decision-making, and action. Enabling multi-domain C4ISR should, therefore, be a particular focus of DT.

A DT vision was developed in fall 2022 and an implementation plan is expected in 2023.107 The 2021 DEFP is a fundamental first step in the process. The DT vision and implementation plan constitute policy that will have to be followed by investment in infrastructure, capabilities, people, supporting policies, and governance processes. Standards in data exchange and connectivity will be particularly important for networks, weapons systems, platforms, equipment, and software. The US Department of Defense’s C4ISR/Electronic Warfare Modular Open Suite of Standards (CMOSS) provides a national example of an open standard approach that could be used to develop a similar NATO open standard approach allowing various national and commercial entities to design and develop interoperable capabilities.108

NATO DT must be comprehensive in its objectives and enterprise wide in its application to achieve what NATO needs for shared awareness, decision-making, and action at the speed of relevance for multi-domain warfighting as well as for effective crisis prevention and management.109 NATO is politically committed to transform digitally, and policy development is in progress. As the NATO consultation, command, and control (C3) staff and board are central to DT policy development, implementation of DT into current and future C3 capability efforts is almost a given. A similar sense of urgency and focus will be needed across the NATO Enterprise. Given current positive momentum, NATO should:

  • Ensure funding matches political ambition for and military (and Enterprise) requirements inherent to DT.
  • Ensure requirements for enabling multi-domain C4ISR are captured, resourced, and addressed as a priority.
  • Seek and leverage private sector expertise and capabilities. Large and small industries offer expertise and capabilities (services) related to DT.
  • Look long to enable transition to technologies and applications in NATO’s near-term horizon (i.e., the next six years), such as 6G networks and space-based capabilities and services.
  • Ensure a whole-of-enterprise approach to link DT policy development and implementation, including:
    • Active collaboration between relevant NATO governance bodies (e.g., those covering C3, cyber defense, security, armaments, standards, budgeting and resourcing, IAMD policy, defense planning) and the Military Committee, and
    • Collaboration within and among key staff management bodies (e.g., those responsible for communications, information and data management, cybersecurity, JISR, and innovation), including Strategic Commands, agencies, and perhaps Centers of Excellence where relevant.
  • Ensure the political focus and funding support to the NATO C3 community to achieve and accelerate the delivery of critical C3 capabilities such as Federated Mission Network and Information Technology Modernization, and a standing operational net for current operations and activities (day zero readiness).
  • Ensure implementation of DT is integrated into related ongoing lines of effort beyond C3, i.e., cyber defense adaptation, standards development, common-funded capability development, multinational capability development cooperation, and complex armaments programs (e.g., Air C2, AWACS, and AFSC).
  • Adapt existing service contracts and capability development plans, programs, and projects to include DT implementation guidance and standards.
  • Develop and implement a human capital development and management policy focused on hiring the right talent, and training and educating NATO civilian and military workforce and leaders to enable DT. Seek and leverage private sector expertise.

3. Implement new concepts, policies, and plans to clarify requirements for NATO C4ISR

NMAs determine C4ISR requirements through the NATO defense planning process (NDPP), and the NAC and allies decide how to meet those requirements through collective, multinational, and national capabilities. NATO’s C3 community plays a key role in determining the technical aspects of interoperable and secure C2, communications, and computers for NATO’s military and broader NATO Enterprise. With this as context, several efforts underway over the next year or the longer term will directly influence future NATO C4ISR requirements. The Alliance should leverage these efforts to clarify requirements and ensure coherence in the next NDPP cycle and future capability development and delivery to develop the future C4ISR architecture NATO needs.

First, the new NATO Force Model and alignment of forces with NATO’s new family of plans (SASP and regional and subordinate strategic plans) will identify C4ISR force and capability requirements. This effort is underway and will likely conclude at the June 2023 defense ministers’ meeting.110 These requirements could include new or revised NATO C4ISR structure. If force generation shortfalls reflect shortfalls in national inventories, then C4ISR capability requirements should increase.

Second, an Alliance MDO Concept will help define what NATO C4ISR must deliver to outthink and outpace potential adversaries and how NATO C4ISR will contribute to achieving multi-domain effects. The final Alliance MDO Concept is under development by the Strategic Commands and allies expect it to be delivered in 2023. Likewise, a DT implementation plan is expected in the first half of 2023.111 DT is a fundamental condition for MDO and will set standards for digitalization, connectivity, and data exchange and exploitation that will affect current and future NATO C4ISR.

Third, NATO leaders have tasked ACO to produce a C2 Assessment to enable allied ministers to consider new requirements from NMAs and defense policy proposals (from relevant committees) by Spring 2023.112 Adjustments to the NATO Command Structure over several time horizons will impact C4ISR requirements, specifically to enable effective AOR-wide C2 and multi-domain warfighting. The NATO Force Structure, which is composed of allied national and multinational forces and HQs, should also be part of proposals for change to execute SASP and support the new NATO Force Model. Additional or new C4ISR structure should be considered as well. The timing of the ministers’ decision in 2023 is fortuitous and will allow endorsed C4ISR-related requirements to be captured in the next NDPP cycle, specifically in the Minimum Capability Requirements (MCR) that NMAs will produce for NAC approval in 2024.

NATO’s Joint Intelligence, Surveillance, and Reconnaissance (JISR) Concept. Source: NATO

Fourth, over a longer term, the JISR component of NATO C4ISR is driven by several agreed documents and programs. Strategic outcomes of NATO’s JISR Vision 2030+, discussed earlier along with the JISR Capability Development Strategy, and JISR community stakeholder decisions will drive enhancements in JISR capabilities, including existing JISR programs and initiatives (e.g., AGS, APSS). JISR Vision 2030+ strategic outcomes will address NATO TCPED (structure, tools, and processes), human capital supporting JISR architecture, and overall coherence in JISR architecture.113

There is another effort not yet on NATO’s task list that merits attention. A clarifying definition for NATO C4ISR does not exist (as a whole versus in its subcomponents of C2, C3, or C4, and JISR). NATO Architecture Framework Version 4 provides guidance for developing, designing, and managing enterprise architectures.114 According to Paul Savereux, director of Defense Planning in NATO’s Defense Policy and Planning Division, NATO C4ISR capabilities are addressed in multiple planning domains of the NDPP but are neither aggregated nor treated as part of a single function.115

Achieving the full potential of NATO C4ISR and ensuring it is fit for multi-domain warfighting requires coherence in defense planning, capability, and concept development supported by a recognized and defined NATO C4ISR architecture. A defined C4ISR architecture would harmonize defense planning efforts across multiple domains, enable aggregation and assessment of related capability targets, and ensure greater coherence in concept and capability development. A common definition would assist in the development of common standards for the various components that comprise or enable C4ISR (including interfaces and data-sharing protocols).116 A common definition would also enable engagement with the private sector. Here are some recommendations for NATO to capitalize on current efforts and improve their collective outcomes relative to C4ISR. NATO should:

  • Define NATO C4ISR architecture to provide a shared understanding of what makes up NATO C4ISR in terms of capabilities (forces, systems, platforms, networks, applications) and enabling policies, concepts, standards, and processes.
    • Author’s proposed definition: NATO C4ISR architecture is the whole of structures, organizations, systems, platforms, networks, applications, policies, concepts, and processes connecting decision-makers, operators, intelligence professionals, and capabilities in support of NATO shared awareness, decision-making, and execution in a multi-domain environment.
  • Include goals or objectives and operating principles for each of the key NATO-owned components of NATO C4ISR architecture that leverages existing elements and addresses gaps. This would allow for a methodical approach to determining effectiveness and progress over time of both components of NATO C4ISR and C4ISR architecture as a whole.
  • Ensure C4ISR requirements are rigorously collected from efforts to strengthen deterrence and defense through the NATO Force Model aligned with the SASP and family of plans, to conduct MDO, to digitally transform NATO, and to enhance C2.
  • Improvement of the TCPED process (a strategic outcome of JISR Vision 2030+) should be an early focus of DT and EDT efforts (e.g., related to AI, data, autonomy, and space) to enable speed and multidisciplinary intelligence fusion, and improvements in processing capacity and quality demanded for multi-domain warfighting.
  • Leverage existing NATO C4ISR forces and build upon their potential. Consider adjustments to NATO C4ISR forces (NAEW&CF and NAGSF) to enhance their effectiveness and contributions in support of the SASP and force generation related to the NATO Force Model.
    • The NAEW&CF has two subordinate component commands, one of which (the British national component) is currently phasing out its E3Ds for higher performance E7s. The NAEW&CF could potentially command other nationally contributed C4ISR platforms or new NATO C4ISR forces. Similarly, the NAGSF has the potential to command additional JISR assets and platforms.
    • NATO should review NAEW&CF and NAGSF manpower and operational requirements, and funding levels for operations and sustainment to support a higher level of baseline activities and missions in view of the new political ambition for strengthened deterrence and defense.
    • NATO should ensure C4ISR coherence throughout the defense planning process.
    • C4ISR elements contained in Political Guidance 2023 should be mapped and consolidated for future reference, e.g., through the delivery of MCR in 2024.
    • C4ISR-related MCR should be the subject of multi-domain wargaming based on the SASP, the NATO Force Model, ACO C2 adjustments, and known NATO capability program milestones.
    • NATO should ensure a method to aggregate and track C4ISR-related capability targets apportioned in 2025.
    • Revised procedures for capturing C4ISR requirements will also enable biennial assessments of progress in achieving C4ISR-related targets.

4. Modernize, augment, and acquire capabilities to meet new C4ISR requirements

This category of recommendations is the most extensive and associated with practical delivery of what the Alliance needs to maintain its technological edge and comparative military advantage over the coming decade. The following recommendations are grouped by central themes.

(A) The first step must be ensuring coherence in concept and capability development. Such coherence does not yet exist. A recognized definition for NATO C4ISR architecture will help, but other steps must be taken to ensure 1) a whole-of-enterprise approach, 2) synergy between political and military efforts, and 3) greater agility and effectiveness in concept and capability development.

  • NATO must take a holistic approach to C4ISR concept and capability development. Cross-committee efforts related to C4ISR policy and capability development need a forcing function, including top-down guidance with clear responsibilities for lead, but also NATO Enterprise contribution to ensure coherence and synergy. NATO committee and military efforts supporting concept and capability development must be better connected and integrated.
  • Implementation of ACT’s Warfare Development Agenda should incorporate a coherent approach to C4ISR concept and capability development, enabled by a defined NATO C4ISR architecture.
  • The approach intended for DT (modernize, optimize, transform concurrently) is practical and inherently agile and offers an example of how C4ISR capabilities can be planned and developed in concurrent phases.

(B) According to NATO Deputy ASG for Defense Investment Robert Weaver, on October 2021 the CNAD agreed a NATO armaments policy on Achieving and Accelerating Capability Development and Delivery (A2CD2).117 Speed, agility, and effectiveness are at the heart of this policy, which aims to identify opportunities for accelerated delivery, pursue approaches with highest potential payoffs, and deliver results. Greater collaboration between the CNAD, Science & Technology Board, and Strategic Commands is the primary enabler of the policy’s aims. The policy includes ideas for increased multinational cooperation, leveraging testing and experimentation within NATO exercises to enable warfighter interaction with the private sector, wargaming and tabletop exercising of capability solutions, and improved collaboration in concept development.118

A soldier sits inside a Boeing AWACS reconnaissance plane. Photo by Johanna Geron via REUTERS.

ACT and ACO need to change how they currently support capability development to enable A2CD2 policy implementation. ACT currently focuses primarily on common-funded capability development and experimentation and lower technology readiness levels, which limits support to other approaches to capability development (i.e., national and multinational). ACO owns control, design, and funding of training and exercises, which offer the venue and opportunity for critical testing and experimentation of maturing technologies. However, ACO has ceded responsibility for operational testing and experimentation to ACT along with capability integration.

  • NATO leaders should encourage NMAs to take a broader role in supporting national and multinational capability development through operational experimentation efforts. NATO should ensure both authority and funding to do so.
  • NATO leaders should align appropriate responsibilities and focus within the Strategic Commands concerning operational testing and experimentation. Testing and experimentation opportunities are critical for enabling warfighter interaction with industry. They lead to industry refinements necessary for effective capability delivery. They also lead to warfighter awareness of new technology and applications and follow-on action to develop the concepts, plans, and procedures for effective integration. ACO Maritime Command’s collaboration with ACT, nations, and private industry in preparation for exercise Dynamic Messenger in September 2022 is a good example of operational testing and experimentation that deserves replication and institutionalization.119
  • NATO leaders should expand and ensure dedicated funding for biannual Unified Vision trials (long-standing ACO interoperability tests and experimentation supported by ACT, nations, and the JISR community) to include testing and experimentation of mature promising C4ISR capabilities and enablers.

(C) Modernize, augment, and build on existing C4ISR force structure. NATO’s AFSC program’s innovative approach of partnering closely with industry to replace AWACS by 2035 with C4ISR capabilities that are fit for the future offers an excellent example of innovation in action.

At the Madrid Summit, NATO leaders expressed their commitment to support the AFSC program into design and delivery and procure an advanced C4ISR platform in time for crew training to replace NATO E3As as they start to phase out in the early 2030s. “The fast-track approach will deliver an initial element of the AFSC capability in coherence with the agreed AFSC concept and with the subsequent stages of delivery of the selected technical solution,” said Cioni, director of Armament and Aerospace Capabilities in NATO’s Defense Investment Division.120 The selected technical solution is yet to be determined and may consist of crewed and/or unmanned systems or a network of systems. Follow-through with political commitment and funding over the life of the AFSC program will be critical.

NAEW&CF and NAGSF have the potential to deliver more and to satisfy new requirements related to strengthened deterrence and defense. With respect to the NAGSF, NATO needs more platforms and sensor capabilities (such as IMINT/FMV/EO/IR and SIGINT) to enable effective support to its core tasks.

  • NATO should integrate national contributions on a permanent or rotational basis into the NAEW&CF and NAGSF based on NATO Force Model force generation to meet C4ISR requirements within NATO plans.
  • NATO should authorize and provide the funds for NAEW&CF and NAGSF commanders to leverage AI, ML, and Big Data management and exploitation tools. Such adoption must be in line with DT principles but will exploit the vast opportunities for improving image or signals recognition and classification, database management, maintenance, and planning for NAEW&CF and NAGSF. Such tools could also enable a sense and avoid capability for AGS.
  • NATO should upgrade, augment, resource, and fully exploit the NAGSF. The NAGSF has been effective and responsive but is still at Initial Operational Capability. NATO and nations should:
    • Fund and accelerate infrastructure. Provide the required manpower to achieve Full Operational Capability.
    • Fully leverage the analyst and operator training provided by the NAGSF.
    • Fully leverage the NAGSF’s PED potential through full manning and rotation of national analysts as members or augmentees. Experience in the NAGSF provides an opportunity for national analysts to gain expertise for national employment and contribute to NATO intelligence requirements.121
    • Fund the validated critical modernizations and upgrades required for current operations (especially Link 16, a standardized communications system used by the US military and its NATO allies, and secure communications accreditation).
    • Plan now and fund the acquisition of sensors (IMINT and SIGINT) to upgrade AGS platforms and fill gaps in collection capability.
    • Plan early to replace AGS RQ-4s at the end of their operational life span.
  • Fully fund AFSC development, including the fast-track approach, to ensure seamless delivery of the advanced C4ISR capabilities NATO needs for multi-domain warfighting beyond 2030.

(D) APSS needs political commitment and funding and deserves expansion. NATO-owned JISR platforms provide IMINT and measurement and signature intelligence (MASINT).122 NATO exploits significant amounts of OSINT to include commercial satellite imagery. The APSS initiative will significantly enhance the ability to receive national and commercial space-based information (imagery, signals, electronic signatures). NATO relies on nations for a greater breadth of IMINT as well as SIGINT, human intelligence (HUMINT), and cyber intelligence (multi-source). Multi-discipline intelligence fusion is critical for confidence in the analysis that enables shared awareness, consensus decision-making, and action. Additional IMINT and SIGINT capabilities (NATO-owned or contributed by nations) are needed now and offer promising prospects for improving NATO C4ISR. NATO should:

  • Expand its APSS initiative to include all allies. In support of APSS, NATO should:
    • Encourage national contributions and funding to meet strategic and operational intelligence requirements.
    • Limit bureaucracy by keeping governance simple and lean, ideally supported by existing committee structure.
    • Enable the NIE to fully exploit the multiple intelligence disciplines that space-based assets offer.
    • Consider including national and commercial high-altitude platforms (balloons, airships, aircraft that operate in the stratosphere) that can contribute to persistent surveillance.
    • Ensure space data collection, exchange, and exploitation requirements are part of DT.
    • Ensure the space expertise required to exploit space-based C4ISR capabilities is established within the Strategic Commands (ACO and ACT).
  • Integrate IMINT and SIGINT capabilities into NATO C4ISR (multiple options—additional sensor payloads for existing platforms, national contributions augmenting existing forces, and new platforms with IMINT and SIGINT sensor payloads).
  • Develop and implement policy to normalize and integrate SIGINT (military and commercial) for operational and tactical use across NATO Command and Force Structures.

(E) Integration of NATO air and missile defense requires additional efforts to close gaps in sensors, Air C2, Ground C2, and Tactical Data Links (TDLs) between sensors, weapons, and C2 platforms. NATO IAMD requires a special focus due to its critical role in protection of NATO C2, forces, and populations. NATO IAMD relies on C4ISR capabilities to ensure operational sensing, decision-making, and action. The ground-based air defense (GBAD) C2 multinational cooperation project supported by the CNAD promises focused solutions to integrating disparate allied GBAD C2 systems at the brigade and battalion level.123

A similar effort is needed to integrate Surface-Based Air and Missile Defense (SBAMD includes land and maritime systems) for area defense of NATO critical assets. NATO TDL standards are particularly important for NATO IAMD, yet not completely implemented by nations.124 Select air and missile defense platforms (i.e., fifth-generation aircraft) are becoming more advanced and capable of serving simultaneously as sensors, C2 nodes, and effectors. Yet these advanced platforms cannot seamlessly share tactical data. NATO and national investment in TDL software and hardware is critical. Additional R&D is required for data sharing between fifth-generation aircraft. NATO should:

  • Connect existing ground radars and field additional surface or space-based sensors required across the Alliance to close the radar sensor gap for low-flying threats (below 5,000 feet).
  • Develop a NATO program for the network of sensors and C2 nodes needed to ensure shared early warning, tracking, and engagement of hypersonic threats.
  • Accelerate transition to a future Air C2 system fit for multi-domain warfighting and future threat and friendly capabilities.
  • Focus innovation and capability development efforts on integrating sensors, C2, and effectors at the higher tactical (above brigade) level and AOR wide.
    • NATO needs political commitment and national action to ensure its TDL standards are implemented in national and NATO platforms.
    • Nations must follow through with integration of Link 16 capability in appropriate land, maritime, and aerial platforms.
    • NATO needs to prioritize Link 16 capability for the NAGSF in its modernization and upgrade efforts.
    • Nations must follow through with integration of Link 22 in maritime systems to replace Link 11, ensure Link 16 compatibility, and improve overall interoperability.
    • The United States needs to accelerate development of an interoperable TDL network between its fifth-generation aircraft and compatible with NATO TDLs.125

(F) EW capabilities are central to modern warfare and a principal focus of peer adversaries due to their potential for asymmetric response to Alliance comparative advantages (i.e., high-performance C4ISR platforms, precision-guided missiles). EW capabilities support intelligence collection and targeting, disrupt or destroy C4ISR, and require specialized C2 for effective employment. EW offensive capabilities can be relatively low-cost and range from radars to jammers to direct energy weapons to missiles guided by electromagnetic (EM) seekers.

Protection from adversary offensive EW capabilities is critical for NATO C4ISR. NATO operational and tactical communication networks must be secure, survivable, and resilient in a contested environment. Low probability of intercept, low probability of detection, directional communications, and autonomous functions can support improved security, survivability, and resilience.126 Self-organizing networks should be the aim with autonomous functions supported by AI and next generation network capabilities (i.e., 5G, 6G) and may require new waveforms enabled by new radio and antenna systems.127

The NATO EW community is active in promoting policy, doctrine, and capability development, but has not gained the political attention and commitment needed to ensure development of NATO EW capabilities to the level needed for modern warfare.128 NATO’s Joint Airpower Competence Center (JAPCC) has developed several recommendations for NATO action related to EW that could enhance NATO C4ISR effectiveness.129 Building on JAPCC’s recommendations NATO should:

  • Establish a Strategic EW Operations Center to enable NATO C2 of and employment guidance for nationally contributed EW capabilities and assets and assist in doctrine and concept development and training.
  • Ensure modern warfare EW capability needs are prioritized in NATO defense planning. Specifically include a focused section in Political Guidance 2023 and ensure the development of appropriate MCR in 2024 (leveraging modern warfare lessons and ambitious wargaming).
  • Promote national and multinational capability development and delivery of prioritized EW capabilities that improve security, survivability, and resilience of C4ISR, including through NATO innovation initiatives.
  • Integrate EM operations in the Alliance MDO Concept and clarify policy and doctrine on how the electromagnetic spectrum (EMS) fits into existing operational domains. (For example, should the EMS be merged into a single cyberspace-EMS domain?)
  • Develop a culture of EM signature awareness among all forces (especially land forces) and integrate EM signature monitoring, control, and mitigation into all (including C4ISR) new systems and capabilities.

(G) NATO recognizes the importance of investing in and promoting innovation and adoption of EDTs to retain its “technological and military edge.”130 The DIANA and NATO Innovation Fund initiatives as explained earlier provide great promise in developing the “innovation ecosystem” and collaboration with private sector that is needed to identify, promote, and deliver solutions to NATO’s operational and business challenges.131 DIANA will focus on leveraging innovation and creative solutions from start-ups and SMEs, but will include the NIAG throughout its processes to ensure wider industry awareness and preparation of defense and aerospace primes for scaling up promising solutions when necessary.

Complementary efforts are needed in three areas to leverage the potential that innovation and EDTs offer. First, clarification of the role of NATO’s military in innovation could empower NMAs to focus on improving the quality and substance of their collective contributions, including NATO Enterprise-wide collaboration. Second, greater agility in common-funded capability development and resourcing is needed to modernize how NATO acquires C4ISR capabilities and services. Third, NCIA as a customer-funded agency should be leveraged by allies to provide greater support to national and multinational capabilities and services related to C4ISR.132 NATO should:

  • Formalize and improve contributions from NATO’s military to innovation.133 Elements of which follow:
    • NWCC includes future capability considerations that should be refined over time through dialogue with the Armaments Community and STO.
    • The Warfare Development Agenda is meant to drive concept development and influence capability development but must be aligned with the NDPP.
    • Military requirements can be better informed by engagement with industry, the Armaments Community, and the Science & Technology Board.
    • Promotion of innovation challenges to military problem sets should be developed through greater involvement with the NATO Enterprise.
    • Military advice and input into the strategic guidance for DIANA are critical for leveraging DIANA’s potential to address military problems and challenges.
    • Support for testing and experimentation (including warfighter-industry interaction) of maturing technology and applications in NATO training and exercises needs greater focus.
    • Concept development is not yet at pace to leverage maturing technology and applications to enable integration and effective employment.
  • Adopt agile capability development and resourcing principles for common-funded C4ISR capabilities and services.
    • Revise how IT components of capabilities are addressed in requirements and acquisition to account ahead of time for cybersecurity, obsolescence replacement, upgrades, and modernization.
    • Reduce complexity in requirements drafting and committee oversight but enforce schedules.
    • Adopt modular approaches to design to enable interchangeability and interoperability among capabilities.
    • Adopt advanced technology that is mature, available, and corresponds to need rapidly.
    • Allow for an approach that includes early prototype testing and experimentation, small-scale purchases, building on success, and scaling up.
    • Allow for the appropriate risk tolerance for failure and revision.
    • Fully leverage NCIA’s potential support to national and multinational capability development and services related to C4ISR. Recent contracts for satellite communications, Strategic Space Situational Awareness System, and APSS are great examples of NCIA’s ability to leverage funding from single allies and groups of allies to provide capabilities and services that benefit the entire Alliance.
NATO Command Structure. Source: NATO

5. Continue to invest in NATO C4ISR interoperability, readiness, resilience, innovation, and adaptation

NATO’s value added to allies are its abilities to collectively decide and act, organize, and integrate. NATO provides the structural and digital backbone for nations to plug into, and develops common doctrine, concepts, procedures, and capabilities to enable interoperability and effective collective action. NATO nations have already increased defense spending by the equivalent of $350 billion since making their Defense Investment Pledge in 2014.134 More billions of dollars are planned to be spent by 2024 and beyond as additional allies meet or exceed their defense spending goal of 2 percent of their GDP. As of June 30, 2022, eight allies exceed the 2 percent goal.135 A total of nineteen allies have plans to do so by 2024 and five more plan to meet the goal shortly after 2024.136

NATO-owned C4ISR forces (e.g., NAEW&CF and NAGSF) and capabilities ensure a guaranteed minimum level of shared data and intelligence that is rapidly employable to enable political and military shared awareness. NATO-owned assets have proven their value time and again in crisis and partially compensate for the lack of standing national C4ISR contributions. The C4 elements of NATO-owned C4ISR assets provide secure and interoperable C2 and secure computer and communications networks for political consultation and NATO military operations and activities (strategic to tactical).

NATO-owned C4ISR forces and capabilities are NATO’s added value to the Alliance, providing the interoperable structure and digital backbone into which national contributions plug for collective awareness, decision-making, and action. Investment in NATO-owned C4ISR forces and capabilities can only enhance the Alliance’s capability to observe, orient, decide, and act.

NATO C4ISR will reap the benefits of known and expected increases in defense spending. While the bulk of allied defense spending will go to national defense requirements, spending on increased readiness of national C4ISR forces (personnel, training, equipment, sustainment, and infrastructure), enhanced resilience (especially communications networks and transportation), and delivery of capabilities corresponding to allied C4ISR capability targets will all contribute to the potential of NATO C4ISR.

As this report has highlighted, there are several areas where national defense spending and common funding are needed to ensure NATO C4ISR is fit for modern warfare and the threats and challenges identified in NATO’s 2022 Strategic Concept. The following recommendations are an elaboration of key investment recommendations previously mentioned. Allies should:

  • Invest in NATO interoperability and integration.
    • Accelerate development of C4ISR-related equipment and connectivity standards to ensure nations’ disparate C4ISR systems and platforms (all types—C2, communications, computers, and ISR) can talk to each other and share real-time data and intelligence. This effort must address interoperability between national and proprietary cryptographic equipment and software.
    • Ensure adequate NATO staff support to nations in standards development.
    • Implement a NATO assessment mechanism to confirm the adoption of NATO standards by national and NATO C4ISR forces.
    • Review and act on the implications of NATO military assessments of C4ISR interoperability.
    • Leverage and support the potential of NATO’s JISR interoperability trials (United Vision) to test, experiment, and validate C4ISR systems.
    • Adopt dual-use standards whenever possible to accelerate delivery of interoperable C4ISR capabilities or enablers.
  • Invest in NATO C4ISR force readiness and resilience. Review manpower and resilience (cybersecurity, communications, and infrastructure) requirements of the NAEW&CF and NAGSF for MDO.
    • Invest in NATO C4ISR innovation and adaptation commensurate with NATO C4ISR’s prominent role in shared awareness, decision-making, and action.
    • Include C4ISR challenges in the strategic guidance developed by nations for DIANA and the NATO Innovation Fund.
    • Invest in human capital development and management of leaders, operators, and intelligence professionals involved in or supporting NATO C4ISR.
  • Invest in NATO C4ISR adaptation (and modernization) to meet the needs of the Alliance now and out to 2030 and beyond.
    • Ensure funding for DT requirements that will enable and enhance NATO C4ISR.
    • Plan for and invest in the modernization and future replacement of NAGSF platforms and systems.
    • Ensure funding of NATO commitments to AFSC and a fast-track approach for an advanced platform replacement for AWACS aircraft.

Conclusion

NATO C4ISR capabilities have improved over the past decade but are not projected to meet future Alliance needs. Vulnerabilities and shortfalls persist, which are aggravated by a demanding security environment and an elevated level of NATO ambition agreed at the Madrid Summit. In particular, Russian aggression and other threats and challenges, including from terrorism, China, and climate change, raise requirements for speed and quality in NATO shared awareness, decision-making, and action. The latter are all enabled by NATO C4ISR.

The NATO 2022 Strategic Concept and recent policy decisions will set the context for future NATO C4ISR requirements. Future NATO defense planning and capability development of NATO C4ISR must respond to changing requirements and address critical issues. NATO has a unique window of opportunity over the next few years to leverage a newfound sense of cohesion and urgency among allies along with an agreed vision. Implementing recent NATO decisions, leveraging increases in defense investment, and exploiting proven or promising technologies present multiple opportunities to develop and deliver the C4ISR capabilities NATO forces need.

Five key efforts will maximize NATO’s ability to maintain its comparative military advantage over the coming decade: improving data and intelligence sharing, transforming digitally, clarifying C4ISR architecture and requirements, modernizing or acquiring C4ISR capabilities and enablers, and continuing to invest in the ingredients of NATO’s success for the past seven decades (i.e., interoperability, readiness, resilience, innovation, and adaptation).

Glossary

A2CD2

ACCS

ACO

ACT

AFSC

AGS

AI

AIRCOM

AOR

APSS

ASG

AWACS

C2

C3

C4

C4ISR


CMOSS

CNAD

COMINT

C-UAS

DCOS

DDA

DEFP

DGIMS

DI

DIANA

DT

EDTs

ELINT

EM

EMS

EO

EU

EW

FMV

GBAD

GDP

GPS

HQ

HUMINT

I&W

IAMD

IEA

IMINT

IMS

INF Treaty

IoT

IR

ISR

IT

JADC2

JAPCC

JFC

JIS

JISD

JISR

MASINT

MCR

MDO

ML

NAC

NAEW&CF

NAGSF

NATO

NCIA

NCRS

NDPP

NHQC3S

NIAG

NIE

NIF

NIFC

NMAs

NSPA

NWCC

OSINT

PDD

PED

R&D

SACEUR

SACT

SASP

SBAMD

SHAPE

SIGINT

SMEs

STO

TCPED

TDL

UAS

Achieving and Accelerating Capability Development and Delivery

Air Command and Control System

Allied Command Operations

Allied Command Transformation

Alliance Future Surveillance and Control

Alliance Ground Surveillance

artificial intelligence

Air Command

Area of Responsibility

Alliance Persistent Space Surveillance

assistant secretary general

airborne early warning and control system

command and control

consultation, command, and control

command, control, communications, and computers

command and control, communications, computers, intelligence, surveillance, and reconnaissance

C4ISR/Electronic Warfare Modular Open Suite of Standards

Conference of National Armaments Directors

communications intelligence

counter-unmanned aircraft system

Deputy Chief of Staff

Defense and Deterrence of the Euro-Atlantic Area

Data Exploitation Framework Policy

Director General of the International Military Staff

Defense Investment

Defense Innovation Accelerator for the North Atlantic

Digital Transformation

emerging and disruptive technologies

electronic intelligence

electromagnetic

electromagnetic spectrum

electrical-optical

European Union

electronic warfare

full-motion video

ground-based air defense

gross domestic product

global positioning system

headquarters

human intelligence

indicators and warnings

integrated air and missile defense

Information Environment Assessment

imagery intelligence

International Military Staff

Intermediate-Range Nuclear Forces Treaty

Internet of Things

infrared

intelligence, surveillance, and reconnaissance

information technology

Joint All Domain Command and Control

Joint Airpower Competence Center

joint force command

Joint Intelligence and Security

Joint Intelligence and Security Division

joint intelligence surveillance and reconnaissance

measurement and signature intelligence

Minimum Capability Requirements

multi-domain operations

machine learning

North Atlantic Council

NATO Airborne Early Warning and Control Force

NATO Alliance Ground Surveillance Force

North Atlantic Treaty Organization and Reconnaissance

NATO Communications and Information Agency

NATO Crisis Response System

NATO defense planning process

NATO Headquarters C3 Staff

NATO Industrial Advisory Group

NATO Intelligence Enterprise

NATO-Industry Forum

NATO Intelligence Fusion Center

NATO Military Authorities

NATO Support and Procurement Agency

NATO Warfighting Capstone Concept

open-source intelligence

Public Diplomacy Division

Processing, Exploitation, and Dissemination

Research and development

Supreme Allied Commander Europe

Supreme Allied Commander Transformation

SACEUR’s Area of Responsibility-Wide Strategic Plan

Surface-Based Air and Missile Defense

Supreme Headquarters Allied Powers Europe

signals intelligence

small and medium-sized enterprises

Science & Technology Organization

Tasking, Collection, Processing, Exploitation, and Dissemination

Tactical Data Link

unmanned aircraft system

About the author


Gordon B. “Skip” Davis Jr. is currently a Senior Fellow at the Center for European Policy Analysis. He recently served as NATO’s Deputy Assistant Secretary General for Defense Investment.

Prior to NATO, Skip served 37 years in the U.S. Army retiring as a Major General. Skip’s last military positions were as Director of Operations, U.S. European Command, Commander of Combined Security Transition Command – Afghanistan, and Director of Operations and Intelligence for Allied Command Operations. Skip’s professional life included operational and institutional assignments interspersed with study and practice of international affairs and defense issues, primarily in Europe. Skip participated in operations with U.S., NATO, and UN forces in Europe, Africa, Middle East, and Central Asia. Skip brings practical experience and conceptual understanding of contemporary and emerging defense issues as well as executive-level experience in operations, intelligence, leader development, capability development, and policy development. Skip holds an undergraduate degree in nuclear physics and graduate degrees in international business, defense and military history, and strategic studies.

Mr. Davis and his wife Rita have two daughters, Stefania and Victoria, both of whom completed their undergraduate degrees in Italy. Stefania is a Captain in the U.S. Military Intelligence Corps serving at Fort Bragg, North Carolina, and Victoria is a graduate student completing a MBA in Performing Arts in Paris.

The Transatlantic Security Initiative, in the Scowcroft Center for Strategy and Security, shapes and influences the debate on the greatest security challenges facing the North Atlantic Alliance and its key partners.

1    Scowcroft Center Task Force for Deterrence and Force Posture, Defending Every Inch of NATO Territory: Force Posture Options for Strengthening Deterrence in Europe, Atlantic Council, March 9, 2022, https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/us-and-nato-force-posture-options/.
2    For this report, information technology (IT), including services, are included in the categories of “communications” and “computers.” While some countries include cyber as a related capability category (i.e., C5ISR), NATO treats cyber as an operational domain (cyberspace) and an enabling capability for C4ISR.
3    NATO, “NATO Allies Sign Protocols for Accession of Finland and Sweden,” last updated July 5, 2022, https://www.nato.int/cps/en/natohq/news_197763.htm.
4    NATO, NATO 2022 Strategic Concept, June 29, 2022, 3-6, https://www.nato.int/strategic-concept/#StrategicConcept.
5    NATO Air Command, “NATO Alliance Ground Surveillance Force takes over critical infrastructure,” November 28, 2022, https://ac.nato.int/archive/2022/NAGSF_new_infra.
6    NATO Air Command, “NATO Airborne Early Warning and Control,” accessed February 16, 2023, https://ac.nato.int/missions/indications-and-warnings/AWACS.
7    NATO 2022 Strategic, “Strategic Environment,” 4.
8    Rear Adm. Nicholas Wheeler, interview by author, August 16, 2022.
9    NATO 2022 Strategic, 6.
10     Allied Command Transformation (ACT) began talks in June 2021. See Lieutenant Colonel Jose Diaz de Leon, “Understanding Multi-Domain Operations in NATO,” Three Swords Magazine 37 (2021), 92, https://www.jwc.nato.int/application/files/1516/3281/0425/issue37_21.pdf. During the author’s assignment to Allied Command Operations (ACO), from 2013 to 2015, staff officers in the Supreme Headquarters Allied Powers Europe (SHAPE) Plans Directorate developed a draft definition and concept for MDO that was shared with senior SHAPE staff.
11    Allied Command Transformation (ACT), “Multi-Domain Operations: Enabling NATO to Out-Pace and Out-Think Its Adversaries,” July 29, 2022, https://www.act.nato.int/articles/multi-domain-operations-out-pacing-and-out-thinking-nato-adversaries.
12    Ibid.
13    Lt. Gen. David Julazadeh, interview by author, August 2, 2022.
14    The author defines defense posture as the whole of command and control (C2) structures, baseline activities for deterrence and defense, force readiness, responsiveness, reinforcement plans, and capabilities.
15    Tom Goffus, interview by author, July 15, 2022.
16    David Cattler, interview by author, July 13, 2022, and Maj. Gen. Philip Stewart, interview by author, July 11, 2022.
17    NATO, “Alliance Ground Surveillance (AGS),” last updated July 20, 2022, https://www.nato.int/cps/en/natohq/topics_48892.htm.
18    Airforce Technology, “E-3 AWACS (Sentry) Airborne Early Warning and Control System,” June 25, 2020, https://www.airforce-technology.com/projects/e3awacs/.
19    Stewart, interview and Brig. Gen. Houston Cantwell, interview by author, July 8, 2022.
20    Cattler, interview.
21    Ibid. and Stewart, interview.
22    Ibid. and Stewart, interview.
23    Camille Grand, interview by author, August 1, 2022.
24    Cattler, interview.
25    “Video: 5 Things You Should Know about NATO’s Air Shielding Mission,” SHAPE, August 19, 2022, https://shape.nato.int/news-archive/2022/video-5-things-you-should-know-about-natos-air-shielding-mission.
26    Mattia Olivari, “The Space Sector: Current Trends and Future Evolutions,” ISPI, December 11, 2021, https://www.ispionline.it/en/publication/space-sector-current-trends-and-future-evolutions-28602.
27    Signals intelligence (SIGINT) is composed of communications intelligence (COMINT) and electronic intelligence (ELINT).
28    NATO’s E-3A AWACS has a look down surveillance radar that collects measurement and signature intelligence (MASINT), but not COMINT. See Airforce Technology, “E-3 AWACS (Sentry) Airborne Warning and Control System,” June 25, 2020, https://www.airforce-technology.com/projects/e3awacs/.
29    NATO, “Alliance Persistent Surveillance from Space (APSS),” updated February 2023, https://www.nato.int/nato_static_fl2014/assets/pdf/2023/2/pdf/230215-factsheet-apss.pdf.
30    NATO Communications and Information Agency (NCIA) General Manager Ludwig Decamps, interview by author, July 21, 2022, and Director of Armament and Aerospace Capabilities in NATO’s Defense Investment Division Giorgio Cioni, interview by author, August 2, 2022.
31    Author’s personal knowledge from assignment at NATO Headquarters as deputy assistant secretary general (ASG) Defense Investment (DI).
32    NATO uses TCPED in internal documents and communications to refer to the key steps of its intelligence process. The five steps of NATO TCPED are equivalent to what the US Department of Defense describes as the six steps of the “intelligence process”: “planning and direction, collection, processing and exploitation, analysis and production, dissemination and integration, and evaluation and feedback.” See Department of the Army et al., Joint Publication 2-01. Joint and National Intelligence Support to Military Operations, January 5, 2012, GL-10, https://irp.fas.org/doddir/dod/jp2_01.pdf.
33    Maj. Gen. Tom Kunkel, interview by author, August 4, 2022.
34    INSA (Intelligence & National Security Alliance), “Coffee and Conversation with David Cattler,” July 25, 2022, YouTube video, https://www.youtube.com/watch?v=b5mJUtnNI88.
35    Ibid.
36    Daniel Michaels, “Lessons of Russia’s War in Ukraine: You Can’t Hide and Weapons Stockpiles Are Essential,” Wall Street Journal, July 4, 2022, https://www.wsj.com/articles/lessons-of-russias-war-in-ukraine-you-cant-hide-and-weapons-stockpiles-are-essential-11656927182.
37    INSA, “Coffee and Conversation.”
38    Michael Sheetz, “Elon Musk’s SpaceX Sent Thousands of Starlink Satellite Internet Dishes to Ukraine, Company’s President Says,” CNBC, March 22, 2022, https://www.cnbc.com/2022/03/22/elon-musk-spacex-thousands-of-starlink-satellite-dishes-sent-to-ukraine.html.
39    Microsoft, Defending Ukraine: Early Lessons from the Cyber War, June 22, 2022, 4, https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE50KOK.
40    David van Weel, interview by author, August 18, 2022.
41    Tara Copp, “Satellite Firms Are Helping Debunk Russian Claims, Intel Chief Says,” Defense One, April 5, 2022, https://www.defenseone.com/business/2022/04/satellite-firms-helped-debunk-russian-claims-intel-chief-says/364060/.
42    NATO Intelligence Fusion Centre, “NATO Intelligence Fusion Centre,” accessed February 16, 2023, https://web.ifc.bices.org/.
43    Van Weel, interview.
44    Decamps, interview.
45    Ibid.
46    NATO, “NATO Communications and Information Agency,” https://www.ncia.nato.int/.
47    NATO, “NATO approves 2023 strategic direction for new innovation accelerator,” last updated December 21, 2022, https://www.nato.int/cps/en/natohq/news_210393.htm.
48    NATO, Brussels Summit Communiqué, press release, last updated July 1, 2022, https://www.nato.int/cps/en/natohq/news_185000.htm; NATO, “NATO Launches Innovation Fund,” last updated June 30, 2022, https://www.nato.int/cps/en/natohq/news_197494.htm.
49    Author’s notes from NATO-Industry Forums (NIFs) 2018 and 2019 and post-NIF reports co-published by SACT and ASG DI internally after the event and edited by the author.
50    NIFs 2018, 2019, and 2021 specifically focused on innovation, emerging technologies, and inviting start-ups and SMEs. See references to NIFs 2019 and 2021 in NATO, “NATO-Industry Forum,” accessed October 3, 2022, https://www.act.nato.int/industryforum.
51    NATO, “Multinational Capability Cooperation,” last updated November 18, 2022, https://www.nato.int/cps/en/natohq/topics_163289.htm.
52    While assigned to NATO HQ, the author sponsored, enabled, or was aware of several trials leveraging advanced technology in AI and data services to demonstrate private sector capabilities to assist in security or defense-related requirements such as: tracking COVID-19-related factors impacting allies, foreign investment in allied defense industry and critical infrastructure, and tracking and analyzing open-source information related to threats.
53    ACT, “Innovation Hub,” accessed October 2, 2022, https://www.innovationhub-act.org.
54    NATO Communications and Information Agency, “Our Key Events,” accessed October 2, 2002, https://www.ncia.nato.int/business/partnerships/key-events.html.
55    NATO, “NATO Sharpens Technological Edge with Innovation Initiatives,” last updated April 7, 2022, https://www.nato.int/cps/en/natohq/news_194587.htm.
56    Ibid.
57    Charlie Parker, “Uber-Style Technology Helped Ukraine to Destroy Russian Battalion,” Times, May 14, 2022, https://www.thetimes.co.uk/article/uk-assisted-uber-style-technology-helped-ukraine-to-destroy-russian-battalion-5pxnh6m9p.
58    Ibid.
59    Ibid.
60    Ibid.
61    Lt. Gen. Hans-Werner Wiermann, interview by author, July 21, 2022.
62    Grand, interview.
63    John R. Hoehn, “Joint All-Domain Command and Control (JADC2),” Congressional Research Service, updated January 21, 2022, https://sgp.fas.org/crs/natsec/IF11493.pdf; Julazadeh, interview.
64    Atlantic Council Experts, “Our Experts Decipher NATO’s New Strategic Concept,” New Atlanticist, Atlantic Council, June 30, 2022, https://www.atlanticcouncil.org/blogs/new-atlanticist/our-experts-decipher-natos-new-strategic-concept/.
65    NATO 2022 Strategic, 1.
66    NATO 2022 Strategic, 6.
67    “Multi-Domain Operations: Enabling NATO.”
68    Based on the author’s analysis of an unclassified document, not publicly released. Supreme Headquarters Allied Powers Europe (SHAPE) – HQ SACT, “Bi-Strategic Command, Initial Alliance Concept for Multi-Domain Operations,” July 5, 2022.
69    Julazadeh, interview.
70    NATO Communications and Information Agency (NCIA), “Digitally Transforming NATO: Our Work Explained,” March 19, 2019, https://www.ncia.nato.int/about-us/newsroom/digitally-transforming-nato-our-work-explained-.html.
71    Wiermann, interview.
72    Wheeler, interview.
73    Marco Criscuolo, interview by author, August 18, 2022.
74    Wiermann, interview; Criscuolo interview; and Grand, interview.
75    NATO 2022 Strategic, 6.
77    Maj. Gen. Karl Ford, interview by author, July 27, 2022.
78    Author’s notes from unclassified ACT brief “2021 NATO Warfighting Capstone Concept” to the Conference of National Armaments Directors (CNAD) in Partner Format, NATO Headquarters, Brussels, January 29, 2021.
79    NATO, “The Alliance’s Warfare Development Agenda: Achieving a 20-year Transformation,” March 29, 2022, https://www.act.nato.int/articles/wda-achieving-20-year-transformation; Ford, interview.
80    NATO 2022 Strategic, 5–7.
81    NATO, “Environment, Climate Change and Security,” last updated July 26, 2022,  https://www.nato.int/cps/en/natohq/topics_91048.htm.
82    Cioni, interview.
83    Ibid.
84    NATO, “NATO Sharpens.”
85    NATO 2022 Strategic, 7.
86    Brussels Summit Communiqué.
87    Van Weel, interview.
88    The CNAD and its seven Main Groups and over one hundred and fifty subordinate groups constitute NATO’s largest standing committee structure and one of its longest standing. The CNAD is supported by NATO’s DI Directorate. Collectively, the CNAD and DI Directorate are referred to as the NATO armaments community. See NATO, “Conference of National Armaments Directors (CNAD),” last updated January 17, 2023, https://www.nato.int/cps/en/natolive/topics_49160.htm.
89    NATO, “NATO Steps Up Engagement with Private Sector on Emerging Technologies,” last updated September 15, 2022, https://www.nato.int/cps/en/natohq/news_207258.htm.
90    Van Weel, interview.
91    Ibid.
92    NATO 2022 Strategic, 7, par. 24.
93    NATO, “Funding NATO,” last updated January 12, 2022, https://www.nato.int/cps/en/natohq/topics_67655.htm.
94    NATO, “Readiness Action Plan,” last updated September 1, 2022, https://www.nato.int/cps/en/natohq/topics_119353.htm; NATO, “NATO Wales Summit Guide,” Newport, September 4-5, 2014,  https://www.nato.int/nato_static_fl2014/assets/pdf/pdf_publications/20141008_140108-summitguidewales2014-eng.pdf.
95    NATO, “NATO Wales Summit 2014,” last updated September 5, 2014, https://www.nato.int/cps/en/natohq/events_112136.htm.
96    NATO, “Deterrence and Defence,” last updated September 12, 2022, https://www.nato.int/cps/en/natohq/topics_133127.htm. See section on “Investing in defence.”
97    NATO 2022 Strategic.
98    NATO 2022 Strategic, 6, par. 22.
99    Comments on NATO’s common-funded capability development governance model and progress are based on the author’s personal experience in NATO from 2018 to 2021. In 2018, a new governance model for common-funded capability development was adopted which was intended to empower NATO’s strategic commands and agencies to drive capability development, introduce acceptable risk tolerance measures, streamline governance processes, and satisfy allies’ appetite for control and cost-efficiency. Expected outcomes have been underwhelming. Learning has been steep, adaptation difficult, and control difficult for nations to release. The new governance model also controls common funding for IT and services (including cybersecurity), which require upgrades and modernization at speeds beyond which NATO processes can keep up.
100    NATO Industrial Advisory Group (NIAG), “Industry Initiative for Agile Acquisition (I2A2),” February 15, 2021.
101    Rear Admiral John W. Tammen, “NATO’s Warfighting Capstone Concept: Anticipating the Changing Character of War,” NATO Review, July 9, 2021, https://www.nato.int/docu/review/articles/2021/07/09/natos-warfighting-capstone-concept-anticipating-the-changing-character-of-war/index.html.
102    Ibid.
103    NATO’s first ASG for Joint Intelligence and Security (JIS), Arndt Freytag von Loringhoven, noted the “ingrained tradition” of national civilian intelligence agencies to restrict intelligence sharing in a 2019 article at the end of his tenure. See Arndt Freytag von Loringhoven, “A New Era for NATO Intelligence,” NATO Review, October 29, 2019, https://www.nato.int/docu/review/articles/2019/10/29/a-new-era-for-nato-intelligence/index.html.
104    This is an uncomfortable truth acknowledged by current and past senior ACO intelligence officials (of which the author is one) and NATO’s first two ASGs for JIS: David Cattler and Arndt Freytag von Loringhoven. Maj. Gen. Matt Van Wagenen, interview by author, September 11, 2022; Stewart, interview; Cattler, interview; and Von Loringhoven, “A New Era.”
105    Despite numerous NATO consultations between 2014 and 2018 on the 9M729 or SSC-8 Russian missile (including when the author was an ACO presenter in 2014 and a NATO official in 2018), it was not until December 2018 that allies decided to unanimously endorse the US finding and presume the lack of an adequate Russian response as evidence of an Intermediate-Range Nuclear Forces (INF) Treaty violation. Several allies prior to late 2018 were not ready to take US declarations at face value without the primary source intelligence behind the US position. While the INF Treaty was between the United States and the Soviet Union, European allies were directly implicated because the treaty-limited ranges provided security from attack of prohibited weapon systems. See NATO, “NATO and the INF Treaty,” last updated August 2, 2019, https://www.nato.int/cps/en/natohq/topics_166100.htm.
106    Stewart, interview; Cattler, interview; and Cioni, interview.
107    Wheeler, interview and Criscuolo, interview.
108    Sally Cole, “CMOSS: Building-Block Architecture Bring Speed, Cost Benefits,” Military Embedded Systems, November 29, 2021, https://militaryembedded.com/comms/communications/cmoss-building-block-architecture-brings-speed-cost-benefits.
109    The following Atlantic Council report explains the importance of enterprise-wide digitalization to improve shared awareness, decision-making, and action. Jeffrey Reynolds and Jeffrey Lightfoot, Digitalize the Enterprise, Atlantic Council, October 20, 2020, https://www.atlanticcouncil.org/content-series/nato20-2020/digitalize-the-enterprise/.
110    Ford, interview.
111    Criscuolo, interview.
112    Ford, interview.
113    Per AJP-2.7, JISR architecture consists of the organizations, processes, and systems connecting collectors, databases, applications, producers, and consumers of intelligence and operational data in a joint environment. See NATO Standardization Office, NATO Standard, AJP 2.7, Allied Joint Doctrine for Joint Intelligence, Surveillance and Reconnaissance, Edition A, Version 1, July 11, 2016, 1–3,https://jadl.act.nato.int/ILIAS/data/testclient/lm_data/lm_152845/Linear/JISR04222102/sharedFiles/AJP27.pdf.
114    Architecture Capability Team, Consultation, Command & Control Board, NATO Architecture Framework, Version 4, NATO, January 2018, Document Version 2020.09, https://www.nato.int/nato_static_fl2014/assets/pdf/2021/1/pdf/NAFv4_2020.09.pdf.
115    Paul Savereux, interview by author, July 29, 2022, and NATO, “NATO Defence Planning Process,” last updated March 31, 2022, https://www.nato.int/cps/en/natohq/topics_49202.htm.
116    Fabrice Fontanier, chair of NIAG C4ISR Community of Interest, notes to author, September 17, 2022.
117    Robert Weaver, interview by author, March 11, 2022.
118    Ibid.
119    NATO, “NATO Exercises with New Maritime Unmanned Systems,” last updated September 15, 2022, https://www.nato.int/cps/en/natohq/news_207293.htm.
120    Ibid.
121    Stewart, interview and Cantwell, interview.
122    NATO’s AGS RQ-4Ds are equipped with MP-RTIP ground surveillance radar that provides ground moving target indicator and synthetic aperture radar imagery. See Wikipedia, “Multi-Platform Radar Technology Insertion Program,” accessed July 29, 2022, https://en.wikipedia.org/wiki/Multi-Platform_Radar_Technology_Insertion_Program#Overview. NATO’s AWACS E-3s have look-down radar that essentially collects MASINT. See “E-3 AWACS.”
123    NATO, “Command and Control Capability for Surface Based Air and Missile Defence for the Battalion and Brigade Level (GBAD C2 Layer),” Factsheet, February 2022, https://www.nato.int/nato_static_fl2014/assets/pdf/2021/10/pdf/2110-factsheet-gbad-c2-layer.pdf.
124    Military Wiki, “Tactical Data Link,” accessed September 1, 2022 https://military-history.fandom.com/wiki/Tactical_Data_Link#TDL_standards_in_NATO.
125    Harry Lye, “Fifth-Generation Aircraft Share Bi-Directional Data in Military IoT First,“ Airforce Technology, December 15, 2020, https://www.airforce-technology.com/news/fifth-generation-aircraft-share-bi-directional-data-in-military-iot-first/.
126    Fontanier, notes to author.
127    Ibid.
128    Commander Malte von Spreckelsen, “Electronic Warfare – The Forgotten Discipline,” Journal of the JAPCC 27 (2018), 41–45,  https://www.japcc.org/articles/electronic-warfare-the-forgotten-discipline/.
129    De Angelis et al., NATO ISTAR, 52; Von Spreckelsen, “Electronic Warfare”; and Major Erik Bamford and Commander Malte von Spreckelsen, “Future Command and Control of Electronic Warfare,” Journal of the JAPCC 28 (2019), 60–66,  https://www.japcc.org/articles/future-command-and-control-of-electronic-warfare/
130    NATO 2022 Strategic, 7.
131    Van Weel, interview.
132    NATO Support and Procurement Agency (NSPA) is already involved in major C4ISR programs like AFSC, AWACS, and AGS. NCIA focuses almost overwhelmingly on common-funded capabilities and services but could provide support to multinational and national capability development given its charter and expertise.
133    Based on ideas discussed between the author and Lt. Gen. Hans-Werner Wiermann in February 2021.
134    NATO, “Remarks by NATO Secretary General Jens Stoltenberg and US President Joe Biden at the start of the 2022 NATO Summit,” last updated June 29, 2022, https://www.nato.int/cps/en/natohq/opinions_197374.htm.
135    Katharina Buchholz, “Where NATO Defense Expenditure Stands in 2022 [Infographic],” Forbes, June 30, 2022, https://www.forbes.com/sites/katharinabuchholz/2022/06/30/where-nato-defense-expenditure-stands-in-2022-infographic.
136    Patrick Goodenough, “Only 9 Out of 30 Allies Are Meeting NATO’s Defense Spending Goal,” CNSNews, June 30, 2022, https://www.cnsnews.com/article/international/patrick-goodenough/only-9-out-30-allies-are-meeting-natos-defense-spending.

The post The future of NATO C4ISR: Assessment and recommendations after Madrid appeared first on Atlantic Council.

]]>
Improving Gulf security: A framework to enhance air, missile, and maritime defenses https://www.atlanticcouncil.org/in-depth-research-reports/report/improving-gulf-security-a-framework-to-enhance-air-missile-and-maritime-defenses/ Tue, 14 Mar 2023 20:00:00 +0000 https://www.atlanticcouncil.org/?p=615178 Looking at decades of US support and operations in the Gulf and recognizing a continued, arguably growing, air and maritime threat from Iran, the Atlantic Council Gulf Security Task Force developed a framework on how to best protect US and allies’ interests in this sensitive, always relevant region.

The post Improving Gulf security: A framework to enhance air, missile, and maritime defenses appeared first on Atlantic Council.

]]>
This report is the final product of the Scowcroft Middle East Security Initiative‘s Gulf Security Task Force, a team of experts whose US government experience includes senior roles at the Department of Defense, Department of State, White House, and Intelligence Community. The Task Force joined together to shape this new strategy, with an eye on sustainable success in protecting both US and allies in the Gulf. The views expressed in the report are those of the authors and not their respective institutions.

Looking at decades of US support and operations in the Gulf and recognizing a continued, arguably growing, air and maritime threat from Iran, the Atlantic Council Gulf Security Task Force developed a framework on how to best protect US and allies’ interests in this sensitive, always relevant region. The report provides US decision-makers with an updated, fact-based strategy for protecting its interests in the air and maritime domain from the Persian Gulf to the Red Sea, while ensuring Gulf partners’ ability to assume this responsibility, with the assistance and leadership of the United States.

In this capstone report, “Improving Gulf Security: A Framework to Enhance Air, Missile, and Maritime Defenses“, the Gulf Security Task Force brings together their cross-section of expertise to address the nature of the threats and provide practical policy solutions for the development of an integrated air, missile, and maritime defense in the Gulf, that provides long-term, reliable protection for the US and our partners’ security in the region.


Competing Security Interests in the Arab Gulf


Authors

Michael S. Bell

Former Special Assistant to the President and Senior Director for Middle East Affairs, National Security Council

Dr. Mike Bell is the Executive Director of the Jenny Craig Institute for the Study of War and Democracy. Commissioned in Armor following graduation from the US Military Academy at West Point, he is a combat veteran, historian, and strategist who has served at every level from platoon through theater army, as well as with US Central Command, the Joint Staff, the West Point faculty, and the National Defense University. As a civilian faculty member at the National Defense University, he also served details to the Office of the Secretary of State and as a National Security Council Senior Director and Special Assistant to the President of the United States. His monograph on the role of the Chairman of the Joint Chiefs of Staff was published by the Strategic Studies Institute.

Clarke Cooper

Nonresident Senior Fellow, Scowcroft Middle East Security Initiative, Middle East Programs, Atlantic Council
Former Assistant Secretary of State for Political-Military Affairs

R. Clarke Cooper recently served as the assistant secretary for political-military affairs at the US Department of State from 2019 to 2021. During his tenure, Cooper implemented reforms to streamline arms export licensing and improve government support to the US defense industry. By enabling security partnerships and through advocacy for burden sharing to counter shared threats, Cooper continued his advocacy for performance measures across United Nations (UN) peacekeeping missions, women in active peacekeeping roles, and accountability measures for troop and police contributing countries. In 2021, Cooper was awarded the Superior Honor Award for interagency coordination and implementation of the security cooperation elements of the Abraham Accords.

Kirsten Fontenrose

Nonresident Senior Fellow, Scowcroft Middle East Security Initiative, Middle East Programs, Atlantic Council
Former Senior Director for the Gulf, National Security Council

Kirsten spent 2018 as Senior Director for the Gulf at the National Security Council, leading the development of U.S. policy toward nations of the GCC, Yemen, Egypt, and Jordan. Prior to this service at the White House, Kirsten spent a year in the private sector consulting on specialized projects in the national security space. Her interagency experience includes five years at the Department of State leading the Middle East and Africa team in the interagency Global Engagement Center. Prior to this, Kirsten worked with a field team studying foreign populations for the US Department of Defense Theater Special Operations Commands.

Greta Holtz

Chancellor, College of International Security Affairs National Defense University
Former US Charge d’Affaires in Qatar and former US Ambassador in Oman

Ambassador (Ret.) Greta C. Holtz enjoyed 35 years as a career diplomat with extensive experience in the Middle East region. She retired in April 2021 with the personal rank of Minister Counsellor. Ambassador Holtz served as Senior United States Coordinator for Operation Allies Refuge in Qatar from August – October 2021 and as Chargé d’affaires in Qatar from June 2020 until April 2021. She was Principal Deputy Assistant Secretary in the State Department’s Bureau of South and Central Asian Affairs, and she was the Senior Foreign Policy Advisor (POLAD) to the Commanding General of U.S. Special Operations Command (SOCOM) from 2017-2019. She served as the United States Ambassador to the Sultanate of Oman from 2012 to 2015 and was the Vice-Chancellor at National Defense University’s College of International Security Affairs from 2016 to 2017. Ambassador Holtz was Deputy Assistant Secretary for Public Diplomacy and Strategic Communication in the Bureau of Near Eastern Affairs, and she ran the United States Provincial Reconstruction teams in Iraq from 2009-2010.

Richard LeBaron

Nonresident Senior Fellow, Middle East programs, Atlantic Council Former US Ambassador to Kuwait

Ambassador (Ret.) Richard LeBaron is a career diplomat with over thirty years of experience abroad and in Washington. His most recent overseas posting was as deputy chief of mission at the US embassy in London from August 2007 to August 2010. Amb. LeBaron served as chargé d’affaires in London from February to August 2009. Previous to his assignment to London, Amb. LeBaron served as the US ambassador to Kuwait (2004 to 2007). From September 2001 to July 2004, Amb. LeBaron served as deputy chief of mission at the Embassy of the United States in Tel Aviv, Israel.

Fozzie Miller

Former Nonresident Senior Fellow, Middle East programs, Atlantic Council Former Commander, US Naval Forces Central Command/Combined Maritime Forces/US Fifth Fleet

In 2015, Vice Admiral (Ret.) John W. “Fozzie” Miller retired from the US Navy after serving as the Commander, US Naval Forces Central Command; Commander, Combined Maritime Forces; and Commander, US Fifth Fleet. Miller spent a considerable amount of his naval career focusing on the Middle East—beyond his role as Commander of the US Fifth Fleet, he also served as Deputy Commander to US Naval Forces Central Command/United States Fifth Fleet; Deputy Director, Strategy, Plans, and Policy (J5); and Chief of Staff of US Central Command. In 2015, Miller received the Navy Distinguished Service Medal.

Daniel Vardiman

Senior US Navy Fellow, Scowcroft Center for Strategy and Security (2021-2022), Atlantic Council *

Commander Daniel Vardiman was the intelligence lead for Expeditionary Strike Group Two from August 2019 through July 2021. In this role, he also served as the acting information warfare commander; supported staff certification, contingency operations, and integration with the Marines; participated in exercises in Europe and off the East Coast of the United States; and assisted with defense support to civil authorities. For his lieutenant commander milestone tour, he was the intelligence lead for Amphibious Squadron Six from June 2014 through June 2016, and on the Bataan Amphibious Ready Group and Wasp Amphibious Ready Group deploying to the US Fifth and Sixth Fleet areas of responsibility.

* The opinions expressed are those of the author and do not reflect those of the U.S. Navy or Department of Defense.


Brett McGurk sets out the ‘Biden doctrine’ for the Middle East

White House Coordinator for the Middle East and North Africa, Brett McGurk, delivered remarks in support of “enabling an integrated air and maritime defense architecture in the region, something long talked about, which is now happening through innovative partnerships and new technologies,” at the Atlantic Council’s inaugural Rafik Hariri Awards, celebrating the tenth anniversary of the Rafik Hariri Center for the Middle East, in Washington on February 14, 2023.

Scowcroft Middle East Security Initiative

The Atlantic Council’s work on Middle East security honors the legacy of Brent Scowcroft and his tireless efforts to build a new security architecture for the region. Our work in this area addresses the full range of security threats and challenges including the danger of interstate warfare, the role of terrorist groups and other nonstate actors, and the underlying security threats facing countries in the region.


The post Improving Gulf security: A framework to enhance air, missile, and maritime defenses appeared first on Atlantic Council.

]]>
Will morale prove the decisive factor in the Russian invasion of Ukraine? https://www.atlanticcouncil.org/blogs/ukrainealert/will-morale-prove-the-decisive-factor-in-the-russian-invasion-of-ukraine/ Thu, 09 Mar 2023 22:13:28 +0000 https://www.atlanticcouncil.org/?p=621412 Putin is preparing for a long war in Ukraine and still believes he can outlast the West, but mounting signs of demoralization among mobilized Russian soldiers may pose a serious threat to the success of his invasion, writes Peter Dickinson.

The post Will morale prove the decisive factor in the Russian invasion of Ukraine? appeared first on Atlantic Council.

]]>
Graphic footage emerged this week on social media depicting what appeared to be the final moments of a captive Ukrainian soldier being summarily executed by Russian forces. The brief video of this apparent war crime shows an unarmed Ukrainian POW, who was later identified as Chernihiv native Oleksandr Matsievsky, calmly repeating the patriotic slogan “Glory to Ukraine” before being gunned down by his captors in a hail of bullets.

These memorable last words resonated deeply with the Ukrainian public, who responded with a mixture of outrage over the criminal nature of the killing and admiration for the stunning courage of the victim. Within hours of the video’s appearance, Matsievsky was being commemorated across Ukrainian social media with hundreds of portraits and memes paying tribute to his defiant stand. Murals have already appeared on the streets of Ukrainian cities. There is even talk of a monument.

Matsievsky is the latest symbol of Ukraine’s unbreakable resolve in a war which has already produced plenty. From the famous “Russian warship, go f**k yourself” of the Snake Island garrison, to the seemingly superhuman tenacity of the Azovstal defenders, Ukraine has witnessed a large number of iconic moments over the past year capturing the spirit of resistance that has gripped the country since the onset of Russia’s full-scale invasion in February 2022.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

This is not at all what Russia was expecting. When Putin gave the order to invade Ukraine, he had been led to believe the Ukrainian public would welcome his troops and had been assured that organized military resistance would collapse within a matter of days. Billions of dollars had been spent preparing the ground by bribing Ukrainian officials to change sides and back the invasion. The stage was supposedly set for a triumph that would extinguish Ukrainian statehood and confirm Putin’s place among Russia’s greatest rulers.

It is now clear that Putin’s complete misjudgment of Ukrainian morale was one of the most remarkable intelligence failures of the modern era. He appears to have fallen into the trap of many long-serving dictators and surrounded himself with loyalist yes-men intent on telling him what he wanted to hear.

This toxic trend was exacerbated by the enforced isolation of the Covid pandemic, which appears to have further fueled Putin’s Ukraine obsession and strengthened his conviction that the country must be subjugated at all costs. In the increasingly claustrophobic climate of the Putin Kremlin, it is hardly surprising that his intel chiefs chose to reinforce these prejudices and encourage his reckless imperial ambitions. If they had attempted to counsel caution, they would likely have been dismissed.

This sycophancy was to have disastrous consequences. Far from greeting Putin’s invading army with cakes and flowers, the Ukrainian nation rose up and united in defiance against Russian aggression. Tens of thousands flocked to enlist in the Ukrainian military and territorial defense units, while millions more mobilized to support the war effort through fundraising, donations, and the improvised production of essential items such as anti-tank obstacles and Molotov cocktails.

Within weeks of the invasion, a vast network of Ukrainian volunteers was supplying frontline soldiers with everything from food and medicines to drones and jeeps. Despite the horrors of the past year, this steely determination to defy Russia remains firmly intact throughout Ukrainian society. Whatever else today’s Ukraine may lack, morale is certainly not an issue. Quite the opposite, in fact.

The same cannot be said for the Russian army. In response to the catastrophic losses suffered during the first six months of the invasion, Putin announced Russia’s first mobilization since World War II in September 2022. The bulk of the estimated 300,000 men mobilized last year are now in Ukraine, where they are being thrown straight into battle despite being untrained and under-equipped.

Since late January, a steady stream of videos have begun appearing on social media featuring groups of mobilized Russian troops appealing to Putin or their own regional representatives. They typically complain of suicidal tactics and heavy casualties while protesting their role as frontline shock troops and calling for redeployment to rear areas. In some cases, mobilized men have announced that they will directly refuse to follow orders.

Growing signs of demoralization within the ranks of the Russian military could become a major issue for the Kremlin at a time when Putin faces no other obvious domestic challenges to his war policy.

At present, there is little sign of significant anti-war sentiment on the home front inside Russia. On the contrary, independent surveys indicate consistently high levels of public support for the invasion, while those who do object have largely chosen to keep quiet or flee the country. While many question the validity of polling data in a dictatorship, the complete absence of any meaningful efforts to protest the war points to a passive acceptance of the invasion at the very least.

The prospects of a Kremlin coup look to be similarly slim. While many within the Russian elite are said to have been appalled by the decision to invade Ukraine, they have since reconciled themselves to the new reality and are for the most part far too personally dependent on Putin to mount any serious challenge to the Kremlin.

This leaves the military as the one potential source of serious opposition to the war. If Russian commanders persist with their human wave tactics and mobilized troops continue to die in large numbers, the current tide of discontent may evolve into outright mutiny, with highly unpredictable consequences for Putin and his regime.

The importance of morale in warfare has long been recognized. Napoleon Bonaparte famously observed that three-quarters of military success is down to morale. This helps explain why the Ukrainian army has over-performed so spectacularly during the first year of the invasion, while Russia itself has struggled to live up to its prewar billing as the world’s second most powerful military.

Crucially, Ukrainians know exactly what they are fighting for. They are defending their homes and families against an enemy intent on committing genocide and wiping their country off the map. Understandably, they need no further motivation. In contrast, Russians have been told they are fighting against everything from NATO expansion and gay parades to Anglo-Saxon Satanists and Ukrainian Nazis.

While Ukrainian soldiers are focused on the clearly defined objective of liberating their country, Russia’s war aims appear to be far more ambiguous and are often subject to sudden revision. Once the cannon fodder approach of the Russian generals is factored in, it is no surprise that morale is becoming such an issue for Putin’s army.

Could collapsing morale decisively undermine the Russian invasion? We should have a better idea regarding the scale of the problem in the coming few months, as both Russia and Ukraine pursue major spring offensives that will test the resilience of their respective armies. At this stage, Putin is preparing for a long war and still hopes to outlast the West. He has a stable home base and sufficient resources to potentially continue the invasion for at least two more years. However, the situation could change dramatically if his demoralized army refuses to fight.

Peter Dickinson is Editor of the Atlantic Council’s UkraineAlert Service.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.

Follow us on social media
and support our work

The post Will morale prove the decisive factor in the Russian invasion of Ukraine? appeared first on Atlantic Council.

]]>
The fourth inflection point: Testimony of Frederick Kempe to the House Permanent Select Committee on Intelligence https://www.atlanticcouncil.org/commentary/testimony/the-fourth-inflection-point-testimony-of-frederick-kempe-to-the-house-permanent-select-committee-on-intelligence/ Wed, 01 Mar 2023 02:58:15 +0000 https://www.atlanticcouncil.org/?p=618108 This moment is as crucial as the periods after World War I, World War II, and the Cold War, when US leadership alongside allies and partners—or the failure of US leadership—will have global and generational consequences.

The post The fourth inflection point: Testimony of Frederick Kempe to the House Permanent Select Committee on Intelligence appeared first on Atlantic Council.

]]>

On Tuesday, Atlantic Council President and CEO Frederick Kempe participated in a hearing of the House Permanent Select Committee on Intelligence with other leaders of think tanks. Below is an edited version of his written testimony.

Chairman Turner, Ranking Member Himes, esteemed members of the House Permanent Select Committee on Intelligence, thank you for the opportunity to testify on geopolitical threats, how to meet them, and the role of the intelligence community.

It is fitting that the House Permanent Select Committee on Intelligence should be convening this public session four days after the first anniversary of Russian President Vladimir Putin’s criminal and unprovoked invasion of Ukraine. It is also just a week after US President Joe Biden’s brave and potentially historic visit to Ukraine—I will come back to what I mean by “potentially.”

Putin’s war in Ukraine underscores three crucial and interlocking issues worth highlighting today.

  • First, we live at a historic inflection point, as crucial as the periods after World War I, World War II, and the Cold War, where US leadership alongside allies and partners—or the failure of US leadership—will have global and generational consequences. In short, we live at the fourth inflection point since World War I. Hence, our actions now should be informed by history’s lessons and thus a conviction that Ukraine’s war is at the same time a battle over what set of actors and principles will shape the global future.
  • Second, with the enormity of those stakes in mind, Putin’s ongoing war in Ukraine, along with its failure thus far to have achieved its ends, underscores both the strengths and weaknesses of the US intelligence community in navigating this defining moment. There is an urgent necessity to enhance the strengths and address the weaknesses, as the intelligence community is not appropriately organized or funded for this moment.
  • Most important for this committee, and for the United States more generally, is to understand, at such a defining moment, the dramatic and decisive connection between short-term decisions and actions and longer-term commitments and consequences. If the intelligence community has a glaring weakness, alongside the United States government and Congress more generally, it is in providing intelligence-driven, longer-term analytical frameworks within which one can more confidently understand and respond to the wealth of daily intelligence.

So first, let me address each of these three points, starting with the fourth inflection point for the United States since World War I.

The fourth inflection point

Biden was right when he said during his presidential campaign, and frequently since then, that we face an “inflection point” in history, where it will be decided what countries and values will shape the global system for the era ahead. I have been writing an Atlantic Council newsletter since 2016 called “Inflection Points,” having sensed and advocated that point of view before it became more popular.

Putin’s invasion of Ukraine on February 24, 2022, and the ongoing war that followed, brought into sharp relief a new era of strategic competition that had been unfolding for several years already.

How we manage this period now, in the face of external authoritarian threats and internal challenges to democracies worldwide, will be no less critical than US actions alongside allies and partners during the three previous inflection points, moments in history when the US role has had outsized consequences: after World War I, World War II, and the Cold War.

The lessons of history are clear on this.

After World War I—where nine million soldiers and five million civilians died—we collectively squandered a historic opportunity to create a better world through the tragic failure of postwar arrangements (the Versailles Treaty and the League of Nations, among them), through the bitter continuation of European fissures, and through our own misguided isolationism. This resulted in the rise of fascism, the outbreak of World War II, and the Holocaust. World War II would be the deadliest conflict in human history, with an estimated seventy to eighty million fatalities, most of them among civilians.

After World War II, we as a country did something that was until that time aberrational in American history. We remained engaged in Europe and the world despite postwar fatigue and widespread isolationist sentiment. We introduced the Marshall Plan, providing economic assistance to restore the economic infrastructure of postwar Europe, and with our partners we constructed multilateral institutions to secure the future and, if possible, to prevent future great power conflicts: the United Nations, the Bretton Woods Institutions, NATO, and others.

Together with our allies, we constructed what came to be known as the international liberal order of institutions, rules, and practices that expanded democracy, prosperity, and security, and safeguarded our own freedoms and values. It brought us the longest, sustained period of major-power peace, prosperity, and democratic expansion in history.

In many respects, the Cold War was the World War III that never happened. Our triumph in that struggle between two competing ideologies and systems, without a shot being fired, was a credit not only to military deterrence and the remarkable unsung work of our intelligence agencies, but it was at the same time a victory of our national resilience, and our dynamic and magnetic democratic and free-market system and values. It was one of the greatest accomplishments of American international engagement and statecraft.

After the Cold War, our failures were not as dramatic as they were after World War I, but neither were our successes as great or architecturally ambitious as they were after World War II.

Initially, we were able to expand NATO, enlarge the European Union, and increase the number of people and countries who lived outside despotic rule with rising incomes and expanding rights.

It even appeared for a time that China would join the world of moderate and modernizing nations. However, as we see now, that period did not end up being the end of history but rather marked the beginning of a new strategic competition.

So, that leaves us with the post–post­–Cold War period, though we should seek a better description for our era, where a contest is in full flower over who and what principles will define the global future.

Put most simply, there are three alternatives: the reinvigoration and perhaps reinvention of the liberal international order put in place after World War II, the replacement of that order over time by a Chinese-led illiberal order, or global chaos and incoherence, more along the lines of Putin’s law of the jungle than any rule of law.

As we meet today, we have a generational opportunity to shape the future that Putin’s potential failure presents us.

Last year at this time, it seemed democracies were in retreat and authoritarianism was on the rise following sixteen years during which Freedom House has tracked the relative decline of democracy globally. In early February of last year, shortly before the Beijing Winter Olympics, China’s Xi Jinping and Russia’s Putin entered a “no limits” strategic partnership that viewed US and Western leadership in irreversible decline.

The Ukraine war followed.

The past year, however, has been a challenging one for the world’s worst authoritarians: Putin, Xi, and Iranian Supreme Leader Ayatollah Ali Khamenei.

They ended 2022 reeling from self-inflicted wounds, the consequences of hubris, overextension, and a gamble that US alliances would crumble in the face of a challenge. Russia’s war is failing, and its economy is imploding. China’s excessive authoritarianism, thoughtlessly provocative “wolf warrior diplomacy,” and botched COVID-19 response slowed its growth and alarmed international (particularly European) partners. And Iran’s rush to nuclear capability and draconian response to ongoing protests following the death of Mahsa Amini, have shown the ayatollah’s theocracy is on shakier ground than many experts have thought.

If Putin prevails, history has taught us that the necessity for other countries’ boots on the ground will grow.

At the beginning of my comments, I called Biden’s trip to Kyiv last week “potentially historic.” What I meant by that was that it would be historic depending on what follows now. For Ukraine to prevail would require a “surge” in support to Ukraine now to confront an unfolding Russian offensive.

Biden’s assurance to Ukraine that the United States would support its struggle “as long as it takes” is well-intentioned, but a war of attrition favors Moscow and endangers tens of thousands more Ukrainians and raises the prospect of US, Western, and Ukrainian war fatigue.

If we truly believe that the battle for the global future is being fought in Ukraine and by Ukrainians, then the money spent now from the United States and other allied budgets is a bargain compared to what we will all need to spend if Russian and Chinese ambitions advance.

If Putin prevails, history has taught us that the necessity for other countries’ boots on the ground will grow. As former Secretary of State Condoleezza Rice and former Secretary of Defense Robert M. Gates (both honorary directors on the Atlantic Council’s Board of Directors) wrote in the Washington Post in January, “It is better to stop (Putin) now, before more is demanded of the United States and NATO as a whole.”

Lessons for US intelligence reform

That brings me to what this period tells us about US intelligence strengths and weaknesses—and what we should do to enhance the strengths and urgently address the weaknesses.

The Ukraine war has underscored intelligence triumphs and failures.

The United States did an extraordinary job of highlighting Putin’s war plans and ambitions and warning in advance of the very real danger of invasion. It was a notable break with past US policy and risked exposing US sources and methods. But it paid off spectacularly in robbing Putin of any guise of deniability and hammering home that this was a planned invasion, while allowing Ukraine to prepare. When US predictions proved to be accurate, it bolstered the international credibility of US intelligence. It also highlighted areas where intelligence sharing with US allies needed to be improved.

On the other hand, US intelligence did not foresee Russian military weaknesses and underestimated Ukraine’s defensive capabilities and resilience. Threat assessment is never easy, but it is crucial to prepare for future threats.

One of the questions this committee is seeking to address is whether the intelligence community is organized and funded appropriately to address current and future threats. The short answer is: not by a long shot.

The immediate post–Cold War era proved a difficult adjustment period, but the United States intelligence community successfully transformed itself in the aftermath of 9/11 to meet the needs of the war on terror and support two decades of sustained combat operations.

US intelligence operates at a faster tempo, and its analysis is more integrated with operations than ever before. Furthermore, its ability to find and track threats all over the world, as well as to support military operations, is breathtaking. We see how that applies even outside of a war-on-terror context in the war in Ukraine, where US intelligence has been critical for supporting Ukraine’s military operations and planning.

However, despite this success in the past two decades, the intelligence community must transform again. While potentially useful adaptations and improvements from the post-9/11 era should not be discarded, the intelligence community must adjust and even hearken back to some of its strengths and features during the half-century long competition with the Soviets during the Cold War.

This transformation must begin with human capital, including some fundamental changes in how the intelligence community hires and manages its personnel, as well as the kind of expertise it fosters.

Before I joined the Atlantic Council, I served for more than a quarter of a century as a journalist at the Wall Street Journal. Drawing from that experience, I can tell you that there is a substantial difference between looking for a reporter who is highly skilled at dashing off a few quick lines of breaking news versus one who is a deeply knowledgeable on a subject and capable of conveying ample context and comprehension of a complex issue.

We need more of the latter in the intelligence community. We need more analysts who can think at the strategic level and marshal in-depth knowledge of our adversaries, including long-term trends and drivers of their economies, societies, political systems, militaries, goals, and intentions; and their strengths and weaknesses. 

With that type of analysis, the US government might have been less surprised, for example, by the Russian military’s poor performance in Ukraine. We might have been less surprised by China’s turn from biding its time and hiding its strength to a full-range global competitor that has little interest in human rights, a free press, or respecting democracy in Hong Kong. The immense difficulty of spying in China—where the Central Intelligence Agency (CIA) lost between eighteen and twenty operatives in one disastrous two-year period, from 2010 to 2012—demonstrates this. However, with China becoming ever more ambitious and brazen on the world stage, the need for strong intelligence and deep, thoughtful analysis is more pronounced than ever. We need fewer analysts focusing on rapid reaction to operational and tactical-level issues.

My understanding is that the intelligence community has changed its personnel practices in recent years to emphasize general analytic and writing skills over depth of knowledge or time working on a particular portfolio. I have heard that many intelligence community organizations are actively discouraging people from developing much of a specialty on any particular portfolio or spending too much time developing their experience on one topic, in order to be able to quickly move people around to cover emerging crises and conflicts.

This has even been driving some of the deep experts into early retirement or second careers. I am all for flexibility, but I firmly believe we quickly need to reverse that trend and start growing long-term experts on the key countries and issues for strategic competition—and even hire some external experts in the meantime if that is what it takes to ensure that knowledge base is readily available.

Congress should also work with the director of national intelligence (DNI) to grant greater professional freedom to talented intelligence officers. Toward this end, they should seek to make security clearances completely interchangeable. Family obligations, opportunities for promotion, and a desire to learn new skill sets can drive talented intelligence officers to other intelligence agencies, just as those factors would influence a lawyer, teacher, nurse, or bankers in the same way. That is something we ought to embrace. However, the eighteen intelligence community agencies have varying systems for background checks, no uniform policy on polygraphs, and inconsistent additional requirements, all of which means that officers often cannot easily move to another agency, despite already having access to much of the same information and systems.

It also means that prospective employees, such as recent college graduates, need to have a separate application process for every agency to which they want to apply to work. Here, Congress can help. It should create a single common background check and standardized set of hiring requirements for all intelligence community officers. If an agency, for whatever reason, determines additional requirements are necessary for employment at that agency, it should be required to obtain the DNI’s approval to include them as part of the hiring process.

Moreover, some organizational changes are necessary for this era of strategic competition. Some of them are already happening, with the CIA and Defense Intelligence Agency (DIA) having established centers focused on China. This is a positive development, but we need to start looking beyond the obvious.

For example, my Atlantic Council colleague Jonathan Panikoff, a former intelligence officer, has argued the US Department of Commerce now needs its own intelligence officers to help it keep up with its international trade and export control responsibilities, particularly vis-à-vis China. When the war on terror was our primary focus, it would have seemed foolish to advocate for an intelligence element at the Department of Commerce; today, it should be a top priority, as much of our future security depends on countering China’s threats to our technology and innovation base.

In addition, the intelligence community needs to become more effective at navigating public-private partnerships to address many of the challenges it will face in the years ahead. For example, we saw the impact of COVID-19 on supply chains and the importance of supply chains to US national security, including economic security, given that nowadays we cannot realistically separate the two. But the intelligence community does not have the background or expertise to meaningfully address these challenges in the near or medium term by itself. Instead, the United States should better partner with private-sector companies already deeply involved in this work. Doing so will come at a cost but one whose premium will be far less than trying to reinvent the wheel. There are major corporations, such as Intel, that have over a thousand people just working on supply chain issues. We cannot and should not try to duplicate this effort. We do not have the time to learn or train—it is an issue that must be addressed immediately, and the expertise and knowledge required is extensive. And even if we could recruit on our own, doing so would not be a good use of time or resources as the US government would be competing against the many private-sector companies that can offer both incentives and salaries the government cannot.

As well, we should mitigate the extent to which the director of national intelligence is subject to the whims of politics. To help address that, the DNI should have a fixed, five-year term, renewable once. There is no perfect way to ensure a president will not choose someone who would be unacceptable to a president of a different party in the future if the DNI has a five-year, fixed term—and that is why the president’s prerogative to dismiss the individual should be retained—but the political price for doing so should be high.

The simplest option is to replicate the Federal Bureau of Investigation (FBI) model but for a five-year term, rather than a ten-year term. Only one FBI director has ever completed a full ten-year term, so a five-year renewable term might be more realistic anyways.

It is essential that the US intelligence community does more to improve cooperation and collaboration with allies.

We also need to improve cohesion among those involved in intelligence, and the most important step to take toward this end is to strengthen cohesion with our allies on intelligence matters.

Inside the US intelligence community, it appears to me that we have made strides toward improving cohesion. While not perfect, nearly two decades after the Intelligence Reform and Terrorism Prevention Act of 2004 and the establishment of the Office of the Director of National Intelligence that law created, we have organized a true US intelligence community in a way that did not previously exist.

My sense, however, is that we have not matched these important domestic steps to achieve cohesion with similar progress on coordination with allies, even our closest ones. It is essential that the US intelligence community does more to improve cooperation and collaboration with allies. My organization published a paper on this very subject a few months ago, authored by a former US DIA senior executive and a retired British military intelligence officer. Entitled “Beyond NOFORN: Solutions for increased intelligence sharing among allies,” the piece offers several policy recommendations to reduce barriers to cooperation. I will not recount all the details here, but I recommend it to you and your staffs. 

Ultimately, I think what will be necessary is a change in incentives for intelligence leadership and the workforce to make more progress on how we share intelligence with allies. For change to come, it will require engagement from you in the form of oversight, or even legislation, if it is not going to come from within the intelligence community.

In addition, Congress can take action to improve oversight of efforts to strengthen the intelligence community.

Congress should ensure there is a much greater emphasis on sharing unclassified assessments with the public. Decisions relevant to strategic competition are made every day by people without security clearances, in multiple sectors. I humbly ask you to ensure the intelligence community remembers that, and that they see institutions like the Atlantic Council conducting analysis on national security issues not as competitors but as eager audiences and even potential partners in their difficult and important work.

Holding these open hearings in parallel with the intelligence community’s Worldwide Threats hearing is perhaps just one step toward greater engagement between the intelligence community and the public. It would be even more helpful to mandate some form of engagement between the content of Worldwide Threats briefs and non-government assessments. I think there is ample evidence to suggest that think tanks, for example, and the US intelligence community can learn from each other and thereby ensure a better-informed public on key issues pertaining to strategic competition.

Overall, the intelligence community should accelerate and deepen its reorganization and realignment for strategic competition, with a particular focus on revising its approach to human capital and adding an intelligence element to the Department of Commerce. The intelligence community should also be encouraged and enabled to improve cohesion with allies, and oversight efforts should promote more opportunities for intelligence community engagement with experts and analytic institutions outside the government.

Stepping up to strategic competition

In closing, and this was my third point, we need a change of attitude and an acknowledgment that we are facing a historic inflection point where we face a peer authoritarian competitor in the form of China and peer authoritarian disruptor in the form of Russia that is unprecedented in our history. As with any competition, when your opponent changes or improves their game, you need to respond.

There was a period of time where our often-disabling political polarization, when our failures to institute reforms to strengthen our capabilities and address our weaknesses, were the unharmful indulgences of a necessarily messy democratic system.

If the intelligence community has a weakness, alongside the United States government and Congress more generally, it is in providing intelligence-driven, longer term analytical frameworks within which one can more confidently understand and respond to emerging challenges.

The risks of inaction are growing alongside the urgency for common cause in the face of the fourth inflection point of the period between World War I and today. History has taught us the long-term and tragic cost of our failures and the benefits of constructive, concerted, and intelligence-driven international engagement.


The post The fourth inflection point: Testimony of Frederick Kempe to the House Permanent Select Committee on Intelligence appeared first on Atlantic Council.

]]>
Kroenig interviewed by Bloomberg discussing the unidentified flying objects shot down https://www.atlanticcouncil.org/insight-impact/in-the-news/kroenig-interviewed-by-bloomberg-discussing-the-unidentified-flying-objects-shot-down/ Mon, 27 Feb 2023 21:31:50 +0000 https://www.atlanticcouncil.org/?p=617519 On February 16, Scowcroft director Matthew Kroenig was interviewed by Bloomberg’s David Westin on the four unidentified flying objects most recently shot down by the US and Canada. Kroenig provides insight into what the objects may have been, as well as their functions, and discusses the advantages of using a balloon or drone, rather than […]

The post Kroenig interviewed by Bloomberg discussing the unidentified flying objects shot down appeared first on Atlantic Council.

]]>
original source

On February 16, Scowcroft director Matthew Kroenig was interviewed by Bloomberg’s David Westin on the four unidentified flying objects most recently shot down by the US and Canada. Kroenig provides insight into what the objects may have been, as well as their functions, and discusses the advantages of using a balloon or drone, rather than a satellite, for surveillance or intelligence purposes. The uncertain and classified nature of the situation is also classified, with an emphasis that nothing is certain and that the situation is still evolving.

This suggests a certain brazenness on the part of China… We see [Xi Jinping] challenging the United States across multiple dimensions of national power: economically, stealing intellectual property; militarily, increasing his threats against Taiwan; diplomatically… it’s not a surprise we’re seeing a more aggressive approach, also, in the intelligence space.

Matthew Kroenig

The post Kroenig interviewed by Bloomberg discussing the unidentified flying objects shot down appeared first on Atlantic Council.

]]>
Eftimiades in TIME https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-in-time/ Thu, 16 Feb 2023 20:03:34 +0000 https://www.atlanticcouncil.org/?p=616713 Nicholas Eftimiades discusses why China launched a spy balloon over the United States.

The post Eftimiades in TIME appeared first on Atlantic Council.

]]>

On February 16, Forward Defense Nonresident Senior Fellow Nicholas Eftimiades published an article in TIME magazine to discuss the reasons China may have deployed a spy balloon over the United States and the implications for the relationship between the two countries. Eftimiades suggested that the balloon may have been designed to intercept high frequency radio communications or satellite downlink data.

Beijing badly miscalculated by violating US airspace, particularly on the eve of Secretary of State Blinken’s visit.

Nicholas Eftimiades

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades in TIME appeared first on Atlantic Council.

]]>
Rich Outzen joins WION to discuss the Chinese surveillance balloon https://www.atlanticcouncil.org/insight-impact/in-the-news/rich-outzen-joins-wion-to-discuss-the-chinese-surveillance-balloon/ Thu, 16 Feb 2023 19:17:33 +0000 https://www.atlanticcouncil.org/?p=646888 The post Rich Outzen joins WION to discuss the Chinese surveillance balloon appeared first on Atlantic Council.

]]>

The post Rich Outzen joins WION to discuss the Chinese surveillance balloon appeared first on Atlantic Council.

]]>
What US adversaries are learning from the balloon and UFO saga https://www.atlanticcouncil.org/blogs/new-atlanticist/what-us-adversaries-are-learning-from-the-balloon-and-ufo-saga/ Wed, 15 Feb 2023 11:06:41 +0000 https://www.atlanticcouncil.org/?p=612374 The reactions to these objects among politicians and the public say more about "us" than "them."

The post <strong>What US adversaries are learning from the balloon and UFO saga</strong> appeared first on Atlantic Council.

]]>
Citizens are understandably concerned about the recent downing of a Chinese spy balloon and three other unidentified objects traveling over North American airspace. For countries in North America, long protected by the Atlantic and Pacific oceans, the thought—let alone an actual instance—of a foreign incursion is jarring. It is just not a part of our history. However, three things are even more concerning: the lack of US government clarity on what is happening, the possible threat to North America in the medium to long term from China or other actors, and how the reactions to these objects say more about “us” than “them.”

What is going on?

Conspiracy theories are a part of the human condition. We fill in gaps of knowledge with stories, suspicions, and fears to create a whole understanding of what is happening around us. The government’s delayed notification to the American public early this month about a large balloon, in some instances visible to the naked eye, and the lack of urgency to remove it from US airspace naturally led knowledgeable and unknowledgeable people to fill in the gaps. Perhaps the balloon was for weather observation (as the Chinese government proclaimed) or to collect signals intelligence or to collect imagery intelligence or just a test to see if the United States would identify its presence. All those theories were bandied about, but no one really knew—and US government spokespeople and leaders were unable or unwilling to provide clarity in a timely manner.

The shootdown of three additional flying objects only adds to the growing hysteria, especially since the US government is providing even less information. A basic tenet of the communications profession is to provide information in a timely and accurate manner and to answer questions honestly and as thoroughly as possible. Key US spokespeople’s answers to reasonable questions from journalists have lacked transparency, detail, and timeliness.

Those spokespeople have yet to address concerns about why these objects are suddenly being observed all of a sudden, outside of generic descriptions of turning up the sensitivity of radar systems. And they failed in their responsibility by not immediately and fully discrediting the notion that the three additional flying objects are UFOs made by alien life—allowing the belief to take flight among the public. For spokespeople not to emphasize a far more likely scenario of a foreign or commercial source for these objects is also telling and should be a concern. “What is going on here?” is a valid question and one the US government is obligated to answer.

What’s the threat?

The reality is that every single one of us is tracked as we make our way through daily life. Our mobile phones track our location and digital activities. Our vehicles send back a wide range of information to car manufacturers, including location and maintenance information. Closed-circuit television cameras capture our activities outside of the home. And yes, foreign countries have satellites above our heads that collect imagery, signals, and weather data, among other information. To be fair, the United States collects a vast amount of information on foreigners—far more than can ever be effectively used or analyzed—and it is something that those of us from the intelligence community (as I did during my time in government) use to inform policymakers on potential happenings abroad.

The balloon and three other objects feel different because they are different. Rather than unobtrusive collection that we can neither see nor easily conceptualize, balloons or large drones are something that we can envision over our local areas. We can see and feel the threat. The slow response by US and Canadian officials makes the public question their competence and commitment to keeping the homeland safe. If the balloon was able to go from China to the Montana area, linger for days, and then make its way to the Carolinas, what else is going on? The public is owed an explanation.

In the interim, the additional collection of information about US military facilities, US and Canadian communications, and general imagery of the United States and Canada informs intelligence professionals in China and potentially other adversary countries. After all, if the three yet-to-be-identified flying objects were of a commercial nature, the company that owns them would likely have obtained proper clearances to fly their drone or other object from a regulator such as the US Federal Aviation Administration. One can reasonably deduce that a foreign power is involved.

Is this about us?

So why use a balloon or large drone over North America that was undoubtedly going to be discovered? Because it allows an adversary to see how the United States will respond. Will it sit back and ignore a potential threat? This would provide an adversary some additional avenues for data collection or attack during a time of conflict. Will it simply shoot the items down to remove the threat? That would signal the strength of the US air-defense system and allow adversaries to gauge the response time for military decision-making. The US government response has shown that there may be gaps in airspace defense and intra-government coordination, and a disconnect between how Americans view foreign aircraft overhead versus how Washington may view the encroachment.

It also provides an adversary with insights on how the public will emotionally and politically react. Will politicians on opposite sides bicker and quarrel instead of establishing new requirements for a military response? Will the US president or Canadian prime minister take the issue seriously and implement a severe response on the diplomatic front? We still don’t have the entirety of the story around the three additional flying objects like we do about the surveillance balloon. However, we do know that there was a segment of the population that jumped to irrational conclusions, including that aliens are walking among us. This could be a wonderful conspiracy theory for adversaries to foster in order to divide some segments of North American society against their government and fellow citizens. From an influence or information operations perspective, a simple balloon with likely simple collection capabilities can provide benefits for years to come.


Jennifer A. Counter is a nonresident senior fellow in the Scowcroft Center for Strategy and Security’s Forward Defense practice and a vice president at Orbis Operations, where she advises friendly foreign governments on national-security matters. She previously served in the US State Department and as a US Air Force intelligence officer.

The post <strong>What US adversaries are learning from the balloon and UFO saga</strong> appeared first on Atlantic Council.

]]>
China’s balloon blunder shows the shortcomings of its national security apparatus https://www.atlanticcouncil.org/blogs/new-atlanticist/chinas-balloon-blunder-shows-the-shortcomings-of-its-national-security-apparatus/ Tue, 14 Feb 2023 19:11:24 +0000 https://www.atlanticcouncil.org/?p=611214 The composition of China's security structures indicates that the military did not want to disrupt a major diplomatic moment and thought the balloon would be undetected.

The post China’s balloon blunder shows the shortcomings of its national security apparatus appeared first on Atlantic Council.

]]>
Beijing’s decision to fly a reconnaissance balloon over the United States on the eve of Secretary of State Antony Blinken’s visit to China was a serious error that probably stemmed from both operational miscalculations and bureaucratic shortfalls. Assessments of Beijing’s decisionmaking must be tentative because its internal processes are opaque, but the composition of China’s national security apparatus highlights factors that probably contributed to the misjudgment. These factors suggest that operational planners assumed the United States would not identify the balloon as a Chinese platform and did not intentionally time its approach to coincide with Blinken’s trip.

False confidence in ballooning undetected

US officials have connected the balloon to the People’s Liberation Army (PLA), calling it “a high-altitude balloon program for intelligence collection.” Only the PLA has the interest, mandate, and capability to acquire and operate a large-scale, long-range reconnaissance platform intended to enter foreign airspace and “monitor sensitive military sites,” as US officials said was its mission. The Chinese Foreign Ministry’s flurry of counteraccusations and claims that multiple civilian research platforms were simultaneously blown off course over the United States and South America lack credibility and suggest an effort to distract attention.

PLA planners misjudged the risk that the United States would track the balloon, but they had reason for false confidence. According to US military officials, the United States failed to detect at least three approaches by these platforms in the past several years. Furthermore, planners may have felt confident that even if the US government were to identify the balloon as a foreign platform, it would be unable to attribute it to China. The PLA would have noted the lack of any protest following previous undetected approaches, and a congressionally mandated intelligence assessment of unidentified aerial phenomena in 2021 suggested that the US was in the dark. The assessment stated only that some aerial phenomena “may be technologies deployed by China, Russia, another nation, or a non-governmental entity.”

Lost in bureaucratic stovepipes

PLA officers may also have failed to take Blinken’s visit into consideration because of stovepipes within the Chinese national security system. The visit was part of a carefully choreographed series of exchanges that both Chinese leader Xi Jinping and the Biden administration had worked assiduously to set up, and for the civilian foreign-affairs bureaucracy it was one of the most important events of the year. But the PLA had little direct involvement, partly due to Beijing’s disinterest in strengthening bilateral military channels, and most senior officers were probably only peripherally aware of the preparations. The balloon’s course may also have been decided before the timing of the visit was confirmed and shared with the PLA, and we do not know how much maneuvering capacity the platform has. A Foreign Ministry spokesman implied in mid-January that Blinken’s itinerary was still being ironed out.

Xi’s absolute control over the PLA and insistence on strict obedience rules out any deliberate attempt by the PLA to defy his intentions or sabotage a diplomatic engagement in which he planned to take part. But the incident does reveal limitations in the effectiveness and scope of the Central National Security Commission (NSC), the main mechanism Xi created to synchronize national security across the civilian and military systems. China’s NSC is one of the few bodies that brings together party, state, and military leaders to address national security affairs. Previously published member lists suggest that Blinken’s counterpart Wang Yi and the chief of the PLA’s Joint Staff Department, who should have had general visibility into the balloon program, sit together on the NSC.

Deconflicting military and foreign-policy initiatives is hard in any system, but the inauspicious timing of the balloon overflight is a useful data point that suggests shortcomings in China’s NSC and other coordination mechanisms. Xi’s nebulous definition of national security to encompass social, ideological, and cultural aspects alongside military, diplomatic, and economic factors may detract from the NSC’s ability to focus on coordinating the external aspects of China’s national-security policies.

Why to expect more missteps

One of the most important underlying drivers of poorly timed and uncoordinated PLA activities is the extraordinarily rapid growth in the scope and scale of its operations. Unlike the US military, the PLA’s leaders and staff officers are frequently operating for the first time in new areas of the world, with novel platforms, and in new domains, some of which involve unexpected political ramifications. Some of their most diplomatically damaging missteps have occurred when operating new platforms in new ways: the 2007 anti-satellite missile test that generated hazardous space debris, the 2011 test flight of the J-20 stealth fighter that marred another cabinet-level visit, and the surveillance balloon.

Most senior PLA officers also have had relatively little experience with operations that involve extensive international political or diplomatic considerations. Joel Wuthnow at National Defense University found in 2021 that no four-star PLA officer had been stationed abroad, compared with 58 percent of US four-stars who had served in a foreign country. PLA army officers also continue to occupy the lion’s share of senior positions and they are less likely to have been involved in politically charged interactions with foreign military forces than their navy and air force colleagues. For example, the PLA’s Joint Staff Department is the natural locus for coordinating its operational activities with overall foreign policies, and current chief Liu Zhenli served almost thirty-nine of the prior forty years of his career in domestic army units and the army headquarters.

Beijing’s botched operation has injected a volatile note into bilateral relations at the beginning of a year that is likely to see further strain given the reported plans of US House Speaker Kevin McCarthy to visit Taiwan. But it may also serve as a useful cautionary lesson for Xi and the rest of China’s leadership. The embarrassing exposure may reinforce concerns in Xi’s mind not only about the capabilities of PLA platforms but about his military’s capacity to correctly gauge the risks of high-stakes operations. It may also bolster his appraisal of US intelligence capabilities a year after Chinese officials were reportedly skeptical of US warnings about Russia’s plans to invade Ukraine. With the prospect of more Sino-US confrontations on the horizon, a reminder of the inherent uncertainties of aggressive military actions could be the silver lining on an otherwise destabilizing incident.


Mark Parker Young is a nonresident senior fellow at the Atlantic Council’s Global China Hub, a principal analyst at Mandiant, and a former US deputy national intelligence officer for East Asia.

The views expressed in this article are solely those of the author.

The post China’s balloon blunder shows the shortcomings of its national security apparatus appeared first on Atlantic Council.

]]>
Kroenig in the National Desk on the Chinese spy balloon https://www.atlanticcouncil.org/insight-impact/in-the-news/kroenig-in-the-national-desk-on-the-chinese-spy-balloon/ Tue, 14 Feb 2023 17:27:19 +0000 https://www.atlanticcouncil.org/?p=612005 On February 3, Scowcroft Center director Matthew Kroenig spoke with The National Desk on the implications of the Chinese spy balloon.

The post Kroenig in the National Desk on the Chinese spy balloon appeared first on Atlantic Council.

]]>
original source

On February 3, Scowcroft Center director Matthew Kroenig spoke with The National Desk on the implications of the Chinese spy balloon.

China must believe that it provides additional additive value or they wouldn’t have taken the risk,” Kroenig said. “In addition, where they’re flying this, is concerning. They’re flying this over the US intercontinental ballistic sites. In addition, I think it just shows a brazenness on the part of China that it feels it can challenge the United States and there will be no consequences.

Matthew Kroenig

The post Kroenig in the National Desk on the Chinese spy balloon appeared first on Atlantic Council.

]]>
The 5×5—China’s cyber operations https://www.atlanticcouncil.org/content-series/the-5x5/the-5x5-chinas-cyber-operations/ Mon, 30 Jan 2023 05:01:00 +0000 https://www.atlanticcouncil.org/?p=604684 Experts provide insights into China’s cyber behavior, its structure, and how its operations differ from those of other states.

The post The 5×5—China’s cyber operations appeared first on Atlantic Council.

]]>
This article is part of The 5×5, a monthly series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the 5×5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at SHandler@atlanticcouncil.org.

On October 6, 2022, the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency released a joint cybersecurity advisory outlining the top Common Vulnerabilities and Exposures that Chinese state-linked hacking groups have been actively exploiting since 2020 to target US and allied networks. Public reporting indicates that, for the better part of the past two decades, China has consistently engaged in offensive cyber operations, and as the scope of the country’s economic and political ambitions expanded, so has its cyber footprint. The number of China-sponsored and aligned hacking teams are growing, as they develop and deploy offensive cyber capabilities to serve the state’s interests—from economic to national security.

We brought together a group of experts to provide insights into China’s cyber behavior, its structure, and how its operations differ from those of other states.

#1 Is there a particular example that typifies the “Chinese” model of cyber operations?

Dakota Cary, nonresident fellow, Global China Hub, Atlantic Council; consultant, Krebs Stamos Group

“China’s use of the 2021 Microsoft Exchange Server vulnerability to access email servers captures the essence of modern Chinese hacking operations. A small number of teams exploited a vulnerability in a critical system to collecting intelligence on their targets. After the vulnerability became public and their operation’s stealth was compromised, the number of hacking teams using the vulnerability exploded. China has established a mature operational segmentation and capabilities-sharing system, allowing teams to quickly distribute and use a vulnerability after its use was compromised.” 

John Costello, former chief of staff, Office of the National Cyber Director

“No. China’s approach has evolved too quickly; its actors too heterogenous and many. What has remained consistent over time is the principal focus of China’s cyber operations, which, in general, is the economic viability and growth of China’s domestic industry and advancement of its scientific research, development, and modernization efforts. China does conduct what some would call ‘legitimate’ cyber operations, but these are vastly overshadowed by campaigns that are clearly intended to obtain intellectual property, non-public research, or place Chinese interests in an advantageous economic position.” 

Bulelani Jili, nonresident fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council

“What is unique is how the party-state promotes surveillance technology and cyber operations abroad. It utilizes diplomatic exchanges, law enforcement cooperation, and training programs in the Global South. These initiatives not only advance the promotion of surveillance technologies and cyber tools but also support the government’s goals with regard to international norm-making in multilateral and regional institutions.” 

Adam Kozy, independent analyst; CEO and founder, SinaCyber; former official with the FBI’s Cyber Team and Crowdstrike’s Asia-Pacific Analysis Team

“There is not one typical example of Chinese cyber operations in my opinion, as operations have evolved over time and are uneven in their distribution of tooling, access to the vulnerability supply chain, and organization. However, one individual who typifies how the Chinese Communist Party (CCP) has co-opted domestic hacking talent for state-driven espionage purposes is Tan Dailin (谭戴林/aka WickedRose) of WICKED PANDA/APT41 fame. He first began as a patriotic hacker during his time at university in 2000-2002, conducting defacements during the US-Sino hacker war, but was talent spotted by his local People’s Liberation Army (PLA) branch, the Chengdu Military Region Technical Reconnaissance Bureau (TRB) and asked to compete in a hackathon. This was followed by an “internship” where he and his fellow hackers at the NCPH group taught attack/defense courses and appear to have played a role in the 2003-2006 initial Titan Rain attacks probing US and UK government systems. Tan and his friends continued to do contract work for gaming firms, hacking a variety of South Korean, Japanese, and US gaming firms, which gave them experience with high-level vulnerabilities that are able to manipulate at the kernel level and also afforded them stolen gaming certificates allowing their malware to evade antivirus detection. After a brief period where he was reportedly arrested by the Ministry of Public Security (MPS) for hacking other domestic Chinese groups, he reemerged with several new contracting entities that have been noted to work for the Ministry of State Security (MSS) in Chengdu. Tan has essentially made a very comfortable living out of being a cyber mercenary for the Chinese state, using his legacy hacking network to constantly improve and upgrade tools, develop new intrusion techniques, and stay relevant for over twenty years.” 

Jen Roberts, program assistant, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council

“While no one case study stands out to typify a “Chinese” model, Chinese cyber operations blend components of espionage and entrepreneurship and capitalize on China’s pervasiveness in the international economy. One example of this is the Nortel/Huawei example where espionage, at least in part, caused the collapse of the Canadian telecommunications company.”

#2 What role do non-state actors play in China’s approach to cyber operations?

 

Cary: “Chinese security services still have a marked preference for using contracted hacking teams. These groups often raise money from committing criminal acts, in addition to work on behalf of intelligence agencies. Whereas in the United States, the government may purchase vulnerabilities to use on an offensive mission or hire a few companies to conduct cyber defense on a network, the US government does not hire firms to conduct specific offensive operations. In China, the government may hire teams for both offensive and defensive work, including offensive hacking operations.” 

Costello: “Non-state actors play a myriad number of roles. Most notably, Department of Justice and Federal Bureau of Investigation indictments show clear evidence of contractual relationships between the MSS and non-state actors conducting cyber intelligence operations. Less conventional, Chinese hacktivists have on occasion played a limited but substantive role in certain cases, such as cyberattacks against South Korea’s Lotte group during the US Terminal High Altitude Area Defense (THAAD) system kerfuffle in 2017. Hypothetically, China’s military strategy calls for a cyber defense militia; but the contours or reality of mobilization, training, and reliability are unclear. China’s concept of ‘people’s war’ in cyberspace—a familiar adoption of Maoist jargon for new concepts—has been discussed but has yet to be seen in practice in any meaningful form.” 

Jili: “State investment and procurement of public security systems from private firms are driving the development of China’s surveillance ecosystem. Accordingly, private firm work and collaboration with the state are scaling Beijing’s means to conduct surveillance operations on targeted domestic populations that are perceived threats to regime stability. Crucially, given the financial incentives to collaborate with Beijing, private companies have limited reasons not to support state security prerogatives.” 

Kozy: “This question has the issue of mirroring bias. We tend to view things from a United States and Western lens when evaluating whether someone is a state actor or not, because we have very defined lines around what an offensive cyber operator can do acting on behalf of the US government. China has thrived in this grey area, relying on patriotic hackers with tacit state approval at times, hackers with criminal businesses, as well as growing its domestic ability to recruit talented researchers from the private sector and universities. The CCP has historically compelled individuals who would be considered traditionally non-state-affiliated actors to aid campaigns when necessary. Under an authoritarian regime like the CCP, any individual who is in China or ethnically Chinese can become a state actor very quickly. Actors like Tan Dailin do constitute a different type of threat because the CCP effectively co-opts their talents, while turning a blind eye to their criminal, for-profit side businesses that are illegal and have worldwide impact.” 

Roberts: “Chinese non-state actors are very involved in Chinese cyber operations. A wide variety of non-state entities, such as contractors and technology conglomerates (Alibaba, Huawei, etc.), have worked in tandem with the CCP on a variety of research, development, and execution of cyber operations. This relationship is fortified by Chinese disclosure laws and repercussions of violating them. While Russia’s relationship with non-state actors relies on the opaqueness of non-state groups’ relationships with the government, China’s relationship with non-state entities is much more transparent.”

#3 How do China’s cyber operations differ from those of other states in the region?

Cary: “China has the most hackers and bureaucrats on payroll in Asia. Its operations are not different in kind nor process, but scale. While Vietnam’s or India’s cyber operators are able to have some effect in China, they are not operating at the scale at which China is operating. The most significant differentiator—which is still only speculation—is that China likely collects from the backbone of the Internet via agreements or compromise of telecommunication giants like Huawei, China Unicom, etc., as well as accessing undersea cables.” 

Costello: “Scale. The scale of China’s cyber operations dwarfs those of other countries in the region—the complexity and sheer range of targeting, and the number of domestic technology companies whose increasingly global reach may be utilized for intelligence gain and influence. As China’s influence and global reach expands, so too does its self-perceived need to protect and further expand its interests. Cyber serves as a low-risk and often successful tool to accomplish this in economic and security realms.” 

Jili: “While most regional and global players’ cyber operations have a domestic bent, Beijing also actively promotes surveillance technology and practices abroad through diplomatic exchanges, law enforcement cooperation, and training programs. These efforts not only advance the proliferation of Chinese public security systems, but they also support the government’s goals concerning international norm-making in multilateral and regional institutions.” 

Kozy: “China is by far the most aggressive cyber power in its region. It can be debated that Russian cyber operatives are still more advanced in terms of sophistication, but China aggressively conducts computer network exploitations against all of its regional neighbors with specific advanced persistent threat (APT) groups across the PLA and MSS having regional focuses. Some of its neighbors such as India, Vietnam, Japan, and South Korea have advanced capabilities of their own to combat this, but there are regular public references to successful Chinese cyber campaigns against these countries despite significant defensive spending. Regional countries without cyber capabilities likely have long-standing compromises of critical systems.” 

Roberts: “China has a talent for extracting intellectual property and conducting large-scale espionage. While other threat actors in the region, like North Korea, also conduct espionage operations, North Korea’s primary focus is on operations that prioritize fiscal extraction to fund regime activity, while China seems much more intent on collecting data for a variety of purposes. Despite differing capacities, sophistication, and types of operations, the end goals for both states are not all that different—political survival.”

More from the Cyber Statecraft Initiative:

#4 How have China’s offensive cyber operations changed since 2018?

Cary: “China’s emphasis on developing its domestic pipeline of software vulnerabilities is paying off. China has passed policies that co-opt private research on behalf of the security services, support public software vulnerability competitions, and invest in technology to automate software vulnerability discovery. Together, as outlined by Microsoft’s Threat Intelligence Center’s 2022 analysis, China is combining these forces to use more software vulnerabilities now than ever before.”

Costello: “China’s cyber operations have unsurprisingly grown in scale and sophistication. Actors are less ‘noisy’ and China’s tactical approach to cyber operations appears to have evolved towards more scalable operations, namely supply-chain attacks and targeting service providers. These tactics have the advantage of improving the return on investment for an operation or campaign, as they allow compromise of all customers who use the product or service while minimizing risk of discovery. Supply chain attacks or compromise through third-party services can also be more difficult to detect and identify. China’s cyber landscape is not homogenous, and there remains great variability in sophistication across the range of Chinese actors.

As reported by the Director of National Intelligence in the last few years, China has increasingly turned towards targeting US critical infrastructure, particular natural gas pipelines. This is an evolution, though whether it is ‘learning by doing,’ operational preparation of the battlespace, or nascent ventures by a more operationally-focused Strategic Support Force (reorganization into a Space and Cyber Corps from 2015-17) is unclear. Time will most certainly tell.”

Jili: “Since 2018, the party-state has been more active in utilizing platforms like BRICS (Brazil, Russia, India, China, and South Africa), an emerging markets organization, and the Forum on China-Africa Cooperation (FOCAC) to promote digital infrastructure products and investments in the Global South. Principally, through multilateral platforms like FOCAC, Beijing has promoted resolutions to increase aid and cooperation in areas like cybersecurity and cyber operations.”

Kozy: “Intrusions from China have continued unabated since 2018, with a select number of Chinese APTs having periods of inactivity due to COVID-19 shutdowns. The Cyber Security Law and National Intelligence Law, both enacted in 2017, provided additional legal authority for China’s intelligence services to access data and co-opt Chinese companies for use in vaguely worded national security investigations. Of note is China’s efforts to increase the number of domestic cybersecurity conferences and nationally recognized cybersecurity universities as part of ongoing recruitment pipelines for cyber talent. Though there was increased focus from the Western cybersecurity community on MSS-affiliated contractors after the formation of the PLA Strategic Support Force (PLASSF) in 2015, more PLA-affiliated APT groups have emerged since the pandemic with new tactics, techniques, and procedures. The new PLASSF organization means these entities may be compromising high-value targets and then assessing them for use for offensive cyber operations in wartime scenarios or cyber espionage operations.”

Roberts: “Since 2018, Chinese offensive cyber operations have increased in scale. China has reinvigorated its workforce capacity-building efforts to increase the overall quantity and quality of workers. It has tightened its legal regime, cracking down on external vulnerability disclosure. It has also begun significantly investing in disinformation campaigns, especially against Taiwan. This is evident by the Chinese influence in Taiwan’s 2018 and 2020 elections.”

#5 What domestic entities, partnerships, or roles exist in China’s model of cyber operations model that are not present in the United States or Western Europe?

Cary: “China’s emphasis on contracted hackers coincides with divergent levels of trust between the central government and some provincial-level MSS hacking teams. Some researchers maintain that one contracted hacking team pwns targets inside China to do internal security prior to visits by central government leaders. While there is scant evidence that these attitudes and beliefs make their way into operations against foreign targets, they do likely impact the distribution of responsibilities and operations in a way not seen in mature democracies. The politicization of intelligence services is particularly risky in China’s political system.”

Costello: “The extralegal influence of the CCP cannot be overstated. Though the National Security Law, National Intelligence Law, and other laws ostensibly establish a legal foundation for China’s security apparatus, the reality is that the party is not bound strictly to these laws—and they only demonstrate a public indicator of what power it may possess. The lack of any independent judiciary suggests unchecked power of the CCP to co-opt or compel assistance from any citizen or company for which it almost certainly has near-total leverage. While the suspicion of Chinese organizations can be overblown, the idea that the CCP has the power to utilize not each but any organization is sobering and the root of many of these concerns. The lack of rigorous rule of law, in these limited circumstances, is certainly a competitive advantage in the intelligence sphere.”

Jili: “Beijing has nurtured a tech industry and environment that actively support the party-state’s aims to bolster government surveillance and cyber capabilities. From large firms to startups, many companies work with the state to conduct vulnerability research, develop threat detection capabilities, and produce security and intelligence products. While these private firms rely on Chinese venture capital and state loans, they have grown to service a global customer base.”

Kozy: “Starting with the 2015 control of WooYun, China’s largest vulnerability site, the CCP has gained an incredible amount of control of the vulnerability supply chain within China, which affords its cyber actors access to high-value vulnerabilities for use in their campaigns. The aforementioned 2017 laws also made it easier for Chinese authorities to prevent domestic researchers from competing in cyber conferences overseas and improved access to companies doing vulnerability research in China. The CCP’s public crackdowns on Jack Ma, Ant Financial, and many others have shown that the CCP fears the influence its tech firms have and has quickly moved to keep its tech giants loyal to the party; a stark contrast to the relationships that the United States and European Union have with tech giants like Google, Facebook, etc.”

Roberts: “While corporate-government partnerships exist everywhere, what separates the United States and Western Europe from China is the scope and scale of the connective tissue that exists between the two entities. In China, this relationship has more explicit requirements in the cyber domain, especially when it comes to vulnerability disclosure.”

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

The post The 5×5—China’s cyber operations appeared first on Atlantic Council.

]]>
Authoritarian kleptocrats are thriving on the West’s failures. Can they be stopped? https://www.atlanticcouncil.org/in-depth-research-reports/report/authoritarian-kleptocrats-are-thriving-on-the-wests-failures-can-they-be-stopped/ Tue, 24 Jan 2023 13:00:00 +0000 https://www.atlanticcouncil.org/?p=600434 A new, more dangerous form of kleptocracy has arisen since the end of the Cold War, and the transatlantic community—hobbled by outdated, cliched images of what kleptocracy looks like, and by siloed, reactive regulatory and enforcement systems—isn’t equipped to handle it. A Transatlantic Anti-Corruption Council could coordinate anti-corruption reforms.

The post Authoritarian kleptocrats are thriving on the West’s failures. Can they be stopped? appeared first on Atlantic Council.

]]>

A hidden web of power revealed itself to Internet users in early 2022. Following a brutal government crackdown in Kazakhstan in January, anyone using open-source flight-tracking websites could watch kleptocratic elites flee the country on private jets.

A little more than a month later, Russia’s invasion of Ukraine brought a new spectacle: social media users were able to track various oligarchs’ superyachts as they jumped from port to port to evade Western sanctions. These feeds captured a national security problem in near real time: In Eurasia and beyond, kleptocratic elites with deep ties to the West were able to move themselves and their assets freely despite a host of speeches by senior officials, sanctions, and structures designed to stop them.

Kleptocratic regimes—kleptocracy means “rule by thieves”—have exploited the lax and uneven regulatory environments of the global financial system to hide their ill-gotten gains and interfere in politics abroad, especially in the United States, the United Kingdom, and the European Union. They are aided in this task by a large cast of professional enablers within these jurisdictions. The stronger these forces get, the more they erode the principles of democracy and the rule of law. Furthermore, the international sanctions regime imposed on Russia in response to its invasion of Ukraine has little hope of long-term success if the global financial system itself continues to weaken.

The West still has a long way to go to rein in the authoritarian kleptocrats who have thrived on the institutional dysfunction, regulatory failure, and bureaucratic weakness of the transatlantic community for far too long. We need to rethink not just how we combat kleptocracy, but also how we define it. Policy makers need to understand that authoritarian regimes that threaten transatlantic security are closely linked to illicit financial systems. As it stands, our thinking about how foreign corruption spreads is too constrained by stereotypes about kleptocratic goals and actions.

Outdated mental images of kleptocracy hobble the West’s response

Most transatlantic policy makers have in mind the first wave of kleptocracy, which primarily flourished in the late twentieth century. Its rise was intertwined with that of transatlantic offshore finance, which prompted a race to the bottom in financial regulation and a rise in baroque forms of corruption across the post-independence “Third World.”

The corrupt autocrats of the Cold War era flaunted the wealth they stole from their own people. These kleptocrats, many of whom are still spending large today, usually did not weaponize their corruption to influence the foreign policies of the United States or its allies. They were content to offshore their ill-gotten gains in US, UK, and EU jurisdictions with lax oversight over these types of transactions.

But this mental image of the kleptocrat is outdated: These kinds of kleptocratic leaders are not extinct, but they are curtailed. It is no longer a simple matter for first-wave kleptocrats to access the global financial system. Many of the regulatory loopholes exploited by these classic kleptocrats have either already been addressed or are in the process of being closed.

The second wave of kleptocracy, which emerged since the 2000s, is more sophisticated, authoritarian, and integrated into the global financial system than its predecessor. Second-wave kleptocrats intend to use the global financial system for strategic gains—either for self-gain and/or to reshape it in their image—instead of just hiding or securing the money they have stolen. Most notably, this evolution accelerated in Russia under President Vladimir Putin before February 2022, with the agendas of oligarchs and kleptocrats being subordinated to and intertwined with the plans of an ambitious state authoritarian.

Alongside this weaponized corruption, there has arisen in the West a coterie of enablers among the policy makers targeted by second-wave kleptocrats.

The second wave of kleptocracy is more sophisticated, more authoritarian—and more dangerous

Though our understanding of the threat posed by illicit finance has grown ever more sophisticated, our conception of a kleptocrat remains frozen in the mid-to-late 2000s: halfway between David Cronenberg’s 2007 London Russian gangster movie Eastern Promises, which depicted ties between the Russian state and overseas mafia groups, and the 2011 case of Teodoro Nguema Obiang Mangue, vice president of Equatorial Guinea, in which the US Justice Department seized a Gulfstream jet, yachts, cars, and Michael Jackson memorabilia. Both depictions—one fictional, one real—describe the world of ten years ago, when the second wave of kleptocracy was still relatively new.

So what does kleptocracy look like today?

These cases of second-wave kleptocracy show why, despite a decade of transatlantic anti-corruption activism and the sanctions imposed on the Kremlin’s cronies and war chest, the kleptocrats are still winning even as their objectives have evolved.

Chronically underregulated industries fuel the problem

As regulations have caught up to the first wave of kleptocracy, foreign kleptocrats are increasingly switching to different channels for illicit finance. 

Changes in US regulations since 2001

Oct ’01

USA PATRIOT Act passes into law and becomes effective. Title III greatly enhances AML regulations.

The Magnitsky Act is signed into law developing a sanctions mechanism against corruption and kleptocracy in Russia. 

Dec ’12
Jul ’16

FinCEN implements GTOs for the first time. 

The Global Magnitsky Act is signed into law, extending Magnitsky jurisdiction beyond Russia. 

Dec ’16
Dec ’17

The Global Magnitsky Act goes into effect. 

The 2020 AML Act passes, greatly extending AML regulations across multiple industries, and encompasses the Corporate Transparency Act. 

Jan ’21
Dec ’21

The Biden Administration releases its national anticorruption strategy, outlining new defenses it aims to develop against weaponized corruption.

The US Depts of Justice and Treasury form the KleptoCapture unit as part of the G7 and Australia’s REPO task force to enact sanctions against the Kremlin’s invasion of Ukraine. 

Mar ’22

Changes in UK regulations since 2001

Dec ’01

The European Parliament ratifies 2AMLD. Despite coinciding with the USA PATRIOT Act, it aims to strengthen the existing provisions of the 1991 1AMLD. 

The European Parliament ratifies 3AMLD. The extension of AML regulations to money services businesses and other industries is part of reforms to the UK and EU’s AML regulatory landscape recommended by FATF.

Oct ’05
Oct ’13

The UK National Crime Agency (NCA) is formed. Economic Crime Command is the NCA branch that deals with financial crime.

The European Parliament ratifies 4AMLD. It introduces new reporting and CDD requirements.

May ’15
Apr ’17

Criminal Finances Act is passed in the UK parliament. It introduces UWOs as a new tool for law enforcement against foreign kleptocrats. 

The European Parliament ratifies 5AMLD. Despite its eventual departure from the EU, Britain adopts matching legislation.

Jul ’18 
Dec ’19

The Money Laundering (Amendment) is passed in the UK parliament. It extends greater CDD requirements into more industries, such as for crypto exchanges and arts trades. 

The Economic Crime Bill passes in the UK parliament and a new kleptocracy cell is established in the NCA. These reforms are meant to assist with global sanctions against the Kremlin’s invasion of Ukraine. 

Mar ’22

Changes in EU regulations since 2001

Dec ’01

The European Parliament ratifies 2AMLD. Despite coinciding with the USA PATRIOT Act, it aims to strengthen the existing provisions of the 1991 1AMLD.

The European Parliament ratifies 3AMLD. The extension of AML regulations to money services businesses and other industries is part of reforms to the UK and EU’s AML regulatory landscape recommended by FATF.

Oct ’05
Jan ’10

EUROPOL is reformed into an EU agency, extending some of its authority in investigating money laundering operations across the EU. 

The European Parliament ratifies 4AMLD. It introduces new reporting and CDD requirements.

May ’15
Jul ’18

The European Parliament ratifies 5AMLD. Despite its eventual departure from the EU, Britain adopts matching legislation.

The European Union establishes the EU “freeze and seize” task force. The task force works with the G7 and Australia REPO task force to enact sanctions against the Kremlin’s invasion of Ukraine.

Mar ’22
Dec ’22

The European Parliament ratifies the European Magnitsky Act, granting the European Commission the power to place sanctions on human rights abusers and kleptocrats. 

Central to both the failure of transatlantic regulation and the strategies of second-wave kleptocrats are chronically underregulated financial industries: private investment firms, art dealerships, real estate agents, and luxury goods providers. The global arts trade industry was estimated to be worth $65 billion in 2021, with the United States, the UK, and the EU accounting for at least 70 percent ($45.5 billion) of worldwide sales.

As of 2020, the total value of assets under management in the global private investment industry was estimated at $115 trillion, more than $89 trillion of which was in the US, UK, and EU.

In 2020, the global value of residential real estate was an estimated $258.5 trillion, with North America and Europe together composing at least 43 percent of that value (approximately $111.155 trillion).

The cryptocurrency market is the newest. It is also less stable than other financial industries, so its relative size and value fluctuates more dramatically.

Weaponized corruption in action

The 1Malaysia Development Berhad (1MDB) scandal was the largest political scandal in Malaysian history and the most publicly known case of kleptocracy in the world before the release of the Panama Papers in 2016.

From 2009 to 2015 as much as $4.5 billion was stolen from Malaysia’s state-owned investment fund—designed to boost the country’s economic growth—into a variety of offshore accounts and shell companies.

The stolen funds were channeled through multiple jurisdictions, including in the British Virgin Islands and the Dutch Caribbean country of Curaçao, before being passed through US-based private investment firms.

The US Department of Justice believes the funds were “allegedly misappropriated by high-level officials of 1MDB and their associates, and Low Taek Jho (aka Jho Low).”

Instead of being used for economic development in Malaysia, the funds were used to buy real estate in California, New York, and London; paintings by Monet and Van Gogh; and stakes in luxury hotel projects in New York and California, as well as laundered into the film industry as funding for the 2013 film The Wolf of Wall Street.

The film’s production further resulted in the exchange of fine art purchased with dark money, such as pieces of art by Pablo Picasso and Jean-Michel Basquiat that were gifted to actor Leonardo DiCaprio because of his starring role in the film. (DiCaprio returned the paintings to US authorities upon learning how they were acquired.)

The scandal implicated Malaysia’s then-prime minister Najib Razak, alleged to have channeled approximately $700 million into his own personal bank accounts, along with several people close to him.

Photos: Reuters

A large amount of the stolen wealth remains in US real estate and fine art, which the Department of Justice is continuing to recover on behalf of Malaysia. As of August 2021, more than $1.2 billion had been recovered. Yet, given the number of private investment firms, real estate traders, film producers, and arts dealers that were involved in the 1MDB-related illicit finance, it is highly likely the stolen funds have been dispersed across a variety of industries. With better financial intelligence sharing between US, UK, and Dutch authorities, these suspicious dark money flows might have been identified before the money was moved across US financial institutions.

What needs to happen to take on the second-wave kleptocrats?

The US, UK, and EU need a more structured relationship to develop anti-corruption policies. We propose a new mechanism for the transatlantic community to harmonize its necessary response: a Transatlantic Anti-Corruption Council to coordinate anti-corruption policies between the United States, the UK, and the EU. It could connect the various US, UK, and EU agencies and directorates that work on corruption and kleptocracy-related issues, and organize them into expert groups focused on illicit finance, tax evasion, acquisition of luxury goods, and more. Recent cases of weaponized corruption have exploited the lack of regulatory coordination and financial intelligence sharing between transatlantic jurisdictions to evade detection and to corrupt transatlantic democratic and financial institutions. The TACC can work on closing these gaps—but it is only the beginning of a larger transatlantic strategy against weaponized corruption.

The anti-corruption policy to-do list

United States

In the United States, much of the problem stems from a lack of legislation enabling more comprehensive law enforcement and regulatory compliance within these underregulated industries. The United States should:

  • Follow through on the US legislative national anti-corruption strategy. Many of the existing flaws in the US regulatory sphere were correctly identified and should be addressed accordingly. This includes the strategy’s commitment to increasing regulation on the private investment industry, including on firms managing assets totaling less than $100 million.
  • FinCEN, the US FIU, is chronically understaffed, underbudgeted, and relies on outdated technology. Even if legislative reform was passed and/or executive action taken to extend BSA/AML obligations to more financial institutions, FinCEN would be hard-pressed to fully investigate reports it received and to enforce its authority in cases in which financial crime was present.

United Kingdom

The UK, on the other hand, already has much of the legislation it needs to address anti-money-laundering (AML) deficiencies and sanctions evasion occurring in its jurisdictions. It needs to implement that legislation—and address the close connections between the City of London and British Overseas Territories and Crown Dependencies. The UK should:

  • Share legalistic principles and good practices of unexplained wealth orders (UWOs) with allies. UWOs have already proven to be very effective in bringing more investigative power to bear on to foreign kleptocrats based in the United Kingdom
  • Reduce regulatory mismatches between the primary UK jurisdictions and the Crown Dependencies and Overseas Territories, especially with beneficial ownership registries and sanctions compliance
  • Improve verification standards for companies registered in Companies House to identify shell companies
  • Fully implement and enforce existing transparency and national security laws, especially the National Security and Investment Act

European Union

Much like the UK, many of the EU’s problems stem less from a lack of legislation than from the implementation of those policies. The EU faces additional hurdles in ensuring that all its member states harmonize their AML policies. The EU should:

  • Increase compliance requirements for private investment firms managing assets totaling less than €100 million
  • Fully implement the 6th Anti-Money Laundering Directive (6AMLD) across EU jurisdictions. The establishment of an EU Anti-Money Laundering Authority will be essential for harmonizing regulations across the European Union (EU).
    • 6AMLD measures should also be applied to overseas autonomous territories like Aruba.
  • Increase enforcement of laws that prohibit the spread of corruption in foreign territories, particularly for cases that involve spreading corruption to fellow EU member states

Transatlantic community

The transatlantic community should:

  • Work closely with the United States in its national anti-corruption strategy. The strategy’s success will be heavily dependent on the degree of cooperation between US allies and the Biden administration in its implementation.
  • Match regulatory legislation on both sides of the Atlantic. This will permit better coordination of sanctions between allies and reduce tensions between the United States and its allies when the United States relies on extraterritorial action.
  • Create channels for financial intelligence units and private sector actors in transatlantic jurisdictions to share information about suspicious clients, transactions, and transfers. The Europol Financial Intelligence Public Private Partnership (EFIPPP) may be a good platform for increased intelligence sharing.
  • Establish the Transatlantic Anti-Corruption Council (TACC). Its main purpose would be to coordinate legislation on improving anti-money laundering/Know Your Customer (AML/KYC) policies, share good governance policies (such as beneficial ownership registries) to harmonize regulations, crack down on sanctions evasion, and share financial intelligence on transnational financial criminals to shut down their operations.
    • The TACC should also regularly convene expert working groups on, at a minimum:
    • trade-based illicit finance,
    • market-based illicit finance,
    • bribery and other enabling forms of corruption,
    • acquisition of luxury goods by kleptocrats,
    • asset returns,
    • tax evasion,
    • terrorist financing, and
    • future threats.
    • Financial intelligence working groups should similarly cover individual cases of financial crime at the tactical level. At the executive level, primary stakeholders in the TACC should be
    • the Departments of State, Treasury, and Justice, and USAID on the US side,
    • the Foreign, Commonwealth & Development Office (FCDO); His Majesty’s Treasury; and the Home Office on the UK side, and
    • the Directorate-General for Economic and Financial Affairs; Directorate-General for Financial Stability, Financial Services and Capital Markets Union; and Directorate-General for Justice and Consumers on the EU side

The late United Nations secretary-general Kofi Annan once said: “If corruption is a disease, transparency is a central part of its treatment.” Annan spoke in a time before the crisis of weaponized corruption rose to prominence, but his words ring clearer now that foreign kleptocrats are spreading their malign influence by means of the money they stole from their own people. The United States and its allies must choose the partners with which it engages more carefully. Otherwise, it may find that some of its partners are in fact proxies for strategic competitors of the transatlantic community who will undermine the West’s security and the integrity of its democracies from the inside.

The post Authoritarian kleptocrats are thriving on the West’s failures. Can they be stopped? appeared first on Atlantic Council.

]]>
Russian War Report: Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize  https://www.atlanticcouncil.org/blogs/new-atlanticist/russian-war-report-russian-hacker-wanted-by-the-fbi-reportedly-wins-wagner-hackathon-prize/ Fri, 13 Jan 2023 19:04:07 +0000 https://www.atlanticcouncil.org/?p=602036 In December 2022, Wagner Group organized a hackathon that was won by a man wanted by the FBI for his connection to computer malware.

The post <strong>Russian War Report: Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize</strong>  appeared first on Atlantic Council.

]]>
As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report. 

Security

Russian forces claim control of strategic Soledar

Tracking narratives

Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize

Frenzy befalls French company accused of feeding Russian forces on New Year’s Eve

Former head of Russian space agency injured in Donetsk, mails shell fragment to French ambassador

Sputnik Lithuania’s former chief editor arrested

International response

New year brings new military aid for Ukraine

Ukrainian envoy to Georgia discusses deteriorating relations between nations

Russian forces claim control of strategic Soledar

Russia said on January 13 that its forces had taken control of the contested city of Soledar. Recent fighting has been concentrated in Soledar and Bakhmut, two cities in the Donetsk region that are strategically important to Ukrainian and Russian forces. Moscow has been trying to take control of the two cities since last summer. Over the past week, Russia has increased its presence on the fronts with the support of Wagner units. Russia wants control of the Soledar-Bakhmut axis to cut supply lines to the Ukrainian armed forces.  

On January 10, Russian sources claimed that Wagner forces had advanced into Soledar. Interestingly, Wagner financier Yevgeny Prigozhin denied the claim and said the forces were still engaged in fighting. Wagner’s presence was established in a camp near Bakhmut. Soldiers from the Wagner Group and other special forces deployed to Bakhmut after other military units had failed to break through the Ukrainian defense.  

On January 11, Ukrainian Deputy Defense Minister Anna Malyar said that heavy fighting was taking place in Soledar and that Russian forces had replaced the unit operating in the city with fresh troops and increased the number of Wagner soldiers among them. The same day, Prigozhin claimed that Wagner forces had taken control of Soledar. The Ukrainian defense ministry denied the allegation. On January 12, Ukrainian sources shared unconfirmed footage of soldiers driving on the main road connecting Bakhmut and Soledar with Sloviansk and Kostyantynivka to as evidence that the area remained under Ukrainian control.  

Elsewhere, on January 11, the Kremlin announced that Valery Gerasimov would replace Sergei Surovikin as commander of Russian forces in Ukraine. The unexpected move could be interpreted as evidence of a struggle for influence in Russian military circles. Surovikin is considered close to Prigozhin’s entourage, which has criticized senior officers recently, including Gerasimov. Some analysts believe that the change signals a possible military escalation from Russia. 

Furthermore, on January 8, Ukrainian forces repelled a Russian offensive the vicinity of Makiyivka and Stelmakhivka. Further north of Lysychansk, on January 11, Ukraine also repelled an attack on the city of Kreminna. In the neighboring Kharkiv region, aerial threats remain high. On the southern front, the city of Kherson and several cities across the Zaporizhzhia region remain targets of Russian attacks.  

Lastly, a new Maxar satellite image from nearby Bakhmut exemplifies the brutality of war on the frontline in Donetsk. The image shows thousands of craters, indicating the intensity of the artillery shelling and exchange of fire between Ukrainian and Russian forces.

Valentin Châtelet, Research Associate, Brussels, Belgium

Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize

In December 2022, the Wagner Group organized a hackathon at its recently opened headquarters in St. Petersburg, for students, developers, analysts, and IT professionals. Wagner announced the hackathon on social media earlier that month. Organizers created the promotional website hakaton.wagnercentr.ru, but the website went offline soon after. A December 8 archive of the website, accessed via the Internet Archive Wayback Machine, revealed that the objective of the hackathon was to “create UAV [unmanned aerial vehicle] positioning systems using video recognition, searching for waypoints by landmarks in the absence of satellite navigation systems and external control.” Hackathon participants were asked to complete the following tasks: display the position of the UAV on the map at any time during the flight; direct the UAV to a point on the map indicated by the operator; provide a search for landmarks, in case of loss of visual reference points during the flight and returning the UAV to the point of departure, in case of a complete loss of communication with the operator.   

On December 9, Ukrainian programmers noticed that hakaton.wagnercentr.ru was hosted by Amazon Web Services and asked users to report the website to Amazon. Calls to report the channel also spread on Telegram, where the channel Empire Burns asked subscribers to report the website and provided instructions on how to do so. Empire Burns claims hakaton.wagnercentr.ru first went offline on December 9, which tallies with archival posts. However, there is no evidence that reporting the website to Amazon resulted in it being taken offline.   

Snapshots of hakaton.wagnercentr.ru from the Wayback Machine show the website was created in a Bitrix24 online workspace. A snapshot captured on December 13 shows an HTTP 301 status, which redirects visitors to Wagner’s main website, wagnercentr.ru. The Wagner website appears to be geo-restricted for visitors outside Russia. 

On December 23, a Wagner Telegram channel posted about the hackathon, claiming more than 100 people applied. In the end, forty-three people divided into twelve teams attended. The two-person team GrAILab Development won first place, the team SR Data-Iskander won second place, and a team from the company Artistrazh received third place. Notably, one of Artistrazh’s co-founders is Igor Turashev, who is wanted by the FBI for his connection to computer malware that the bureau claims infected “tens of thousands of computers, in both North America and Europe, resulting in financial losses in the tens of millions of dollars.” Artistrazh’s team comprised four people who won 200,000 Russian rubles (USD $3,000). OSINT investigators at Molfar confirmed that the Igor Turashev who works at Artistrazh is the same one wanted by the FBI.  

Wagner said that one of the key objectives of the hackathon was the development of IT projects to protect the interests of the Russian army, adding that the knowledge gained during the hackathon could already be applied to clear mines. Wagner said it had also invited some participants to collaborate further. The Wagner Center opened in St. Petersburg in early November 2022; the center’s mission is “to provide a comfortable environment for generating new ideas in order to improve Russia’s defense capability, including information.”

Givi Gigitashvili, DFRLab Research Associate, Warsaw, Poland

Frenzy befalls French company accused of feeding Russian forces on New Year’s Eve

A VKontakte post showing baskets of canned goods produced by the French company Bonduelle being distributed to Russian soldiers on New Year’s Eve has sparked a media frenzy in France. The post alleges that Bonduelle sent Russian soldiers a congratulatory package, telling them to “come back with a win.” The post quotes Ekaterina Eliseeva, the head of Bonduelle’s EurAsia markets. According to a 2019 Forbes article, Eliseeva studied interpretation at an Russian state security academy.  

Bonduelle has issued several statements denying the social media post and calling it fake. However, Bonduelle does maintain operations in Russia “to ensure that the population has access to essential foodstuff.”  

French broadcaster TV 5 Monde discovered that Bonduelle’s Russia division participated in a non-profit effort called Basket of Kindness, sponsored by the Fund of Presidential Grants of Russia. Food and supplies were gathered by food banks to be delivered to vulnerable segments of the population. However, during the collection drive, Dmitry Zharikov, governor of the Russian city of Podolsk, posted on Telegram that the collections would also serve military families.   

The story was shared on national television in France and across several international outlets. The Ukrainian embassy in France criticized Bonduelle for continuing to operate in Russia, claiming it was “making profits in a terrorist country which kills Ukrainians.”

Valentin Châtelet, Research Associate, Brussels, Belgium

Former head of Russian space agency injured in Donetsk, mails shell fragment to French ambassador

Dmitry Rogozin, former head of the Russian space agency Roscosmos, said he was wounded in Ukrainian shelling on December 21, 2022, at the Shesh hotel in Donetsk while “celebrating his birthday.” In response, Rogozin sent a letter to Pierre Lévy, the French ambassador to Russia, with a fragment of the shell.   

In the letter, Rogozin accused the French government of “betraying [Charles] De Gaulle’s cause and becoming a bloodthirsty state in Europe.” The shell fragment was extracted from Rogozin’s spine during surgery and allegedly came from a French CAESAR howitzer. Rogozin requested the fragment be sent to French President Emmanuel Macron. His message was relayed by Russian news agencies, and on Telegram by pro-Russian and French-speaking conspiracy channels.  

At the time of the attack, Rogozin was accompanied by two members of his voluntary unit, “Tsar’s wolves,” who were killed in the attack, according to reporting from RT, RIA Novosti, and others.  

Valentin Châtelet, Research Associate, Brussels, Belgium

Sputnik Lithuania’s former chief editor arrested

On January 6, Marat Kasem, the former chief editor of Sputnik Lithuania, was arrested in Riga, Latvia, on suspicion of “providing economic resources” to a Kremlin propaganda resource under EU sanctions.  

The following day, pro-Kremlin journalists held a small demonstration in support of Kasem in front of the Latvian embassy in Moscow. Russian journalist Dmitry Kiselyov and politician Maria Butina attended the event. 

The demonstration was filmed by Sputnik and amplified with the Russian hashtag  #свободуМаратуКасему (#freedomForMaratKasem) on Telegram channels operating in the Baltic states, including the pro-Russian BALTNEWS, Своих не бросаем! | Свободная Балтика!, and on Butina’s personal channel. The news of Kasem’s arrest also reached the Russian Duma’s Telegram channel, which re-shared Butina’s post. 

Valentin Châtelet, Research Associate, Brussels, Belgium

New year brings new military aid for Ukraine

International efforts in support of Ukraine are continuing in full force in 2023. On January 4, Norway announced it had sent Ukraine another 10,000 155mm artillery shells. These shells can be used in several types of artillery units, including the M109 self-propelled howitzer. On January 5, Germany confirmed it would provide Ukraine with Marder fighting vehicles and a Patriot anti-aircraft missile battery. German news outlet Spiegel also reported that talks are underway to supply Ukraine with additional Gepard anti-aircraft guns and ammunition. 

In addition, UK Foreign Secretary James Cleverly said the British government would supply Ukraine with military equipment capable of delivering a “decisive” strike from a distance. At the end of 2022, UK Defense Secretary Ben Wallace discussed the possibility of transferring Storm Shadow cruise missiles, with a range of up to 250 kilometers. Finland also reported that it is preparing its twelfth package of military assistance to Ukraine.  

US aid to Ukraine is also being reaffirmed with a $2.85 billion package on top of weapon deliveries. Additionally, the US plans to deliver fourteen vehicles equipped with anti-drone systems as part of its security assistance package. The company L3Harris is part of the Pentagon’s contract to develop anti-drone kits. This equipment would help protect Ukrainian civil infrastructure, which has been a frequent Russian target since October 2022.  

On January 6, French President Emmanuel Macron announced that France would supply Ukraine with units of the light AMX-10RC armored reconnaissance vehicle. These vehicles were produced in 1970 and have been used in Afghanistan, the Gulf War, Mali, Kosovo, and Ivory Coast. The French defense ministry also announced that the country was to deliver twenty units of ACMAT Bastion armored personnel carriers. 

On January 11, Ukrainian President Volodymyr Zelenskyy met with Presidents Andrzej Duda of Poland and Gitanas Nauseda of Lithuania in Lviv. During the visit, Duda announced that Poland would deliver fourteen units of the much-awaited German Leopard combat tanks, and Nauseda announced that his country would provide Ukraine with Zenit anti-aircraft systems. 

Meanwhile, the largest manufacturer of containers for the transport of liquified natural gas has ceased operations in Russia. French engineering group Gaztransport & Technigaz (GTT) said it ended operations in Russia after reviewing the latest European sanctions package, which included a ban on engineering services for Russian firms. The group said its contract with Russian shipbuilding company Zvezda to supply fifteen icebreakers to transport liquefied natural gas was suspended effective January 8.

Valentin Châtelet, Research Associate, Brussels, Belgium

Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Ukrainian envoy to Georgia discusses deteriorating relations between nations

On January 9, Andrii Kasianov, the Ukrainian Chargé d’Affaires in Georgia, published an article discussing the deteriorating relationship between the two countries. The article stated that the top issues affecting relations were military aid to Ukraine, bilateral sanctions against Russia, visa policies for fleeing Russians, and the legal rights of Mikheil Saakashvili, the imprisoned third president of Georgia, who is also a Ukrainian citizen. 

Kasianov noted that Tbilisi declined Kyiv’s request for military help, specifically for BUK missile systems, which were given to Georgia by Ukraine during Russia’s 2008 invasion. The diplomat said that the weapons request also included Javelin anti-tank systems supplied to Georgia by the United States.  

“Despite the fact that the Georgian government categorically refused to provide military aid, Ukraine opposes the use of this issue in internal political disputes and rejects any accusations of attempts to draw Georgia into a war with the Russian Federation,” Kasianov said. 

Since the Russian invasion of Ukraine, the Georgian Dream-led government has accused Ukraine, the US, and the EU of attempting to drag Georgia into a war with Russia.  

Eto Buziashvili, Research Associate, Tbilisi, Georgia

The post <strong>Russian War Report: Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize</strong>  appeared first on Atlantic Council.

]]>
Webster in China-Russia Report: Special report: Russian intelligence’s very bad year https://www.atlanticcouncil.org/insight-impact/in-the-news/webster-in-china-russia-report-special-report-russian-intelligences-very-bad-year/ Sat, 07 Jan 2023 16:59:00 +0000 https://www.atlanticcouncil.org/?p=611703 The post Webster in China-Russia Report: Special report: Russian intelligence’s very bad year appeared first on Atlantic Council.

]]>

The post Webster in China-Russia Report: Special report: Russian intelligence’s very bad year appeared first on Atlantic Council.

]]>
Polymeropoulos on MSNBC discussing missile strike in Poland https://www.atlanticcouncil.org/insight-impact/in-the-news/polymeropoulos-on-msnbc-on-missile-strike-in-poland/ Fri, 02 Dec 2022 16:36:21 +0000 https://www.atlanticcouncil.org/?p=591003 MSNBC hosts Marco Polymeropoulos to discuss the significance of the missile strike that landed in Poland

The post Polymeropoulos on MSNBC discussing missile strike in Poland appeared first on Atlantic Council.

]]>

On November 16, Forward Defense nonresident senior fellow Marc Polymeropoulos appeared on MSNBC to discuss the significance of the missile strike that hit Poland.

The intelligence community discerned very quickly and soberly that… this was an errant Ukrainian air defense system.

Marc Polymeropoulos

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Polymeropoulos on MSNBC discussing missile strike in Poland appeared first on Atlantic Council.

]]>
Evanina testifies to Senate Select Committee on Intelligence https://www.atlanticcouncil.org/insight-impact/in-the-news/evanina-testifies-for-the-senate-committee-on-intelligence/ Fri, 02 Dec 2022 15:11:02 +0000 https://www.atlanticcouncil.org/?p=580656 William Evanina testifies on the growing cyber threat posed to US business and academic institutions.

The post Evanina testifies to Senate Select Committee on Intelligence appeared first on Atlantic Council.

]]>

On September 21, the Scowcroft Center for Strategy and Security’s Nonresident Senior Fellow William Evanina testified before the Senate Select Committee on Intelligence. In his testimony, Evanina discussed the growing cyber threat posed to US business and academic institutions.

America faces an unprecedented sophistication and persistence of threats by nation state actors, cyber criminals, hacktivists and terrorist organizations. Corporate America and academia have become the new counterintelligence battlespace for our nation state adversaries, especially the Communist Party of China.

William Evanina

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Evanina testifies to Senate Select Committee on Intelligence appeared first on Atlantic Council.

]]>
The 5×5—The rise of cyber surveillance and the Access-as-a-Service industry https://www.atlanticcouncil.org/content-series/the-5x5/the-5x5-the-rise-of-cyber-surveillance-and-the-access-as-a-service-industry/ Wed, 16 Nov 2022 05:01:00 +0000 https://www.atlanticcouncil.org/?p=586322 Experts discuss the rise of cyber surveillance and the impact of the Access-as-a-Service industry on the United States and its allies.

The post The 5×5—The rise of cyber surveillance and the Access-as-a-Service industry appeared first on Atlantic Council.

]]>
This article is part of The 5×5, a monthly series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the 5×5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at SHandler@atlanticcouncil.org.

Approximately one year ago, on November 3, 2021, the US Commerce Department added four companies, including Israel-based NSO Group, to its Entity List for supporting cyber surveillance and access-as-a-service activities, “that are contrary to the national security or foreign policy interests of the United States.” Foreign governments used NSO Group’s products, notably its Pegasus spyware, to target individuals, such as journalists and activists, and suppress dissent. Just one month later, reporting indicated that Apple tipped off the US Embassy in Uganda that an undisclosed foreign government had targeted the iPhones of eleven embassy employees. 

A New York Times report published on November 12 reveals how close the United States was to using Pegasus for its own investigative purposes. The FBI, which previously acknowledged having acquired a Pegasus license for research and development, contemplated use of the tool in late 2020 and early 2021 and developed guidelines for how federal prosecutors would disclose its use in criminal proceedings. The FBI ultimately decided not to buy from NSO, amid the many stories of abuse of the tool by foreign governments, but the revelation underscores the double-edged nature of cyber surveillance technologies designed to support law enforcement and intelligence missions. 

There are dozens of firms in the Access-as-a-Service industry developing and proliferating a powerful class of surveillance technologies. We brought together a group of experts to discuss the rise of cyber surveillance and the impact of this industry on the United States and its allies. 

#1 What implications can foreign governments’ domestic cyber surveillance programs have on US national security?

Siena Anstis, senior legal advisor, Citizen Lab, Munk School of Global Affairs & Public Policy, University of Toronto

“The proliferation of spyware presents a national security risk to the United States. These technologies facilitate not only the targeting of human rights defenders and civil society, but also provide an across-the-board opportunity to undertake acts of espionage through their ability to exploit vulnerabilities in popular applications and operating systems that impact everyone. This was well-illustrated by the targeting of US diplomats in 2021 with NSO Group’s Pegasus spyware. No one is safe from being targeted with this highly intrusive, silent, and increasingly hard to detect technology. This risk extends to the US government.” 

Winnona DeSombre, nonresident fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council

“We live in an increasingly interconnected world when it comes to data and surveillance. From an individual perspective, US citizens who work on national security regularly interface with relatives and friends abroad who may be surveilled. US military service members use Tiktok, an app whose data flows back to China. Domestic surveillance in another country does not just touch that country’s citizens, but it also touches any US national who interfaces with that country’s people and corporations.” 

Lars Gjesvik, doctoral research fellow, Norwegian Institute of International Affairs

“Way back in ancient 2013, the US intelligence community warned that private companies were developing tools that aided foreign states in targeting US systems. Clearly, this has been of some concern for a decade and has some implications for national security. There is no doubt that such commercially available tools have done great harm when it comes to human rights and targeting civil society, and you have some reported cases like Project Raven where commercial tools start to become a national security problem as well.” 

Kirsten Hazelrig, policy lead, The MITRE Corporation

“There are absolutely direct threats to US interests from the use of cyber surveillance abroad—any newspaper will relay confirmed reports of US officials being targeted abroad by tools such as Pegasus. However, this is simply a new tool for an age-old game of espionage. Perhaps more insidious is how tools and programs can be abused to enable the spread of authoritarianism, degrade human rights, and erode democratic values. I am not sure if anyone fully understands the implications to national security if these capabilities are allowed to spread unchecked.” 

Ole Willers, postdoctoral researcher, Department of Organisation, Copenhagen Business School:  

“Within the context of cyber surveillance programs, the distinction between domestic and foreign operations is not always as clearcut. Domestic campaigns oftentimes target individuals located in other jurisdictions, including the United States. The targeting of Canadian-based activist Omar Abdulaziz by Saudi Arabian surveillance operations is a prominent example.”

#2 Where do cyber capabilities fit into the spectrum of surveillance technologies?

Anstis: “Spyware technology provides governments with the ability to undertake highly intrusive surveillance. Sophisticated versions of this technology provide complete entry into targeted devices, including the contents of encrypted communication apps, camera, microphone, documents stored on the phone, and more. This impacts not only targeted individuals, but also exposes those who communicate with these people such as friends, family, and colleagues. Governments have a variety of surveillance technologies at their disposal, and spyware is undoubtedly one of the most stealthy and intrusive tools on the market that makes it difficult, if not impossible, for journalists, human rights defenders, activists, and other members of civil society critical of the government to do their work.” 

DeSombre: “Cyber capabilities that feed into offensive cyber operations are usually far more tailored than surveillance technology writ large, especially compared to dragnet surveillance technologies. The little bit of overlap occurs when governments want to surveil targets who they believe are of higher value or harder to get to, in which case authoritarian governments will break out the more expensive capabilities like zero-days or purchase expensive spyware licenses like those offered by NSO and Candiru.” 

Gjesvik: “The term ‘surveillance technologies’ is quite broad, and it depends greatly on how you define it. But if you think about the capabilities and services provided to intelligence, law enforcement, or military agencies, then it is a question of how sophisticated they are and their scope. The most sophisticated cyber capabilities offered by the top-tier companies probably equal the capabilities of most intelligence agencies, and there is no real difference functionally in them being used domestically or against strategic adversaries.” 

Hazelrig: “Surveillance technologies are broad sets of tools that enable a human actor to achieve an objective, be it to improve traffic, indict a criminal, track terrorist movements, stalk a partner, or steal a competitor’s data. Cyber capabilities can range as widely as these objectives and their targets. They may range from low-end spyware to extremely sophisticated technology, and are almost always paired with additional tools and tradecraft that make them impossible to evaluate devoid of operational context.” 

Willers: “If we define cyber capabilities in terms of the various activities oriented towards gaining stealth access to digital information, their importance for surveillance operations can hardly be overstated. Whereas traditional surveillance technologies continue to play a role, cyber capabilities offer forms of access that are much more comprehensive. Access to a smartphone is fundamentally different from the traditional wiretap and allows for the real-time surveillance of location patterns, communications, web searches, financial transactions, and more.”

#3 What is the Access-as-a-Service industry and what kind of relationship should the United States and its allies have with it?

Anstis: “The Access-as-a-Service industry describes companies that provide services to different actors—often states—to access data or systems. In the past few years, we have seen an acceleration in human rights abuses associated with this industry and a growing formalization of the sector with private investors and states increasingly interested in the growth of these companies. Considering the litany of human rights abuses that follows the growing availability of the technologies and services offered by this industry, the United States and other states have an obligation to regulate and limit the availability of these technologies and the industry’s business practices.” 

DeSombre: “The Access-as-a-Service industry makes offensive cyber operations incredibly simple to pull off—aggregating disparate capabilities that take years of investment to make (zero-days, malware, training, infrastructure, processes) into a single solution that a government can purchase off the shelf and use easily. It is not necessarily a bad industry—the United States and its allies also rely on privatized talent to conduct cyber operations. However, the United States and its allies must be proactive about shaping responsible behavior within the industry to ensure these services are not purchased en masse by authoritarian regimes and adversaries.” 

Gjesvik: “Simply put, it is an industry that sells access to digital data and systems. A wide swathe of technologies and services fits into this definition. Considering what relationship Western states should have with it should start with acknowledging that most states rely on private contractors and capabilities to some extent. There are clear problems of democratic oversight and misuse, but having their intelligence agencies and law enforcement lose access to digital evidence and data is probably not something governments would accept, and smaller states would struggle to develop the capabilities themselves. It is hard to decide on a relationship with a surveillance industry without deciding on the role of surveillance in modern societies, and I do not think we have done that.” 

Hazelrig: “Access-as-a-Service, or the related but more colorfully named “hacker-for-hire” industry, are loose terms for the criminal actors that sell the information, capabilities, and services necessary to conduct cyber intrusions. These actors sell their wares with little regard as to impact and intent, enabling ransomware and other attacks.” 

Willers: “The Access-as-a-Service industry is a niche market that sells data access to state agencies, and it has repeatedly been singled out for facilitating the proliferation of offensive cyber capabilities to authoritarian states. The United States and its allies face a dilemma in that they rely on the Access-as-a-Service industry to provide domestic law enforcement and intelligence agencies with cutting edge technology. Simultaneously, they have a strong incentive to limit the availability of these technologies to other customers. Balancing these interests has proven extremely difficult, which is why I see a need to limit our dependency on the private sector within this context.” 

More from the Cyber Statecraft Initiative:

#4 In what ways does government surveillance compare and contrast with corporate surveillance?

Anstis: “Government surveillance is similar to corporate surveillance in that both exploit the fact that we increasingly live our lives on internet-connected devices. The data we generate in our daily interactions, which is then collected by companies and governments, can be used for a variety of purposes that target and exploit us—from the crafting of targeted advertising to location tracking to the mapping of a human right activist’s network. However, government surveillance differs in at least one important respect: governments have the power to not only surveil, but also to detain, torture, kidnap, or otherwise enact acts of violence against an individual. Spyware technologies facilitate the government’s ability to engage in these activities.” 

DeSombre: “The podcast I help run just made an episode on this! Effectively, corporate surveillance and government surveillance have two separate goals: corporations collect your data to sell (usually to advertisers who then target you with personalized advertisements), while the government collects data for law enforcement or national security purposes. US government surveillance has hard rules it must follow for collecting on US citizens, although some of this is circumvented by buying corporate data. US and EU companies are now getting increasingly constrained by data privacy laws as well. But these types of regulations on both companies and governments differ vastly from country to country.” 

Gjesvik: “When you think about who conducts the surveillance, the big difference would be the extent to which government surveillance is supposedly in the end about protecting its citizens while corporate surveillance is mainly about the interests of the corporation. If it is about who actually does the surveillance then the distinction between governments and private actors can be pretty blurry, as can the level of capabilities.” 

Hazelrig: “The technical aspects of government and commercial surveillance are similar, and often share tools and techniques. However, the practices around their use are widely different. For a large part, democratic states limit surveillance through public opinion and law. There is admittedly misuse and abuse, but an intent and organizational structure to ‘do good.’ This is not necessarily true of commercial capabilities that may be sold without understanding of or care about intended use. As the opaque commercial market evolves, we are just beginning to understand the full spectrum of uses and impacts. Democratic states need to develop norms for law enforcement and other acceptable uses of cyber intrusion and surveillance capabilities, and to enforce actions against those that violate these norms and the industry that supplies them.”

Willers: “Both can be problematic considering that privacy is a fundamental human right in the European Union. Access to personal information has become a key asset across many industries, but the gathering of this information is a purely private and for-profit undertaking, however problematic it may be. State surveillance derives from a desire to provide public safety, which can be a good thing as long as it remains proportional and rooted in democratic norms—conditions that cannot be taken for granted.”

#5 How has the Access-as-a-Service industry evolved over the past two decades and where do you see it going from here?

Anstis: “The Access-as-a-Service industry has become increasingly formalized in the past two decades, with growing interest from investors and states in terms of funding the industry, as well as accessing the services and technologies offered. I see the next few years as a critical turning point in the industry’s development. Countless human rights abuses have brought increased awareness that the services and technologies offered by the Access-as-a-Service industry have serious human rights ramifications—as well as national security concerns—that need to be addressed. With ongoing investigations in the European Parliament, the United States, and elsewhere into companies that participate in this industry, I hope that we will see more specific steps aimed at curbing and controlling it.” 

DeSombre: “Like every part of the cybersecurity ecosystem since the early 2000s, the Access-as-a-Service industry has grown, professionalized, and turned towards mobile, embedded, and other non-desktop systems. Your laptop is not the only place with interesting data!” 

Gjesvik: “This is a pretty opaque industry, and there is not a ton of structured encompassing data available that I am aware of, but there are some broad trends. The first is globalization, a quite substantive expansion of tools and technologies available, and a lot more money to be made as well. Going forward, I am probably most interested in the extent to which the industry is controllable by any state actor. Will recent efforts by the United States and the European Union succeed in limiting the worst excesses? Or will it just accelerate the diversification of suppliers?” 

Hazelrig: “So long as there have been criminal hackers, there have been ways for those with the right connections to procure intrusion services. However, about a decade ago, we started to see the emergence of professional firms that sold these services commercially, primarily to governments around the globe. The past couple of years has brought casual proliferation and a booming ‘consumer’ market—shady companies advertise euphemistically-phrased services on mainstream platforms such as LinkedIn, and many online criminal marketplaces have whole sections of specialty products and services from which to choose.” 

Willers: “The origins of the Access-as-a-Service industry can be traced back to a combination of privatization dynamics in the telecommunication sector during the 1990s, the rise of digital communication systems, and the political focus on surveillance in the aftermath of the September 11 terrorist attacks. Since then, the industry has developed at the speed of technology, and there is good reason to doubt that the United States remains in a position to control it. Limiting access to technology is difficult, especially when it is as mobile as spyware technology. This is why I doubt that the United States or any other country alone can control the operations of the market.” 

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

The post The 5×5—The rise of cyber surveillance and the Access-as-a-Service industry appeared first on Atlantic Council.

]]>
The cyber strategy and operations of Hamas: Green flags and green hats https://www.atlanticcouncil.org/in-depth-research-reports/report/the-cyber-strategy-and-operations-of-hamas-green-flags-and-green-hats/ Mon, 07 Nov 2022 05:01:00 +0000 https://www.atlanticcouncil.org/?p=579898 This report seeks to highlight Hamas as an emerging and capable cyber actor, and help the policy community understand how similar non-state groups may leverage the cyber domain in the future.

The post The cyber strategy and operations of Hamas: Green flags and green hats appeared first on Atlantic Council.

]]>

Executive summary

Cyberspace as a domain of conflict often creates an asymmetric advantage for comparably less capable or under-resourced actors to compete against relatively stronger counterparts.1 As such, a panoply of non-state actors is increasingly acquiring capabilities and integrating offensive cyber operations into their toolkits to further their strategic aims. From financially driven criminal ransomware groups to politically inspired patriot hacking collectives, non-state actors have a wide range of motivations for turning to offensive cyber capabilities. A number of these non-state actors have histories rooted almost entirely in armed kinetic violence, from professional military contractors to drug cartels, and the United States and its allies are still grappling with how to deal with them in the cyber context.2 Militant and terrorist organizations have their own specific motivations for acquiring offensive cyber capabilities, and their operations therefore warrant close examination by the United States and its allies to develop effective countermeasures.

While most academic scholarship and government strategies on counterterrorism are beginning to recognize and address the integral role of some forms of online activity, such as digital media and propaganda on behalf of terrorist organizations, insufficient attention has been given to the offensive cyber capabilities of these actors. Moreover, US strategy,3 public intelligence assessments, and academic literature on global cyber threats to the United States overwhelmingly focuses on the “big four” nation-state adversaries—China, Russia, Iran, and North Korea. Before more recent efforts to address the surge in financially driven criminal ransomware operations, the United States and its allies deployed policy countermeasures overwhelmingly designed for use against state actors.

To the extent that US counterterrorism strategy addresses the offensive cyber threat from terrorist organizations, it is focused on defending critical infrastructure against the physical consequences of a cyberattack. Hamas, despite being a well-studied militant and terrorist organization, is expanding its offensive cyber and information capabilities, a fact that is largely overlooked by counterterrorism and cyber analysts alike. Overshadowed by the specter of a catastrophic cyberattack from other entities, the real and ongoing cyber threats posed by Hamas prioritize espionage and information operations.

This report seeks to highlight Hamas as an emerging and capable cyber actor, first by explaining Hamas’s overall strategy, a critical facet for understanding the group’s use of cyber operations. Next, an analysis will show how Hamas’s cyber activities do not indicate a sudden shift in strategy but, rather, a realignment that augments operations. In other words, offensive cyber operations are a new way for Hamas to do old things better. Finally, the policy community is urged to think differently about how it approaches similar non-state groups that may leverage the cyber domain in the future. This report can be used as a case study for understanding the development and implementation of cyber tools by non-state entities.

As the title of this report suggests, Hamas is like a green hat hacker—a term that is not specific to the group but recognized in the information security community as someone who is relatively new to the hacking world, lacking sophistication but fully committed to making an impact and keen to learn along the way.4 Hamas has demonstrated steady improvement in its cyber capabilities and operations over time, especially in its espionage operations against internal and external targets. At the same time, the organization’s improvisation, deployment of relatively unsophisticated tools, and efforts to influence audiences are all hallmarks of terrorist strategies. This behavior is in some ways similar to the Russian concept of “information confrontation,” featuring a blend of technical, information, and psychological operations aimed at wielding influence over the information environment.5

Understanding these dynamics, as well as how cyber operations fit into the overall strategy, is key to the US development of effective countermeasures against terrorist organizations’ offensive cyber operations.

“Pwn” goal

In the summer of 2018, as teams competed in the International Federation of Association Football (FIFA) World Cup in Russia, Israeli soldiers followed the excitement on their smartphones from an Israel Defense Forces (IDF) base thousands of miles away. Like others in Israel, the soldiers were using a new Android application called Golden Cup, available for free from the Google Play store. The program was promoted in the lead up to the tournament as “the fastest app for live scores and fixtures for the World Cup.”6 The easy-to-use application delivered as advertised—and more.

Once installed, the application communicated with its command-and-control server to surreptitiously download malicious payloads onto user devices. The payloads infected the target devices with spyware, a variety of malware that discreetly monitors the target’s device and steals its information, usually for harmful use against the target individual.7 In this particular case, the spyware was intentionally deployed after the application was downloaded from the Google Play store in order to bypass Google’s security screening process.8 This allowed the spyware operator to remotely execute code on user smartphones to track locations, access cameras and microphones, download images, monitor calls, and exfiltrate files.

Golden Cup users, which included Israeli civilians and soldiers alike, did not realize that their devices were infected with spyware. As soldiers went about their daily routines on bases, the spyware operators reaped reams of data from the compromised smartphones. In just a few weeks of discreet collection, before discovery by IDF security, the adversary successfully collected non-public information about various IDF bases, offices, and military hardware, such as tanks and armored vehicles.9

The same adversary targeted Israeli soldiers with several other malicious Android applications throughout the summer of 2018. A fitness application that tracks user running routes collected the phone numbers of soldiers jogging in a particularly sensitive geographic location. After collecting these numbers, the adversary targeted the soldiers with requests to download a second application that then installed spyware. Additional targeting of Israeli soldiers that same summer included social engineering campaigns encouraging targets to download various spyware-laced dating applications with names like Wink Chat and Glance Love, prompting the IDF to launch the aptly named Operation Broken Heart in response.10

Surprisingly, this cyber espionage campaign was not the work of a nation-state actor. Although the clever tradecraft exhibited in each operation featured many of the hallmarks of a foreign intelligence service, neither Israel’s geopolitical nemesis Iran nor China,11 an increasingly active Middle East regional player, was involved.12 Instead, the campaign was the work of Hamas.

1. Introduction

The asymmetric advantage afforded by cyberspace is leading a panoply of non-state actors to acquire and use offensive cyber capabilities to compete against relatively stronger counterparts. The cyber threat from criminal ransomware organizations has been well documented, yet a range of other non-state actors traditionally involved in armed kinetic violence, from professional military contractors to drug cartels, is also trying their hand at offensive cyber operations, and the United States and its allies are still grappling with how to respond. Each actor has a discreet motivation for dabbling in cyber activities, and lumping them all into one bucket of non-state actors can complicate efforts to study and address their actions. The operations of militant and terrorist organizations in particular warrant close examination by the United States and its allies in order to develop effective countermeasures.

A robust online presence is essential for modern terrorist organizations. They rely on the internet to recruit members, fund operations, indoctrinate target audiences, and garner attention on a global scale—all key functions for maintaining organizational relevance and for surviving.13 The 2022 Annual Threat Assessment from the US Intelligence Community suggests that terrorist groups will continue to leverage digital media and internet platforms to inspire attacks that threaten the United States and US interests abroad.14 Recent academic scholarship on counterterrorism concurs, acknowledging the centrality of the internet to various organizations, ranging from domestic right-wing extremists to international jihadists, and their efforts to radicalize, organize, and communicate.

The US government has taken major steps in recent years to counter terrorist organizations in and through cyberspace. The declassification of documents on Joint Task Force Ares and Operation Glowing Symphony, which began in 2016, sheds light on complex US Cyber Command efforts to combat the Islamic State in cyberspace, specifically targeting the group’s social media and propaganda efforts and leveraging cyber operations to support broader kinetic operations on the battlefield.15 The latest US National Strategy for Counterterrorism, published in 2018, stresses the need to impede terrorist organizations from leveraging the internet to inspire and enable attacks.16

Indeed, continued efforts to counter the evolving social media and propaganda tools of terrorist organizations will be critical, but this will not comprehensively address the digital threat posed by these groups. Counterterrorism scholarship and government strategies have paid scant attention to the offensive cyber capabilities and operations of terrorist organizations, tools that are related but distinct from other forms of online influence. Activities of this variety do not necessarily cause catastrophic physical harm, but their capacity to influence public perception and, potentially, the course of political events should be cause for concern.

Several well-discussed, politically significant non-state actors with histories rooted almost entirely in kinetic violence are developing, or otherwise acquiring, offensive cyber capabilities to further their interests. More scrutiny of these actors, their motivations, and how they strategically deploy offensive cyber capabilities in conjunction with evolving propaganda and kinetic efforts is warranted to better orient toward the threat.

Hamas, a Palestinian political party and militant terrorist organization that serves as the de facto governing body of the Gaza Strip, is one such actor. The group’s burgeoning cyber capabilities, alongside its propaganda tactics, pose a threat to Israel, the Palestinian Authority, and US interests in the region—especially in tandem with the group’s capacities to fund, organize, inspire, and execute kinetic attacks. This combination of capabilities has historically been the dominion of more powerful state actors. However, the integration of offensive cyber capabilities into the arsenals of traditionally kinetic non-state actors, including militant organizations, is on the rise due to partnerships with state guarantors and the general proliferation of these competencies worldwide.

This report seeks to highlight the offensive cyber and information capabilities and behavior of Hamas. First, a broad overview of Hamas’s overall strategy is provided, an understanding of which is key for evaluating its cyber activities. Second, this report analyzes the types of offensive cyber operations in which Hamas engages, showing that the adoption of cyber capabilities does not indicate a sudden shift in strategy but, rather, a realignment of strategy and an augmentation of operations. In other words, offensive cyber operations are a new way to do old things better. Third, this report aims to push the policy community to think differently about its approach to similar non-state groups that may leverage the cyber domain in the future.

2. Overview of Hamas’s strategy

Principles and philosophy

Founded in the late 1980s, Harakat al-Muqawamah al-Islamiyyah, translated as the Islamic Resistance Movement and better known as Hamas, is a Palestinian religious political party and militant organization. After Israel disengaged from the Gaza Strip in 2005, Hamas used its 2006 Palestinian legislative election victory to take over militarily from rival political party Fatah in 2007. The group has served as the de facto ruler of Gaza ever since, effectively dividing the Palestinian Territories into two entities, with the West Bank governed by the Hamas-rejected and Fatah-controlled Palestinian Authority.17

Hamas’s overarching objectives are largely premised on its founding principles—terminating what it views as the illegitimate State of Israel and establishing Islamic, Palestinian rule.18 The group’s grand strategy comprises two general areas of focus: resisting Israel and gaining political clout with the Palestinian people. These objectives are interconnected and mutually reinforcing, as Hamas’s public resistance to Israel feeds Palestinian perceptions of the group as the leader of the Palestinian cause.19

Map of Israel and the Palestinian Territories.
Source: Nations Online Project

Despite Hamas’s maximalist public position on Israel, the organization’s leaders are rational actors who logically understand the longevity and power of the State of Israel. Where the group can make meaningful inroads is in Palestinian politics, trying to win public support from the more secular, ruling Fatah party and positioning itself to lead a future Palestinian state. Looming uncertainty about the future of an already weak Palestinian Authority, led by the aging President Mahmoud Abbas, coupled with popular demand for elections, presents a potential opportunity for Hamas to fill a leadership vacuum.20

To further these objectives, Hamas attracts attention by frequently generating and capitalizing on instability. The group inflames already tumultuous situations to foster an environment of extremism, working against those who are willing to cooperate in the earnest pursuit of a peaceful solution to the Israel–Palestine conflict. Hamas uses terror tactics to influence public perception and to steer political outcomes, but still must exercise strategic restraint to avoid retaliation that could be militarily and politically damaging. Given these self-imposed restraints, Hamas seeks alternative methods of influence that are less likely to result in blowback.

Terrorism strategy

Hamas’s terror tactics have included suicide bombings,21 indiscriminate rocket fire,22 sniper attacks,23 incendiary balloon launches,24 knifings,25 and civilian kidnappings,26 all in support of its larger information strategy to project a strong image and to steer political outcomes. Through these activities, Hamas aims to undermine Israel and the Palestinian Authority27 and challenge the Palestine Liberation Organization’s (PLO)28 standing as the “sole representative of the Palestinian people.”

Terrorism forms the foundation of Hamas’s approach, and the organization’s leadership openly promotes such activities.29 While the group’s terror tactics have evolved over time, they have consistently been employed against civilian targets to provoke fear, generate publicity, and achieve political objectives. Israeli communities targeted by terrorism, as well as Palestinians in Gaza living under Hamas rule, suffer from considerable physical and psychological stress,30 driving Israeli policymakers to carry out military operations, often continuing a vicious cycle that feeds into Hamas’s information campaign.

These terrorist tactics follow a coercive logic that aligns with Hamas’s greater messaging objectives. Robert Pape’s “The Strategic Logic of Suicide Terrorism” specifically names Hamas as an organization with a track record of perpetrating strategically timed suicide terrorist attacks for coercive political effect.31 In 1995, for example, Hamas conducted a flurry of suicide attacks, killing dozens of civilians in an attempt to pressure the Israeli government to withdraw from certain locations in the West Bank. Once negotiations were underway between Israel and the PLO, Hamas temporarily suspended the attacks, only to resume them against Israeli targets when diplomatic progress appeared to stall. Israel would eventually partially withdraw from several West Bank cities later that year.32

Similarly, just several months before Israel’s 1996 general election, incumbent Labor Party Prime Minister Shimon Peres led the polls by roughly 20 percent in his reelection bid against Benjamin Netanyahu and the Likud Party. However, a spate of Hamas suicide bombings cut Peres’s lead and Netanyahu emerged victorious.33 The attacks were designed to weaken the reelection bid of Peres, widely viewed as the candidate most likely to advance the peace process, and strengthen the candidacy of Netanyahu. Deliberate terror campaigns such as these demonstrate the power Hamas wields over Israeli politics.34

The Israeli security establishment has learned lessons from the phenomenon of suicide terrorism, implementing countermeasures to foil attacks. Since the mid-2000s, Hamas has shifted its focus to firing rockets of various ranges and precision from the Gaza Strip at civilian population centers in Israel.35 The rocket attacks became frequent after Israel’s disengagement from Gaza in 2005, ebbing and flowing in alignment with significant political events.36 For instance, the organization targeted towns in southern Israel with sustained rocket fire in the lead up to the country’s general election in 2009 to discourage Israelis from voting for pro-peace candidates.37

A rocket fired from the Gaza Strip into Israel, 2008.
Source: Flickr/paffairs_sanfrancisco

Strategic restraint

Each of these terror tactics has the powerful potential to generate publicity with Israelis, Palestinians, and audiences elsewhere. However, unrestrained terrorism comes at a cost, something Hamas understands. Hamas must weigh its desire to carry out attacks with the concomitant risks, including an unfavorable international perception, military retaliation, infrastructure damage, and internal economic and political pressures.

Hamas addresses this in a number of ways. First, it limits its operations, almost exclusively, to Israel and the Palestinian Territories. Hamas has learned from the failures of other Palestinian terrorist organizations, whose operations beyond Israel’s borders were often counterproductive, attracting legitimate international criticism of these groups.38 Such operations also run the risk of alienating critical Hamas benefactors like Qatar and Turkey.39 These states, which maintain important relationships with the United States—not to mention burgeoning ties with Israel—could pressure Hamas to course correct, if not outright withdraw their support for the organization.40 The continued flow of billions of dollars in funding from benefactors like Qatar is critical, not just to Hamas’s capacity to conduct terror attacks and wage war,41 but also to its efforts to reconstruct infrastructure and provide social services in the Gaza Strip, both key factors for building its political legitimacy among Palestinians.42

Second, with each terrorist attack, Hamas must weigh the potential for a forceful Israeli military response. The cycle of terrorism and retaliation periodically escalates into full-scale wars that feature Israeli air strikes and ground invasions of Gaza. These periodic operations are known in the Israeli security establishment as “mowing the grass,” a component of Israel’s strategy to keep Hamas’s arsenal of rockets, small arms, and infrastructure, including its elaborate underground tunnel network, from growing out of control like weeds in an unkempt lawn.43 Hamas’s restraint has been apparent since May 2021, when Israel conducted Operation Guardian of the Walls, a roughly two-week campaign of mostly airstrikes and artillery fire aimed at slashing the group’s rocket arsenal and production capabilities, crippling its tunnels, and eliminating many of its top commanders. Hamas is thought to be recovering and restocking since the ceasefire, carefully avoiding engaging in provocations that could ignite another confrontation before the group is ready.

Third, and critically, since mid-2021, the last year-plus of the Israel–Hamas conflict has been one of the quietest in decades due to the Israeli Bennett–Lapid government’s implementation of a sizable civil and economic program for Gaza.44 The program expands the number of permits for Palestinians from Gaza to work in Israel, where the daily wages of one worker are enough to support an additional ten Palestinians.45 Israel’s Defense Ministry signed off on a plan to gradually increase work permit quotas for Palestinians from Gaza to an unprecedented 20,000, with reports suggesting plans to eventually increase that number to 30,000.46 For an impoverished territory with an unemployment rate of around 50 percent, permits to work in Israel improve the lives of Palestinians and stabilize the economy. The program also introduced economic incentives for Hamas to keep the peace—conducting attacks could result in snap restrictions on permits and border crossing closures, leading to a public backlash, as well as internal political blowback within the group. The power of this economic tool was evident throughout Israel’s Operation Breaking Dawn in August 2022, during which Israel conducted a three-day operation to eliminate key military assets and personnel of the Palestinian Islamic Jihad (PIJ), another Gaza-based terrorist organization. Israel was careful to communicate its intention to target PIJ, not Hamas. Ordinarily a ready-and-willing belligerent in such flare-ups, Hamas did nothing to restrain the PIJ but remained conspicuously on the sidelines, refraining from fighting out of its interest in resuming border crossings as quickly as possible.47

Searching for alternatives

Given these limitations, blowbacks, and self-imposed restraints, Hamas is finding alternative methods of influence. Under the leadership of its Gaza chief Yahya Sinwar, Hamas is endeavoring to inspire Arab Israelis and West Bank Palestinians to continue the struggle by taking up arms and sparking an intifada while the group nurses itself back to strength.48 To further this effort, Hamas is turning to more insidious means of operating in the information space to garner support and ignite conflagrations without further jeopardizing its public reputation, weapons stockpiles, infrastructure, or the economic well-being of the Palestinians living under its control. Like many state actors working to advance strategic ambitions, Hamas has turned to offensive cyber operations as a means of competing below the threshold of armed conflict.

Deploying offensive cyber capabilities involves exceptionally low risks and costs for operators. For groups like Hamas that are worried about potential retaliation, these operations present an effective alternative to kinetic operations that would otherwise provoke an immediate response. Most national cyber operation countermeasures are geared toward state adversaries and, in general, finding an appropriate response to non-state actors in this area has been challenging. Many state attempts to retaliate and deter have been toothless, resulting in little alteration of the adversary’s calculations.49

3. Hamas’s cyber strategy

The nature of the cyber domain allows weak actors, like Hamas, to engage and inflict far more damage on powerful actors, like Israel, than would otherwise be possible in conventional conflict.50 This asymmetry means that cyberspace offers intrinsically covert opportunities to store, transfer, and deploy consequential capabilities with far less need for organizational resources and financial or human capacity than in industrial warfare. Well-suited to support information campaigns, cyber capabilities are useful for influencing an audience without drawing the attention and repercussions of more conspicuous operations, like terrorism. In these ways, cyber operations fit into Hamas’s overall strategy and emphasis on building public perception and influence. Making sense of this strategy allows a greater understanding of past Hamas cyber operations, and how the group will likely operate in the cyber domain going forward.

More than meets the eye

Aerial imagery of a Hamas cyber operations facility destroyed by the Israel Defense Forces in the Gaza Strip in May 2019.
Source: Israel Defense Forces

Hamas’s cyber capabilities, while relatively nascent and lacking the sophisticated tools of other hacking groups, should not be underestimated. It comes as a surprise to many security experts that Hamas—chronically plagued by electricity shortages in the Gaza Strip, with an average of just ten to twelve hours of electricity per day—even possesses cyber capabilities.51 Israel’s control over the telecommunications frequencies and infrastructure of the Gaza Strip raises further doubts about how Hamas could operate a cyber program.52 However, in 2019, Israel deemed the offensive cyber threat to be critical enough that after thwarting an operation, the IDF carried out a strike to destroy Hamas’s cyber headquarters,53 one of the first acknowledged kinetic operations by a military in response to a cyber operation. However, despite an IDF spokesperson’s claim that “Hamas no longer has cyber capabilities after our strike,” public reporting has highlighted various Hamas cyber operations in the ensuing months and years.54

This dismissive attitude toward Hamas’s cyber threat also overlooks the group’s operations from outside the confines of the Gaza Strip. Turkish President Recep Tayyip Erdoğan and his AKP Party share ideological sympathies with Hamas and have extended citizenship to Hamas leadership.55 The group’s leaders have allegedly used Turkey as a base for planning attacks and even as a safe haven for an overseas cyber facility.56 Hamas maintains even more robust relationships with other state supporters, namely Iran and Qatar, which provide financing, safe havens, and weapons technology.57 With the assistance of state benefactors, Hamas will continue to develop offensive cyber and information capabilities that, if overlooked, could result in geopolitical consequences.

For at least a decade, Hamas has engaged in cyber operations against Israeli and Palestinian targets. These operations can be divided in two broad operational categories that align with Hamas’s overall strategy: espionage and information. The first category, cyber espionage operations, accounts for the majority of Hamas’s publicly reported cyber activity and underpins the group’s information operations.

Espionage operations

Like any state or non-state actor, Hamas relies on quality intelligence to provide its leadership and commanders with decision-making advantages in the political and military arenas. The theft of valuable secrets from Israel, rival Palestinian factions, and individuals within its own ranks provides Hamas with strategic and operational leverage, and is thus prioritized in its cyber operations.

The Internal Security Force (ISF) is Hamas’s primary intelligence organization, comprised of members of the al-Majd security force from within the larger Izz al-Din al-Qassam Brigades, a military wing of Hamas. The ISF’s responsibilities range from espionage to quashing political opposition and dissent from within the party and its security apparatus.58 The range of the ISF’s missions manifests through Hamas’s cyber operations.

Tactical evolution

Naturally, Israel is a primary target of Hamas’s cyber espionage. These operations have become commonplace over the last several years, gradually evolving from broad, blunt tactics into more tailored, sophisticated approaches. The group’s initial tactics focused on a “spray and pray” approach, distributing impersonal emails with malicious attachments to a large number of targets, hoping that a subset would bite. For example, an operation that began in mid-2013 and was discovered in February 2015 entailed Hamas operators luring targets with the promise of pornographic videos that were really malware apps. The operators relied on their victims—which included targets across the government, military, academic, transportation, and infrastructure sectors—withholding information about the incidents from their workplace information technology departments, out of shame for clicking on pornography at work, thereby maximizing access and time on the target.59

Later, Hamas operations implemented various tactical updates to increase their chances of success. In September 2015, the group began including links rather than attachments, non-pornographic lures such as automobile accident videos, and additional encryption of the exfiltrated data.60 Another campaign, publicized in February 2017, involved a more personalized approach using social engineering techniques to target IDF personnel with malware from fake Facebook accounts.61 In subsequent years, the group began rolling out a variety of smartphone applications and marketing websites to surreptitiously install mobile remote access trojans on target devices. In 2018, the group implanted spyware on smartphones by masquerading as Red Alert, a rocket siren application for Israelis.62 Similarly in 2020, Hamas targeted Israelis through dating apps with names like Catch&See and GrixyApp.63 As previously mentioned, Hamas also cloaked its spyware in a seemingly benign World Cup application that allowed the group to collect information on a variety of IDF military installations and hardware, including armored vehicles. These are all areas Hamas commanders have demonstrated interest in learning more about in order to gain a potential advantage in a future kinetic conflict.64

According to the Israeli threat intelligence firm Cybereason, more recent discoveries indicate a “new level of sophistication” in Hamas’s operations.65 In April 2022, a cyber espionage campaign targeting individuals from the Israeli military, law enforcement, and emergency services used previously undocumented malware featuring enhanced stealth mechanisms. This indicates that Hamas is taking more steps to protect operational security than ever.66 The infection vector for this particular campaign was through social engineering on platforms like Facebook, a hallmark of many Hamas espionage operations, to dupe targets into downloading trojanized applications. Once the malware is downloaded, Hamas operators can access a wide range of information from the device’s documents, camera, and microphone, acquiring immense data on the target’s whereabouts, interactions, and more. Information collected off of military, law enforcement, and emergency services personnel can be useful on its own or for its potential extortion value.

As part of its power struggle with the Palestinian Authority and rival Fatah party, Hamas targets Palestinian political and security officials with similar operations. In another creative cyber espionage operation targeting the Palestinian Authority, Hamas operators used hidden malware to exfiltrate information from the widely used cloud platform Dropbox.67 The same operation targeted political and government officials in Egypt,68 an actor Hamas is keen to surveil given its shared border with the Gaza Strip and role brokering ceasefires and other negotiations between Israel and Hamas.

Other common targets of Hamas’s cyber espionage campaigns are members of its own organization. One of the ISF’s roles is counterintelligence, a supremely important field to an organization that is rife with internecine political rivalries,69 as well as paranoia about the watchful eyes of Israeli and other intelligence services. According to Western intelligence sources, one of the main missions of Hamas’s cyber facility in Turkey is deploying counterintelligence against Hamas dissenters and spies.70 Hamas is sensitive to the possibility of Palestinians within its ranks and others acting as “collaborators” with Israel, and the group occasionally summarily executes individuals on the suspicion of serving as Israeli intelligence informants.71

Information operations

While the bulk of Hamas’s cyber operations place a premium on information gathering, a subset involves using this information to further its efforts to influence the public. This broadly defined category of information operations comprises everything from hack-and-leaks to defacements to social media campaigns that advance beneficial narratives.

Hack-and-leak operations, when hackers acquire secret or otherwise sensitive information and subsequently make it public, are clear attempts to shift public opinion and “simulate scandal.”72 The strategic dissemination of stolen documents, images, and videos—potentially manipulated—at critical junctures can be a windfall for a group like Hamas. In December 2014, Hamas claimed credit for hacking the IDF’s classified network and posting multiple videos taken earlier in the year of Israel’s Operation Protective Edge in the Gaza Strip.73 The clips, which were superimposed with Arabic captions by Hamas,74 depicted sensitive details about the IDF’s operation, including two separate instances of Israeli forces engaging terrorists infiltrating Israel—one group infiltrating by sea en route to Kibbutz Zikim and one group via a tunnel under the border into Kibbutz Ein HaShlosha—to engage in kidnappings. One of the raids resulted in a fight that lasted for roughly six hours and the death of two Israelis.75 By leaking the footage, including images of the dead Israelis, Hamas sought to project itself as a strong leader to Palestinians and to instill fear among Israelis, boasting about its ability to infiltrate Israel, kill Israelis, and return to Gaza. These operations are intended to demonstrate Hamas’s strength on two levels: first, their ability to hack and steal valuable material from Israel and second, their boldness in carrying out attacks to further the Palestinian national cause.

Defacement is another tool in Hamas’s cyber arsenal. This sort of operation, a form of online vandalism that usually involves breaching a website to post propaganda, is not so much devastating as it is a nuisance.76 The operations are intended to embarrass the targets, albeit temporarily, and generate a psychological effect on an audience. In 2012, during Israel’s Operation Cast Lead in the Gaza Strip, Hamas claimed responsibility for attacks on Israeli websites, including the IDF’s Homefront Command, asserting that the cyber operations were “an integral part of the war against Israel.”77 Since then, Hamas has demonstrated its ability to reach potentially wider audiences through defacement operations. Notably, in July 2014 during Operation Protective Edge, Hamas gained access to the satellite broadcast of Israel’s Channel 10 television station for a few minutes, broadcasting images purportedly depicting Palestinians injured by Israeli airstrikes in the Gaza Strip. The Hamas hackers also displayed a threat in Hebrew text: “If your government does not agree to our terms, then prepare yourself for an extended stay in shelters.”78

Hamas has conducted defacement operations itself and has relied on an army of “patriotic hackers.” Patriotic hacking, cyberattacks against a perceived adversary performed by individuals on behalf of a nation, is not unique to the Israeli–Palestinian conflict. States have turned to sympathetic citizens around the world for support, often directing individual hackers to deface adversaries’ websites, as Ukraine did after Russia’s 2022 invasion.79 Similarly, Hamas seeks to inspire hackers from around the Middle East to “resist” Israel, resulting in the defacement of websites belonging to the Tel Aviv Stock Exchange and Israel’s national airline El Al by Arab hackers.80

In tandem with its embrace of patriotic hackers, Hamas seeks to multiply its propaganda efforts by enlisting the help of Palestinians on the street for less technical operations. To some extent, Hamas uses social media in similar ways to other terrorist organizations to inspire violence, urging Palestinians to attack Jews in Israel and the West Bank, for instance.81 However, the group goes a step further, encouraging Palestinians in Gaza to contribute to its efforts by providing guidelines for social media posting. The instructions, provided by Hamas’s Interior Ministry, detail how Palestinians should post about the conflict and discuss it with outsiders, including preferred terminology and practices such as, “Anyone killed or martyred is to be called a civilian from Gaza or Palestine, before we talk about his status in jihad or his military rank. Don’t forget to always add ‘innocent civilian’ or ‘innocent citizen’ in your description of those killed in Israeli attacks on Gaza.” Other instructions include, “Avoid publishing pictures of rockets fired into Israel from [Gaza] city centers. This [would] provide a pretext for attacking residential areas in the Gaza Strip.”82 Information campaigns like these extend beyond follower indoctrination and leave a tangible mark on international public discourse, as well as structure the course of conflict with Israel.

Hamas’s ability to leverage the cyber domain to shape the information landscape can have serious implications on geopolitics. Given the age and unpopularity of Palestinian President Mahmoud Abbas—polling shows that 80 percent of Palestinians want him to resign—as well as the fragile state of the Palestinian Authority,83 the Palestinian public’s desire for elections, and general uncertainty about the future, Hamas’s information operations can have a particularly potent effect on a discourse that is already contentious. The same can be said, to some extent, for the information environment in Israel, where political instability has resulted in five elections in just three and a half years.84 When executed strategically, information operations can play an influencing, if not deciding, role in electoral outcomes, as demonstrated by Russia’s interference in the 2016 US presidential election.85 A well-timed hack-and-leak operation, like Russia’s breach of the Democratic National Committee’s networks and dissemination of its emails, could majorly influence the momentum of political events in both Israel and Palestine.86 Continued failure to reach a two-state solution in the Israeli–Palestinian conflict will jeopardize Israel’s diplomatic relationships,87 as well as stability in the wider Middle East.88

4. Where do Hamas’s cyber operations go from here?

As outlined in its founding charter, as long as Hamas exists, it will place a premium on influencing audiences—friendly, adversarial, and undecided—and mobilizing them to bend political outcomes toward its ultimate objectives.89 Terrorism has been a central element of the group’s influence agenda, but cyber and information operations offer alternative and complementary options for engagement. It stands to reason that as Hamas’s cyber capabilities steadily evolve and improve, those of similar organizations will do the same.

Further Israeli efforts to curb terrorism through a cocktail of economic programs and advancements in defensive technologies, such as its integrated air defense system, raise questions about how Hamas and similar groups’ incentive structures may change their calculi in light of evolving state countermeasures. There is no Iron Dome in cyberspace. Militant and terrorist organizations are not changing their strategies of integrating cyber and information operations into their repertoires. Instead, they are finding new means of achieving old goals. Important questions for future research include:

  • If states like Iran transfer increasingly advanced kinetic weaponry to terrorist organizations like Hamas, PIJ, Hezbollah, Kata’ib Hezbollah, and the Houthis, to what extent does this assistance extend to offensive cyber capabilities? What will this support look like in the future, and will these groups depend on state support to sustain their cyber operations?
  • What lessons is Hamas drawing from the past year of relative calm with Israel that may influence the cadence and variety of its cyber operations? How might these lessons influence similar organizations around the world?
  • What sorts of operations, such as financially motivated ransomware and cybercrime, has Hamas not engaged in? Will Hamas and comparable organizations learn from and adopt operations that are similar to other variously motivated non-state actors?
  • What restrictions and incentives can the United States and its allies implement to curb the transfer of cyber capabilities to terrorist organizations?

Cyber capabilities are advancing rapidly worldwide and more advanced technologies are increasingly accessible, enabling relatively weak actors to compete with strong actors like never before. Few controls exist to effectively counter this proliferation of offensive cyber capabilities, and the technical and financial barriers for organizations like Hamas to compete in this domain remain low.90 Either by obtaining and deploying highly impactful tools, or by developing relationships with hacking groups in third-party countries to carry out operations, the threat from Hamas’s cyber and information capabilities will grow.

Just like the group’s rocket terror program, which began with crude, short-range, and inaccurate Qassam rockets that the group cobbled together from scratch, Hamas’s cyber program began with rather unsophisticated tools. Over the years, as the group obtained increasingly sophisticated, accurate, and long-range rockets from external benefactors like Iran, so too have Hamas’s cyber capabilities advanced in scale and sophistication.

Conclusion

Remarking on Hamas’s creative cyber campaigns, a lieutenant colonel in the IDF’s Cyber Directorate noted, “I’m not going to say they are not powerful or weak. They are interesting.”91 Observers should not view Hamas’s foray into cyber operations as an indication of a sudden organizational strategic shift. For its entire existence, the group has used terrorism as a means of garnering public attention and affecting the information environment, seizing strategic opportunities to influence the course of political events. As outside pressures change the group’s incentives to engage in provocative kinetic operations, cyber capabilities present alternative options for Hamas to advance its strategy. Hamas’s cyber capabilities will continue to advance, and the group will likely continue to leverage these tools in ways that will wield maximum influence over the information environment. Understanding how Hamas’s strategy and incentive structure guides its decision to leverage offensive cyber operations can provide insights, on a wider scale, about how non-state actors develop and implement cyber tools, and how the United States and its allies may be better able to counter these trends.

About the author

Acknowledgements

The author would like to thank several individuals, without whose support this report would not look the same. First and foremost, thank you to Trey Herr and Emma Schroeder, director and associate director of the Atlantic Council’s Cyber Statecraft Initiative, respectively, for helping from the start of this effort by participating in collaborative brainstorming sessions and providing extensive editorial feedback throughout. The author also owes a debt of gratitude to several individuals for generously offering their time to review various iterations of this document. Thanks to Ambassador Daniel Shapiro, Shanie Reichman, Yulia Shalomov, Stewart Scott, Madison Cullinan, and additional individuals who shall remain anonymous for valuable insights and feedback throughout the development of this report. Additionally, thank you to Valerie Bilgri for editing and Donald Partyka and Anais Gonzalez for designing the final document.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

1     Michael Schmitt, “Normative Voids and Asymmetry in Cyberspace,” Just Security, December 29, 2014, https://www.justsecurity.org/18685/normative-voids-asymmetry-cyberspace/.
2     Emma Schroeder et al., Hackers, Hoodies, and Helmets: Technology and the Changing Face of Russian Private Military ContractorsAtlantic Council, July 25, 2022, https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/technology-change-and-the-changing-face-of-russian-private-military-contractors; Cecile Schilis-Gallego and Nina Lakhani, “It’s a Free For All: How Hi-Tech Spyware Ends Up in the Hands of Mexico’s Cartels,” Guardian (UK), December 7, 2020, https://www.theguardian.com/world/2020/dec/07/mexico-cartels-drugs-spying-corruption.
3     The White House, National Security Strategy, October 2022, https://www.whitehouse.gov/wp-content/uploads/2022/10/Biden-Harris-Administrations-National-Security-Strategy-10.2022.pdf.; Emma Schroeder, Stewart Scott, and Trey Herr, Victory Reimagined: Toward a More Cohesive US Cyber StrategyAtlantic Council, June 14, 2022, https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/victory-reimagined/.
4     Clare Stouffer, “15 Types of Hackers + Hacking Protection Tips for 2022,” Norton, May 2, 2022, https://us.norton.com/internetsecurity-emerging-threats-types-of-hackers.html#Greenhat.
5     Janne Hakala and Jazlyn Melnychuk, “Russia’s Strategy in Cyberspace,” NATO Strategic Communications Centre of Excellence, June 2021, https://stratcomcoe.org/cuploads/pfiles/Nato-Cyber-Report_15-06-2021.pdf.
6     Roy Iarchy and Eyal Rynkowski, “GoldenCup: New Cyber Threat Targeting World Cup Fans,” Broadcom Software, July 5, 2018, https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans.
7     “Spyware,” MalwareBytes, https://www.malwarebytes.com/spyware.
8     Taylor Armerding, “Golden Cup App Was a World Cup of Trouble,” Synopsys, July 12, 2022, https://www.synopsys.com/blogs/software-security/golden-cup-app-world-cup-trouble/.
9     Yaniv Kubovich, “Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps,” Haaretz, July 3, 2018, https://www.haaretz.com/israel-news/hamas-cyber-ops-spied-on-israeli-soldiers-using-fake-world-cup-app-1.6241773.
11     J.D. Work, Troubled Vision: Understanding Recent Israeli–Iranian Offensive Cyber ExchangesAtlantic Council, July 22, 2020, https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/troubled-vision-understanding-israeli-iranian-offensive-cyber-exchanges/.
12     Amos Harel, “How Deep Has Chinese Intelligence Penetrated Israel?” Haaretz, February 25, 2022, https://www.haaretz.com/israel-news/.premium-how-deep-has-chinese-intelligence-penetrated-israel-1.10633942.
13     “Propaganda, Extremism and Online Recruitment Tactics,” Anti-Defamation League, April 4, 2016, https://www.adl.org/education/resources/tools-and-strategies/table-talk/propaganda-extremism-online-recruitment.
14     Office of the Director of National Intelligence, Annual Threat Assessment of the US Intelligence Community, February 7, 2022, https://www.dni.gov/files/ODNI/documents/assessments/ATA-2022-Unclassified-Report.pdf.
15     National Security Archive, “USCYBERCOM After Action Assessments of Operation GLOWING SYMPHONY,” January 21, 2020, https://nsarchive.gwu.edu/briefing-book/cyber-vault/2020-01-21/uscybercom-after-action-assessments-operation-glowing-symphony.
16     The White House, National Strategy for Counterterrorism of the United States of America, October 2018, https://www.dni.gov/files/NCTC/documents/news_documents/NSCT.pdf.
17     “Hamas: The Palestinian Militant Group That Rules Gaza,” BBC, July 1, 2022, https://www.bbc.com/news/world-middle-east-13331522.
18    “The Covenant of the Islamic Resistance Movement,” August 18, 1988, https://avalon.law.yale.edu/20th_century/hamas.asp.
19    Gur Laish, “The Amorites Iniquity – A Comparative Analysis of Israeli and Hamas Strategies in Gaza,” Infinity Journal 2, no. 2 (Spring 2022), https://www.militarystrategymagazine.com/article/the-amorites-iniquity-a-comparative-analysis-of-israeli-and-hamas-strategies-in-gaza/.
20     Khaled Abu Toameh, “PA Popularity Among Palestinians at an All-Time Low,” Jerusalem Post, November 18, 2021, https://www.jpost.com/middle-east/pa-popularity-among-palestinians-at-an-all-time-low-685438.
21     “16 Killed in Suicide Bombings on Buses in Israel: Hamas Claims Responsibility,” CNN, September 1, 2004, http://edition.cnn.com/2004/WORLD/meast/08/31/mideast/.
22     “Hamas Rocket Fire a War Crime, Human Rights Watch Says,” BBC News, August 12, 2021, https://www.bbc.com/news/world-middle-east-58183968.
23     Isabel Kershner, “Hamas Militants Take Credit for Sniper Attack,” New York Times, March 20, 2007, https://www.nytimes.com/2007/03/20/world/middleeast/19cnd-mideast.html.
24     “Hamas Operatives Launch Incendiary Balloons into Israel,” AP News, September 4, 2021, https://apnews.com/article/technology-middle-east-africa-israel-hamas-6538690359c8de18ef78d34139d05535.
25     Mai Abu Hasaneen, “Israel Targets Hamas Leader after Call to Attack Israelis with ‘Cleaver, Ax or Knife,’” Al-Monitor, May 15, 2022, https://www.al-monitor.com/originals/2022/05/israel-targets-hamas-leader-after-call-attack-israelis-cleaver-ax-or-knife.
26     Ralph Ellis and Michael Schwartz, “Mom Speaks Out on 3 Abducted Teens as Israeli PM Blames Hamas,” CNN, June 15, 2014, https://www.cnn.com/2014/06/15/world/meast/west-bank-jewish-teens-missing.
27     The Palestinian National Authority (PA) is the official governmental body of the State of Palestine, exercising administrative and security control over Area A of the Palestinian Territories, and only administrative control over Area B of the Territories. The PA is controlled by Fatah, Hamas’s most significant political rival, and is the legitimate ruler of the Gaza Strip, although Hamas exercises de facto control of the territory.
28     The Palestine Liberation Organization (PLO) is the political organization that is broadly recognized by the international community as the sole legitimate representative of the Palestinian people. The PLO recognizes Israel, setting it apart from Hamas, which is not a member of the organization.
29    Hamas is designated as a foreign terrorist organization by the US State Department and has earned similar designations from dozens of other countries and international bodies, including Australia, Canada, the European Union, the Organization of American States, Israel, Japan, New Zealand, and the United Kingdom. Jotam Confino, “Calls to Assassinate Hamas Leadership as Terror Death Toll Reaches 19,” Jewish Chronicle, May 12, 2022, https://www.thejc.com/news/world/calls-to-assassinate-hamas-leadership-as-terror-death-tolls-reaches-19-19wCeFxlx3w40gFCKQ9xSx; Byron Kaye, “Australia Lists All of Hamas as a Terrorist Group,” Reuters, March 4, 2022, https://www.reuters.com/world/middle-east/australia-lists-all-hamas-terrorist-group-2022-03-04; Public Safety Canada, “Currently Listed Entities,” Government of Canada, https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cntr-trrrsm/lstd-ntts/crrnt-lstd-ntts-en.aspx; “COUNCIL IMPLEMENTING REGULATION (EU) 2020/19 of 13 January 2020 implementing Article 2(3) of Regulation (EC) No 2580/2001 on Specific Restrictive Measures Directed Against Certain Persons and Entities with a View to Combating Terrorism, and Repealing Implementing Regulation (EU) 2019/1337,” Official Journal of the European Union, January 13, 2020, https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2020:008I:FULL&from=EN; Organization of American States, “Qualification of Hamas as a Terrorist Organization by the OAS General Secretariat,” May 17, 2021, https://www.oas.org/en/media_center/press_release.asp?sCodigo=E-051/21; Ministry of Foreign Affairs, “Japan’s Foreign Policy in Major Diplomatic Fields,” Japan, 2005, https://www.mofa.go.jp/policy/other/bluebook/2005/ch3-a.pdf; “UK Parliament Approves Designation of Hamas as a Terrorist Group,” Haaretz, November 26, 2021, https://www.haaretz.com/israel-news/.premium-u-k-parliament-approves-designation-of-hamas-as-a-terrorist-group-1.10419344.
30     Nathan R. Stein et al., “The Differential Impact of Terrorism on Two Israeli Communities,” American Journal of Orthopsychiatry, American Psychological Association, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3814032/.
31     Robert A. Pape, “The Strategic Logic of Suicide Terrorism,” The American Political Science Review, August 2003, https://www.jstor.org/stable/3117613?seq=6#metadata_info_tab_contents.
32     “Arabs Celebrate Israeli Withdrawal,” South Florida Sun-Sentinel, October 26, 1995, https://www.sun-sentinel.com/news/fl-xpm-1995-10-26-9510260008-story.html.
33    Brent Sadler, “Suicide Bombings Scar Peres’ Political Ambitions,” CNN, May 28, 1996, http://www.cnn.com/WORLD/9605/28/israel.impact/index.html.
34    Akiva Eldar, “The Power Hamas Holds Over Israel’s Elections,” Al-Monitor, February 11, 2020, https://www.al-monitor.com/originals/2020/02/israel-us-palestinians-hamas-donald-trump-peace-plan.html.
35    Yoram Schweitzer, “The Rise and Fall of Suicide Bombings in the Second Intifada,” The Institute for National Security Studies, October 2010, https://www.inss.org.il/wp-content/uploads/sites/2/systemfiles/(FILE)1289896644.pdf; Beverley Milton-Edwards and Stephen Farrell, Hamas: The Islamic Resistance Movement (Polity Press, 2013), https://www.google.com/books/edition/Hamas/ozLNNbwqlAEC?hl=en&gbpv=1.
36    Ministry of Foreign Affairs, “Rocket Fire from Gaza and Ceasefire Violations after Operation Cast Lead (Jan 2009),” State of Israel, March 16, 2016, https://embassies.gov.il/MFA/FOREIGNPOLICY/Terrorism/Pages/Palestinian_ceasefire_violations_since_end_Operation_Cast_Lead.aspx.
37    “PA: Hamas Rockets Are Bid to Sway Israeli Election,” Associated Press, September 2, 2009, https://web.archive.org/web/20090308033654/http://haaretz.com/hasen/spages/1062761.html.
38     National Consortium for the Study of Terrorism and Responses to Terrorism, “Global Terrorism Database,” University of Maryland, https://www.start.umd.edu/gtd/search/Results.aspx?page=2&casualties_type=&casualties_max=&perpetrator=838&count=100&expanded=yes&charttype=line&chart=overtime&ob=GTDID&od=desc#results-table
39     US Congress, House of Representatives, Subcommittee on the Middle East and North Africa and Subcommittee on Terrorism, Nonproliferation, and Trade, Hamas Benefactors: A Network of Terror, Joint Hearing before the Subcommittee on the Middle East and North Africa and the Subcommittee on Terrorism, Nonproliferation, and Trade of the Committee on Foreign Affairs, 113th Congress, September 9, 2014, https://www.govinfo.gov/content/pkg/CHRG-113hhrg89738/html/CHRG-113hhrg89738.htm.
40     “Hamas Faces Risk, Opportunity from Warming Israel–Turkey Ties,” France 24, March 16, 2022, https://www.france24.com/en/live-news/20220316-hamas-faces-risk-opportunity-from-warming-israel-turkey-ties; Sean Mathews, “Israeli Military Officials Sent to Qatar as US Works to Bolster Security Cooperation,” Middle East Eye, July 8, 2022, https://www.middleeasteye.net/news/qatar-israel-military-officials-dispatched-amid-us-efforts-bolster-security.
41     Nitsana Darshan-Leitner, “Qatar is Financing Palestinian Terror and Trying to Hide It,” Jerusalem Post, February 18, 2022, https://www.jpost.com/opinion/article-696824.
42     Shahar Klaiman, “Qatar Pledges $500M to Rebuild Gaza, Hamas Vows Transparency,” Israel Hayom, May 27, 2021, https://www.israelhayom.com/2021/05/27/qatar-pledges-500m-to-gaza-rebuild-hamas-vows-transparency; Jodi Rudoren, “Qatar Emir Visits Gaza, Pledging $400 Million to Hamas,” New York Times, October 23, 2012, https://www.nytimes.com/2012/10/24/world/middleeast/pledging-400-million-qatari-emir-makes-historic-visit-to-gaza-strip.html.
43     Adam Taylor, “With Strikes Targeting Rockets and Tunnels, the Israeli Tactic of ‘Mowing the Grass’ Returns to Gaza,” May 14, 2021, https://www.washingtonpost.com/world/2021/05/14/israel-gaza-history/.
44     “What Just Happened in Gaza?” Israel Policy Forum, YouTube, https://www.youtube.com/watch?v=XqHjQo0ybvM&t=59s.
45     Michael Koplow, “Proof of Concept for a Better Gaza Policy,” Israel Policy Forum, August 11, 2022, https://israelpolicyforum.org/2022/08/11/proof-of-concept-for-a-better-gaza-policy; Tani Goldstein, “The Number of Workers from Gaza Increased, and the Peace Was Maintained,” Zman Yisrael, April 4, 2022, https://www.zman.co.il/302028/popup/.
46     Aaron Boxerman, “Israel to Allow 2,000 More Palestinian Workers to Enter from Gaza,” Times of Israel, June 16, 2022, https://www.timesofisrael.com/israel-to-allow-2000-more-palestinian-workers-to-enter-from-gaza/.
47     “Operation Breaking Dawn Overview,” Israel Policy Forum, August 8, 2022, https://israelpolicyforum.org/2022/08/08/operation-breaking-dawn-overview/.
48     Aaron Boxerman, “Hamas’s Sinwar Threatens a ‘Regional, Religious War’ if Al-Aqsa is Again ‘Violated,’” Times of Israel, April 30, 2022, https://www.timesofisrael.com/sinwar-warns-israel-hamas-wont-hesitate-to-take-any-steps-if-al-aqsa-is-violated/.
49     Safa Shahwan Edwards and Simon Handler, “The 5×5—How Retaliation Shapes Cyber Conflict,” Atlantic Council, https://www.atlanticcouncil.org/commentary/the-5×5-how-retaliation-shapes-cyber-conflict/.
50     Andrew Phillips, “The Asymmetric Nature of Cyber Warfare,” USNI News, October 14, 2012, https://news.usni.org/2012/10/14/asymmetric-nature-cyber-warfare.
51    “Gaza: ICRC Survey Shows Heavy Toll of Chronic Power Shortages on Exhausted Families,” International Committee of the Red Cross, July 29, 2021, https://www.icrcnewsroom.org/story/en/1961/gaza-icrc-survey-shows-heavy-toll-of-chronic-power-shortages-on-exhausted-families.
52    Daniel Avis and Fadwa Hodali, “World Bank to Israel: Let Palestinians Upgrade Mobile Network,” Bloomberg, February 8, 2022, https://www.bloomberg.com/news/articles/2022-02-08/world-bank-to-israel-let-palestinians-upgrade-mobile-network.
53    Israel Defense Forces (@IDF), “CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed,” Twitter, May 5, 2019, https://twitter.com/IDF/status/1125066395010699264.
54    Zak Doffman, “Israel Responds to Cyber Attack with Air Strike on Cyber Attackers in World First,” Forbes, May 6, 2019, https://www.forbes.com/sites/zakdoffman/2019/05/06/israeli-military-strikes-and-destroys-hamas-cyber-hq-in-world-first/?sh=654fbba9afb5.
55    “Turkey Said to Grant Citizenship to Hamas Brass Planning Attacks from Istanbul,” Times of Israel, August 16, 2020, https://www.timesofisrael.com/turkey-said-to-grant-citizenship-to-hamas-brass-planning-attacks-from-istanbul/.
56    Anshel Pfeffer, “Hamas Uses Secret Cyberwar Base in Turkey to Target Enemies,” Times (UK), October 22, 2020, https://www.thetimes.co.uk/article/hamas-running-secret-cyberwar-hq-in-turkey-29mz50sxs.
57    David Shamah, “Qatari Tech Helps Hamas in Tunnels, Rockets: Expert,” Times of Israel, July 31, 2014, https://www.timesofisrael.com/qatari-tech-helps-hamas-in-tunnels-rockets-expert; Dion Nissenbaum, Sune Engel Rasmussen, and Benoit Faucon, “With Iranian Help, Hamas Builds ‘Made in Gaza’ Rockets and Drones to Target Israel,” Wall Street Journal, May 20, 2021, https://www.wsj.com/articles/with-iranian-help-hamas-builds-made-in-gaza-rockets-and-drones-to-target-israel-11621535346.
58     “Internal Security Force (ISF) – Hamas,” Mapping Palestinian Politics, European Council on Foreign Relations, https://ecfr.eu/special/mapping_palestinian_politics/internal_security_force/.
59     “Operation Arid Viper: Bypassing the Iron Dome,” Trend Micro, February 16, 2015, https://www.trendmicro.com/vinfo/es/security/news/cyber-attacks/operation-arid-viper-bypassing-the-iron-dome; “Sexually Explicit Material Used as Lures in Recent Cyber Attacks,” Trend Micro, February 18, 2015, https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/sexually-explicit-material-used-as-lures-in-cyber-attacks?linkId=12425812.
60     “Operation Arid Viper Slithers Back into View,” Proofpoint, September 18, 2015, https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-Back-Into-View.
61     “Hamas Uses Fake Facebook Profiles to Target Israeli Soldiers,” Israel Defense Forces, February 2, 2017, https://www.idf.il/en/minisites/hamas/hamas-uses-fake-facebook-profiles-to-target-israeli-soldiers/.
62     Yossi Melman, “Hamas Attempted to Plant Spyware in ‘Red Alert’ Rocket Siren App,” Jerusalem Post, August 14, 2018, https://www.jpost.com/arab-israeli-conflict/hamas-attempted-to-plant-spyware-in-red-alert-rocket-siren-app-564789.
63     “Hamas Android Malware on IDF Soldiers—This is How it Happened,” Checkpoint, February 16, 2020, https://research.checkpoint.com/2020/hamas-android-malware-on-idf-soldiers-this-is-how-it-happened/.
64     Yaniv Kubovich, “Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps,” Haaretz, July 3, 2018, https://www.haaretz.com/israel-news/hamas-cyber-ops-spied-on-israeli-soldiers-using-fake-world-cup-app-1.6241773; Ben Caspit, “Gilad Shalit’s Capture, in His Own Words,” Jerusalem Post, March 30, 2013, https://www.jpost.com/features/in-thespotlight/gilad-schalits-capture-in-his-own-words-part-ii-308198.
65     Omer Benjakob, “Exposed Hamas Espionage Campaign Against Israelis Shows ‘New Levels of Sophistication,’” Haaretz, April 7, 2022, https://www.haaretz.com/israel-news/tech-news/2022-04-07/ty-article/.premium/exposed-hamas-espionage-campaign-shows-new-levels-of-sophistication/00000180-5b9c-dc66-a392-7fdf14ff0000.
66     Cybereason Nocturnus, “Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials,” Cybereason, April 6, 2022, https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials?hs_amp=true.
67     Cybereason Nocturnus, “New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign,” Cybereason, December 9, 2020, https://www.cybereason.com/blog/new-malware-arsenal-abusing-cloud-platforms-in-middle-east-espionage-campaign.
68     Sean Lyngaas, “Hackers Leverage Facebook, Dropbox to Spy on Egypt, Palestinians,” December 9, 2020, CyberScoop, https://www.cyberscoop.com/molerats-cybereason-gaza-espionage-palestine/.
69     Adnan Abu Amer, “Hamas Holds Internal Elections Ahead of Palestinian General Elections,” Al-Monitor, February 26, 2021, https://www.al-monitor.com/originals/2021/02/hamas-internal-elections-gaza-west-bank-palestinian.html.
71     “Hamas Kills 22 Suspected ‘Collaborators,’” Times of Israel, August 22, 2014, https://www.timesofisrael.com/hamas-said-to-kill-11-suspected-collaborators; “Hamas Executes Three ‘Israel Collaborators’ in Gaza,” BBC, April 6, 2017, https://www.bbc.com/news/world-middle-east-39513190.
72     James Shires, “Hack-and-Leak Operations and US Cyber Policy,” War on the Rocks, August 14, 2020, https://warontherocks.com/2020/08/the-simulation-of-scandal/.
73     Ben Tufft, “Hamas Claims it Hacked IDF Computers to Leak Sensitive Details of Previous Operations,” Independent, December 14, 2014, https://www.independent.co.uk/news/world/middle-east/hamas-claims-it-hacked-idf-computers-to-leak-sensitive-details-of-previous-operations-9923742.html.
74     Tova Dvorin, “Hamas: ‘We Hacked into IDF Computers,’” Israel National News, December 14, 2014, https://www.israelnationalnews.com/news/188618#.VI2CKiusV8E
75     Ari Yashar, “IDF Kills Hamas Terrorists Who Breached Border,” Israel National News, July 8, 2014, https://www.israelnationalnews.com/news/182666; Gil Ronen and Tova Dvorin, “Terrorists Tunnel into Israel: Two Soldiers Killed,” Israel National News, July 19, 2014, https://www.israelnationalnews.com/news/183076.
76     “Website Defacement Attack,” Imperva, https://www.imperva.com/learn/application-security/website-defacement-attack/.
77     Omer Dostri, “Hamas Cyber Activity Against Israel,” The Jerusalem Institute for Strategy and Security, October 15, 2018, https://jiss.org.il/en/dostri-hamas-cyber-activity-against-israel/.
78     WAQAS, “Israel’s Channel 10 TV Station Hacked by Hamas,” Hackread, July 16, 2014, https://www.hackread.com/hamas-hacks-israels-channel-10-tv-station/.
79     Joseph Marks, “Ukraine is Turning to Hacktivists for Help,” Washington Post, March 1, 2022, https://www.washingtonpost.com/politics/2022/03/01/ukraine-is-turning-hacktivists-help/.
80     “Israeli Websites Offline of ‘Maintenance’ as Hamas Praises Hackers,” The National, January 15, 2012, https://www.thenationalnews.com/world/mena/israeli-websites-offline-of-maintenance-as-hamas-praises-hackers-1.406178.
81     Dov Lieber and Adam Rasgon, “Hamas Media Campaign Urges Attacks on Jews by Palestinians in Israel and West Bank,” Wall Street Journal, May 2, 2022, https://www.wsj.com/articles/hamas-media-campaign-urges-attacks-on-jews-by-palestinians-in-israel-and-west-bank-11651511641.
82     “Hamas Interior Ministry to Social Media Activists: Always Call the Dead ‘Innocent Civilians’; Don’t Post Photos of Rockets Being Fired from Civilian Population Centers,” Middle East Media Research Institute, July 17, 2014, https://www.memri.org/reports/hamas-interior-ministry-social-media-activists-always-call-dead-innocent-civilians-dont-post#_edn1.
83     Joseph Krauss, “Poll Finds 80% of Palestinians Want Abbas to Resign,” AP News, September 21, 2021, https://apnews.com/article/middle-east-jerusalem-israel-mahmoud-abbas-hamas-5a716da863a603ab5f117548ea85379d.
84     Patrick Kingsley and Isabel Kershner, “Israel’s Government Collapses, Setting Up 5th Election in 3 Years,” New York Times, June 20, 2022, https://www.nytimes.com/2022/06/20/world/middleeast/israel-election-government-collapse.html.
85     Patrick Howell O’Neill, “Why Security Experts Are Braced for the Next Election Hack-and-Leak,” MIT Technology Review, September 29, 2020, https://www.technologyreview.com/2020/09/29/1009101/why-security-experts-are-braced-for-the-next-election-hack-and-leak/.
86     Eric Lipton, David E. Sanger, and Scott Shane, “The Perfect Weapon: How Russian Cyberpower Invaded the US,” New York Times, December 13, 2016, https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html.
87     Ben Samuels, “No Normalization with Israel Until Two-State Solution Reached, Saudi FM Says,” Haaretz, July 16, 2022, https://www.haaretz.com/middle-east-news/2022-07-16/ty-article/.premium/no-normalization-with-israel-until-two-state-solution-reached-saudi-fm-says/00000182-0614-d213-adda-17bd7b2d0000.
88     Ibrahim Fraihat, “Palestine: Still Key to Stability in the Middle East,” Brookings Institution, January 28, 2016, https://www.brookings.edu/opinions/palestine-still-key-to-stability-in-the-middle-east/.
89     Israel Foreign Ministry, “The Charter of Allah: The Platform of the Islamic Resistance Movement (Hamas),” Information Division, https://irp.fas.org/world/para/docs/880818.htm.
90     “The Proliferation of Offensive Cyber Capabilities,” Cyber Statecraft Initiative, Digital Forensic Research Lab, Atlantic Council, https://www.atlanticcouncil.org/programs/digital-forensic-research-lab/cyber-statecraft-initiative/the-proliferation-of-offensive-cyber-capabilities/.
91     Neri Zilber, “Inside the Cyber Honey Traps of Hamas,” The Daily Beast, March 1, 2020, https://www.thedailybeast.com/inside-the-cyber-honey-traps-of-hamas.

The post The cyber strategy and operations of Hamas: Green flags and green hats appeared first on Atlantic Council.

]]>
Sipher quoted in Business Insider on why Putin’s KGB past is key https://www.atlanticcouncil.org/insight-impact/in-the-news/sipher-quoted-in-business-insider-on-why-putins-kgb-past-is-key/ Sat, 05 Nov 2022 18:02:00 +0000 https://www.atlanticcouncil.org/?p=600557 The post Sipher quoted in Business Insider on why Putin’s KGB past is key appeared first on Atlantic Council.

]]>

The post Sipher quoted in Business Insider on why Putin’s KGB past is key appeared first on Atlantic Council.

]]>
In brief: A ten-step guide to transforming intelligence sharing with US allies https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/in-brief-a-ten-step-guide-to-transforming-intelligence-sharing-with-us-allies/ Thu, 03 Nov 2022 16:40:49 +0000 https://www.atlanticcouncil.org/?p=581485 The Atlantic Council presents ten practical recommendations to enhance intelligence sharing with US allies, improve strategic warning, and bolster collective security.

The post In brief: A ten-step guide to transforming intelligence sharing with US allies appeared first on Atlantic Council.

]]>

Top lines

  • The US intelligence community should entirely remove the NOFORN (Not for Release to Foreign Nationals) caveat—which restricts sharing classified information with any foreign nationals—for personnel from Australia, Canada, New Zealand, and the United Kingdom working in US intelligence agencies.
  • Allies should make sharing easier by developing joint requirements to collect intelligence. If they start from the same questions, sharing the answers may be easier.
  • Open-source intelligence is the way of the future and will help overcome burdens to sharing information.

THE DIAGNOSIS

Enhancing intelligence sharing is a perennial issue, so why the focus now? The war in Ukraine has proven an inflection point not just for the transatlantic community, but also for the sharing of intelligence within that community. As the US-led counterterrorism response after the 9/11 attacks also demonstrated, political will and a shared threat assessment can spur states to surge intelligence sharing—even with non-traditional partners. As an entity that exists to provide strategic warning, the US intelligence community can no longer afford to wait for crises to remove critical barriers to information sharing.

Simultaneously, technological advances in information management are changing the way the intelligence community must function if it is to remain relevant. Emerging disruptive technologies like artificial intelligence (AI) and machine learning, coupled with the sheer volume of data now available, mean there is a great opportunity to automate the foreign disclosure process.

THE PRESCRIPTION

With the right political will, there are steps the intelligence community and intelligence officers can take to revamp their policies, processes, and culture in order to share more intelligence with allies and partners.

  1. Remove the NOFORN caveat for Five Eyes representatives in US agencies.

    For personnel from Five Eyes (FVEY) allies—Australia, Canada, New Zealand, and the United Kingdom—who are working in US intelligence agencies, the removal of the NOFORN caveat would ensure that they have full access to as much information as possible and thus that they can fulfill their responsibilities completely and efficiently.
  2. Adopt “Releasable to FVEY” as the default classification for finished intelligence products.

    Empower the US director of national intelligence with greater authority to oversee the intelligence sharing process across the intelligence community, and create a centralized clearinghouse function within the Office of the Director of National Intelligence. Similarly empower the undersecretary of defense for intelligence and security within the Department of Defense. By centralizing authority in these positions and releasing intelligence to the other Five Eyes allies, the intelligence community can begin to make sharing information, not classifying it, the default.
  3. Devise a template to define and standardize intelligence sharing classifications.

    This process could be streamlined through a template attached to every finished intelligence product that notes the question the intelligence answers, specifies which allies to share the intelligence with, and includes any caveats.
  4. Classify single-source reporting at the NOFORN level on rare occasions, and adopt a common referencing system for single-source intelligence reports.

    Currently, single-source reporting—such as intelligence gathered by satellite or human assets—is often classified at the NOFORN level by default. This should be the exception, not the rule, and only occur when actually needed to protect sources and methods.
  5. Develop joint intelligence requirements with allies.

    Developing requirements together would result in releasable collection plans and shareable finished intelligence. It would also contribute to more even burden-sharing and optimize collection capabilities.
  6. Explore AI and machine learning applications to automate the foreign disclosure process.
  7. Maximize the use of open-source intelligence to enable increased sharing with allies without risking sources and methods.

    This will require greater integration of open-source intelligence (and resources committed to it) by US intelligence agencies.
  8. Establish and sustain a network of officers committed to facilitating intelligence sharing.

    Increase embeds, liaisons, and exchange personnel. A formalized cadre of officers in senior grades in the intelligence community and across Five Eyes agencies could ease information sharing. Requiring intelligence professionals to attend a Five Eyes officer certification program as a prerequisite to promotion would instill these values early.
  9. Change the risk calculus of intelligence sharing at the analytical level.

    Analysts at the working level assume most of the risk for deciding which intelligence to share, a heavy burden that discourages release because of the potential for serious penalties both for the individual analyst (who could lose their security clearance or job) and US national security (if information that shouldn’t be released is). Enhanced education and training, greater risk assumption at the leadership level, and the support of a greater network of foreign disclosure professionals would remedy this.
  10. Undertake a comprehensive review of policy guidance to remove policy constraints, encourage intelligence sharing, and ensure a uniform approach.

BOTTOM LINES

The difficulties—bureaucratic, cultural, and legal—of sharing information plague not only the intelligence community but also other government agencies and private industry. Similar barriers prevent government agencies from sharing classified military information with each other or with private industry. Companies struggle to share commercially sensitive information. Moreover, these barriers are slowing the pace of Western technological innovation. This has wide-ranging defense implications, and some of the recommendations above could be applied in this scope as well.

Intelligence is at its core about trust. For the recommendations above to be implemented, both intelligence providers and consumers must prove they can protect the information itself and, even more critically, the sources and methods required to obtain it. A comprehensive counterintelligence strategy, more frequent security training and education, and more consistent protocols will go a long way in ensuring the success of the policies outlined above.

Like what you read? Dive deep into our full report.

Issue Brief

Oct 31, 2022

Beyond NOFORN: Solutions for increased intelligence sharing among allies

By AVM Sean Corbett, CB MBE and James Danoy

Intelligence sharing is a perennial issue, but modern solutions exist to balance enhancing cooperation with key allies with providing decision advantage to policymakers.

Defense Policy Europe & Eurasia

Related program

The Transatlantic Security Initiative, in the Scowcroft Center for Strategy and Security, shapes and influences the debate on the greatest security challenges facing the North Atlantic Alliance and its key partners.

Subscribe for more content

Subscribe for events and publications on transatlantic security

Sign up for updates from the Atlantic Council’s Transatlantic Security Initiative, covering the debate on the greatest security challenges facing the North Atlantic Alliance and its key partners.



  • This field is for validation purposes and should be left unchanged.

The post In brief: A ten-step guide to transforming intelligence sharing with US allies appeared first on Atlantic Council.

]]>
Beyond NOFORN: Solutions for increased intelligence sharing among allies https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/beyond-noforn-solutions-for-increased-intelligence-sharing-among-allies/ Mon, 31 Oct 2022 14:00:00 +0000 https://www.atlanticcouncil.org/?p=557191 Intelligence sharing is a perennial issue, but modern solutions exist to balance enhancing cooperation with key allies with providing decision advantage to policymakers.

The post Beyond NOFORN: Solutions for increased intelligence sharing among allies appeared first on Atlantic Council.

]]>

Three things to know now

  • The US intelligence community should remove the NOFORN caveat entirely for Five Eyes representatives working in US intelligence agencies.
  • Allies should collect intelligence with joint requirements to streamline intelligence sharing.
  • Open source intelligence is the way of the future and will help overcome burdens to sharing information.

Foreword

As any good policymaker, planner, or military commander will tell you, the formulation and execution of an effective national security strategy is dependent on the availability of sound intelligence. Today’s complex security environment requires the cooperation and collaboration of like-minded nations to deal with a multitude of challenges. Facilitating the timely and robust sharing of intelligence among allies and partners therefore is critical to the development of a common understanding of global threats and a common approach to address those threats.

Governments quite rightly protect their intelligence sources, methods, and collection capabilities as critical national assets, but this must be balanced against the need to share high quality intelligence with allies and partners to ensure a compelling and united imperative to act. This dilemma has posed an enduring challenge to both policymakers and the intelligence community within the United States, as well as its allies and partners. With a federated approach to intelligence and an emphasis above all on protecting national capabilities, the priority has remained firmly on risk aversion. This has been a source of frustration for the United States’ most trusted international allies, some of which have adopted a more pragmatic approach. Where the political will is great enough, workarounds do exist. The Russian invasion of Ukraine has prompted a small revolution in better intelligence sharing, but unfortunately, this circumstance is the exception to the rule and not the norm. Even where there has been a desire at the leadership level to increase and enhance sharing, it has not translated into the instigation of a new systemic approach where information can be shared properly, and with the requisite sense of urgency.

This issue brief unpacks why intelligence sharing is so difficult and why, despite senior level attention, progress has been limited. It explores the factors inhibiting intelligence sharing at an unprecedented level of detail, importantly offering practical solutions. Co-written by a British former senior intelligence officer who spent two years within the US intelligence community enhancing intelligence sharing with close allies, and a former US national intelligence manager for Europe, the paper analyzes how policy, processes, and people can be addressed to deliver constructive, practical solutions without compromising sources and methods.

Leveraging a series of interviews and conversations with distinguished senior leaders from within the community, the Atlantic Council is breaking new ground with this issue brief and the overall message is this: a comprehensive approach that balances the vested interests and unique constraints of the US intelligence community with the real-time benefits of intelligence sharing will only make us collectively stronger, more unified and more secure as an alliance. But this can only be accomplished by revising Cold War-era sharing policies and practices, removing outdated classification caveats, and changing institutional cultures, while simultaneously protecting sources and methods and fostering sound counterintelligence and security. While there is always a risk involved in sharing intelligence, the greater risk lies in failing to develop a common intelligence picture of the threats of the twenty-first century. The future path is clear: increasing intelligence sharing among trusted allies and partners on security issues of common concern is in the best interest both of the United States and its allies and partners.

Lt Gen James Clapper, USAF (Ret.)

Former Director of National Intelligence

Read our in-brief summary of this report

Executive Summary

Nov 3, 2022

In brief: A ten-step guide to transforming intelligence sharing with US allies

By Transatlantic Security Initiative

The Atlantic Council presents ten practical recommendations to enhance intelligence sharing with US allies, improve strategic warning, and bolster collective security.

Defense Policy Defense Technologies

Introduction: The challenge

In an increasingly connected world in which threats to global and national security are diverse, complex, and intensifying, information sharing among trusted allies and partners is essential to the formulation and implementation of any coordinated strategy. Despite this reality, national policy, security, process, and cultural considerations continue to limit the ability to optimize these relationships. One critical area in which efforts are underway to formalize and maximize information sharing between trusted allies is the US intelligence community (IC). Intelligence sharing between trusted allies and partners provides a critical component of international relationships, as it enables a common and more complete appreciation of a given environment or crisis, supports coalition coherence on operations, enables collaboration on capability development, and facilitates strategic and military planning. It also fosters fundamental trust between like-minded nations, where the provision of intelligence can be a highly effective tool of diplomacy. However, the secretive nature of intelligence, the need to protect sources and methods, and the federated approach within US IC elements continue to frustrate efforts to optimize the ability to share intelligence, even with the closest of allies. Many of the existing relevant policies and processes are dated, constructed in the pre-digital age, and inadequate for addressing contemporary global security challenges. With few exceptions, and despite the best of intentions, intelligence sharing is uneven, remains the exception rather than the norm, and the prospect of simultaneity at the point of need is remote. At the organizational level, local initiatives have made progress at the edges, particularly where leadership is supportive, but all efforts are constrained by policy, process, and regulation. Risk aversion, resource limitations, competing priorities, and cultural inertia further act as disincentives. Changing this status quo will require significant cross-community prioritization, starting with direction from the very top. It will need a coherent and integrated cross-IC effort, particularly with respect to policy revision, a different approach to risk, and a parallel, bottom-up approach where personal risk is reduced, and initiatives rewarded.

The current Ukraine crisis and the US-led counterterrorist response to 9/11 have both demonstrated an ability to surge intelligence sharing, even with non-traditional partners, where political will exists at the highest level and it is imperative to address a serious contemporary security challenge. This indicates that restrictive information-sharing practices and policies are not immutable but rather self-imposed and malleable. Policymakers should not wait until a crisis or conflict erupts to remove impediments to information sharing. For the IC, whose main mission is to predict and warn of potential crises to provide decision-support to policymakers, planners, and operators, this reactive approach is inadequate. Best practices must be identified, systemic and procedural constraints assessed, and measures adopted to ensure they contribute to an enduring strategic inflection.


Knowledge is a rare thing. You gain by giving it away.”

Ivan Sutherland

The time is right to address this issue, for two reasons. First, enhanced situational awareness among allies is needed to ensure a comprehensive, collaborative approach to addressing serious security challenges at a global inflection point. Second, technological advances in the way information is handled are changing the way the IC must function if it is to remain relevant. The sheer volume of data now available, both classified and unclassified, requires a progressive approach to information handling, using artificial intelligence (AI) and machine learning (ML) techniques, often involving direct machine-to-machine interfacing. As these tools develop and mature, they must also accommodate an increasingly automated approach to information sharing.

The aim

Noting that intelligence is only one form of information, the aim of this paper is to capture the impediments to optimizing intelligence sharing between the United States and its closest allies and make practical recommendations as to how these impediments can be overcome. In doing so, it also addresses many issues surrounding the sharing of more generic but sensitive information.

The methodology

The methodology included a review of historical and current literature and publicly available policy documents, as well as a series of discrete individual interviews with several senior former executives from the US intelligence community (IC), all of whom have had distinguished careers in the full spectrum of IC activities and organizations. A policy workshop with very senior US and UK policy, IC, and defense leaders was also held, and identified challenges were banded into three broad themes that accommodate the complexity of the issue: policy (including regulatory), processes (including technological), and people (institutional and organizational culture), recognizing there are clear and significant overlap and dependencies existing between them, and none can be considered in isolation.

The issue

The challenges and why they matter

The 9/11 Commission Report identified several systemic deficiencies that prevented the totality of relevant data from being combined to predict the terrorist attacks. Included among these were structural, procedural, and human factors that prevented terrorist-related intelligence from being shared internally between agencies and externally with allies and partners. The report noted that “the problem is nearly intractable because of the way government is currently structured. Lines of operational authority run to the expanding executive departments, and they are guarded for understandable reasons.” Several of the major recommendations have been implemented, but many challenges endure and remain intractable. Some progress has been made around intelligence sharing in the years since 9/11, particularly in the context of counterterrorism and the duty to warn of potential terrorist attacks, but even local initiatives to enhance intelligence sharing with trusted allies and partners are hamstrung by many of these same issues. They impact a broad range of intelligence-related and intelligence-informed protocols such as strategic and operational planning, achieving common situational awareness, exchanging sensitive technology, and joint capability development initiatives. This has resulted in a general frustration that extant policies and processes do not support the intent and result in a risk averse approach. Many of these issues were reflected in the conversations with interviewees and it became clear while there are still steps that can be taken within extant regulations, major institutional hurdles will remain unless addressed in a strategic and coherent manner, with sufficient direction and prioritization at the highest policy level.

All interviewees were strongly in favor of intelligence sharing among allies and partners.

One interviewee stated they were, “not sure there is such a thing as too much intelligence sharing, as long as the appropriate security conditions are met.”

There were, however, nuanced perspectives of how much progress has been made, and how far intelligence sharing should be taken. Considering the example of the Five Eyes1 (FVEY) Sensitive Compartmented Information Facility (SCIF) in the Pentagon, one interviewee lamented the protracted bureaucracy that delayed its full establishment, noting administrative impediments remain at a time when the Ukraine conflict requires extended working hours and constant dialogue with incumbents’ home capitals. There were also differing views as to where the impediments to intelligence sharing were most keenly felt, depending on individual backgrounds and previous roles. Some felt intelligence sharing was optimized at the operational and tactical level, where there exists the greatest imperative, force integration, and familiarity with cooperation, while others experienced serious impediments to operating effectively in a coalition environment.

Which model?

While a generic intelligence sharing model was recognized as the most efficient, it would be extremely challenging to implement. Alliances and partnerships are often complex, based on trust, geopolitical consideration, and mutual need. At their tightest, in exceptional circumstances, bilateral arrangements even remain applicable where exquisite collection capabilities are hosted on a second party’s territory, or to address discrete, sensitive bilateral security challenges. Each bilateral relationship looks different however, and enabling necessary resources and bureaucracy involved can be a significant lift. The FVEY alliance has become the most visible allied intelligence sharing process and policy, providing the benchmark against which other intelligence sharing relationships are measured. It is worth noting that each of the non-US FVEY member nations also maintain discrete bilateral intelligence-related relations with the United States, based around issues of mutual national interest, geopolitical priorities, and hosted intelligence collection capabilities.

All interviewees defaulted to the FVEY as the optimum model for intelligence sharing, predominantly due to shared values, standards, national interests, and language, but also because the muscle memory already exists—the FVEY relationship has developed over a considerable period.2 The geographical spread of the FVEY partners also facilitates greater access to intelligence collection opportunities not readily available to all and, through far-flung regional alliances and partnerships, FVEY members can enable broader coalitions and intelligence sharing to address specific issues. There is an additional clear recognition of the need to share some intelligence with individual nations and coalitions beyond the FVEY, depending on security requirements and levels of trust. Small ad hoc groupings, or mini-laterals (such as with some Asia-Pacific nations), will become increasingly important as global security challenges evolve with a new emphasis on China, and there needs to be a way to adapt any intelligence sharing mechanisms to new coalitions and partners as situations dictate. The disparate challenges and requirements, therefore, pointed all those interviewed toward a tiered model (as opposed to a one-size-fits-all solution) as the best approach from a national security perspective. However, the policy implication and resource challenges of this approach were noted, and it was also highlighted that reviewed policies and processes should always accommodate a flexible model. One interviewee underscored the sensitivities of nations not in the club, particularly at the operational level, where it can be obvious when select nations have an intelligence advantage. They noted that, “as the circle grows, it becomes more challenging, with haves and have nots, and the risks increase. It’s not just about sharing the appropriate information, it’s who’s left on the outside. In coalition environments, people find out about small group meetings, etc. and feelings become hurt, trust is lost.”

Policy

Policy constraints were recognized as primary impediments to intelligence sharing at all levels, although this is a complex and multi-faceted issue. It was further noted that policy directly impacts both processes and culture. Get the policy right and the rest follows. However, the federated and distributed nature of authorities within the IC and defense, as well as the sheer number of applicable policies and directives, made this extremely challenging. Several examples below illustrate the scale of the challenge.

Intelligence Community Directives

US policies regarding intelligence sharing are primarily articulated in Intelligence Community Directives (ICD), the custodian of which is the Office of the Director of National Intelligence (ODNI). The primary ICD quoted when considering intelligence sharing policy is ICD 403, Foreign Disclosure and Release of Classified National Intelligence. This is supported by subordinated Intelligence Policy Guidance 403.1 (Criteria for Foreign Disclosure and release of Classified National Intelligence) and 403.2 (Procedures for Foreign Disclosure and Release Requiring Interagency Coordination, Notification and DNI Approval). Additional ICDs apply, however, including ICD 208 (Maximizing the Utility of Analytical Products), ICD 209 (Tearline Production and Dissemination), and ICD 710 (Classification Management and Control Markings System), supported by ICPG 710.2/403.5 (Application of Dissemination Controls: Foreign Disclosure and Release Markings).3

US Director of National Intelligence, Avril Haines visits NATO and meets with NATO Deputy Secretary General Mircea Geoană

While the authority for ICDs is clear,4 policy development and coordination in practice is a collaborative process through the Intelligence Community Policy Review Board (IC-PRB), an advisory body to inform the development of policy and ensure an inclusive and collaborative process comprising deputy leaders from IC elements, and the Intelligence Policy Advisory Group (IPAG), comprising senior policy representatives from each IC element.

A common thread throughout the interviews was the extent to which authority lies within a single body for each of the FVEY nations. As one interviewee noted, “within the [United States] it’s a federated process. The DNI can write policies across the board, but can only go so far unless given more authority. They encourage and inform team activity rather than direct. In military terms, there is no OPCON [Operational Control] inside ODNI, which instead provides commander’s intent—information sharing policy is aspirational. All sorts of other policies surround it, technical, personnel, which makes it very difficult. It has to take all of these into account and is a jumbled mess.” Another interviewee put it more starkly: “the [United States] does not have any info sharing policies at all. It has information security policies and information sharing exceptions to those policies.”

IC policy development therefore requires consensus and the IC elements (i.e., IC agencies) play the critical role. This matters as some IC elements are significantly less comfortable with sharing intelligence than others and thus prioritize control of their source material over shareability. ICD 403, for example, last reviewed in March 2013, explicitly states that “Foreign disclosure and release actions can provide crucial support to national and foreign policy objectives. The production of intelligence reports and products at a level suitable for foreign disclosure and release supports both the IC and US policy makers. IC elements, therefore, in accordance with US national security and foreign policy objectives, should produce intelligence products and reports marked for foreign disclosure or release.” However, it also states that “US intelligence is a national asset to be conserved and protected and will be shared with foreign entities only when consistent with US national security and foreign policy objectives and when an identifiable benefit can be expected to accrue to the [United States].” It further states that “the authority within IC elements to make foreign disclosure and release decisions rests with IC element heads, SFRDAs [Senior Foreign Disclosure Officers] and FDROs [Foreign Disclosure and Release Officers].” Therefore, policy in this area is qualified, open to interpretation, and, in some places, contradictory. For those more risk-averse IC elements, the policy as it stands can be interpreted to support a default setting to NOFORN.


Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it.”

Alan Perlis

The 9/11 Commission Report is illustrative here, articulating that “too many agencies now have an opportunity to say no to change.” It recommended the establishment of a National Intelligence Director (NID) to “set information sharing and IT policies to [maximize] data sharing, as well as policies to protect the security of information.” This balance between optimizing intelligence sharing and ensuring that information is suitably protected is the nexus of the challenge. The aforementioned recommendation led to the creation of the ODNI, but the authorities required to direct IC elements were not implemented as envisaged by the report.

As long as the IC elements have responsibility for authorizing foreign disclosure, they will maintain associated resource calculations. Formal, senior-level decision-making processes and procedures to authorize foreign disclosure and the guidance are needed. ICD 403 states that “generally, originating agencies shall respond to routine foreign disclosure and release authorization requests with seven working days.” While this may appear rapid in strategic terms, intelligence reporting requirements are often time-sensitive, and the time necessary to approve disclosure does not encourage analysts to seek that approval. This is linked both to extant processes and organizational culture, which are discussed later.

Department of Defense policy

For the DoD, policy for the release of intelligence to trusted allies and partners is even more complex and federated. Given that DoD intelligence agencies constitute nine of the eighteen US IC entities and over half the IC budget, this presents a significant challenge to enhancing intelligence sharing. The release of multi-source finished intelligence, such as that produced by the Defense Intelligence Agency (DIA), in which source material from national intelligence agencies is used, is subject to ICDs. However, where intelligence is derived exclusively from organic defense assets or is qualified as classified military information (CMI), DoD policy applies under National Disclosure Policy (NDP). NDP governs the disclosure of US classified military information to foreign governments and international organizations and is subordinate to the National Security Decision Memorandum (NSDM) 119, for which responsibility is jointly assigned to the secretaries of state and defense. NDP-1 implements this policy and is issued by the secretary of defense with the concurrence of the secretaries of state and energy and the director of national intelligence. Department of Defense Directives (DoDD) implement the NDP within the DoD. DoDD 5143.01 details the responsibilities and functions, relationships, and authorities of the under secretary of defense for intelligence and security (USD(I&S)) and was, importantly, revised in April 2020 to transfer authority for the development of DoD personnel security policy and guidance and the DoD Information Security Program. This matters since, as articulated by two of the interviewees, a key impediment to intelligence sharing within the DoD was that while USDI&S was responsible for DoD intelligence policy, USDP was responsible for how that intelligence was handled, leading to a degree of confusion and inconsistency. The April 2020 review appears to have partly resolved this issue by bringing security policy under the renamed USD(I&S), although some relevant issues, including information security and foreign disclosure, remain under USDP authority. DoDD 5240.01, DoD Intelligence Activities was revised in November 2020 to reflect these changes and provide policy guidance for intelligence sharing within the US Defense Intelligence and DoD components, as well as with other government agencies, the IC, and external partners. It is worded in the most definitive manner of all the policy guidance reviewed by the authors of this paper as follows:

4.5.2. The broadest possible sharing of intelligence with coalition and approved partner countries shall be accomplished unless otherwise precluded from release by law, explicit direction, or policy.
4.5.3. Original classifiers shall draft intelligence products with a presumption of release
and in such a manner as to allow the widest dissemination to allies, coalitions, and international organizations.

However, it still provides a get out clause by deferring to policy, although it is not explicit as to what that policy is. Furthermore, disclosure of Classified Military Information (CMI) to foreign governments and international organizations is covered through a separate directive, DoDD 5230.11, currently under the authority of USD(P). CMI is defined in the DoDD as “information originated by or for the Department of Defense or its Agencies . . . may be in oral, visual or material form.” It further subdivides CMI into eight categories, one of which is Category 8 – Military Intelligence, defined as “information of a military character pertaining to foreign nations. This category of information does not include national intelligence or sensitive compartmented information under the purview of the Director of Central Intelligence.” The fact that DoDD still references the DCI (replaced in 2005 by the DNI) demonstrates how dated the policy is.

The depth of policy analysis detailed above may have dissuaded the casual reader from reading any further, but it highlights a fundamental reason why intelligence sharing with trusted allies and partners is suboptimal. Only the most avid policy expert would be able to reconcile the various policy documents that apply to intelligence sharing and, even then, the degree of ambiguity leaves significant scope for interpretation. The busy analyst is therefore far more likely to opt for the safe option of defaulting to NOFORN, particularly within the processes and culture that exist within their working environment.

One of the more radical but potentially impactful proposals put forward by a distinguished former very senior IC leader was to eliminate the NOFORN caveat altogether for FVEY representatives embedded in each other’s intelligence footprint. This would be achieved by extending dual-citizenship privileges and obligations to those involved for the duration of their assignment, with an expectation that the other FVEY members introduce reciprocal arrangements.

Policy recommendations

Undertake a comprehensive review of policy guidance to remove policy constraints, encourage intelligence sharing, and ensure a uniform approach.

Policy guidance in this area is complex, federated, open to interpretation, occasionally contradictory, and in many cases defaults to sharing by exception only. Intelligence Community Directives (ICDs) are reviewed in isolation, and many are out-of-date, written in a different age. A comprehensive, coherent review of cascaded policy and policy guidance, that more explicitly encourages intelligence sharing (within appropriate national security bounds), while time consuming and resource intensive, would go a long way to removing perceived policy constraints and encouraging a ubiquity of approach.

Empower the Director of National Intelligence with greater authority to oversee the intelligence sharing process. Adopt “Releasable to FVEY” as the default classification.

The Director of National Intelligence (DNI) should have greater vested authority over the intelligence sharing process, initially establishing policies in partnership with intelligence community (IC) elements to maximize intelligence sharing within specific and limited NOFORN (not for release to foreign nationals) guidance. Adopting “Releasable to FVEY” (the Five Eyes Alliance) as the default IC classification, with specific justification required for the use of a NOFORN or “US Only” classification, should be prioritized. The DNI should further both have executive authority to ensure policy is followed and participate in a National Security Council (NSC) executive committee that can resolve significant disputes. The DNI should set the rules for, direct, and control disclosure policy for all IC products and the US under secretary of defense for intelligence & security (USD(I&S)) for all US Department of Defense (DoD)-derived intelligence.

Empower the under secretary of defense for intelligence and security.

Responsibility for classified military information (CMI) should be transferred from the under secretary of defense for policy (USD(P)) to USD(I&S).

Devise a template with parameters to define and standardize intelligence sharing classifications.

At the highest national level, a policy statement setting the strategic guidance should be considered: e.g., to ensure the security, prosperity, and commercial and intellectual advantage of the nation, we should be able to share:

  • [specify purpose] intelligence with [defined] allies and partners within [given time period], the exception being [specific national and security caveats].

 

 

 

 

Remove the NOFORN caveat entirely.

For FVEY personnel working in US IC spaces, the removal of the NOFORN caveat entirely for the duration of their assignment, by affording the privileges and obligations of dual-citizen status, would ensure they are fully integrated and able to fill their role completely and efficiently.

Process

The challenge

Process5 is closely linked to policy, in that processes are adopted according to the understanding of the policies within which they operate. As detailed above, where policies are open to interpretation, processes are likely to be risk averse. Within the IC, the primary end state is generally associated with providing the best possible intelligence outputs to key decisionmakers in a timely and efficient manner. Timeliness is a key factor, but intelligence sharing is uneven across the community. The collection agencies are, understandably, highly protective of the material they produce, and are reluctant to lose control of their output. Multi-source intelligence producing agencies, such as the DIA, are heavily dependent on single-source collection agencies for their source material and therefore they must abide by each agency’s individual sharing protocols. This makes it difficult for them to write for release, as they invariably need to revert to the appropriate source agency for release authority. This requires time and resources, and is therefore extremely inefficient—by the time release authority is provided, or tearlines produced, it is often too late to be of use.

Ironically, where allied inter-agency cooperation, coordination, and even integration is long established (such as between the FVEY SIGINT organizations), it is often easier to share within the same discipline of the partner nations than to share across agencies within the same nation. One of the reasons for this is the priority afforded by each of the agencies to ORCON (Originators Control), highlighted by one of the interviewees as a key impediment to intelligence sharing. For example, at DIA, permission to share or even discuss a US Central Intelligence Agency (CIA) HUMINT or US National Security Agency (NSA) SIGINT report within FVEY had to go to each agency to determine if they had already shared it with a FVEY partner. Sometimes they had not, and the process to secure permission for the future was often long and bureaucratic. Even when it had been previously shared, confirmation would still often take weeks. The tracking numbering system for reports is changed at each stage of the process and could be streamlined by standardizing the referencing system to at least provide a consistent awareness of what was being shared. To secure disclosure for display to intelligence services outside the FVEY consortium was even more arduous and time consuming.

A consistent theme during the interviews was Write for Release versus Collect for Release. As one interviewee noted, “collect for release is a good approach, but should start at the beginning of the process, in which collection requirements are produced at a releasable level. Coordinating the collection effort by engaging early with allies and partners will both determine what they already have and ensure economy of effort. Setting collection requirements at a Higher Classification should only occur for particularly sensitive collection capabilities and sources. Protecting your intelligence gaps from partners will not allow them to fill those gaps.” Establishing intelligence requirements and collection plans with trusted partners and then filtering source reporting to remove only the most sensitive material would negate the need for analytic organizations to retrospectively request downgrades, since material collected should already be at a releasable classification. This model has worked well at the operational level, for example in Afghanistan, where coalition partners declared organic collection assets and allowed them to be tasked against agreed priority information requirements. This approach would be more challenging for nationally controlled strategic assets whose capabilities are more sensitive, however.

Set requirements and collect information with allies in mind.

Establishing intelligence requirements and collection plans with trusted partners and then filtering source reporting to remove only the most sensitive material would negate the need for analytic organizations to retrospectively request downgrades.

The provision of single-source reporting at a releasable level by IC elements would clearly be fundamental to improved intelligence sharing. There will always be exceptions, dependent on the sensitivity and fragility of the source. In the counterterrorism (CT) role, for example, analysts often need more detail on the source to provide high value insights, but this should become the norm. Defaulting to a releasable level would likely be a highly unpopular proposition, but addressing the classification issue as close to the start of the collection process as possible would negate much of the bureaucracy involved in retrospectively downgrading source reporting, and the entire report writing process would be more efficient. Instead of having to write a report multiple times, depending on the audience, the analyst would only have to write one version. It would, however, place additional resource burden on the originating organization, which would have to invest more heavily in their own clearance procedures and foreign disclosure expertise. A more palatable alternative to putting the onus for downgrading source material on IC collection elements would be to develop a centralized clearinghouse under DNI to review material to maximize releasability. It would still need to be fully resourced, likely with IC element representatives, and would require the compliance and support of IC elements and the DoD, but would provide a single focal point to increase efficiency.

Foreign disclosure professionals

Within the DoD, a foreign disclosure officer (FDO) cadre is maintained both to enable release of single-source reports to allies and partners and to facilitate the release of multi-source reporting. Each of the other IC elements are believed to have professionals filling a similar role. Within the DoD, there is internal friction over the numbers and role of FDOs, as they are seen to take numbers otherwise dedicated to the analytical workforce. Consequently, analysts are often tasked with an FDO role as an additional duty, with minimal training and often with no real capacity to take on the duty, to the detriment of the process. There is inconsistency in how the foreign disclosure process is implemented and there is not sufficient critical mass and dedication to maintain a professional FDO workstream. This is an enduring issue and was identified in the Inspector general evaluation of intelligence sharing in Operation Inherent Resolve as a key finding; “The DoD Foreign Disclosure Officer Program lacks a tracking management system, professionalization structure and standardized training, which inhibits sharing information with OIR PN [Operation Inherent Resolve partner nations].” Since then, some progress has been made in improving FDO training and establishing a handful of additional dedicated FDO positions within the DoD, however progress has been piecemeal, under-resourced, and does not appear to have made a demonstrable impact. As one interviewee put it, “education about where the help lies is important, but people forget about FDOs. The process needs to be industrialized and standardized. It all depends on leadership priorities—if leadership puts the priority at the right level needed to invest (e.g., FDOs), then we have a chance.” Associated with this is the requirement to better articulate and delegate the authorities and responsibilities of the FDO, and therefore better empower them. For example, the RELIDO (Releasable by an Information Disclosure Officer) marking, widely used by the IC, has not been adopted by the DoD.


Perfection has to do with the end product, but excellence has to do with the process.”

Jerry Moran

The dependency on single-source IC element reporting and a dearth of foreign disclosure capability within the DoD combined significantly reduce the ability to share their products. This contrasts with the Australian Defence Intelligence Organisation (DIO) model, which, as agreed by all interviewees, demonstrates best practice and merits further investigation. Here, the default classification for every finished intelligence product is Releasable FVEY. Anything written for release at a higher classification level requires strong justification and very senior level sign-off.

The technology challenge

Advances in technology, such as AI and ML, are strongly considered by all stakeholders as potentially game changing for intelligence sharing, particularly given the huge amount of data now being collected. As one put it, “faster decision making will be needed, informed by voluminous data sets. Today’s way of doing business (manual FDO process, tear lines, and reviews) isn’t going to cut it when you have massive data lakes, advanced data processing, and AI/ML tools to help make sense of that data at machine speed.” It will become unrealistic to manually vet each piece of data, and confidence levels will need to shift from individual data-points (which could comprise billions of files at a time) to the process and the data source. The question as to where the foreign disclosure process fits within a machine-to-machine environment will need to be addressed, particularly with true AI where the algorithm self-learns. Therefore, while all those interviewed considered technology to be an opportunity rather than a threat, it was nevertheless recognized that it would be extremely challenging to apply AI techniques to the disclosure process and there was a long way to go before machine-to-machine interfacing algorithms would be sufficiently trusted and able to automate this process in toto. Lessons could be learned from commercial big data and social media platforms, however, many of which address similar challenges. Media companies, for example, were struggling to identify risks across their platforms and started to use AI to flag information that looks suspicious—highlighting areas for humans to triage. If trained correctly, ML is very good at pattern matching, although applying it to intelligence will require an incremental approach and be subject to trial and error in a controlled environment. The level of risk would need to be calibrated and probably not appropriate for highly sensitive compartments. All the interviewees believed that a bounded, small-scale test case would present the best initial approach, and one opined that the twenty- and fifty-year review cycles for releasability of classified IC documents may be an appropriate start point. Once this has been trialed successfully, it could be adopted for a low-risk subset of current intelligence, such as non-traditional issues like the arctic or climate change, which would have reduced risk and could potentially be widely shared. A higher visibility, more strategically relevant example, such as the exchange of information required to enable the Australia, United Kingdom, United States (AUKUS) security partnership, may attract more support and resources, but with greater risk. Ultimately, AI methodology will need to be applied throughout the community, from the strategic to theatre level time-sensitive intelligence challenges, such as the joint all-domain command and control (JAD C2) missile tracking case, where a networked approach to sharing near-real time information between platforms and allies will be useful.

Not embracing technology is a significant risk to intelligence sharing. As national information integration strategies drive the adoption of cloud computing and human-machine interfacing, associated mutual protocols and controls and accreditation must be developed in parallel to accommodate an ability to share systemically. Without this capability, intelligence sharing in any meaningful way may become impossible.

Information exchange mechanisms

There are pragmatic impediments to increased intelligence sharing, caused by myriad platforms and information technology (IT) systems maintained by nations and agencies that were developed in isolation and often deliberately configured not to communicate with each other. Within the UK, for example, there is a deliberate policy to air-gap defense intelligence from the Single Intelligence Account (UK intelligence agencies), which therefore limits the amount of source material able to be shared and disseminated. A similar arrangement exists in the United States, where each agency maintains its own system despite huge efforts to develop a single Desk Top Environment within the IC. The situation is compounded by the different accreditation processes and standards, for example between the United States and the United Kingdom, where national versions of STONEGHOST (the jointly sponsored FVEY Above Secret Defense IT system), are not fully aligned. As the US IC moves to a Public Key Infrastructure (PKI) approach, this may address the technical information exchange challenge, although the technology currently lags behind the intent and even searching for e-mail addresses online, live chat, and sending e-mails between partners is difficult. A shift to zero trust architectures should help. One positive regarding information exchange mechanisms is the recognition and acceptance, between the FVEY partners, of each other’s security clearance standards and practices. Even here though, existing process and bureaucracy impede the efficient passing of clearances to facilitate meetings and dialogue. Clearances have to be manually forwarded on a case-by-case basis well in advance of events and it is not unusual for delays to the process to prevent attendees from actually participating. Typically, clearance passing is required six weeks in advance, which often precludes short-notice meetings, for example in support of joint contingency planning. A regularly updated, common FVEY database in which all FVEY cleared personnel are maintained with their respective clearances would go a long way in addressing this issue. This may not be as simple as it sounds due to different standards adopted by individual agencies and would require dedicated resources to keep current by each FVEY partner, but it would likely be more efficient than the current individual push-pull process.

Open Source Intelligence

Leveraging insights and analyses derived from publicly available information (PAI) and commercially available information (CAI) was also considered a potentially valuable tool in facilitating intelligence sharing at the more classified level. The development of very high-quality commercial sensors, the explosion of data accessed through the Internet, and the ability to curate and filter that data has changed the intelligence landscape and while there will always be a need for highly classified government intelligence derived from exquisite sources, OSINT can often now facilitate information sharing without compromising sources and methods, as evidenced with the war in Ukraine. As the IC becomes more comfortable with and explores the benefits of OSINT and the relationship with open source providers matures, this trend is likely to continue and become increasingly important.

Process recommendations

Classify single-source reporting at the NOFORN level on rare occasions.

Single-source intelligence collection normally happens at the NOFORN level. At times, this is to specifically protect sources and methods, but it is often merely a default setting. IC collection agencies should adopt a policy and practice of classifying single-source reporting at the NOFORN level by exception only. This would need to be enabled by an increase in empowered foreign disclosure experts at the IC element level.

Develop joint intelligence requirements with allies to enable releasable collection plans and ensure allied buy-in.

Baking in a collaborative approach to the entire intelligence cycle would go a long way to regularize intelligence sharing. The development of joint intelligence requirements with trusted allies and partners through a collaborative process, at every level of command and within each IC element on issues of mutual interest, would enable the creation of releasable collection plans in which relevant trusted allies and partners are both actively involved in the development of the requirements and contribute to collection activities. In turn, this would significantly increase the ability to produce source reporting at the releasable (REL) level, with the added benefits of burden-sharing and optimizing collection capabilities.

Create a centralized clearinghouse function in the ODNI.

Eliminating the originator controlled (ORCON) caveat for most IC agency released intelligence reports would forgo the need to secure permission from the collecting agency. An alternative would be having a centralized clearinghouse under the DNI, with representatives from each IC element to downgrade source reporting to the appropriate releasable level. In all cases, a substantial uplift of suitably trained and qualified foreign disclosure (FD) professionals would be needed.

Adopt a common referencing system for single-source intelligence reports.

A unified, common referencing system for all single-source intelligence reports should be adopted to allow their distribution to be tracked easily, both between agencies and with allies.

Explore artificial intelligence and machine learning applications to automate the foreign disclosure process.

As the technology matures, the application of artificial intelligence (AI) and machine learning (ML) technology to facilitate big data wrangling and processing, within cloud environments and at the edge, will inevitably change the way the IC does business. This provides a huge opportunity to, in parallel, address the intelligence sharing issue. A discrete trial, potentially using low risk historical IC data due for review, could be used to develop algorithms that, where practicable, conduct the foreign disclosure process in an automated manner.

Maximize usage of open source intelligence.

Maximum utilization of open source intelligence (OSINT) by the IC would present an ideal mechanism to share the findings of sensitive intelligence with a broad range of allies and partners without compromising sensitive sources and methods. To be successful, this would require OSINT to be further adopted and embraced by IC elements and greater resources be committed to developing processes to operationalize this approach. The unclassified element of the National Geospatial-Intelligence Agency (NGA) St. Louis may provide a suitable template.

People

The burden

As one interviewee described it, culture is “where the rubber hits the road” and is very personality driven, with differences arising, for instance, between people who are and are not risk averse. “While [people cannot be standardized], setting a tone from the top for risk acceptance is the key.” Another opined that, “culture needs to be fully encompassing; workplace and institutional culture are important, but they are woven into policies and processes, and we can’t delink the three.” There are very few within the IC who still do not philosophically believe in sharing intelligence outside of national boundaries. The greatest individual impediment, agreed by all those interviewed, is simply the additional burden on the analyst to go the extra mile, particularly as they tend to be extremely busy and working within tight deadlines. For this reason, middle level management often discourages writing for release and analysts feel disincentivized. An additional element is risk aversion, in which analysts are indoctrinated about the consequences of accidental breaches by security specialists. There is also an educational and training element, which does not adequately both underscore the mutual benefits of intelligence sharing and increase awareness of processes that must be followed and the help that is available, for example through empowered foreign disclosure experts.

The frozen middle level of management was often highlighted as a particular challenge when pursuing increased intelligence sharing. This was considered to be in part due to risk aversion and resource limitation, but there also exists an issue with education and training. As one of those interviewed opined, “we bring in senior leaders from industry and academia at the cutting edge of technology and we criticize the frozen middle, but what are we doing to help them? We are not sending them to Silicon Valley or out on op rotation or to foreign LO appointments. We should be offering these opportunities at the GG 14 & 15 level.”

Risk vs. reward

Taken together, these issues ensure a climate in which analysts often consider costs of intelligence sharing to outweigh benefits. What is in it for them? Culture takes a long time to evolve and can only be fully achieved through an alignment of policies, processes, education, and incentivization over a sustained period, and genuine buy-in from leadership at all levels.

This challenge was reflected in the 9/11 Commission Report and the risk aversion culture does not appear to have changed since its publication; “Each agency has its own security practices. Current security requirements nurture over classification and excessive compartmentation of information among agencies. Each agency’s incentive structure opposes sharing, with risks (criminal, civil, and internal administrative sanctions) but few rewards for sharing information.” While guidance and encouragement can come from the very top, behaviors will not be changed without mechanisms that protect individuals at the functional level. There is a huge difference between espionage and inadvertent disclosure and, for the latter, mitigation and punishment need to be regularized. It is currently a very much personality- and organization-driven approach. As argued by one of the interviewees, “leadership must be involved here. Someone has to assume the risk; it won’t work at an individual level without someone with the authority to protect the analyst. It is a personality-driven process right now.” An ability to quantify risk is an associated issue. Finished intelligence, by definition, has been through a rigorous editing and approval process, and the chances of a serious disclosure breach are minimal. Additionally, FVEY partners take their responsibilities to protect extremely seriously and even in the event of an inadvertent disclosure, damage is likely to be minimal.  

Reverse engineering

There is often a perception that the higher the classification marking, the better the report (or at least the greater credibility and attention it is afforded). Both authors have personally witnessed this, including deliberate re-classifications of releasable reporting to NOFORN in misguided attempts to increase credibility. In some cases, the opposite is true, in that allies and partners can fill intelligence gaps and provide unique context to a given problem set. To an extent, this issue relates to the interpretation of analytical tradecraft, which requires all relevant source material to be considered and referenced when compiling a report. This results in the overall classification of any report in which NOFORN material has even been considered, but not used, to default to NOFORN. Underpinning any intelligence sharing process is trust: trust in the data, analysis, and partner. A key enabler therefore is partners adopting common analytical standards and tradecraft. Using common terminology, definitions, and techniques ensures shared reporting can be trusted, and its value understood. While some progress has been made in this area within the FVEY, there has been a reluctance to completely adopt a fully integrated approach.


Culture makes people understand each other better. And if they understand each other better in their soul, it is easier to overcome the economic and political barriers. But first they have to understand that their neighbor is, in the end, just like them, with the same problems, the same questions.”

Paolo Coelho

Working together

The disproportionately positive value of routinely working in collaboration with allies and partners, either virtually or, even better, in the same workspace (embeds, liaisons, and exchange personnel), was highlighted by all those interviewed, each of whom had filled one or more of those roles in the past. Some IC elements were better than others at facilitating this collaboration and some over-interpreted the policy to the extent that even embeds were not afforded the access they needed to become fully integrated and included. The trend towards establishing FVEY centers within DoD organizations as a mechanism to encourage intelligence sharing is very much a double-edged sword. They demonstrate a positive and proactive intent by leaders, provide a helpful clearing house and information conduit, and perform an advisory role. However, as discrete entities often physically dislocated from the rest of the organization in which they sit, they can actually prevent the normalization of working with allies and inculcate an attitude among analysts of intelligence integration being conducted somewhere else. Familiarization, dedicated trust building, and fostering a sense that members are a valued part of a wider team where each partner has skin in the game and genuinely contributes, was considered a strong force multiplier, both at the strategic HQ and deployed levels.

Culture recommendations

Establish and sustain a network of officers committed to facilitating intelligence sharing.

Currently, there is too much personality involved in facilitating intelligence sharing, requiring the right people to be in the right positions. There is a need to institutionalize the process, making it less dependent on individuals. This will require both prioritization by leadership and attention to governance and legal issues. A formalized network of key joint and integrated intelligence officer positions should be established, strategically placed at senior and mid-level grades within the FVEY partner services, mandated and empowered to facilitate intelligence sharing and overcome institutional and cultural barriers. This could be accompanied by the creation of a FVEY officer certification program, a designation which could be a pre-requisite to attain the senior ranks of each respective national intelligence service.

Change the risk calculus of intelligence sharing at the analytical level.

Changing risk calculation is a key facilitator of intelligence sharing at the analytical level. This can be done through education and training, and by leadership at the organizational level adopting more risk. There is a huge difference between inadvertent disclosure and spying—checks and balances already exist to address this difference and should be reinforced to mitigate the former, when necessary. This will require additional FD professionals at the organizational level, and a recalibration of information security policies.

Increase embeds, liaisons, and exchange personnel to encourage intelligence sharing.

Familiarization, collaboration, and integration between trusted allies and partners is the best way to facilitate a positive culture to encourage intelligence sharing. This should be achieved by increasing numbers of embeds, liaisons, and exchange personnel, both at headquarters (HQs) and deployed on operations. This needs to be two-way, however, and will need additional resources (financial and personnel) to be applied by trusted allies and partners.

Other considerations

Classified military information (CMI)

Although outside the direct scope of this study, the ability to share commercially sensitive information and CMI, between both defense and industry and business to business, suffers from similar policy challenges to intelligence sharing and has a significant impact on technological collaboration. At the leadership level, all are being encouraged to collaborate with emerging technological capabilities, but US export control policy, as it stands, is incompatible and restrictive. The issue is similar to that of intelligence sharing as a dispersed inter-agency issue. The State Department has responsibility for International Traffic in Arms Regulations (ITAR) policy, the Commerce Department has export relations, and ODNI and IC elements review all requests to share tech and data with allies. CMI policy constraints have further implications for defense planning, exercising, war-gaming, and capability development.

Counterintelligence

Finally, any consideration for increased intelligence sharing must be accompanied by a comprehensive and integrated counterintelligence (CI) strategy. Related to issues of trust and risk management, one of the most widely expressed concerns of US intelligence officials associated with the issue of intelligence sharing beyond the FVEY was the ability of partners to protect intelligence being shared. In order to proceed with a more robust intelligence sharing regime, it must be demonstrated that both provider and receiver of shared intelligence are committed to implementing sound counterintelligence and security measures to ensure shared intelligence does not come into the possession of adversaries. This will require increased focus on CI and security training and education, certification protocols, and constant monitoring, particularly as it pertains to the establishment of new intelligence partnerships.

Conclusion

Impediments to sharing intelligence between trusted allies and partners have both political and practical implications well beyond the confines of the IC. They prevent a common understanding of global, regional, and national security risks; impede strategic and operational planning between the United States and its allies; impact crisis response; and impede both force and capability development and technology and industrial collaboration. They also undermine trust. Existing policies and processes related to intelligence sharing are inadequate, engender a highly risk averse attitude, and are often ultimately unable to address time-sensitive or dynamic issues. Simply put, NOFORN, as the default classification of the US IC, is no longer a viable policy and practice to address the fast-moving and complex global security challenges which require greater collaboration between the United States and its allies and partners to solve. While there has been laudable effort conducted at local levels to optimize intelligence exchange, progress has been largely piecemeal and is approaching the limits of what can be interpreted within the existing framework. As national information management and integration strategies embrace and adopt transformative technologies, including cloud computing, AI/ML, machine-to-machine interfacing, and eventually quantum computing in order to cope with the huge amounts of data now available, the current, heavily human-centric way of sharing intelligence will become obsolete and may even actively prevent the ability to share information in the future.

The paper identifies many of the systemic constraints present in intelligence sharing and identifies several solutions—some of which will be culturally and institutionally unpalatable, but without which real progress will be unachievable. Many of these constraints were identified in the 9/11 Commission Report, which, while heavily focused on internal intelligence sharing, also reflected many challenges of broader intelligence sharing. Senior stakeholders engaged in the development of the paper revealed that several of the impediments identified in that report remain valid today.

Real progress is dependent on two critical factors. The first factor is the need for sufficient political will and high-level direction to address the issue in an institutional manner, affording it the priority and resources needed. Intelligence sharing is often seen as an IC-exclusive issue, but, as described above, has much wider implications and is often a critical enabler for work on strategically important issues. Successful execution of the AUKUS security partnership, for example, will be highly dependent on an ability to share sensitive information, which is currently proving extremely challenging. Without direction from the highest level and authority to act vested in a single individual or organization, the incentive for change will remain limited. As queried in the 9/11 Commission Report, “who is the Quarterback”? In a highly federated model such as the US IC, buy-in and leadership from the IC elements will be essential to a collaborative approach. But this collaboration must adopt a position of forward-thinking ambitious intent that avoids doing the bare minimum. The second factor is the need to address the issue in a holistic manner, which encompasses policy, process, and mindset, within both the IC and DoD. It is not enough to review individual ICDs or DoDDs in isolation, and cross-departmental cooperation and coherence is essential. In an environment in which changing policy is often seen as an anathema, the importance of the key roles of cultural evolution and dedicated resources in adopting this approach should not be underestimated.

Lastly, while this paper focused almost exclusively on what needs to be done within the US intelligence establishment, US allies and partners have a similar role to play in optimizing intelligence sharing. They need to reciprocate with their own resources, as well as cohere and adapt their own information management capabilities and mechanisms to accommodate the new model of information exchange, earning the enduring trust of the United States by demonstrating a rigorous process to protect US-derived intelligence in an appropriate manner. In taking a proactive approach to intelligence sharing, the genuine concerns of inadvertent disclosure must be addressed, and the proper protection of critical national capabilities, methods, and sources must be afforded the attention they merit.

Acknowledgements

This publication was produced in part with support from the United Kingdom under the auspices of a project focused on rethinking alliances for the 21st century. The views expressed within are those of the authors and do not represent the official positions of His Majesty’s Government or the Atlantic Council.

About the authors

AVM Sean Corbett, CB MBE is the CEO of InSight Global and is retired from a 30-year career as a professional intelligence officer with the UK Royal Air Force.

James Danoy is a nonresident senior fellow with the Atlantic Council’s Scowcroft Center for Strategy and Security and a former US defense intelligence executive with the Defense Intelligence Agency.

This issue brief is written and published in accordance with the Atlantic Council Policy on Intellectual Independence. The authors are solely responsible for its analysis and recommendations. The Atlantic Council and its donors do not determine, nor do they necessarily endorse or advocate for, any of this issue brief’s conclusions.

Icon acknowledgements: Policy icon made by Kiranshastry from www.flaticon.com; Process icon made by Freepik from www.flaticon.com; People icon made by photo3idea_studio from www.flaticon.com.

1    The Five Eyes intelligence sharing alliance consists of Australia, Canada, New Zealand, the United Kingdom, and the United States.
2    Formerly including DOMEPLATE (DIE), DISCCUS (USDI&S), IPF(DNI), and for the GEOINT discipline, ASG, each of which met on a regular basis, twice a year. These bodies were suboptimal due to their different intelligence-related structures and authorities in each country but have since been streamlined under the governance of the Five Eyes Intelligence Oversight and Review Council (FIORC), although less formal working level meetings still occur.
3    Each of the ICDs is reviewed independently and many of them are now extremely dated.
4    ICD 101 Intelligence Community Policy System “establishes the IC policy system which is comprised of a hierarchy of policy documents; processes for the development, coordination, and evaluation of policy; and a governance structure to advise the Director of National Intelligence DNI) or the DNI’s designees regarding policy issues.” Of note, it also “delegates decision authority for the promulgation of certain policies and delineates the roles and responsibilities of the Office of the DNI, IC elements, and Functional Managers.” For more, see: “Intelligence Community Directive 101 Technical Amendment: Intelligence Community Policy System,” Office of the Director of National Intelligence, October 22, 2019, https://www.dni.gov/files/documents/ICD/ICD_101.pdf.
5    Defined in the OED as a series of actions or steps taken to achieve a particular end.

The post Beyond NOFORN: Solutions for increased intelligence sharing among allies appeared first on Atlantic Council.

]]>
AC Selects: China’s 20th Party Congress, the Indo-Pacific theatre & the intelligence community https://www.atlanticcouncil.org/content-series/ac-selects/ac-selects-chinas-20th-party-congress-the-indo-pacific-theatre-the-intelligence-community/ Wed, 26 Oct 2022 19:23:40 +0000 https://www.atlanticcouncil.org/?p=579706 The Forward Defense Initiative hosts three separate events discussing the uncertain Naval security environment, how the United States can maintain a credible deterrent against China in the next decade, and intelligence reform.

The post AC Selects: China’s 20th Party Congress, the Indo-Pacific theatre & the intelligence community appeared first on Atlantic Council.

]]>
The Forward Defense Initiative hosts three separate events discussing the uncertain Naval security environment, how the United States can maintain a credible deterrent against China in the next decade, and intelligence reform.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post AC Selects: China’s 20th Party Congress, the Indo-Pacific theatre & the intelligence community appeared first on Atlantic Council.

]]>
Congressional oversight of intelligence for great-power competition https://www.atlanticcouncil.org/commentary/event-recap/congressional-oversight-of-intelligence-for-great-power-competition/ Tue, 18 Oct 2022 14:24:57 +0000 https://www.atlanticcouncil.org/?p=576141 Missed our October 4 event on intelligence committee and community reform? Then read the recap here.

The post Congressional oversight of intelligence for great-power competition appeared first on Atlantic Council.

]]>
On October 4, the Scowcroft Center’s Forward Defense practice hosted a hybrid public event on the topic of “Intelligence Community and Intelligence Community Reform.” The event was part of a series sponsored by the minority members of the House Permanent Select Committee on Intelligence (HPSCI) titled Beyond the SCIF. The event focused on how HPSCI can adjust its work––and that of the US intelligence community at large––to refocus from counterterrorism to great-power competition. The experts agreed that the great-power challenge will require a bipartisan approach to intelligence oversight that encourages the adoption of open-source intelligence and places an emphasis on integrating the expertise of other committees.

The event was moderated by Ranking Member Michael Turner (R-OH). The expert panel included Undersecretary Kari A. Bingen, Senior Fellow and Director, Aerospace Security Project, Center for Strategic and International Studies and Former Deputy Under Secretary of Defense for Intelligence and Security; Representative Jane Harman, Distinguished Fellow and President Emerita, Wilson Center and Former Ranking Member, US House Permanent Select Committee on Intelligence; Dr. Matthew Kroenig, Director of Studies and Acting Director, Scowcroft Center for Strategy and Security, Atlantic Council; and Representative Glenn Nye, President & CEO, Center for the Study of the Presidency & Congress and Former Member, US House Armed Services Committee.

Reorienting to great-power competition

The most prominent theme of the panel was the challenge involved in shifting the intelligence community from a mission focused on counterterrorism to collection and analysis for great-power competition. Bingen noted that twenty years focusing on counterterrorism had “atrophied” the intelligence community’s capabilities when it came to operating in more contested environments. Kroenig observed that, during the War on Terror, the intelligence community had become very skilled at exquisite data collection and targeting of individual high-value targets. He argued that great-power competition required a shift in focus from data collection to more strategic analysis.

A whole-of-nation approach

Harnessing the aggregate power of the United States to compete with China and Russia has become an increasingly significant focus for policymakers. The panelists contended that HPSCI’s approach to intelligence should reflect this. Bingen remarked that policymakers frequently struggle because they only see half the picture, either intelligence on adversaries (the “red team”) or on US capabilities (the “blue team”). Emphasizing that information must be more broadly distributed across committees, Harman and Turner suggested that lawmakers would be better off having access to both “blue” and “red” team information.

Importance of bipartisanship

The panelists heartily agreed that a bipartisan approach on the intelligence committee would be vital for effectively conducting its work. The emerging bipartisan consensus in Washington on prioritizing competition with China might serve as a catalyst for future bipartisanship on HPSCI. Nye and Harman both praised Turner for fostering such a spirit in his time on HPSCI, noting that an advantage of HPSCI historically has been its bipartisan ethos.

Harnessing OSINT and new technology

New technology and the rise of open-source intelligence (OSINT) are dramatically changing how the intelligence community should operate. Nye underlined how the Biden administration’s release of intelligence before Russia’s February 2022 invasion of Ukraine shows how intelligence can be part of information operations. The war in Ukraine is an example of OSINT being actively harnessed by both warfighters and the public to assist in warfighting and shaping the information environment. Harman noted that publicly available commercial satellite imaging has become a highly beneficial source of intelligence. New technologies like machine learning and automated language translation should be better harnessed, according to Bingen, to allow intelligence analysts to make sense of the mass of data now available to them from these sources.

Reforming classification and attracting the intelligence workforce of tomorrow

The panel agreed that an ongoing challenge that the HPSCI needs to address is the over-classification of information. Harman remarked that, while in Congress, she had championed legislation aimed at increasing first responders’ access to relevant intelligence and improving information flow between local, state, and federal law enforcement and intelligence agencies.

Over-classification and the glacial-paced security clearance process are major also obstacles to harnessing and recruiting new personnel. Harman suggested a system of partial clearance be created so individuals with relevant skills could still be consulted by the intelligence community. Nye and Turner observed that they have repeatedly heard from college-age constituents that the lengthy security-clearance process was a major impediment to pursuing a career with the intelligence community.

You can re-watch “Intelligence Community and Intelligence Community Reform” here. For more information about the Atlantic Council’s Forward Defense practice or to read our latest reports, op-eds, and analyses, please visit the website here. You can also sign up for updates from Forward Defense to hear the latest on the trends, technologies, and military challenges shaping tomorrow.

Aidan Poling is a Young Global Professional in the Forward Defense Practice and second-year master’s student in the Georgetown Security Studies Program.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Congressional oversight of intelligence for great-power competition appeared first on Atlantic Council.

]]>
Meet the Ukrainian TV star fundraising millions for the country’s war effort https://www.atlanticcouncil.org/blogs/ukrainealert/meet-the-ukrainian-tv-star-fundraising-millions-for-the-countrys-war-effort/ Thu, 13 Oct 2022 21:49:01 +0000 https://www.atlanticcouncil.org/?p=575566 TV host Serhiy Prytula is being tipped by many as a rising star of Ukrainian politics but for now he is fully occupied in his current role leading crowdfunding efforts for the Ukrainian Armed Forces.

The post Meet the Ukrainian TV star fundraising millions for the country’s war effort appeared first on Atlantic Council.

]]>
Editor’s Note: This article is part of the GENERATION UA series, which aims to introduce international audiences to the emerging generation of Ukrainian public figures and politicians.

It’s been a busy year for one of Ukraine’s most famous TV stars as he takes on a new wartime role. Serhiy Prytula’s crowdfunding efforts for the Ukrainian military have grown into a pillar of the country’s civil society and a symbol of Ukraine’s remarkable resistance to Vladimir Putin’s invasion.

Prytula first opened the eponymous Charity Foundation of Serhiy Prytula as an aid organization in 2020 in response to the Covid-19 pandemic. A longtime supporter of the Ukrainian military since Russia’s invasion of Ukraine first began in 2014 with the seizure of Crimea, Prytula mobilized his foundation to help coordinate the public response to Russia’s February 24 attack. The foundation has grown rapidly over the past eight months as it has provided military support to Ukrainian troops and humanitarian aid to civilians.

Public trust in the foundation was evident in early October when Prytula raised more than nine million dollars in just 24 hours to purchase kamikaze drones following a series of Russian airstrikes in Kyiv and other Ukrainian cities. Prytula had earlier demonstrated his fundraising potential during summer 2022 when he led the “People’s Bayraktar” project, a crowdfunding effort to buy three Bayraktar drones for the Ukrainian military.

When Turkish defense company Baykar offered to send the drones for free, Prytula decided to use the funds raised to buy a satellite instead. His foundation contracted one of the most advanced commercial satellite providers to help the Ukrainian military get high-resolution images of Russian formations more quickly in daylight, at night, and through cloud cover.

Prytula tells UkraineAlert that the satellite decision reflected Ukraine’s military needs. “Bayraktar is a well-known brand here in Ukraine. Many people understand how well these drones work so we thought that we could raise money for them,” he says. Indeed, Bayraktar drones have proved highly effective against Russian armor, with Ukrainians even singing wartime songs in their honor. But when Baykar said they would provide the drones free of charge, Prytula turned to Ukraine’s Defense Ministry. “We had a meeting with Minister of Defense Oleksii Reznikov, who asked us to check on the possibility of buying a satellite. So we did.”

Ukraine’s frontline military units rely on small reconnaissance drones and satellite imagery to find and target Russian positions. But most drones are prone to Russian electrical jamming, while satellite image-sharing from Western countries often arrives too slowly to be of immediate use. According to Prytula, his foundation’s satellite can cut the image-sharing transfer time from two days to three or four hours, making it much more useful. Most importantly, the Ukrainian military controls the satellite now and can decide for itself where to look.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

While Prytula has been civically engaged since his university days, the 41-year-old spent much of his career as a TV presenter and comedian. He made his name as a Ukrainian-speaking comic on the stand-up show Comedy Club Ukraine, before hitting the big time with Ukraine’s Noviy Kanal (New Channel). Prytula earned a reputation as one of Ukraine’s most versatile comic presenters, hosting the nation’s favorite morning TV show “Wake up” and a number of game shows.

He tried his hand at politics in the 2019 parliamentary elections as a candidate for the pro-European Holos party. The elections yielded 20 seats for Holos, but at 30th on the party list, Prytula did not enter parliament. Instead, he ran for mayor of Kyiv in 2020 and came in third with eight percent of the vote. In 2021, Prytula left Holos and later announced that he would form a new political party.

When asked if he still has plans to create a political party of his own, Prytula’s tone hardens. “We have no politicians in Ukraine these days. You cannot be a politician when your country is under fire. I have no other plans now except to stay alive and do everything that I can for our victory.”

There is a certain logic to this position. Since February 24, Ukrainian politicians have largely avoided the pitched partisan battles that have often poisoned the country’s politics. Even so, wartime public opinion polling regularly shows Prytula among the country’s most well-known public figures. Meanwhile, his foundation ranks among the most recognizable charities in Ukraine.

If he does go back into politics, Prytula has a good chance of rapidly establishing himself as one of Ukraine’s rising political forces. He has the name recognition to gain traction in the country’s personality-driven politics and also boasts humanitarian credentials that set him apart from many of Kyiv’s current elite.

The former showman is not convinced he will continue in his TV career. “I had a lot of different TV shows, but you can only be a good entertainer if you feel inside yourself that you have something to celebrate every day. But Russians have burned out this feeling inside of me,” he says. Instead, the last eight months have given Prytula a new calling. “I feel empowered now only to help the Ukrainian army, to unite people.”

Unity is central to the Prytula Foundation’s crowdfunding initiatives and to his vision for Ukraine’s future. The foundation has raised tens of millions of dollars since February 24 for military supplies alone, mostly in private donations. Funds have come in from Ukraine, Europe, and North America, often from Ukrainian diaspora communities.

The foundation is hoping to encourage more donations from Europeans by making a cost-saving argument. “Every dollar donated to the Armed Forces of Ukraine through the Serhiy Prytula Foundation saves ten dollars that would be spent on supporting Ukrainian refugees in Europe,” Prytula explains.

He believes this is a timely message and notes that donations have slowed in recent months. This could spell trouble for both Europe and Ukraine, warns Prytula. “The Ukrainian economy is in bad shape. Many people in Ukraine lost their jobs. That’s why we really need help with military aid and money, otherwise we could have millions more Ukrainian refugees.”

Prytula acknowledges that there will be huge issues to address at home once Russia’s invasion of Ukraine finally ends. Eventually he would like the millions of Ukrainians currently seeking safety abroad to return and help rebuild their country. Reconstruction itself will be a significant challenge, but Prytula has another task in mind for his compatriots. “I will be happy when our society develops new skills and learns to think more critically. I want Ukrainians to change the way they think, because we have paid a big price for our old way of thinking.”

Ukraine renewed many of its institutions and strengthened its sense of national identity in the years following the 2014 Revolution of Dignity. Many believe Russia’s 2022 invasion will serve as a catalyst for further societal development. Prytula hopes to be part of this process.

We ask Prytula if there’s anything else he thinks Western audiences should know about his work or about Ukraine. His press secretary chimes in off camera before he can answer. Prytula laughs, nods, and turns to us to translate. “Tell them that when we unite, we are invincible.”

Andrew D’Anieri is an assistant director at the Atlantic Council’s Eurasia Center. He tweets @andrew_danieri. Oleksii Antoniuk is a third-year student at Yale University, born and raised in Ukraine. Find him on Twitter at @OleksiiAntoniuk.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.

Follow us on social media
and support our work

The post Meet the Ukrainian TV star fundraising millions for the country’s war effort appeared first on Atlantic Council.

]]>
Eftimiades quoted in South China Morning Post regarding the conviction of a Chinese spy https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-quoted-regarding-chinese-spy-conviction/ Mon, 03 Oct 2022 19:35:12 +0000 https://www.atlanticcouncil.org/?p=572403 South China Morning Post quotes Nicholas Eftimiades regarding the conviction of a US Army Reservist as a Chinses "illegal agent."

The post Eftimiades quoted in South China Morning Post regarding the conviction of a Chinese spy appeared first on Atlantic Council.

]]>

On September 27, Nicholas Eftimiades was quoted in a South China Morning Post article regarding the conviction of Ji Chaoqun, a US Army reservist, for acting as an “illegal Chinese agent.”

Ji’s case appears to fit a common ‘fish-at-the-bottom-of-the-ocean’ approach China uses in which it approaches ordinary nationals based in foreign countries and works with them for years as their career advances or is nudged in a promising direction by their spymasters

Nicholas Eftimiades

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Eftimiades quoted in South China Morning Post regarding the conviction of a Chinese spy appeared first on Atlantic Council.

]]>
How the US can focus its fight against foreign influence operations https://www.atlanticcouncil.org/content-series/hybrid-warfare-project/how-the-us-can-focus-its-fight-against-foreign-influence-operations/ Fri, 30 Sep 2022 14:25:49 +0000 https://www.atlanticcouncil.org/?p=569552 Understanding exactly what US adversaries plan to do in the information space is vital to building domestic defenses.

The post How the US can focus its fight against foreign influence operations appeared first on Atlantic Council.

]]>
Intelligence is all about decisions: How to allocate limited personnel and technological resources when national security is at stake, and how to convey complex information and resulting assessments to policymakers for awareness and action. The decisions are seemingly endless but are vital to producing the best analysis for key officials on topics that have the greatest impact on national security. 

The United States has a massive intelligence ecosystem that gathers more information on more issues than any other country in the world. The true value of this vast amount of information lies in how it is curated, analyzed, and presented to policymakers. To aid in this vital process, the US government has a guide—the National Intelligence Priorities Framework (NIPF)—to identify intelligence priorities and assist agencies and departments with where to focus their efforts. 

During the Cold War, the NIPF focused on political, economic, and proliferation issues related to the Soviet Union and its allies, from the performance of the Soviet economy to details about new fighter jets being developed by Moscow and deployed to other countries. In a post-September 11 world, the fight against terrorism took center stage, with an emphasis on determining where the next attack against the United States or its allies could come from as well as gleaning the goals of various organizations and locations of their leaders. 

The world is now in another new era, one in which information—and what is viewed as truth—is a central national-security concern. As such, the NIPF needs to include requirements that push analysts to discover how adversaries manipulate the information environment to meet their goals. It should task the Intelligence Community with assessing where, how, and to what extent states and organizations weaponize propaganda, mis- and disinformation, as well as political and social manipulation. While conversations on this issue date back to the mid-1990s, the day-to-day impact of such influence campaigns—combined with the technological capability to spread them quickly—means the United States must finally act.

Tweets, Facebook posts, and YouTube videos are not disparate pieces of content, but rather puzzle pieces that, when combined, reveal to intelligence analysts what their adversaries are working toward. From the actors actually carrying out these influence campaigns across the digital media space to the entities that oversee their strategic implementation, the entire system is akin to a completed piece—one which analysts and policymakers alike need to see in order to fully understand an adversary’s goals and objectives.

Understanding what adversaries plan to do in the short (one-year) and medium (three-year) term is vital to building domestic defenses. That’s why the following questions should serve as a starting point for developing new NIPF requirements: 

  • What are the strategic goals of an adversary’s use of influence campaigns? 
  • Who are the targets of influence campaigns, and why were they chosen? 
  • What are the objectives of influence campaigns against the United States and its allies, and are there any specific timelines?
  • Who is responsible for crafting each adversary’s influence strategy? 
  • What fiscal allocation is provided to those programs? 
  • What government and non-government ministries, offices, or groups are responsible for conducting influence operations? How and why are they selected?
  • How are influence activities validated, measured, and evaluated? 
  • What training is provided to tactical- and operational-level influence staff? 
  • What tactics are used in influence campaigns? How are they selected based on target audiences? 

Though by no means comprehensive, these basic influence-related requirements in the NIPF can compel the Intelligence Community to allocate resources toward building out a more robust understanding of how adversaries approach influence campaigns and exactly who is calling the shots. Understanding how influence is being used against the United States and its allies could also help the government better position all its agencies—from the State and Commerce departments to members of the Intelligence Community—to build offensive influence campaigns that persuade key audiences of Washington’s own goals and objectives. 

Servicing NIPF priorities is no longer exclusively the domain of human-intelligence collectors at the Central Intelligence Agency (CIA) and Department of Defense, the signals-intelligence collectors at the National Security Administration, and counterintelligence agents at the Federal Bureau of Investigation. Open Source Enterprise and similar US government organizations can use their open-source intelligence (OSINT) resources—both human and technology-based—to support the effort. Because foreign-influence operations often play out in the public domain, they can usually be identified, traced, and evaluated to determine their effectiveness against the targeted audience. Experts can piece together the goals and objectives of a specific campaign through OSINT, saving scarce resources such as a CIA operations officer’s time for higher-level collection on those who are actually conceiving, managing, and implementing influence campaigns.

Currently, the US government does not have a lead organization to manage offensive or defensive influence activities. As the Department of Homeland Security recently found, how a government entity frames intelligence-gathering on adversarial actions against US and allied audiences is politically fraught. Americans are culturally sensitive to any suggestion that the government could manipulate their views on issues or their access to information—from traditional news to social media content. A recent effort to establish a government office that works to limit Americans’ exposure to mis- and disinformation was viewed across the political spectrum as untenable and inappropriate. 

But that does not mean the task is unnecessary or in violation of American civil liberties. Establishing a multi-agency task force of experts could be a viable first step: It would act as a manager tasking intelligence collection to better understand foreign influence operations; as a consumer of the newly gathered intelligence; and as an analyst producing formal reports for policymakers, as well as educational pieces for the US public to understand what it is seeing and hearing in the media, within social movements, and across politics. The goal would be to understand the “how” and “why” of foreign-influence campaigns and identify offensive campaigns in response that could advance US foreign-policy goals.

Difficult decisions need to be made around what is and is not included in the NIPF. Although there are only so many resources available to collect and analyze intelligence, prioritizing foreign-influence activities is vital. The information space is now at least as important—if not more so—than what happens on the physical battlefield.


Jennifer Counter is a nonresident senior fellow in the Forward Defense practice of the Atlantic Councils Scowcroft Center for Strategy and Security.

The post How the US can focus its fight against foreign influence operations appeared first on Atlantic Council.

]]>
The role of electronic warfare, cyber, and space capabilities in the air littoral https://www.atlanticcouncil.org/content-series/airpower-after-ukraine/airpower-after-ukraine-taking-todays-lessons-to-tomorrows-war/ Tue, 30 Aug 2022 13:00:00 +0000 https://www.atlanticcouncil.org/?p=555654 Electronic warfare, cyber, and space operations are critical to successful information operations in the air littoral fight.

The post The role of electronic warfare, cyber, and space capabilities in the air littoral appeared first on Atlantic Council.

]]>
Air Force Colonel Gene Cirillo once said, “the US Army will never control the ground under the sky, if the US Air Force does not control the sky over the ground.” The Russia-Ukraine conflict shows that such control may no longer be possible. Months into the conflict, both sides continue to throw drones, loitering munitions (munitions that loiter around a target area then strike), and missiles into the sky to no avail. This contest between offensive weapons and countermeasures has given rise to a new focus on the air littoral, the airspace between ground forces and high-altitude fighters and bombers. The air littoral has been critical in the war as a space for conducting strikes, collecting intelligence to guide artillery strikes, and collecting and disseminating propaganda.

In contesting and realizing the larger effects of the air littoral, information warfare plays a critical role through attacking and defending command-and-control links, communications channels, the computers controlling air-littoral weapons, and the space-based services the weapons depend upon. According to the Congressional Research Service, “information warfare” has no official definition, but it is essentially “the use and management of information to pursue competitive advantage, including offensive and defensive operations.” For the air-littoral fight, electronic, cyber, and space warfare are critical to successful information operations. A competitor that is able to leverage electronic warfare, cyber, and space will gain an advantage in littoral airspace.

Countermeasures in the air littoral

Electronic warfare (EW): EW—which intercepts, jams, or disrupts signals through use of the electromagnetic spectrum or directed energy—is commonly used to target drones and, to an extent, loitering munitions. Jammers, which comprise 72 percent of counter-drone systems, sever the link between the drone and the operator or the global positioning system (GPS) signals that the drone relies on for navigation. Numerous other countermeasures fall under the broad definition of information warfare, including spoofing and dazzling, as well as employing lasers and high-powered microwaves. Microwave weapons like the US Air Force’s THOR hold particular promise: Aside from being low cost-per-shot, they also have the ability to hit many targets at once by emitting microwave radiation over a wide area. This capability should make them effective at countering future drone swarms. Likewise, Russia claims to have fielded a new laser weapon for downing drones, which offers the same low cost-per-shot ability. Although it is far from clear that jamming missiles is likely to have a big effect, missiles depend on a sensor-shooter relationship, which is vulnerable to jamming. Decoys could deceive those sensors, jammers might sever communication links between sensors and shooters, and artificial intelligence (AI)-created deepfakes could encourage missiles to fire on empty fields.

Cyberattacks: Drones and loitering munitions are essentially flying computers, thus they are vulnerable to cyberattacks. Such attacks could break links from controller and platform, code might be altered to cause screwups, or nefarious code could be injected to cause friendly drones to blow up friendly units or allow an adversary to control the drone entirely. The fact that Ukraine and Russia employ commercial drones make such attacks easier to implement because both sides can acquire their own versions of the commercial drone and analyze the code in flight controllers, motor controllers, and other critical systems for weaknesses. Moreover, cyberattacks on missiles are difficult but not impossible to achieve. Such attacks can target missile designs, alter software and hardware, or damage command-and-control systems.

Of course, whether (and how) cyberattacks can be launched on drones and loitering munitions during an active war is an open question. Finding an exploitable vulnerability in highly complex, well-guarded weapons code can be time-consuming; fifth-generation aircraft can have millions of lines of code. Likewise, launching an attack requires various support activities, such as identifying and developing mechanisms to exploit vulnerabilities, building specialized malware, and providing operational management and command and control during the attack. All this incurs opportunity costs: If an adversary’s systems can be manipulated, disrupted, or just blown up, why bother with cyberattacks when conventional attacks can be executed much faster? Plus, what if defenders have strong allies helping them to guard cyberspace?

Space warfare: Satellites provide air-littoral weapons with position, navigation, and timing support, as well as longer-range command and control. Drones and loitering munitions often depend on GPS coordinates for navigation and strike. Jamming GPS signals could prevent accurate targeting, while spoofing GPS signals might cause the weapons to blow up in an empty field. A clever adversary could spoof a GPS signal so that a friendly military base is at a target location’s GPS coordinates. Missiles’ GPS links could also be spoofed or jammed, but doing so is tough. Missiles also have other, non-GPS-based guidance systems, thus the end result is mostly degrading accuracy—relevant to precise, single strikes, but not necessarily applicable to hitting large targets such as airfields or concentrated forces. More broadly, attacks on satellite systems providing communication and navigation links could inhibit air-littoral munitions over a broad area along with any other space-dependent systems.

Drone developments in response

Drone and loitering-munitions technology is evolving, too, shifting—but not eliminating—information vulnerabilities. Drones are becoming increasingly autonomous. The TB2, for example, can take off, cruise, and land without human control. Likewise, Russia is seemingly using the Lancet-3 loitering munition in Ukraine, which is reportedly capable of autonomous target selection and engagement. If these systems do not require human input or GPS, then jammers are far less effective. Still, jammers are not necessarily irrelevant: new, jammable communications might be needed as drones integrate into larger swarms. Likewise, increased autonomy could create new information vulnerabilities: AI systems can be tricked, AI training data poisoned, and more complex computer systems mean more opportunities to cause harm and potentially new points of entry for a cyberattack (a larger digital “attack surface”). Plus, if autonomous features in the weapon system rely on GPS signals, the system is more vulnerable to GPS jamming or spoofing, as well as to cyber or physical attacks on GPS infrastructures.

The evolution of drones, loitering munitions, and countermeasures will affect the tactics and strategies needed to contest enemies in the air littoral. Jammers are often small, handheld devices, allowing them to be shared and used broadly by even dismounted infantry in austere terrain. In contrast, microwaves and laser weapons are often relatively big, bulky, and vehicle-mounted. Finding, fixing, and engaging such a vehicle is probably much easier than finding, fixing, and engaging a large number of small, dispersed soldiers. Plus, the vehicles are likely much more expensive than a handheld system; thus there will most likely be fewer of them, allowing the systems to be more readily tracked and either avoided or defeated. This dimension plays into how to fight in the air littoral: Should countermeasures be targeted and destroyed, or should countermeasures be monitored and avoided?

Readying the force

The biggest takeaway for the United States and allied nations is the need to integrate information warfare, air-littoral capabilities, and capabilities on both sides of the littoral (ground and air; or surface and air) to achieve the desired effects. Achieving this requires information sharing; mutual understanding about what each component can and cannot do; as well as established processes or methods for integration, training, and exercises to practice, and doctrine to formalize best practices and concepts. Formal efforts, such as a new NATO Centre of Excellence on the air littoral could explore these issues in greater detail. The United States and its allies should also launch a formal effort, such as a congressional commission, on information warfare. Such a commission could look broadly across the military services and the broad national community to identify and plug information warfare capability, organizational, and policy gaps. For example, the commission could identify opportunities to create new organizations bringing together the elements of information warfare or make big new investments in electronic warfare. New thought is needed to succeed in a new area of competition.

***

Zachary Kallenborn is a Policy Fellow at the Schar School of Policy and Government, a Research Affiliate with the Unconventional Weapons and Technology Division of the National Consortium for the Study of Terrorism and Responses to Terrorism (START), an officially proclaimed US Army “Mad Scientist,” and a national security consultant.

Read more essays in the series

Airpower after Ukraine: The future of air warfare

Airpower experts and practitioners examine interim lessons from the war in Ukraine and consider applications for twenty-first century air and space forces.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post The role of electronic warfare, cyber, and space capabilities in the air littoral appeared first on Atlantic Council.

]]>
Commercial satellites are on the front lines of war today. Here’s what this means for the future of warfare. https://www.atlanticcouncil.org/content-series/airpower-after-ukraine/commercial-satellites-are-on-the-front-lines-of-war-today-heres-what-this-means-for-the-future-of-warfare/ Tue, 30 Aug 2022 13:00:00 +0000 https://www.atlanticcouncil.org/?p=555718 Commercial space companies are enabling critical warfighting functions in Ukraine and will continue to provide a lifeline in future conflict scenarios.

The post Commercial satellites are on the front lines of war today. Here’s what this means for the future of warfare. appeared first on Atlantic Council.

]]>
While the first Gulf War is often characterized as the first space war, the ongoing war in Ukraine may be remembered as “the first commercial imagery conflict.” Commercial space companies are delivering critical capabilities to Ukrainian soldiers and civilians alike, demonstrating that commercial and dual-use satellites can help bolster a country’s national security.

These companies are sharing visuals that only governments were privy to just years ago and, since the war erupted in Ukraine, US and allied governments have doubled down on their purchase of commercial low-Earth orbit (LEO) imagery. Today’s satellites capture details as small as road markers or the quality of muddy terrain (which impacts military planning). Just as air power theorists recognized the value of air weapons following World War I, experts today are realizing the unrivaled advantage offered by commercial satellites. For these reasons, space companies may be viewed as legitimate targets in future wars.

SpaceX’s satellite Internet constellation, Starlink, has proved to be an especially formidable opponent for Moscow, due to both its unprecedented speed of deployment and its continued resilience against attack. A few days after Russia invaded Ukraine, the Ukrainian vice prime minister, Yulia Svyrydenko, used Twitter to urge SpaceX founder Elon Musk to supply satellite Internet to Ukraine. Within hours, Musk tweeted back, “Starlink service is now active in Ukraine. More terminals en route.” Now, eleven thousand Starlink stations are keeping over one-hundred fifty thousand Ukrainians connected to their country and the outside world daily.

Satellites in combat

Satellites support crucially important military operations. The Turkish Bayraktar TB2S, an unmanned aerial vehicle (UAV) critical to denying Russian air superiority, relies on space-to-ground communications to operate in a larger range. The Starlink constellation is especially critical to Ukraine’s ability to execute attacks in geographic areas lacking sufficient infrastructure or Internet connection. Ukrainian drones successfully strike enemy forces, troops send encrypted messages back and forth, and soldiers remain connected to their loved ones with help from Starlink.

Meanwhile, Russia began targeting commercial space companies in the earliest phases of war. When Russia invaded Ukraine, it hacked the US satellite company Viasat, a communications provider for the Ukrainian military, degrading Ukraine’s ability to act on space intelligence. Throughout the war, Moscow has focused its efforts on jamming and degrading critical UAVs and small satellites to conceal its own troop movements. Early in the war, one US company discovered that UAVs in the Luhansk and Donetsk regions of Ukraine were experiencing global positioning system (GPS) jamming by the Russians. However, commercial satellite constellations are quickly adaptable—as was seen when Starlink demonstrated a new software update to lower energy consumption and thus bypass jamming transmitters amid Russian non-kinetic attacks. Commercial satellites bolster US and allied airpower: their agility, coupled with the fact that special overflight permissions do not apply to LEO, means that military officials can rely on satellites for intelligence and situational awareness.

Eyes in the skies

Commercial satellites are also players in the public sphere, denying Moscow’s attempts to alienate Ukraine from the rest of the world. Satellite imagery of bases in ruins, bombed bridges, and the aftermath of missile attacks provide a snapshot of war to a global audience and expose Russian falsehoods and atrocities. Such images can influence public opinion and thus foreign policy—as was seen when commercial imagery uncovered Chinese missile silos last year and North Korean missile facilities in 2019. Additionally, satellites allow Ukrainians to tell their own story. US officials gave Ukrainian President Volodymyr Zelensky a satellite phone to stay connected, and he uses Starlink to give speeches that are accessible worldwide. Satellite Internet allows Ukrainians to communicate with one another and with the outside world, winning a victory against Russia in the information domain.

Don’t shoot the messenger

Commercial satellites have been critical to Ukrainian military and civilian communications throughout the war thus far, and they will probably be targeted on the future battlefield. The United States and its allies and partners must consider the extent to which commercial space may become under threat, as well as the role of governments and militaries in protecting it.

First, as launch costs decrease, the democratization of space means that more nations—both friends and foes—are joining in orbit. Although the sharing of satellite imagery has advanced US and allied interests during the war in Ukraine, this might not be the case with every actor or scenario in the future. US and allied militaries need to consider how much intelligence should be shared in open-source environments and set appropriate standards for commercial space actors—especially pertaining to US companies sharing information with foreign governments.

Second, small-satellite constellations are resilient against anti-satellite (ASAT) weapons: the whole is greater than the sum of its parts, with each individual satellite being less powerful on its own and thus a less-worthy target. Adversaries are adapting their own models in response. While Russia and others have kinetic counterspace capabilities (as was demonstrated by Russia’s ASAT testing last November), non-kinetic counterspace measures (e.g., jamming, electronic warfare, and cyberattacks) are likely to cause the most chaos. Moreover, kinetic ASATs generate space debris, which poses a threat to the sustainability of all LEO operations. Because many nations—including Russia—rely on LEO for national security imperatives, kinetic attacks are mutually destructive and therefore less likely to be undertaken. Currently, there is no clear process for reporting or responding to an anti-satellite attack.

As adversarial targeting of commercial and dual-use satellites becomes commonplace, US and allied militaries need to establish their roles in protecting—and responding to attacks on—commercial space assets. Some officials have recommended that the United States produce a “comprehensive, national space power vision,” articulating the industrial outputs required to maintain the US and allied military edge in space. Although this is a step in the right direction, such a strategy must acknowledge the barriers to public-private space cooperation and consider the ways in which militaries will safeguard commercial satellites with military applications.

Commercial satellites will continue to act as enablers for the warfighter, and US and allied space companies require protection from adversarial attacks. Although Russia’s unsophisticated fleet of satellites poses little challenge today, China’s more advanced and growing counterspace arsenal will prove a threat to the United States’ and allies’ use of space tomorrow. If commercial space remains defenseless, the United States and its allies will have to prepare to fight blindly in future wars.

***

Julia Siegel is an assistant director in the Forward Defense practice of the Atlantic Council’s Scowcroft Center for Strategy and Security.

Read more essays in the series

Airpower after Ukraine: The future of air warfare

Airpower experts and practitioners examine interim lessons from the war in Ukraine and consider applications for twenty-first century air and space forces.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Commercial satellites are on the front lines of war today. Here’s what this means for the future of warfare. appeared first on Atlantic Council.

]]>
Early lessons from the Russia-Ukraine war as a space conflict https://www.atlanticcouncil.org/content-series/airpower-after-ukraine/early-lessons-from-the-russia-ukraine-war-as-a-space-conflict/ Tue, 30 Aug 2022 13:00:00 +0000 https://www.atlanticcouncil.org/?p=555878 The Russia-Ukraine war may be remembered as the first two-sided space war, offering four preliminary lessons for future conflicts.

The post Early lessons from the Russia-Ukraine war as a space conflict appeared first on Atlantic Council.

]]>
The 1991 Persian Gulf War is often called “the first space war” owing to the American military’s use of global positioning systems and other space-based technologies—the first of several US conflicts against opponents with no space capabilities. Three decades later, the Russia–Ukraine war is perhaps the first two-sided space war.

As a potential harbinger of the future, Russia’s war in Ukraine offers four preliminary lessons for political and military leaders. First, despite having no indigenous space capability, Ukraine has made effective battlefield use of space-based communications and intelligence, surveillance, reconnaissance (ISR) assets from US and European commercial providers. Second, for all the attention on kinetic anti-satellite (ASAT) weapons, Russian counterspace attacks have been limited to the cyber domain—achieving some success and causing collateral damage in NATO countries. Third, commercial space will only grow in importance in conflicts, while policy makers in Western countries have yet to make clear when and how they would protect commercial assets. Last, Russia is gaining surprisingly little advantage from its space capabilities, reflecting the long-term weaknesses of the Russian space industry—weaknesses not shared by China, however.

Combatants can conduct space-enabled operations without owning space assets

In 2022, Ukraine had no national space capability. Nevertheless, space systems, in the form of third-party commercial and government assets, have played an important role in the Ukrainian war effort. The Ukrainian military makes extensive use of commercial satellite communications, in particular satellite links share data for its networked artillery system (GIS Arta, sometimes called “Uber for Artillery,” is an android app that collects target information from drones, US and NATO intelligence feeds, and conventional forward observers, then distributes orders to fire among multiple artillery units to make counterbattery fire more difficult.). Ukraine obtains high-resolution imagery from Western commercial firms, including synthetic-aperture radar that can “see” at night and through clouds. Specifics on Ukraine’s military use of commercial images are scarce, but the available resolution and timeliness of such images should make them tactically valuable. Commercial imagery can show individual military vehicles, and constellations of multiple satellites can image any target every few hours. This capability provides enough information to enable warfighters to attack fixed targets, or to cue assets such as unmanned aerial vehicles to the vicinity of mobile targets. The United States is also reportedly sharing imagery or signals intelligence from classified collection satellites.

The war in Ukraine demonstrates that what matters is having access to the products of space systems, not owning the satellites. With the explosion in commercial communications and imaging services, many combatants will have such products. Access will not be universal, however. Western companies are far in the lead in their capabilities and are subject to formal and informal limits on the customers to whom they sell data. Iran or North Korea could not buy the level of space-based services that Ukraine has at any price. Western governments should see this as a comparative advantage in supporting partners relative to what Russia or China can provide to their clients. Facilitating commercial access, supplying funding, and offering training in the use of commercial space products (or sharing classified products) can affect battlefield performance in a tangible way; moreover, such efforts are relatively low cost and perhaps less visibly provocative than weapons shipments.

Counterspace operations are more likely to be cyber or electronic than kinetic

In November 2021, Russia tested its Nudol kinetic ASAT weapon and created a cloud of orbital debris that threatened astronauts and satellites of many nations. Whether or not that demonstration was meant as a warning to NATO regarding Ukraine, there are no reports of physical space attacks being attempted. Russian cyberattacks, however, have succeeded. On the first day of the conflict, a Russian operation used destructive malware to disable tens of thousands of user terminals of ViaSat, a US-based commercial network, requiring factory repair of the devices before they could function again. The Ukrainian military was a heavy ViaSat user and the obvious target. Following that attack, SpaceX collaborated with Ukraine to deploy Starlink terminals. SpaceX leaders report that Russia has also attacked their service, so far unsuccessfully.

Space experts had assessed that cyber and electronic jamming would be more likely than physical space attacks, for several reasons. Cyberattacks do not create debris, they are less expensive than building interceptor missiles, offer deniability, and are probably less likely to spur armed retaliation. Developments in Ukraine also demonstrate the value of redundancy against ASAT attacks, that is, relying on large numbers of individually expendable satellites instead of a handful of large satellites. Starlink has twenty-five hundred satellites in service—too many for Russia to shoot down with its few, expensive interceptors. Communications and remote sensing services will continue to shift toward these so-called “mega-constellations.” The success of Russia’s attack on ViaSat, however, shows that an invulnerable satellite fleet is irrelevant if cyberattacks can impair its ground-based control systems and user access.

Commercial firms as important actors—and targets?

The Russia-Ukraine war highlights the explosive growth of the commercial space sector. Although the US military has long leased bandwidth on commercial satellites, the integration of Starlink at the battlefield level and the tactical use of commercial remote sensing is groundbreaking. Unsurprisingly, Russia says the satellites of companies working directly with the Ukrainian military are legitimate military targets—and the Russians are probably correct under international law. The international community accepts the established principle that third parties directly and knowingly contributing to a combatant’s war effort can be attacked, within the limits of proportionality and when causing minimal collateral damage. Recent articles in Chinese military newspapers suggested the Chinese also believe Starlink could be valid target in a future conflict.

It is unclear how the United States and its allies would respond to attacks on commercial space systems, whether by physical or cyber means. Russia’s successful ViaSat attack caused significant property damage to civilians in NATO nations, requiring tens of thousands of terminals to be replaced and causing disruptions, such as knocking thousands of wind turbines off the European electric grid for days. Satellite operators have been asking governments for more assistance in securing their systems and for more clarity about what governments will do to protect them; the current lack of clarity risks causing miscalculation by adversaries.

Evaluating Russian space capabilities (and lessons about China?)

Despite the long history of Soviet and Russian spaceflight, it is not obvious that the Russian military has benefited more from space than the Ukrainian side. Russian command-and-control difficulties, the absence of an apparent ISR advantage, and surprisingly large errors from Russian precision munitions (presumably GLONASS-guided), all hint at less effective employment of space systems than that of the United States or its more capable allies. This is not entirely surprising, however. Russian military communications and surveillance satellites lag far behind those of the United States in numbers and technology–Russia may only have two operational military imaging satellites. Technology sanctions imposed in 2014 set back the development of Russian space capabilities. Some Russian munitions may have been built with chips pulled from consumer appliances, but there is no alternative source for the unique radiation-hardened chips needed in satellites. Strict technology sanctions and the likely decline in Russian government revenues make it doubtful that Russia can close the space gap.

In the future, China would most likely be a more adept military space power than Russia. Beijing has launched dozens of military ISR satellites in the last five years. China has an emerging commercial space sector, and, unlike Russia, it has a sophisticated domestic electronics industry that can supply components for advanced military satellites. Russia might still lead China in ASAT missiles and a few other areas, but in most respects Chinese military space capabilities have surpassed those of Russia in quantity and technology. How the Chinese military fares at exploiting and integrating space capabilities in a real conflict remains to be seen.

Policy recommendations

Several implications flow from these observations:

  1. Space-based information services are a key enabler that the United States and its allies can provide to partner nations, especially “middle powers” with some technical proficiency (as opposed to less developed militaries, as in Afghanistan or Iraq).
  2. Redundant mega-constellations offset adversaries’ kinetic ASAT weapons, but cybersecurity at all levels must be a critical design and operational focus of space systems.
  3. The US commercial space sector is a strategic asset, but the United States and its allies need to develop clear policies for protecting commercial systems, whether through defense or deterrence.
  4. Although China has long been seen as “behind” Russia in space, that view is outdated. US military planners should assume China will likely make more effective use of space capabilities in a future conflict than Russia has in Ukraine.

***

David T. Burbach is an Associate Professor of National Security Affairs, US Naval War College. The ideas expressed in this essay are the author’s personal views and do not represent those of the Naval War College or the US government.

Read more essays in the series

Airpower after Ukraine: The future of air warfare

Airpower experts and practitioners examine interim lessons from the war in Ukraine and consider applications for twenty-first century air and space forces.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Early lessons from the Russia-Ukraine war as a space conflict appeared first on Atlantic Council.

]]>
AirLand redux? Early lessons from Ukraine https://www.atlanticcouncil.org/content-series/airpower-after-ukraine/airland-redux-early-lessons-from-ukraine/ Tue, 30 Aug 2022 13:00:00 +0000 https://www.atlanticcouncil.org/?p=555938 Ukraine is exploiting the seam between airpower and land-domain assets, hinting that the friction of war at the airland seam is growing.

The post AirLand redux? Early lessons from Ukraine appeared first on Atlantic Council.

]]>
The war in Ukraine signals a return, with a vengeance, of the hider-finder game of air warfare, both for airspace superiority and to exploit the air for battlespace effects. Against what appeared at the onset to be a resurgent great power seeking to overwhelm a significantly weaker neighbor, Ukraine has relied on airpower, modern system tactics and training, and passion to at least level the playing field against the Russian onslaught to enable them to readily evade (‘hide’) from conventional force attacks and Russian air defense sensors while more efficiently finding conventional military targets. Though the war is far from over, it has already yielded numerous lessons that airpower advocates and joint-minded leaders should apply to other conflicts. Counter-land drone tactics and greater reliance on coordinated fires from multiple domains suggest that significant challenges are ahead for military operations. Long-simmering US doctrinal feuds that the US military has largely sidelined during the war on terrorism need to be directly addressed now in order to anticipate the future battlespace.

Drone paths diverge

The US Air Force’s precision-targeting model posits that airpower is a game-changer in war because it can bypass fielded forces and directly attack an adversary’s “vital centers,” in some cases by “cutting off the head of the snake” through targeting an enemy’s leadership. US drone operations have been guided by this model of targeting, as medium-altitude, long-endurance drones with precision munitions and reachback intelligence have provided a capability almost uniquely suited to the US military and its strategy in the war on terrorism.

Other states have attempted to emulate this model, in most cases with untested results outside US coalition efforts. In Iraq, the US military’s attempt to build a drone fleet capable of taking over coalition intelligence, surveillance, and reconnaissance missions ended largely in failure. International regimes such as the Missile Technology Control Regime have historically limited the capabilities that the United States could apply to the war in Iraq, and what could be transferred could never be used effectively. Though early fears of drone diffusion focused on the US model becoming widespread and human targeting becoming more normalized, in practice few nations have adopted the US model for strategic airpower. Instead, most nations practice a more operational-level air-support-to-land operations model, for which a wholly different construct of drone warfare is emerging.

Drones in Ukraine exemplify this second model of air support to ground operations as a deep fight strike asset targeting tank columns, troop formations, and other military assets beyond the reach and visual range of ground forces. This builds on lessons learned from the 2020 Nagorno-Karabakh conflict, where the TB2 and other systems significantly shifted the balance of power in what had, to that point, been an indecisive conflict played out in several acts. Today these drones are increasingly backed by networked systems for resilience and battlefield capabilities, but their targets remain traditional military targets (equipment and formations) rather than precise leadership targets requiring an elaborate find-fix-finish engagement process.

The hider-finder game accelerates

Drones, loitering munitions, and long-range rocket-propelled artillery have proven invaluable in aiding the Ukrainian military in prosecuting the war against the vastly larger Russian military. Ukraine is effectively exploiting the seam between traditional “fast-mover” manned airpower and land-domain assets—slower, lower-altitude and short-range air assets such as helicopters. These weapons are potent operational force multipliers for modern militaries, and even for adaptive small units, from conventional military forces to terrorist entities. This seam is most likely a fleeting opportunity, as Russian counter-unmanned aerial system (UAS) capabilities have expanded and degraded the effectiveness of Ukrainian drones during the conflict.

Innovation, and war, begets counter innovation. This pattern has dominated air warfare from its inception. The bomber will always get through, until it is thwarted by radar and surface-to-air missiles. Stealth beats radar, so concealment and dispersal of targets, increased standoff missile ranges, and exploration of future counter stealth detection offsets fifth-generation advantages. Contrary to some early claims, Ukraine and other recent conflicts continue to demonstrate that the revolutionary potential of many of these technologies has been exaggerated. Rather than a situation where airpower dominates the deep fight, the friction of war at the airland seam has grown, even though the seam itself may be disappearing with new technology.

The fire support coordination line (FSCL) gets blurrier

For much of the Cold War and through the 1991 Gulf War, US soldiers and airmen faced sharp divisions over the meaning and interpretation of the FSCL. For airmen it was a demarcation line dividing areas of operations (AO) between air force targeting and army artillery targeting. The air component-controlled air interdiction and strategic attack, the land component controlled close air support, and the FSCL was the planning line that divided the air and land. For soldiers it merely represented the range of artillery and the limit of their internal fires deconfliction.

To a degree, the US Air Force and Army overcame doctrinal disagreements in the 1990s, with the Army recognizing that “deep battle” is not simply support for the close fight and the Air Force increasing its focus on air interdiction, but soldiers and airmen still retain different attitudes about this doctrinal shift. Many airmen saw the Army yielding to the Air Force vision in the 1990s, with the Air Force solely conceding the line did not explicitly serve as an AO boundary, but rather a measure to “facilitate the expeditious engagement of targets of opportunity beyond the coordinating measure.” A truce between the Army and Air Force over this issue has lasted largely because US operations since 1991 have largely occurred where only a close fight dynamic was required for counterinsurgency, leaving the Joint Task Force’s fire control element to manage virtually all targeting.

This works in conflicts largely without an FSCL, but in future fights the Air Force’s desire to be the central coordinating agent for the deep fight may reignite the 1990s’ debates. Even in the early transition to large-scale land occupation of Afghanistan in 2002, sharp divisions between the air and land components of the US military over planning and execution were abundant. The growth of multiservice drones, missiles, and rocket-propelled artillery, the historic pressure of ground commanders to extend the FSCL, and Air Force leaders’ contention that they can more efficiently and more economically execute long-range precision-strike missions than other components of the US military, are likely to pose challenges to future operations. A new force-employment model for the deep fight, beyond basic coordination measures between air and land/maritime components—one that accounts for drones, missiles, and rockets that fall in the seam of classic airland operations—should be a priority for Joint Doctrine moving forward.

Recommendations

The US Air Force prides itself in the knowledge that no US soldier has been lost to an enemy air attack since April 15, 1953. But in the era of small, low-altitude drones and increasingly potent standoff missiles and rockets, how relevant might that fact be in the future, and who ultimately bears responsibility for protecting ground forces from such threats? If the war in Ukraine thus far teaches anything, it is that the basic Cold War idea of AirLand Battle was largely correct—an integrated airland, modern system army could thwart a significantly larger nonmodern system for a period of time and set the terms of battle, dramatically slowing the advance and creating a window for reinforcement. The change since the 1980s is primarily the growth of long-range-fires capabilities, as well as the diminished signatures and support infrastructure required for longer-range missiles and tactical aircraft.

The US military and its allies must reimagine their deep-fight capabilities. The US Army today controls surface-to-air missiles, drones below group-five classification—similar in size and capability to the MQ-1 Predator or larger—and long-range fires. The Navy provides similar extended capabilities for the maritime environment. In future combat, the FSCL may well be a thing of the past, replaced by long-range fires and the Joint Fires Cell owning the targeting mission with the Air Operations Center wholly in a supporting air-management role. Embedded airmen training and operating regularly in these forces must be incentivized for airspace control and other related fields. New constructs for battle management moving away from service culture-specific dogmas must guide the planning, acquisitions, and joint doctrine development process. The alternative might be either making the US Army Air Corps great again with a combined anti-aircraft, combat aviation, and drone force under one unified command for the deep battle, or worse—the prospect adversaries will exploit the airland seam and end the US dominance of the close-air fight.

***

Michael P. Kreuzer is the Chair of the Department of International Security at the USAF Air Command and Staff College and a career US Air Force officer. He holds a PhD in Public and International Affairs from Princeton University. All views and opinions are his own and do not represent the US Department of Defense or the US Air Force.

Read more essays in the series

Airpower after Ukraine: The future of air warfare

Airpower experts and practitioners examine interim lessons from the war in Ukraine and consider applications for twenty-first century air and space forces.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post AirLand redux? Early lessons from Ukraine appeared first on Atlantic Council.

]]>
OSINT’s influence on the Russian air campaign in Ukraine and the implications for future Western deployments https://www.atlanticcouncil.org/content-series/airpower-after-ukraine/osints-influence-on-the-russian-air-campaign-in-ukraine-and-the-implications-for-future-western-deployments/ Tue, 30 Aug 2022 13:00:00 +0000 https://www.atlanticcouncil.org/?p=557693 Open-source intelligence has strategic benefits, but it also raises concerns for military decisionmakers.

The post OSINT’s influence on the Russian air campaign in Ukraine and the implications for future Western deployments appeared first on Atlantic Council.

]]>
On February 24, the day that Russia invaded Ukraine, Twitter user OSINTtechnical tweeted forty-eight times, highlighting battle damage assessments of Russian aircraft, confirming explosions at Melitopol airbase, and showing US B-52 and UK Typhoon air tracks over Poland. OSINTtechnical, like many others on Twitter, has provided live, detailed battlefield updates. From the comfort of an unclassified laptop, these citizen journalists have increasingly organized into online communities which, as coined by Bellingcat founder Eliot Higgins, are known as “public intelligence agenc[ies] for the people.” These amorphous, yet powerful public-run organizations have reported on Russian air activity with a level of detail and analysis traditionally reserved for state intelligence agencies. Indeed, governments recognize this and are increasingly turning to such organizations for support.

Though this diffusion of intelligence capabilities has strategic benefits—highlighting Russian atrocities and countering disinformation, for example—this new paradigm in public intelligence analysis also raises concerns. Increased battlefield transparency can motivate combatants to behave ethically, but it can also unintentionally lead to reduced military effectiveness, stemming from constraints on decision making and a resultant narrowing of strategic options.

The open-source intelligence revolution

Open-source intelligence (OSINT) has always been an essential element in understanding adversary action, though state agencies have traditionally regarded it as secondary to the efficacy of highly classified sources. From the creation of the Foreign Broadcasting Monitoring Service (FBMS) in 1941 to the National Open Source Enterprise (NOSE) in 2006, political and military decision makers have recognized that important information is outside the classified realm, and that such information can be used to supplement or confirm classified sources. The democratization of information and technology, however, has begun to provide organizational alternatives to the traditional monopoly that states possessed on intelligence functions. Easy data access, fueled by a cultural appetite to share, either inadvertently or purposefully, has lowered the technical bar to gathering and exploiting information. This newfound dependency on the cyber environment has created digital footprints that can be exploited and turned into intelligence for those with the time and expertise to do so. Wikileaks was one of the first organizations to exploit digitization, exposing the fragility of states to the combination of insider threats, revolutions in data storage, and public accessibility. However, the concept of OSINT has continued to evolve with private citizens, no longer reading stolen reports, but creating their own intelligence upon which journalists, the public, and even governments rely.

Netherlands-based investigative journalist group Bellingcat and London-based research group Forensic Architecture have been at the forefront of this public OSINT revolution since the 2011 Syrian civil war. Alongside organizations such as the Digital Forensic Research Lab, they boast a broad offline and online networked analytical resource base, including experts with a deep understanding of online analytical toolsets, Eliot Higgins and his team at Bellingcat identified Russia’s ‘little green men‘ as the perpetrator of the July 2014 Malaysia Airlines (MH17) crash, revealed the Kremlin’s intelligence operatives responsible for the March 2018 Skripal poisonings in the United Kingdom, and have established many sought-after international workshops teaching OSINT techniques. Bellingcat and its analysts have proven that OSINT, in the hands of the public, has impact commensurate with information collected and analyzed by state-level intelligence agencies. The Russian invasion of Ukraine coincided with these organizations’ rising maturity, experience, and credibility.

The role of OSINT in the Ukraine air war

Since the beginning of the Russia-Ukraine war, analysts such as Rob Lee, have published almost four thousand tweets that include battle damage assessments, Russian weapon videos, and conflict analyses, including an ongoing record of Russian airpower losses. Bulgarian investigative journalist Christov Grozev has also provided an in-depth analysis of disinformation and possible Russian war crimes; in fact, he appeared in front of the US House of Representatives Foreign Affairs Committee to discuss OSINT evidence of these crimes. Lee and Grozev may be working without government resources, but their work is credible and respected, bringing transparency to a conflict built on Russian subterfuge and disinformation. Like many others, they have made it possible for public audiences to examine Russian air operations, assessing their tactics and effectiveness at a level of analytical detail traditionally reserved for well-resourced state intelligence agencies.

One of the most significant and controversial air strikes in the Russia-Ukraine conflict thus far was Russia’s strike on June 27, 2022, targeting the Amstor shopping mall in the Ukrainian city of Kremenchuck and killing at least eighteen people. Although Russia did not deny the mall had been damaged, it claimed the damage was from another airstrike that had targeted ammunition storage facilities nearby. Using open-source CCTV footage, geolocation tools, Sentinel 2 L1C satellite imagery, PLANET Skysat commercial satellite imagery, historic YouTube videos, blog posts from the mall’s retail chain, local social media, and video footage taken by survivors, Bellingcat produced an in-depth report that effectively discredited Russia’s version of events. Bellingcat’s success is just one example of how OSINT can bring transparency to air operations, and of the danger for states who rely on factual ambiguity, or are susceptible to the pressures of external audiences.

The role of OSINT in future air wars

According to former British Foreign Secretary William Hague, OSINT is influencing events in the war, not just reporting them. While the use of OSINT in Ukraine has weakened Russia’s control of the information environment, could public dissemination of OSINT hinder US and allied air forces in future wars? Recognizing that public opinion matters for both Western political and military decision makers is critical in framing the OSINT challenge. As the character of conflict changes, reflecting the wars of choice during the past three decades, so has public expectation concerning jus in bello. Clean conflicts, using increased remote and asymmetric means have created low public tolerance levels for operational errors. Unfortunately, public expectation will be challenged by an OSINT environment capable of bringing high levels of transparency to the battlefield.

In this new information operating environment, the speed, reach and abundance of online information sources may result in Western air forces losing control of the narrative. In turn, this may encourage risk-averse targeting strategies that prioritize civilian or political perceptions over operational effectiveness. The Russian invasion of Ukraine has reinforced that the foci of Western public analysis will be social media and Internet-based rather than sourced from the traditional mainstream press. The uninhibited nature of social media dissemination, alongside the speed and spread of the analysis will mean that the Western military may be severely challenged in controlling the narrative.

The war in Ukraine is a good example of a clash between a state and OSINT over narrative dominance. The Russians lost their narrative control very early in the conflict. OSINT stripped away credibility from the Russian messaging, leaving a nonsensical and hollow information strategy. Although the Western approach to strategic communications differs significantly from Russia’s, it would be hubris to believe that the West is incapable of ill-advised information strategies. The opportunity for Western information warfare campaign to suffer the same fate as Russia certainly exists. In the West, enhanced battlefield transparency could trigger increased public scrutiny, encouraging a risk-averse and limiting targeting strategy. With the potential to link military personnel to specific airstrikes, targeteers and pilots could face increased pressure, with the risk of every error, whether by negligence or chance, being examined in minute detail and publicly dissected. If OSINT enthusiasts and similar actors can uncover and reveal a highly classified GRU hit squad, then the risk of exposure to Western air force personnel remains real and increasingly likely.

Preparing for tomorrow’s air wars in the age of OSINT

Enhanced public scrutiny of future battlefields has a potentially significant benefit in motivating ethical behavior on behalf of military personnel, yet transparency also has operational impact. Air forces need to urgently prepare to operate in this OSINT environment, finding new ways to engage in a contested and fast-moving narrative space while providing robust direction and protection for operational commanders, targeteers, and aircrew who will face new pressures and intense scrutiny in the execution of their roles.

  • First, air forces should exercise and wargame the inevitability that actions may be captured, shared, and analyzed, leading to possible limitations on targeting strategies, including substantial expansions of Restricted and No-Strike Lists.
  • Second, air forces should also examine how they can better protect their operational commanders, aircrew, and targeteers from identification and exposure from public intelligence analysts, balancing a philosophy of openness against the duty to protect.
  • Finally, at the political and military strategic levels, attention should be paid to how foreign governments can exploit public intelligence agencies and their analysts. A Chinese equivalent of a “public intelligence agency” has not appeared thus far, but once adversarial states recognize the power of truth in the public arena, hybrid or state-backed “public” organizations are likely to follow suit. These organizations, established in the idealist model to increase transparency, but with state direction, will blur the civilian-military lines and further intensify the contest within the information environment, albeit transformed into a battle of “truths.”

There is now a new answer to “who watches the watchers?”: anyone, anywhere, at any time.

***

Robin Kemp recently graduated from the US School of Advanced Air and Space Studies, Maxwell AFB, and is now teaching in the Department of International Security at the US Air Command and Staff College. He is currently working toward his PhD, researching how contemporary OSINT capabilities acknowledge military activities. The opinions expressed here are his own and do not reflect the views of the Royal Air Force or the US Air Command and Staff College.

Read more essays in the series

Airpower after Ukraine: The future of air warfare

Airpower experts and practitioners examine interim lessons from the war in Ukraine and consider applications for twenty-first century air and space forces.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post OSINT’s influence on the Russian air campaign in Ukraine and the implications for future Western deployments appeared first on Atlantic Council.

]]>
Ukraine air war examined: A glimpse at the future of air warfare https://www.atlanticcouncil.org/content-series/airpower-after-ukraine/ukraine-air-war-examined-a-glimpse-at-the-future-of-air-warfare/ Tue, 30 Aug 2022 13:00:00 +0000 https://www.atlanticcouncil.org/?p=557889 Six months into the war in Ukraine, defense planners can learn from Ukrainian success and Russian failures in the air domain.

The post Ukraine air war examined: A glimpse at the future of air warfare appeared first on Atlantic Council.

]]>
Early on the morning of February 24, 2022, Russian forces streamed over the Russian and Belorussian border into Ukraine, initiating a large-scale invasion. Predictions in the West were dire; Russian forces could take the Ukrainian capital of Kyiv within days, perhaps forcing a Ukrainian capitulation in less than a week. Those predictions proved wildly off-base. Ukrainian forces fought bravely and effectively; Russia failed to establish air superiority, capture Kyiv, or take any major cities in northern Ukraine; and the Donbas campaign is locked in a virtual stalemate. Despite estimates that Russia would establish air superiority within seventy-two hours, Russian forces have failed to control the skies, and have suffered huge aircraft losses that have hindered their air support for the ground invasion.

This paper will examine the first six months of the air war, focusing on three main areas. First, it will evaluate both Ukrainian success and Russian failures, deriving initial lessons learned from the air campaign. Second, the paper will describe the changing character of air and space warfare—how a democratization of air, space, and intelligence capabilities via commercial and dual-use assets will allow adversaries to contest air and space control. Finally, the paper will provide actionable recommendations for the air and space forces of the United States and its allies and partners, to help ensure they are prepared to dominate air and space campaigns in the future.

Learning lessons from Russian failures and Ukrainian successes

The United States and its allies and partners need to be sure they do not dismiss the Ukraine air war simply as an example of Russian ineptitude, but instead examine Ukrainian successes and Russian tactical improvements over the course of the war and modify their warfighting concepts, doctrine, tactics, and training. Russia deployed an impressive air and air-defense force to the region prior to the invasion, including hundreds of advanced fighters, fighter-bombers, and attack aircraft, as well as modern short-, medium-, and long-range surface-to-air missiles (SAMs). Russia also employed long-range aviation bombers launching cruise missiles, and special mission aircraft designed to provide airborne command and control (C2) and intelligence, surveillance, and reconnaissance (ISR). Ukraine countered this impressive fleet with a small and aging force of fourth-generation fighters, and legacy but capable short- and medium-range SAMs. On paper, Russia held clear quantitative and qualitative advantages over the Ukraine Air Force.

Despite Russia’s clear advantages in both force size and capability, Russian forces failed to establish air superiority for a multitude of reasons. First, their initial strikes on February 24 were largely ineffective in landing an immediate knockout blow. The air and missile strikes were distributed across the country, preventing the concentration of effects, and those effects were not targeted against critical C2 nodes. Consequently, Ukrainian air and air-defense capabilities were not prohibited from conducting defensive operations. Second, Russia’s non-kinetic effects had limited impact and were poorly integrated with the kinetic strikes. Cyberattacks and electronic warfare, including counter-space attacks, were observed in the initial offensive, but their effects were severely limited. Third, Russia’s suppression of enemy air defenses (SEAD) plan was wholly inadequate. Russian air and missile strikes did not effectively target Ukraine’s integrated air-defense system (IADS). They failed to destroy mobile SAMs, and their targeting of Ukrainian military airfields was largely ineffective, as they did not crater runways nor destroy nearly enough combat aircraft on the ground to prevent effective Ukrainian defense. Fourth, Russian forces failed to integrate tactical or battlefield intelligence; they did not appear to know where high-value targets were, including Ukrainian President Volodymyr Zelenskyy, mobile SAMs, critical IADS nodes, and Ukrainian military command posts. Finally, Russia appeared to have no plan for countering Ukrainian uncrewed aerial systems (UASs) and drones, and those systems took a devastating toll on Russian ground forces. The air campaign appeared to have no overarching concept or unifying theme: Russian forces were unable to decapitate Ukrainian leadership, or blind and/or paralyze Ukrainian IADS. As such, Ukrainian air defenses were operating at or near full capability, and they were able to institute huge aircraft losses from the first day of the conflict.

The United States and its coalition partners have proven their ability to execute a devastating air campaign over the last thirty years, and to avoid many of the mistakes Russia has made. There are areas, however, in which the United States can and should learn from Ukraine’s heroic defense and Russia’s historically inept performance. First, the United States needs to put special focus on the finding and destroying of mobile air-defense systems. Ukraine’s mobile SAMs have moved frequently, and Russia has failed to eliminate them from the battlefield, even six months into the conflict. This subset of SEAD, finding and killing mobile SAMs—especially those with advanced, long-range capability—must be a focus of airpower doctrine, tactics, and training for the United States and its allies and partners. Second, even the United States and its closest allies have struggled to adequately integrate cyber effects into operational planning and tactical execution, instead keeping those capabilities as strategic or national-level weapons. The United States and its allies must overcome security hurdles and find a way to bring cyber effects to the warfighter—in this case, integrated into a tactical air campaign. Third, the United States and its allies and partners must examine the counter-UAS mission that will be discussed extensively below, and develop unique weapons, doctrine, tactics, and training tailored specifically to defeating small UASs and drones.

Preparing for the changing character of air and space warfare


Although the primary mission of air and space forces remains the same—to gain control of the skies and space, or air and space superiority—the character of air and space warfare is rapidly evolving. The primary driver of this change is the democratization of airpower and spacepower that will allow many nations to field potent air and space capabilities, potentially countering a numerically superior force in those domains. The barriers to fielding potent air, space, and intelligence capabilities are decreasing rapidly, and many nations—or even non-state entities—can procure and deploy large fleets of small, low-cost, expendable UASs and drones, making establishing air control extremely difficult and costly. Similarly, the space domain can also be contested through the use of commercial space assets and functions, which are rapidly becoming more affordable. Finally, robust intelligence capabilities can be developed with little investment in exquisite collection capabilities, instead relying on commercial imagery and open-source intelligence. A savvy adversary can contest air and space superiority via a thoughtful investment in critical air, space, and intelligence assets and capabilities.

The democratization of airpower

Air superiority is likely to be more difficult to achieve in future conflicts than in the counterterrorism and counterinsurgency fights of the early twenty-first century for two major reasons. First, the proliferation of mobile, advanced SAMs will increase the risk to air forces seeking to establish air control. The second reason, which will be the focus of this section, is the explosion of small commercial- and military-grade drones on aerial battlefields. The fight for control of the air will not only include dueling fighter jets, but the hunt for these small, low-cost, and expendable systems. Additionally, these systems can, and will, likely be armed to provide a relatively low-cost precision-strike capability, previously only available to the world’s largest and most advanced air forces. A resource-constrained air force can contest air superiority through the procurement and utilization of large fleets of these systems. The United States and its coalition air forces will need to allocate significant resources to find and destroy these systems.

The use of unmanned aerial vehicles (UAVs), UASs, and drones is not new; the United States began using UAVs in large numbers as early as Operation Desert Storm in 1991. The MQ-1 Predator and MQ-9 Reaper were symbols of air operations in the post-9/11 air campaigns. Similarly, the Turkish-built TB2 Bayraktar—which, like the MQ-1 and MQ-9, has potent ISR and strike capabilities—has become the most visible symbol of the Ukraine air war. Additionally, Ukraine received and quickly employed so-called “suicide drones,” such as the US-built Switchblade-300 and Phoenix Ghost, which were observed destroying Russian targets with their small onboard payloads. Ukraine’s success, at least initially, with these systems has led to questions about the future use of UASs in conflict. The Ukraine air war may be providing a glimpse into the future of air operations conducted almost exclusively remotely.

Whereas the counterterrorism conflicts of the early twenty-first century showed the efficacy of ISR and strike UAVs, the Ukraine air war has shown the promise of smaller, relatively cheap, abundant, and expendable UASs and drones. Small, expendable systems, deployed en masse, can have a decisive impact on the battlefield—identifying, disrupting, and even destroying large, armored columns; interdicting resupply convoys; and destroying critical or high-value targets. Large formations of UASs and/or drones will be extremely difficult to defend against in the future, requiring the use of sophisticated electronic-warfare tools, the expenditure of large numbers of expensive air-to-air or surface-to-air missiles, the deployment of directed-energy or high-powered microwave weapons, or some combination of all three categories of weapons. Future air-superiority fights may be defined by the more advanced military struggling to effectively and efficiently allocate resources to the counter-UAS mission, even at the expense of traditional air superiority missions of counter-air and SEAD.


The democratization of spacepower

As with the democratization of airpower capabilities, the shift toward more affordable space-based capabilities will expand the number of nations capable of operating in and contesting control of the space domain. The cost to develop a space program and put satellites into orbit used to be cost prohibitive for all but the wealthiest of nations. This is no longer the case, as evidenced by Ukraine’s use of commercial satellite imagery and satellite communications in this conflict. The rapidly declining cost of spacelift will give more nations the ability to build redundant satellite constellations that will enable critical components of warfighting.

The clearest example of the democratization of space capabilities in the Russia-Ukraine war has been Ukraine’s use of SpaceX’s Starlink services for satellite communications. Immediately prior to launching its ground invasion, Russia hacked Viasat, which Ukraine relied upon for its satellite communications. Two days later, Vice Prime Minister and Minister of Digital Transformation of Ukraine Mykhailo Fedorov asked Elon Musk via Twitter to provide Starlink equipment and services to Ukraine. Musk and SpaceX did just that, sending equipment to Ukraine and allowing it access to Starlink’s massive constellation of more than seven thousand satellites. Despite Russian efforts to jam the signal, Starlink provided Ukrainian forces with secure, redundant, and resilient communications that they have used to control UASs, target artillery strikes, and conduct a host of other military functions.
The Starlink example shows the power of industry in providing high-end, space-based capabilities, but also how nations will use relatively low-cost commercial space companies and capabilities to execute space-based warfighting missions. Ukraine was a unique case, and it is unlikely SpaceX would provide these types of services to an adversary of the United States free of charge. Nonetheless, this example gives a glimpse of how nations—potentially US adversaries or competitors—may take advantage of the changing economics of space operations and use commercial capabilities to execute and support wartime missions. In addition to satellite communications, a host of imagery, weather, and other space-based services are commercially available, and may be employed by the United States’ next adversary. Space will be a contested domain in future conflicts, with multiple combatants able to both operate in and counter their adversaries’ space operations. Space superiority is no longer guaranteed to the United States, its allies, and partners.

The democratization of intelligence

Building a potent intelligence apparatus is an extremely costly venture, usually made cost-prohibitive by the reliance on exquisite, yet extremely expensive, intelligence-collection systems and capabilities. The Ukraine air war, however, has shown that timely and accurate intelligence can be gathered through commercial and publicly available information. Both the buildup to Russia’s invasion and the war itself have shown that the “democratization” of intelligence via open-source intelligence (OSINT) and commercial satellite constellations is here. As with inexpensive UASs and drones, an under-resourced nation can develop a comprehensive and accurate picture of the battlespace through the use of OSINT and commercially available sources, at a fraction of the cost the United States and its friends invest for such a capability.

OSINT is not new, but its use in the Russia-Ukraine war easily surpassed what was seen in any previous conflict. As Russia began a massive military buildup along its border with Ukraine, Internet OSINT analysts were able to use commercial imagery and hand-held photographs and videos to show the buildup of forces and accurately predict the coming Russian invasion of Ukraine. On the first night of the conflict, one of the clear indicators of a coming invasion was traffic apps showing heavy traffic moving south from Bolgorod, Russia, into Ukraine in the early morning hours of February 24—clearly the invasion force moving to initiate its offensive. Throughout the conflict, battle-damage assessment, a mission that even the United States has struggled with mightily, was conducted via OSINT. Oryx, an Internet OSINT analyst, used confirmed and geolocated imagery and hand-held media to confirm the losses of Russian and Ukrainian military equipment, and provided a much more accurate picture of the war’s progress than the overinflated numbers being distributed by the Russian and Ukrainian Ministries of Defense, respectively.

The implication of this democratization of intelligence is stark; nearly any military force can develop a fairly comprehensive and accurate picture of the battlespace through the use of OSINT and the relatively low-cost procurement of commercial-satellite intelligence sources. The most pressing question for intelligence analysts is no longer how they will acquire intelligence sources to observe the adversary, but how to accurately correlate, fuse, and analyze that overwhelming amount of data and correctly analyze the actions taken by the adversary. The United States has traditionally relied on exquisite, but high-cost collection means and only used OSINT to augment the high-end capabilities. The United States and its allies and partners should learn from the conflict and shift their mindsets toward relying extensively on OSINT, and using the exquisite but expensive capabilities to augment publicly available information. A corollary to the democratization of intelligence is the increased emphasis on being able to deny the adversary the ability to accurately assess activity. Deception in war, vitally important since the days of Sun Tzu, will be even more important in the future, and should be a major focus for the United States and its allies and partners.

The democratization of air, space, and intelligence capabilities is not only a threat to the air superiority to which the United States and its allies and partners are accustomed, but also presents opportunities. The United States and its friends can, and should, embrace this trend and recapitalize their air and space forces to provide more capacity at less cost. Lower-cost systems such as UASs, drones, and commercial small satellites, should not replace high-end systems and capabilities such as the F-35 and B-21, but can augment those systems in a high/low mix of capabilities that will provide quantitative and qualitative superiority that should maintain the level of air superiority the United States and its allies and partners have come to expect since 1991.

Conclusion and Recommendations

Though the outcome of the war still hangs in the balance, there is already much to be learned by examining the progress of the air war thus far. The United States and its allies and partners need to use lessons from Russia’s botched air campaign, and they must modify their equipment, doctrine, tactics, and training to account for the democratization of air and space power, which may fundamentally change the character of air and space warfare. By more accurately predicting the future course of aerial combat and designing the force and capabilities to dominate the air and space campaigns of the future, the United States and its friends will be better postured than their strategic competitors to prevail in future high-intensity conflict.

***

Lt Col Tyson Wetzel, USAF is a nonresident senior fellow in the Forward Defense practice of the Atlantic Council’s Scowcroft Center for Strategy and Security. Wetzel is the deputy director for intelligence, surveillance, and reconnaissance (ISR) for 7th Air Force at Osan Air Base, Republic of Korea.

Read more essays in the series

Airpower after Ukraine: The future of air warfare

Airpower experts and practitioners examine interim lessons from the war in Ukraine and consider applications for twenty-first century air and space forces.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Ukraine air war examined: A glimpse at the future of air warfare appeared first on Atlantic Council.

]]>
China’s opioid challenge: All is fair in law and war https://www.atlanticcouncil.org/content-series/hybrid-warfare-project/chinas-opioid-challenge-all-is-fair-in-law-and-war/ Fri, 05 Aug 2022 10:00:00 +0000 https://www.atlanticcouncil.org/?p=552390 A former senior official in the US intelligence community maps how the United States should unleash a legal defense against China's malicious activities—starting with its role in the opioid crisis.

The post China’s opioid challenge: All is fair in law and war appeared first on Atlantic Council.

]]>
While serving as a senior official in the US intelligence community, I held posts directly responsible for the mission management and operational coordination of activities to counter our nation’s strategic threats. At the top of that list were the pervasive, multidimensional, and asymmetric challenges posed by the policies and actions of the Chinese Communist Party (CCP).

In 1999, two Chinese colonels penned the seminal military classic Un-Restricted Warfare, which argued for the intentional use of hybrid tactics. One of the authors, Colonel Qiao Liang, was quoted with the prescient statement: “The first rule of unrestricted warfare is that there are no rules, with nothing forbidden.” Yet, while China and Russia are testing such instruments in the gray zone, the United States has been hesitant to wield its own tools. It’s time for the United States to drop that reticence. It can start by using “lawfare,” or the intentional weaponizing of the US civil court system.

An American response

The United States has no shortage of zealous attorneys. It needs to unleash the lawyers so that they can help meet the country’s national security demands. The CCP engages in many malicious activities, from technology theft to unsavory investment practices to irresponsible behavior leading to the global spread of COVID-19. These kinds of abuses are ripe for US civil action.

Lawfare can help stem the rise of Chinese global influence by holding the CCP accountable in the court of world opinion while also helping to exhaust valuable time and resources that the party would need to spend defending its actions legally.

While the United States has not yet taken the CCP to court, China’s involvement in the opioid crisis provides a particularly relevant case to start with.

Is the CCP helping traffic fentanyl?

Opioids constitute a national crisis in the United States. The misuse of and addiction to opioids—including synthetic opioids such as fentanyl—are responsible for tens of thousands of deaths per year. While the crisis has been caused by the wanton overprescription of opioids to Americans for everyday ailments, it has been fueled by the supply of illegal fentanyl which has both increased its accessibility for addicts and profitability for dealers. Since 2013, China has been fueling this crisis, acting as the number one supplier of illegal fentanyl and the precursor chemicals of fentanyl to the United States. While China imposed regulations on fentanyl in 2019 that reduced direct shipment to the United States, fentanyl precursors continue to flow in via Mexico.

It’s unlikely that the CCP will acknowledge and therefore cease what appear to be the state-sanctioned abuses of its pharmaceutical industry, so the US and global court systems must step in to deliver justice.

To bring China to court, the United States must first make the case that the CCP is involved in driving the opioid crisis. The US Drug Enforcement Administration (DEA) has classified the precursor chemicals for fentanyl (which China supplies) as controlled substances, essentially making them illegal. In May, DEA Administrator Anne Milgram told CBS News: “We would like China to do more. For example, we need to be able to track every shipment of chemicals that’s coming out of those Chinese chemical companies and coming to Mexico. Right now, we can’t do that.”

Given China’s restrictive, Orwellian business environment, companies illegally selling fentanyl precursors in the United States would likely be known to authorities. Some great open-source analysis conducted by J2X Solutions, a risk intelligence company, helps connect the dots. J2X Solutions identified thirty-seven Chinese companies as vendors of 4-Anilinopiperidine, a direct precursor to fentanyl. Five of the thirty-seven companies were identified as manufacturers of the precursor. 

Further analysis noted that some of these companies’ use of social media networks like LinkedIn and Facebook meant they could exit “the great firewall of China”—which would require the tacit approval of government monitors—and hide in the crowd of busy platforms through the use of fake photos, profiles, and handles. (This research is not publicly available but was provided to me by J2X Solutions.)

Example of J2X Solutions Analysis.

The DEA has gone on record to state that it is “not aware of any legitimate uses of 4-Anilinopiperidine other than potentially in the synthesis of fentanyl.” That fact explains why these companies try to obfuscate their sales by using non-traditional marketing sites, façade accounts, Bitcoin transactions, and encrypted messaging apps.

A US court order

As Chinese companies hinder US national security through the illicit sale of fentanyl, the United States can leverage nonmilitary means to weaken the effectiveness of their activities. In addition to traditional law enforcement activities, the United States should empower US civil attorneys to file massive class action suits in both US and world courts.

The Foreign Sovereign Immunities Act (FSIA) of 1976 provides a viable starting point. The act shields foreign states from suit for their sovereign, but not their commercial, activities, stating:

“Under international law, states are not immune from the jurisdiction of foreign courts insofar as their commercial activities are concerned, and their commercial property may be levied upon for the satisfaction of judgments rendered against them in connection with their commercial activities.”

The Chinese government’s control over the business environment—meaning fentanyl precursor sales to the United States are surely known to authorities—opens the floodgates for potential class-action suits from the tens of thousands of victims of wrongful deaths from Chinese-supplied fentanyl. When the chemicals are routed through Mexico, China could face additional liability under a FSIA provision that applies to commercial activity outside the United States that “causes a direct effect in the United States.”

One relatively easy way to broach this would be to diplomatically ask the Chinese government to halt these shipments from within their country. If China did actually assist, problem solved. In the more likely instance where Beijing would feign ignorance, this would then open the regime up legally under a concept known as “intentional indifference,” triggering potential civil liability under FSIA. While this might not be enough to make China stop its malign actions, it would induce shame, generate negative press globally, and force China to expend massive legal resources. 

Colonel Qiao was not wrong when he stated there are no rules when it comes to warfare. The sooner the United States and its allies realize, accept, and adopt this mindset, the sooner they can intentionally employ asymmetric tools like lawfare. Proactively harnessing the robust US legal system—in conjunction with other actions below the threshold of armed conflict such as information campaigns and cyber acts—could help steer the behavior and response of adversaries like China.


Tom Ferguson was a member of the Atlantic CouncilGray Zone Task Force before assuming a position in government

The post China’s opioid challenge: All is fair in law and war appeared first on Atlantic Council.

]]>
Russian army faces morale problems as Putin’s Ukraine invasion drags on https://www.atlanticcouncil.org/blogs/ukrainealert/russian-army-faces-morale-problems-as-putins-ukraine-invasion-drags-on/ Thu, 04 Aug 2022 21:47:57 +0000 https://www.atlanticcouncil.org/?p=553701 A new opinion poll indicates that the Russian public continues to strongly support their country's invasion of Ukraine but there are growing signs that Vladimir Putin's invading army is suffering from low morale.

The post Russian army faces morale problems as Putin’s Ukraine invasion drags on appeared first on Atlantic Council.

]]>
New polling data from Moscow indicates that Russian public support for the country’s invasion of Ukraine is growing. However, with the war now in its sixth month, there is little sign of similar enthusiasm within the ranks of Vladimir Putin’s invading army. Instead, much of the available evidence points to mounting demoralization among the Russian troops currently fighting in Ukraine.

The latest monthly opinion overview from Russia’s only internationally respected independent pollster, the Levada Center, has identified a slight rise in the number of Russians who back their country’s war against Ukraine. Published on August 1 and based on research conducted in late July, the poll found that 76% of Russians currently support the war effort in Ukraine. This represents a one percent increase compared to the figure for June 2022.

While a single percentage point obviously does not represent a major shift in public opinion, the consistently high levels of support registered over the past five months coupled with the slight upward trend in this latest poll do suggest that Russian backing for the war remains both solid and strong.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

The results of this new Levada Center survey will come as a wake-up call for all those who hoped Vladimir Putin would face a domestic backlash as the costs of the Ukraine invasion became increasingly apparent to the Russian public. On the contrary, it appears that the vast majority of Russians have acclimatized to the new wartime reality despite the worsening economic climate in their own country and mounting revelations of war crimes being committed in their name across the border in Ukraine.  

There has been much debate over the true level of pro-war sentiment in Russia since the invasion began on February 24, with critics arguing that opinion polls cannot be regarded as trustworthy measures of the public mood in authoritarian societies such as Putin’s Russia. It is also important to note that the Kremlin introduced draconian measures at the start of the war that effectively banned any public criticism of the invasion and imposed long prison sentences for displays of opposition.

At the same time, it must also be said that this tough stance has rarely been tested. There has been virtually no sign of an anti-war movement emerging inside Russia since a brief wave of small-scale anti-war protests which fizzled out in the early weeks of the conflict. Despite widespread initial reports of horror and alarm within the Russian establishment over Putin’s decision to invade Ukraine, the country’s political, business and cultural elites have since largely mobilized in support of the Kremlin. There have been very few resignations, with the relatively few who have preferred to leave the country generally choosing to remain silent.

If Russian society as a whole seems to have accepted the war, the same cannot be said for the country’s military. Reports of demoralization among Putin’s invasion force have become a common feature of the invasion over the past five months as Russian casualties have continued to mount at an alarming rate.

While the exact number of Russians killed or wounded in Ukraine remains a closely guarded secret, US officials believe the figure is already above 75,000 and rising. Other calculations are slightly lower, but all serious sources outside of Russia itself acknowledge that Russian losses now number in the tens of thousands.

Meanwhile, Moscow’s increasingly desperate recruitment efforts hint at the scale of the manpower crisis facing the Kremlin. Across Russia, potential army recruits are being enticed with mouth-watering salaries five or six times higher than the national average along with the promise of short-term contracts. In May, the Kremlin scrapped age limits on newly enlisted men in an apparent bid to fill gaps created by heavy losses in Ukraine. More recently, recruiters have begun scouring Russian prisons and offering convicts the chance to sign up in exchange for an amnesty.

Russia’s current troop shortages are in large part due to Vladimir Putin’s reluctance to officially declare war on Ukraine. Instead, he has branded the invasion a “Special Military Operation.” As a consequence, Russian contract soldiers are not legally obliged to fight in Ukraine and can theoretically resign from the army at any moment. Thousands are believed to have already done so, leading to increasingly desperate measures as the Russian authorities seek to prevent more soldiers from quitting.  

Reports this week claimed that hundreds of Russian soldiers have been illegally imprisoned by their own commanders in the east Ukrainian conflict zone after refusing to take any further part in the war. In one written testimony republished by the UK’s Guardian newspaper, a Russian soldier claimed he was jailed after deciding to stop fighting “as a result of what I believe were the tactical and strategic mistakes of my commanders and their total disregard for human life.”

Low morale among Russian troops represents a serious challenge for the Kremlin as both Russia and Ukraine prepare for what many now fear will be a long war. Ukraine has also suffered heavy casualties during the first five months of hostilities but Ukrainian troops are supremely motivated by the knowledge that they are fighting for their homeland against a foreign aggressor. Unlike their Russian enemies, they have nowhere else to go.

Motivation is likely to become a key factor in the months ahead. This is one category where the Ukrainian military enjoys an unquestionable and overwhelming advantage. While ordinary Russians cheer the invasion from their sofas, demoralization within the ranks of Putin’s army could become a major problem for the Kremlin as the brutal war unleashed by the Russian dictator drags on with no end in sight.  

Peter Dickinson is Editor of the Atlantic Council’s UkraineAlert Service.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.

Follow us on social media
and support our work

The post Russian army faces morale problems as Putin’s Ukraine invasion drags on appeared first on Atlantic Council.

]]>
Adrian Levy and the myth of Pakistan’s Inter-Services Intelligence https://www.atlanticcouncil.org/blogs/southasiasource/adrian-levy-and-the-myth-of-pakistans-inter-services-intelligence/ Tue, 02 Aug 2022 17:45:15 +0000 https://www.atlanticcouncil.org/?p=552377 In this interview with non-resident senior fellow Kamal Alam, author Adrian Levy reflects on the deep historical relationship between Pakistan's Inter-Services Intelligence and the United States’ Central Intelligence Agency, noting that it has covered history’s many “pinch points.”

The post Adrian Levy and the myth of Pakistan’s Inter-Services Intelligence appeared first on Atlantic Council.

]]>
Shrouded in secrecy, “the undeclared deaths, attacks, suicide bombings, targeted assassinations”, says author Adrian Levy, are the enormous, hidden cost of operations felt by Pakistan’s Inter-Services Intelligence (ISI) at the grassroots.  

Levy, an investigative journalist and co-author of best selling books The Exile: The Stunning Inside Story of Osama bin Laden, Al Qaeda in Flight, Spy Stories: Inside the Secret World of the RAW and the ISI, and most recently The Forever Prisoner: The Full and Searing Account of the CIA’s Most Controversial Covert Program has had unparalleled access to the ISI on the ground and knowledge of its operations.

In this interview with Kamal Alam, a non-resident senior fellow with the Atlantic Council’s South Asia Center, Levy reflects on the deep historical relationship between the ISI and the United States’ Central Intelligence Agency (CIA), noting that it has covered history’s many “pinch points.” He creates a distinction between public debate and private action, showcasing that whether it is ISI’s relations with India’s Research and Analysis Wing (RAW) or the CIA, private backchannel conversations between agencies continue regardless of ongoing political rhetoric. 

Here are some key takeaways from the interview:

The myth of the ISI

  • The myth of ISI, Levy argues, stems from the 1980s, in particular in 1982 when the United States launched a secret war in Afghanistan “as a pivot against a fading Soviet Union.” Pakistan and the ISI were the staging post for America’s “secret war”–and what the ISI gained out of that were real skills that included combative, covert, and asymmetrical fighting; the ability to transport goods anywhere in the world; and ability to raise covert funds not just from the Gulf, but also via black market funding. 
  • As such, he argues that part of the myth of the ISI is based on some measure of fact because the agency did in fact master these skills in the 1980s. However, at the same time, the more the ISI and the secret war is discussed, the more that myth grows, resulting in it becoming larger than reality.

ISI and RAW on peace and cooperation in the region

  • No matter the debate in the public sphere, according to Levy, through private backchannels there have been plenty of attempts at cooperation and understanding between ISI and RAW, with the two spy agencies coming extremely close to a deal under Pakistani General and former President Pervez Musharraf between 2004 and 2007.
  • Even as tensions escalate today between India and Pakistan, these private conversations continue. When it comes to the future of those backchannels, Levy adds: “we are in a period of great opacity and things are the least clear they have been for some time.” 

Structural reforms under Lieutenant General Faiz Hameed and General Ehsan ul
Haq

  • Levy argues that the largest period for professionalization and reform for ISI took place under General Ehsan ul Haq and Lieutenant General Faiz Hameed, who enforced structural changes that changed the agency, making it a more coherent organization that responds to military discipline and works on the basis of a chain of command.  
  • General Ehsan ul Haq is amongst the people who laid down the foundations and strategies that continue to be carried on through documents such as the “Kayani doctrine.”
  • Lieutenant General Faiz Hameed made reforms that saw him overseeing and managing minute details. The largest result of this was his cooperation with the United States, via the CIA as well as with former US Special Envoy to Afghanistan Zalmay Khalilzad, to end the twenty-year war in Afghanistan. Hameed carried on Haq’s and Kayani’s work.

Deep ties between the CIA and ISI 

  • The ISI and CIA have deep relations that differ significantly from relations between the civilian leaders of their respective countries. Between 2001 and 2007, Levy notes that “virtually every legitimately high-level target held in Pakistan was detained at the behest of or with joint intelligence operation by CIA, ISI and others.”    
  • There is a distinction to be made between the public rhetoric of politicians and private actions taken by states. The relationship between the CIA and ISI is a “permanent structure” that continues to exist “beneath the state.” Even though former US President Donald J. Trump publicly called to end ties with Pakistan, covert talks on Afghanistan between the CIA and ISI continued.  

Priorities for the ISI and the international community going forward 

  • While, according to Levy, this is something truly “for the ISI to decide,” he added that one of the biggest areas the ISI has been focusing on is the Financial Action Task Force, which continues to hold huge influence over Pakistan’s economy and financial sector.
  • Another area of importance has been Pakistan’s role in the international order. The global space that had “previously [been] totally dominated by India,” according to Levy, has abdicated to an atmosphere of rivalry to “own” the international space. In the same effort, Levy adds that the ISI is recognizing the importance of soft power, especially since this is something that India has mastered.   
  • Balancing and managing China requires dexterity by the ISI, says Levy, because while China brings in huge infrastructural benefits, balancing US, Turkish, and Gulf desires against Beijing is extremely difficult–but necessary–in today’s multipolar world.

Watch the full interview below:

Kamal Alam is a nonresident senior fellow at the Atlantic Council’s South Asia Center and a special adviser and representative of the Massoud Foundation.

The South Asia Center is the hub for the Atlantic Council’s analysis of the political, social, geographical, and cultural diversity of the region. ​At the intersection of South Asia and its geopolitics, SAC cultivates dialogue to shape policy and forge ties between the region and the global community.

The post Adrian Levy and the myth of Pakistan’s Inter-Services Intelligence appeared first on Atlantic Council.

]]>
Eftimiades on the Spectator on Chinese espionage https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-on-the-spectator-on-chinese-espionage/ Tue, 02 Aug 2022 10:59:00 +0000 https://www.atlanticcouncil.org/?p=552450 Nicholas Eftimiades discussed the scale of Chinese espionage infiltrating Western society.

The post Eftimiades on the Spectator on Chinese espionage appeared first on Atlantic Council.

]]>

On August 2, Forward Defense nonresident senior fellow Nicholas Eftimiades discussed how Chinese espionage is infiltrating Western society on the Spectator podcast.

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The Scowcroft Center for Strategy and Security works to develop sustainable, nonpartisan strategies to address the most important security challenges facing the United States and the world.

The post Eftimiades on the Spectator on Chinese espionage appeared first on Atlantic Council.

]]>
Polymeropoulos in the Washington Examiner on the January 6 committee https://www.atlanticcouncil.org/insight-impact/in-the-news/polymeropoulos-in-the-washington-examiner-on-the-january-6-committee/ Tue, 26 Jul 2022 16:51:00 +0000 https://www.atlanticcouncil.org/?p=551041 Marc Polymeropoulos discusses why the January 6 committee is critical to ensuring the continuation of American democracy.

The post Polymeropoulos in the Washington Examiner on the January 6 committee appeared first on Atlantic Council.

]]>

On July 26, Forward Defense nonresident senior fellow Marc Polymeropoulos wrote an article in the Washington Examiner, describing the importance of the January 6 investigative committee.

Full accountability is a deterrence. Enemies of American democracy don’t take a knee after just one failed attempt.

Marc Polymeropoulos

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The post Polymeropoulos in the Washington Examiner on the January 6 committee appeared first on Atlantic Council.

]]>
Ukraine confronts Kremlin infiltration threat at unreformed state bodies https://www.atlanticcouncil.org/blogs/ukrainealert/ukraine-confronts-kremlin-infiltration-threat-at-unreformed-state-bodies/ Wed, 20 Jul 2022 14:42:58 +0000 https://www.atlanticcouncil.org/?p=548339 Last week's dismissal by President Zelenskyy of two key figures from Ukraine's state security and prosecution services has highlighted the threat posed by Kremlin agents infiltrating unreformed Ukrainian state bodies.

The post Ukraine confronts Kremlin infiltration threat at unreformed state bodies appeared first on Atlantic Council.

]]>
On July 17, Ukrainian President Volodymyr Zelenskyy dismissed Ivan Bakanov, the head of Ukraine’s state security service (SBU), and Iryna Venediktova, the country’s prosecutor general. In his nightly video address, Zelenskyy said the pair were being removed for allowing treasonous activity to fester at the state bodies they led.

Although concerns over pro-Russian sympathizers within Ukrainian state organs are not new, these recent personnel changes highlight the importance for Ukraine’s national security of further institutional reform. While serious questions are now being asked of the state security and prosecution services, institutions which have undergone comprehensive reform since 2014 such as the Ukrainian military and the country’s energy sector have proven highly effective during the past five months of full-scale war with Russia.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

The SBU is one of Ukraine’s most bloated state institutions. The service maintains a staff of roughly 30,000 employees, nearly as many as its American equivalent, the Federal Bureau of Investigation (FBI). The sprawling size of the SBU reflects its sweeping mandate. The service combines counterintelligence, investigative, and anti-corruption roles that often overlap with the responsibilities of other state organs.

A combination of size, access to sensitive information, and lack of institutional oversight help to make the SBU ripe for corruption and infiltration by pro-Russian operatives. The threat of Kremlin agents is particularly high as many senior SBU officials began their careers in the Soviet era and are graduates of elite Moscow institutions.

The service’s wide mandate has also made it hard to rein in. Draft laws to reform the SBU have run into roadblocks in the Ukrainian parliament in part because so much needs to be changed that lawmakers cannot agree on how best to do it.

Bakanov’s lack of law enforcement experience made it even more difficult to reform the SBU. A childhood friend of President Zelenskyy’s, he was a TV studio executive before his appointment as SBU head in 2019. While loyal to the president, whispers of pro-Russian sentiments at the SBU ran rampant throughout his tenure. The day before Bakanov’s sacking, authorities arrested the former head of the SBU in Crimea, Oleh Kulinich, on suspicion of treason. Zelenskyy himself said dozens of SBU apparatchiks in Russian-occupied territories of Ukraine are working “against our state.”

Zelenskyy likewise called out pro-Russian forces within the Prosecutor General’s Office (PGO), which has also been dogged by allegations of corruption. In 2020, Venediktova’s deputy Oleksiy Symonenko effectively blocked a corruption case against deputy head of the presidential administration Oleh Tatarov by transferring it to the SBU, which critics say then buried the investigation. Anti-corruption activists have since accused Venediktova of being too close to the Office of the President.

Allegations of corruption and Russian infiltration provide skeptics of Western support for Ukraine with an excuse to push back against the military and humanitarian aid that Kyiv so desperately needs to continue the war effort. In this sense, the Zelenskyy administration’s unwillingness to undertake real reform in the SBU and PGO poses a clear threat to Ukraine’s image in Western capitals.

At the same time, the war with Russia has also shown that reform carries tangible benefits of its own. The Armed Forces of Ukraine were thinly outfitted and poorly trained when Russia first began its military aggression in 2014. During the following eight years, Ukraine reformed its military in line with modern Western standards, introducing a decentralized command structure, civilian defense command, and NATO training methods. Military analysts agree that these reforms have contributed to the exceptional performance of the Ukrainian army over the past five months of the Russian invasion.

State energy grid operator Ukrenergo also underwent significant post-Maidan changes that have paid dividends in the uniquely challenging wartime conditions since February 2022. In the first days of the invasion, Ukrenergo actually completed a key “isolation test” that allowed the Ukrainian electricity system to disconnect from the Russian network and fully integrate with the European grid.  

This remarkable success did not happen overnight. Ukrenergo officials and the Organization for Economic Co-operation and Development worked together for years to improve operational and procurement transparency. These added efficiencies allowed Ukrenergo to reorient Ukraine’s electrical grid to European standards and keep the power on after the February 24 invasion.

The war has made clear that reform is a national security imperative. Ukraine today faces two major threats: Kremlin aggression and domestic corruption. Defending Ukrainian territory is obviously Kyiv’s most pressing priority, but combating corruption and treason on the home front are also vital aspects of the overall war effort.

Firing officials and arresting suspected traitors, as Ukraine did last week, treat the symptoms of unreformed state institutions but do not address their root causes. With an 88% approval rating, Zelenskyy has a popular mandate and a legislative majority in parliament necessary to push ahead with major law enforcement reform. He must now do so. In 2021, a draft law that would have cut the SBU’s mandate was introduced but never voted on. It should now be updated and fast-tracked to the Ukrainian parliament.

Reforming the SBU and PGO will reinforce Ukrainian national security and buttress the country’s reputation abroad. Cohesive, efficient government administration and strong support from the West are essential as Ukraine seeks to fight off Russian aggression. Institutional reform advances these objectives and prepares Ukraine for its Euro-Atlantic future.

Andrew D’Anieri is an assistant director at the Atlantic Council’s Eurasia Center. Find him on Twitter @andrew_danieri.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.

Follow us on social media
and support our work

The post Ukraine confronts Kremlin infiltration threat at unreformed state bodies appeared first on Atlantic Council.

]]>
Eftimiades in the Financial Times on Chinese intelligence agencies’ recruitment https://www.atlanticcouncil.org/insight-impact/in-the-news/eftimiades-in-the-financial-times-on-chinese-intelligence-agencies-recruitment/ Sat, 02 Jul 2022 15:40:00 +0000 https://www.atlanticcouncil.org/?p=544160 Nicholas Eftimiades discusses Chinese intelligence agencies' recruitment processes in the Financial Times.

The post Eftimiades in the Financial Times on Chinese intelligence agencies’ recruitment appeared first on Atlantic Council.

]]>

On July 2, Forward Defense nonresident senior fellow Nicholas Eftimiades was quoted on the use of front companies in the recruitment process of Chinese intelligence agencies in the Financial Times.

What is unique in China is the use of front companies that recruit students without their knowledge.

Nicholas Eftimiades

Forward Defense, housed within the Scowcroft Center for Strategy and Security, generates ideas and connects stakeholders in the defense ecosystem to promote an enduring military advantage for the United States, its allies, and partners. Our work identifies the defense strategies, capabilities, and resources the United States needs to deter and, if necessary, prevail in future conflict.

The Scowcroft Center for Strategy and Security works to develop sustainable, nonpartisan strategies to address the most important security challenges facing the United States and the world.

The post Eftimiades in the Financial Times on Chinese intelligence agencies’ recruitment appeared first on Atlantic Council.

]]>
The 5×5—Cybercrime and national security https://www.atlanticcouncil.org/content-series/the-5x5/the-5x5-cybercrime-and-national-security/ Wed, 29 Jun 2022 04:01:00 +0000 https://www.atlanticcouncil.org/?p=541720 Five experts weigh in on emerging trends in cybercrime and their impacts on national security. 

The post The 5×5—Cybercrime and national security appeared first on Atlantic Council.

]]>
This article is part of The 5×5, a monthly series by the Cyber Statecraft Initiative, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the 5×5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative at SHandler@atlanticcouncil.org.

From bank fraud to malware to romance scams, cybercrime is everywhere. The Federal Bureau of Investigation’s 2021 Internet Crime Report cited $7 billion in cybercrime-related losses, double the losses reported in 2019. The totality of these losses has a major impact on the US economy, in addition to the lives of affected individuals and businesses that may watch their bank accounts drained and confidential information stolen.

But cybercrime is far from a purely economic problem; real national security concerns are wrapped up in the issue as well. Just as cybercriminals learn from each other, state hacking groups learn from cybercriminals, and vice versa. Cybercriminal infrastructure and even cybercriminals themselves have been coopted by governments in the past, and there is evidence of states potentially acquiring tooling from the cybercriminal underground.

Cybercrime is, of course, not a uniquely US problem. Like with all forms of crime, cybercriminals seek to connect with and learn from each other. Criminal forums, marketplaces, group chats, and even Facebook pages are watering holes for this underground economy, allowing threat actors to adapt techniques to their unique environments and targeting all around the world. British fraudsters have targeted customers’ sensitive personal information online in order to commit tax fraud. Brazilian malware developers have manipulated electronic invoices issued in the country to their names. Financially-motivated threat actors have targeted Australian superannuation accounts.

We brought together five experts with a range of perspectives to weigh in on emerging trends in cybercrime and their impacts on national security. 

#1 How does cybercrime impact national security?

Marina E. Nogales Fulwoodglobal head – cyber external engagement, global response & intelligence, Santander Group:

“Cybercrime impacts national security in different ways, including by offering a fertile ground for organized crime and hostile nation states to obtain and launder illicit profits; threatening the economic stability of households, enterprises and governments; and, in some cases, disrupting supply chains and leaving critical sectors paralyzed. The paradigm shift ‘from online criminal activity to national security threat’ was bolstered by the recent ransomware attacks against Colonial Pipeline and Kaseya that prompted the classification of ransomware as a national security matter. The nationwide Conti ransomware attacks against Costa Rica’s public and private sector, and the country’s subsequent state of emergency declaration, is another clear example.”

Ian W. Graysenior director of intelligence, Flashpoint:

“To understand how cybercrime impacts national security, it is important to have a proper understanding of the motivations of cybercriminals and adversaries alike. There also may be substantial overlap with the tactics, techniques, and procedures (TTPs) employed by various threat actors, regardless of motivation. Cybercrime is often financially motivated. However, the same threat actors that are monetizing initial access to a network may also be selling that access to a state-sponsored adversary, whether they know it or not. State-sponsored adversaries may be employing proxies to deflect attribution attempts, thereby providing plausible deniability. The same TTPs that are often associated with less sophisticated cybercrime—social engineering, credential stealing malware, brute-forcing or credential stuffing—are also effective in state-sponsored attacks that can have a larger impact on national security.”

Matthew Noyescyber policy and strategy director, US Secret Service:

The views presented are his own and do not necessarily reflect the views of any agency of the United States Government.

“For over forty years, cybercrime has presented the risk of unauthorized access to national security information and associated information systems. Today, this risk is heightened by the growth of highly profitable transnational cybercriminal networks. These transnational criminal networks have both conducted and enabled highly disruptive cyber incidents that have impacted the operation of critical infrastructure and essential services. These criminal networks may serve as proxies for malicious foreign government activities or provide a degree of plausible deniability to foreign government security services for their own malicious cyber activities.”

Mario Rojascyber security and threat intelligence subject matter expert, Maltego:

“Cybercrime impacts our society on all levels, and national security is not exempt from the reach of cyber criminals, who target government agencies for financial gain, cyber warfare, or simply as a challenge. These cyber criminals undermine the security of our countries by attacking critical infrastructure such as hospitals, gas pipelines, and even military networks.”

Dmitry Smilyanetsprincipal product manager, Recorded Future:

“Espionage, attacks on critical infrastructure, account takeover (ATO) for government officials and employees, election meddling, and disinformation, are among the top threats to national security that I can see coming from the financially motivated actors.”

#2 Given limited resources, should counter-cybercrime efforts focus on a particular country/region or does the issue warrant a holistic approach?

Fulwood: “Cybercrime is borderless, and combatting it requires the widest level of international cooperation possible, encompassing stakeholders from government, law enforcement, and the private sector. As an example of this, most successful law enforcement counter-cybercrime operations have benefitted from internationally-coordinated frameworks, while many private sector companies have acquired a leading role in disrupting and providing investigative support to the public sector.”

Gray: “Holistic. Employing a fractured approach to countering cybercrime would have detrimental effects on developing internet standards. The globe is already interconnected, save for a few countries that choose to isolate in order to impact state control over internet usage. While certain countries are often associated with specific cybercrimes (like Russia and ransomware or China and intellectual property theft), it is vital that defensive efforts are implemented in a coordinated manner, even if attack vectors or objectives are varied. As a result, improving the defense of domestic networks, including strong public-private partnerships, is the best approach to countering cybercrime. This should be followed by building the capabilities of our multinational partners, including best practices and intelligence sharing.”

Noyes: “Resource allocation is the key question. Ross Anderson, et al. well captured it in a 2012 paper: “As for the more direct question of what should be done, our figures suggest that we should spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more in response that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail.” This analysis still holds up when you consider estimates of $1.75 billion in global spending on cybersecurity products and services, relative to the modest investments in law enforcement efforts and overall decline in fraud prosecutions. Transnational cybercriminal networks are global, and a wholistic approach is necessary to deter their criminal activity, reduce the profitability of their crimes, and successfully arrest and prosecute those that engage in these crimes.”

Rojas: “Governments and private institutions should cooperate, not only sharing knowledge and resources but also creating and supporting organizations to fight cybercrime and help educate the public.”

Smilyanets: “This decision should be made after the proper evaluation of risk is done, as well as the assessment of potential losses. Human life is first, but then, I believe the priority should be aligned with expectations of future damages.”

#3 What is an emerging cybercrime trend that we should be keeping an eye on?

Fulwood: “An emerging trend commonly observed is the symbiotic relationship that access brokers and ransomware groups enjoy. According to industry experts, in 2021, the average time between a network access offer and a ransomware group breaching the same company was seventy-one days. Therefore, closely monitoring access sales in underground forums and other channels used by cybercriminals can provide invaluable early-warning alerts for soon-to-be-breached companies.”

Gray: “The types of ways to steal someone’s identity have changed significantly over the last few years. Whereas username and password may have once been sufficient to gain access to an individual’s account and personal information, increased user awareness, multi-factor authentication, and cybersecurity have mitigated these types of attacks. The introduction of log shops that sell browser fingerprints, new methods of bypassing multi-factor authentication—like social engineering, SIM swapping, and more automated bypass methods like OTP bots, for example—all demonstrate the evolution of identity fraud that could result in account takeover.”

Noyes: “The growing illicit value transfer through the theft and illicit use of digital assets. Kevin Webach’s 2022testimony before the Senate highlighted this risk, stating, “When digital asset and DeFi firms demonstrate their inability to safeguard assets, and engage in behavior that suggests ill-intent or inconsistency, it should result in a drop in trust. The fact that many such firms, and the market as a whole, do not experience such a reaction, indicates that investors may not rationally be assessing risks. This could be a recipe for disaster.”

Rojas: “Supply chain attacks are an emerging threat that targets software developers and suppliers intending to access source codes, build processes, or update tools by infecting legitimate applications to spread malware. A great example of these attacks was the one that involved SolarWinds and affected thousands of customers, including government agencies around the world.”

Smilyanets: “Credential stealers such as RedLine, Vidar, and Raccoon pose a very serious threat to corporations, governments, and individuals. We see steady growth in that market as well as a strong correlation with ransomware attacks growth. 50 percent of ransomware attacks start from ATO of network access credentials previously compromised by information stealers.”

More from the Cyber Statecraft Initiative:

#4 What forms of cybercrime are impactful but do not get enough attention?

Fulwood: “While sophisticated and emerging forms of cyberattacks are widely reported by industry and news outlets, other types of cybercrime, like phishing, have been normalized. Despite its simple nature, phishing is a pervasive threat that every year yields countless economic losses.”

Gray: “Synthetic Identity Fraud (SIF). This crime involves leveraging legitimate personally identifiable information (PII) to create a false identity that can be used for several malicious purposes, including establishing lines of credit or committing financial fraud. During the COVID-19 pandemic, threat actors would leverage stolen PII to take advantage of the US government relief programs, like the CARES Act. Some agencies estimate that over $100 billion in taxpayer money was stolen by fraudsters stealing or creating fake identities to claim unemployment benefits from state workforce agencies. 

Attacks like ransomware and business email compromise (BEC) generally attract a lot of attention for their high payouts and business disruptions. However, “smaller” forms of fraud are more common and also generate major losses when employed en masse.”

Noyes: “More attention is warranted on BEC and similar fraud schemes, which are the economic foundation for transnational cybercriminals. While ransomware understandably gets significant attention due to its potential to disrupt critical infrastructure and essential services, the known and estimated financial losses to BEC and related cyber-fraud schemes are far greater. For example, in 2021 the Internet Crime Complaint Center received19,954 BEC complains with adjusted loss of $2.4 billion relative to 3,729 ransomware complaints with adjusted loss of $49.2 million.”

Rojas: “SIM swapping is a technique utilized by cybercriminals for diverse purposes, more recently to sidestep two-factor authentication solutions, granting them access to resources that otherwise would be out of reach; a passive reaction from service providers increases the efficacy of this technique.”

Smilyanets: “With every year, a digital identity becomes more and more valuable. The average internet user has approximately fifty passwords saved in his browser. Threat actors steal not just your passwords, but the browser’s fingerprints, and cookies with session tokens. That allows them to create synthetic identities, impersonate victims with high fidelity, and gain access to corporate infrastructure protected by multi-factor authentication.”

#5 How can the United States and its allies encourage cooperation from other countries on combatting cybercrime? 

Fulwood: “The United States and its allies can encourage cooperation by enabling more public-private collaboration and incorporating industry expertise in task forces and initiatives.”

Gray: “The relationship between international cybercrime, state-sponsored threat actors, and a burgeoning effort to establish coordinated and like-minded initiatives to thwart cybercrime, is quite complicated. However, existing international treaties like the Budapest Convention on Cybercrime, aims to establish a cooperative framework to combat cyber threats, and non-binding efforts like the Tallinn Manual, actively aim to address international legal issues when operating in cyberspace. Russia, meanwhile, has pushed back on the Budapest Convention and proposed its own Cybercrime Treaty to the United Nations (UN Resolution 74/247), broadening the definition of cybercrime and scope of their authority. Suffice it to say, it is extremely important for the United States and its allies to establish a firm understanding of the threat landscape and its shared security goals.”

Noyes: “Skillful diplomacy, public engagement, and coordinated application of various forms of sanctions and incentives have proven effective at fostering international law enforcement cooperation on a range of issues. Even when some states limit their cooperation, or actively interfere in the law enforcement activities of other countries, law enforcement agencies have proven effectiveness in apprehending persons and seizing assets when they are in cooperative jurisdictions. For example, consider the case of the arrest of Alexander Vinnik coupled with the shutdown and civil complaint against BTC-e, which was described as a major exchange converting ransomware payments from cryptocurrency to fiat currency. Enforcing the law in this manner not only helps to deter and disrupt transnational cybercriminals, but also reinforces norms of the rule of law, international stability, and encourages further international law enforcement cooperation.”

Rojas: “Sharing resources, tools, case studies, and white papers have proven invaluable for the private sector as cybersecurity professionals learn from those and can prevent and even disrupt the work of cybercriminals. Governments can also take advantage of these techniques to get other countries and organizations involved in the fight against cybercrime.”

Smilyanets: “Leading by great example in investigations and prosecutions will encourage partner states.”

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Scowcroft Center for Strategy and Security. He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

Liv Rowley is an assistant director at the Atlantic Council’s Cyber Statecraft Initiative.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

The post The 5×5—Cybercrime and national security appeared first on Atlantic Council.

]]>