The international system is undergoing a profound global power shift characterized by the resurgence of great power competition and a broad diffusion of technical capabilities. This environment is intensifying security competition across all domains. Concurrently, the proliferation of artificial intelligence (AI) and other disruptive technologies has fundamentally transformed espionage and defense. The traditional landscape of counterintelligence (CI) is obsolete and requires rapid, systemic overhaul to address the increasingly amplified, technologically enabled threats posed by state and non-state actors.

Specifically, the shift to great power technological competition has expanded CI’s mandate from protecting military secrets to securing critical infrastructure, intellectual property (IP), and the integrity of the information domain. The dual-use nature of AI functions as both in support of automated espionage and a critical mechanism for preemptively anticipating and mitigating threats. The failure of the United States to strategically integrate AI into CI methodologies will result in the systemic erosion of national technological and economic advantage.

The Expanded Mandate of Modern Counterintelligence

CI functions to protect a nation’s secrets, personnel, and systems from foreign intelligence entities (FIEs). Yet today, CI must also confront a threat matrix dramatically enlarged in scope, sophistication, and velocity. The current geopolitical climate has necessitated a significant expansion of the traditional CI mission. In the context of great power competition, the most significant threat has shifted from the theft of classified military and diplomatic secrets to the large-scale acquisition of IP, trade secrets, and technological data, as highlighted in the recently released Annual Threat Assessment.

FIEs are aggressively targeting the private sector, academia, and research institutions, the very engines of national innovation through sophisticated economic espionage. Their strategic goal is not merely to obtain information, but to erode a nation’s competitive advantage and accelerate the adversary’s technological timetable, thereby shifting the global balance of power. CI must establish robust protective mechanisms that extend deep into the non-governmental technology and research ecosystem.

The dissolution of a clear distinction between peacetime competition and active conflict has resulted in a continuous state of confrontation known as the ‘gray zone’. This strategic domain is characterized by persistent, non-lethal, yet tactically damaging activities designed to achieve political objectives without triggering traditional military responses. CI must now defend against a spectrum of subtle subversion, including large-scale cyber operations, persistent penetration of networks for reconnaissance and preparatory measures, and covert attempts to manipulate political discourse and decision-making.

The globalization of commerce and technology has created intricate, interconnected supply chains. These networks present significant CI risks, as adversaries seek to compromise the integrity, trustworthiness, and authenticity of products and services. By inserting “backdoors” or creating exploitable “choke points” at various nodes, adversaries establish capabilities for future exploitation. CI efforts are essential to conduct comprehensive due diligence and risk mitigation, securing these complex networks against both hardware and software compromise.

Artificial Intelligence: The Dual-Use Catalyst

AI and emerging technologies are not merely targets of modern espionage; they are simultaneously the most potent tools and the most necessary defenses in the counterintelligence battleground. This dual-use dynamic creates a challenging “AI vs. AI” scenario that demands immediate, radical adaptation. Adversaries are leveraging AI to dramatically enhance the speed, scale, and sophistication of their intelligence operations:

Automated Espionage and Big Data Analysis: AI-powered tools can automate and scale the processing, translation, and analysis of vast, heterogeneous datasets (Big Data), vastly increasing the volume and velocity of intelligence collection from both open-source intelligence and classified sources.

Adaptive Cyberattacks: Machine learning (ML) algorithms enable the development of more elusive and adaptive cyber threats. This includes automated exploitation of vulnerabilities, dynamic creation of polymorphic malware, and rapid penetration of defenses, operating at speeds that effectively outpace traditional, human-centric cybersecurity responses.

Generative AI for Influence: Generative AI can create highly realistic deepfakes (synthetic videos and audio) and synthetic narratives at scale. This facilitates sophisticated disinformation and propaganda campaigns to manipulate public opinion and conduct advanced social engineering, severely compromising the ability of institutions to discern truth from falsehood.

Three interconnected factors fundamentally redefine the scope of CI responsibility: target expansion, the blurring of conflict lines, and supply chain vulnerabilities. To effectively counter these technologically enabled threats, CI must aggressively embrace and integrate these same technologies, transforming them into proactive defensive tools:

Threat Anticipation and Predictive Analysis: AI can process and analyze massive amounts of threat data, identifying subtle, non-obvious patterns, trends, and anomalies. This capability allows CI to transition from merely reacting to threats toward predictive modeling, allowing one to forecast adversary actions before they materialize and enabling preemptive defense.

Enhanced Surveillance and Anomaly Detection: ML algorithms are crucial for the detection of subtle anomalies in network traffic, user behavior, and physical security systems that a human operator would miss. AI-driven monitoring provides real-time, large-scale pattern-of-life analysis that significantly exceeds human cognitive capacity.

Counter-Disinformation and Integrity Checks: CI requires AI-driven tools to effectively identify, analyze, and flag AI-generated propaganda, deepfakes, and synthetic media. Systems designed for content provenance and authenticity verification are essential to safeguard the integrity of the information domain and maintain public trust.

Insider Threat Mitigation: Defensively, AI can monitor internal networks to flag anomalous user behaviors such as unusual data access attempts, large data transfers, or deviations in an employee’s digital pattern-of-life. As such they assist in identifying potential insider threats before significant compromise occurs.

The Strategic Imperative

The shift of global powers and the proliferation of disruptive technologies have thrust counterintelligence into an even more important aspect of national security. The stakes of this technological arms race transcend traditional security concerns, encompassing the integrity of a nation’s innovative ecosystem, its economic competitiveness, and the resilience of its democratic institutions.

CI must rapidly evolve its strategies to prioritize the defense of economic and technological assets, and it must integrate AI as a foundational defensive technology to achieve predictive, scalable threat mitigation. Failure to aggressively master and deploy AI defenses against technologically augmented adversaries risks the systemic erosion of national advantage in a world where technological leadership is increasingly synonymous with global power. The future success of great power competition hinges directly on the adaptive capacity and technological sophistication of CI’s function.

Joshua Thibert is a Senior Analyst at the National Institute for Deterrence Studies (NIDS) with over 30 years of comprehensive expertise. His background encompasses roles as a former counterintelligence special agent within the Department of Defense and as a practitioner in compliance, security, and insider risk management in the private sector. His extensive academic and practitioner experience spans strategic intelligence, multiple domains within defense and strategic studies, and critical infrastructure protection. The views of the author are his own.

Redefining Espionage: The Unseen War for Technological Dominance was originally published on Global Security Review.

Cyber Shockwaves

Imagine a simple piece of computer code shutting down nuclear power plants, paralyzing transportation networks, and disrupting vital military systems. For more than a decade, cyberattacks against critical infrastructure have been more than just intrusions; they can have effects comparable to those of conventional acts of war, and threatening global stability. For nuclear democracies, the question has become crucial: at what point does a digital incident cross the threshold of severity required to trigger deterrence calculations, or even justify a nuclear response?

Cyberspace is now a theater of constant confrontation where adversaries seek to undermine each other’s trust, disrupt economies, and test resilience. This invisible competition weakens traditional deterrence mechanisms, which rely on clear signals. In cyberspace, nothing is clear, with uncertain effects and often unintentional escalation. Yet, the potential damage of a sophisticated cyberattack against an electrical grid or supply chains could exceed that of a conventional bombing. The problem stems from three major developments.

Critical Weak Spots

The first development is the increasing vulnerability of critical infrastructure, whose technical complexity creates countless points of weakness. Hospitals, refineries, water distribution systems, and railway networks rely on technologies that are sometimes outdated and rarely protected against determined state and non-state actors. A coordinated and simultaneous attack against multiple sectors could severely paralyze a country for weeks to months, causing economic chaos and widespread social disruption.

The second development concerns the strong integration of cyberspace and nuclear power. Command, control, and communication systems have become more digital than ever, and thus more exposed to cyberattacks. Even a non-destructive intrusion, subtly targeted and difficult to detect, could be interpreted as an attempt to undermine the capacity to retaliate. In such cases, the precise or approximate perception of risk becomes as dangerous as the attack itself, amplifying the potential for misunderstandings and unintentional escalation.

The third development, finally, is the bolder behavior of adversaries of democratic regimes, who use cyberspace as a tool for exerting pressure without incurring significant costs. Who would doubt that Russia, China, North Korea, and Iran regularly demonstrate their ability to disrupt the institutions of democratic regimes? The relative success of their operations encourages them to push the boundaries even further, as they are aware of the existence of a “gray zone” where traditional deterrence does not fully apply.

These major transformations lead to a fundamental question: should democracies clarify as quickly as possible that certain cyberattacks could cross a threshold triggering a major military response, including nuclear? The objective of a new doctrine would then not be to lower the nuclear threshold, but to re-establish a credible and robust level of deterrence. Because if adversaries believe that cyberattacks are “zero-cost,” they will continue to systematically target vital infrastructure, exploiting critical vulnerabilities with impunity and minimal risk to themselves.

Strategic High Stakes

A first argument for clarifying the doctrine rests on proportionality: a massive cyberattack targeting critical infrastructure could have consequences comparable to a bombing. In this context, it would be consistent to specify that the response is not limited to conventional means. Analysts point out that U.S. nuclear doctrine already considers the possibility of devastating consequences from non-nuclear strategic attacks, and they believe that the nuclear threat is not explicitly excluded, even if the no-first-use scenario remains dominant.

A second argument concerns strategic stability. Today, adversaries regularly stress the defenses of democratic regimes in the “gray zone,” without immediate risk of escalation. Clarifying the rules of engagement and explicitly integrating cyberspace into strategic thinking could strengthen deterrence and limit adversarial gambles in this gray zone. The United States, the United Kingdom, and France could thus reduce uncertainty regarding the potential consequences of sophisticated cyberattacks, one form of irregular warfare, while emphasizing that any major offensive would have significant repercussions.

A third argument concerns the protection of nuclear command. Even a limited attack on control systems could be interpreted as an attempt to neutralize the second-strike capability, creating an extreme risk of miscalculation, especially with the increasing use of artificial intelligence. By clearly announcing that such an intrusion would be considered a serious and unacceptable act, democratic regimes would strengthen their strategic stability, discouraging any hostile action and reducing the risk of unintentional escalation during times of international crisis.

Perilous Lines

This doctrinal shift, however, carries significant risks, notably the unintentional lowering of the nuclear threshold. Even if the clarification primarily aims to strengthen deterrence, it could be perceived as an excessive threat by non-democratic States, prompting them to rapidly modernize their nuclear arsenals or develop sophisticated offensive cyber capabilities. The proliferation of cyber threats with potentially physical effects creates a low-profile but ultimately strategic space for competition, paradoxically exacerbating tensions and instability.

Responding to a cyberattack with a nuclear strike requires absolute certainty as to its true perpetrator. Yet, operations in cyberspace often involve proxies, opaque international relays, and technical masking of the source. An attribution error could have profound consequences. Additionally, a cyber intrusion seen as preparation for a major attack might provoke an overreaction during a crisis. Any doctrine that includes the possibility of a nuclear response must therefore incorporate rigorous deconfliction mechanisms, otherwise the worst will happen.

However, these risks should not obscure a strategic reality: current doctrine dates to a time when cyberattacks could not paralyze a country in minutes. This is no longer the case. Adversaries of democratic regimes have understood that cyberspace offers them a means of inflicting considerable damage while remaining below the threshold for a nuclear response. Doing nothing would amount to accepting a structural vulnerability, especially since middle ground is emerging. This involves explicitly defining two categories of cyberattacks likely to trigger an appropriate military response:

1. Attacks causing massive impacts on the civilian population or critical infrastructure (hospitals and emergency services, water distribution networks, etc.).
2. Intrusions targeting the command systems of the armed forces, even without destructive effects, with the aim of degrading a country’s decision-making capacity.

Though it would not directly reference nuclear weapons, this clarification would connect strategic cyberattacks to potential responses, giving decision-makers flexibility while clearly warning adversaries. A more explicit doctrine should reduce the risks of accidental escalation and limit the audacity of State and non-State actors willing to test the nerves of democratic regimes, in line with recent analyses on the evolution of the U.S. nuclear posture in the face of new strategic threats that the war in Ukraine has only exacerbated.

About the Author

Gilles A. Paché is a Professor of Marketing and Supply Chain Management at Aix-Marseille University, France, and a member of the CERGAM Lab. His research focuses on logistics strategy, distribution channel management, and military studies. On these topics, he has authored over 700 scholarly publications, including articles, book chapters, and conference papers, as well as 24 academic books. Views expressed in this article are the author’s own.

Hacking the Apocalypse: How Cyberattacks Could Trigger Nuclear Escalation was originally published on Global Security Review.

Why Trust and Continuity Matter

Recent trust surveys show that public confidence in both government and business has declined, with many people believing institutional leaders are not honest with them. The 2025 Edelman Trust Barometer, for example, highlights a “crisis of grievance,” in which large segments of the population feel left behind and are more inclined to distrust complex policy and technology initiatives.[2]​

This erosion of trust is particularly dangerous at a time when artificial intelligence, quantum technologies, and advanced biotechnologies are central to economic and military competition. A report submitted to Congress by U.S.–China policy experts emphasizes that both countries now treat these technologies as strategic industries, tying them directly to national power and long-term security.[4]​

Building Durable Relationships with Legislators

For technology companies, increasing national trust starts with treating Congress as a long‑term strategic partner, not simply as an annual budget gatekeeper.[4]​

• Institutionalize bipartisan technology engagement: Firms can create recurring, nonpartisan briefings and workshops with relevant committees to explain how artificial intelligence (AI), quantum, cyber, and bio tools affect national resilience, economic competitiveness, and workforce opportunity. By engaging members and staff from both parties, companies reduce the perception that emerging technologies are aligned with a single political faction.[5]​
• Lead with ethics, safety, and security: Research on public attitudes toward AI suggests people are more supportive when they see clear safeguards, transparency, and accountability mechanisms within the tech industry. Companies can build trust by proactively presenting their AI safety frameworks, data-protection policies, and supply‑chain security measures, aligning them with federal guidance and international norms on responsible technology use.[6]​

Securing Sustained Funding for Critical Technology

Trust is reinforced when technology programs are clearly tied to enduring strategic missions and supported through stable, multi‑year funding rather than fragile pilots.[5]​

• Connect capabilities to mission portfolios: Instead of scattered line items, technology programs can be organized into mission‑driven portfolios—such as quantum‑resilient communications, AI‑enabled national preparedness, or biosecurity infrastructure—that span research, prototyping, and deployment over several years. Multi‑year authorizations and appropriations make it harder for any single administration to abruptly cancel essential capabilities.[4]​
• Use innovation tools that protect both government and industry: Policy analyses highlight the value of mechanisms like Other Transaction Authority and structured public‑private partnerships to bring nontraditional vendors into national security and infrastructure work more quickly. By pairing these tools with clearer intellectual property protections and streamlined oversight, legislators can encourage top-tier tech firms to stay engaged in sensitive missions over the long term.[8]​

Embedding Technology in Law, Not Just Budgets

To prevent critical technologies from being swapped out with each political shift, their roles must be written into statute and tied to democratic oversight.[9]​

• Statutory roles for key technologies: Laws governing defense planning, critical infrastructure, and economic security should explicitly call for the use of AI, secure digital infrastructure, and advanced analytics in defined mission areas, such as threat detection, disaster response, and supply‑chain monitoring. Once these roles are codified, dismantling them requires visible legislative action rather than quiet executive changes.[9]​
• Multi-stakeholder governance in legislation: Legislated advisory councils and oversight boards that include government, industry, academia, and civil society should supervise high-impact technologies and publish regular reports. This structure signals that powerful tools are subject to ongoing, pluralistic scrutiny rather than being controlled solely by political appointees or corporate executives.[10]​

Quantum Networking Testbed Infrastructure

The National Defense Authorization Act (NDAA) put forth by Congress each year does not typically use a single, generic phrase like “quantum networking testbeds” in isolation; instead, it authorizes and directs specific programs and experiments that collectively constitute quantum networking testbed infrastructure. Several provisions and related authoritative documents are especially relevant to the future of quantum technology growth.

A Senate Armed Services Committee fact sheet on the fiscal year 2024 NDAA highlights language that “authorizes increased funding for a distributed quantum networking testbed” and the development of a next-generation ion‑trap quantum computer at the Air Force Research Laboratory (AFRL). While the fact sheet summarizes rather than reproduces the statutory text, it makes clear that Congress explicitly authorized a distributed quantum networking testbed as part of the defense Research, Development, Test, and Evaluation (RDT&E) portfolio.[12]​

Within the fiscal year 2025 NDAA, Congress, “authorizes funding to create a ‘quantum communications corridor’ as part of Navy research, development, test, and evaluation.” This is an explicit description of support for a testbed or network to advance quantum communication research so the Navy and the Department of Defense (DoD) can securely transmit information resistant to quantum computer decryption.[15]​

Other recent NDAA cycles also include broader direction that reinforces these testbed authorizations, such as requirements for DoD to establish pilot programs for promising quantum computing capabilities and to identify near‑term use cases that can be fielded within two years. These provisions do not always use the word “testbed” in the operative clause, but they direct the department to stand up experimental infrastructure and pilots that, in practice, operate as quantum networking and computing testbeds for defense applications.[16]​

In parallel, the National Quantum Initiative framework and associated Department of Energy (DOE) efforts describe quantum networking testbeds as shared infrastructure for entanglement distribution and quantum communications, and Congressional action has repeatedly referenced these federal testbeds and network efforts as part of the broader quantum information science ecosystem that the DoD can leverage.[13]​

Ensuring key technologies not only protect the nation but are also provided with substantial investment and economic promise is a necessity for companies to further their developmental efforts. Demonstrating that quantum technologies are viable for multiple applications—within internal defense and external partnerships—is one possible solution as tech companies become increasingly concerned with the long-term payoff of their test bed programs. For now, defense authorization bills appear to be the most forward leaning avenue supported by government, but the long-term stability of this method has yet to be validated.

How This Approach Builds Public Trust

When the tech industry engages both parties and chambers in Congress, supports multi-year statutory programs, and accepts meaningful oversight, it demonstrates that emerging technologies are being developed within a framework of law, ethics, and long-term national interest. In such a system, citizens can see that AI, quantum computing, and other advanced capabilities are not partisan experiments or purely profit-driven ventures, but part of a durable national strategy subject to democratic control.[2]​

The tech sector can both strengthen U.S. strategic competitiveness and contribute tangibly to rebuilding public trust in government by positioning itself as a co-steward of national resilience, helping design governance mechanisms, committing to transparency, and working with legislators to hard‑wire critical technologies into law and funding.[5]​

Sources:

1. https://www.edelman.com/trust/2025/trust-barometer
2. https://cooleypubco.com/2025/02/11/2025-edelman-trust-barometer-grievance/
3. https://www.edelman.com/news-awards/2025-edelman-trust-barometer-reveals-high-level-grievance
4. https://www.uscc.gov/sites/default/files/2024-11/Chapter_3–U.S.-China_Competition_in_Emerging_Technologies.pdf
5. https://www.uscc.gov/sites/default/files/2024-11/2024_Annual_Report_to_Congress.pdf
6. https://www.edelman.com/sites/g/files/aatuss191/files/2025-01/Global%20Top%2010%202025%20Trust%20Barometer.pdf
7. https://www.nationalsecurity.ai/chapter/executive-summary
8. https://ptacts.uspto.gov/ptacts/public-informations/petitions/1558121/download-documents?artifactId=z4DLuAiI8FBq5qxTCRlq-VPk-yx0lU4p_Mou2oSkOWL2OdIfZr8DAG4
9. https://www.jdsupra.com/legalnews/white-house-releases-2025-national-7517228/
10. https://www.biotech.senate.gov/wp-content/uploads/2025/04/NSCEB-Full-Report-%E2%80%93-Digital-%E2%80%934.28.pdf
11. https://www.imd.org/ibyimd/audio-articles/restoring-faith-in-leadership-in-the-age-of-grievance/
12. https://defensescoop.com/2024/01/08/ndaa-2024-quantum-provisions/
13. https://www.quantum.gov/wp-content/uploads/2022/08/NQIA2018-NDAA2022-CHIPS2022.pdf
14. https://www.quantum.gov/wp-content/uploads/2024/12/NQI-Annual-Report-FY2025.pdf
15. https://www.emergingtechnologiesinstitute.org/publications/insights/fy2025ndaa
16. https://www.nextgov.com/emerging-tech/2024/12/fy2025-ndaa-angles-enhance-dods-ai-and-quantum-sciences-capabilities/401545/

Beyond the Next Administration: Building Enduring Tech–Government Alliances for National Power was originally published on Global Security Review.

The digital Silk Road (DSR), China’s initiative to invest in critical telecommunications and emerging technology in foreign countries, is a vehicle to lower the barriers to cyber coercion and propagate the digital curtain. By embedding its “model of technology-enabled authoritarianism” in recipient nations, Beijing seeks to shape the digital ecosystems of other countries in ways that serve its strategic interests. Such attempts call for a proactive and coordinated response from the United States and its regional partners—one that builds a resilient, tech-driven organization capable of countering China’s digital expansion across the the Indo-Pacific.

The United States and China are engaged in a great power competition, one which has seeped into multiple theaters and domains. The Indo-Pacific region is generally understood to be the frontline of this contest.

However, China’s burgeoning technological capacity has led to cyberspace being a critical juncture in this competition; one where traditional borders fade, thereby allowing the proliferation of gray zone tactics. Such tactics are deployed in various ways—infiltrating critical infrastructure, cyber espionage, and disinformation campaigns—on key democracies in the region.

Considering the geopolitical significance of the Indo-Pacific, China’s attempts to use cyber coercion to cleave the region from the United States’ sphere of influence highlights a calculated strategy by the Chinese Communist Party (CCP). The region is home to over 50 percent of the world’s population, and 80 percent of global trade volume transits through its channels. It houses “seven of the world’s largest militaries, and five American treaty allies.”

Moreover, digital connectivity and internet adoption rates are the fastest growing compared to any region in the word, making it rife with opportunities and threats. These vulnerabilities not only indicate further volatility for regional governments but could also undermine American national security.

The list of cyber incidents already attributed to Chinese state-sponsored entities is extensive, and its targets are equally expansive. Advanced persistent threat (APT)—long-term, sophisticated, and entrenched cyber intrusions designed to hack, steal, and/or neutralize systems—have been a weapon of choice for those entities. For instance, APT-30 and APT-40, which targeted Association of South East Asian Nations (ASEAN) members and New Zealand’s government, respectively, are reportedly linked to the Chinese government.

Furthermore, American intelligence and cybersecurity agencies recently confirmed that Volt Typhoon, a Chinese state-sponsored entity, compromised American critical infrastructure ranging from telecommunications to water systems; its reach even included US territories such as Guam.

While the specter of ATPs and digital intrusions have entered the purview of several governments in the Indo-Pacific region, individual efforts to deter those threats are futile. This is often due to strategic inertia, a shortage of specialized workers, and asymmetric capabilities.

A consolidated effort by the United States and its regional partners is needed to build consensus, direct resources, and establish a digital enforcement body. This could address those issues while mitigating any potential upheaval from China’s tactics. Fortunately, the groundwork for such a partnership is already in place.

On July 1, 2025, the 10th Quad foreign ministers’ meeting was hosted by US Secretary of State Marco Rubio, where he was joined by his counterparts from Japan, India, and Australia. It was the second such meeting since January, signifying the importance placed on the vision of the group by the Trump administration.

The measures agreed upon as a result are further evidence to that fact—initiatives to bolster maritime and transnational security, economic security, critical and emerging technology, among others. Therefore, the vast security mandates of those initiatives provide a viable path to constructing a techno-centric partnership while addressing the region’s strategic, skills, and capabilities gaps when it comes to deterring China’s digital incursions.

The decision to expand the Indo-Pacific Partnership for Maritime Domain Awareness (IPMDA)—a technology-focused initiative to augment the maritime security landscape—provides a practical foundation for a techno-centric partnership. Its stated goal of developing a “common operating picture” for the IPMDA could lead to the basis for a strategic consensus among potential members.

Furthermore, incorporating insights from the first Maritime Initiative for Training in the Indo-Pacific (MAITRI) workshop could assist in closing the skills gap for a regional digital workforce, further adding to the partnership’s feasibility.

Additional features which could be utilized for the partnership and address the capabilities gap include the Quad Cyber Challenge and the Quad Partnership on Cable Connectivity and Resilience. The Cyber Challenge seeks to enhance the cyber ecosystem, digital awareness, and resourcing among member nations.

The Partnership on Cable Connectivity and Resilience, on the other hand, bears a more tactical responsibility of strengthening telecommunications infrastructure, specifically, undersea cables—arguably the most critical component of the digital ecosystem. Although these initiatives are focused on Quad member-nations, they could be expanded in a larger forum to engage ASEAN and Pacific subregional organizations such as the Pacific Island Forum, providing more opportunities for resource allocation.

There is institutional and strategic momentum behind the formation of a tech-centric partnership, not to mention the critical security imperative that exists. The broad consensus, coupled with the runway to take near-term action, makes this a prospective enterprise. Such concrete action is necessitated if the US and its regional allies expect to maintain a free and open Indo-Pacific and establish an active deterrent to China, which seeks to write the rules and draw the margins of the evolving digital age.

Abrar Rahman Namir is currently interning at Associated Universities and assisting in the Batteries and Energies to Advance Commercialization and National Security program as a supply chains and trade analyst.

Tech-centric Partnership in the Indo-Pacific to Deter Digital Curtain was originally published on Global Security Review.

This was not an isolated incident. Civilian-grade drones and other dual-use technologies are increasingly being used to survey or target public infrastructure. From energy grids to airports, the connective tissue of modern life is exposed to risks once confined to traditional warzones. These developments are reshaping global security policies and blurring the boundary between civilian and military domains.

Civilian Tech, Strategic Impact

Cheap unmanned aircraft systems (UAS) are now accessible worldwide. While drones were initially developed for military use, the most commonly deployed platforms today, such as DJI’s Mavic series, were originally built for civilian applications like aerial photography and videography. Their affordability, portability, and high-spec cameras made them commercially popular, but those same features have made them easy to repurpose for military contexts.

In particular, first-person view (FPV) drones, designed for immersive recreational flying, were rapidly adapted for frontline use in conflict. These drones are now routinely deployed with improvised explosives or used for precision reconnaissance. In Ukraine, both sides repurposed off-the-shelf drones in vast numbers; nearly two million were produced in 2024 alone. Many of these are equipped with AI-enabled navigation and targeting, underscoring how quickly civilian tech can be weaponised.

Non-state actors are following suit. Armed groups are using FPV drones for low-cost, high impact strikes on infrastructure, blurring the lines between military and civilian threats. This second drone age shows that national security vulnerabilities now stem as much from consumer technology as from conventional arsenals.

The broader implication is clear: private-sector innovations, often created without any defense intent, are shaping the battlefield. These companies bring novel use cases, technical advantages, or agile design processes that legacy defense contractors may overlook. Civilian tech is not just a risk; it is a potential strategic asset. Tapping into this ecosystem, especially among start-ups and experts, could redefine how the country protects critical infrastructure in an era of hybrid conflict.

Infrastructure in the Crosshairs

Modern infrastructure is a key target in modern conflicts or hybrid attacks, just like military bases traditionally were. In 2022, after the sabotage of the Nord Stream pipelines, over 70 drone sightings were reported near Norwegian offshore oil platforms. Oslo feared Russian-linked hybrid operations targeting Europe’s energy supply and deployed naval assets and invited NATO allies to assist in patrols.

Meanwhile, Ukraine’s energy grid suffered repeated drone and missile attacks, with waves of low-cost Shahed drones used to disable power plants. By spring 2024, roughly half of Ukraine’s electricity capacity was destroyed, forcing nationwide blackouts.

Outside conflict zones, attacks on infrastructure are also rising. In Sudan, a drone strike on a power station caused regional outages, and other drone attacks on water purification stations left the country on the brink of a significant Cholera outbreak. In the US, federal officials stopped an attack on a power grid by a man using an explosive-carrying drone.

Transportation hubs are vulnerable, too. In January 2025, drone activity shut down Riga Airport, disrupting dozens of flights.

 Gaps in Governance

 Despite growing risks, legal and operational frameworks remain fragmented. Drones and AI-driven surveillance systems often fall outside traditional arms control regimes. As a recent executive order put it, “Criminals, terrorists, and hostile foreign actors have intensified their weaponization of drone technologies, creating new and serious threats to our homeland.”

Jurisdictional confusion is common. In many countries, local authorities lack legal authority to respond to rogue drones above critical sites. Aviation safety rules and privacy laws create hesitation, giving bad actors a head start.

Even when threat awareness exists, coordination is inconsistent. The Cybersecurity and Infrastructure Security Agency warns that drones are used for surveillance and sabotage, yet they lack the comprehensive tools to oversee private-sector resilience or cross-border response.

 A Global Security Challenge

 Drone and AI threats are not confined by borders. In 2023, the European Commission launched a new counter-drone strategy, urging member states to harden infrastructure and coordinate airspace protections. NATO has added counter-UAS exercises to its joint drills, while AUKUS partners are beginning to share emerging drone and AI tactics.

But international law is lagging. There is still no global treaty governing the use of armed drones or autonomous surveillance. Export control regimes struggle to manage proliferation of AI-enabling components. At the UN, efforts to establish binding norms on autonomous weapons are stalled. Ad hoc coordination is, however, slowly improving.

When Norway’s oil platforms were threatened, NATO allies were called in within days. After drone sightings near Dutch and Belgian ports, neighboring governments exchanged countermeasure plans. These models suggest a path forward: rapid and collective responses based on shared tools, shared doctrine, and shared threat intelligence.

The future of civilian dual-use technologies will not be defined by innovators alone. Whether drones or AI software, these tools are already reshaping how adversaries threaten public safety and economic continuity. What is at stake is not just national security, but the resilience of infrastructure that supports daily life.

The Crucial Role of Start-ups in National Defense

 Civilian-origin technologies are now driving the next wave of defense capability. From FPV drones to AI surveillance tools, some of the most disruptive military applications today are emerging not from traditional defense primes but from commercial markets, often developed by start-ups with no military background.

A coordinated international framework is urgently needed, one that does not just support innovation and infrastructure protection but actively integrates civilian tech into defense planning. This means lowering the barriers for experts and start-ups to meaningfully contribute alongside legacy contractors. The United Kingdom’s recent Defence Review hinted at this shift, recognising that smaller firms are vital to national resilience, particularly when civilian infrastructure is under threat.

What is truly needed is a NATO-wide or broader allied framework that enables cross-border collaboration, streamlines regulation, and opens up procurement pathways.

Today, many start-ups working at the intersection of security and technology face steep hurdles: limited access to capital, opaque compliance regimes, and procurement processes designed around, and for, large incumbents. Yet by creating space for their innovation, we can modernize collective defense from the ground up, using the very same civilian tools that adversaries are already turning into weapons.

A coordinated international framework is urgently needed, one that not only supports innovation and infrastructure protection but also lowers barriers to experts and start-ups to contribute more meaningfully alongside traditional defense primes. The UK’s recent Defence Review hinted at this shift, recognizing the value smaller firms bring to national resilience. It is time to take similar action at home.

Harry Geisler is the CEO of YAVA.

How Civilian Dual-Use Technologies Are Reshaping Global Security Policies was originally published on Global Security Review.

Force protection, in its broadest sense, encompasses all measures taken to safeguard personnel, equipment, and facilities from hostile actions. For the military, this includes battlefield tactics, intelligence gathering, logistics security, and the establishment of robust defensive perimeters. For critical infrastructure, it involves physical security, cybersecurity, and contingency planning to mitigate the impact of attacks. Russia’s struggles in both areas are glaringly apparent.

On the battlefield, Russian forces repeatedly demonstrated a lack of effective force protection. From the initial botched attempts to seize Kyiv to the protracted and costly battles in eastern Ukraine, Russian units suffered heavy casualties. This was often due to a combination of poor tactical decisions, inadequate reconnaissance, and a failure to adapt to the evolving battlefield. Ambushes, artillery strikes, and drone attacks took a heavy toll, revealing vulnerabilities in their supply lines and a lack of situational awareness. This inability to protect its forces has not only hampered Russia’s military objectives but also had a cascading effect on the security of its critical infrastructure.

The vulnerability of Russia’s infrastructure, particularly its energy sector, is a direct consequence of these force protection failures. Oil and natural gas fields, pipelines, and processing facilities, often located in remote areas, require robust security to prevent sabotage or attack. However, the demands of the war in Ukraine stretched Russia’s military resources thin, leaving critical infrastructure exposed.

Ukraine’s ability to strike targets deep within Russian territory, including energy facilities, demonstrates this vulnerability. These attacks not only disrupt energy production and supply but also have a significant psychological impact, undermining public confidence in the government’s ability to protect its citizens and vital assets.

Several factors contribute to Russia’s struggles with force protection and the resulting infrastructure vulnerabilities. Firstly, the sheer size of Russia and the length of its borders make it incredibly challenging to secure all potential targets. This geographical challenge is compounded by the fact that many critical infrastructure sites are dispersed and remote, making them difficult to defend effectively. Secondly, there are indications of potential intelligence failures. Russia may have underestimated Ukraine’s resilience and its ability to conduct effective counter-offensives, leading to a misallocation of resources and a lack of preparedness for attacks on its own territory. Thirdly, logistical issues plague the Russian military. Supply-chain disruptions, shortages of essential equipment, and a lack of well-trained personnel have all contributed to the erosion of force protection capabilities.

Furthermore, the potential for internal dissent and sabotage cannot be discounted. The war in Ukraine fuels anti-government sentiment in Russia, and there is a risk that individuals or groups opposed to the regime may seek to exploit the vulnerabilities of critical infrastructure to express their discontent. Such internal threats further complicate the task of ensuring the security of these facilities.

The implications of Russia’s failure to implement effective force protection are far-reaching. The disruption of energy supplies can have a devastating impact on the Russian economy, leading to shortages, price increases, and social unrest. Moreover, the vulnerability of critical infrastructure can undermine Russia’s international standing and its ability to project power. The perception of weakness can embolden adversaries and erode alliances, further isolating Russia on the world stage.

Russia’s ongoing struggles with force protection in the context of the Ukraine conflict have exposed critical vulnerabilities in its infrastructure, particularly its oil and natural gas fields. These vulnerabilities stem from a combination of tactical miscalculations, logistical shortcomings, intelligence failures, and the inherent challenges of securing a vast and geographically dispersed territory. The consequences of these failures are significant, with the potential to destabilize the Russian economy, undermine public confidence, and weaken Russia’s international standing. As the conflict continues, Russia will need to address these shortcomings if it hopes to protect its critical infrastructure and safeguard its national interests. The ability to learn from these failures and adapt its security strategies will be crucial for Russia’s long-term stability and its ability to project power in the region and beyond.

Joshua Thibert is a Contributing Senior Analyst at the National Institute for Deterrence Studies (NIDS) and doctoral student at Missouri State University. His extensive academic and practitioner experience spans strategic intelligence, multiple domains within defense and strategic studies, and critical infrastructure protection. Joshua currently resides in Columbus, Ohio.

Russia’s Vulnerable Underbelly: The Failure of Force Protection on Critical Infrastructure was originally published on Global Security Review.

These domains and areas are being weaponized for strategic purposes, as adversaries target cross-domain North Atlantic Treaty Organization (NATO) interests with the intent of weakening the Western security architecture and fragmenting alliance cohesion. The Trump administration must work closely with NATO allies to confront the many challenges that face them.

Strategic challenges, such as the Arctic, deep sea, and space, and the threats they pose require improved joint military readiness, enhanced deterrence by denial capabilities, and improved intelligence, surveillance, and reconnaissance.

“Over the last 15 years,” writes Scott Savits, “the Arctic has become a renewed theatre of military competition…. [T]op Russian officials have referred to the Arctic as Russia’s ‘Mecca,’ and a large fraction of Russia’s economy is based on Arctic fossil fuels and minerals.” Frustrating Russian efforts to gain a strategic advantage in the Arctic is of paramount importance to NATO’s deterrence mission.

Russia gaining an advantage in the Arctic will enhance its ability to establish escalation dominance against NATO in the event of a conflict with the alliance. Deterring Russia from broadening the scope of conflict, by threatening NATO’s vital interests in the Arctic, remains critical in dissuading other adversaries, such as China, from seeking to gain similar advantage.

With China developing and deploying new detection technologies in anti-submarine warfare, American nuclear submarine capabilities are becoming increasingly vulnerable to detection and targeting. China’s “Death Star” satellite claims to possess detection capabilities that renders the ocean transparent for up to 500 meters beneath the surface, putting American submarines at risk.

In the space domain, it is estimated that loss of access to space would come at a cost of roughly One billion pounds per day to the British economy. The reported deployment of Russian anti-satellite weapons systems (ASAT) in space are clearly coercive moves designed to threaten NATO’s space assets.

Russia’s weaponization of space is especially concerning as NATO depends on space to conduct an array of operations across the spectrum of deterrence and defence. Most notably, NATO airpower relies on space-based and space-dependent systems to fulfil a series of critical security functions. Leveraging robust deterrence capabilities in orbit, through targeting Russian and Chinese space-based military and non-military assets, is critical to securing NATO’s vital interests in space.

Beyond seeking strategic advantage, China is also expanding and modernising its nuclear arsenal at an unprecedented rate since the end of the Cold War. The Pentagon forecasts that China will be a nuclear peer of the United States by 2035. The latest figures published by the Federation of American Scientists show that China now possesses at least 500 operationally deployed nuclear weapons—up 43 percent from 2020.

Russian President Vladimir Putin continues to undermine international norms by persisting in threats to use battlefield nuclear weapons in Ukraine. Russia also deploys dual-use satellite technologies in space, capable of carrying nuclear warheads into orbit, in direct contravention of long-standing international treaties such as the Outer Space Treaty (1967), which prohibits the weaponization and nuclearization of space.

Meanwhile, Iran, a latent nuclear state, coerces the West by threatening the weaponization of its nuclear program. Iran also infiltrated the West by creating extremist networks through community centers, laundering money in major European and American cities that is used by criminal gangs to plot and execute terrorist attacks.

Proxies supported by Iran, such as Hamas and Hezbollah, can also launch increasingly devastating attacks. Furthermore, attacks like October 7, 2024, or September 11, 2001, do not warrant nuclear retaliation. A nuclear response to a terrorist attack, depending on the attack, is likely a disproportionate response.

China and Russia also engage in subversive activities within the cyber domain, sowing discord by using disinformation, intellectual property theft, and malign interference to destabilize NATO member states. Cyberattacks on critical national infrastructure can also inflict severe levels of damage. The appropriateness of cross-domain responses is yet to be decided.

The cyber attacks against Estonia in 2007, which lasted for 22 days, did not result in the triggering of NATO’s Article 5 collective defense clause. Yet, it was an attack on a NATO member state. The character of the attack complicated the process by which a viable and appropriate retaliatory response could be devised. In a multidomain threat landscape, hostile state actors conducting their operations in the grey zone can claim plausible deniability.

China, Iran, Russia, and North Korea also hold joint exercises, share intelligence, exchange military capabilities, and share a diplomatic and political kinship. This axis of Western adversaries shares the same geopolitical and economic objectives. They seek to replace the international rules-based order and establish alternative institutional frameworks to global order that undermine concepts such as democracy, human rights, rule of law, and national sovereignty.

Militarily, nowhere is this more apparent than in Russia, where Iranian drones and North Korean soldiers were provided to aid Putin’s war in Ukraine. Politically, emerging international blocs such as the BRICS demonstrate the extent to which countries like China and Russia are gaining traction in driving alternatives to the current order.

“As hybrid threats evolve to encompass the whole of digital and networked societies,” wrote Sean Monaghan, “so too will the capabilities required to deter them. A more complex threat environment will make predicting attacks and vulnerabilities more difficult, so nations may rely more on resilience.”

Hence, for deterrence to be effective today, credibility must incorporate more than hard power capabilities. Red lines must be communicated effectively across different channels. Resolve must be demonstrated through a force posture that includes a willingness to establish escalation dominance in a crisis scenario. The art of deterrence is also about determining and holding at risk what an adversary values.

As the outgoing US Secretary of Defence General (Ret.) Lloyd Austin said in 2022, cross-domain deterrence “is the right mix of technology, operational concepts, and capabilities—all woven together and networked in a way that is credible, flexible and so formidable that it will give any adversary pause…. [It is] multidomain, spans numerous geographic areas of responsibility, is united with allies and partners, and is fortified by all instruments of national power.”

Ultimately, deterrence is about credibly threatening to impose unacceptable costs, by denial or punishment, on a would-be aggressor. Those costs must convince the would-be aggressor that they outweigh any potential gains made.

Therefore, it is imperative for the US and NATO to increase cross-domain capabilities to match those of adversaries. Adopting a combination of different violent and non-violent means, to conduct deterrence credibly across multiple domains and at various levels of intensity, will enhance NATO’s ability to secure its vital interests in an increasingly volatile era of global strategic competition.

Alex Alfirraz Scheers holds a diploma in Politics and History from the Open University, a bachelor’s degree in War Studies and History from King’s College London, and a master’s degree in National Security Studies from King’s College London. He has held research positions at the Henry Jackson Society and the International Centre for the Study of Radicalisation, and his articles have been published in the Diplomat, Times of Israel, RealClearDefense, and the Royal United Services Institute. Views expressed in this article are the author’s own. 

Deterrence and NATO’s Emerging Security Environment was originally published on Global Security Review.

As discussions of retaliation by Israel continue, the media discuss Iranian oil refineries as possible targets that might be hit. Israeli Defence minister, Yoav Gallant, stated that retaliation against Iran’s missile attacks will be “lethal and surprising.” Meanwhile, Islamic Revolutionary Guard Corps-linked social media accounts are already spreading reports that Tehran warned the United States that actions against Iranian oil refineries will lead the Islamic Republic to target oil facilities in Saudi Arabia, Azerbaijan, the United Arab Emirates, Bahrain, and Kuwait. According to a Reuters report, Iran also warned the Gulf Arab states that any use of their airspace or military bases to target Iran will be unacceptable and threatened a military response.

Iran’s Strategy

Iran’s reference to Azerbaijan as a potential target, should Israel attack Iranian oil refineries, is an indication of the Islamic Republic’s growing threat to critical energy infrastructure not only in the Middle East, but also in the South Caucasus and the Caspian Sea basin region. Azerbaijan supplies 40 percent of Israel’s energy needs and Azerbaijan’s oil and gas infrastructure is the backbone of its independence in the geopolitically tense region.

Not only does Azerbaijan meet nearly 40 percent of Israel’s demand for crude oil, Azerbaijan’s state energy giant SOCAR, alongside British Petroleum and Israel’s NewMed, was awarded a licence to explore an area to the north of Israel’s Leviathan gas field in the Eastern Mediterranean. The strong bilateral and multifaceted relations between Israel and Azerbaijan are a primary concern for Iran.

In anticipation of Israeli retaliation against the Iranian ballistic missile attacks, the Iranian media continues to make unsubstantiated claims about supposed secret Israeli military bases in Azerbaijan with a ridiculous accusation that Azerbaijan is one of the origins of sabotage against the Islamic Republic. Talking about possible Israeli retaliation against Iranian oil facilities, Iranian diplomat Abbas Mousavi falsely claimed in an interview to Tejarat News that Israel deployed many planes to Azerbaijan.

In fact, since Hamas launched the brutal terrorist attacks against Israel in October 2023, Iran’s main goal is the consolidation of the members of the Organisation of Islamic States to achieve an economic blockade and diplomatic isolation from Israel. Iranian Supreme leader Ayatollah Khamenei repeatedly called on Arab and Muslim countries to impose an oil embargo on Israel. Iranian officials frequently repeat similar calls showing Tehran’s agenda behind the Hamas attacks, which aimed to disrupt economic, political, and diplomatic relations between the State of Israel and Muslim-majority nations.

Iran’s multidimensional strategy behind the Hamas attacks was based on several ambitious goals, including preventing possible normalisation between Israel and Saudi Arabia and other Arab states; derailing the Abraham Accords; preventing efforts to improve strained Turkish-Israeli ties; and trying to inflict economic and diplomatic damage on Israel-Azerbaijan strategic ties. Iran’s strategy seeks to achieve multiple goals simultaneously in both the Middle East and South Caucasus.

Iranian media outlets launched coordinated propaganda attacks against Turkey and Azerbaijan for supplying crude oil to Israel via the Baku-Tbilisi-Ceyhan oil pipeline since the Hamas terrorist attacks and start of the subsequent war in Gaza. Iran-inspired, pro-Hamas Islamist, and leftist circles in Turkey staged several demonstrations where they vandalised Azerbaijani oil company, SOCAR, offices in Istanbul in an attempt to halt oil exports.

Considering the influence of the Muslim Brotherhood in Turkey, the country is a comfortable space for Iranian propaganda and hybrid activities covered by so-called Islamic narratives. Ironically, the fact that Iran is a major energy supplier to Armenia and supplied the formerly Armenian-occupied Karabakh region received no similar response from Islamists or leftists in Turkey.

Coercive Actions

Iran’s military threats against Azerbaijan increased from the end of the Second Karabakh War, when the balance of power in the South Caucasus shifted in Baku’s favor. Iran conducted several military drills near Azerbaijan’s border, putting on a show of force against the geopolitical changes in the region. In late September and early October 2021 Iran suddenly conducted military drills near Azerbaijan’s borders.

An Iranian Ministry of Foreign Affairs spokesman described the exercises as a “sovereign right,” saying, “Iran will not tolerate the presence of the Zionist regime” near its borders. Iran undertook another military provocation a year later when Tehran laid pontoon bridges across the Araz River near the Azerbaijani border and crossed the river as part of war games. In March 2023, an Iranian air force fighter jet violated Azerbaijan’s airspace. The Azerbaijani Foreign Ministry summoned Iran’s ambassador, and the Azerbaijani Defence and Foreign Ministries issued a joint statement condemning the incursion.

When Israel liquidated Mohammad Reza Zahedi, a senior commander in the Iranian Revolutionary Guard Corps-Quds Force, in Damascus in April 2024, Iranian member of parliament, Jalal Rashidi Kochi, called for strikes on an Israeli embassy in the region, preferably in Azerbaijan. Iranian attempts to target the Israeli embassy and ambassadors in Baku were also foiled on many occasions over the years; the most recent reported attempt involved the arrest of an Afghan national in July 2023. Recently Iran has enhanced its naval capabilities in the Caspian Sea and increased naval drills, including joint drills with Russia.

Iran’s Missile and Cyber Capabilities

Iran possesses numerous capabilities to threaten critical infrastructure including energy and power in the region. Among them Tehran’s ballistic missiles and cyber tools are key. Iran maintains the largest ballistic and cruise missile force in the Middle East, capable of reaching 2,500 kilometres from its borders. Moreover, these capabilities combined with Iran’s drone arsenal can overwhelm missile defence systems. Iran’s missile attacks against Saudi oil facilities in 2019 were conducted by a combination of drones and cruise missiles.

Iran has improved its offensive cyber capabilities, too, and is capable of causing localised and temporary disruption to corporate networks for days or weeks. Drilling oil wells, pumping crude oil, and loading fuel are processes where cyberattacks can cause significant disruptions. According to an FBI report released in August 2024, Iran exploited computer network vulnerabilities to infiltrate and steal sensitive technical data from organisations in Israel and Azerbaijan. In July, cybersecurity firm Check Point reported that an Iranian hacker group named Muddy Water, affiliated with Iran’s Ministry of Intelligence and Security, increased its cyber activities against targets in Azerbaijan, Israel, Portugal, Saudi Arabia, and Turkey.

Securing Critical Infrastructure

Overall, considering Azerbaijan’s key role in the energy security of vital American allies, such as Europe, Israel, and Turkey, and its significant help in supplying energy to US-friendly states Georgia, Moldova, and Ukraine, the next administration needs to reverse shortsighted Biden State Department policy. The decision not to waive Section 907 of the Freedom Support Act, banning US aid to the Azerbaijani government, damages American interests in the South Caucasus. It is in the interest of the US and Azerbaijan to expand their military and technical partnership to secure critical infrastructure in the region.

Rufat Ahmadzada is a graduate of City University London. His research area covers the South Caucasus and Iran. The views expressed in this article are the author’s own.

Iran’s Threat to Azerbaijan’s Critical Energy Infrastructure was originally published on Global Security Review.

Hezbollah, now attempting to fend off Israel’s September 30 ground operation, is simultaneously working to adapt its own approach to technology, and, if history is any indicator of the future, the terror group will likely continue as it has, answering Israel’s high-tech efforts with ironically harder to trace low-tech options. That Hezbollah was even using pagers was to avoid cellular detection. And as they adapt, their communications will likely go even more analog, perhaps communicating only through couriers, as Osama Bin Laden was known to do, or using physical handwritten notes and dead drops, as militant Italian anarchist groups did in the early 2000s.

While the idea of a terrorist group obtaining a more technologically advanced arsenal, such as nuclear or chemical weapons, or instituting a mass cyberattack is daunting, it is not exactly uncommon due to expense and required expertise. What is far more likely is that Hezbollah and other terrorist groups will downgrade methods, opting for cheaper and easier to implement weapons and methods which are more than capable of lethal outcomes.

Time and time again, society has seen heavy damage wrought on person and property via methods that seem relatively primitive.

In 2021, the Gaza-based terrorist group Hamas increased their use of incendiary balloons when attacking Israel, causing more than 20 fires in southern Israel, straining civilian and IDF emergency service resources, and burning upward of 10,000 acres of farmland over the preceding three years. These “balloons are easily constructed and require little setup to launch compared to rockets, which are expensive and time-consuming to produce” but are still incredibly effective.

In 2013, a US power plant in California was victim of an as yet unsolved shooting attack, damaging multiple transformers. Surprisingly set up with little to no security, the plant’s perimeter was breached and approximately 100 rounds of high-powered rifle ammunition were fired into 17 transformers before police arrived. The damage was severe enough that to avoid blackouts across Silicon Valley power had to be diverted from other areas during the months-long repair.

While these incidents are high profile, given the critical infrastructure connections, they did not result in any fatalities. However, that is not always the goal of terrorists and is hardly the reality for other common low-tech methods. Shootings, bombings, and melee attacks continue to make up the overwhelming majority of terrorist attacks. Research from the Center for Strategic and International Studies shows that from 2015 to 2020,  85 percent of terror attacks employed one of these methods, with 12 percent being unrealized threats, 2 percent other, and 1 percent vehicle ramming.

The numbers are remarkably similar for lethal attacks in 2023 according to the 2024 Global Terrorism Index published by Vision of Humanity. Out of the 50 most lethal terrorist attacks, only one, an incident in the Homs Province of Syria, featuring an explosive-laden unmanned aerial vehicle (UAV) targeting a military graduation ceremony which killed 89 people, could be thought of as a high-tech weapon. The other 49 were made up of 43 armed assaults, five bombings, and one explosive projectile.

As terrorist groups get backed into a corner by high-tech counter methods like the Israeli pager attack, it is increasingly likely they will rely on time-proven simple methods. The world may even see them adapting and learning from accidents such as the September 2024 car crash into a gas pipeline in Texas which caused an explosion or the 2017 Hamburg, Germany, airport evacuation which resulted from the accidental discharge of a simple, lipstick-sized can of pepper spray. While these were both accidents, one can imagine the economic and fear-induced impact if a terrorist group were to try to replicate the outcomes.

There are, of course, outliers to the terrorist use of low-tech methods. There is the terrorist cult Aum Shinrikyo’s launch of the notorious Tokyo Sarin gas attack in 1995 or drone attacks along the lines of  2023’s drone attack in Syria, as well as other groups’ potential use of commercial drones. But today’s would-be terrorist is likely not resorting to high-tech weapon or communication devices, and more often than not, going for something easy and/or available. To borrow from Chistopher Nolan’s Joker in the Dark Knight, items like “dynamite, and gunpowder, and gasoline [are] cheap” and are going to comprise the bulk of the future threats from terrorist groups.

Justin Leopold-Cohen is a homeland security analyst in Washington, DC. He has written widely on national and international security issues for outlets including Small Wars Journal, the Wavell Room, and Inkstick Media. Any views expressed in the article are his own and not representative of, or endorsed by, any organization or government.

Counter Terror’s High-tech to Low-tech Backfire was originally published on Global Security Review.