The international system is undergoing a profound global power shift characterized by the resurgence of great power competition and a broad diffusion of technical capabilities. This environment is intensifying security competition across all domains. Concurrently, the proliferation of artificial intelligence (AI) and other disruptive technologies has fundamentally transformed espionage and defense. The traditional landscape of counterintelligence (CI) is obsolete and requires rapid, systemic overhaul to address the increasingly amplified, technologically enabled threats posed by state and non-state actors.

Specifically, the shift to great power technological competition has expanded CI’s mandate from protecting military secrets to securing critical infrastructure, intellectual property (IP), and the integrity of the information domain. The dual-use nature of AI functions as both in support of automated espionage and a critical mechanism for preemptively anticipating and mitigating threats. The failure of the United States to strategically integrate AI into CI methodologies will result in the systemic erosion of national technological and economic advantage.

The Expanded Mandate of Modern Counterintelligence

CI functions to protect a nation’s secrets, personnel, and systems from foreign intelligence entities (FIEs). Yet today, CI must also confront a threat matrix dramatically enlarged in scope, sophistication, and velocity. The current geopolitical climate has necessitated a significant expansion of the traditional CI mission. In the context of great power competition, the most significant threat has shifted from the theft of classified military and diplomatic secrets to the large-scale acquisition of IP, trade secrets, and technological data, as highlighted in the recently released Annual Threat Assessment.

FIEs are aggressively targeting the private sector, academia, and research institutions, the very engines of national innovation through sophisticated economic espionage. Their strategic goal is not merely to obtain information, but to erode a nation’s competitive advantage and accelerate the adversary’s technological timetable, thereby shifting the global balance of power. CI must establish robust protective mechanisms that extend deep into the non-governmental technology and research ecosystem.

The dissolution of a clear distinction between peacetime competition and active conflict has resulted in a continuous state of confrontation known as the ‘gray zone’. This strategic domain is characterized by persistent, non-lethal, yet tactically damaging activities designed to achieve political objectives without triggering traditional military responses. CI must now defend against a spectrum of subtle subversion, including large-scale cyber operations, persistent penetration of networks for reconnaissance and preparatory measures, and covert attempts to manipulate political discourse and decision-making.

The globalization of commerce and technology has created intricate, interconnected supply chains. These networks present significant CI risks, as adversaries seek to compromise the integrity, trustworthiness, and authenticity of products and services. By inserting “backdoors” or creating exploitable “choke points” at various nodes, adversaries establish capabilities for future exploitation. CI efforts are essential to conduct comprehensive due diligence and risk mitigation, securing these complex networks against both hardware and software compromise.

Artificial Intelligence: The Dual-Use Catalyst

AI and emerging technologies are not merely targets of modern espionage; they are simultaneously the most potent tools and the most necessary defenses in the counterintelligence battleground. This dual-use dynamic creates a challenging “AI vs. AI” scenario that demands immediate, radical adaptation. Adversaries are leveraging AI to dramatically enhance the speed, scale, and sophistication of their intelligence operations:

Automated Espionage and Big Data Analysis: AI-powered tools can automate and scale the processing, translation, and analysis of vast, heterogeneous datasets (Big Data), vastly increasing the volume and velocity of intelligence collection from both open-source intelligence and classified sources.

Adaptive Cyberattacks: Machine learning (ML) algorithms enable the development of more elusive and adaptive cyber threats. This includes automated exploitation of vulnerabilities, dynamic creation of polymorphic malware, and rapid penetration of defenses, operating at speeds that effectively outpace traditional, human-centric cybersecurity responses.

Generative AI for Influence: Generative AI can create highly realistic deepfakes (synthetic videos and audio) and synthetic narratives at scale. This facilitates sophisticated disinformation and propaganda campaigns to manipulate public opinion and conduct advanced social engineering, severely compromising the ability of institutions to discern truth from falsehood.

Three interconnected factors fundamentally redefine the scope of CI responsibility: target expansion, the blurring of conflict lines, and supply chain vulnerabilities. To effectively counter these technologically enabled threats, CI must aggressively embrace and integrate these same technologies, transforming them into proactive defensive tools:

Threat Anticipation and Predictive Analysis: AI can process and analyze massive amounts of threat data, identifying subtle, non-obvious patterns, trends, and anomalies. This capability allows CI to transition from merely reacting to threats toward predictive modeling, allowing one to forecast adversary actions before they materialize and enabling preemptive defense.

Enhanced Surveillance and Anomaly Detection: ML algorithms are crucial for the detection of subtle anomalies in network traffic, user behavior, and physical security systems that a human operator would miss. AI-driven monitoring provides real-time, large-scale pattern-of-life analysis that significantly exceeds human cognitive capacity.

Counter-Disinformation and Integrity Checks: CI requires AI-driven tools to effectively identify, analyze, and flag AI-generated propaganda, deepfakes, and synthetic media. Systems designed for content provenance and authenticity verification are essential to safeguard the integrity of the information domain and maintain public trust.

Insider Threat Mitigation: Defensively, AI can monitor internal networks to flag anomalous user behaviors such as unusual data access attempts, large data transfers, or deviations in an employee’s digital pattern-of-life. As such they assist in identifying potential insider threats before significant compromise occurs.

The Strategic Imperative

The shift of global powers and the proliferation of disruptive technologies have thrust counterintelligence into an even more important aspect of national security. The stakes of this technological arms race transcend traditional security concerns, encompassing the integrity of a nation’s innovative ecosystem, its economic competitiveness, and the resilience of its democratic institutions.

CI must rapidly evolve its strategies to prioritize the defense of economic and technological assets, and it must integrate AI as a foundational defensive technology to achieve predictive, scalable threat mitigation. Failure to aggressively master and deploy AI defenses against technologically augmented adversaries risks the systemic erosion of national advantage in a world where technological leadership is increasingly synonymous with global power. The future success of great power competition hinges directly on the adaptive capacity and technological sophistication of CI’s function.

Joshua Thibert is a Senior Analyst at the National Institute for Deterrence Studies (NIDS) with over 30 years of comprehensive expertise. His background encompasses roles as a former counterintelligence special agent within the Department of Defense and as a practitioner in compliance, security, and insider risk management in the private sector. His extensive academic and practitioner experience spans strategic intelligence, multiple domains within defense and strategic studies, and critical infrastructure protection. The views of the author are his own.

Redefining Espionage: The Unseen War for Technological Dominance was originally published on Global Security Review.

Advances in space technology are making the extraction of lunar and asteroid materials increasingly feasible. These capabilities promise the potential for significant economic gains, greater energy security, and new avenues of geopolitical influence for any spacefaring nation capable of developing and sustaining resource-extraction operations. As competition accelerates, the question is no longer whether space mining will occur, but who will shape the rules, norms, and capabilities that govern it.

To preserve American power in space, the United States must take formative policy action and protective research and development (R&D) measures to define the future of space mining before rival nations do. Building on the strategic momentum established in the space domain during the first Trump Administration, namely the creation of the U.S. Space Force, securing an early foothold in space mining will help counter adversarial efforts to undermine American leadership and preserve space as a key frontier for American power.

Formative Policy Action in Space Mining

In emerging domains, the first actors often leave a legacy that serves as a reference point for subsequent laws and behavior, such as the Outer Space Treaty (OST) of 1967. During the Cold War, the U.S. and the Soviet Union pushed outer space beyond its initial symbolic and scientific uses. Concerns over nuclear escalation prompted the creation of a legal framework that addressed non-weaponization and restrictions on national sovereignty. Despite approaching its 60th anniversary, the OST remains a foundational pillar of outer space governance, demonstrating how proactive U.S. leadership defined the rules of engagement and established operational precedents in an emerging domain. Sustaining this proactive approach is critical if the U.S. is to seize the strategic opportunities in outer space.

Space mining is among the more recent technical opportunities to emerge, alongside satellite constellations, orbital maneuvering, and AI-enabled platforms. Yet space mining is unique in that it offers potential energy security and trillions of dollars in economic value to those possessing return-to-Earth capabilities (currently limited, forcing a focus on in-situ resource utilization (ISR) for propulsion and life support). According to NASA’s Asterank database, extracting resources from the ten most cost-effective asteroids could yield profits exceeding $1.5 trillion. The promise of energy resilience and economic gain has captured the attention of global powers and middle-state actors alike, leading to a growing number of spacefaring nations and sparking geopolitical friction.

The U.S. and Luxembourg were among the first to formalize space mining in their legal frameworks, recognizing outer space resources as property subject to ownership and commercial trade. Conversely, Russia cites the Outer Space Treaty’s designation of space as the “province of all mankind” as a basis for prohibiting resource extraction and ownership. In response to the Trump Administration’s proposed lunar mining initiatives, Russian officials went so far as to accuse the U.S. of orchestrating an “invasion” of the Moon, likening it to “another Afghanistan or Iraq.” Russia’s actions, however, contrast sharply with its public stance, given its willingness to explore an agreement on space mining with Luxembourg in 2019.

Yet American space mining laws have been relatively insulated from further international criticism because they align with formative international frameworks. For example, the U.S. Commercial Space Launch Competitiveness Act of 2015 reflects Article II of the OST, which prohibits national appropriation of celestial bodies. Additionally, the 2020 National Space Policy aligns with the Artemis Accords by emphasizing transparency in national space policies and space exploration plans, as well as the sharing of scientific information. The legitimacy of U.S. legal principles has been strengthened by demonstrating its commitment to sharing the space domain as a collaborative partner while advancing its own interests and strategic advantages.

Critical questions about access to mining sites, extraction limits, and fair participation remain unanswered because frameworks such as the OST predate the concept of space mining. Addressing these questions and providing certainty before capabilities mature or competing nations establish their own frameworks is essential to preserving a U.S. strategic advantage in space.

Protective R&D Measures for Space Mining Capabilities

As the future of space mining and its economic potential threaten to catalyze geopolitical tensions, it is crucial for the U.S. not only to be among the first to establish governance frameworks but also to develop tangible space mining capabilities. Yet space is no longer a domain of uncontested U.S. dominance, as China has evolved from a near-peer to a peer competitor. Initiatives such as the Tiangong Space Station and the International Lunar Research Station underscore China’s growing space capabilities and its ambitions to assume a leadership role.

China’s rapid rise may be attributed in part to its exposure to U.S. space technologies, as bilateral cooperation agreements have provided avenues for interaction with U.S. research and development efforts. Despite the Wolf Amendment, which prohibits bilateral cooperation with China without explicit authorization from Congress and the FBI, numerous violations of the provision have likely conferred strategic benefits on China, eroding the competitive edge the U.S. seeks to maintain. In 2024, the Office of the Inspector General investigated a state University for violations of the Wolf Amendment and announced in December that the University agreed to pay $715,580 to resolve civil allegations. When applying for and receiving NASA research grants, the University failed to disclose a professor’s affiliations with and support from the Chinese government. Similarly, according to a report published by the Select Committee on the Strategic Competition Between the U.S. and the Chinese Communist Party (CCP), hundreds of articles crediting NASA funding were identified that were jointly published by U.S. researchers (including public universities and federal research entities) and CCP institutions. In early February 2026, the University of Texas at San Antonio agreed to pay nearly $130,000 in penalties after federal investigators alleged that the lead principal investigator for a NASA-funded Center for Advanced Measurements in Extreme Environments failed to disclose affiliations with researchers in China.

China’s sustained intellectual property theft is eroding U.S. dominance in space and diminishing the impact of formative U.S. space mining policy measures. Prioritizing R&D for space mining, particularly return-to-Earth capabilities, is a central focus for spacefaring nations and must be a priority for the United States. However, R&D initiatives must be paired with enforceable oversight structures that protect intellectual property from adversarial appropriation. Enforcement entities should also demonstrate a clear commitment to implementing protective measures and punishing violators. Without such protections, any research investments risk benefiting adversarial states as much as the U.S., as evidenced by instances in which China has capitalized on U.S.-funded advancements.

Conclusion

Although the U.S. is facing increasing demands across emerging warfighting domains, with numerous competing national security concerns, space resource governance and capability development can no longer be sidelined. The U.S. must act decisively and with strategic clarity to build the legal and behavioral foundations for space mining, and to enact protections for space mining R&D, as competitors advance their own initiatives. Space mining has become a strategic imperative, one that this Administration must seize to ensure that American values, interests, and leadership define this emerging domain, resource governance and capability development resource governance and capability development.

Rachel Butler is a doctoral student in the Department of Defense and Strategic Studies at Missouri State University. She holds master’s degrees in history and strategic studies, with research interests focused on ethical and cognitive warfare. Views expressed in this article are the author’s own. 

Seizing the High Ground: The Case for U.S. Leadership in Space Mining was originally published on Global Security Review.

Maritime ports authorize customs clearance and are involved in regulatory checks, ensuring compliance with national and international law. Ports perform most of these functions digitally. Maritime ports are now under serious threat of malicious cyberattacks that can disrupt and compromise port operations worldwide.

Industry is deeply interconnected, and a cyberattack on one major port can send shockwaves through global trade networks. Consider a scenario where a major port, responsible for handling millions of cargo containers, suddenly halts operations due to a cyberattack. Cranes freeze, logistics systems collapse, and cargo ships are left stranded at sea. This is not a hypothetical scenario; it is a real and escalating threat to global trade.

The maritime industry, long seen as the backbone of international commerce, now faces an urgent cybersecurity crisis. Ports are no longer just about cranes and cargo; they have evolved into digital ecosystems reliant on interconnected networks, automation, and artificial intelligence. As ports become smarter, they are also becoming more vulnerable. Cybercriminals are increasingly exploiting these vulnerabilities, causing financial losses, operational disruptions, and even national security risks.

Maritime cyberattacks are no longer rare occurrences, they are becoming alarmingly frequent. In 2023, a ransomware attack crippled more than 1,000 vessels by targeting a software provider used across the shipping industry. The attack forced the shipping industry to shut down its ShipManager system, affecting global supply chains. A year earlier, the Port of Lisbon suffered a cyberattack that took its website offline for days, with the ransomware group LockBit claiming responsibility and alleging that it had stolen financial reports, contracts, and ship logs.

In Germany, a 2022 cyberattack on two oil companies disrupted fuel shipments, forcing Shell to reroute supplies and exposing the vulnerabilities of critical maritime infrastructure. The 2017 NotPetya ransomware attack, which paralyzed Maersk and caused an estimated $300 million in damage, remains one of the most devastating cyberattacks in shipping history.

Ports are among the most attractive targets for cybercriminals. The motives behind these attacks vary as some hackers seek financial gain, while others aim to steal sensitive trade-related data, and some may even use cyberattacks as part of hybrid warfare.

The economic consequences are staggering, from ransom payments and insurance hikes to delays that can ripple across global supply chains. Beyond financial losses, cyber threats to ports pose serious security risks. For example, a well-coordinated cyberattack on a major port could disrupt military logistics, cripple trade networks, or even manipulate cargo data to facilitate smuggling and illicit trade.

Hackers carry the potential for unauthorized intrusion into ports’ digital networks and interrupt ports’ routine operation through malicious software attacks. The workforce involved in port management may be trapped into revealing sensitive data by clicking on malicious links. The hackers can also disrupt digital networks that regulate critical port infrastructure, such as cranes, pumps, and valves. Supervisory control and data acquisition (SCADA) systems can come under cyber threats disrupting routine functions. Nonstandard computing hardware like sensors, actuators, or appliances that transmit data from the network wirelessly are vulnerable to data theft.

Hackers can steal data such as cargo manifests, crew information, and financial records. They can also manipulate data, such as altering cargo manifests, or manipulate navigation systems. Hackers can also steal intellectual property, such as trade secrets or proprietary software.

Another pressing issue is supply-chain security. Ports rely on a complex web of third-party vendors for logistics, software, and cargo management. If one vendor is compromised, the entire port system could be at risk.

Hackers can also use unmanned aerial vehicles (UAVs) for surveillance means or to attack port infrastructure, such as damaging equipment or disrupting power supplies. Ports may be exposed to cyberattacks through third-party suppliers, such as logistics providers or maintenance contractors. Ports may be exposed to cyberattacks through cargo and containers, which may contain malicious devices or software.

Cybersecurity in the maritime sector is often treated as an afterthought. Many ports still operate with outdated software and weak security protocols, making them easy targets. Given the critical role of ports in the global economy, the widening cybersecurity gap is a growing challenge. Strengthening port security necessitates urgent regulatory mechanisms, some of which are proposed below.

Regulatory Mechanisms

To mitigate the growing cyber threat, ports should adopt internationally recognized cybersecurity frameworks. First, ports should adhere to the rules and protocols of the International Maritime Organization’s (IMO) Maritime Cyber Risk Management Guidelines, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and ISO 27001 standards. Implementing these frameworks will help establish clear security protocols and ensure that ports are prepared to defend against cyberattacks.

Second, network security should be reinforced by segmenting information technology (IT) and operational technology (OT) systems, preventing malware from spreading across critical infrastructure. Regular penetration testing and vulnerability assessments can further identify weak points before attackers do.

Third, investing in cybersecurity training for port workers is equally crucial. Many cyberattacks exploit human error—phishing e-mails, weak passwords, and social engineering attacks remain among the most common entry points for hackers. A well-trained workforce can serve as the first line of defense against these threats.

Fourth, leveraging artificial intelligence and machine learning for threat detection can enhance ports’ ability to identify cyber risks before they escalate into full-scale attacks. Artificial intelligence (AI)–led systems can monitor network activity in real time, flagging suspicious behavior and predicting potential breaches before they happen. In this regard, the strict security assessments of third-party vendors and blockchain-based cargo tracking can enhance transparency and reduce the risk of supply-chain cyberattacks.

Fifth, beyond prevention, ports should also be prepared to respond effectively to cyber incidents. For this, establishing cyber incident response teams (CIRT) can ensure that ports have trained professionals ready to mitigate and recover from cyberattacks swiftly.

Sixth, regular cyber drills and crisis simulations should be conducted to test response plans. This ensures that when an attack occurs, the damage is minimized, and recovery is swift.

Seventh, international collaboration to deal with these threats is essential. Governments, port authorities, and private stakeholders should work together to share intelligence, standardize security protocols, and invest in collective defense mechanisms.

Public-private partnerships can play a key role in funding advanced cybersecurity infrastructure, while international regulatory bodies like the IMO must enforce stricter cybersecurity mandates across the industry. Finally, as ports transition into smart ports, powered by the internet of things (IoT), AI, and automation, cybersecurity should be at the forefront of maritime security strategies. Emerging technologies like quantum computing and zero trust architecture will play a crucial role in strengthening digital defenses, but ports should remain vigilant. The very technologies designed to enhance security could also introduce new vulnerabilities if not properly managed.

Cybersecurity is no longer just a technical issue; it is a fundamental pillar of modern port management. If cybersecurity continues to be treated as an afterthought, the next major cyberattack could bring global trade to a standstill. Ports are the lifelines of the world economy, and securing them is not just about protecting data, it is about safeguarding the stability of international commerce and national security.

Maryyum Masood is working as a Research Officer & Associate Editor at the Center for International Strategic Studies (CISS) Islamabad. She is an MPhil scholar in the Department of Strategic Studies at the National Defense University (NDU) Islamabad.

Rizwana Abbasi is an Associate Professor of Security Studies at the National University of Modern Languages, Islamabad, a non-resident Fellow of the Center for International Strategic Studies (CISS), Islamabad, and a Visiting Fellow at the Central European University of Austria.

Cybersecurity Framework for Maritime Port Management was originally published on Global Security Review.