Introduction

North American security has long rested on the deep political alignment, economic integration, and strategic trust shared between the United States and Canada. For over a century, this partnership has been reinforced through extensive trade networks, shared defense institutions like North American Aerospace Defense Command (NORAD), and intelligence cooperation within the Five Eyes framework, which has served as a cornerstone of continental safety and Western geopolitical cohesion. The durability of this alliance has suggested that the northern border would remain immune to great‑power rivalry and insulated from external strategic disruption. That is now being challenged. Emerging geopolitical pressures and recent shifts in Canada and the People’s Republic of China (PRC) engagement raises the possibility of a Canadian government that deliberately deepens economic, diplomatic, and technological ties with the PRC while distancing itself, politically and/or strategically, from the U.S. Should a realignment materialize, it would constitute geopolitical shifts in North American history, reshaping continental security architectures, supply‑chain systems, intelligence cooperation, and global power balances for decades.

A Sino‑Canadian partnership would likely emerge along along two (2) mutually reinforcing pillars. The economic pillar would involve PRC influence over or access to critical Canadian infrastructure including ports, pipelines, telecommunications networks, and transportation corridors alongside privileged access to Canada’s critical minerals, agricultural capacity, and Arctic resources. Deepening technological integration in sectors such as artificial intelligence (AI), quantum computing, and biotechnology would compound security risks by embedding PRC-linked systems in core North American industries. The military and intelligence pillar could include joint People’s Liberation Army–Canadian Armed Forces exercises in the Arctic, Chinese naval access to Canadian ports, and the establishment of PRC signals intelligence platforms on Canadian soil. Such developments would weaken NORAD cohesion, directly threaten U.S. homeland security, and compromise the integrity of the Five Eyes (FVEY) alliance.^[1]

The consequences for the U.S. would be severe. North America’s integrated industrial base, especially in automotive, aerospace, energy, and defense manufacturing, would face significant disruption or collapse if supply chains became separated between a U.S.-aligned and a PRC-aligned technological ecosystem. The 5,525‑mile U.S.–Canada border, long regarded as the world’s most peaceful border, would transform into a new defensive front requiring substantial investments in surveillance, intelligence, and force posture. NORAD’s early‑warning systems for air and missile threats would be degraded, eroding one (1) of the U.S.’s most important strategic advantages. A secure PRC foothold inside North America would likely increase espionage, influence operations, and opportunities for intelligence penetration.

A Sino‑Canadian alignment would fracture the Western alliance system, undermining NATO’s internal unity, weakening the G7, and signaling to other states that American influence within its own hemisphere is no longer secure. Such a rupture would accelerate global realignment toward Beijing and diminish the U.S.’s strategic credibility worldwide.

Mitigating these risks would require a coordinated U.S. response across three (3) primary vectors. Diplomatically, Washington would need urgent, high‑level engagement aimed at reversing Canadian drift, while simultaneously strengthening the FVEY partnership between the U.S., the United Kingdom, Australia, and New Zealand, potentially without Canada, if necessary, and reinforcing relationships with Indo‑Pacific and European allies. Economically, the U.S. would need to initiate a “Fortress America” strategy focused on re‑shoring sensitive supply chains, preparing targeted sanctions, and leveraging U.S.–Mexico–Canada Agreement (USMCA) mechanisms to deter or penalize destabilizing Canadian decisions. Militarily, the U.S. would need to reconfigure its northern defense posture by expanding surveillance along the border, investing in a U.S.-only northern defense framework, and preparing Arctic strategies for a contested operational environment.

Taken together, these dynamics illustrate both the enduring strength of the U.S.–Canada partnership and the emerging vulnerabilities that could destabilize it. The strategic stakes for the U.S. are high. A deepening Sino‑Canadian alignment would not simply alter bilateral relations. It would fundamentally reshape the security, economic, and geopolitical architecture of the Western Hemisphere.

The Structural Foundation of North American Integration

The economic relationship between the U.S. and Canada is not a conventional trade arrangement, it is a continental production ecosystem. Governed today by the USMCA, bilateral trade in goods and services exceeds $900 billion annually. Canada is the largest export destination for more than 30 U.S. states. Approximately three-quarters (3/4) of Canadian exports flow southward. Cross-border foreign direct investment sustains millions of jobs on both sides of the frontier.^[2],[3]

The automotive sector illustrates the depth of integration. Components may cross the border multiple times prior to final assembly. Just-in-time manufacturing minimizes cost but also reduces resilience. Border disruption, even temporarily, can halt production lines within hours. The system is optimized for efficiency, not decoupling. Energy interdependence is equally structural. Canada supplies a great amount of U.S. crude oil imports. American refineries along the Gulf Coast are configured specifically for heavier Canadian crude grades. Electricity grids interconnect through dozens of cross-border transmission lines, enhancing reliability and stabilizing regional markets. These networks were built on assumptions of political trust and regulatory harmonization.^[4],[5],[6]

Defense integration is no less interdependent. Since 1958, NORAD has institutionalized binational responsibility for aerospace warning and control. Radar systems, Arctic monitoring installations, satellite feeds, and fighter alert forces operate within a shared command structure. Canada’s 2022 commitment to invest nearly C$40 billion in NORAD modernization underscores the scale of this partnership.^[7],[8]

Intelligence cooperation further cements the relationship. Canada is a core member of the FVEY partnership, which operates on a presumption of near-total trust and intelligence fusion. Canada’s geographic location provides valuable signals intelligence coverage across Arctic approaches and Eurasian trajectories. Taken together, these arrangements have rendered North America a strategic community rather than merely a continent.^[9],[10]

Background: The Historical Context of a Fraying Alliance

For five (5) decades, North American stability has rested on a deeply integrated U.S.–Canada economic, military, and political partnership, while each country has navigated separate, evolving relationships with the PRC. Continental defense architectures such as NORAD have bound Washington and Ottawa in shared aerospace warning and control since the Cold War and remain core to homeland security today. In parallel, the U.S.–Canada economic relationship matured through North American Free Trade Agreement (NAFTA) (1994) and its successor USMCA (2020), which institutionalized cross-border trade and supply-chain integration at scale. By contrast, Canada’s opening to Beijing in 1970 made it an early Western engager of the PRC. The U.S.’s normalization with Beijing followed later in the 1970s, setting each country on distinct paths that now intersect amid intensifying U.S.–PRC strategic competition.^[11]

Canada-PRC Connection.

Canada formally recognized the PRC on 13 October 1970, issuing a joint communiqué that switched recognition from Taipei to Beijing and established full diplomatic relations. Prime Minister Pierre Trudeau consolidated the opening with an official visit in October 1973, meeting Mao Zedong and outlining avenues for trade, cultural, and consular cooperation. In 1978 through the 1980s and 1990s, ties broadened: PRC Premier Zhao Ziyang’s 1984 visit advanced bilateral investment safeguards, and Team Canada missions in 1994 drove major commercial deals, including multi‑billion‑dollar energy and power contracts reflecting Ottawa’s push to deepen economic engagement with the PRC. By the 2010s, Canada and the PRC had become significant economic partners, even as human rights, technology security, and political interference concerns intermittently strained ties. The relationship decisively deteriorated beginning in December 2018, when Canada arrested Huawei CFO Meng Wanzhou on a U.S. extradition request for alleged bank and wire fraud, immediately followed by PRC detentions of Canadian citizens Michael Kovrig and Michael Spavor on espionage charges. The episode catalyzed a broader policy rethink culminating in Canada’s Indo‑Pacific Strategy (Nov. 2022), which describes the PRC as an “increasingly disruptive global power,” signaling a strategic shift from engagement toward selective competition and risk mitigation. While Ottawa has explored “resets” and pragmatic economic roadmaps since, the baseline posture is now cautious and security‑aware, with trust degraded and cooperation bounded by national‑interest constraints.^[12]

United States–Canada: Integration with Periodic Strain.

The U.S.–Canada relationship has long been among the world’s closest, marked by high‑volume daily flows of people and goods and deep supply‑chain interdependence reinforced by NAFTA and USMCA. Security cooperation has remained robust through NORAD and NATO, underpinning continental aerospace warning and defense coordination for decades. Nevertheless, the partnership has weathered periodic shocks. The early 1970s “Nixon shock” import surcharge strained economic ties and stoked Canadian concerns about asymmetric leverage, even as subsequent diplomacy stabilized the relationship. While the relationship endures, discernible strain reemerged in the mid‑to‑late 2010s, driven by renegotiation of NAFTA into USMCA (2020), recurring trade disputes, and divergent approaches to the PRC, climate, and energy policy, reflecting a shift from near‑frictionless integration to managed interdependence. Even so, authoritative assessments emphasize that U.S.–Canada ties continue to be structurally strong, albeit with more frequent calibration to reconcile domestic policy priorities and external pressures.

After two (2) decades of hostility, U.S.–PRC ties shifted with Nixon’s 1972 visit and the Shanghai Communiqué, setting a framework for dialogue; full diplomatic normalization followed on 01 January 1979, under President Carter, with the U.S. acknowledging the PRC as the sole legal government of the PRC while maintaining unofficial ties with Taiwan. Economic engagement accelerated culminating in the PRC’s accession to the World Trade Organization (WTO) 11 December 2001, which embedded Beijing in the multilateral trading system and expanded bilateral trade and investment connections. The relationship transitioned into overt strategic competition beginning circa 2015 to 2018, amid escalating trade and technology frictions, heightened security concerns, and sharpening differences over regional order. Authoritative timelines track this inflection from intensifying disputes over market access, intellectual property (IP), and cybersecurity threats, to tariffs and export controls, and growing confrontation in the Indo‑Pacific as both capitals recast the other as a primary strategic competitor. Today, U.S.–PRC ties are competitive across economic, technological, military, and ideological domains, with selective cooperation constrained by systemic rivalry.

The Sino-Canadian Entente: A Two-Pillar Partnership

 The Economic Partnership.

In January 2026, Canadian Prime Minister Mark Carney announced a new strategic partnership between Canada and the PRC, opening the door for tens of thousands of PRC-manufactured electric vehicles (EVs) to enter the Canadian market. In Ottawa, the move has been framed as an economic and environmental opportunity part of a broader clean energy transition and trade diversification strategy. But viewed from Washington, the implications stretch far beyond commerce. They reach directly into the realm of U.S. national defense and, more specifically, the security of American military installations.^[13],[14]

Modern EVs are not simply automobiles with batteries. They are mobile, sensor-rich computing platforms effectively “computers on wheels.” Today’s connected EVs are equipped with multiple high-resolution exterior cameras, interior cabin monitoring systems, GPS and precision geolocation tracking, cellular, Wi-Fi, and Bluetooth radios, Over-the-Air (OTA) software update capabilities, and continuous cloud connectivity. These systems support driver assistance, diagnostics, navigation, and performance optimization. However, they also create persistent streams of data collection and remote connectivity that traditional vehicles never possessed.

Crucially, vehicles operating within The PRC’s legal jurisdiction are subject to national security laws that can compel firms to cooperate with state intelligence authorities. While there is no public evidence that Chinese EV fleets are currently being used for espionage in North America, the technical architecture undeniably creates the capability for remote data access, aggregation, and potential software manipulation.

In a highly integrated North American economy where goods and people routinely cross the border, vehicles imported into Canada will not remain confined there. Through resale markets, tourism, commercial activity, and dual-residency ownership patterns, their eventual presence on U.S. roads is plausible and, over time, even likely. Unlike abstract cybersecurity debates, the risks posed by connected EV fleets become concrete when considered in proximity to American military installations across the continental U.S. (CONUS).

Department of War (DoW) installations rely heavily on perimeter security using lights, fence lines, perimeter patrols and standoff distances, along with controlled access points to identify and prevent surveillance. Yet vehicles parked legally outside installation gates in residential neighborhoods, shopping centers, hotels, or public roadways are not subject to the same controls. A connected EV can continuously capture and transmit actionable intelligence like gate traffic flows and shift changes, parking lot density and unit presence, infrastructure layouts and new construction, perimeter security configurations, and equipment movement patterns. Unlike a human observer conducting periodic surveillance, a vehicle’s sensor array operates continuously and passively. Aggregated across thousands of vehicles, these data streams could assemble detailed digital models of installation activity over time.

Modern EVs generate granular, time-stamped location histories. Individually, a single vehicle’s data may seem harmless. Collectively, however, aggregated data can reveal powerful patterns. If connected vehicles owned by service members, contractors, or families cluster around military communities, analytics could potentially identify deployment cycles, details intentionally kept ambiguous for force protection and operational security (OPSEC). Synchronized departures, prolonged absences from base housing, or traffic shifts near staging areas could signal mobilizations or returns. This highlights the broader risk of sensitive military insights emerging not from hacked systems, but from aggregated commercial data, underscoring the need for stronger data governance and awareness around connected technologies. Patterns such as training schedules, sensitive facility visitation trends, convoy routes and logistics flows, and mobilization timing could all also be inferred. History has already shown how aggregated consumer data can inadvertently expose military activity. A fleet-scale connected vehicle ecosystem dramatically amplifies that digital exhaust, increasing the risk of revealing operational rhythms even without accessing classified systems.

Over-the-air updates are designed for efficiency and safety improvements. However, the same remote access pathways that allow firmware upgrades also create potential attack surfaces. In a crisis scenario, adversarial access, whether through state action, coercion, or exploitation of supply chain vulnerabilities could enable threats like coordinated vehicle immobilization near critical infrastructure, traffic congestion around bases during mobilization, disruption of evacuation routes, or large-scale data exfiltration. Even absent deliberate state direction, embedded vulnerabilities in complex global supply chains create cyber entry points that sophisticated actors could exploit. The security question is not whether such an event is imminent. It is whether U.S. force protection models account for it.^[15]

EVs routinely sync with smartphones, contact lists, calendars, navigation histories, garage systems, and home Wi-Fi networks. For military personnel, this creates additional layers of exposure by highlighting home-to-base commuting patterns, association networks, frequently-visited restricted sites or classified workspaces. The blending of personal digital ecosystems with connected vehicles expands the attack surface well beyond the vehicle itself. The EV issue does not exist in isolation. It intersects with a broader strategic landscape that includes, expanding diplomatic engagement between Ottawa and Beijing, Chinese interest in Arctic infrastructure and research, agricultural land acquisitions inside the United States, and the ever-growing great power competition between Washington and Beijing. Continental defense has historically relied on geography and allied alignment. The U.S.–Canada partnership has long functioned as a stabilizing pillar of North American security, but technological ecosystems introduce civilian-embedded platforms capable of persistent data collection.^[16]

The risk is not that every imported EV becomes an intelligence asset. The risk is that scale, connectivity, and legal compulsion combine to create an exploitable environment, particularly near U.S. military installations whose security models were designed to counter physical surveillance, not continuous digital mapping. As continental defense evolves, so must force protection doctrine. Economic integration across the northern border remains a strategic strength. Yet safeguarding U.S. military infrastructure in the connected age will require anticipating how everyday technologies, even something as commonplace as cars, can become vectors of persistent surveillance. In the 21st century, the perimeter of a military base may no longer end at the fence line. It may extend into the parking lot across the street and into the cloud.^[17]

The Military Pillar: A Challenge to Continental Defense.

On 06 February 2026, reports disclosed deepening military engagement between the People’s Liberation Army (PLA) of the PRC and Canada, notably through winter survival training, naval visits, and diplomatic-military exchanges spanning from 2013 to 2019. These activities, while paused by Canada in 2019, reveal enduring strategic risks, particularly considering its recent push toward closer ties with the PRC. Earlier in January 2026, Prime Minister Mark Carney undertook a landmark visit to Beijing, heralding what he described as a “new strategic partnership” with the PRC aimed at economic diversification, trade de-escalation, and cooperation in energy and agriculture. During a press conference in Beijing, Carney expressed that Canada is “heartened by the leadership of President Xi Jinping and the speed with which our relationship has progressed,” emphasizing intentions to strengthen security, multilateralism, and people-to-people ties. He framed this engagement as part of Canada’s broader strategy of “seeing the world as it is” and diversifying away from reliance on the U.S.

Canada’s desire to grow closer to the PRC, especially as it seeks to forge a more “independent foreign policy” occurs within a geopolitical landscape shaped by U.S. strategic competition with the PRC, Arctic militarization, and emerging Sino-Russian Arctic collaboration. While Canada pursues economic gains, signing agreements on electric vehicles, energy cooperation, and agricultural trade, the military domain looms as a chokepoint. Opening the U.S. to a greater threat on both its Northern and Southern border further straining federal law enforcement tasked with its protection and possibly forcing the military into a larger role in border security in the north. The consequences of Canada’s pivot toward the PRC extend well beyond bilateral trade:

• Arctic Security Concerns. PLA familiarity with cold-weather tactics, logistics, and terrain (derived from Canadian-led training) threatens U.S. and allied dominance in the High North, undermining NORAD vigilance and continental defense planning.
• Agricultural Exposure. The U.S. has engaged with representatives of the PRC purchasing farmland and intercepted its citizens attempting to bring biological material into the heartland that could risk the agricultural stability of the U.S.
• Intelligence & Doctrine Vulnerabilities. Even discontinued training programs may have yielded operational insights into Canadian SAR and logistical capabilities. Canada’s warming security relationship increases the risk of future military or intelligence collaboration with the PRC.
• Alliance Trust Erosion. U.S.–Canada military cooperation, which is rooted in shared doctrine, vetting, and alignment, faces strain if Ottawa continues deepening engagement with Beijing. NATO and FVEY cohesion depends on transparency and unity.
• Chinese Strategic Inroads. While Carney seeks economic gains, his administration implicitly welcomes closer security engagement. The PRC’s “near-Arctic state” aspirations may now find a more permissive partner in Canada, eroding traditional Western unity in contested polar and global domains.

In the current geopolitical moment marked by U.S.–PRC rivalry, Arctic militarization, and shifting alliance dynamics, Canada’s realignment poses elevated risks for U.S. strategic posture. Electric vehicles crossing the border and wandering onto or near U.S. military installations with cameras, sensors, and predictive GPS data that connect back to PRC controlled servers could pose an increase Force Protection threat. To mitigate these, enhanced vetting and oversight are needed for Canadian military or scientific cooperation with the PRC. Reinforced intelligence safeguards should insulate shared facilities and procedures. Augmented arctic readiness and infrastructure investment must match rising Chinese presence in the High North.

The Scenario: A Sino-Canadian Agreement

A sustained Canadian realignment toward the PRC could unfold gradually. Expanded Chinese investment in Canadian ports, energy infrastructure, critical mineral extraction, telecommunications networks, and advanced research partnerships could deepen economic entanglement. Such integration would not necessarily imply formal alliance; rather, it would generate layered dependencies.^[13]

Article 32.10 of the USMCA the so-called “non-market economy clause”—explicitly acknowledges the sensitivity of trade agreements involving the PRC. Its inclusion reflects recognition that Canadian trade diversification toward Beijing carries systemic implications for continental economic integration.^[14]

In the Arctic, where melting sea ice is transforming navigation patterns, the PRC has articulated ambitions as a “near-Arctic state.” A cooperative framework between Ottawa and Beijing in Arctic development or research initiatives would grant the PRC operational familiarity in proximity to U.S. northern defenses. Security cooperation need not reach the level of alliance to disrupt trust. Even limited joint exercises, intelligence exchanges, or technology sharing in dual-use sectors would introduce ambiguity into NORAD and FVEY operations. The key variable is not hostility, it is trust.

Economic Consequences: Disruption and Structural Decoupling

Should Canada align economically with the PRC in strategic sectors particularly critical minerals and energy, the U.S. would confront difficult choices. Diversion of Canadian rare earth elements, lithium, nickel, and cobalt into Chinese-dominated supply chains would complicate U.S. efforts at friendshoring and supply chain resilience. North American industrial policy, increasingly oriented toward strategic autonomy in semiconductors and clean energy technologies, would require recalibration. Energy redirection would impose costs. Canadian crude redirected toward Asian markets would necessitate alternative sourcing for U.S. refineries. Infrastructure investments optimized for continental integration would lose efficiency. Most significantly, trust-based economic integration would give way to security-based trade screening. The economic border would thicken. What was once a production ecosystem would become a negotiated interface.

National Security Implications: The End of Assumed Sanctuary

NORAD’s architecture depends upon seamless data exchange and shared early-warning systems. If Chinese-linked firms gained access to Canadian telecommunications or satellite infrastructure, questions regarding data integrity would arise. Even absent proven compromise, perception alone could erode confidence. The likely outcome would be unilateral U.S. investment in independent northern surveillance networks, effectively ending the binational character of continental defense. In the intelligence domain, the Five Eyes partnership would confront structural strain. Restricting intelligence flows to Canada would reduce geographic coverage and analytic synergy. Maintaining full sharing would risk exposure to sensitive sources and methods. The Arctic would become strategically contested not through overt militarization, but through presence and familiarity.^[7],[9]

Cyber Threats and Digital Interdependence

The most immediate vulnerabilities would manifest in cyberspace. What ostensibly appears to be an economic relationship creates multiple vectors for intrusion, exposing not only Canada, but the broader North American technological landscape to continent-wide risk. Digital integration between the U.S. and Canada encompasses financial systems, telecommunications infrastructure, energy grids, cloud services, and defense supply chains. If Chinese state-linked technology firms were embedded within Canadian telecommunications networks or data centers, potential vectors for espionage and intellectual property exfiltration would expand. Hardware or software vulnerabilities could provide indirect access into U.S. systems through trusted cross-border connections.^[10]

Beyond telecommunications and data infrastructure, supply-chain dependencies introduce another layer of cyber exposure. Chinese-manufactured components, ranging from circuit boards and sensors to industrial control hardware and controllers, and grid-connected devices, can carry ambiguous and untrusted firmware, undocumented communication methods and functions, and exploitable vulnerabilities before even reaching Canadian networks. Embedding these components into critical systems and infrastructures allows them to be trusted elements within cross-border digital ecosystems. Because the U.S. and Canadian industries co-produce defense systems, energy technologies, and advanced manufacturing inputs, compromised components introduced through Canadian supply chains can propagate into U.S. platforms, creating cyber-physical risks that may pose a risk in mitigating as the components have been granted trust within the domain.

Energy grids and pipeline control systems rely on supervisory control and data acquisition (SCADA) systems that operate across national boundaries. Financial clearinghouses process cross-border transactions in real time. Defense contractors collaborate digitally on sensitive programs. Cyber operations thrive below the threshold of war. Attribution is contested; escalation is ambiguous. In a scenario where Canada remained formally non-hostile yet digitally entangled with the PRC, the U.S. could face persistent homeland cyber vulnerabilities without clear grounds for retaliation. In this domain, geography offers no buffer.

While the U.S. continues to restrict Chinese technology in its energy infrastructure, Canada is expanding energy cooperation with the PRC. Because the U.S. and Canada operate deeply interconnected electricity grids, Chinese-made components that could be introduced into Canadian systems creates cross-border vulnerabilities and complicates efforts to harmonize regulatory and cybersecurity standards. Compromised grid-connected devices in Canada does not remain a Canadian problem, it becomes a North American one. In a digitally synchronized grid, a singular point of compromise can propagate instability, and provide persistent footholds for state-linked actors across the border.

Canada’s status as a founding NATO member and G7 participant magnifies the geopolitical implications. A visible strategic shift toward Beijing would inject uncertainty into alliance cohesion. Article 5 commitments rely upon mutual confidence that members do not harbor conflicting strategic loyalties. Within the G7, coordination on economic coercion and export controls would weaken. The symbolic impact would be equally significant. The Western Hemisphere has long been treated as politically aligned with Washington. A strategic competitor gaining influence in Ottawa would signal that even the continental core is subject to great-power competition. Such perception shifts often precede structural realignments.

Conclusion: Navigating a Transformed Northern Border

For more than a century, the strategic geography of North America has been defined not by fortification, but by trust. The absence of meaningful militarization along the U.S.–Canada border has not reflected complacency, but rather a dense latticework of economic integration, political alignment, and institutionalized defense cooperation. The continental order anchored by the U.S. and Canada has enabled Washington to externalize risk projecting power abroad while assuming stability at home.

The U.S.–Canada trade relationship, valued at over $900 billion annually, functions less as a transactional exchange than as a continental production ecosystem. Automotive manufacturing, aerospace assembly, critical mineral processing, and energy distribution operate across the border in synchronized cycles.^[3],[4]

The significance of such a shift lies in its geography. Strategic competition with the PRC has largely unfolded in the Indo-Pacific, the South China Sea, and technological supply chains. Yet a Sino-Canadian entente would relocate elements of that competition directly to the North American continent. In doing so, it would compress distance into a fundamental variable in strategic planning. Where the U.S. has traditionally relied on oceans as buffers and alliances as multipliers, it would confront a scenario in which a principal competitor possesses privileged economic, infrastructural, and potentially military access adjacent to its homeland.

Energy interdependence illustrates this vulnerability with clarity. Canada supplies the majority of U.S. crude oil imports, and American refineries are structurally configured for Canadian heavy crude. Electricity grids interconnect across dozens of transmission lines, stabilizing regional reliability. A strategic diversion of Canadian energy exports toward Chinese markets would introduce cost shocks, supply volatility, and long-term infrastructure recalibration within the U.S. Energy security, which has long been treated as a resolved continental matter, would reemerge as a contested domain.^[5],[6]

The Arctic theater would assume renewed prominence. Climate change is transforming Arctic waters into commercial and strategically navigable corridors. The PRC has declared itself a “near-Arctic state” and has sought observer status and influence in Arctic governance structures. A cooperative framework between Beijing and Ottawa could grant the PRC operational familiarity in proximity to U.S. northern defenses, undermining assumptions about geographic insulation.

A sustained and deliberate Canadian realignment toward the PRC would not simply alter bilateral relations. It would also invert the structural assumptions upon which modern U.S. grand strategy has rested. The consequences would extend beyond economic and defense arrangements, reaching into the deeper architecture of Western alliance cohesion and global order.^[2]

 

[1] Bronskill, J. (2025, November 13). China, Russia spying on governments, businesses in Canada’s Arctic: CSIS director. CityNews Halifax. Retrieved from https://halifax.citynews.ca/2025/11/13/ china-russia-spying-on-governments-businesses-in-canadas-arctic-csis-director/

[2] Prime Minister’s Office. (2026, January 16). Prime Minister Carney forges new strategic partnership with the People’s Republic of China focused on energy, agri‑food, and trade. Government of Canada. Retrieved from https://www.pm.gc.ca/en/news/news-releases/2026/01/16/prime-minister-carney-forges-new-strategic-partnership-peoples.

[3] Cheng, M. (2026, January 16). Canada, China slash EV, canola tariffs in reset of ties. Reuters. Retrieved from https://www.reuters.com/world/china/canada-china-set-make-historic-gains-new-partnership-says-carney-2026-01-16/.

[4] Blanchard, J.-M. F. (2023). Mind the gap between rhetoric and reality in Sino‑Canadian relations. Wilson Center. Retrieved from https://www.wilsoncenter.org/article/mind-gap-between-rhetoric-and-reality-sino-canadian-relations.

[5] Congressional Research Service. (2024a). U.S.–Canada trade and economic relationship (IF10046). Retrieved from https://crsreports.congress.gov/product/pdf/IF/IF10046.

[6] Congressional Research Service. (2024b). The United States‑Mexico‑Canada Agreement (USMCA) (IF10997). Retrieved from https://crsreports.congress.gov/product/pdf/IF/IF10997.

[7] Fergusson, I. F., & Villareal, M. A. (2020). Motor vehicles and the USMCA (IF11387). Congressional Research Service. Retrieved from https://crsreports.congress.gov/product/pdf/IF/IF11387.

[8] Government of Canada, Department of National Defence. (2022, June 20). Canada outlines plan to modernize North American defence. Retrieved from https://www.canada.ca/en/department-national-defence/news/2022/06/canada-outlines-plan-to-modernize-north-american-defence.html.

[9] U.S. Chamber of Commerce. (2023). The U.S.–Canada relationship. Retrieved from https://www.uschamber.com/international/the-u-s-canada-relationship.

[10] U.S. Energy Information Administration. (2024). Energy trade with Canada. Retrieved from https://www.eia.gov/international/analysis/country/CAN.

[11] Villarreal, M. A. (2024). The United States–Mexico–Canada Agreement (USMCA) (CRS Report No. R44981). Congressional Research Service. Retrieved from https://www.congress.gov/crs-product/R44981.

[12] House of Commons of Canada. (2021). The Canada–People’s Republic of China relationship (Report of the Special Committee on Canada–China Relations). Retrieved from https://www.ourcommons.ca.

[13] Vasil, P. (2023). The G7’s united front against China’s “economic coercion” is already starting to crack. The Conversation. Retrieved from https://theconversation.com/the-g7s-united-front-against-chinas-economic-coercion-is-already-starting-to-crack-206109.

[14] White House. (2024). Building resilient supply chains. Executive Office of the President. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2024/02/White-House-Supply-Chain-Report-2024.pdf.

[15] Bielawski, R., et al. (2020, October). Cybersecurity of Firmware Updates. National Highway Traffic Safety Administration. Retrieved from https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/ cybersecurity%20offirmwareupdatesoct2020.pdf.

[16] Bureau of Industry and Security. (2025, January 14). Connected Vehicles (CV). U.S. Department of Commerce. https://www.bis.gov/connected-vehicles.

[17] Dhumal, B. (2025, August 11). The Future of Automotive Cybersecurity Safeguarding the Next Generation of Mobility. Cyber Defense Magazine. Retrieved from https://www.cyberdefensemagazine.com/the-future-of-automotive-cybersecurity-safeguarding-the-next-generation-of-mobility-2/.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Introduction

China’s muted response to the U.S. raid that captured Venezuelan President Nicolás Maduro speaks volumes about Beijing’s strategic priorities. While the operation showcased American precision and reach, China’s silence underscores a deliberate choice: avoid direct confrontation while safeguarding long-term interests in Latin America. This non-reaction raises critical questions about how China balances its global ambitions with risk management, and what this posture signals for future power dynamics in an era of intensifying U.S.–China competition.

China’s Influence in Latin America

For at least two (2) decades, Beijing has sought to garner influence in Latin America, not only to pursue economic opportunities but to gain a strategic foothold on the doorstep of its top geopolitical rival. China’s progress, from satellite tracking stations in Argentina and a port in Peru to economic support for Venezuela, has been an irritant for successive U.S. presidential administrations.^[1]

China’s economic engagement with Latin America during this period has transformed the region into a key component of Beijing’s global trade strategy. In 2000, China accounted for less than 2% of Latin American exports, but rapid Chinese industrial growth fueled a commodities boom that sharply increased trade. Between 2000 and 2008, bilateral trade grew at an annual rate of 31%. By 2021, trade surpassed $450 billion and reached a record $518 billion in 2024, with projections suggesting it could exceed $700 billion by 2035. China is now South America’s largest trading partner and the second-largest for Latin America overall, behind only the U.S.^[2]

Venezuela has become China’s largest customer of military equipment in Latin America, which is shaped in part by the American embargo on commercial arms sales to Caracas that began in 2006. Beijing has supplied a range of defense systems to Venezuela and other regional partners, including aircraft, ground vehicles, radar systems, and small arms. Argentina, Bolivia, and Ecuador have also purchased Chinese military hardware, reflecting Beijing’s expanding defense relations across the region. Cuba has strengthened military ties with China as well, hosting visits by the Chinese People’s Liberation Army (PLA) and engaging in joint training activities.^[5]

These defense and security relationships are embedded within broader strategic partnerships. In Venezuela, military equipment sales are part of a multifaceted alliance that has also included Chinese loans, infrastructure projects, and energy agreements, which have tied Caracas to Beijing economically and politically. Chinese radar and surveillance equipment have been among the defense goods supplied, although recent events have highlighted limitations in their effectiveness against U.S. military operations. Beijing’s security cooperation with Cuba and other partners, while less operationally transparent, is viewed by U.S. analysts as part of the same effort to expand its influence in the Western Hemisphere.^[3]

Although China frames its engagement in Latin America as cooperative and mutually beneficial, U.S. policymakers and regional experts caution that such relationships carry implications for regional security and geopolitical balance. Military sales and training tie these countries closer to Beijing’s strategic reach, potentially providing China with access to defense infrastructure and influence over local military operations. China’s cooperation with countries like Venezuela and Cuba, especially in the context of intelligence and security activities, is an important dimension of its expanding presence in the region and a focus of scrutiny in U.S. defense and foreign policy circles.^[5]

Implications of China’s Lack of Response During the Maduro Raid

Hours before Venezuelan President Nicolás Maduro was captured by U.S. Army Delta Force operators, he appeared publicly in Caracas alongside China’s special envoy for Latin America. The timing and visibility of the meeting conducted while U.S. forces were already positioned to execute the operation suggests that Beijing lacked advance warning and was caught off guard by the raid, despite the presence of Chinese intelligence gathering in the region. Neither Chinese-supplied air-defense radar systems nor Chinese intelligence networks appeared to detect, disrupt, or meaningfully respond to U.S. planning or execution.^[4]

Figure 5 – Venezuelan President Nicolas Maduro’s meeting with the Chinese delegation ^[4]

Venezuela fields one of the most layered air-defense architectures in Latin America, integrating Russian S-300, Buk-M2, and Pechora-2M systems with point defenses under a joint service command. Yet U.S. electronic attack and suppression of enemy air defenses (SEAD) rendered these systems largely ineffective over Caracas. The EA-18G Growler emerged as a decisive capability, enabling broad disruption of Venezuelan air-defense radars and communications and supporting an air package of more than 150 aircraft that suffered no shootdowns during the raid.

Chinese-made JY-27A “anti-stealth” radars marketed as capable of detecting low-observable aircraft at ranges exceeding 150 miles appear to have provided little to no actionable warning, a performance gap noted by multiple analysts and outlets in the operation’s aftermath. For both Moscow and Beijing, the optics were unfavorable: Russian and Chinese systems long promoted as counters to U.S. airpower were neutralized through coordinated electronic warfare, cyber, and kinetic effects.^[5]

This absence of warning sharply contrasts with Maduro’s earlier public claims about Chinese technological support. Four (4) months before his capture, Maduro stated that China had provided him with a secure phone that could not be hacked, asserting that U.S. intelligence, spy aircraft, and satellites were incapable of intercepting it. In reality, the Central Intelligence Agency already had a human source within Maduro’s inner circle, along with teams on the ground tracking his movements prior to the raid. That intelligence enabled precise targeting and made the operation possible. The success of Operation Absolute Resolve, executed without interference from Chinese systems or any apparent advance notice to Beijing undercut Maduro’s claims and highlighted clear limitations in both the reach of Chinese intelligence and the real-world effectiveness of Chinese-supplied technologies.^[6]

China’s lack of response during the Maduro raid highlights a critical distinction between economic influence and security commitment in Latin America. While Beijing has successfully positioned itself as a major trading partner and source of investment across the region, its failure to detect, deter, or respond to direct U.S. military action in Venezuela exposed clear limitations in its intelligence apparatus and any implied security guarantees. For regional governments, the episode serves as a signal that China’s engagement, though economically significant, does not translate into reliable security backing during moments of crisis. The outcome reinforces U.S. military and intelligence dominance in the Western Hemisphere and suggests that, at present, China’s influence in Latin America remains largely transactional rather than protective or deterrent in nature.

At the same time, the operation will undoubtedly have a deterrent effect on American adversaries. It serves as a stark reminder that the U.S. military retains capabilities China and Russia simply cannot replicate, particularly in the realm of precision raids enabled by elite forces, intelligence penetration, and integrated joint effects. Whether this level of precise lethality cause Beijing to think twice about scenarios such as a Taiwan invasion remains to be seen. As impressive as the operation’s execution was, elite units are a finite resource, and their utility diminishes sharply in large-scale, sustained kinetic conflict. The gap between the United States’ most elite units and those of its adversaries is far wider than the gap between U.S. conventional forces and their adversary. That reality places natural limits on the broader deterrent value of this operation. While it powerfully underscores U.S. dominance in intelligence, special operations, and rapid precision action, it does not fundamentally alter the balance in a prolonged, high-intensity war, where mass, endurance, and industrial capacity ultimately matter more than surgical excellence alone.^[5]

 

[1] Martina, M., Hunnicut, T., & Brunnstrom, D. (2026, January 12). With Venezuela raid, U.S. tells China to keep away from the Americas. The Japan Times. Retrieved from https://www.japantimes.co.jp/news/2026/01/12/world/politics/venezuela-raid-us-china-americas/.

[2] Roy., D.. (2025, June 6). China’s Growing Influence in Latin America. Council on Foreign Relations. Retrieved from https://www.cfr.org/backgrounders/china-influence-latin-america-argentina-brazil-venezuela-security-energy-bri.

[3] Federici, J., Morgret, N., Gordon, B., & Ayres, G. (2026, January 13). China-Venezuela Fact Sheet: A Short Primer on the Relationship. U.S.-China Economic and Security Review Commission. Retrieved from https://www.uscc.gov/research/china-venezuela-fact-sheet-short-primer-relationship.

[4] Week News Desk. (2026, January 04). What happened to Chinese delegation that arrived in Venezuela before Maduro was captured?. The Week. Retrieved from https://www.theweek.in/news/world/2026/01/04/what-happened-to-chinese-delegation-that-arrived-in-venezuela-before-maduro-was-captured.html.

[5] Sullivan, S., & Amble, J. (2026, January 09). Eight Military Takeaways from the Maduro Raid. Modern War Institute at West Point. Retrieved from https://mwi.westpoint.edu/eight-military-takeaways-from-the-maduro-raid/.

[6]Rogg, J. (2026, January 09). U.S. Intelligence in a Post-Maduro Venezuela. Just Security. Retrieved from https://www.justsecurity.org/128064/us-intelligence-post-maduro-venezuela/.

Introduction

Artificial intelligence (AI) is rapidly reshaping the way the Department of War (DoW) visualizes, comprehends, and behaves within the many battlespaces that constitute modern warfighting. AI is more than just a collection of tools. It is becoming an integral strategy for decision-making. This allows commanders to process information and make tactical decisions. By leveraging AI for speed, agility, and the capacity to respond within an adversary’s decision cycle, the DoW has deployed AI solutions to create a competitive advantage over threat actors who would target the United States. However, AI is not a “plug-and-play” solution. Military decision-making is combative, high-stakes, and ethically limited. This means that mistakes can lead to escalation, strategic failure, or even negative outcomes for noncombatants. Acknowledging these facts, the DoW has placed a strong emphasis on responsible and reliable AI, including human responsibility, governance, testing, and monitoring into AI systems from conception to implementation. The current AI discussion in defense is characterized by this tension between moving quickly for advantage and slowing down for safety.^[1],[2],[3]

Present-day Usage of AI Within the Military

AI is typically used for assistance in decision making, rather than decision replacement. In order to enable troops to “sense,” “make sense,” and “act” more quickly, DoW principles like Joint All-Domain Command and Control (JADC2) focus on integrating sensors and shooters via data, automation, and AI. In situations where timeframes are too short for human processing, the objective is to assist commanders in identifying different patterns. This is done while also filtering noise, and coordinating activities across land, sea, air, space, and cyberspace.^[2],[4]

Figure 1 – JADC2 Placemat^[2]

An example of the use of AI is Project Maven, which focuses on using machine learning, particularly computer vision, to observe and assess massive amounts of data and full-motion video and identify objects of interest for human analysts. AI may speed up triage and direct human attention in place of analysts viewing endless feeds, cutting down on time-to-insight and improving consistency in detection. This illustrates how AI might alter the speed at which intelligence is produced, which can sometimes influence tactical, operational, and strategic decision-making.^[5],[6]

AI-enabled force design approaches that presume highly dispersed processes are also beneficial for decision making. AI decision-support technologies are mentioned in open-source defense assessments on “Mosaic Warfare” and related techniques as a means of managing numerous tiny, networked assets and rapidly adjusting to adversary actions. In some of these scenarios, robots assist in coordinating complexity at machine speed. While this might be beneficial, humans are still in charge of purpose and judgment, particularly in situations when communications are disputed and information is lacking.^[7],[8]

 Pros & Cons of AI Utilization Within the DoW

AI’s ability to integrate input from myriad sources into a cohesive picture allows the DoW to shorten observe-orient-decide-act cycles. AI can prioritize warnings, spot abnormalities, and offer choices faster. In theory, this can result in “decision advantage,” which is a major stated goal of modernization initiatives for command and control.^[2]

Additionally, AI can increase efficiency and precision, particularly in intelligence, surveillance, and reconnaissance (ISR) processes. Machine learning may assist with dispersing attention across large datasets, speeding up item recognition and categorization, and providing analysts with a cohesive intelligence picture.. This can reduce the required number of man hours, increase response capacity, and decrease missed detections, all of which are important in both high-end combat and counterterrorism.^[5],[6]

Outside of the battlefield, AI may also streamline personnel management, logistics, maintenance, and resource allocation, areas where minor percentage increases can result in significant readiness advantages. The DoW’s Data, Analytics, and AI Adoption Strategy highlights the importance of high-quality data and how AI can speed up learning, improve operations, and scale best practices. If AI improves interoperable planning and shared situational awareness, coalition operations can benefit. Trust, norms, and responsible practices are all part of DoW’s AI governance effort, which is crucial for allies who might be leery of “black box” technologies or different ethical stances. It is simpler to incorporate AI across partners without compromising legitimacy when it is in line with explicit regulations, transparent testing, and auditable procedures.^[1],[3],[9]

Despite its many benefits and promising possibilities, the largest operational danger in the widescale implementation of AI is overreliance. Commanders may act on faulty suggestions in dynamic, misleading circumstances if they have an excessive amount of faith in AI outputs. AI models may exhibit biases present in training data, fail quietly, or deteriorate under different circumstances. DoW must maintain a strict AI policy because these dangers are real and can manifest as misclassification, fragile performance, and poor generalization.^[3]

Explainability and accountability are connected challenges. Certain AI systems are challenging to understand or audit, particularly when time is of the essence, but military operations need unambiguous accountability for both fatal and nonlethal effects. The U.S. policy on autonomy in weapon systems places requirements around design, testing, and senior level review to lessen the likelihood and consequences of failures, particularly those that could result in unintentional engagements. The DoW is aware of how dangerous “automation surprise” can be in weapons contexts. AI also adds to the burden of assurance and cybersecurity. Deployment pipelines, training data, and model weights become valuable targets for disruption and espionage. The realization that implementing AI at scale necessitates safeguarding not only networks and endpoints but also the Machine Learning (ML) life cycle, data origin, and model integrity. Addionally, monitoring for drift or compromise is reflected in the DoW’s emphasis on AI assurance, particularly through its enterprise AI leadership structures.^{[10],[11],[12]}

AI is also costly and often challenging to handle. Data infrastructure, governance, testing capacity, and the staffing capable of assessing AI limitations, rather than just purchasing software, are necessary for widespread deployment. AI transformation is as much organizational as it is technological. Victory in the age of AI requires consistent investment, talent pipelines, and institutional adjustments to go from pilots to operational effect.^[12]

Artificial Intelligence as a Threat to the Homeland

When AI allows for greater decision-making, robust command and control, and more rapid learning than competitors, it becomes an advantage for the United States and its allies. DoW integrity and strategy places a strong emphasis on “decision advantage,” or the capacity to act inside adversary decision cycles. If this is accomplished, it might discourage aggression by making U.S. forces more difficult to surprise and quicker to respond across different branches and domains. AI-supported operations can tip the scales in favor of the team that senses and adjusts the fastest in a race where speed is crucial. However, because AI is widely available and may be used as a weapon by both state and non-state actors, the same qualities that provide an advantage also pose a threat. Particularly in a world full of sensors and data, national security assessments show that AI can increase cyber vulnerabilities and allow for new types of targeting and manipulation. Adversaries can impose costs without matching U.S. conventional power if they can utilize AI to locate, track, and manipulate U.S. military or domestic systems.^[1],[2],[12]

One (1) particular type of danger is adversarial machine learning, where attackers can contaminate training data, avoid detection, extract models, or alter inputs (even in subtle ways). These strategies are arranged using frameworks such as MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS). The National Institute of Standards and Technology (NIST) has also created taxonomies to assist enterprises in identifying and controlling adversarial machine learning risk. These risks indicate that AI systems can be deceived when they are most needed during a crisis or conflict, undermining confidence and causing operational misdirection for the DoW. Additionally, AI has the potential to speed up arms competition and escalation danger, particularly in areas where autonomy interacts with the timeliness of crisis decisions and weaponry. International controversy persists despite U.S. autonomy policy’s emphasis on limiting unintentional engagements and developing formal review systems since autonomy can speed up human decision-making and raise the likelihood of quick mistake. Even minor AI-driven mistakes, such as misidentifying intent, misclassifying targets, or spreading false alarms, might lead to escalation dynamics during a great-power conflict.^{[11],[13],[14],[15]}

More convincing misinformation, impersonation, and uncredible media, as well as the utilization of unauthorized tools by staff members, are additional threats brought on by generative AI. The DoW has published interim advice and toolkits to operationalize guardrails, treating generative AI as a unique risk category, according to official guidelines and public reporting. It follows that “AI advantage” now rests not just on creating models but also on managing their use, security, and integration into mission procedures.^[16]

 Mitigating the Misusage of Artificial Intelligence

The U.S. approach to AI in defense increasingly emphasizes responsible adoption: clear ethical principles, rigorous testing and evaluation, auditability, and human accountability. DoW responsible AI strategy documents describe implementation pathways designed to reduce uncertainty and help components field AI faster without abandoning trust and oversight. This governance approach matters because legitimacy, domestically and with allies, can be as decisive as technical performance. This is supported by useful risk management frameworks. Adversarial machine learning taxonomies explain how assaults happen and what mitigations are pertinent. On the other hand, NIST’s AI Risk Management Framework (AI RMF) offers a framework for mapping, monitoring, and managing AI risks. Using such frameworks for military decision making might decrease the likelihood that AI systems are deployed without explicit criteria for robustness, dependability, monitoring, and incident response, particularly in hostile environments where subterfuge is anticipated.^[3]

Outlook

The development of AI in the military is a strategic capacity that alters decision making while bringing new attack surfaces and failure modes. It is neither exclusively advantageous nor exclusively hazardous. Initiatives centered on command and control and ISR triage clearly demonstrate the benefits of speed, scale, decision advantage, and efficiency. As AI systems are more closely linked to operational choices, the drawbacks, overreliance, opacity, governance costs, and adversary manipulation become more serious. AI benefits the US when it enhances judgment without undermining accountability and when it builds resilience more quickly than it builds vulnerability. Threats arise when enemies can use AI to alter perception, undermine trust, breach systems, or inflict escalation. Whether U.S. defense institutions can field AI quickly, while ensuring proper operability and machine-enabled pace with human responsibility, will be the crucial ^[6],[13]

 

[1] DoW. (2023, November). Data, Analytics, and Artificial Intelligence Adoption Strategy. DoW. Retrieved from https://media.defense.gov/2023/nov/02/2003333300/-1/-1/1/DoW_data_analytics_ai_adoption_strategy.pdf.

[2] DoW. (2022, March). Summary Of the Joint All-Domain Command & Control (JADC2) Strategy. DoW. Retrieved from https://media.defense.gov/2022/Mar/17/2002958406/-1/-1/1/SUMMARY-OF-THE-JOINT-ALL-DOMAIN-COMMAND-AND-CONTROL-STRATEGY.pdf.

[3] DoW. (2022, June). U.S. Department of Defense Responsible Artificial Intelligence Strategy And Implementation Pathway. DoW. Retrieved from https://media.defense.gov/2022/Jun/22/2003022604/-1/-1/0/Department-of-Defense-Responsible-Artificial-Intelligence-Strategy-and-Implementation-Pathway.PDF.

[4] Congressional Research Service. (2020, April 06). Defense Capabilities: Joint All Domain Command and Control. Congress. Retrieved from https://www.congress.gov/crs_external_products/IF/PDF/IF11493/IF11493.2.pdf.

[5] Pellerin, C. (2017, July 21). Project Maven to Deploy Computer Algorithms to War Zone by Year’s End. DoW. Retrieved from https://www.war.gov/News/News-Stories/Article/Article/1254719/project-maven-to-deploy-computer-algorithms-to-war-zone-by-years-end/.

[6] NGA. (n.d.). GEOINT Artificial Intelligence. NGA. Retrieved from https://www.nga.mil/news/GEOINT_Artificial_Intelligence_.html.

[7] DARPA. (n.d.). DARPA Tiles Together a Vision of Mosaic Warfare. DARPA. Retrieved from https://www.darpa.mil/news/mosaic-warfare.

[8] Clark, B., Patt, D., & Schramm, H. (2020). Mosaic Warfare Exploiting Artificial Intelligence And Autonomous Systems to Implement Decision-Centric Operations. CSBA. Retrieved from https://csbaonline.org/uploads/documents/Mosaic_Warfare_Web.pdf.

[9] DoW. (2023). Accelerating Decision Advantage. CDAO. Retrieved from https://media.defense.gov/2023/Nov/02/2003333301/-1/-1/1/DAAIS_FACTSHEET.PDF.

[10] DoW. (2023, January 25). Autonomy In Weapon Systems. SecDef. Retrieved from https://www.esd.whs.mil/portals/54/documents/dd/issuances/DoWd/300009p.pdf.

[11] Saylor, K.M. (2025, January 02). Defense Primer: U.S. Policy on Lethal Autonomous Weapon Systems. Retrieved from https://www.congress.gov/crs-product/IF11150.

[12] National Security Commission on Artificial Intelligence. (n.d.). Final Report. NCSAI. Retrieved from https://assets.foleon.com/eu-central-1/de-uploads-7e3kk3/48187/nscai_full_report_digital.04d6b124173c.pdf.

[13] Vassilev, A., Oprea, A., Fordyce, A., & Anderson, H. (2024, January). Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. NIST. Retrieved from https://csrc.nist.gov/pubs/ai/100/2/e2023/final.

[14] Boutin, C. (2023, January). NIST Identifies Types of Cyberattacks That Manipulate Behavior of AI Systems. NIST. Retrieved from https://www.nist.gov/news-events/news/2024/01/nist-identifies-types-cyberattacks-manipulate-behavior-ai-systems.

[15] ATLAS. (n.d.). MITRE ATLAS. ATLAS. Retrieved from https://atlas.mitre.org/.

[16] Vincent, B. (2023, November 09). New interim DOW guidance ‘delves into the risks’ of generative AI. Defense Scoop. Retrieved from https://defensescoop.com/2023/11/09/new-interim-DoW-guidance-delves-into-the-risks-of-generative-ai/.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Introduction

Amid current land lease renewal efforts, the U.S. Army has experienced various setbacks concerning Oahu land holdings that it leases from the State of Hawaii. For this effort, the Army has submitted a Final Environmental Impact Statement (FEIS) to the state Board of Land and Natural Resources. The FEIS is a critical step in the land lease process. The Army’s leased lands in Oahu include portions of the Kahaku Training Area, the Kawailoa-Poamoho Training Area,  Pohakuloa Training Area, and the Makua Military Reservation. Due to the lease expiring in 2029, the Army is pushing for an expedited land lease renewal process.^[1]

Military Land Lease and Renewal

Whether actively in use or vacant, the military owns and leases a vast array of buildings, lands, and other assets throughout various communities in the U.S. To maximize value, certain military properties can be leased to state governments, private entities, and other organizations under federal law. The land lease and renewal process, governed by 10 U.S.C. 2667, guarantees that leases serve public and military interests. Before the property can be leased, it must be determined by the military that it is not necessary for any immediate defensive purposes.^[2]

 Under 10 U.S.C. 2667, real or personal property can be leased by the secretary of a military department. This type of property can be leased under their jurisdiction when it is not needed for public use. The Secretaries of the Navy, Army, and Air Force all have the authority to approve leases that further their objectives and national security interests. In order to determine if property is required for defensive purposes, the Department of War (DoW) and pertinent military branches must conduct an assessment to determine if the leasing interferes with operational readiness.^[2]

Additional criteria for leases include compliance with the National Environmental Policy Act (NEPA) and other pertinent federal regulations. Leases must also actively promote American interests, including strategic partnerships, economic benefits, and job creation. Military installation lands have been leased for myriad purposes, including energy projects, agriculture, government office space, educational institutions, and municipal management services. Another important component in land lease agreements is the Enhanced Use Lease (EUL) program, which facilitates agreements by allowing the development of military land by private entities. In exchange for this development, private entities must provide financial compensation and in-kind considerations that may include providing services or other non-cash assets as payment.^[2]

A variety of property types are eligible for lease to support military and community efforts. Military properties eligible for lease include land, airfields, office buildings, training grounds, and test ranges. If tied to immediate military needs, both vacant land and developed infrastructure can be leased. Research labs are often deemed properties of high-value that can be leased to support artificial intelligence, cybersecurity, and unmanned systems efforts. Overall, military property leases benefit industrial efforts, research applications, and community uses. These lease efforts simultaneously support the community, the military, and national security efforts by providing potential opportunities for all parties.^[2]

Hawai’ian Military Land

U.S. Army leadership is actively trying to scale back Oahu land holdings in Hawaii. As such, the service is in the process of renewing leases for land they hold from the state.  The leased land in Oahu includes 782 acres at the Makua Military Reservation, 4,390 acres at the Kawailoa-Poamoho Training Area, and 1,150 acres at the Kahuku Training Area. The Army originally obtained these lands and a state parcel of 22,750 acres at Pohakuloa in 1964 for $1. These leases will expire in 2029.^[1]

It is proposed that the Army retain 19,700 acres of land at the Pōhakuloa Training Area and 450 acres of land at the Kahuku Training Area. The Kahuku land has especially proven useful to the Army and jungle warfare training efforts. The figure below illustrates the Pōhakuloa Training Area and the Kahuku Training Areas.^[1],[3],[4]

Figure 1 – Pōhakuloa Training Area^[5]

Figure 2 – Kahuku Training Area^[5]

A FEIS is a critical component of the Army’s land lease renewal process, required to assess environmental and cultural impacts and meet compliance standards under state and federal law. Previous FEIS drafts have been returned due to deficiencies in data, stakeholder engagement, and environmental analysis. In May 2025, the state Board of Land and Natural Resources (BLNR) voted 5–1 to reject the Army’s most recent FEIS and its efforts to retain land at the Pōhakuloa Training Area. To help establish a baseline for future negotiations, an appraisal was proposed. However, community members opposed the idea, fearing that hiring an appraiser would signal an imminent lease renewal. The Army has been working to revise its impact statements to meet approval standards, a process that has already taken approximately two (2) years to address departmental feedback.^[1],[6]

Despite these efforts, the BLNR estimates that the full review and compliance process will extend through 2028. Once the FEIS is accepted, the Army must still obtain a Conservation District Use Permit. Given these procedural requirements and the approaching 2029 lease expiration, it will be challenging for the Army to complete the necessary steps in time.^[1]

As part of the Oahu FEIS, the Army opted for a 93% reduction in acreage. In the preferred-alternatives section of the document, the Army specified that they would prefer to lease 450 acres at the Kahuku area instead of renewing leases at the Makua Military Reservation or the Kawailoa-Poamoho Training Area. However, the document was not approved due to data gaps. Areas of criticism in the study include the lack of documented cooperation with the Army and the Hawaii State Aha Moku Advisory Committee and outdated environmental data. Overall, the Army FEIS did not meet the Hawaii Environmental Policy Act standards. Moving forward, the Army plans to work with the BLNR to improve their reporting process, create cost estimates, and set schedules. An alternative approach the Army may consider includes a land swap between the state and military before the 2029 lease expiration date.^[1]

Community Impact and Future Implications

The leased lands have an impact on both the community and Army operations. Although the land may be critical for jungle warfare training efforts, it is also important for environmental and cultural interests of the state. The Army published a recent FEIS for land retention, and it is now under review.

The Army-BLNR partnership is strong, and the two (2) groups plan to discuss ways to support all stakeholders. The BLNR believes that the Army has acknowledged the critical location of these sites but that they need to include more information about the community’s perspectives, regulations, and legal implications. However, the Office of Hawaiian Affairs has raised concerns. The last draft of the FEIS failed to acknowledge the fact that the lands are not just state lands, but a part of the larger Crown and Government Lands of the Hawaiian Kingdom. As the lease process continues, there is still a possibility for land swaps between the military and state or land purchases.^[1]

The community and the Office of the Governor still acknowledge that the Army’s effort to create a smaller footprint in Oahu showcases a larger commitment to the community and environmental impacts to the area. The community also highlights the importance of the land in regard to military readiness. As the process continues, the Army will need to incorporate more community and environmental impacts into their products, along with overall military readiness. While the FEIS supports decision-making efforts, a separate review and determination is required to make a final decision about the land. In order to allow for input from community members and construct solutions, the Engage Hawaii website is a place for continued involvement. The site will continue to provide updates on land developments and updates on the lease process.^{[7],[8],[9],[10]}

Portions of the community remain opposed to the Army’s land use. Over the last 30 years, groups like Mālama Mākua and Earthjustice have prompted the Army to honor former promises and return the land. Mālama Mākua and Earthjustice urge the Army to return the lands at Mākua, Kahanahāiki and Ko‘iahi that have been used for live fire training and under control of the Army since 1942. In May 2025, the Army agreed to return portions of the land to the state for culturally appropriate usage. Before this process can occur, an in-depth cleanup effort must be made to clear the area of unexploded ordinances. This decrease in land correlates to the Army’s proposal to only retain around 450 acres at the Kahuku Training area and lease land at Poamoho near Wahiawā in 2029.^[11]

As the lease process develops, the Army will encourage community involvement while still prioritizing critical training efforts. This efforts showcase the Army’s commitment to operations, the community, and overall environmental impacts of land use. In order to foster community engagement, the Army will need to continue working with dissenting groups as well. While land swaps between the military and state or land purchases still remain a possibility, the Army is hopeful that the lease process will be successful. Community members and Army personnel will continue with these efforts as the 2029 deadline approaches.

[1] CIBA. (2025, July 3). Army Land Retention Efforts in Hawaii Stalled Again. CIBA. Retrieved from https://news.cibassoc.org/army-land-retention-efforts-in-hawaii-stalled-again/.

[2] Legal Clarity Team. (2025, March 28). 10 U.S.C. 2667: Leasing Military Property Explained. Legal Clarity. Retrieved from https://legalclarity.org/10-u-s-c-2667-leasing-military-property-explained/.

[3] State of Hawai’i Engage Hawai’i. (n.d.). Army Training Lands. State of Hawai’i Engage Hawai’i. retrieved from https://engage.hawaii.gov/army/.

[4] Heaton, T. (2024, April 18). The Days Of The Army Leasing Land In Hawaii For $1 Are Likely Over. But What’s Next? Honolulu Civil Beat. Retrieved from https://www.civilbeat.org/2024/04/the-days-of-the-army-leasing-land-in-hawaii-for-1-are-likely-over-but-whats-next/.

[5] State of Hawaiʻi. (n.d.). Army Training Lands. Engage Hawaiʻi. Retrieved from https://engage.hawaii.gov/army/.

[6] Kelleher, J. (2025, May 12). Army hits setback as Hawaii board votes to reject environmental study. The Associated Press. Retrieved from https://www.armytimes.com/news/your-army/2025/05/13/army-hits-setback-as-hawaii-board-votes-to-reject-environmental-study/.

[7] News Release. (2025, June 28). No Surprise: BLNR Rejects Another Army EIS. Hawai’i Free Press. Retrieved from https://www.hawaiifreepress.com/Articles-Main/ID/45780/No-Surprise-BLNR-Rejects-Another-Army-EIS.

[8] Mizuo, A. (2025, September 3). State website seeks to improve transparency on Army land lease negotiations. Hawai’i Public Radio. Retrieved from https://www.hawaiipublicradio.org/local-news/2025-09-03/state-website-seeks-to-improve-transparency-on-army-land-lease-negotiations.

[9] Kaua’i Now. (2025, September 2). Voice your opinions, concerns through new website on future of U.S. Army leases in Hawai‘i. Kaua’i Now. Retrieved from https://kauainownews.com/2025/09/02/voice-your-opinions-concerns-through-new-website-on-future-of-u-s-army-leases-in-hawaii/.

[10] CIBA. (2025, May 12). Army Hits Snag in Effort to Keep Hawaii Training Range Land. CIBA. Retrieved from https://news.cibassoc.org/army-hits-snag-in-effort-to-keep-hawaii-training-range-land/.

[11] Richardson, M. (2025, May 19). Activists surprised by Army’s willingness to let go of state-land lease. Hawaii News Now. Retrieved from https://www.hawaiinewsnow.com/2025/05/20/activists-surprised-after-army-willing-let-go-makua-state-land-lease-2029/.

Introduction

The militarization of space is expanding as modern militaries become increasingly dependent upon satellites for communication, navigation, intelligence, and missile warning. Space-based systems now serve as early indicators of precision strikes, global surveillance, and real-time battlefield coordination. As conflicts become increasingly high-tech, nations are investing in both deploying resilient satellite constellations and developing counter-space capabilities, including jamming, cyberattacks, and anti-satellite weapons. This growing interest has turned space into a contested domain, where disabling or disrupting orbital assets could have significant strategic consequences. The trend underscores the urgency for international norms to prevent escalation and manage the risks of weaponizing space.^[1],[2],[3]

The Growing Use of Space for Modernization

Space is a vital driver of modernization, transforming societal operations and innovations. Satellite deployments have revolutionized communication, facilitating instant data transfer and enhanced connectivity. Investment in space infrastructure by governments and private sectors supports smart cities, climate monitoring, and precision agriculture, showcasing the direct benefits of outer space technologies on life on Earth.^[3],[4]

Space-based technologies enhance scientific research and national security, with modern navigation systems like GPS being essential for transportation, logistics, and emergency services. Additionally, space assets contribute to surveillance and defense, offering strategic advantages and promoting international collaboration. In the commercial sector, space is fostering innovation through companies like SpaceX and Blue Origin, who are lowering space travel costs and promoting sectors such as space tourism, asteroid mining, and orbital manufacturing.^[5],[6]

Increasing Importance of Technological Warfare

Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) is an integrated framework enabling military forces to collect and analyze information for real-time decision making. . Recently, militaries have been exploring the capability of AI to enhance data analysis and decision-making.^[7],[8]

The C4 (Command, Control, Communications, and Computers) focuses on the tools and infrastructure necessary to effectively direct forces. This includes everything from secure radios and satellite links to advanced computing systems that process data. These systems are responsible for ensuring that orders can be issued, received, and executed with crucial precision, even in contested environments. Modern military units depend on reliable communication networks and computer systems to coordinate movements, logistics, and engagements across multiple domains.^[8],[9]

Intelligence, Surveillance, and Reconnaissance (ISR) focuses on collecting and analyzing data to assess enemy positions and activities. It utilizes satellites, drones, radar, signal interception, and human intelligence to monitor large areas, identify threats, and anticipate enemy actions. In conflicts, such as those in the Middle East and Ukraine, ISR tools have been crucial for tracking adversaries, conducting targeted operations, and minimizing civilian casualties.^[8],[9]

C4ISR is integral to multi-domain operations beyond traditional military branches, enabling cohesive warfare strategies. For instance, drone detection of enemy positions can send data through secure networks to facilitate immediate targeting by aircraft or artillery. This rapid response is vital in modern combat. It prompts significant investment in C4ISR modernization by the United States Armed Forces, NATO, and allied forces to maintain an advantage in evolving battlefields. In today’s world, C4ISR is the driver behind the rapid development of technology in the military, AI enhances the processing of vast ISR data, which leads to rapid and accurate command actions, while satellites ensure global surveillance and communication in challenging environments. As warfare evolves to be more digital and decentralized, C4ISR systems are essential for ensuring situational awareness and strategic coordination.^[8],[9],[10]

Adversarial C4ISR Tactics and

China’s investment in its C4ISR capability is pivotal to the modernization of the People’s Liberation Army (PLA). This architecture integrates various elements, including satellites for communication, navigation (notably BeiDou), imaging, airborne and maritime sensors (manned aircraft, patrol planes, and UAVs), coastal radars, and advanced ground networks. Enhanced command-and-control nodes and secure communication systems link these components, allowing for the rapid fusion of information from dispersed sensors into an operational picture for commanders and weapons systems.^[11],[12]

Beijing has leveraged its military capabilities to enhance missions that impact American interests and regional stability. In the South China Sea and Taiwan Strait, integrated ISR and command networks allow for ongoing surveillance of naval and aerial movements, enabling the PLA to monitor U.S. allies, direct strike forces, and implement anti-access/area-denial (A2/AD) strategies. Furthermore, space-based systems provide support for long-range targeting and operations, increasing the PLA’s capacity to challenge U.S. military assets and logistics without direct conflict during crises. China’s C4ISR investments extend beyond kinetic modeling to include non-kinetic and gray-zone competition, complicating U.S. military operations and decision-making. These investments enhance signals and imagery collection for intelligence and targeting, empower cyber and electronic-warfare capabilities to disrupt U.S. command and communications, and involve space developments aimed at protecting Chinese assets while challenging U.S. reliance on satellite systems. Additionally, ongoing peacetime surveillance and frequent military operations increase pressure on U.S. and allied forces by raising operational risks and political costs of escalation.^{[10],[12],[13],[14]}

China’s implementation of integrated C4ISR emphasizes enhancing the information landscape, enabling expedited situational awareness for commanders, refining PLA force precision and coordination, and offering alternatives to challenge U.S. dominance in the Indo-Pacific without engaging in direct conflict. This approach has prompted the U.S. to prioritize resilience, adopt distributed command structures such as Joint All-Domain Command and Control (JADC2), fortify communications, and invest in counter-ISR and cyber defense, as information superiority and robust networks are crucial in modern warfare.^{[14],[15],[16]}

Russia has also significantly invested in C4ISR capabilities as part of its military modernization since the early 2000s, focusing on battlefield awareness, long-range targeting, and strategic command. This strategy combines Soviet-era doctrine with modern technologies such as satellite communications, electronic warfare, and advanced reconnaissance drones. Centralized command and rapid data sharing between units are key features, demonstrated in operations in Ukraine, Syria, and along NATO’s borders.^[17],[18]

Russia utilizes integrated C4ISR systems in regional conflicts to effectively coordinate its military forces and gather intelligence on adversaries. In Ukraine, this includes the employment of drones, signal intelligence, and electronic warfare capabilities to detect, track, and disrupt Ukrainian forces. The use of reconnaissance-strike complexes (RSCs) integrates sensor data with long-range strike capabilities, enabling rapid targeting of significant objectives and emphasizing tempo superiority in combat operations. Russia employs its C4ISR assets to observe and challenge NATO and U.S. military operations, utilizing space-based surveillance, electronic intelligence, and cyber capabilities. These tools enable Russia to watch U.S. troop movements, intercept communications, and assess defense systems. Additionally, strategic bombers and submarines conduct patrols near U.S. airspace to gather ISR data. Investments in anti-satellite weapons and counter-C4ISR tools further aim to undermine Western dependency on space and communications in potential conflicts.^{[18],[19],[20]}

Russia’s C4ISR infrastructure is vital to its “information confrontation” strategy, encompassing cyberattacks, disinformation, and electromagnetic warfare. Moscow acknowledges that modern warfare involves not only conventional weaponry but also data. Its capacity to disrupt U.S. forces in Europe through cyber intrusions and GPS spoofing poses a significant threat. In response, the U.S. is bolstering investment in resilient communications, satellite hardening, and rapid ISR integration to mitigate threats.^[18],[21]

The Usage of C4ISR in the U.S.

The U.S. remains a foremost leader in C4ISR integrating space capabilities into its military strategy. These systems enhance U.S. military operations, facilitating precision warfare and real-time situational awareness through assets like GPS and communication satellites. In response to the expanding space and C4ISR capabilities of near-peer rivals such as China and Russia, the U.S. has improved its networks and invested in redundancy and expedited decision making. Militarization of space by the U.S. has intensified since the creation of the U.S. Space Force in 2019 and the reactivation of U.S. Space Command. These entities aim to maintain space superiority, safeguard American satellite infrastructure, and prepare for potential orbital conflicts. Initiatives like the Next-Generation Overhead Persistent Infrared (OPIR) satellites and expanded Low Earth Orbit constellations for missile detection illustrate the integration of space with national defense. Concurrently, the Department of War (DoW) is developing space-based data relays and robust communication systems designed to withstand jamming, cyber threats, and kinetic attacks in contested environments.^[21],[22]

U.S. C4ISR assets are critical for power projection and joint operations, providing real-time intelligence via satellites and drones for target identification, strike coordination, and damage assessment. Secure communication networks facilitate rapid order issuance across vast distances. The development of systems like JADC2 aims to unify sensors, shooters, and decision-makers, enhancing military response to threats. This integration highlights the inseparability of C4ISR and space in contemporary warfare.^[16],[23]

Figure 1 – Command and Control Network^[24]

Outlook

The global military landscape is rapidly changing, with C4ISR and space capabilities becoming essential for modern warfare. The U.S., China, and Russia are investing more in command and control, surveillance, satellite communications, and networked weapons to enhance operational superiority. These advancements enable faster and more accurate detection, tracking, and striking of targets, emphasizing the importance of speed and information dominance over mere numbers. Space has transformed from a support domain to a contested area of operations (AOR), where critical infrastructure like GPS and communication satellites are now potential targets.^[2],[3],[4]

China and Russia are enhancing their C4ISR systems to modernize their military capabilities and counter U.S. advantages by investing in reconnaissance satellites, electronic warfare, and cyber capabilities. This is designed to disrupt U.S. operations and raise costs for American interventions in key regions like the Indo-Pacific and Eastern Europe. In response, the U.S. is fortifying its own C4ISR architecture, creating the U.S. Space Force, and deploying new systems like Next-Gen OPIR and JADC2 to maintain global command and control across all domains. These advancements indicate a shift where future conflicts may depend more on the speed and security of information processing than on mere firepower. Looking ahead, the U.S. is preparing for a future where space is a contested warfighting environment. DoW strategies involve space domain awareness, satellite defense, and offensive counterspace capabilities. Developments in AI surveillance and space-based missile interceptors indicate further militarization. The U.S. sees dominance in C4ISR as crucial for winning and deterring conflicts, aiming to keep its military agile and globally connected.^{[11],[18],[19],[23]}

The merging of C4ISR systems with technologies like AI, hypersonic weapons, and cyber warfare enhances both capabilities and vulnerabilities. Nations areThe strategic emphasis is on resilience, interoperability, and real-time decision-making. Future efforts in diplomacy, arms control, and international standards will be vital in navigating these dynamics, while C4ISR and space capabilities remain central to military strategy and national security planning.^[2],[3],[5]

[1] Kaczmarek, M. (2025, June 12). Ground Control Goes Cloud: The Digital Overhaul of Satellite Operations (2025–2030). Tech Space 2.0. Retrieved from https://ts2.tech/en/ground-control-goes-cloud-the-digital-overhaul-of-satellite-operations-2025-2030/

[2] Ruitenberg, R. (2025, September 17). Space is the new frontier of war, officials say in change of tone. Defense News. Retrieved from https://www.defensenews.com/global/europe/2025/09/17/ space-is-the-new-frontier-of-war-officials-say-in-change-of-tone/

[3] Dian Purnomo, W. (2025, August 14). Militarization of Space Explained: Satellites, Space Force, and the Future of Warfare. Civilization Today. Retrieved from https://civilization.today/ militarization-of-space/

[4] TrendPulse Finance. (2025, July 27). The Strategic Case for Investing in Space Infrastructure Amid SpaceX’s Starlink Expansion. AInvest. Retrieved from https://www.ainvest.com/news/strategic-case-investing-space-infrastructure-spacex-starlink-expansion-2507/.

[5] Hays, P. (2024, October 31). The Spacepower Needed to Secure Space and Improve U.S. National Security. CSIS. Retrieved from https://www.csis.org/analysis/spacepower-needed-secure-space-and-improve-us-national-security.

[6] GovFacts. (2025, September 06). How SpaceX and Blue Origin Have Transformed America’s Space Program. GovFacts. Retrieved from https://govfacts.org/explainer/how-spacex-and-blue-origin-have-transformed-americas-space-program/

[7] DSIAC. (n.d.). C4ISR. DSIAC. Retrieved from https://dsiac.dtic.mil/ communities/c4isr/.

[8] Government Procurement. (2024, July 12). C4ISR Systems: The Backbone of Military Operations. Government Procurement. Retrieved from https://www.governmentprocurement.com/news/c4isr-systems-the-backbone-of-military-operations.

[9] Legal Clarity. (2025, August 18). What Does C4ISR Stand For and How Does It Work?. Legal Clarity. Retrieved from https://legalclarity.org/what-does-c4isr-stand-for-and-how-does-it-work/.

[10] KBV. (n.d.). US Defense Forces Embrace C4ISR: A New Era of Military Intelligence and Control. KBV Research. Retrieved from https://www.kbvresearch.com/blog/c4isr-defense-solutions-for-modern-military/.

[11] Air & Space Forces Magazine. (2023, August 31). The China Threat. Air & Spaces Forces Magazine. Retrieved from https://www.airandspaceforces.com/article/the-china-threat/.

[12] Wood, P. & Cliff, R. (2020, November). China Airborne C4ISR. CASI. Retrieved from https://www.airuniversity.af.edu/Portals/10/CASI/ documents/Research/Infrastructure/2020-12-17%20PRC%20Airborne %20C4ISR_eBook.pdf.

[13] Lin, B., Garafola, C.L., McClintock, B., Blank, J., Hornung, J.W., Schwindt, K., Moroney, J.D.P., Orner, P., Borman, D., & Denton, S.W. (2022, March 30). Competition in the Gray Zone. RAND. Retrieved from https://www.rand.org/pubs/research_reports/RRA594-1.html.

[14] Chang, F.K. (2021, May 05). China’s Maritime Intelligence, Surveillance, and Reconnaissance Capability in the South China Sea. FPRI. Retrieved from https://www.fpri.org/article/2021/05/ chinas-maritime-intelligence-surveillance-and-reconnaissance-capability-in-the-south-china-sea/.

[15] Defense One. (n.d.). C4ISR: The Military’s Nervous System. Defense One. Retrieved from https://www.defenseone.com/insights/cards/c4isr-military-nervous-system/?oref=d1-cards-continue.

[16] Loewenson, I. (2023, February 23). How JADC2 is like a high-tech grill, according to one Marine colonel. Marine Times. Retrieved from https://www.marinecorpstimes.com/news/your-marine-corps/2023/02/23/how-jadc2-is-like-a-grill-according-to-one-marine-colonel/.

[17] DIA. (2022). Challenges to Security in Space. DIA. Retrieved from https://www.dia.mil/Portals/ 110/Documents/News/ Military_Power_Publications/Challenges_Security_Space_2022.pdf.

[18] McDermott, R. (2020, December 04). Tracing Russia’s Path to Network-Centric Military Capability. Jamestown. Retrieved from https://jamestown.org/program/tracing-russias-path-to-network-centric-military-capability/.

[19] McDermott, R. (2020, April 08). Russia’s Military Exploitation of Outer Space. Jamestown. Retrieved from https://jamestown.org/ program/russias-military-exploitation-of-outer-space/.

[20] Davis, G.B.. (2023) Lessons From The Russia-Ukraine War For  Nato C4isr And Future Needs. Atlantic Council. Retrieved from https://www.jstor.org/stable/pdf/resrep48478.7.pdf.

[21] Space Force. (2025). Space Threat Fact Sheet. Space Force. Retrieved from https://www.spaceforce.mil/About-Us/Fact-Sheets/Fact-Sheet-Display/Article/4297159/space-threat-fact-sheet/.

[22] Space & Aero. (2025, August 07). Next-Gen OPIR GEO-Based Missile Warning Satellite Testing. Joint-Forces. Retrieved from https://www.joint-forces.com/space-and-aero/84329-next-gen-opir-geo-based-missile-warning-satellite-testing.

[23] Beebe, E. (2024, August 09). C4ISR & JADC2: Navigating the Next Frontier in Military Command and Control. IDGA. Retrieved from https://www.idga.org/command-and-control/articles/c4isr-jadc2-the-next-frontier-in-military-command-and-control.

[24] (U) Tunnicliffe, A. (2022, September 12). Multi-Domain Operations In The Future Battlespace. Army Technology. Retrieved from https://www.army-technology.com/features/multi-domain-operations-in-the-future-battlespace/?cf-view.

Introduction

North Korea’s cyber strategy combines high-visibility, state-sponsored campaigns with low-visibility, revenue-driven infiltration in order to pursue intelligence collection and disruption, and to avoid sanctions. As a state-sponsor, the Democratic Peoples Republic of Korea (DPRK)-linked groups such as the Lazarus Group (aka APT38), Andariel, and Kimsuky have executed some of the most high-profile attacks. These include the 2014 Sony Pictures breach, the 2016 Bangladesh Bank heist, and the 2017 WannaCry ransomware outbreak. Additional sophisticated attacks include espionage campaigns against defense contractors, think-tanks, and multimillion-dollar financial heists from cryptocurrency exchanges worldwide. Concurrently, Pyongyang fields thousands of “remote IT workers” who embed themselves in targeted organizations under the guise of legitimate software developers, system administrators, and cloud engineers. These remote IT workers operate through networks with codenames such as Jasper Sleet, Storm-1877, and Moonstone Sleet. The operatives leverage forged credentials, virtual private networks, and legitimate remote-management tools to establish insider access. Once hired by an organization, the operatives install backdoors, exfiltrate intellectual property, and facilitate follow-on ransomware or extortion attacks. Leading cybersecurity firms estimate North Korean IT infiltrators have compromised hundreds of U.S. corporations, from technology and manufacturing to transportation and defense. There is an immediate need for integrated defenses within the international community, including robust threat intelligence sharing, enhanced vetting, monitoring of remote personnel, and strengthened public-private collaboration to detect and deter both overt and covert DPRK cyber operations.^{[1],[2],[3],[4],[5],[6],[7],[8],[9],[10],[11]}

Background and Strategic Objectives

North Korea’s cyber strategy emerged in the late 1990’s with the establishment of Bureau 121, a highly secretive cyberwarfare agency within North Korea’s Reconnaissance General Bureau (RGB). The RGB is North Korea’s premier foreign intelligence agency, which is responsible for clandestine operations including intelligence gathering, psychological warfare, and special operations abroad. Over time, the regime has cultivated elite cyber talent through rigorous training at institutions like the University of Automation in Pyongyang, after which, the RGB would deploy operatives abroad to generate revenue and conduct cyberattacks. The Lazarus Group, which is among the most notorious North Korean advanced persistent threat (APT) units and widely believed to be a component of Bureau 121, gained global attention following after the aforementioned the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack. These events marked North Korea’s transition from regional cyber provocations to globally disruptive operations.^[12],[13]

In addition to the Lazarus Group, the RGB also oversees the groups Kimsuky and Andariel. While Lazarus focuses on large-scale financial theft and disruptive malware attacks, Kimsuky specializes in espionage targeting think tanks, journalists, and government entities. Andariel conducts intrusions into defense and industrial systems, often stealing sensitive data. These groups frequently collaborate, as demonstrated in coordinated attacks on South Korean defense firms where each unit played a distinct role in infiltrating networks and exfiltrating data. The RGB’s centralized control ensures strategic alignment across the many operations and makes North Korea’s cyber network a potent extension of its geopolitical ambitions.^{[14],[15],[16]}

North Korea’s cyber agenda has served as a critical tool for circumventing international sanctions and funding its weapons programs. Following the imposition of UN sanctions in 2016, the regime pivoted toward financially motivated cybercrime, particularly targeting cryptocurrency exchanges. In 2024 alone, North Korea reportedly stole $1.34 billion in digital assets, with the Lazarus Group breaching Bybit for a record $1.5 billion in 2025. These funds are believed to directly support the Pyeongyang’s nuclear and missile development programs. Beyond financial gain, North Korean cyber units aim to gather intelligence on adversaries. Focusing heavily on the United States and South Korea, DPRK continuously strides to disrupt critical infrastructure, including at defense contractors and medical institutions. According to South Korea’s National Intelligence Service (NIS), 80 % of cyberattack attempts against South Korea’s public sector by state-sponsored or international hacking groups are attributed to North Korea, amounting to approximately 1.3 million attempts per day. The use of disguised IT workers abroad further amplifies the regime’s reach, enabling covert infiltration of foreign systems under the guise of legitimate employment.^[17],[18]

IT Worker Infiltration Tactics

The infiltration by North Korean IT workers is a state-backed initiative designed to generate revenue, gather intelligence, and enable broader cyber operations. Operatives present themselves as freelance developers or remote employees, often using stolen or fabricated identities to pass background checks. They employ VPNs, proxy servers, and remote monitoring tools to disguise their true location, frequently operating from North Korea, China, or Russia. Many of the would-be hires secure contracts through platforms like Upwork, Freelancer, LinkedIn, and GitHub, where they build convincing developer profiles and portfolios. Advanced deception techniques include AI-generated profile photos, voice-changing software, and falsified employment histories. Once hired, these workers may initially perform legitimate tasks to build trust before leveraging access for data theft, financial fraud, or insertion of malicious code.^[6],[19]

DPRK’s IT worker operations focus on sectors that provide both high revenue potential and valuable technical access. Software development roles are a primary target, offering opportunities to insert backdoors or exfiltrate proprietary code. Blockchain and cryptocurrency firms are especially attractive due to the regime’s emphasis on stealing digital assets to bypass sanctions. Campaigns, such as “Contagious Interview,” have specifically targeted crypto developers. Artificial intelligence companies are pursued for both commercial and military applications, while cybersecurity firms are infiltrated to gain insight into defensive tools and exploit zero-day vulnerabilities. By embedding operatives in these industries, North Korea not only secures illicit income but also positions itself to undermine its adversaries’ infrastructure from within.^{[6],[8],[20],[21]}

In one (1) documented case involving the U.S.-based fintech startup company Starter Labs, a North Korean operative used a stolen American identity and secured a remote developer position within the company. The worker gained access to payment processing systems and sensitive financial Application Programming Interface (APIs). While initially delivering high-quality code, the operative quietly siphoned transaction data and credentials which were later linked to fraudulent transfers and cryptocurrency theft. Investigators found that the individual had been operating from a “laptop farm” in China and remotely accessed the company-issued device via AnyDesk. This infiltration not only caused direct financial losses, but also exposed the firm to regulatory penalties for unknowingly employing a sanctioned worker. Another incident involved DPRK-linked actors using stolen credentials to infiltrate a U.S. software company’s private GitHub repository. The attackers posed as legitimate contractors and cloned sensitive source code for proprietary security tools. For weeks they maintained access by creating hidden admin accounts and leveraging proxy infrastructure to avoid detection. The stolen code was later tied to malware development efforts attributed to the Lazarus Group, suggesting the breach was part of a broader campaign to weaponize stolen intellectual property. This case underscores how infiltration by North Korean IT workers can serve as both a direct revenue stream and a force multiplier for state-sponsored cyber operations targeting the U.S. and its allies.^{[19],[21],[22],[23],[24]}

Cyberattack Patterns and U.S. Vulnerabilities

In November 2014, the Lazarus Group launched a destructive cyberattack on Sony Pictures Entertainment. The breach was reportedly in retaliation for the comedy film, The Interview, which featured two (2) fictional American journalists tasked with interviewing Supreme Leader Kim Jong Un. The retaliatory cyberattack resulted in the theft and public release of vast amounts of confidential data including unreleased films, employee records, and internal communications. The attackers deployed wiper malware to destroy data on Sony’s systems, which crippled operations for weeks. This incident demonstrated North Korea’s willingness to use cyberattacks as a tool of political coercion, targeting not only infrastructure but also free expression in the U.S.

In May 2017, the WannaCry ransomware outbreak infected more than 200,000 systems across 150 countries that included hospitals, corporations, and government agencies. The U.S. Department of Justice later charged a North Korean programmer for his role in developing and deploying the malware. WannaCry also exploited a leaked NSA-developed Windows vulnerability “EternalBlue” to spread rapidly, encrypt files, and demand Bitcoin ransom payments. While the attack caused billions in damages globally, it also revealed North Korea’s capacity to weaponize advanced exploits for indiscriminate disruption, blurring the line between cybercrime and cyberwarfare. Additionally in March 2022, the Lazarus Group was linked to the theft of approximately $615 million in cryptocurrency from the Ronin blockchain network, which supports the popular game Axie Infinity. The U.S. Department of the Treasury sanctioned the wallet address used in the heist and confirmed it was controlled by DPRK operatives. This attack highlighted North Korea’s strategic pivot toward targeting the blockchain and decentralized finance platforms, exploiting their often-lax security to generate funds for weapons programs. It remains one (1) of the largest cryptocurrency thefts in history and a prime example of how cybercrime directly supports the regime’s geopolitical ambitions.^{[25],[26],[27]}

North Korean cyber units employ a variety of attack vectors to infiltrate targets. Phishing and social engineering remain core tactics within DPRK, with operatives posing as recruiters, investors, or colleagues to trick victims into downloading malware. Supply chain compromises have also emerged as a favored method, such as the 2023 JumpCloud incident where DPRK actors inserted malicious code into a trusted software-as-a-service provider’s update processes to reach downstream customers. Additionally, North Korean hackers have demonstrated the ability to exploit zero-day vulnerabilities favoring cryptocurrency platforms and defense-related systems to gain privileged access before patches are available. The widespread adoption of remote work has also expanded their attack surface. According to the Federal Bureau of Investigation (FBI), North Korean IT workers have successfully posed as U.S.-based contractors using a mix of stolen identities, AI-enhanced photos, and “laptop farms” in the United States to spoof local logins. Many companies lack robust identity verification processes for remote hires and rely on easily forged documents and virtual interviews. This decentralized hiring environment allows DPRK operatives to embed themselves in sensitive roles from software development to cybersecurity where they can exfiltrate proprietary data or insert malicious code. Despite repeated federal advisories, many private-sector organizations remain unaware of the scale and sophistication of North Korea’s cyber tactics. The FBI has warned that DPRK IT workers often blend legitimate work with covert operations, which makes detection difficult until significant damage is done. Smaller firms, startups, and even some large enterprises often underestimate the risk and may assume that they are too minor to be targeted. This lack of awareness combined with insufficient employee training on phishing and social engineering leaves U.S. businesses vulnerable to infiltration, data theft, and extortion while also directly funding North Korea’s sanctioned weapons programs.^{[28],[29],[30],[31],[32],[33]}

Policy Recommendations

The FBI recommends that one (1) tory background checks for all remote hires. This should include direct verification of prior employment and education with listed institutions, cross-referencing identification documents with multiple databases, and the use of live on-camera verification to confirm the applicant’s location and identity. The FBI advises that companies should also scrutinize identifying documents for inconsistencies and require in-person or verified biometric checks whenever possible. Additionally, the FBI states companies should delay granting system access until all vetting is complete. These measures can help prevent the onboarding of operatives using stolen or fabricated identities. Given that many DPRK operatives are embedded in software development roles, organizations could also deploy AI-driven anomaly detection tools to monitor code contributions and system interactions. Such tools can flag unusual coding patterns, unauthorized repository access, or the insertion of obscure code that could serve as a backdoor. The North Korean IT workers’ combination of legitimate work with covert malicious activity makes behavioral analytics essential for early detection. By integrating these systems into DevSecOps pipelines, companies can identify suspicious acts or access attempts in near real-time and reduce the risk of long-term compromise. Human resources and hiring managers are often the first line of defense against infiltration, yet may lack the training to spot red flags in applications or interviews. Regular cyber hygiene training should cover common DPRK tactics such as the use of AI-generated profile photos, deep-faked video interviews, and “facilitators” who attend meetings on behalf of operatives. Training could also emphasize the importance of verifying digital footprints, such as checking for duplicate or recycled resumes and recognizing anomalies in communication patterns. Equipping HR teams with this knowledge can significantly reduce the likelihood of inadvertently hiring a sanctioned individual.^{[1],[6],[7],[34]}

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) will continue to expand sanctions against cryptocurrency wallets linked to DPRK cyber operations that are used in the laundering of stolen digital assets like the Axie Infinity hack. The sanctioning of these wallets disrupts the regime’s ability to convert stolen funds into usable currency and signals the importance of compliance to exchanges and DeFi platforms. Enhanced blockchain analytic partnerships between government agencies and private firms can further improve identification and freeze illicit funds before they are cashed out. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued multiple advisories on DPRK IT worker threats, but deeper operational collaboration with private firms is needed. This could include secure information-sharing platforms, joint threat-hunting exercises, and rapid incident response teams dedicated to suspected DPRK infiltration cases. By fostering real-time intelligence exchange, companies can receive actionable indicators of compromise (IOCs) and behavioral profiles of known DPRK tactics, techniques, and procedures (TTPs), enabling faster detection and mitigation. A sustained public awareness campaign, similar to those used for phishing and ransomware, could be launched to educate businesses, staffing agencies, and freelance platforms about the DPRK IT worker threat. This campaign could leverage case studies, red flag checklists, and provide reporting hotlines to encourage proactive defense measures. Normalizing vigilance and making infiltration awareness part of the standard cybersecurity culture the U.S. can reduce the pool of potential victims and disrupt lucrative and persistent cyber-enabled revenue streams for North Korea.^{[1],[35],[36]}

Conclusion

North Korea’s IT worker infiltration campaign represents a calculated fusion of cybercrime, espionage, and sanctions evasion that exploits the structural vulnerabilities of the global remote work economy. By embedding DPRK operatives in the U.S. and allied companies under fabricated or stolen identities, Pyongyang has created a low-cost operational environment that produces high-yield methods to generate hard currency, steal proprietary technology, and position itself for follow-on cyber operations. These actors leverage sophisticated tradecraft, such as AI-generated resumes, manipulated video feeds, VPN obfuscation, and U.S. based facilitators, to bypass conventional hiring safeguards and gain trusted access to sensitive systems. The revenue streams from these operations, the most preferred being stolen cryptocurrency, directly fund the regime’s nuclear and ballistic missile programs and transforms from what might appear to be isolated hiring fraud into a strategic national security threat. Countering this threat will require a sustained, multi-layered response that integrates corporate due diligence with government-led disruption campaigns. The private sector must adopt enhanced identity verification, continuous behavioral monitoring, and tailored training for HR and hiring managers to detect infiltration attempts before access is granted.^{[1],[23],[37]}

[1] Federal Bureau of Investigation. (2025, July 23). North Korean IT Workers Threats to U.S. Businesses. DOJ. Retrieved from https://www.ic3.gov/PSA/2025/PSA250723-4.

[2] U.S. Department of the Treasury. (2020, March 2). Treasury Sanctions Individuals Laundering Cryptocurrency for Lazarus Group. Retrieved from https://home.treasury.gov/news/press-releases/sm924.

[3] United States Attorney’s Office. (2021, February 17). 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe. DOJ. Retrieved from https://www.justice.gov/usao-cdca/pr/3-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyber-attacks-and.

[4] Bruce, T. (2025, July 8). Sanctioning Malicious North Korean Cyber Actors. Department of State. Retrieved from https://www.state.gov/releases/office-of-the-spokesperson/2025/07/sanctioning-malicious-north-korean-cyber-actors/.

[5] U.S. Department of State. (2025, August 27). U.S.-ROK-Japan Joint Statement on DPRK Information Technology Workers. Retrieved from https://www.state.gov/releases/2025/08/u-s-rok-japan-joint-statement-on-dprk-information-technology-workers/.

[6] Microsoft Threat Intelligence. (2025, June 30). Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations. Retrieved from https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/.

[7] Starks, C., Barnhart, M. et al. (2024, September 23). Staying a Step Ahead: Mitigating the DPRK IT Worker Threat. Google Cloud Threat Intelligence. Retrieved from https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat.

[8] Dutta, T. (2025, May 13). Researchers Uncovered North Korean Nationals Remote IT Worker Fraud Scheme. Cyber Security News. Retrieved from https://cybersecuritynews.com/remote-it-worker-fraud-scheme/.

[9] Johns Hopkins. (2017). The 2014 North Korean Cyber Attack on Sony and Lessons for US Government Actions in Cyberspace. Retrieved from https://apps.dtic.mil/sti/pdfs/AD1046744.pdf.

[10] Martelle, M. and Tropeano, R. (2019, February 20). Tainted Trove. National Security Archive. Retrieved from https://nsarchive.gwu.edu/news/cyber-vault/2019-02-20/tainted-trove.

[11] Cybersecurity & Infrastructure Security Agency. (2018, June 7). Indicators Associated with WannaCry Ransomware. CISA. Retrieved from https://www.cisa.gov/news-events/alerts/2017/05/12/indicators-associated-wannacry-ransomware#top.

[12] Wallace, Z. (2023, March 20). The Lazarus Group: Understanding North Korean Cybercrime. ThreatStop. Retrieved from https://www.threatstop.com/blog/the-lazarus-group-understanding-north-korean-cybercrime.

[13] Digital Finance News. (2025, August 9). An In-Depth Analysis of the Lazarus Group: North Korea’s State-Sponsored Cyber Entity. Retrieved from https://digitalfinancenews.com/research-reports/an-in-depth-analysis-of-the-lazarus-group-north-koreas-state-sponsored-cyber-entity/.

[14] Boram, P. (2024, April 23). 3 N.K. hacking groups execute concerted attacks on 10 S. Korean defense firms: police. Yonhap News Agency. Retrieved from https://en.yna.co.kr/view/AEN20240423004200315.

[15] Barnhart, M., Cantos, M. et al. (2022, March 23). Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations. Google Cloud Threat Intelligence. Retrieved from https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government/.

[16] U.S. Department of the Treasury. (2019, September 13). Treasury Sanctions North Korea State-Sponsored Malicious Cyber Groups. Retrieved from https://home.treasury.gov/news/press-releases/sm774.

[17] Bae, S. (2025, April 1). Deterrence Under Pressure: Sustaining U.S.-ROK Cyber Cooperation Against North Korea. Center For Strategic & International Studies. Retrieved from https://www.csis.org/analysis/deterrence-under-pressure-sustaining-us-rok-cyber-cooperation-against-north-korea.

[18] Stent, D. (2024, May 27). How North Korea’s Cryptocurrency Theft Supports Foreign Policy Goals. Georgetown Journal of International Affairs. Retrieved from https://gjia.georgetown.edu/2024/05/27/how-north-koreas-cryptocurrency-theft-supports-foreign-policy-goals/.

[19] Dutta, T. (2025, March 20). North Korean IT Workers Exploiting GitHub to Attack Organizations Worldwide. Cybersecurity News. Retrieved from https://cybersecuritynews.com/north-korean-it-workers-exploiting-github/.

[20] Insikt Group. (2025, February 13). Cyber Threat Analysis: North Korea, Inside the Scam: North Korea’s IT Worker Threat. Recorded Future. Retrieved from https://assets.recordedfuture.com/insikt-report-pdfs/2025/cta-nk-2025-0213.pdf.

[21] FlashPoint. (2025, May 12). Flashpoint Investigation: Uncovering the DPRK’s Remote IT Worker Fraud Scheme. Retrieved from https://flashpoint.io/blog/flashpoint-investigation-uncovering-the-dprks-remote-it-worker-fraud-scheme/?CRO1=control_%233007.

[22] FINTECH Circle. (2025, April 14). How North Korea IT Workers Are Infiltrating Fortune 500 Companies-And What it Means for Global Cybersecurity. Retrieved from https://fintechcircle.com/insights/how-north-korean-it-workers-are-infiltrating-fortune-500-companies-and-what-it-means-for-global-cybersecurity/.

[23] Yee, I., Rebane, T. et al. (2025, August 5). Inside North Korea’s effort to infiltrate US Companies. CNN. Retrieved from https://www.cnn.com/interactive/2025/08/05/world/north-korea-it-worker-scheme-vis-intl-hnk/index.html.

[24] Himmelsbach, V. (2025, October 1). North Korean agents infiltrated Atlanta mans business as ‘super talented’ IT workers, then stole $1M in crypto. MSN. Retrieved from https://www.msn.com/en-us/crime/general/like-i-was-in-a-movie-north-korean-agents-infiltrated-this-atlanta-man-s-business-as-super-duper-talented-it-workers-then-stole-1m-in-crypto/ar-AA1NEKbd.

[25] Department of Justice. (2018, September 6). North Korea Regime-Backed Programmer Charged with Conspiracy to Conduct Multiple Cyber Attacks and Intrusions. DOJ. Retrieved from https://www.justice.gov/archives/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and.

[26] Kan, M. (2018, September 6). US Charges North Korea for WannaCry, Sony Pictures Hacks. PCMag. Retrieved from https://www.pcmag.com/news/us-charges-north-korean-for-wannacry-sony-pictures-hacks.

[27] Reuters. (2022, April 15). U.S. links North Korea hacker group to Axie Infinity crypto theft. CBS News. Retrieved from https://www.nbcnews.com/tech/crypto/north-korea-lazarus-axie-infinity-crypto-theft-rcna24518.

[28] Microsoft Threat Intelligence. (2024, November 22). Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON. Microsoft Defender Threat Intelligence. Retrieved from https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/.

[29] Larsen, A., Kelly, D. et al. (2023, July 24). North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack. Google Cloud Threat Intelligence. Retrieved from https://cloud.google.com/blog/topics/threat-intelligence/north-korea-supply-chain/.

[30] Paganini, P. (2024, October 19). North Korea-Linked APT37 Exploited IE Zero-Day In A Recent Attack. Security Affairs. Retrieved from https://securityaffairs.com/169983/apt/north-korea-apt37-ie-zero-day.html.

[31] Perry, B., Kinslow, T. et al. (2025, March 20). FBI Warns of Hidden Threats in Remote Hiring: Are North Korean Hackers Your Newest Employees. National Law Review. Retrieved from https://natlawreview.com/article/fbi-warns-hidden-threats-remote-hiring-are-north-korean-hackers-your-newest.

[32] Martinez, A. (2025, April 25). North Korean Hackers Pose as Remote Workers to Infiltrate U.S. Firms. Forbes. Retrieved from https://www.forbes.com/sites/alonzomartinez/2025/04/25/north-korean-hackers-pose-as-remote-workers-to-infiltrate-us-firms/.

[33] Federal Bureau of Investigation. (2025, January 23). North Korean IT Workers Conducting Data Extortion. DOJ. Retrieved from https://www.ic3.gov/PSA/2025/PSA250123.

[34] Verosint Team. (2025, August 21). Detect and Stop North Korean IT Worker Infiltration. Retrieved from https://verosint.com/post/detect-and-stop-north-korean-it-worker-infiltration.

[35] Office of Foreign Assets Control. (2022, May 16). Publication of North Korea Information Technology Workers Advisory. U.S. Department of the Treasury. Retrieved from https://ofac.treasury.gov/recent-actions/20220516.

[36] Department of Justice. (2025, January 23). Two North Korean Nationals and Three Facilitators Indicted for Multi-Year Fraudulent Remote Information Technology Worker Scheme that Generated Revenue for the Democratic People’s Republic of Korea. DOJ. Retrieved from https://www.justice.gov/opa/pr/two-north-korean-nationals-and-three-facilitators-indicted-multi-year-fraudulent-remote.

[37] Cyber Centaurs Team. (2024, October 26). Unmasking North Korean IT Infiltration. Retrieved from https://cybercentaurs.com/blog/unmasking-north-korean-it-infiltration/.

Introduction

Longstanding tensions and the ongoing conflict between Israel and Iran have significantly contributed to the current geopolitical landscape, including ideological divides, nuclear fears, and conflicting visions for the Middle East. Amid Israel’s actions in Gaza in response to the attacks of 07 October 2023, Iran’s attack on Israel with ballistic missiles in 2024 escalated tensions. Isreal subsequently used their air force to dismantle Iranian air defenses, attack military targets, and set conditions for the U.S. to bomb three (3) nuclear facilities in June of 2025. As all sides calculate their next moves, Iran’s proxy militias are targeting Israeli and U.S. forces.

Conflict Origins

The Israel-Iranian conflict commenced with Iran’s Islamic Revolution in 1979. Prior to the revolution, Israel and Iran shared military and diplomatic ties. When the revolution began, ties between the two (2) parties disintegrated, and Tehran’s foreign policy emphasized opposing Western influence. The conflict gave way to decades of ideological tension and Iran’s self-appointed leadership role in the region. As such, Iran has helped arm and support proxy militias like Hezbollah and the more nebulous ideology of Islamic Jihad. Iran has historically leveraged these proxy groups to pressure and harass Israel. Since the start of the conflict in Gaza, the Houthi rebels in Yemen have also targeted Western shipping interests in the Red Sea, disrupting global trade. However, the use of proxy networks is not new and was already underway in 1984 when the U.S. designated Iran as a state sponsor of terrorism.^{[1],[2],[3],[4]}

To further their agenda, Iran has leveraged its Islamic Revolutionary Guard Corps (IRGC), which has its own chain of command and deployable assets separate from the regular Iranian military. Because the IRGC also operates through other groups via its Quds Force (including the Houthis in Yemen, Hamas in Gaza, and Hezbollah in Lebanon), the U.S. Department of State designated its Quds Force as a Foreign Terrorist Organization (FTO) in April 2019. While the proxy groups leveraged by the IRGC may not always align ideologically, a transactional relationship exists among them. The proxy groups carry out attacks, and Iran ensures that they receive the proper training, intelligence, money, and weapons for their operations.^[5]

Military support to Israel initially began after it was recognized as a nation by President Truman in 1949 and escalated in 1967 following the Six-Day War. Israel has continued to rely upon Washington to improve their technological, military, and strategic capabilities. While tensions in the region may ebb and flow, this support is still leveraged to support shadow warfare by Israel including targeted strikes, cyberattacks, and sabotage operations. These background operations are engaged in by both nations and have deepened the conflict even further, as both Israel and Iran will maintain plausible deniability. However, most recently, the Iranian nuclear program has become a primary target of overt Israeli efforts.^[1],[6]

In July 2015, Iran and other world powers announced the Joint Comprehensive Plan of Action (JCPOA), which was an agreement that would limit the enrichment of uranium by Tehran and lift economic sanctions. However, the next presidential administration withdrew the U.S. from the agreement in May 2018. Following the withdrawal, there was an increase in Israeli attacks against Iran’s nuclear program. During 2020, an Iranian centrifuge production plant at Natanz was attacked, and an Iranian military nuclear scientist was assassinated later in the year. Both acts were attributed to Israeli efforts. In April 2021, another major power outage and sabotage event struck Natanz, damaging centrifuge cascades. Israel was the suspected actor but has maintained plausible deniability.^[7]

 Operation Rising Lion

 While Iranian nuclear efforts were initially supported by the U.S. in the 1950s for energy purposes, the 1979 Islamic Revolution ended U.S. support and focused Tehran’s efforts on nuclear weapons. Then in 2012, Israeli Prime Minister Netanyahu created a “red line” that stated Israel would act if Iran increased their nuclear capabilities and came close to acquiring enough uranium for a nuclear weapon. Iran broke the red line in April 2025 and received a 60-day warning from U.S. President Donald Trump to halt nuclear production. On 13 June 2025, day 61 since the warning, Israel executed a series of strikes targeting the Iranian nuclear threat in what it called Operation Rising Lion.^[8]

Named for its Biblical and symbolic roots, Operation Rising Lion is intended to portray Israel as a strong force while referencing pre-1979 Iranian flags through the emblem of a lion standing before a rising sun. The operation’s mission has primarily been to garner international and domestic support and deter Iran’s nuclear plans. On 13 June 2025, Operation Rising Lion was initiated by Israel to target Iranian military and nuclear infrastructure. Israel claimed to have planned the operation for several years. Seven (7) days after the operation began, the U.S. conducted missile strikes on specific Iranian nuclear facilities in Operation Midnight Hammer.^[8]

Recent Developments

As of late 2024 and mid-2025, Israel has launched preemptive precision strikes against Iranian-linked facilities related to nuclear research, weapons depots, and missile programs. As shown in the figure below, intelligence confirmed that Iranian nuclear facilities were attacked in Natanz and Isfahan.^[1]

 

 

 

 

 

 

 

Figure 1 – Israeli Attacks on Iran^[1]

While these strikes were occurring, regional proxy groups continued to clash with Israeli special forces. Iranian proxy militias in Lebanon also increased the frequency of exercises near the Israeli border and escalated their threats. Hezbollah increased exercises and long-range missile acquisitions. As Iran expanded its reach in Syria, Iranian officials also issued threats of retaliation for future attacks. Warnings increased after the Israeli offensive in June of 2025. During the offensive, Iran attacked Israeli infrastructure with missiles and drones.^[1]

In June 2025, Iranian military and nuclear infrastructure have been struck by Israeli drones and warplanes. As Iranian forces continued to attack via drone and missile strikes in June, Israeli forces targeted the Iranian energy industry. However, some Iranian ballistic missiles and drones were able to evade Israeli air defenses and hit buildings in the middle of the country.^[7],[9]

In July 2025, Iran’s internal divisions became increasingly evident in the post-war environment. Both hardliners and moderates continued to air opposing views during this time. Moderates have supported de-escalation efforts with the U.S., while hardliners have rejected negotiations over Iran’s nuclear capabilities. Iranian parliamentarians opposed collaboration with the International Atomic Energy Agency (IAEA) and advised that negotiating with the U.S. could be seen as weakness, which could result in increased U.S. sanctions or subsequent military strikes. However, the U.S. has not expressed interest in entertaining Iranian demands.^[10]

Following the June 2025 attack, the E3 (the United Kingdom, France, and Germany) has set a deadline for the Iranian regime to resume U.S. nuclear negotiations. The goal is to work toward a diplomatic resolution of the ongoing nuclear issue and to encourage renewed cooperation with the International Atomic Energy Agency (IAEA). An Iranian delegation met with E3 officials in Geneva, Switzerland on 26 August 2025 to discuss the potential activation of snapback sanctions. The E3 have indicated that unless Iran confirms a robust agreement, the snapback mechanisms could be triggered, resulting in United Nations Security Council (UNSC) sanctions. Although the E3 offered to postpone the deadline to October 2025 to provide Iran additional time for negotiations, Iran has rejected this extension, citing concerns that it would allow the E3 to activate the snapback mechanism.^[11]

Iranian leadership has also rejected reformist officials’ recent calls to evolve its foreign and domestic policies. In a speech by Iranian Supreme Leader Ali Khamenei on 24 August 2025, reformist calls were rejected, as Khamenei claimed that Iran’s enemies are attempting to sow discord in the country. However, on 13 August 2025 former Iranian President Hassan Rouhani prompted the regime to reduce tensions with the West, make concessions for the Iranian people, and improve social resilience. On 17 August 2025, the Iranian Reformist Front also issued a statement urging foreign policy shifts and political reforms. Khamenei has ultimately rejected these claims and remains opposed to direct collaboration with the U.S.^[11]

Regional and Global Implications

 The conflict has garnered an international response and significantly increased public attention. The U.S. has also become increasingly involved, with Washington’s continued public support of Israel. With the fear of broader regional war, officials have advised restraint. However, a hedging strategy has been observed with U.S. naval and air assets repositioned close to the Persian Gulf. The escalation of conflict has impacted partnerships and raised concerns over a potential collapse of nuclear non-proliferation efforts. Currently, the international community remains divided.^[1]

The potential economic, political, and military ramifications continue to impact both Israel and Iran, the broader Middle East, and global partners as a whole. A larger Middle Eastern war remains the top concern of all parties. Proxy militia groups feed into this fear and may cause the conflict to further escalate. An ill-timed strike might compel outside actors like Jordan, Iraq, and the Gulf states to enter into the conflict.^[1]

Despite controversy, even among some of its allies,, U.S. support of Israel has been reinforced during the escalation of conflict in 2025. With eastern Mediterranean and Persian Gulf deployments, U.S. naval forces have served as a deterrent and a force of solidarity with Tel Aviv. Other states like Qatar, the UAE, and Saudi Arabia have had to tread lightly during the conflict. Public opinion has significantly impacted cooperation with both Iran and Israel. Overall, outside governments have promoted de-escalation with the fear of declining their national interests in the middle of the conflict.^[1]

In the immediate future, there are multiple courses of action to pursue. These possibilities include prolonged but contained conflict, limited de-escalation, and regional war. Limited de-escalation would require both sides to agree to scale back operations and limit future strikes. This option would involve increased levels of diplomacy and input by neutral parties like Turkey, Oman, or other European entities. The second option of prolonged but contained conflict would involve back and forth attacks such as missile exchanges, cyberattacks, and skirmishes by proxy groups. However, these actions would have to avoid crossing a red line, thereby prompting a larger full-scale war. Both Iran and Israel may revert to this state if tensions stabilize. Finally, regional war would involve various Middle Eastern and global groups, including non-state actors, and would result in civilian casualties, impact regional stability, and weaken the global economy.^[1]

[1] Ellis, H. (2025, June 19). Israel-Iran Conflict 2025 Explained: Timeline, Causes & What’s Next. Defense Feeds. Retrieved from https://defensefeeds.com/analysis/conflicts/israel-iran-conflict/.

[2] Kumar, A. (2025, June 15). From 1967 To 2025: A 58-Year Timeline Of Tensions, Hostilities Between Israel and Iran. Times Now. Retrieved from https://www.timesnownews.com/world/ middle-east/israel-iran-war-conflict-timeline-1967-to-june-2025-tensions-missile-attack-tel-aviv-tehran-article-151962721#google_vignette.

[3] Kaur, H., Kottasová, I. (2020, January 20). The US-Iran conflict: A timeline of how we got here. CNN. Retrieved from https://www.cnn.com/interactive/2025/06/world/us-iran-conflict-timeline-dg/.

[4] Byman, D., Jones, S., & Palmer, A. (2024, October 4). Escalating to Wat between Israel, Hezbollah, and Iran. CSIS. Retrieved from https://www.csis.org/analysis/escalating-war-between-israel-hezbollah-and-iran

[5] Council on Foreign Relations. (2023, September 16). A historical timeline of U.S. relations with Iran. PBS News. Retrieved from https://www.pbs.org/newshour/world/a-historical-timeline-of-u-s-relations-with-iran?1.

[6] Mansfield, E. (2025, June 24). Timeline: See how 70 years of history led to the U.S. bombing in Iran. USA Today. Retrieved from https://www.usatoday.com/story/graphics/2025/06/24/us-iran-israel-timeline-history-1953-1979-2025/84307399007/.

[7] Associated Press. (2025, June 15). Timeline of tensions and hostilities between Israel and Iran. Associated Press. Retrieved from https://apnews.com/article/israel-iran-timeline-tensions-conflict-66764c2843d62757d83e4a486946bcb8.

[8] FIRM Staff. (2025, June 26). Operation Rising Lion: Israel and Iran at War. FIRM. Retrieved from https://firmisrael.org/learn/operation-rising-lion-israel-and-iran-at-war/.

[9] U.S. Naval Institute Staff. (2025, June 27). Report to Congress on Israel-Iran Conflict, U.S. Strikes. USNI News. Retrieved from https://news.usni.org/2025/06/27/report-to-congress-on-israel-iran-conflict-u-s-strikes.

[10] Rezaei, B., Morrison, N., Borens, A., Wells, K., Schmida, B., Reddy, R., Carter, B., (2025, July 10). Iran Update, July 10, 2025. ISW. Retrieved from https://www.understandingwar.org/ backgrounder/iran-update-july-10-2025.

[11] Borens, A., Rezaei, B., Moorman, C., Fattah, A., Schmida, B., Wells, K., Moore, J., & Ganzeveld, A. (2025, August 25). Iran Update, August 25, 2025. ISW. Retrieved from https://www.understandingwar.org/backgrounder/iran-update-august-25-2025.

Introduction

On 20 January 2025, Executive Order 14157 redesignated certain drug cartels and transnational criminal organizations (TCOs) as foreign terrorist organizations (FTOs) and specially designated global terrorists (SDGTs). Under E.O. 14157, the United States Department of State redesignated Tren de Aragua (TdA), Mara Salvatrucha (MS-13), the Sinaloa Cartel, the Jalisco New Generation Cartel (CJNG), the Northeast Cartel (CDN), the New Michoacán Family (LNFM), United Cartels (CU), and the Gulf Cartel (CDG) as such.^[1]

Overview

TdA has operations in the U.S., Venezuela, Colombia, Peru, Chile, Ecuador, Bolivia, and Brazil. The organization is involved in kidnappings, extortion, bribery, targeted assassinations, and has sanctioned the killing of American law enforcement officials. MS-13 has operations in El Salvador, Honduras, Guatemala, Mexico, and within the U.S. The group has conducted targeted assassinations and IED bombings against both government officials and civilians in El Salvador, where the group controls territory through violent intimidation. The Sinaloa Cartel in Sinaloa, Mexico, has also committed murders, kidnappings, and intimidation of government officials and civilians. The Sinaloa Cartel brings large quantities of illegal drugs, including fentanyl, into the U.S. CJNG is based in Mexico but has connections in the Americas, Australia, China, and Southeast Asia. The cartel is involved in extortion, theft of oil and minerals, migrant smuggling, the arms trade, and drone strikes against Mexican law enforcement and military personnel, along with targeted assassinations against Mexican officials. CDN is present in northeastern Mexico and has perpetrated attacks against government officials. The group also engages in kidnapping, extortion, human smuggling, and drug trafficking. LNFM is based in several Mexican states and has attacked government officials using explosives and unmanned aircraft system (UAS) strikes. LNFM is also involved in kidnapping, extortion, and drug trafficking. CDG has operations in northeast Mexico where it engages in kidnapping, extortion, human smuggling, drug trafficking and assassinations of government officials and civilians. CU is composed of multiple cartels in Michoacán, Mexico; the organization has been involved in the death of military and law enforcement personnel, along with civilians.^[2]

Background

According to the Federal Bureau of Investigation (FBI), TCOs are groups that engage in organized illegal activity for profit. Ideological concerns are usually secondary. Foreign Terrorist Organizations (FTOs) are designated in accordance with sections of the Immigration and Nationality Act (INA) and meet the following standards: being a foreign organization, engaging or having the capability or intent to engage in terrorism or supporting activity, and threatening U.S. national security or American nationals. An FTO designation is intended to impede funding for terrorism, isolate an organization, deter transactions with the named FTO, increase public awareness, and garner support from other nations and governments. FTOs are generally subject to more significant penalties than TCOs.^{[3],[4],[5],[6]}

As these respective types of organizations have evolved their tactics, techniques, and procedures (TTPs), there has been a growing convergence between TCOs and FTOs. The line between an act of terror and a criminal act is increasingly blurred. TCOs that are not driven by ideologies like traditional terrorist organizations still have the motivation to act in ways that parallel them. Section 140 (d)(a) of the Foreign Relations Authorization Act defines terrorism as an act of violence that is both politically motivated and premeditated. Cartels in Mexico have been intertwined in Mexican politics for decades, fostering or forcing advantageous circumstances for their illicit activities. The political motivations for cartels can be distinguished from those of FTOs because they are a means to an end, which is to amass power and support their illegal operations. However, the recent designation of multiple TCOs as FTOs was ordered as a result of TTPs that mirror terrorist activity.^[5],[7]

The majority of the TCOs designated as FTOs are based in Mexico. The rise of Mexican Transnational Criminal Organizations (MTCOs) is the culmination of both historical efforts by law enforcement and legitimate trade agreements. Several Colombian cartels were disrupted in the 1990s by U.S. and Colombian joint efforts to fight the drug trade in the Caribbean, leading to a transition in smuggling routes in which cocaine and methamphetamines traveled through Mexican terrain via area cartels. In 1994, the North American Free Trade Agreement (NAFTA) between the U.S., Canada, and Mexico removed tariffs on legal trade but also facilitated illegal imports. The Institutional Revolutionary Party (PRI) gained power through a centralized political system and became the dominant political party in Mexico for 71 years. The reigning PRI had, in effect, formerly controlled the reach of MTCOs to an extent by working with the cartels but also restraining their influence. The decline of the PRI in the 1980s and 90s led to a power struggle between cartels to seize plazas and take over drug markets. These factors led to the growth of sophisticated cartel monopolies throughout Mexico that mirror globalized conglomerates and operate as quasi-governmental organizations in certain areas. These cartels have established dominion over most illicit traffic through the U.S. southern border.^[1],[7],[8]

Criminal and Terror Activity and Operations

Historically, many FTOs have been involved in drug trafficking, arms trafficking, and money laundering to finance their operations. For example, the Revolutionary Armed Forces of Colombia (FARC) is a Marxist insurgency that has been designated by the U.S. government as an FTO due to its long-term involvement in bombings, kidnappings and assassinations. FARC has used drug trafficking to support its political activities and seize control over areas where populations are dependent on the cultivation and trade of illicit crops. FARC was already bringing in between $60 and $100 million annually by the 1990s. The Taliban originally became involved with drug trafficking to consolidate political power and now relies heavily on profits from illicit activity. The Afghan poppy trade was estimated to have brought in $416 million in 2020. Terrorist operations are expensive: recruitment, compensating members and informants, and purchasing equipment all require financing. Criminal enterprises bring in significant funds and simultaneously aid FTOs in guarding operations from detection. Drug trafficking constitutes an enormous revenue stream for these newly designated organizations, and profits in Mexico are estimated to be in between $30 to $35 billion a year. The designated FTOs have established relationships with American drug trafficking organizations to distribute and sell illicit substances, fueling both criminal violence and the overdose crisis in the U.S. In 2024, 84,076 Americans died from a drug overdose. Illicit activities by designated FTOs include, but are not limited to, drug trafficking, extortion, money laundering, theft of oil and gasoline, migrant smuggling, human trafficking, arson, and counterfeiting.^{[7]],[9],[10]}

For the newly designated FTOs, drug trafficking has been used to fund military-grade weapons and training, all of which are necessary to intimidate, coerce, and threaten the public, the government, and other organizations. The CDN was recruited from the Mexican Army’s Airborne Special Forces Group (GAFEs) and the Guatemalan Kiabiles Special Forces. Both groups have sophisticated expertise in intelligence, communications and countersurveillance operations, as well as training in military-grade weapons and irregular warfare. This creates a climate where cartels resemble paramilitary forces rather than simply drug trafficking organizations. In many cases, the criminal activity of designated FTOs has grown to resemble traditional terror TTPs. For example, MTCOs leverage social media in a manner similar to al-Qaeda by recording and uploading videos depicting extreme violence. Extortion has also escalated to the point that the Mexican government has compared several incidents to acts of terror. On 25 August 2011, the CDN set fire to the Casino Royale San Jeronimo, which resulted in the death of 53 individuals, after the casino’s owners failed to make an extortion payment. These deliberately extreme and provocative acts of retaliation have a profound psychological impact on both the Mexican government and the public.^[7],[11]

The recently designated FTOs also conduct targeted assassinations, bombings, and attacks on critical infrastructure as well as kidnappings. In order to secure their illicit operations and threaten competition, the Sinaloa Cartel has regularly been involved in kidnappings, leading to a State Department ban on government travel in states where the cartel is based. The frequency of kidnappings, assassinations, and other forms of extreme violence perpetrated by the Sinaloa cartel has had implications for both American security interests and foreign relations. The CDG kidnapped four (4) American citizens in 2023 and detonated explosives at a U.S. consulate in 2008. The JNGC assassinated the former Governor of Jalisco State, Aristoteles Sandoval, and has been connected to more than 100 assassinations of government officials in all three (3) branches of Mexican government. These assassinations and attacks demonstrate a threat to American national security interests by eliminating potential governmental allies in foreign relations and joint counter- drug-trafficking plans, as well as threatening cross-border trade. FTOs also use UAS to surveil and circumvent U.S. Customs and Border Patrol (CBP) operations, posing a threat to personnel, aircraft, and border security. Cartels within Mexico have even conducted drone strikes against both Mexican law enforcement and rival cartels in the past, raising the possibility of similar attacks against CBP assets or personnel.^{[7],[12],[13]}

Complicity of Mexican Government and Law Enforcement

The wealth and capabilities of the cartels have grown substantially. Consequently, Mexican government and law enforcement agencies often lack the capacity to control them and sometimes become complicit in their dealings. De facto paramilitary groups using irregular warfare TTPs cannot easily be compared to the typical organized criminal gangs that law enforcement agencies are more qualified to handle. Bribery and corruption may also pose a threat, as cooperating law enforcement officials may impede investigations and diminish the general public’s confidence, leading to unreported crimes. An estimated 90% of crimes in Mexico go unreported, and between 72% and 77% of Mexican citizens believe the police are mostly or completely corrupt. In 2019, the largest survey on citizen perception of corruption, the Global Corruption Barometer, found that bribes were reported to have been taken in 52% of police cases that interacted with the surveyed Mexican population. This data was collected from individuals that had contact with police within the previous year.^{[7],[14],[15]}

Figure 1 – Perception of Corruption in Mexican Institution^[16]

Political corruption also puts U.S. and Mexican joint security measures at an impasse. Bilateral security cooperation is affected by a lack of trust on either side. For example, money generated by drug trafficking in the U.S. can be used by the newly designated FTOs to bribe government and security officials, who can, in turn, undermine American efforts to combat drug operations. In some cases, money laundering from corrupt Mexican officials is conducted through the U.S. by means of real estate and business transactions. Security cooperation between the U.S. and Mexico has been difficult in the past, illustrated by the collapse of the Mérida Initiative. After a Mexican defense minister was arrested on drug charges through an investigation by the U.S. Drug Enforcement Agency in 2020, Mexico’s parliamentary body, Congreso de la Unión, passed a law that requires foreign agents to report any intelligence they obtain to Mexican federal authorities, which restricted U.S. law enforcement operations. The Mérida Initiative, which sought to fight corruption in Mexico and combat drug, weapons, and bulk currency trafficking from the U.S. into Mexico, saw most of its programs come to a halt. The implications of the FTO designation may include increased tensions with Mexican officials as corruption cases will be increasingly scrutinized, potentially impeding cooperation and intelligence sharing. On the other hand, the designation could motivate the Mexican government to revert from its semi-isolationist posture concerning operations on the border so as to not let the U.S. make additional policy decisions without its input.^{[12],[16], [17],[18]}

Statute 18 U.S.C. §2339B prohibits any “material support or resources” granted to FTOs and enforces civil or criminal penalties under U.S. counterterrorism designations. Material support statutes may apply regardless of impact on commerce and can reach beyond U.S. borders if dealings are committed outside of the country. Any transaction that provides material support between a citizen or an entity and an FTO may result in criminal penalties, whether or not a transaction was deliberate or had any material consequences. Material support is very broadly defined. Support can consist of financial resources, property, arms, personnel, documents, equipment, transportation, housing, counsel, as well as payments for extortion, protection, or ransom. While the First Amendment of the U.S. Constitution protects the speech of American citizens, even verbal support for FTOs, material support of any kind is a crime.^[19],[20]

In the past, by using the material support statute, the U.S. has been able to interrupt ISIS fundraising via false charities and cryptocurrency laundering. The U.S. Treasury Department, by 2020, froze over $22 million in assets that were associated with Hezbollah. In 2022, the U.S. Department of Justice (DOJ) used a wire transfer through a U.S. bank account and U.S. email accounts to prosecute French cement company Lafarge for providing material support to ISIS and the al-Nusrah Front, resulting in an agreement to pay $778 million in fines.^[12],[19]

On 05 February 2025, U.S. Attorney General Pam Bondi issued a memorandum that removed approval requirements to prosecute drug cartels on the basis of terrorism charges, expediting the process. This means that the Material Support statute and the Racketeer Influence Corrupt Organizations (RICO) Act are much easier to leverage. The RICO Act permits civil lawsuits against individual entities within criminal organizations with more severe penalties. The RICO Act can also be used to penalize leading individuals in criminal groups, therefore directing penalties against and destabilizing entire organizations. By removing complex requirements, attorneys and prosecutors will possibly have more motivation to use these tools. However, the review process for RICO was formulated to establish universal usage of the act. This may lead to discrepancies in criminal and civil cases in terms of whether or not statutes are utilized. The DOJ’s National Security Division has also re-tasked anti-money laundering teams through the Foreign Corrupt Practices Act (FCPA) and allocated forfeiture prosecutors to aid in drug trafficking and cartel cases.^{[21],[22], [23]}

The recent FTO designation marks a transition in strategies for sanctions compliance among both U.S. and non-U.S. entities due to increased uncertainty over the gap of regulatory risk between legal frameworks for FTOs as compared to TCOs. The cartels have long been intertwined with Mexico’s economy. Front businesses, shell companies or other tactics to launder money may pervade many industries in areas such as agriculture, transportation, retail or real estate. American businesses run an elevated risk of breaking the law by interacting knowingly or unknowingly with FTOs that permeate these sectors. Financial institutions will likely develop a more mindful posture, as there is a significant increase in both of U.S. jurisdictional reach and unclarified questions within applicable statutes. The scope of the sanctions risk concern is wide-ranging and covers foreign subsidiaries of domestic companies, joint ventures, and international businesses.

Jurisdictional Implications and U.S. Agency Direction

The 1981 Executive Order 12333 on United States Intelligence Activities grants intelligence agencies the authority to gather intelligence outside of the U.S. Intelligence efforts are often determined by the priorities of the federal administration, which is currently focused on drug cartels across the border.^[21],[26]

The Foreign Intelligence Surveillance Act (FISA) authorizes the interception of electronic signals through U.S. communications providers. As of 2024, Congress has re-authorized FISA to include counternarcotics when defining foreign intelligence. Section 702 of FISA permits the collection of foreign intelligence information from non-U.S. persons outside of the country. The designation of certain cartels as FTOs recognizes classified information associated with them as “foreign intelligence,” which is subject to Section 702 collection. Conversely, Title I of FISA may be more useful in investigations. Title I of FISA authorizes the collection of information from U.S. corporations or individual entities if the Foreign Intelligence Surveillance Court (FISC) determines, by probable cause, that an intelligence target is an agent of a foreign power. FISA defines a foreign power as an organization involved in international terrorism, and FTO designations have been previously used to fulfill FISC requirements.^[21],[27]

There are many other resources used in combating terrorist threats to the U.S. that have been leveraged following the designation. The Organized Crime Drug Enforcement Task Force (OCDETF) was developed to disrupt transnational criminal organizations and was included in the President’s Strategy to Combat Transnational Organized Crime, as well as Executive Order 13773, which gave the task force further direction. The OCDETF has focuses on narcotics and financial criminal activity. The International Organized Crime Intelligence and Operations Center (IOC-2) works closely with the OCDETF and has a component to investigate non-drug operations, which expands its purview over cartels. The FBI’s Joint Terrorism Task Forces (JTTFs) coordinate through the National Joint Terrorism Task Force in efforts against terrorism and towards interagency collaboration. U.S. President Donald Trump issued orders to establish Homeland Security Task Forces (HSTFs) in all states for the purpose of dismantling criminal cartels. The HSTFs will be manned by agencies that also staff and contribute to OCDETF and JTTFs, facilitating intelligence sharing. Current operations Liquid Death and Take Back America are pooling the efforts of many U.S. agencies including the DEA, FBI, ICE-HIS and IRS CI, illustrating the current administration’s emphasis on its efforts to eliminate cartels.^{[21],[28],[29],[30],[31]}

Outlook

The State Department’s aggressive expansion of FTO designations escalates the risks of operations and financing for these organizations. Money laundering networks may also become less effective or gain new vulnerabilities Cartel leadership may also face aggressive targeting. Designated FTOs may be forced to adopt more caution in recruiting new members. As of May 2025, two (2) individuals have been indicted under Material Support, money laundering and smuggling charges in South Texas connected to the CJNG. This indicates that the DOJ will likely escalate prosecutions related to the designated FTOs. U.S. businesses may engage in due diligence overhauls to ensure sanctions compliance based on the increased risk of exposure to Material Support statutes. Any direct or indirect involvement with designated FTOs has the potential for severe civil or criminal penalties, and actions such as processing money laundered by the cartels or extortion payments will face higher scrutiny. As the U.S. boasts a robust economy, cartel operations will likely face resistance, as transactions through American financial institutions and operations may experience asset freezes, depending on exposure.^{[12],[24],[31]}

The new U.S. designations were recognized by Canada on 20 February 2025 when the Canadian government branded seven (7) of the cartels in question as terrorist entities. On the other hand, the Mexican government’s outlook on this matter is still uncertain. Relations between the U.S. and Mexico may be strained following the designations, as it presents the U.S. with enhanced jurisdictional powers to collect and act on intelligence in Mexico without the government’s consent, with the potential to be seen as undermining its national authority. The dispute regarding what other governments define as “terrorism” may potentially lead to fallout both internationally and domestically. Some FTOs (notably Hamas and Hezbollah) already attempt to use their political activities to feign legitimacy. However, if this recent series of designations sets a precedent, and other instances follow, American legal and federal systems may see a drastic increase in the number of qualifying FTO-related investigations.^[32],[33]

[1] President Trump, Donald. (2025, January 20). Executive Order 14157: Designating Cartels and Other Organizations as Foreign Terrorist Organizations and Specially Designated Global Terrorists. Federal Register. Retrieved from https://www.hsdl.org/c/view?docid=894766.

[2] U.S. Department of State. (2025, February 20) Designation of International Cartels. U.S. Department of State. Retrieved from https://www.state.gov/designation-of-international-cartels/.

[3] Bureau of Counterterrorism. Foreign Terrorist Organizations. U.S. Department of State. Retrieved from https://www.state.gov/foreign-terrorist-organizations/.

[4] Office of the Coordinator for Counterterrorism. (2008, April 8). Immigration and Nationality Act Section 212. U.S. Department of State Archive. Retrieved from https://2001-2009.state.gov/s/ct/rls/fs/08/103399.htm/.

[5] Office of the Coordinator for Counterterrorism. (2008, April 8). Foreign Relations Authorization Act, Fiscal Years 1988 and 1989: Terrorism Definition. U.S. Department of State Archive. Retrieved from https://2001-2009.state.gov/s/ct/rls/fs/08/103401.htm.

[6] Federal Bureau of Investigation. Transnational Organized Crime. Federal Bureau of Investigation. Retrieved from https://www.fbi.gov/investigate/transnational-organized-crime.

[7] Schofield, R. (2015, December). Crime-Terrorism Nexus, and the Threat to U.S. Homeland Security. Naval Postgraduate School (U.S.) Retrieved from https://www.hsdl.org/c/view?docid=790384.

[8] Helfgott, A. (2023, October 24). El Partido Revolucionario Institucional (PRI) – Explainer. Wilson Center. Retrieved from https://www.wilsoncenter.org/article/el-partido-revolucionario-institucional-pri-explainer.

[9] Drug Enforcement Administration. (2025, May). 2025 National Drug Threat Assessment (NDTA). Drug Enforcement Administration. Retrieved from https://www.hsdl.org/c/view?docid=895355.

[10] Felhab-Brown, V. (2021, September 15). Pipe dreams: The Taliban and drugs from the 1990s into its new regime. Brookings. Retrieved from https://www.brookings.edu/articles/pipe-dreams-the-taliban-and-drugs-from-the-1990s-into-its-new-regime/

[11] Manwaring, M. (2009, January 9). A “New” Dynamic in the Western Hemisphere Security Environment: The Mexican Zetas and Other Private Armies. US Army War College. Retrieved from https://press.armywarcollege.edu/cgi/viewcontent.cgi?article=1620&context=monographs.

[12] Witte, C. (2024, April 5) From the Halls of Montezuma: The Promise and Pitfalls of Designating Mexican Drug Cartels as Foreign Terrorist Organizations. Center on Law, Ethics and National Security. Retrieved from https://sites.duke.edu/lawfire/files/2024/04/Witte_Final_LENS_Essay_ Combined.pdf.

[13] U.S. Government Publishing Office. (2022, March 31). Assessing the Department of Homeland Security’s Efforts to Counter Unmanned Aircraft Systems, Joint Hearing Before the Subcommittee on Oversight, Management, and Accountability and the Subcommittee on Transportation and Maritime Security of the Committee on Homeland Security, House of Representatives, One Hundred Seventeenth Congress. U.S. Government Publishing Office. Retrieved from https://www.hsdl.org/c/ view?docid=868550.

[14] Aldana, A. et al. (2022, November 10). Modeling the role of police corruption in the reduction of organized crime: Mexico as a case study. Scientific Reports. Retrieved from https://www.nature.com/articles/s41598-022-23630-x.

[15] Pring, C et al. (2019, September). Global Corruption Barometer: Latin America & The Caribbean 2019. Transparency International. Retrieved from https://images.transparencycdn.org/images/ 2019_GCB_LatinAmerica_Caribbean_Full_Report_200409_091428.pdf.

[16] Martínez-Fernández, A. (2021, February). Money Laundering and Corruption in Mexico: Confronting Threats to Prosperity, Security, and the US-Mexico Relationship. American Enterprise Institute. Retrieved from https://www.jstor.org/stable/pdf/resrep30205.pdf .

[17] Congressional Research Service. (2024, October 1) U.S.-Mexico Security Cooperation: From the Mérida Initiative to the Bicentennial Framework. Congressional Research Service. Retrieved from https://www.hsdl.org/c/view?docid=892649.

[18] U.S. Department of State. (2021, March 30). 2020 Country Reports on Human Rights Practices: Mexico. U.S. Department of State. Retrieved from https://www.state.gov/reports/2020-country-reports-on-human-rights-practices/mexico/.

[19] Allen, B. et al. (2025, March 25). Understanding and Mitigating Legal and Compliance Risks Relating to Cartels and Transnational Criminal Organizations. Skadden. Retrieved from https://www.skadden.com/insights/publications/2025/03/understanding-and-mitigating-legal-and-compliance-risks-relating-to-cartels.

[20] Legal Information Institute. (n.d.). 18 U.S. Code § 2339B – Providing material support or resources to designated foreign terrorist organizations. Cornell Law School. Retrieved from https://www.law.cornell.edu/uscode/text/18/2339B.

[21] Galdo, M. (2025, April 1). The Justice Department’s Multifront Battle Against Drug Cartels. Lawfare. Retrieved from https://www.lawfaremedia.org/article/the-justice-department-s-multifront-battle-against-drug-cartels.

[22] Office of the Attorney General. (2025, February 5). Memorandum for all Department Employees: Total Elimination of Cartels and Transnational Criminal Organizations. U.S. Department of Justice. Retrieved from https://www.justice.gov/ag/media/1388546/dl?inline.

[23] 18 U.S. Code Chapter 96 Part I- Racketeer Influenced and Corrupt Organizations. Cornell Law School Legal Information Institute. Retrieved from https://www.law.cornell.edu/uscode/text/ 18/part-I/chapter-96.

[24] Knickmeyer, E. et al. (2025, February 19). Trump administration labels 8 Latin American cartels as ‘foreign terrorist organizations’. AP News. Retrieved from https://apnews.com/article/trump-cartels-foreign-terrorist-organizations-eb35567b69fc66f13f7f79fb90906a50

[25] Troutman Pepper Locke. (2025, February 24). US Declares War on Cartels: Historic Terrorist Designations Reshape Sanctions Compliance Risks. Troutman Pepper Locke. Retrieved from https://www.troutman.com/insights/us-declares-war-on-cartels-historic-terrorist-designations-reshape-sanctions-compliance-risks.html.

[26] Office of the Director of National Intelligence. (2008). Executive Order 12333: United States Intelligence Activities. ODNI. Retrieved from https://www.odni.gov/files/NCSC/documents/ Regulations/EO_12333.pdf.

[27] U.S. Code. (n.d.). Title 50, Chapter 36 [War and national defense]. Legal Information Institute. Retrieved from https://www.law.cornell.edu/uscode/text/50/chapter‑36.

[28] U.S. Department of Justice. (n.d.). About OCDETF. Organized Crime Drug Enforcement Task Forces. Retrieved from https://www.justice.gov/ocdetf/about-ocdetf.

[29] U.S. Department of Justice. (n.d.). Joint Terrorism Task Forces. Federal Bureau of Investigation. Retrieved from https://www.fbi.gov/investigate/terrorism/joint-terrorism-task-forces.

[30] The White House. (2025, January 20) Protecting the American People Against Invasion. The White House. Retrieved from https://www.whitehouse.gov/presidential-actions/2025/01/protecting-the-american-people-against-invasion/.

[31] United States Attorney’s Office Southern District of Texas. (2025, May 30). Father and son indicted for providing material support to Mexican cartel engaged in terrorism. United State’s Attorney’s Office. Retrieved from https://www.justice.gov/usao-sdtx/pr/father-and-son-indicted-providing-material-support-mexican-cartel-engaged-terrorism.

[32] Public Safety Canada. (2025, February 20). Government of Canada lists seven transnational criminal organizations as terrorist entities. Government of Canada. Retrieved from https://www.canada.ca/en/public-safety-canada/news/2025/02/government-of-canada-lists-seven-transnational-criminal-organizations-as-terrorist-entities.html.

[33] 118^th Congress. (2023, June 07). Transnational Criminal Organizations: The Menacing Threat to the U.S. Homeland. Congress. Retrieved from https://www.congress.gov/event/118th-congress/house-event/116069/text.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Introduction

In June 2023, RMC produced a White Paper entitled “China-Cuba Relations: Recent Developments and Implications for U.S. National Security.” This paper will be a continuation of the subject, providing a brief history of the longstanding relationship between China and Cuba and an update on their military and intelligence collaborations.

Background

China and Cuba’s relationship began in the mid-1800s, when Chinese laborers were brought to the island to work in the sugar industry. Following Fidel Castro’s rise to power in 1959, Cuba officially recognized the People’s Republic of China in 1960. Both revolutionary governments shared anti-imperialist views, implemented land reforms, and opposed American influence on the global stage. Over the decades, their relationship has expanded to include robust economic cooperation, with China becoming one of Cuba’s largest trading partners, along with that of other Latin America and Caribbean countries (for more information, see RMC White Paper, “Chinese Investment and Influence in Latin America and the Caribbean”). Huawei and ZTE, two (2) Chinese tech giants blacklisted by the U.S. due to concerns about espionage, serve as the foundation of Cuba’s telecommunications infrastructure. In June 2023, U.S. officials observed personnel from the companies entering and leaving suspected Chinese intelligence facilities in Cuba. Ongoing technical collaborations between Cuban institutions and Chinese state-supported universities and tech companies have also promoted the transfer of technology.^{[1],[2],[3],[4],[5]}

Signals Intelligence (SIGINT) Collection Facilities

Satellite imagery appearing on the Center for Strategic and International Studies (CSIS) website has identified SIGINT sites with suspected connections to China near Havana in Wajay, Bejucal, and Calabazar. The fourth site is in the southern part of Cuba in El Salao.^[6]

Figure 1 – Locations of Cuban SIGINT Sites^[6]

These facilities are equipped with sophisticated antenna arrays and radar systems designed to intercept electronic communications from both civilian and military sources. The densely populated southeastern U.S. coast is particularly vulnerable, as it is home to key military installations, launch sites, and strategic infrastructure.^[7]

Bejucal (Near Havana)

The Bejucal facility is the country’s largest active SIGINT site, with historical ties to Cold War espionage and proximity to former Soviet nuclear positions. Since the Cold War, Bejucal has been suspected of supporting Chinese intelligence operations. This suspicion has been echoed in U.S. government reports and political discourse. The site has undergone significant modernization over the past decade, as satellite imagery reveals the expansion of antenna fields, underground facilities, and the addition of a radome in 2014, which is likely used for electronic surveillance.^[8],[9],[10]

Recent imagery from April 2025 reveals major upgrades underway, including the removal of older antennas and construction of a large Circularly Disposed Antenna Array (CDAA), which is a Cold War-era system used for high-frequency direction finding. CDAAs can trace the origin of radio signals thousands of miles away, which could enable the monitoring of U.S. air and maritime activity. The new array at Bejucal is notably larger than the previous version on-site, increasing its potential for precision and reach.^[11],[12]

Figure 2 – Bejucal SIGINT Facility^[11]

While CDAAs have become less common in modern SIGINT due to technological advancements, they remain relevant, especially for military powers such as China, which deploys similar arrays in the South China Sea to monitor activity near contested areas. The upgraded Bejucal CDAA could enhance Cuba’s intelligence capabilities and provide valuable information to China or other adversaries, raising concerns about regional surveillance and U.S. national security.^[11],[13]

El Salao (Southern Cuba)

Roughly 500 miles southeast of Bejucal, near El Salao on Cuba’s eastern side, is another CDAA facility. This site was first publicly identified in 2024 through satellite imagery found on the CSIS website, which showed a CDAA under construction. However, by April 2025, new imagery indicated that construction had halted. Only minimal activity, such as roofing support for buildings, has occurred since then. Vegetation is overtaking the graded area, suggesting that the site is no longer actively maintained.^[11]

Figure 3 – El Salao CDAA Facility (April 2025)^[11]

If completed, the El Salao CDAA would offer a strategic position for monitoring Atlantic air and maritime traffic, particularly near U.S. Naval Station Guantanamo, which is located just 40 miles away. The halt in development raises questions. While no direct evidence publicly links China to the El Salao or Bejucal sites, and Beijing denies involvement, U.S. officials have asserted that China has access to spy facilities in Cuba. These sites remain top candidates for supporting Chinese intelligence operations. As such, continued U.S. monitoring is likely, as changes at these SIGINT facilities could signal an increase in intelligence-gathering activity against U.S. interests.^[11],[5]

Wajay (Near Havana)

A little more than six (6) miles north of Bejucal, the Wajay facility is a smaller but an expanding SIGINT site. Security fencing and guard posts indicate its use for military or sensitive operations. Since 2002, the compound has grown from a single antenna and a few buildings into a larger complex featuring 12 antennas, operations and support structures, and a small solar farm. While there is no direct evidence of China’s involvement, it is possible that Beijing is involved in the site’s development and recent upgrades. The absence of dish antennas suggests the facility is focused on terrestrial signal interception and transmission. The diversity of antenna types indicates that Wajay is engaged in a sophisticated SIGINT role.^[6]

Figure 4 – Wajay SIGINT Site (March 2024)^[6]

Calabazar (Near Havana)

Near the town of Calabazar, a small Cuban military complex exhibits clear signs of SIGINT activity. The secured site features over a dozen dish antennas of various sizes and two (2) pole antenna arrays. Consistent with typical military intelligence operations, the configuration of antennas has changed over time, reflecting shifts in the site’s mission. The most recent addition, a new dish antenna, was installed in 2016.^[6],[14]

Figure 5 – Calabazar SIGINT Site (April 2024)^[6]

Strategically, China’s access to SIGINT sites in Cuba allows it to close longstanding gaps in its global intelligence network, especially in the Western Hemisphere. These facilities enable China to monitor encrypted and unencrypted U.S. military and commercial communications, observe space launches at Cape Canaveral, and collect economic and technological data from key southern U.S. industries. Even without deciphering message contents, metadata from signals, such as their origin, timing, and frequency, can reveal valuable insights about U.S. military posture and capabilities. These developments mark a Cold War-style resurgence of foreign intelligence operations against the U.S., now powered by modern surveillance technologies.^[15],[16]

Outlook

The combination of China’s significant financial investment in Cuba’s infrastructure and the appearance of the two (2) countries collaborating on intelligence and military facilities, just 100 miles from Florida, represents a significant threat to national security due to their proximity to sensitive U.S. military and civilian infrastructure. The southeastern U.S. is home to critical Department of Defense (DoD) assets, including CENTCOM, SOUTHCOM, Cape Canaveral, Kennedy Space Center, and multiple submarine bases. By intercepting signals in this region, China could build a clearer picture of U.S. force posture, military exercises, and potentially even response times, which would be valuable in any future conflict or geopolitical standoff.

If China uses these signal-collecting sites, it marks a shift in Beijing’s intelligence capabilities. Historically limited in the Western Hemisphere, China is now closing that gap through access to Cuban infrastructure. This gives Beijing greater reach to monitor U.S. satellite launches and strategic communications. It also allows for telemetry and tracking of space-based assets, potentially compromising American advantage in space and near-Earth surveillance. This would also force the DoD to contend with not only Chinese military modernization in Asia but also a persistent surveillance threat near U.S. shores. It also raises the stakes for diplomatic and intelligence efforts to monitor, contain, or counter China’s intelligence infrastructure buildup in the Americas.

[1]Council on Foreign Relations. (2022, June 3). U.S.-Cuba Relations. https://www.cfr.org/backgr ounder/us-cuba-relations.

[2]Center for Strategic & International Studies. (2018, February 28). Cuba’s Changing of the Guard and Sino-Cuban Relations. https://www.csis.org/analysis/cubas-changing-guard-and-sino-cuban-relations.

[3]Defense News. (2023, July 7). China’s Ties To Cuba, Growing Presence In Latin America Raises Concerns. https://www.defensenews.com/opinion/commentary/2023/07/07/chinas-ties-to-cuba-growing-presence-in-latin-america-raise-concerns/.

[4]The Wall Street Journal. (2023, June 21). U.S. Tracked Huawei, ZTE Workers at Suspected Chinese Spy Sites in Cuba. https://www.wsj.com/politics/u-s-tracked-huawei-zte-workers-at-suspected-chinese-spy-sites-in-cuba-355caddc?mod=article_inline.

[5]Fox News. (2024, December 12). China Denies New Report Linking CCP To Four Sites In Cuba Allegedly Used To Spy On The US. https://www.foxnews.com/politics/china-denies-new-report-linking-ccp-four-sites-cuba-allegedly-used-spy-us.

[6]Center for Strategic & International Studies. (2024, July 1). Secret Signals Decoding China’s Intelligence Activities in Cuba. https://features.csis.org/hiddenreach/china-cuba-spy-sigint/.

[7]Federation of American Scientists. (2022, April 27). AN/FLR-9. https://irp.fas.org/program/collect/an-flr-9.htm.

[8]The Diplomat. (2018, June 08). Satellite Images: A (Worrying) Cuban Mystery – The New Radome In Cuba Is Unprecedented. Who’s Behind It? https://thediplomat.com/2018/06/satellite-images-a-worrying-cuban-mystery/.

[9]Bustle. (2016, March 10). Marco Rubio’s Cuba Answer Brought The House Down. https://www.bustle.com/articles/147319-marco-rubios-cuba-answer-at-the-gop-debate-brought-the-house-down.

[10]The National Security Archive. (2008, June 18). One Minute To Midnight Kennedy, Khrushchev and Castro on the Brink of Nuclear War. https://nsarchive2.gwu.edu/nsa/cuba_mis_cri/dobbs/warheads.htm.

[11] enter for Strategic & International Studies. (2025, May 6). At The Doorstep A Snapshot of New Activity at Cuban Spy Sites. https://features.csis.org/hiddenreach/snapshots/cuba-china-cdaa-base/.

[12]National Photographic Interpretation Center (2010, August 11). Lourdes Central Sigint Complex (S). https://www.cia.gov/readingroom/docs/CIA-RDP80T01782R000100710001-8.pdf.

[13]Asia Maritime Transparency Initiative. (2018, February 16). Comparing Aerial & Satellite Images Of China’s Spratly Outposts. https://amti.csis.org/comparing-aerial-satellite-images-chinas-spratly-outposts/.

[14]Newsweek. (2024, December 9). Map Shows China’s Suspected Spy Bases In Cuba. https://www.newsweek.com/china-news-map-shows-suspected-spy-bases-cuba-1997464.

[15]Office of the Director of National Intelligence. (2024, February 5). 2024 Annual Threat Assessment of the U.S. Intelligence Community. https://www.odni.gov/files/ODNI/documents/assessments/ATA-2024-Unclassified-Report.pdf.

[16]Office of the Director of National Intelligence. (2025, March). 2025 Annual Threat Assessment of the U.S. Intelligence Community. https://www.dni.gov/files/ODNI/documents/assessments/ATA-2025-Unclassified-Report.pdf.

Introduction

The United States Department of Homeland Security (DHS) was initially created to combat the growing threat of transnational terrorists. However, it now concerns itself with both domestic and transnational threat actors. The recent efforts to enforce immigration law have given DHS and other responding agencies a new set of challenges.

Efforts Against Terrorism

In recent years, homeland security itself has faced growing threats from terrorists and criminals who use dynamic, innovative methods and sophisticated tactics. According to a 2021 study, there were at least 230 unsuccessful domestic terrorist attacks or plots since 11 September 2001. Of those plots, 118 were committed by homegrown violent extremists (HVEs), 84 by domestic terrorists, and 28 by transnational terrorist organizations. The Center for Prevention Programs and Partnerships (CP3) was created within the DHS to identify and prevent radicalization.^[1],[2],[3]

DHS has made several efforts to combat terrorism at the local, state, and federal levels. For example, Additionally, there are prevention forums in place to showcase tactics, techniques, and procedures (TTPs) used by terrorists, and how to prevent, mitigate, and respond to them. CP3 continues to work to highlight prevention resources that can be used to increase awareness of targeted violence. The program is also responsible for collaborating with international partners to advance terrorism prevention initiatives, thereby enhancing global engagement.^[2]

Despite DHS’s efforts to bolster national security, there have still been recent terrorist attacks. On 01 January 2025 a man who self-identified with the Islamic State of Iraq and Syria (ISIS) drove his truck through Bourbon Street in New Orleans after strategically placing Improvised Explosive Devices (IEDs) around the area. The man struck and killed 14 people while injuring at least 57 others. Among those injured, were two (2) police officers who responded to the attack and were able to neutralize the attacker. According to New Orleans police, the barriers that would normally prohibit vehicles from entering the streets were not utilized due to recent malfunctions. Following the attack, a report from the Louisiana Governor’s Office of Homeland Security revealed that there may have been problems with some of the emergency alert systems put into place that . The report was used to analyze and identify issues in the response to the attack. The incident stood as a reminder that the terror threat to the U.S. is alive and persistent as transnational terrorist organizations continue to recruit Americans, some of whom self-radicalize via online propaganda and social media engagement. In the latter cases, the perpetrator may have had little or no contact with transnational terrorists but become radicalized over time before carrying out an attack.^{[1],[4],[5],[6],[7]}

On 01 June 2025, an Egyptian national attacked a weekly march by pro-Israel activists campaigning for the release of hostages in Gaza. Using homemade Molotov cocktails and a makeshift flamethrower, he attacked the participants. While 12 attendees were injured, there were no fatalities. He had planned the attack for a year and expressed a desire to commit acts of antisemitic violence. He reportedly shouted “Free Palestine!” during the attack The suspect had overstayed a non-immigrant visa, which expired in February 2023, although he later applied for asylum. He has been charged with multiple felony counts and a federal hate crimes charge.^[8]

The Rapidly Industrializing Threats to the Border

Rapidly advancing technology has created new threats along the U.S.-Mexico border. Drug cartels have used Unmanned Aerial Systems (UAS) to smuggle deadly narcotics into the U.S. According to Judicial Watch, drug cartels in one (1) year conducted at least 9,000 drone flights across U.S. airspace. Foreign nationals also used drones for intelligence.^[9][10],[11]

In May 2024, authorities dismantled a smuggling operation after a year-and-a-half long investigation that resulted in charges against three (3) individuals. The suspects allegedly used a $630,000 drone to transport drugs between New York and Canada. U.S. Border Patrol agents tracked the drone’s flight path from New York to a winery in Ontario and, upon its return, recovered a package containing at least six (6) pounds of ecstasy. As of 01 April 2025, over one (1) million drones are registered within the United States. In response to these emerging threats (including drug smuggling at borders and in correctional facilities) U.S. Representatives Josh Riley and Zach Nunn introduced the “Stop Fentanyl Smuggling Act” on 29 April 2025. The proposed legislation aims to support the development of advanced detection technologies that would enable DoD personnel to identify and disrupt drug trafficking operations.^{[9],[12][13][14]}

On 01 February 2025, officials received intelligence indicating Mexican cartel leaders authorized the use of drones equipped with explosives to be used against U.S. Border Patrol agents and Department of Defense (DoD) personnel along the U.S.-Mexico border. This report likely led to heightened security. As of 29 April 2025, the Pentagon is preparing to deploy counter-drone capabilities there due to threats made and in support of increased federal enforcement of immigration and security mandates. While tensions along the border have risen, DHS has acted to prevent and combat any attacks targeting DoD personnel and property. ^[15],[16]

Immigration at the Border

While history shows that Mexican nationals and individuals from other Central and South American countries have historically been the largest demographic groups encountered at the Southern Border, a dramatic increase in Chinese illegal immigration is on track to break records. FY22 reported an increase of more than 2,000 Chinese immigrants compared to FY21. FY23 reported a total of 24,314 Chinese immigrants. Furthermore, FY24 recorded 18,750 encounters by the end of January. The month of December 2024 recorded nearly 6,000 immigrants alone. Law enforcement officials working at the border have also reported illegal immigrants from more than 150 other countries.^[17]

From 20 through 26 January 2025, there were 7,287 migrant encounters at the southern border. This number represents a 63% decrease after the Customs and Border Patrol (CBP) One app, which serves as a single portal to CBP services, was shut down. In addition to the CBP services provided, the app allowed immigrants to schedule appointments at different U.S. ports to enter into the country using humanitarian parole. In a sustained effort to secure the border, the U.S. recorded at least a 60% decrease in encounters between ports of entry along the southwest border from May 2024 to December 2024,  the lowest it had been since August 2020. Under Title 8 of the U.S. Code, the DHS has legal authority to detain, process, or deport migrants who enter illegally. Migrants who cross the border illegally or arrive without proper documentation may be detained in detention facilities. These facilities are managed by the DHS and Immigration and Customs Enforcement (ICE). Additionally, in Arizona, there was a 30-foot wall that had gaps that hundreds of migrants would use daily to approach the Border Patrol. In 2024, the wall was completed, which stopped the flow of migrants from entering, leading to a significant decrease in immigrants at that port of entry.^{[18],[19],[20],[21]}

In FY23, CBP reported 189,402 migrant encounters at the northern border. This number represented a 73% increase from 2022 and a 597% increase from FY21’s 27,180 migrant encounters. The Swanton Sector, which spans nearly 300 miles through eastern New York, Vermont, and New Hampshire, was responsible for more than two-thirds (2/3) of all reported apprehensions at the northern border during FY23. CBP agents at the northern border have reportedly expressed concerns about the U.S.-Canadian border being overlooked due to the threats at the U.S.-Mexico border. As a result, the potential for illegal border crossings at the northern border may have increased.^{[22],[23],[24]}

Figure 1 – Migrant Encounters at the Northern Border FY22-FY25TD[24]

Figure 2 – Migrant Encounters at the Southern Border FY22-FY25TD24^[24]

Outlook

Despite recent incidents, DHS has expanded its national security mission scope to include responding to natural disasters, thwarting terror plots on U.S. soil, and strengthening digital defenses to combat cyber adversaries, while collaborating with other agencies to tackle illegal immigration and border enforcement. As a result, DHS has become the third-largest cabinet department in the federal government. The threat to the country’s borders and to overall national security has been growing and evolving since the attacks on 11 September 2001. After the creation of DHS, the department has had to grow, advance, and evolve to safeguard the nation’s borders efficiently. While both domestic and transnational terrorists pose a threat to national security, other threat actors are enhancing their capabilities to disrupt DoD operations and jeopardize national security. Terrorists continue to illegally cross the nation’s borders while also recruiting and radicalizing individuals who are already on U.S. soil. Mexican cartels have advanced capabilities that allow them to remotely conduct surveillance operations and carry out lethal attacks along the border. Furthermore, migrants continue to approach U.S. borders with the hope of unlawfully entering the country. Recent data has shown that Chinese immigrants are accessing the borders more than ever before. The threat of espionage is obvious, and it demonstrates that Chinese intelligence entities leveraged the relaxed border enforcement of the previous four (4) years. The threat of cartels and their use of new and sophisticated technology at the border is present and ongoing. However, the influx of migrants from multiple countries from 2020 through 2024 may represent a latent threat of not only intelligence collection but kinetic attacks months, years, or even decades in the future.^[25],[26]

[1] Dahl, E. (2021, November 07). Assessing the Effectiveness of the Department of Homeland Security, 20 Years After 9/11. Brown University. Retrieved from https://watson.brown.edu/costsofwar/files/cow/imce/papers/2021/Assessing%20DHS_Dahl_Costs%20of%20War.pdf.

[2] DHS. (n.d.). Partnerships and Engagement. DHS. Retrieved from https://www.dhs.gov/cp3/partnerships-and-engagement.

[3] CP3. (n.d.). Targeted violence and terrorism are preventable. DHS. Retrieved from https://www.dhs.gov/sites/default/files/2025-01/2025_0129_cp3-overview.pdf.

[4] Lowrey, E. (2025 January 29). New Orleans terror attack response riddled with issues highlighted in after-action report. WDSU. Retrieved from https://www.wdsu.com/article/new-orleans-terror-attack-response-action-report/63609441.

[5] Homeland House. (2025, January 22). House Homeland Releases Updated “Terror Threat Snapshot” Assessment in Wake of New Year’s Day ISIS-Inspired Terrorist Attack in New Orleans. Homeland House. Retrieved from https://homeland.house.gov/2025/01/22/house-homeland-releases-updated-terror-threat-snapshot-assessment-in-wake-of-new-years-day-isis-inspired-terrorist-attack-in-new-orleans/.

[6] FBI. (2025, January 14). Bourbon Street Attack Investigation Updates. FBI. Retrieved from https://www.fbi.gov/news/press-releases/bourbon-street-attack-investigation-updates.

[7] Adelson, J. (2025, January 07). Attacker drove down 3 blocks of Bourbon Street with no barriers. How did that happen?. Retrieved from https://archive.ph/4gwOW#selection-3925.0-3925.85.

[8] Haubner, A., Milton, P., & Swanson, C. (2025, June 2). Attack in Boulder, Colorado, burns 12 people at march for Israeli hostages, officials say; suspect charged. CBS News Colorado. Retrieved from https://www.cbsnews.com/colorado/news/colorado-police-responding-to-boulder-pearl-street-mall-attack-multiple-injured/.

[9] Edward, B. (2025, May 02). Drones Smuggling Deadly Drugs Across U.S. Borders, Report Reveals. Digital Chew. Retrieved from https://digitalchew.com/2025/05/02/drones-smuggling-deadly-drugs-across-u-s-borders-report-reveals/.

[10] AXON. (2025, February 07). Countering cartel drone threats: How CUAS systems can protect U.S. Border Patrol Agents. AXON. Retrieved from https://www.axon.com/blog/countering-cartel-drone-threats.

[11] Suarez, K. (2021, June 02). Drug cartels attack enemies and spread terror with weaponized drones in US, Mexico. USA Today. Retrieved from https://www.usatoday.com/story/news/nation/2021/06/02/mexican-drug-lords-use-drones-spread-terror/7506312002/.

[12] AP News. (2024, May 16). Drones smuggled drugs across Niagara River from Canada, 3 suspects caught in NY. AP News. Retrieved from https://apnews.com/article/drone-drug-smuggling-niagara-new-york-426468e8cc99bae3531ff2ac3a404043.

[13] Federal Aviation Administration. (2025, April 01). Drones. FAA. Retrieved from https://www.faa.gov/uas.

[14] House. (2025, April 29). Rep. Riley Introduces Bipartisan Bill to Crack Down on Fentanyl Smuggling at Border and in Prisons. House. Retrieved from  https://riley.house.gov/media/press-releases/rep-riley-introduces-bipartisan-bill-crack-down-fentanyl-smuggling-border-and.

[15] Fitz-Gibbon, J., & Taer, J. (2025, February 3). Mexican drug cartels plan attacks on Border Patrol agents with kamikaze drones and other explosives to fight US crackdown. New York Post. Retrieved from https://nypost.com/2025/02/03/us-news/mexican-cartels-order-suicide-drone-attacks-on-border-patrol/.

[16] Vincent, B. (2025, April 29). DOD to deploy counter-drone capabilities at US-Mexico border as cartels surveil troops. Defense Scoop. Retrieved from https://defensescoop.com/2025/04/29/dod-counter-small-drones-u-s-mexico-border-cartels-surveil-troops/.

[17] Hopkins, J. (2024, February). Record Number Of Chinese Nationals Illegally Crossing Into US, Latest Data Shows. MSN. Retrieved from https://www.msn.com/en-us/news/us/record-number-of-chinese-nationals-illegally-crossing-into-us-latest-data-shows/ar-BB1mwdSm?ocid=BingNewsVerp.

[18] Shaw, A. (2025, January 28). Trump-era southern border sees migrant encounters plummet by over 60% as new policies kick in. Fox News. Retrieved from https://www.foxnews.com/politics/trump-era-southern-border-sees-migrant-encounters-plummet-over-60-new-policies-kick-in.

[19] ICE. (n.d.). Detention Management. ICE. Retrieved from https://www.ice.gov/detain/detention-management.

[20] House. (n.d.). Title 8—Aliens And Nationality. House. Retrieved from https://uscode.house.gov/view.xhtml?req=granuleid%3AUSC-prelim-title8&edition=prelim.

[21] Lapidus, S. (2025, 09 May). US wants migrants to know that crossing the border illegally could mean jail time. AZ Central. Retrieved from https://www.azcentral.com/story/news/politics/border-issues/2025/05/09/us-officials-warn-migrants-not-to-cross-border-illegally/83522227007/.

[22] Robinson, M. (2024, May 31). Migrant Encounters at US-Canada Border Rise More Than 1,000% in 3 Years. Newsweek. Retrieved from https://www.newsweek.com/us-migrant-crisis-encounters-rise-over-1000-percent-northern-border-three-years-1906786?.

[23] Chapman, C. (2024, August 19). Northern border communities see a dramatic increase in unauthorized migrant crossings. KCSM. Retrieved from https://www.kcsm.org/npr-news/2024-08-19/northern-border-communities-see-a-dramatic-increase-in-unauthorized-migrant-crossings.

[24] CBP. (12 May 2025). Nationwide Encounters. CBP. Retrieved from https://www.cbp.gov/newsroom/stats/nationwide-encounters.

[25] Warwick, T. (2021, September 13). State of DHS: 20 Years After 9/11, Which Way Forward?. HS Today. Retrieved from https://www.hstoday.us/featured/state-of-dhs-20-years-after-9-11-which-way-forward/.

[26] Jingnan. H. (2024, August 09) What drove last year’s surge in Chinese migrants at the southern border?. NPR. Retrieved from https://www.npr.org/2024/08/07/nx-s1-5032835/chinese-migrants-southern-border.