national security - C. Constantin Poindexter Salcedo

October 12, 2025October 12, 2025

Strengthening Counterintelligence Training for Diplomats

The exposure of U.S. diplomats, both stateside and abroad, to recruitment, SIGINT/COMINT targeting, and the loss or compromise of portable computing devices (PCDs) is not accidental. It is a cumulative effect of structural neglect, cultural underinvestment, and the evolving threat environment. Three converging dynamics have produced this vulnerability: institutional bifurcation between diplomatic and intelligence missions; budgetary and educational neglect of counterintelligence (CI) training for non-intelligence personnel; and the rapid digital transformation of diplomatic operations without commensurate adaptation of tradecraft.

Institutional bifurcation is the result of the long-standing separation between the U.S. Foreign Service and the intelligence and security community. Diplomatic officers have historically focused on political, economic, consular, and public diplomacy missions, while security concerns were delegated to Diplomatic Security (DSS) or local host-nation security services. Counterintelligence responsibilities were largely retained within the FBI, CIA, and military intelligence organizations, creating operational silos. This division left diplomats outside the formal CI ecosystem, meaning they rarely received advanced training or actionable threat intelligence. As a result, many Foreign Service Officers (FSOs) still approach their duties as political envoys rather than as personnel operating within an adversarial intelligence battlespace.

Budgetary and educational neglect compound this problem. For decades, the Department of State has allocated limited funding for counterintelligence instruction. Beyond basic “insider threat” briefings or annual cybersecurity refreshers, diplomats often receive little exposure to advanced CI concepts or adversary recruitment methodologies. As reported by ClearanceJobs (McNeil, 2025), many diplomatic personnel deploy to high-threat assignments with minimal training in recognizing or resisting foreign intelligence approaches. The lack of sustained CI education and awareness initiatives at the Foreign Service Institute (FSI) has produced an environment where diplomats are ill-equipped to recognize subtle recruitment tactics or electronic targeting.

The digitalization of diplomacy is a serious vulnerability. Over the past two decades, U.S. embassies and consulates have become highly dependent on portable computing, mobile devices, remote communications, and cloud-based data exchange. While these tools increase efficiency, they have also expanded the attack surface for adversaries. Foreign intelligence services (FIS) now target diplomats as entry points into the U.S. government’s global communications infrastructure. These adversaries exploit unsecured networks, intercept wireless signals, implant malware on devices, and even conduct theft of laptops and external drives. As technology has evolved, diplomatic tradecraft has failed to keep pace. The convenience of connectivity has outstripped the discipline of security.

This weakness is illustrated by several notable cases of espionage and digital compromise involving U.S. diplomatic personnel. The case of Steven John Lalas, a U.S. State Department communications officer stationed in Athens during the early 1990s, is instructive. Lalas provided classified diplomatic and military documents to Greek intelligence over several years before being caught and sentenced to 14 years in prison (Wikipedia, n.d.). He exploited his communications role to access classified cables and Defense Department assessments, which he illicitly removed and passed to a foreign government. Lalas’s case demonstrates that diplomats and communications officers, though not traditional intelligence operators, are prime recruitment targets because of their privileged access to sensitive material. His actions exposed structural vulnerabilities in both vetting and insider threat detection within the State Department’s overseas missions.

The Walter Kendall Myers betrayal is another. They spied for Cuba over nearly three decades. Myers, a senior State Department official and FSI instructor, used his position to obtain and share classified information with the Cuban Intelligence Directorate (Wikipedia, n.d.). The Myers case was not about hacking or physical theft but rather ideological recruitment and sustained insider espionage. Myers was approached gradually, courted ideologically, and ultimately compromised. This illustrates that diplomats whose careers often involve long foreign postings, personal networks abroad, and cultural immersion are highly susceptible to long-term cultivation by FIS recruiters. The absence of continuous CI vetting or behavioral monitoring allowed this penetration to persist for decades.

A third example identifies the theft and exploitation of portable computing devices. The FBI’s “Operation Ghost Stories,” which dismantled a Russian “illegals” network in 2010, revealed how laptops and wireless devices were central to espionage operations (FBI, n.d.). One seized laptop was used to establish covert wireless communications between Russian agents and their handlers. Similarly, numerous reported attempts have been made by foreign actors to steal or implant malware on the personal computers of Western diplomats. These incidents highlight that PCDs are not simply administrative tools but intelligence assets. When lost, stolen, or compromised, they can reveal network structures, contacts, and classified reporting, making them a modern equivalent of the “diplomatic pouch.” The War on the Rocks (2025) analysis of Russian espionage tactics confirms that FIS now combine human recruitment, cyber intrusion, and physical theft in hybrid collection campaigns against Western diplomatic targets.

The convergence of these human and technical vulnerabilities demands a fundamental modernization of CI training for diplomats. Primarily, diplomats MUST be required to receive foundational counterintelligence education. This training should move beyond theoretical awareness and immerse personnel in adversary recruitment tradecraft, SIGINT and COMINT methodologies, and recent case studies. Red-team simulations should require participants to role-play both target and recruiter to internalize how adversaries identify, approach, and manipulate their victims. A diplomat who can think like an adversary is far more likely to resist one.

Equally important, counter-recruitment instruction should emphasize behavioral recognition. Diplomats must learn to identify “soft pitch” recruitment methods, i.e., academic or journalistic overtures, social invitations, social media engagement, or mutual professional interests that can evolve into intelligence targeting. Diplomats must be taught how to perceive, disengage (politely, to preserve the possibility of a double operation), document, and report these encounters through secure channels without fear of reprisal. Continuous CI liaison support at missions abroad would reinforce these practices and ensure rapid response when suspicious approaches occur.

Secure digital and communications hygiene curriculum must be significantly expanded. Every diplomat should be trained in hardware hardening (full-disk encryption, TPM binding, BIOS passwording), media control (banning unvetted USB devices), secure networking (VPNs with endpoint authentication, regular rekeying), and immediate reporting of anomalies (device overheating, unauthorized processes, or loss). Training should include hands-on exercises where diplomats detect and mitigate simulated phishing or device compromise attempts. Embassies should maintain secure drop boxes and Faraday enclosures for potentially compromised devices until forensically examined.

Diplomats must be educated in SIGINT and COMINT awareness. This includes understanding how their electronic emissions can betray movements or discussions, recognizing signs of interception, and maintaining operational discipline in communications. Routine practices such as using shielded rooms for sensitive discussions, approved VPN use, disabling wireless and Bluetooth in secure areas, and maintaining strict clean-desk policies must become ingrained habits. Discipline transforms CI awareness from abstract instruction into practical daily behavior!

Counterintelligence training should incorporate recurring red-team exercises and after-action debriefs. Annual or semi-annual drills simulating recruitment, device loss, or cyber intrusion should be mandatory for all missions. These exercises not only test individual readiness but reveal systemic vulnerabilities such as inconsistent incident reporting or inadequate technical countermeasures. Lessons learned should feed back into State Department CI doctrine.

Structural and organizational reforms are equally important. The Department of State should embed a permanent counterintelligence officer or liaison from the FBI or CIA within every high-risk embassy. This officer would coordinate with the Regional Security Officer (RSO) and oversee local threat assessments, device inspections, and behavioral analysis. Additionally, all diplomats deploying to critical posts should achieve baseline CI certification, validated by written and practical exams similar to those required for intelligence personnel. This “best practices” certification should be renewed periodically and linked to promotion eligibility, reinforcing accountability.

Embassies should also implement periodic red-team audits, with technical and human testing designed to measure CI compliance and readiness. Device procurement and turnover policies must ensure secure supply chains, with forensic validation of new equipment and timely retirement of old hardware. The integration of artificial intelligence-based monitoring could further assist in detecting anomalies or exfiltration attempts across the diplomatic network.

The culture of self-reporting must be reformed. Diplomats often hesitate to report suspicious incidents for fear of professional repercussions. A no-fault reporting model paired with protective anonymity and positive reinforcement will encourage early detection of targeting attempts. CI professionals know that “near-miss” reporting is a critical tool. Diplomats and their staff members must internalize the same principle.

The exposure of U.S. diplomats to recruitment, signals interception, and device compromise is thus not merely a technical vulnerability. It is a clear cultural and institutional weakness. The cases of Lalas and Myers show that ideological or opportunistic recruitment remains a persistent threat, while modern espionage operations like those exposed in Operation Ghost Stories demonstrate that digital compromise is now equally dangerous. A robust counterintelligence program for diplomats must cultivate a mindset of constant adversarial awareness, blending human and technical security disciplines into the fabric of diplomacy itself. By embedding CI at every level of diplomatic training and operations, the United States can begin to close one of its most consequential vulnerabilities in the global intelligence contest AND contribute in a meaningful way to both defensive and offensive counterintelligence operations.

~ C. Constantin Poindexter, MA in Intelligence, Graduate Certificate in Counterintelligence, JD, CISA/NCISS OSINT certification, DoD/DoS BFFOC Certification

References

FBI. (n.d.). Laptop from Operation Ghost Stories. Retrieved from https://www.fbi.gov/history/artifacts/laptop-from-operation-ghost-stories

McNeil, S. (2025, October 9). Modernizing CI training for diplomats: New legislation aims to sharpen the shield abroad. ClearanceJobs. Retrieved from https://news.clearancejobs.com/2025/10/09/modernizing-ci-training-for-diplomats-new-legislation-aims-to-sharpen-the-shield-abroad-2/

War on the Rocks. (2025, April 8). Putin’s spies for hire: What the U.K.’s biggest espionage trial revealed about Kremlin tactics in wartime Europe. Retrieved from https://warontherocks.com/2025/04/putins-spies-for-hire-what-the-u-k-s-biggest-espionage-trial-revealed-about-kremlin-tactics-in-wartime-europe/

Wikipedia contributors. (n.d.). Kendall Myers. In Wikipedia. Retrieved from https://en.wikipedia.org/wiki/Kendall_Myers

Wikipedia contributors. (n.d.). Steven John Lalas. In Wikipedia. Retrieved from https://en.wikipedia.org/wiki/Steven_John_Lalas

September 14, 2025September 15, 2025

The Retracted Intelligence Report on TdA

The Retracted Intelligence Report on Tren de Aragua, espionage, counterespionage, intelligence, counterintelligence, strategic intelligence, national security, C. Constantin Poindexter;

The recent retraction of a National Security Agency (NSA) report on Venezuela and the Tren de Aragua (TdA) criminal gang highlights the tension between intelligence assessments and political narratives. The danger of politicization of intelligence work is front and center here. It’s reasonably clear here that the DNI denied release of the full intelligence product because it did not align neatly with the current Administration’s assertions about TdA and Venezuelan President Maduro’s direction, financing and control over its nefarious activities. Boris Bondarev, former diplomat of the Russian Federation reported on his experience in a Far East assignment, “One day, I was called to meet with the embassy’s number three official, a quiet, middle-aged diplomat who had joined the foreign ministry during the Soviet era. He handed me text from a cable from Moscow, which I was told to incorporate into a document we would deliver to Cambodian authorities. Noticing several typos, I told him that I would correct them. “Don’t do that!” he shot back. “We got the text straight from Moscow. They know better. Even if there are errors, it’s not up to us to correct the center.” It was emblematic of what would become a growing trend in the ministry: unquestioned deference to leaders.” (Foreign Affairs, Nov. 2022) The example is instructive of what we do NOT want to be.

The report, “Venezuela: Examining Regime Ties to Tren de Aragua,” declassified in May 2025, offers an analytic picture that contradicts claims made by U.S. political leaders that Nicolás Maduro is actively engaged in supporting, financing, and directing TdA. The NIC assessment concludes that while the gang has benefitted from a permissive environment in Venezuela, including corruption and weak institutional control, there is no credible evidence that Maduro or senior regime officials exercise command over the group. This retraction is striking because it underscores how intelligence assessments that fail to support policy preferences may be subject to extraordinary pressure, despite their analytic rigor.

The NIC report is clear in its findings. It states that TdA leaders have historically benefitted from permissive conditions in Venezuela, particularly weak prison oversight and corrupt officials. That is NO surprise to those of us who have operated in corrupt Latin American states. Yet it stresses that many TdA cells operate independently across Latin America, with limited coordination even among themselves, let alone with the Venezuelan government (NIC 2025). The report underscores that much of TDA’s growth has been facilitated by Venezuelan migration and that individuals and networks frequently use the gang’s name without direct affiliation, underscoring the decentralized and diffuse nature of the group. Crucially, the report states that there is “no indication that Venezuelan President Nicolás Maduro or senior government officials are directing the actions of Tren de Aragua,” contradicting claims that Maduro orchestrates the group’s activities (AP News 2025).

The report does allow that some mid- and low-level Venezuelan officials may have financial ties to TdA. Such connections are typically opportunistic, involving corruption or passive tolerance, rather than the product of a coherent state policy (NIC 2025). In this sense, regime responsibility lies less in the deliberate deployment of the gang as a proxy and more in the systemic weakness of governance that allows TdA to operate with impunity. This distinction is critical: corruption and negligence do not equate to strategic coordination or sponsorship. Yet political leaders have blurred this line by portraying TdA as a regime-directed instrument of repression and transnational crime.

Redactions in the NIC report shed further light on analytic processes. Although redactions obscure details, we can reasonably infer that they conceal the names of regime-linked individuals, sources and methods of intelligence collection, or details about TdA’s operations abroad. In intelligence practice, such redactions protect human sources, sensitive communications intercepts, and law enforcement leads. Notably, the report’s unredacted portions are explicit in their rejection of senior-level regime direction. Given classification practices, it is unlikely that redacted sections would conceal evidence directly contradicting the assessment’s core conclusion, since that would undermine the transparency and credibility of the report’s stated findings (NIC 2025).

Other credible sources reinforce the NIC’s position. Associated Press reporting on the document emphasizes that there is no evidence of Maduro’s direct involvement, while acknowledging that some regime actors might benefit from TdA’s activities (AP News 2025). Investigations by InSight Crime and The Guardian further show that certain monitors and advocacy groups have exaggerated TdA’s presence in the United States, even fabricating reports of its activity (InSight Crime 2025; The Guardian 2025). By contrast, organizations such as the Human Rights Foundation (HRF) argue that regime-linked actors used TdA in the abduction of Venezuelan dissident Ronald Ojeda in Chile in 2024. A more definitive answer to the question of Maduro’s involvement with TdA may have come from Ojeda. Unfortunately, he was liquidated by the regime. Perhaps the Chilean criminal information to the ICC will reveal more. The allegations remain under judicial investigation and do not yet amount to definitive evidence of direct command by Maduro himself (HRF 2025). The U.S. Government Accountability Office (GAO) and Congressional Research Service (CRS) both highlight Venezuela’s permissive environment for illicit financial flows and organized crime, but stress that corruption at lower levels is more prevalent than systematic state direction (GAO 2023; CRS 2024).

When these sources are synthesized, a consistent analytic picture emerges. Venezuela under Maduro provides an enabling environment for organized crime, but this is the result of systemic corruption, institutional incapacity, and deliberate tolerance by some officials, not top-level strategic direction. TDA operates as a decentralized criminal network whose spread is tied to transnational migration and weak law enforcement, not to state financing or command. The strongest claims, that Maduro is personally orchestrating TdA’s financing and direction, misrepresent available evidence and are not supported by credible intelligence or rigorous analysis. This distinction is not trivial: overstating threats distorts policymaking and risks politicizing intelligence.

The retraction of the NIC report under the leadership of DNI Tulsi Gabbard underscores the sensitivity of such findings. According to reporting, Gabbard ordered the recall of a classified report on Venezuela even after NSA officials confirmed that it met analytic and procedural standards (WRAL 2025). This action illustrates the pressures intelligence agencies face when their findings contradict prevailing political narratives. While intelligence must consider the risks of exposing sources and methods, recalling a report that undermines a presidential claim risks signaling politicization and undermining the credibility of the intelligence community.

It is important to concede some counterarguments. Intelligence reports are limited by available sources, and the absence of evidence is not evidence of absence. Covert relationships between regime actors and TdA may exist beyond the reach of collection or declassification. Allegations such as those emerging in Chile may eventually provide more conclusive evidence. However, at present, the preponderance of credible sources supports the NIC’s conclusion that Maduro is not directly directing or financing TdA. Until more conclusive evidence emerges, policymaking should be grounded in this nuanced understanding.

Ultimately, the retraction of the NIC report raises broader questions about the role of intelligence in our governance. The U.S. intelligence community’s credibility depends on its ability to provide unbiased, apolitical assessments to policymakers, even when those assessments contradict political preferences. Intelligence that is shaped by politics rather than evidence undermines both domestic and international credibility. For policymakers, basing decisions on politicized claims risks misallocation of resources, legal overreach, and diplomatic missteps. For the public, it threatens the erosion of trust in government institutions and more specifically the I.C. It is imperative that the DNI ensures that analytic judgments reflect the best available evidence, acknowledges uncertainties, and resists the politicization of intelligence regardless if she falls out of favor with the Administration. Only through integrity in production and delivery to the consumer can intelligence provide a sound foundation for policy in matters as consequential as Venezuela’s transnational criminal networks.

~ C. Constantin Poindexter, MA in Intelligence, Graduate Certificate in Counterintelligence, JD, CISA/NCISS OSINT certification, DoD/DoS BFFOC Certification

References

AP News. 2025. “Declassified Intelligence Memo Contradicts Trump’s Claims Linking Gang to Venezuelan Government.” May 6, 2025. https://apnews.com/article/d818cc58962ba90cd2c94ca1b494d4fd
.

Congressional Research Service (CRS). 2024. Venezuela: Political Crisis and U.S. Policy. CRS Report IF10230. https://www.congress.gov/crs-product/IF10230
.

GAO (Government Accountability Office). 2023. Venezuela: Illicit Financial Flows and U.S. Efforts to Disrupt Them. GAO-23-105668. https://www.gao.gov/products/gao-23-105668
.

Human Rights Foundation (HRF). 2025. “Venezuela’s Maduro Continues to Use Tren de Aragua for Transnational Repression, Kidnapping, Assassination.” April 25, 2025. https://hrf.org/latest/venezuelas-maduro-continues-to-use-tren-de-aragua-for-transnational-repression-kidnapping-assassination/
.

National Intelligence Council (NIC). 2025. Venezuela: Examining Regime Ties to Tren de Aragua. Case No. DF-2025-00379, declassified May 5, 2025.

The Guardian. 2025. “Trump Defense Official Led Think Tank that Spread Lies about Tren de Aragua.” August 13, 2025. https://www.theguardian.com/us-news/2025/aug/13/joseph-humire-thinktank-tren-de-aragua
.

WRAL. 2025. “DNI Gabbard Recalls Classified Report on Venezuela in Highly Unusual Move.” May 2025. https://www.wral.com/story/dni-gabbard-recalls-classified-report-on-venezuela-in-highly-unusual-move/22152236/
.

Foreign Affairs. “Sources: Russia Misconduct – Boris Bondarev.” [n.d.]. “Sources: Russia Misconduct – Boris Bondarev,” Foreign Affairs. Accessed [insert access date]. https://www.foreignaffairs.com/russian-federation/sources-russia-misconduct-boris-bondarev

April 8, 2025April 8, 2025

Disinformation as “Insurgency”, an American Constitutional View

disinformation, misinformation, espionage, counterespionage, counterintelligence, spy, subversion, psyops

I read with a great deal of interest Jacob Ware’s article “To fight disinformation, treat it as an insurgency” that appeared recently in The Strategist, an Australian Strategic Policy Institute publication. I have always held my own ideas about disinformation, more specifically “inoculation” as a countermeasure and recommending instruction from a very young age much as grade schools do in the baltic states. Ware’s article tackles the subject matter as a ‘control social media’ issue. I do not disagree with the importance of media responsibility for moderation of certain types of content, Ware appropriately identifies “overlook[ing] the important role of digital consumers”, but doubles down on content control. The article suggests that social media companies, as central nodes in the information ecosystem, must be pressured into moderating content more aggressively as much as the importance of digital consumers themselves being hardened against manipulation (“inoculation” as I have written in previous scholarship”. Control, compelling in its framing, raises some not insignificant constitutional issues in the context of the United States, particularly with regard to the First Amendment’s protections of speech, association, and press.

Framing Disinformation as Insurgency: Strategic and Legal Ramifications
Ware’s analogy between insurgencies and disinformation campaigns conveys the existential threat that hostile narratives, particularly those that foreign actors pose to democratic stability. Comparing disinformation actors to terrorist insurgents invites the application of military-style containment and suppression tactics, perhaps even the “cyber-kinetic” removal of bad actors (i.e., content moderation and bans), the targeting of ideological hubs (e.g., online communities, networks, influencers, etc.), and critically, the enforcement of norms through government-backed initiatives.

In the U.S. legal context, much of this may be a non-starter. Insurgents and terrorists operate outside the protection of constitutional law, whereas digital speakers, however misinformed or malicious, are presumptively entitled to the protections of the First Amendment. The Constitution does not permit the government to silence unpopular, false or even offensive ideas unless they meet strict criteria for incitement, true threats, or defamation. This legal boundary sharply limits the government’s ability to treat digital speech as a national security threat without triggering robust judicial scrutiny, even if that information is objectively dangerous disinformation.

Section 230 and Platform Immunity: The Epicenter of the Debate
The article criticizes Section 230 of the Communications Decency Act (1996), which shields internet platforms from liability for user-generated content. This statute is often viewed as the legal linchpin that enabled the growth of the modern internet, on the whole a pretty positive thing. Ware argues that these protections prevent platforms from being held accountable and serve as a digital safe haven for malign actors. From a policy standpoint, this critique doesn’t hold much merit. Critics across the political spectrum argue that Section 230 incentivizes platforms to prioritize engagement and profit over truth and social stability, however, repealing or modifying Section 230 would not directly authorize government censorship. It WOULD expose platforms to civil liability for failing to moderate. Any new federal statute that imposes content-based restrictions or penalties would need to meet all prongs of the constitutional free speech tests and modern U.S. jurisprudence. The courts have routinely ruled that platforms are private entities with their own First Amendment rights therefore even in the absence of Section 230, the government would not be able to compel social media companies to carry or remove specific content unless it satisfies narrow constitutional exceptions.

Free Speech: A Distinctly American Commitment
A central theme in the article is the frustration that American-style free speech doctrines allow dangerous ideas to circulate freely online. Ware writes from an Australian perspective. The article praises the European Union’s Digital Services Act and Australia’s eSafety initiatives as superlative regulatory models. Under those statutory regimes platforms face stiff penalties for failing to suppress harmful content. These approaches may appear pragmatic but they clearly represent a sharp divergence from U.S. legal culture.

The U.S. Constitution’s First Amendment prohibits government abridgement of speech, including offensive, deceptive, or politically inconvenient speech. In United States v. Alvarez (2012), the Supreme Court struck down a federal law criminalizing false claims about military honors, holding that even deliberate lies are constitutionally protected unless they cause specific, fixable harm. Further, in Brandenburg v. Ohio (1969), the Court established that even advocacy of illegal action is protected unless it is directed to inciting imminent lawless action AND is likely to produce such action. So, even under the noble pretext of national defense, any proposal that seeks to directly regulate speech must reconcile with this robust jurisprudence. Foreign governments might be able to implement speech controls without constitutional constraints. We cannot. The U.S. must address disinformation through less intrusive, constitutionally sound means.

Counterinsurgency in a Civilian Space: Policing Thought and Risking Overreach
Ware’s counterinsurgency metaphor extends beyond moderation into behavioral engineering, winning the “hearts and minds” of digital citizens. This vision includes public education, civilian fact-checking brigades, and a sort of civic hygiene campaign against harmful content. Although such measures may be effective as psychological operations (PSYOPs), the distinction between persuasion and indoctrination must be carefully managed in a free society.

There is legitimate concern that state-sponsored resilience campaigns could slip into propaganda or viewpoint discrimination, especially when political actors define what constitutes “disinformation.” The inconvenient truth is that the label of “misinformation” has been applied inconsistently, sometimes suppressing legitimate dissent or valid minority viewpoints. The First Amendment’s commitment to a “marketplace of ideas theory” assumes that truth ultimately prevails in open debate, not through coercive narrative management.

There is another danger. Using the tools of counterinsurgency, even rhetorically, raises alarms about militarizing civil discourse and legitimizing authoritarian measures under the guise of “national security.” In Boumediene v. Bush (2008), the Court warned against extending military logic to civilian legal systems. Applying wartime strategy to cultural or political disputes in the civilian cyber domain risks undermining the very liberal values the state claims to protect.

An Appropriate Role for Government
Despite consitutional guardrails, the federal government is not powerless. Several constitutionally sound measures remain available. These approaches avoid entangling the government in the perilous business of adjudicating truth while still defending the information ecosystem.:

Transparency Requirements – Congress can require social media companies to disclose their moderation policies, algorithmic preferences, and foreign funding sources without dictating content outcomes.

Education Initiatives – Civics education and media literacy programs are constitutionally permissible and could help inoculate the public against disinformation without coercion.

Voluntary Partnerships – The government can engage with platforms voluntarily, offering intelligence or warnings about malign foreign influence without mandating suppression.

Targeting Foreign Actors – The government can lawfully sanction, indict, or expel foreign individuals and entities engaged in coordinated disinformation campaigns under laws governing espionage, foreign lobbying, or election interference.

Ware’s comparison of disinformation to insurgency is strategically evocative, but its prescriptive implications clash with foundational American principles. The First Amendment might seem inconvenient, but it was designed to prevent precisely the kind of overreach that counterinsurgency measures invite. Democracies do not defeat authoritarianism by adopting its tools of censorship and narrative control. If the United States is to confront the threats of disinformation effectively, it must do so in a way that affirms rather than undermines what makes us distinctively American. Educating, not censoring; persuading, not suppressing; and building durable civic institutions capable of withstanding the torrent of falsehoods without succumbing to the lure of government-controlled truth are imperative. Freedom remains the best antidote to tyranny ONLY if we remain vigilant in its defense.

~ C. Constantin Poindexter,

Master of Arts in Intelligence
Graduate Certificate in Counterintelligence
Undergraduate Certificate in Counterintelligence
Former I.C. Cleared Contractor

March 30, 2025

The DNI Report: What is Missing?

seguridad national, espionage, contraespionage, contrainteligencia, c. constantin poindexter

It should come as no surprise in the current polarized political climate that certain threats to U.S. national security are omitted, some overly emphasized and others included but not give a more thorough review. Ironically (or perhaps not so ironically) the omissions and lack of more comprehensive address of certain threat are those very ones that are exacerbated by current Administration policies. The current DNI [unclassified version] contains no surprises, however there are some perils that decidedly lack the attention that they deserve. I’ll be brief.

The weaponization of artificial intelligence against the U.S. population poses and existential threat to the nation that we are not appropriately prepared for. The assessment identifies China’s AI capabilities in surveillance and disinformation, but underestimates the dangers posed by AI-generated disinformation and psychological operations targeting U.S. elections, civil cohesion, and trust in institutions. Synthetic media (deepfakes) at scale are unaddressed and present a very real menace. FIEs that excel in producing these fakes could fabricate major geopolitical incidents and/or falsely incriminate U.S. leaders. This is a “real-world crisis” scenario. Further, in our rush to load up our own AI capability, models trained on U.S. data pose an exposure to having them turned back against us in warfare, negotiation, or economic manipulation contexts. The DNI offers no significant discussion of how adversaries might use advanced LLMs and multi-modal AI to undermine decision-making at every level of our communities, from individual voters and first responders to senior policymakers.

There is a significant danger of the collapse of U.S. domestic infrastructure due to political paralysis and sabotage. The DNI identifies cyber threats to infrastructure (e.g., water, healthcare) however the report understates the systemic vulnerability of U.S. infrastructure to non-digital threats such as aged and neglected critical systems (e.g., bridges, power grids, water systems), and insider sabotage by ideologically motivated actors. White supremacist factionists and extremists like Timothy McVeigh come immediately to mind. Political paralysis and corruption that prevent modernization or resiliency efforts are the final ugly nail in the proverbial coffin. The loss of national security expertise as a result of wholesale firings/layoffs and the sidelining of individuals with decades of tradecraft and professional expertise based on party adherence are a very real threat. The assessment fails to meaningfully consider how polarization and our legislature’s unwillingness to work together are making the U.S. increasingly incapable of protecting or restoring its critical infrastructure after an attack or natural disaster. Don’t think for a moment that Chinese, Russian, Iranian and North Korean FIEs are failing to perceive these vulnerabilities that they can exploit.

Espionage, subversion and other nefarious covert operations against the U.S. and its interests via foreign investment and big-corporate influence are absent. There is really no excuse to omit identification and discussion of how “big money” has affected national security at every level, as even for a layperson is occurring in plain view. China’s cyber espionage and technology theft are addressed in depth, but why are foreign ownership of and influence in U.S. strategic sectors, including agriculture, pharmaceuticals, real estate near sensitive military sites and AI startups left alone? The use of shell corporations and fronting arrangements to embed operatives and proxies within sensitive sectors and policy circles is a serious threat as well. Strategic acquisition of distressed U.S. companies post-COVID by entities linked to FIEs are a mechanism and vehicles for subversion, espionage and sabotage. A brief look at our own history since the end of WWII reveals how these methods are effective and insidious, perhaps presenting a greater danger than cyber-attacks because they provide our adversaries to deep access, deniability and strategic gain that will serve them well for decades. Fragmenting and ‘bull in a china shop’ cancellation of funding paired with broken inter-agency oversight are extremely problematic.

Do better.