WHAT’S THE STRATEGY HERE? ABC News was the first to report this week that Madhu Gottumukkala, who has been serving as acting director of the Cybersecurity and Infrastructure Security Agency (CISA), is moving into a new role at the Department of Homeland Security as director of strategic implementation. A DHS official said Nick Anderson, CISA’s executive assistant director for cybersecurity, will take over as acting director while the agency awaits a Senate-confirmed leader. Lawmakers have questioned Gottumukkala over reports that he failed a counterintelligence polygraph last year — a test DHS later described as “unsanctioned”, and over allegations that sensitive government files were uploaded to a public version of ChatGPT, triggering a security alert. He was also pressed about delays in submitting a CISA reorganization plan ahead of a potential DHS shutdown. The shake-up comes just before DHS Secretary Kristi Noem is set to testify before the Senate Judiciary Committee, where she is expected to face questions about Gottumukkala’s tenure. President Donald Trump has nominated Sean Plankey to lead the agency, but his confirmation has been delayed by Senate holds.
WHO SHOWED SENATOR WYDEN THE HOLD BUTTON? Senator Wyden is also blocking the confirmation of Lt. Gen. Joshua Rudd to lead both U.S. Cyber Command and the National Security Agency, as reported by The Record. The Senator is arguing that Rudd lacks the cyber operations and signals intelligence experience needed for the job. Rudd currently serves as deputy chief at U.S. Indo-Pacific Command and said during his confirmation hearing that he does not have a traditional cyber background but said he has long worked alongside and supported NSA and Cyber Command capabilities. He expressed confidence in his ability to lead both organizations if confirmed. Wyden’s hold could force a formal Senate vote rather than the customary unanimous consent typically used to confirm positions like this.
TALK REEL TO ME – A new documentary series, Inside the CIA: Secrets and Spies from creators Mark Kelton (a former senior CIA Executive and current Cipher Brief expert) and Jon Loew of BIG Media promises “unbelievable, untold and world-changing stories that reveal what it takes to be a spy beyond the red line of danger.” The series of episodes (many of them featuring interviews with Cipher Brief experts) covers an arc of real-life stories from the killing of bin laden to what it’s like to be kidnapped behind enemy lines. Kelton surprised us a little when he told us that the big thing he learned as a creator of the series was a hyper focus on “The nature of what CIA does means that, by intent, anyone serving there usually doesn’t know what colleagues are doing. This series gave me unique insights into some of the operations on which people with whom I served were involved; and I couldn’t be prouder.” We asked Loew to share some stories about what it was like filming behind-the-scenes. “I was pushing a male ground branch officer to stop “speaking like a govee” in his interview,” he told us. “I asked him to pretend he was in a bar setting talking to a young man who was considering going down the path of Jihad against America. He kept speaking in the way he was trained to speak – unemotionally, and using the cold professional tone and language he had been trained to use when speaking to the media and/or senior leadership. I pushed him again. I said “I’ve never heard you talk like that in a bar or anywhere else for that matter.” Finally, he broke character and looked right at me and said “You have your entire life ahead of you. Don’t throw it all away to serve your masters living it up in palaces in the gulf. But know this – if you do go down that path, and you hurt Americans, it’s going to be me – or someone like me who comes to kill you. And we will never stop hunting you. Ever.” It was at that moment I jokingly (half) said “Hey X, it’s me. Jon. Remember me? I’m your friend.” He laughed. I laughed. The camera operator and producer both breathed a sigh of relief. True story.”
HONEYPOTS AT THE GATES – U.S. counterintelligence authorities are investigating incidents in which a woman suspected of working on behalf of an Asian government allegedly attempted to ‘cultivate’ a former American soldier turned defense contractor at a major 2024 Army conference in Washington. A senior Army official said similar overtures were made toward a high-ranking officer at the same event. Experts say so-called “honeypot” operations – using flirtation or manufactured romantic interest to gain access to sensitive information – remains a niche but persistent - espionage tactic. While some experts will tell you that most modern spy cases are financially motivated, former officials say seduction and blackmail are still tools used by foreign intelligence services, particularly those of China and Russia. Security officials stress the broader concern is less cinematic than methodological: persistent outreach at conferences, on social media, and through professional networking platforms designed to exploit vulnerabilities in an open society.
THE FASCINATING BUNKER MENTALITY: We learned from The Guardian that there has been an explosion of apocalypse survival bunkers built by billionaires. The paper reports that Sam Altman, Mark Zuckerberg and Peter Thiel are all proud owners of doomsday digs. Elon Musk allegedly calls his "apocalypse resort." As you can imagine, when tech billionaires start hedging against civilizational collapse, the entertainment industry takes note. As a result, Hollywood has been delivering a wave of "bunker-buster" dramas: shows like Paradise (Disney+), Silo (Apple TV+), and Fallout (Prime Video) are among today’s streaming shows, exploring what happens when a select few go underground while everyone else inherits the wreckage. We’re kinda picking up here that the through-line isn't survival, it's deception. In Silo for example, the inhabitants don't even know why their ancestors went underground in the first place as their history has been scrubbed by a sinister IT department. In Paradise and Fallout, the deadliest threat isn't the apocalypse outside but the authority structure within. As author David Pike puts it in The Guardian piece: "There's always a moment in these stories where the bunker turns out to be based on deception. It's an illusion, and it's not even giving us what it promised." The bunker genre is doing what good intelligence fiction often does - asking who has foreknowledge, who controls the narrative, and who decides who survives.
SUIT YOURSELF: Effective public messaging requires tailoring, just like if you’re buying a good suit. Funny enough, CNN is reporting that Homeland Security Secretary Kristi Noem has approved a plan to purchase two taxpayer-funded suits for newly members of the Secret Service protective detail. The orders come complete with fabric requirements and interior name embroidery. The official rationale: plain clothes agents have historically purchased their own professional attire, while the uniformed division were issued outfits and this is just a measure of equity. The rumor mill, however, says that Noem didn’t like the off-the-rack look of many new agents.
DIG YOUR TEETH INTO THIS: According to reporting by The Intercept, senior law enforcement officials have disputed DHS Secretary Noem’s past claims that among the immigration detainees her staff has rounded up so far, is a person described as a ‘cannibal’ who attempted to “eat himself” while in custody. Oh, there’s so much we could say here. It’s a story Noem has cited to illustrate what she describes as the extreme behavior that agents have to confront. But the unnamed law enforcement official didn’t bite and said the story was “completely false.”
WHAT WOULD PETRAEUS SAY? — More than 195K people (and counting) have now watched The Cipher Brief’s YouTube interview with former CIA Director General David Petraeus (Ret.). We caught up with the general in Munich earlier this month at the Munich Security Conference, just after he stepped off the train from Ukraine, (where he’s traveled some nine times since Russia’s full-scale invasion). In our very popular conversation, Gen. Petraeus offered new insights into Ukraine’s drone program, with an eye toward both the innovation that continues to happen in the battlespace (particularly in the no man’s land along the border) as well as where the industry is headed now that Ukrainian President Volodymyr Zelensky has okayed the export of drones. It was fascinating to hear him explain how that one decision is expected to impact future wars and the impact it will also have on Ukraine's post-war security - assuming we ever get to a deal. Watch Petraeus' interview here.
THIS HAS GOTTA BE A NEW ROCKY MOUNTAIN HIGH: A little birdie told us that the Aspen Security Forum, a summer forum hosted by a non-profit organization that takes place in (you guessed it) Aspen, Colorado each year has upped its price to $12,000 for an ASF Patron Pass this year. Sound a little steep for a national security conference? We thought so too, but then we heard that $7,000 is tax deductible and you even get a free dinner. Wonder what’s on the menu.
HAVANA IS GOING DARK – JUST THE WAY BEIJING AND MOSCOW LIKE IT - As blackouts slash nighttime power across Cuba and the grid limps along at a fraction of its usual capacity, Chinese technicians are wiring up telecom networks and Russian engineers are “fixing” radar sites, all just 90 miles off the coast of Florida. The energy crisis, driven by the collapse of oil supplies and Mexico’s halted shipments, has turned Havana into a bargain-basement real estate deal for foreign intelligence services. Experts tell The Cipher Brief that China is quietly expanding its digital footprint with signals sites and network gear that give it a front-row seat to U.S. military activity from Florida to the Gulf. Russia, never really gone, is embedding itself in Cuba’s infrastructure and rotating forces through ‘friendly’ port calls. Seems like something worth watching for those who can see it.
THE HIGH COST OF BEING COOL - Michael Lynton, former CEO of Sony Pictures Entertainment, is looking back on the 2014 film The Interview (the 2014 Seth Rogen–James Franco comedy about killing Kim Jong Un) with deep regret. In an excerpt from his memoir published in the Wall Street Journal, Lynton said greenlighting the movie was the “biggest mistake of my career.” The fallout roughly 70 percent of Sony’s servers were hacked. Embarrassing and personal emails, scripts, and other personal data was then dumped. The believed culprit: North Korea. Lynton says his real failure was greenlighting the project “on the fly,” driven less by strategy and more by a “desire to belong.” He admits in his memoir that he wanted to run with the ‘cool kids’, the ones making “subversive” movies at the time. Lynton says he, along with his colleagues and his family, paid a very high price for his mistake. The cyberattack was deemed one of the worst in corporate history.
KNOW WHO YOU'RE WORKING FOR: According to The Record, a Ukrainian national was sentenced to five years in federal prison this week for helping North Korean IT workers steal American identities and land remote tech jobs at 40 U.S. companies. Prosecutors say the accused ran a website called "Upworksell.com" (not exactly a clandestine cover name) that supplied Pyongyang's operatives with up to 871 proxy identities, managed their freelance accounts, and helped funnel salaries back to North Korea's weapons programs. Prosecutors say he also bankrolled laptop farms in places like Virginia, Tennessee, and California so that workers logging in from the DPRK would appear to be dialing in from perfectly normal American locations. Here’s the rub: the Ukrainian national submitted a statement at sentencing saying that he finally read that North Korean soldiers were fighting alongside Russian forces who were killing Ukrainians (his own country). "The shame was unbearable," he wrote. "I carry the burden of being a traitor."
CAN YOU HEAR ME NOW? Cipher Brief CEO & Publisher Suzanne Kelly was in West Palm Beach last week - not working on her tan (which probably wouldn’t hurt) but moderating a conversation with Tom Keane, SVP of Engineering and head of the Connected Warfare Division at Anduril. It was part of the Defense Tech Leadership Summit hosted by AWS, Related Ross and Vanderbilt University. Keane drew a picture of what the future battlespace will look like – especially as warfighters face challenges related to connectivity in remote locations. For show and tell, AWS rolled out a camouflage-painted truck called Maverick that hosts a system developed by Anduril called MENACE-T. Sounds daunting. Menace is a fully integrated portable Command, Control, Comms and Computing system that allows a warfighter to communicate in environments that well, don’t exactly have great wifi. If you wonder what the future of warfare looks like, check out the Instagram post that Bloomberg’s Annmarie Hordern shared.
FOR YOUR EYES ONLY: France's DGSI is investigating what may be either a sophisticated espionage operation or the world's most elaborate excuse for not asking a coworker a question. A 19-year-old temporary worker at Dassault Aviation's Cergy facility (home to production of the Rafale fighter jet), was arrested after wearing camera-equipped smart glasses on the assembly line. His explanation: he photographed the aircraft cables as personal wiring references "so he wouldn't have to ask his colleagues," questions. We guess even with the glasses, he didn’t see the posted restrictions banning photography throughout the plant. Investigators have so far found no evidence the images were shared with a third party, though that possibility remains the focus of an ongoing probe.
GOT NEWS TO SHARE? SEND IT OUR WAY: Editor@thecipherbrief.com
Read more expert-driven national security insights exclusively in The Cipher Brief.
