**Links**: [Blogger](https://bryantmcgill.blogspot.com/2026/06/cognitive-cyber-warfare.html) | [Substack](https://bryantmcgill.substack.com/p/cognitive-cyber-warfare-measures) | [Obsidian](https://bryantmcgill.xyz/articles/Cognitive-Cyber+Warfare+Measures+and+Countermeasures) | Medium | Wordpress | [Soundcloud 🎧](https://soundcloud.com/bryantmcgill/cognitive-cyber-warfare)
**From Shadowgate Discourse to AI-Mediated Operations in the Information Environment**
*This analysis is written for the community that will have to operationalize the cognitive domain rather than merely describe it: the **Senate Armed Services Committee** staff who authored the FY2026 definitional mandate; the **Joint Staff** and **combatant-command** information and operations planners — the J-2, J-3, and J-39 shops and the theater information elements — who must convert definition into doctrine and scheme of maneuver; the **DARPA** and **IARPA** program managers building the detection, provenance, AI-assurance, and resilience stack; and the analysts at **RAND**, **CNAS**, **SCSP**, and the allied research nodes who will test, contest, and refine the argument. It is therefore pitched in that working register — falsifiable claims, graded confidence, named programs, statutes, and authorities, and recommendations framed for ownership and oversight rather than exhortation — on the premise that a paper about decision quality should be decision-useful to the people who hold the equities. The general reader is welcome and accommodated; the intended reader is the one who can act on it.*
**What if the language of "cybersecurity," "supply-chain resilience," "critical infrastructure protection," and "foreign malign influence" has always been the public-facing vocabulary for a deeper contest already underway** — adversarial attempts to degrade American orientation, trust, cohesion, and decision quality without open confrontation? Assuming the best of our defensive institutions, the task is not to panic the public but to help Americans understand why **cognitive resilience, provenance, AI robustness, supply-chain integrity, and institutional trust** are becoming matters of national survival.
This is no longer only a thinker's question. In the **FY2026 National Defense Authorization Act**, Congress — through **Senate Armed Services Committee Report 119-39, *Narrative Intelligence and Cognitive Warfare*** — conceded a **persistent definitional ambiguity** at the center of the field and formally directed the Department to *define* cognitive warfare and narrative intelligence and to delineate them from information warfare, psychological operations, and influence activities. The contest, in plain terms, has outrun the vocabulary built to govern it; the government has put in writing that it cannot yet name the thing it must fight. What follows is offered, among much else, as a **candidate answer to that mandate**.
This paper is the map. It follows the migration of conflict from the machine layer to the mind: how cyber operations became cyber-psychological operations; how broadcast propaganda became AI-personalized cognitive attrition; how the United States and its adversaries have built — in the open, documentable record — the doctrine, commands, programs, and research required to wage such a contest and to withstand it. It separates what is **confirmed** from what is merely **converging** from what is only **rumor**; it names the offensive *measures* and the defensive *countermeasures* with equal candor; it dares the necessary thought experiment about whether the campaign has already, quietly, begun; and it closes by equipping the reader with the **cognitive literacy** to see the operation behind the message — the successor to media literacy that the present threat demands. The argument is **unapologetic about the goal of American Cognitive-Cyber primacy** and uncompromising about the law and ethics that make such primacy worth holding. By the end, one proposition should remain: the decisive terrain of this contest is the **orient phase** — the space between what you perceive and what you decide — and everything that follows exists to keep that ground sovereign and free.
Concretely, what the reader receives is a **falsifiable, ownership-ready ontology** built to answer that mandate: a definition of **cognitive warfare as the contest over the reactions of minds to information** rather than over the dissemination of information itself, operationalized as **closed-loop cognitive attrition** — the adaptive cycle of *access, profile, perturb, observe, recalibrate* whose terminal condition is the **self-neutralization of hostile coherence** rather than persuasion or kinetic destruction. That single distinction is carried across the historical lineage — from **Zersetzung and COINTELPRO** through **Operation Glowing Symphony** to the **AI adaptive governor** and the migration toward the **neural substrate** — and into a defensive answer treated as one interdependent system rather than a set of competing programs: a **seven-layer Cognitive Sovereignty Infrastructure** spanning information-environment radar, truth-chain provenance, AI immune systems, cyber hardening, psychological inoculation, human-performance resilience, and a consent-bounded bio-neuro readiness. Two analytic instruments do the load-bearing work throughout: the **access-layer-versus-substrate-layer** distinction — applied both to undersea-cable rerouting and to the 2025–2026 AI-evaluation and neural-interface **standards** contest, where winning the physical corridor confers no control over the protocols, evaluation grammars, and certification regimes that decide what the corridor may carry or how the models trained on its data are constrained — and the **relay-ecology and semantic-capture** method, which names documented amplification patterns, including the exploitation of the **U.S.–Israel fracture**, without collapsing into single-actor conspiracy, and which separates originating and laundering nodes from the last-mile carriers who merely pass the payload on. From these follow the deliverables a planner can act on: a **cognitive effect assessment framework** that scores **decision performance rather than engagement**; the designation of an **integrating authority** built on the PIOA and 10 U.S.C. §397; the establishment of **narrative intelligence** as a distinct collection discipline with requirements against relay-ecology topology and semantic-capture dynamics; and the proposal of Cognitive Sovereignty Infrastructure elements as **NATO and Five Eyes baseline standards** — with every capability bound to a **symmetry principle** and a **consent-and-reversibility perimeter** that keep the enterprise inside lawful national defense and clear of the domestic failure modes the paper diagnoses in COINTELPRO.
---
## Executive Summary
The United States should be unambiguous about the goal. **Cognitive-Cyber primacy is the preservation of American decision dominance and the degradation of hostile decision capacity** — the ability of the United States and its allies to preserve friendly cognition, trust, tempo, and lawful decision quality while rendering hostile combatants, command structures, proxy networks, and adversarial influence systems unable to orient, coordinate, recruit, move, finance, communicate, decide, or fight. The objective is not persuasion in the ordinary rhetorical sense. The objective is to make **hostile systems cognitively degradable while American systems remain cognitively sovereign.**
The popular imagination still renders cyber warfare as a contest of machines against machines: malware resident in servers, ransomware freezing hospitals, drones overhead, grids blinking out, a hooded figure in a darkened room. That image is not wrong so much as **terminally incomplete**. The machine layer is the access layer; it is the road, not the destination. Once command, logistics, identity, reputation, navigation, intelligence synthesis, and social trust are mediated through digital systems, the wire leads to the screen, the screen to the perception, the perception to the decision, and the decision to battlefield behavior. The mature object of cyber warfare is therefore not the router but the **human perception-action loop** that the router serves. This migration — from infrastructure disruption toward the corruption of orientation, trust, coordination, decision quality, morale, tempo, and behavioral endurance — is what this paper names **Cognitive-Cyber Warfare**.
Its offensive logic is **closed-loop cognitive attrition**: a persistent, feedback-sensitive cycle of *access → profile → perturb → observe → recalibrate* whose objective is not persuasion but the degradation of an adversary's functional coherence until withdrawal, paralysis, exposure, defection, desertion, surrender, unreliability, or operational uselessness becomes the lowest-cost exit. The enemy's own informational environment becomes the attrition mechanism, turned against the coherence it once served. The defensive answer is **Cognitive Sovereignty Infrastructure**: a layered national immune system that preserves orientation, provenance, attribution, AI robustness, social cohesion, psychological resilience, biological readiness, and decision quality under adversarial pressure. American primacy requires **two simultaneous achievements**: hostile forces must remain cognitively degradable, while American forces, institutions, and populations become cognitively resilient.
The evolutionary arc is documentable: from East German **Zersetzung** and the United States' own **COINTELPRO** — the analog prototypes of non-kinetic cognitive attrition built on concealed causation and the disruption of an adversary's coherence — through Cold War and post-9/11 psychological operations, through the 2007 emergence of **Interactive Internet Activities** and contractor-enabled WebOps, through **Operation Glowing Symphony**'s demonstration that machine disruption produces mind disruption, through the doctrinal maturation of **Operations in the Information Environment**, and into the present **AI-personalization breakpoint**, where artificial intelligence functions not as a message generator but as an **adaptive governor** of the entire attrition loop. Adversary doctrine has crystallized in parallel: the People's Republic of China's **Three Warfares**, its **Cognitive Domain Operations**, and its emerging **algorithmic cognitive warfare**; and the Russian **reflexive control** tradition — both of which name the mind as a domain of war.
The defensive architecture is equally legible, distributed across **information-environment radar** (DARPA INCAS, SocialSim, MIT Lincoln Laboratory RIO, the DISARM framework, civil-society analytics), **truth-chain infrastructure** (DARPA SemaFor/MediFor, the C2PA provenance standard and Content Credentials), **AI immune systems** (DARPA GARD, SABER, AIxCC; IARPA ReSCIND), **cyber hardening**, **psychological inoculation**, **human-performance resilience** (the Army's Holistic Health and Fitness and the broader Total Force Fitness ecosystem), and a carefully bounded **bio-neuro readiness** layer governed by an absolute ethical perimeter.
This paper also asks a harder question than most policy writing permits: **what if the contest is not coming but already here** — if adversarial states are already conducting low-visibility cognitive-cyber pressure against American citizens, institutions, supply chains, and trust networks, and the sanitized public vocabulary of "cybersecurity" and "resilience" is the only register in which a responsible government can speak of it? That possibility is offered as **strategic imagination, not accusation** — a discipline for maturing the public's understanding rather than a charge to be proven. It is illustrated by the best-documented fracture campaign in the open record: the multi-actor exploitation of antisemitism and the U.S.–Israel relationship to degrade American cohesion and strain a key alliance.
Finally, this paper takes seriously the deepest domestic vulnerability of all — not gullibility but **category absence**, the failure of **cognitive literacy**. A public equipped only with the tools of media literacy, trained to evaluate discrete messages for truth or bias, is structurally blind to operations that engineer *fields of pressure* across many individually-true or sincerely-believed messages at once. The result is a population that **over-personalizes and under-abstracts** — fighting visible neighbors while invisible operations run free, most vividly in the besieging of Jewish and Israeli communities over the semantic capture of "Zionism," where the manipulated are left punching at shadows. The countermeasure is not censorship and not reflexive trust but the broad cultivation of the perceptual apparatus itself: teaching citizens to read **systems rather than messages**, to perform beneficiary analysis, and to recognize amplification signatures. This, too, is inoculation — the most democratic countermeasure the paper proposes, because it lives in the trained attention of the citizen rather than in any agency or program.
The architecture coheres around a single distinction. The hostile objective is an **engineered constraint field** — algorithmic friction, synthetic consensus, degraded trust, identity confusion, fatigue, and attribution fog — designed to corrupt the **orient phase** of the target's decision cycle, the interval where perception becomes judgment. The defensive objective is to preserve the integrity of that same phase: attention, trust, cohesion, and decision quality under pressure. Countermeasures exist for one purpose — to keep American forces, institutions, and citizens **orienting accurately** while the adversary's own influence environment degrades his coherence faster than it degrades ours.
---
## 1. Congress Has Already Named the Gap
The most consequential recent development in this space is not a program but a **tasking**. The **FY2026 National Defense Authorization Act**, through **Senate Armed Services Committee Report 119-39, "Narrative Intelligence and Cognitive Warfare,"** directs the Department to produce a report *defining* cognitive warfare and *narrative intelligence* and clarifying how each relates to the adjacent doctrinal categories — information warfare, cyber warfare, psychological operations, and influence activities **[CONFIRMED]**. The committee's stated concern is precisely the one this paper was written to address: a **persistent definitional ambiguity** in which the conflation of information warfare, cyber warfare, influence operations, and cognitive warfare produces strategic incoherence even as peer competitors invest systematically in the cognitive domain below the threshold of armed conflict. Congress further frames **narrative intelligence** not as counter-messaging but as intelligence concerning the story an adversary is trying to build — a shift from tracking *what adversaries are saying* to understanding *what decisions they are trying to degrade.*
### A Candidate Definition: Cognitive Warfare as the Contest Over Reactions, Not Dissemination
This is the seam into which the paper's constructs fit as **candidate definitional contributions**. Where the mandate asks for a delineation of cognitive warfare from its neighbors, this analysis offers the operative distinction — information warfare contests the *dissemination* of information while cognitive warfare contests the *reactions of minds* to it — and supplies the mechanism that makes the distinction concrete: **closed-loop cognitive attrition** (the feedback cycle of access, profile, perturb, observe, recalibrate) as the defining offensive topology, the **adaptive governor** as the AI function that distinguishes it from broadcast PSYOP, and **decision degradation rather than persuasion** as the central objective. The committee's three recurring conceptual errors — treating cognitive warfare as messaging rather than decision disruption, modeling influence as unidirectional actor-to-audience flow rather than contested attacker-defender adaptation, and measuring success by engagement metrics rather than decision performance — are answered respectively by this paper's attrition framework, its closed-loop (and counter-attackable, per ReSCIND) modeling, and the **cognitive effect assessment framework** proposed in Section 8. For the narrative-intelligence half of the mandate, the **relay-ecology** and **semantic-capture** lenses of Section 7 and the **cognitive-literacy** discipline of Section 12 supply both the analytic tradecraft and the collection requirements, formalized as a distinct intelligence discipline later in this analysis.
The mandate also forces the **organizational-ownership** question the paper must not dodge. Cognitive warfare presently has no single doctrinal proprietor; its equities are distributed across the Joint Staff (doctrine), **USCYBERCOM** (cyber-enabled effects and Persistent Engagement), **USSOCOM** (MISO/PSYOP and the JMWC), the **PIOA/OIOP** (policy integration under 10 U.S.C. §397), the **Strategic Capabilities Office** (the BIAO technology stack, Section 8), and the intelligence community's assessment chains (narrative intelligence). That diffusion is itself a source of friction and seam-vulnerability: an adversary's closed-loop campaign respects none of these boundaries, while the American response is partitioned among them. The recommendation developed in Section 13 is therefore not merely to define the term but to assign it an integrating authority, so that definition becomes ownership and ownership becomes accountable capability.
---
## 2. Cyber Is the Substrate; Cognition Is the Target
The conceptual pivot of this paper can be stated as a single inversion. **The router was never the target.** The router is the road. The database is not the target; it is memory externalized. The phone is not the target; it is the nervous system's prosthetic. The feed is not entertainment; it is orientation infrastructure. Cyberspace operations acquire their deepest strategic meaning not when they break a machine but when the broken machine **was the adversary's memory, coordination layer, public voice, logistics channel, and trust fabric** — at which point cyber effects become, by transitive necessity, cognitive effects. This is the bridge proposition of the entire analysis: *cyber warfare is the struggle to corrupt operational reality through the machines that now constitute it, while protecting our own.*
This is not a rhetorical flourish; it is increasingly the official self-understanding of the institution. The 2023 Department of Defense **Strategy for Operations in the Information Environment**, the first such strategy update since 2016, defines the information environment as the **aggregate of social, cultural, linguistic, psychological, technical, and physical factors that affect how humans and automated systems derive meaning from, act upon, and are impacted by information** **[CONFIRMED]**. The inclusion of *automated systems* alongside *humans* in a foundational definition is the doctrinal tell: the contested terrain is no longer message content alone but the entire meaning-making apparatus, human and machine, by which a force orients. The strategy frames operations in this environment as integrated employment of information forces to **affect the drivers of behavior** — informing friendly audiences, influencing foreign relevant actors, attacking and exploiting adversary information systems, and protecting friendly ones — and it explicitly repudiates the "legacy" treatment of the information dimension as an *afterthought* to kinetic operations, demanding instead a cultural shift in which **informational and physical power are integrated from the initiation of planning** **[CONFIRMED]**.
What this means analytically is that the **OODA loop** — John Boyd's observe-orient-decide-act cycle — has become the master attack surface of modern conflict. Of Boyd's four stages, *orient* is the pivot: it is where raw observation is metabolized into meaning against the substrate of culture, prior experience, expectation, and trust. An adversary who can corrupt orientation does not need to win the argument; he needs only to make coherent orientation **expensive, slow, mistrusted, and unstable**. The strategic prize is **decision dominance**.
### The Unambiguous Objective: Cognitive-Cyber Primacy
The United States should state the goal plainly. **American primacy in Cognitive-Cyber Warfare means decisive superiority over the adversary's perception-action loop.** At the offensive edge, this means degrading an adversary's will, stability, confidence, coordination, trust network, morale, tempo, and operational usefulness until he defects, deserts, surrenders, freezes, exposes himself, becomes unreliable, or removes himself from the battlespace. At the defensive edge, it means hardening American forces, institutions, and populations so that the same techniques fail against us: **our people remain oriented, cohesive, rested, trusted, authenticated, resilient, and capable of lawful action under pressure.**
A hostile network that cannot trust its sensors, cannot coordinate its cells, cannot preserve morale, cannot authenticate its own communications, cannot maintain tempo, cannot protect its operators from confusion, and cannot sustain coherent action **has already begun to lose before the first kinetic exchange.** The highest form of cyber warfare is not merely breaking machines; it is using machines to collapse the enemy's relationship to operational reality while protecting our own. This is the dream behind every mature military technology: **victory without exposure**, **defeat of the enemy without undue risk to one's own personnel**, **a kill chain compressed toward the speed of thought**, **a battlespace in which autonomous systems degrade hostile will before kinetic exchange becomes necessary.** The older fantasy was the perfect missile. The mature fantasy is the perfect constraint field: a system that surrounds the adversary's cognition, degrades trust, increases decision cost, collapses coordination, and induces self-removal. In lawful strategic language, it is **closed-loop cognitive attrition operating at machine speed under human authority, legal constraint, and national command purpose.** The emotional and intellectual journey of this paper is therefore a staircase of realizations: *we thought cyber attacked machines; then we saw that machines mediate perception; then that perception governs decision; then that decision collapse is the true strategic objective; then that cognitive resilience is national defense.*
---
## 3. Measures: Closed-Loop Cognitive Attrition
The load-bearing offensive concept is **closed-loop cognitive attrition**, and it earns its place in the vocabulary because it names a *process* without overclaiming a *result*. The process is a feedback cycle: **access** the adversary's information environment and the data exhaust of its actors; **profile** vulnerability through behavioral, psychographic, and network inference; **perturb** the environment with calibrated friction, synthetic content, amplified or suppressed signal, reputational pressure, and access denial; **observe** the response through telemetry and effect assessment; and **recalibrate** the perturbation against measured effect. The loop's defining property is that it is **feedback-sensitive and persistent** — it does not deliver a message and depart; it tunes a constraint field and watches it work.
The desired end state is best described not as persuasion but as a **terminal condition** in which the target's own environment becomes so frictional, mistrusted, cognitively expensive, socially unstable, and operationally unreliable that **withdrawal, paralysis, exposure, defection, desertion, or functional collapse becomes the lowest-cost exit**. **Behavioral self-neutralization** is the source literature’s term for this terminal condition, and it must be defined without euphemism and without theatrical excess: the objective is the **lawful neutralization of hostile combat power** — to degrade an adversary’s orientation, trust, morale, tempo, coordination, recruitment, command reliability, financial movement, communications, and operational coherence until the hostile actor or unit can no longer function as an effective instrument of violence. Cognitive-cyber warfare does not repeal the older logic of force — in kinetic war, enemy combatants may be lawfully killed when the law of armed conflict, rules of engagement, distinction, proportionality, military necessity, and command authority permit — it shifts part of the neutralization burden from **physical destruction to decision collapse**. The desired terminal conditions are therefore **surrender, defection, desertion, exposure, paralysis, capture, loss of command confidence, organizational fracture, or operational uselessness**: the collapse of hostile coherence as a fighting system, pursued by the fastest lawful pathway available. This posture is bounded, not softened, by the established autonomy framework — **DoD Directive 3000.09 (2023)** requires that autonomous and semi-autonomous weapon systems preserve appropriate levels of human judgment over the use of force and operate under the law of war, applicable treaties, weapons-safety rules, and rules of engagement, while the **DoD Law of War Manual** governs target verification, distinction, proportionality, and feasible precautions in attack. Severity and lawful command are not in tension; the constraint is precisely what makes the severity usable.
**Stated plainly: the United States should not be embarrassed to seek the defeat, disablement, incapacitation, capture, or lawful destruction of enemies who are trying to kill Americans and allied populations.** The decisive line is not the one between hard war and soft war; it is the one between the lawful neutralization of hostile combat capacity and the lawless coercion the law of war exists to forbid. A serious doctrine must be **severe enough to win and disciplined enough to remain American** — and that discipline is not a concession to sentiment but the condition of legitimacy that makes primacy worth holding.
It is worth naming the mythic register honestly, because it clarifies what the discipline is for. **The crude cultural fantasy is "imagine our enemies disabled or dead, and it happens."** That is the late-night-infomercial shorthand for the strategic dream — "set it and forget it." **The serious military formulation is closed-loop cognitive attrition: access, profile, perturb, observe, and recalibrate until hostile coherence becomes too expensive to sustain.** The dream is hands-free defeat; the discipline is lawful, machine-mediated pressure under human command. The fantasy is enemies vanquished by thought; the architecture is autonomous sensing, modeling, perturbation, assessment, and recalibration — *bounded by law and directed at lawful military targets.* This paper is unapologetic about the goal and uncompromising about the constraint: **we are not pretending warfare is gentle; we are insisting that the next form of warfare is cognitive, autonomous, cyber-mediated, legally bounded, and strategically decisive.**
A word of evidentiary discipline is required here, because this is exactly where a paper on this subject can discredit itself. The terminal-condition concept is a **conceptual extreme** — the asymptote of the attrition logic, not a demonstrated and named program. There is no public, credible evidence of a confirmed, fielded autonomous system that produces this terminal condition on a fire-and-forget basis against identified individuals, and the responsible analyst does not claim one. The stronger, defensible claim is the weaker-sounding one: **the component technologies of closed-loop cognitive attrition are individually visible, converging, and strategically legible**, and the cumulative trajectory of doctrine, research, and commercial dual-use capability points unmistakably toward feedback-sensitive, profile-driven, machine-governed influence. We name the asymptote to understand the vector, not to assert that we have arrived at the limit **[HORIZON]**. The distinction between **information warfare** (which contests the *dissemination* of information) and **cognitive warfare** (which contests the *reactions* of minds to information) sharpens the point: closed-loop cognitive attrition is the operationalization of the latter through the machinery of the former.
---
## 4. Evolution: Zersetzung and COINTELPRO to OIE to AI
The lineage matters because it reveals a **reusable topology** — a structure of psychological governance that predates the digital and survives every change of substrate. The arc runs: *Zersetzung and COINTELPRO → Cold War and legacy PSYOP → post-9/11 integrated IO → 2007 Interactive Internet Activities → contractor-enabled WebOps and managed attribution → Operation Glowing Symphony → JCOIE and OIE doctrine → AI-personalized cognitive attrition → migration toward the neural substrate → cognitive sovereignty countermeasures.*
### Zersetzung: The Adversary's Analog Ancestor
The East German Stasi's doctrine of **Zersetzung** — literally *decomposition* or *corrosion* — is the adversary's analog precursor, not because its mechanisms resemble modern AI but because it reveals the **primitive topology** that every later system reinstantiates. Zersetzung made a target's life harder to understand than to survive. Through intimate profiling, concealed causation, social destabilization, professional disruption, relationship fracture, and deliberate attribution fog — informants, planted rumors, manipulated career trajectories, subtle and deniable interventions in the physical environment — the Stasi induced collapse while leaving the victim unable to prove the source. The essential weapon was **concealed causation**: the felt experience of an unraveling life with no identifiable hand behind it. This was **artisanal cognitive attrition**: labor-intensive, locally bounded, requiring human networks and physical proximity. Its lesson for the present is the scaling premise — what once required informants and local intervention can now be approximated through platform-visibility manipulation, algorithmic isolation, cyber disruption, synthetic media, behavioral profiling, and machine-generated pressure. The old method was artisanal; the new method is potentially **atmospheric** **[CONFIRMED as historical doctrine; HORIZON as scaling analogy]**.
### COINTELPRO: The American Prototype
If Zersetzung is the adversary's analog ancestor of cognitive attrition, the United States possesses its own documented forerunner — and the honest analyst names it not as scandal but as **provenance**. The FBI's **COINTELPRO** (Counterintelligence Program, 1956–1971) pursued a stated operational logic that reads today like an early specification sheet for closed-loop cognitive attrition: to **expose, disrupt, misdirect, discredit, and neutralize** targeted organizations and their leadership. Strip away the decades of conspiracy mythology that have accreted around the name — which this analysis sets aside as irrelevant noise, since the contest over what the credulous believe is endless and beside the point — and what remains is far more interesting than any abuse narrative: a **legitimate test bed and early prototype** of the very capability family this paper treats as central to modern statecraft. In the analog world of informants, forged correspondence, planted media, manufactured rumor, and engineered intra-group suspicion, COINTELPRO demonstrated that an adversary's organizational coherence could be degraded **without kinetic force** — that cohesion, trust, leadership legitimacy, and operational tempo were themselves attackable surfaces. Its verbs map directly onto this paper's vocabulary: *expose* corresponds to forced disclosure and managed attribution; *disrupt* to friction injection; *misdirect* to narrative steering and synthetic consensus; *discredit* to reputational attrition; *neutralize* to the terminal coherence-collapse condition named in Section 3. It is, in plain terms, an early American implementation of cognitive-attrition doctrine — plausibly among the first — and its place in the lineage is a matter of historical fact rather than interpretation.
The reason a great power invests in such systems is precisely the reason their architects understood from the beginning: **they neutralize adversaries while reducing recourse to physical violence** — at their best, a substitution of disruption for bloodshed, of coherence-collapse for the body count. That is the affirmative case, and it is the through-line from this prototype to the doctrine and programs surveyed later in this paper. One clarification keeps the genealogy precise and the document's integrity intact: COINTELPRO's defining limitation was never its toolkit but its **target selection** — it was aimed inward, at lawful domestic political life. That misdirection is exactly what the modern lawful posture corrects by orienting the capability **outward**, at foreign adversaries and hostile networks, under statutory oversight and the symmetry principle developed in Section 11. The lineage is ours to claim without embarrassment; the domestic targeting is the error the architecture has since been built to prevent. Provenance and propriety are separate questions, and a confident power can hold both in view at once.
### Iraq and Post-9/11 IO: The Forcing Function
The decisive forcing function was not a single program but the **collapse of previously separate disciplines into integrated practice** under the pressure of post-9/11 insurgency and counterinsurgency. Media saturation, networked communications, cyber effects, psychological operations, military deception, electronic warfare, and public affairs began converging into a single influence enterprise. The clean public bridge into real-time digital influence is the **2007 emergence of Interactive Internet Activities** — the doctrinal and contractual opening of two-way digital engagement with foreign audiences, accompanied by contractor support and a persistent zone of legal and supervisory ambiguity that has never fully resolved **[CONFIRMED as doctrinal transition; the specific Dynology/ShadowNet claims remain WATCHLIST]**. The point is not that 2007 produced a mature autonomous system. The point is that 2007 marks the moment the **two-way, profile-aware, digitally-mediated influence loop** entered military practice as a deliberate capability, with private contractors inside the gray zone from the outset.
### Operation Glowing Symphony: Machine Disruption as Mind Disruption
The cyber-psychological **hinge** is **Operation Glowing Symphony**, executed in November 2016 by **Joint Task Force ARES** under the command of the future NSA Director and USCYBERCOM Commander Paul Nakasone, and the first offensive cyber operation the U.S. government has officially acknowledged **[CONFIRMED]**. The FOIA-released documents, obtained by the National Security Archive's Cyber Vault and Motherboard, are unambiguous about the operation's character: the mission was to deny the Islamic State the use of the internet by degrading its media infrastructure — seizing and hijacking accounts, taking down distribution nodes, and corrupting the workflow of its propaganda apparatus. The crucial analytic point is captured in the assessment language itself: the operation succeeded by **imposing time and resource costs**, by inducing confusion, workflow impairment, migration into less secure channels, and mistrust within the adversary's own networks **[CONFIRMED]**. The networks were the access layer; the **mind of the organization** — its coherence, its tempo, its confidence in its own infrastructure — was the target. This is the bridge sentence of the entire lineage: **machine disruption becomes mind disruption when the machine layer is the adversary's memory, coordination channel, propaganda system, logistics surface, or trust fabric.** Glowing Symphony also established a template — the rapidly assembled, capability-fused task force — that Nakasone explicitly carried forward into the **Russia Small Group** formed to address election-interference threats, demonstrating that the operation was understood internally not as a counterterrorism footnote but as a model for an "American way" of cyber warfare **[CONFIRMED]**.
### JCOIE and OIE: Doctrinal Maturation
The doctrinal maturation is the movement from **message delivery to environmental modification**. The 2018 **Joint Concept for Operating in the Information Environment** and the subsequent body of doctrine — anchored by **JP 3-04, Information in Joint Operations**, which now sits beneath the 2023 SOIE as a foundational reference, and inheriting the **JP 3-13** information-operations lineage and the **JP 3-13.2** psychological-operations/MISO tradition — formalize the shift from episodic messaging toward **persistent influence on perceptions, attitudes, behaviors, decision-making, and the assessment of feedback** **[CONFIRMED]**. The conceptual center of gravity moves from *what message do we send* to *what environment does the adversary inhabit, and how do we modify it.* This is **OIE**: Operations in the Information Environment, the doctrinal name for environmental modification at the level of behavior drivers.
### The AI-Personalization Breakpoint and the Coming Migration to the Neural Substrate
The terminal stage of the visible arc is the **AI-personalization breakpoint**, treated at length in Section 6. Here it is enough to name the extended sequence that the whole lineage describes: *manual demoralization → broadcast PSYOP → interactive internet influence → contractor-enabled engagement → cyber-enabled environmental friction → feedback-sensitive cognitive attrition → AI-personalized adaptive constraint fields → (the asymptote of) the collapse of hostile operational coherence.* Each transition preserves the prototype topology — concealed causation, intimate profiling, social destabilization, attribution fog — and changes only the substrate through which it operates, from human informant to algorithmic governor.
And the substrate continues to migrate. The lineage that ran from the informant to the algorithm does not terminate at the phone. As non-surgical brain-machine interfaces and programs of the **N3** class — examined in Section 9 — move from the laboratory toward public availability, the locus of both influence and defense will begin its descent from the **informational substrate** of platforms and feeds toward the **neural substrate** itself. The topology will persist unchanged — profile, perturb, observe, recalibrate — while the access layer migrates from the screen we look at to the interface we wear. The countermeasure architecture must therefore be designed not only for the world of feeds and personas that exists now but for the world of direct neural mediation that is arriving, in which orientation, attention, and trust become readable and writable at the source **[HORIZON]**.
This is not abstraction, because the enabling components are already named and executed in the public research record, examined in full in Section 9. The DARPA **N3** program demonstrated the *sensing-and-actuation* layer — non-surgical, bidirectional, man-portable brain interfaces, exemplified by Battelle's injectable magnetoelectric-nanotransducer concept; the **PREPARE** program supplies a *transient, reversible modulation* layer that tunes protective gene expression without altering the genome; and **TNT** adds a *plasticity-acceleration* layer through peripheral-nerve stimulation. Read together, these are the constituent stages of a neural-substrate attrition-or-resilience loop: a future system could read cognitive-state vectors — attention allocation, trust calibration, decision latency, stress loading — and stabilize friendly coherence, or, in hostile hands, perturb it. The same convergence has a documented adversary mirror: the PRC's **China Brain Project (2016–2030)**, directed in part by Mu-Ming Poo of the Chinese Academy of Sciences, fuses brain science with artificial intelligence, brain-computer interfaces, and synthetic biology, and Western analysts have read PLA writings on neurocognitive operations — sometimes labeled "NeuroStrike" in advocacy reporting — as orienting this capability toward offensive cognitive dominance **[China Brain Project: CONFIRMED as national megaproject; offensive "NeuroStrike" framing: WATCHLIST]**. The strategic point is not that neural-substrate warfare is here, but that its parts are funded and converging on both sides of the competition, which is precisely why the technology-control perimeter — consent-based, reversible, provenance-secured — must be drawn before the substrate shift completes, not after.
*The author maps this emerging interface ecology — and Neuralink's place within a set of converging public and private infrastructures — in [2026 Annual Report: The Ecology of Brain-Computer Interfaces](https://bryantmcgill.blogspot.com/2026/01/2026-annual-report-brain-computer.html).*
---
## 5. Present Deployment: Doctrine, Commands, Programs, Contractors, and Research Nodes
The architecture is not speculative because its institutional scaffolding is published. What follows is a survey of the visible enterprise, graded throughout, organized by function rather than by service so that the **convergence** is legible.
### Statute, Doctrine, and Policy Architecture
The statutory anchor is **10 U.S.C. §397**, which establishes the **Principal Information Operations Advisor (PIOA)** and assigns oversight of DoD information-operations policy, strategy, planning, resources, operational considerations, personnel, and technology development — including responsibility for the integration and supervision of deterrence of, conduct of, and defense against information operations **[CONFIRMED]**. At the policy apex sits the **2023 DoD Strategy for Operations in the Information Environment**, signed by the Secretary of Defense in July 2023 and publicly released that November, structured around four lines of effort — *people and organizations, programs, policies and governance, and partnerships* — and explicitly naming China, Russia, Iran, and North Korea as the foreign actors whose information activity it is designed to counter **[CONFIRMED]**. Beneath it, **JP 3-04** provides the joint doctrinal foundation for information in joint operations; the **JP 3-13** lineage carries the information-operations tradition; and **JP 3-13.2** governs psychological operations and MISO and their relationship to interactive internet dissemination. Policy coordination runs through the PIOA and the **Office of Information Operations Policy (OIOP)**. Each service has built its own doctrinal and organizational expression: the Marine Corps **Information Command** and **MEF Information Groups**; **Navy** OIE doctrine; the Space Force's treatment of behavior drivers, foreign actors, and information systems; and the **16th Air Force (Air Forces Cyber)** as the Air Force's information-warfare numbered air force. (Two terminology shifts under the current administration bear noting, since they touch this very vocabulary: the department is now styled the **Department of War**, and the discipline reverted from **MISO** to its older name **PSYOP** in December 2025 — changes that are themselves small instances of the definitional churn that the congressional mandate of Section 1 now moves to resolve.)
### Command Architecture and a Significant Recent Restructuring
The Army's organizational evolution is the most instructive recent development because it shows doctrine becoming structure in real time. On **8 May 2025**, the Army formally inactivated **1st Information Operations Command** — its only active-duty information-operations command, descended from the 1990s Land Information Warfare Activity and stood up in 2002 — casing its colors at Fort Belvoir **[CONFIRMED]**. The inactivation was not a retreat from the mission but a **redistribution** of it: the Army is fielding three **Theater Information Advantage Detachments (TIADs)**, 65-soldier formations that embed information capability permanently at the theater level rather than providing it ad hoc. The **1st TIAD** was activated at **Fort Shafter, Hawaii, on 7 November 2025**, oriented on the Indo-Pacific, comprising five teams spanning cyber, intelligence, psychological operations, public affairs, electronic warfare, civil affairs, and information operations, and explicitly tasked to counter malign influence and craft truthful counter-narratives against, among others, Chinese disinformation; the **2nd TIAD** is to stand up under Army Cyber Command in spring 2026 with a transregional focus, and the **3rd** under U.S. Army Europe and Africa in fall 2026 **[CONFIRMED]**. The official rationale, articulated by Army Cyber Command's commanding general, is that information advantage must be *integrated into the commander's scheme of maneuver* and fused with cyber and electronic warfare, rather than resident in small specialist teams — an **evolved capability**, not the same one. This restructuring is shadowed by a documented **readiness gap**: a March 2024 Defense Department Inspector General assessment found that the Army lacked sufficient PSYOP soldiers to compete in the information domain against China and Russia, owing to shortfalls in recruiting, training, and retention **[CONFIRMED]** — a gap that any serious pursuit of primacy must close.
On the cyber side, **USCYBERCOM** operates under the doctrines of **Persistent Engagement** and **Defend Forward**, the strategic posture of contesting adversaries continuously and as far forward as possible rather than waiting at the perimeter — a posture whose intellectual genealogy runs directly through JTF-ARES and Glowing Symphony **[CONFIRMED]**. **USSOCOM's Joint MISO Web Operations Center (JMWC)** provides a dedicated, enduring capability for web-based influence operations; a public DoD Inspector General evaluation assessed whether JMWC supports combatant-command requirements to conduct MISO and reported — in redacted form — that JMWC supports **internet-based MISO** but lacked some capabilities related to new technologies, cybersecurity, and continuous operation **[CONFIRMED]**. That finding is itself a primacy datum: the enterprise exists, and its own oversight body has identified where it must modernize.
### DARPA and IARPA Research Leads
The research portfolio is where the offensive *sensing* stack and the defensive *assurance* stack are most clearly visible, and where the dual-use character of the whole enterprise is most acute — the same tool that detects an adversary's influence campaign models the dynamics one would need to run one.
On the **sensemaking and forensics** axis, three DARPA programs form a deliberately integrated triad. **INCAS (Influence Campaign Awareness and Sensemaking)** develops tools to detect, characterize, and track geopolitical influence campaigns with quantified confidence, exploiting publicly available multilingual, multi-platform data, and — a point its own program documentation stresses — focusing on *sensemaking, not the countering of influence operations*, on non-U.S. populations, with unclassified research **[CONFIRMED]**. **SemaFor (Semantic Forensics)**, launched in 2020, develops the detection, attribution, and characterization of falsified multi-modal media by reasoning about *semantic* inconsistencies rather than relying solely on statistical fingerprints that improving generators increasingly defeat; on technology transition, DARPA has released an open analytic catalog of SemaFor resources and demonstrated detection capabilities publicly at DEF CON **[CONFIRMED]**. **SocialSim** models the spread and evolution of online information at scale. DARPA's **Modeling Influence Pathways (MIP)** effort connects these three into a pipeline — INCAS for campaign discovery, SemaFor/MediFor for individual-message forensics, SocialSim for platform dynamics — with **Lockheed Martin Advanced Technology Laboratories** as systems integrator delivering a *Prototype Influence Operations Pipeline for Experimentation* **[CONFIRMED as research programs; CREDIBLE ADJACENCY as integrated operational capability]**. The broader knowledge-and-reasoning lineage that feeds this work includes **MediFor**, **AIDA**, **KAIROS**, **Causal Exploration**, **COMPASS**, the older **COMPOEX** operational-environment modeling lineage, **Memex**, and the earlier **SMISC**.
On the **AI-assurance** axis — the immune system for machine cognition itself — the lineage is equally clear. **GARD (Guaranteeing AI Robustness against Deception)** ran through early 2024 and produced widely used open-source tooling: the **Armory** evaluation testbed, the **Adversarial Robustness Toolbox (ART)**, and the **APRICOT** datasets **[CONFIRMED]**. Its successor in posture is **SABER (Securing Artificial Intelligence for Battlefield Effective Robustness)**, a 2025 program — a Secret-collateral effort with an early **BAE Systems** award — building a sustainable operational **AI red team** to assess deployed battlefield AI against data poisoning, adversarial patches, model stealing, and electronic-warfare attacks, structured around recurring *SABER-OpX* test-and-evaluation cycles **[CONFIRMED]**. The **AI Cyber Challenge (AIxCC)**, run jointly with ARPA-H and concluded at DEF CON 33 in August 2025 with Team Atlanta's victory, demonstrated autonomous cyber-reasoning systems that find and patch vulnerabilities in critical-infrastructure software, with the frontier AI labs — Anthropic, Google, and OpenAI — providing technical support and compute credits, and the winning systems released open-source **[CONFIRMED]**.
The single most structurally elegant program in the entire portfolio is IARPA's **ReSCIND (Reimagining Security with Cyberpsychology-Informed Network Defenses)**, led by SRI with a multi-institution team. ReSCIND **inverts** cognitive attrition: rather than exploiting a target's cognition, it identifies and weaponizes the **cognitive biases and decision-making limitations of cyber attackers** — building *bias sensors* and *bias triggers* to degrade the attacker's efficiency and effectiveness from inside their own reasoning **[CONFIRMED]**. ReSCIND is the conceptual mirror image of the offensive thesis, and it proves the symmetry of the domain: the same science that names the perception-action loop as an attack surface names it as a defensible — and counter-attackable — surface. Alongside it, **IARPA HIATUS** pursues human-interpretable authorship attribution from underlying textual structure (relevant to unmasking persona infrastructure and managed attribution), and IARPA's **BENGAL** addresses bias and vulnerability in large language models for safe intelligence-community use.
### Acquisition and Contractor Leads
The procurement and contractor layer is where dual-use capability enters the enterprise, and where confidence grading is most important. RAND's July 2025 report, **Acquiring Generative Artificial Intelligence for U.S. Department of Defense Influence Activities**, is the cleanest open document on this layer: it finds that generative AI offers genuine scaling and automation for influence-related analysis, planning, and assessment, but that DoD's **ad hoc, bottom-up** acquisition has failed to resolve fundamental questions of capability definition, efficient acquisition, and training — and it recommends that the PIOA direct OIOP to bring **enterprise-wide oversight** to a fragmented effort, while cautioning that generative AI is *a tool, not the answer* **[CONFIRMED]**. The **Irregular Warfare Technical Support Directorate (IWTSD)**, particularly its Influence and Information Capabilities subgroup, solicits and funds work on assessing, monitoring, creating, disseminating, and measuring information and influence operations through its broad agency announcements **[CONFIRMED]**.
The managed-attribution and persona-management lineage runs through **Operation Earnest Voice** and **Ntrepid**: as reported by *The Guardian* in 2011, a U.S. Central Command contract called for software enabling fake online personas — each with a convincing background, history, and supporting detail — such that as many as fifty U.S.-based controllers could each operate multiple false identities from their workstations without discovery by sophisticated adversaries **[CONFIRMED, per Guardian reporting; cite cautiously as journalism]**. Adjacent commercial and contractor capability includes **Palantir** and the **Maven Smart System / Project Maven** ecosystem (sensor-fusion and decision-support AI), **Scale AI's Donovan**, **Primer AI** (NLP for open-source analysis), **ClearForce** (continuous-evaluation and behavioral-risk analytics, relevant as an adjacent telemetry and risk-scoring layer), and tactical-kit efforts such as **IWEK-D / Ombra** **[DUAL-USE / CREDIBLE ADJACENCY]**. The analytic discipline here is to **distinguish confirmed contracts from public product capabilities from plausible dual-use adjacency from unverified integration claims**, and never to merge a persona-management vendor, a sensor-fusion platform, and a continuous-evaluation tool into a single asserted command stack absent independent corroboration.
### Analytic and Civil-Society Nodes
The detection-and-mapping ecosystem extends well beyond government. **MIT Lincoln Laboratory's RIO (Reconnaissance of Influence Operations)** develops automated influence-campaign detection; the **DISARM Framework** functions as an influence-operations analogue to MITRE ATT&CK, providing a shared taxonomy of tactics and techniques; and civil-society and commercial analytics — the **Atlantic Council's DFRLab**, **Graphika**, and the **Microsoft Threat Analysis Center (MTAC)** — map and attribute real campaigns in the open **[CONFIRMED]**. It was Graphika's analysis, for instance, that linked the **Spamouflage** network of fake accounts impersonating U.S. voters to the People's Republic of China, and USCYBERCOM and the Department of Justice that helped surface and disrupt Russia's **DoppelGänger** campaign of cloned news sites **[CONFIRMED]**. The doctrinal and analytic commons is enriched by **National Defense University**, **Army University Press** and **Military Review**, the **Modern War Institute**, **CSIS**, the **Special Competitive Studies Project (SCSP)**, the **NATO StratCom Centre of Excellence**, and the **NATO Allied Command Transformation Innovation Hub**.
### The Public Reference Point: Shadowgate as Contaminated Intuition
For many civilians, the first distorted glimpse of this capability family arrived not through doctrine but through **Shadowgate**, the 2020 video by Millie Weaver built around the contractor **Patrick Bergy** and the self-described intelligence linguist **Tore** (Terpsichore Maras). It advanced a sweeping and largely debunked thesis: that a privatized intelligence apparatus wielding a tool called **ShadowNet** had orchestrated a coup against a sitting president, manufactured the Steele dossier, and steered domestic protest movements. Fact-checking found no evidence for the coup claim; a source who worked alongside Bergy disputed that his Dynology role involved software development; Dynology’s own spokesman characterized the broader assertions as wildly fictitious and irresponsible; the recurring claim that the Smith-Mundt Modernization Act of 2012 “legalized propaganda against Americans” is a known misreading; Bergy himself, by 2022, appeared to repudiate several of the film’s marquee claims as fabrications by his former collaborators; and a **name collision** with the National Guard’s unrelated 2019 “ShadowNet” training-range platform seeds further confusion **[CONFIRMED debunking; “ShadowNet” as a unified system: WATCHLIST, uncorroborated]**. The documentary is not reliable evidence. Its *popularity*, however, is evidence of something real: the **absence of a public category** adequate to a transition the public correctly sensed but could not name.
The value of Shadowgate is therefore **diagnostic, not evidentiary** — a contaminated folk-memory in which a genuine anxiety about **privatized influence infrastructure**, behavioral profiling at scale, and the migration of psychological-warfare technique from foreign battlefields toward the domestic information ecosystem found crude expression. Stripped of its conspiratorial scaffolding, one serious kernel survives independent scrutiny: Bergy’s account of work at **Dynology** on Department of Defense contracts beginning around 2007 — supporting what he termed Interactive Internet Activities in service of Computer Network Operations and Information Operations, and helping psychological-operations forces evolve “from dropping flyers from planes” toward micro-targeted, profile-driven social-media influence — corresponds to the **real doctrinal migration** documented above through entirely independent and more credible channels: published doctrine, FOIA-released operations, named research programs, and the open procurement record. **Shadowgate should be read as contaminated testimony around a real doctrinal mutation, not as proof of a single hidden system** — and it is placed here, after that institutional record rather than before it, precisely so that the malformed public artifact can illuminate the missing category without contaminating the chain of evidence.
---
## 6. The AI Personalization Breakpoint
This is the futuristic-now center of the analysis, and the place where the difference between *crude propaganda* and *cognitive-cyber warfare* becomes categorical rather than incremental. Broadcast propaganda is crude because it treats populations as **masses** — a single message sprayed at an undifferentiated audience. AI-mediated cognitive warfare treats people as **dynamic profiles**. It senses behavior, models vulnerability, generates or selects pressure, delivers it through trusted channels, measures response, and recalibrates — continuously, at scale, and per-individual. This is where "set it and forget it" becomes technically meaningful: not as a button that destroys an enemy, but as an **adaptive system that keeps adjusting the adversary's constraint field after initial deployment.**
The correct conceptual designation for the AI in this loop is **adaptive governor**, not "hidden orchestrator." The latter is overheated and undefended; the former is harder, cleaner, and names the actual system function. The AI does not merely *write messages*; it **governs the loop** — sensing, modeling, selecting, generating, testing, and recalibrating. Its inputs are the **data exhaust** of digital life; its inferences are **psychographic and network-structural**; its instruments are recommender dynamics, persona infrastructure, synthetic media, and channel-and-timing control; its feedback is behavioral telemetry; and its output is not a generic message but a **differentially constrictive micro-environment** built for one target. This is the mature form of the **weaponization of intimacy** — a phrase to be deployed sparingly precisely because it is so potent: the target no longer *receives* a message; the target **inhabits a personalized constraint field**. The Stasi needed a building full of informants to construct a single victim's Zersetzung; the adaptive governor approximates it from data.
That this is not idle futurism is established by the adversary's own demonstrated direction of travel. The People's Republic of China is the most important analogue. The **Special Competitive Studies Project** has assessed that PRC writings provide concrete insight into the methods and functions of **algorithmic cognitive warfare**, explicitly discussing large language models, virtual reality, and other emerging technologies as future cognitive-domain attack surfaces **[FOREIGN DOCTRINE]**. The December 2025 DoD report to Congress on Chinese military developments notes that China has **narrowed the performance gap** between its large language models and the leading U.S. models, and assesses that LLMs and LLM-based reasoning models are useful for *synthetic content tailoring to assist influence operations* and for assisting cyber operations and military decision-making **[CONFIRMED / FOREIGN DOCTRINE]**. Real campaigns already exhibit the early form: Russia's **DoppelGänger** uses generative AI to clone media properties and seed disinformation; China's **Spamouflage** deploys thousands of synthetic personas **[CONFIRMED]**. These are not yet the fully feedback-sensitive adaptive governors of the **[HORIZON]** asymptote; they are the **transitional fossils** that establish the trajectory — and the reason American primacy in this domain cannot be deferred.
The most profound implication is captured in a single contrast. **The future of warfare is not the drone.** Drones are visible, cinematic, politically legible. The more consequential warfare is less visible and more corrosive: to make an adversary distrust its own sensors, misread its own society, suspect its allies, fracture its institutions, exhaust its commanders, poison its data, and lose confidence in its own capacity to act. The elegant formulation: **kinetic war destroys capacity from the outside; cognitive-cyber war induces capacity to decay from within.**
---
## 7. The Silent War Hypothesis: Why Resilience May Precede Disclosure
A serious public conversation about Cognitive-Cyber Warfare must leave room for a disturbing but necessary thought experiment: **what if large adversarial states are already conducting low-visibility cognitive-cyber pressure campaigns against American citizens, institutions, supply chains, and trust networks, and what if the visible language of "cybersecurity," "supply-chain resilience," "foreign malign influence," "critical infrastructure protection," and "misinformation defense" is only the public vocabulary for a deeper national-security contest that cannot be described in full operational detail?**
This question should not be framed as accusation, panic, or certainty. It should be framed as **strategic imagination** — and it is offered here in that register, as a disciplined act of public reasoning rather than a graded claim. A responsible government may know far more about adversary activity than it can publicly reveal. It may be able to see patterns in cyber intrusions, platform manipulation, synthetic personas, data theft, industrial disruption, infrastructure probing, health-system pressure, financial-system reconnaissance, narrative amplification, and social-fracture campaigns that are not individually legible to the public. Yet it may be constrained from disclosing the full pattern because attribution is sensitive, sources and methods must be protected, alliances must be managed, panic must be avoided, and premature disclosure may teach adversaries what has been detected. The public may therefore hear only the softened outer vocabulary: **harden systems, secure supply chains, protect elections, strengthen resilience, counter foreign malign influence, defend critical infrastructure, build public trust**. Beneath that vocabulary may lie a more integrated recognition: adversaries are not merely attacking machines; they are probing the American capacity to orient, coordinate, believe, recover, and act together.
This is where the 2020 experience belongs in the paper, but only with disciplined language. It should not be presented as proof of a single hostile operation. The malaise of 2020 had many visible causes: pandemic fear, institutional confusion, isolation, economic disruption, social-media acceleration, political conflict, public-health messaging failures, urban unrest, grief, uncertainty, and the ordinary exhaustion of a population living under continuous threat perception. But from a Cognitive-Cyber perspective, precisely those conditions also created an ideal attack surface. A society under stress becomes more vulnerable to narrative injection, synthetic consensus, rumor cascades, source confusion, institutional distrust, emotional contagion, and algorithmic amplification. Even without one central adversary controlling the field, hostile actors can exploit the ambient instability. They do not need to create every fracture; they only need to identify the fracture, widen it, accelerate it, and make repair more difficult.
A documented illustration grounds this mechanism and removes it from the realm of abstraction. Among the most consistently exploited American fracture lines is the **United States–Israel relationship and the security of the Jewish community itself** — a high-value target precisely because it sits at the intersection of alliance politics, religious identity, historical trauma, and intense domestic emotion, which makes it unusually combustible and unusually difficult to repair once inflamed. The open record is unambiguous. Within days of the May 2021 Israel-Hamas escalation, Iranian-linked troll networks were amplifying English-language antisemitic messages — including phrases as raw as *"hitler was right"* and *"kill all jews"* — at a measured rate of roughly **175 times per minute**, according to analysis by the Network Contagion Research Institute, affiliated with Rutgers University and the Anti-Defamation League **[CONFIRMED]**. The Microsoft Threat Analysis Center reported in 2024 that Iranian influence actors **parroted antisemitic messages** and had earlier worked to **incite anti-Israel protests at American universities**, explicitly weaponizing divisive social issues to set communities against one another **[CONFIRMED]**. Expert briefings convened by the Simon Wiesenthal Center in early 2026 documented Iran and Russia jointly **pushing antisemitic disinformation — with Holocaust denial functioning as an ideological "entry point" — to undermine the West**, through overlapping influencer networks that amplify one another until the narratives migrate from the fringe into mainstream commentary **[CONFIRMED]**. The decisive analytic point is that the pattern is **multidirectional by design**: hostile actors amplify anti-Israel and antisemitic content *and* the reactive backlash to it, because the strategic objective is not any particular position but the **maximization of mutual hatred, the fracturing of domestic coalitions, and the corrosion of a key American alliance from within**. This is not a novel technique but the digital intensification of an old one — the Soviet **"active measures"** that sought throughout the Cold War to deepen existing American divisions rather than invent new ones.
*The author develops the endogenous-versus-exterior reading of this relationship — the argument that the United States and Israel function as an intrinsic node in a single Western security system rather than an ordinary foreign-policy alliance, which is precisely what makes the fracture so valuable to an adversary attempting to attack it — in companion analyses: [Pax Silica: US-Israel Alliance Downgrades EU/UK for the West's New Rules-Based Order](https://bryantmcgill.blogspot.com/2026/01/pax-silica-us-israel.html), which frames the relationship as a dual-platform Western security organism; [The American-Israeli Cooperative You Were Trained Not to See and Why Section 224 Changes Nothing](https://bryantmcgill.blogspot.com/2026/06/american-israeli-cooperative.html); and [How Europe's Refuse Built the Apex Civilization Called America](https://bryantmcgill.blogspot.com/2026/03/apex-civilization-called-america.html), on Jewish-American co-influence as endogenous to America's institutional operating system.*
The deeper lesson of this case, and the one most useful to the very communities living under its pressure, is that the **visible actor is rarely the operation**. What presents as a single hostile voice — a viral slogan, a campus rupture, a journalist's sudden reframing, a commenter's venom — is typically the **last-mile carrier** of a memetic supply chain it did not originate and cannot see. The operation is better understood as a **relay ecology**: originators who seed a frame, amplifiers who accelerate it, laundering institutions that confer respectability, outrage entrepreneurs who monetize it, bot and persona scaffolds that manufacture the appearance of consensus, algorithmic selection effects that reward the most inflammatory variant, authentic activists who carry genuine grievance, extremist opportunists who attach old hatreds to new vocabulary, and state-aligned influence systems that quietly tune the field. No single hand commands this ecology, and that is precisely its strength: it produces coordinated effects without centralized control, and it distributes blame so widely that no node feels responsible.
Setting Iran aside, the actors worth placing on the board are several, and their motives diverge in instructive ways. **Russia**'s strategic interest is not Palestine but **Western fragmentation** itself — alliance fatigue, institutional distrust, and moral disorientation — and the U.S. Department of Justice's 2024 action against the **Doppelgänger** operation alleged Russian-government-directed use of cybersquatted news domains, fabricated influencers, fake profiles, and AI-generated narratives to manipulate American and allied audiences **[CONFIRMED]**. **PRC-linked networks** are subtler: Graphika documented the **Spamouflage** operation impersonating American voters and injecting divisive narratives, including around the Israel-Hamas conflict, and OpenAI's 2026 reporting on PRC-linked activity showed the same method turned onto U.S. AI and data-center debates — the signature being to exploit a legitimate public concern, enter the discourse covertly, amplify division, and erode trust **[CONFIRMED]**. A third layer is not a state at all but **Islamist and jihadist narrative infrastructure** — Hamas-aligned, Muslim Brotherhood-adjacent, and militant-grievance ecosystems — which the 2026 ODNI threat assessment describes as deploying emotionally evocative, grievance-based narratives, noting that antisemitic and anti-Western framings probably influence disaffected youth and have been exploited as a rallying call for violence against Jewish and Christian targets **[CONFIRMED / FOREIGN DOCTRINE]**. These networks supply the **moral-emotional payload** — oppression, betrayal, purification, martyrdom, cosmic injustice — that state actors and platforms then algorithmically accelerate. A fourth layer is **domestic and transnational extremism** of both wings, which is exactly why attribution becomes treacherous: the far right smuggles old Jew-hatred into anti-globalist forms while maximalist factions collapse all Jewish national self-determination into criminality, and ADL's 2025 analysis documents both wings promoting false narratives and even social-platform lists tagging users as targets **[CONFIRMED]**. A fifth layer is **commercialized influence infrastructure** — the contractor, agency, bot-shop, and persona-management vendors whose deniable labor pollutes the field and supplies adversaries with false-flag and "everybody does it" cover; OpenAI's 2024 disruption report named operations tied to Russia, China, and Iran alongside an Israeli commercial firm, underscoring that the vendor layer respects no flag **[CONFIRMED]**. A 2026 Axios account of a State Department report to Congress placed Iran, Russia, China, and affiliated non-state actors together inside the public attribution frame for weaponizing antisemitic symbols and propaganda to provoke fear and polarize societies **[CONFIRMED]**.
What the stack is doing to language deserves its own name, because it is the actual objective. The target is not any single argument but the **semantic sovereignty** of a community — its capacity to retain the meaning of its own words. One watches a term degrade through predictable stages: first a contested political noun, then an accusation, then a stigma, then an **exclusion protocol** — until "Zionism" ceases to function as a debatable historical and political concept and becomes a **contamination marker**, a tag that forces Jews into a coerced defensive posture over the legitimacy of Jewish peoplehood, refuge, continuity, and national self-definition. This is **semantic capture**: the hostile re-engineering of a word until the community it describes must litigate its own existence on someone else's terms. In the vocabulary of this paper it is closed-loop cognitive attrition applied to meaning itself, with the adversary's adaptive governor tuning timing, translation, cross-platform synchronization, and emotional valence until repair costs more than surrender.
This is why so much of the embattlement is aimed at the wrong enemy, and why the analysis matters as **protection** rather than abstraction. The Jewish and Israeli activists fighting around the clock on social platforms — exhausted, besieged, certain they can see their attacker — are frequently **punching at shadows**: engaging the last-mile carrier while the originating and accelerating nodes remain unpriced, unexposed, and operationally free. The deepest adversary is the **attribution fog itself**, the engineered condition in which Jews blame Palestinians, Palestinians blame Jews, Americans blame one another, institutions blame platforms, platforms blame users, and users blame "the algorithm," while the actors who seeded and tuned the cascade pay no cost at all. The strategic correction is to stop asking only *who hates Zionism* and to begin asking *who benefits from making Zionism unsayable, Jews institutionally defensive, Israel morally radioactive, and Western societies mutually suspicious* — a **beneficiary analysis** whose answer is rarely one enemy but a stack. The countermeasure is therefore not louder rebuttal, which merely feeds the engagement economy, but **provenance discipline**: tracing origin timing, phrase mutation, cross-platform synchronization, translation artifacts, persona clustering, influencer laundering, funding paths, institutional adoption, and moderation asymmetry, and asking always who gains from the emotional aftershock. To teach a besieged community to read the relay rather than swing at the carrier is to begin restoring its semantic sovereignty — and that restoration is itself a defensive victory.
The crucial point that generalizes from this case is that **cognitive-cyber war does not always announce itself as war**. It may appear as fatigue, distrust, incoherence, paralysis, nihilism, factional obsession, sudden institutional illegibility, or the sense that no one can agree on what is real. It may appear as supply-chain disruption that produces not only material scarcity but psychological insecurity. It may appear as cyber intrusion that produces not only data loss but institutional embarrassment and public mistrust. It may appear as synthetic media that does not need to persuade everyone, but merely raises the cost of certainty. It may appear as platform turbulence in which citizens become increasingly unable to distinguish foreign amplification, domestic extremity, commercial engagement incentives, bureaucratic failure, and ordinary human confusion. That attribution fog is not incidental. It is the terrain.
This is why one should extend **earned, good-faith trust** to the institutions that defend them — not the blind credulity that abdicates oversight, but the **charitable presumption** that the men and women charged with protecting the country are, in the main, acting in good faith under constraints the public cannot fully see. A government charged with protecting a free society may be forced to defend against cognitive-cyber campaigns before the public fully understands the domain. It may have to strengthen supply chains, protect infrastructure, monitor foreign influence, harden AI systems, improve provenance, inoculate the public, protect elections, and build resilience **without being able to say every reason why in real time**. In such a setting, silence is not necessarily neglect; sometimes it is **operational discipline** — the protection of sources, methods, and advantage that premature disclosure would forfeit directly to the adversary. The citizen who reflexively assumes the worst of every classified action mistakes the texture of secrecy for the substance of malice, and in doing so makes himself **easier to manipulate, not harder**.
This is the decisive and under-appreciated point, and it follows directly from everything this paper has argued: **adversary cognitive warfare specifically targets the citizen's trust in his own defensive institutions.** A population convinced that its own government, military, scientists, physicians, and infrastructure are secretly arrayed against it is a population already half-defeated — fractured, demoralized, isolated, and primed to reject the very guidance, provenance, and protection that would keep it safe. Hostile influence operations therefore invest enormous effort in corroding that trust: amplifying every genuine institutional failure beyond its true scale, manufacturing or exaggerating betrayals, and converting healthy, specific skepticism into a totalizing, free-floating cynicism that can no longer distinguish a real abuse from an invented one. Seen clearly, **reflexive, undifferentiated distrust of one's own defenders is not a mark of sophistication; it is the adversary's objective achieved from the inside.** To assume the best of those who defend the nation — while still holding them strictly accountable — is therefore not naïveté and not deference. It is, in the precise sense this paper has developed, a **countermeasure**: the refusal to hand a hostile state the prize it most wants, which is a people at war with its own protectors.
Yet trust can never be the whole of the strategy, and a paper that asked for it unconditionally would forfeit its own credibility. Unexamined trust creates its own vacuum into which rumor and adversarial narrative rush, and **power exercised without accountability drifts**, however well-intentioned its holders — which is why the legitimacy of these formidable capabilities depends entirely on the lawful constraint, oversight, and outward orientation that distinguish a defensive instrument from a domestic one. The resolution is not a choice between trust and oversight but their **deliberate fusion**: trust extended as a default, oversight maintained as a discipline, and each used to justify the other. A cognitively sovereign democracy must therefore learn a difficult balance — **disclose enough to educate, govern enough to protect, classify enough to preserve advantage, oversee enough to deserve confidence, and demystify enough to maintain trust** — and the citizen's corresponding duty is the mirror image of the state's: **extend good faith, demand accountability, verify before believing, and refuse the adversary the gift of a population that hates the very people defending it.**
The supply-chain conversation belongs in this same frame. A supply chain is not merely a chain of goods; it is a **chain of confidence**. Semiconductor access, pharmaceutical production, rare-earth processing, food logistics, cloud infrastructure, undersea cables, payment systems, app stores, identity systems, and energy distribution are not only material dependencies. They are **orientation dependencies**. When they fail, citizens do not merely lose products; they lose confidence in continuity. An adversary that can disrupt or even convincingly threaten these systems can impose psychological costs far beyond the physical interruption itself. Supply-chain warfare and cognitive warfare therefore converge at the point where material uncertainty becomes public disorientation.
This also explains why resilience must precede full disclosure. If the public waits for a dramatic announcement that cognitive-cyber warfare has arrived, it will already be late. The proper defensive posture is to assume that adversaries are experimenting continuously across the seams of American society: data, platforms, logistics, health, finance, identity, media, elections, education, and public trust. The answer is not panic. The answer is **Cognitive Sovereignty Infrastructure**: truth-chain systems, provenance, cyber hardening, AI assurance, psychological inoculation, unit and community cohesion, supply-chain continuity, sleep and stress protection, institutional honesty, and the broad cultivation of cognitive literacy. The public does not need to know every classified detail to understand the basic civic duty: to remain difficult to disorient.
The purpose of raising this possibility is not to frighten Americans into suspicion. It is to mature the public imagination. A free people cannot defend what it cannot name. If adversaries seek to make Americans distrust their own institutions, their own neighbors, their own senses, and their own future, then the countermeasure is not blind trust and not reflexive distrust, but **earned trust, hardened systems, transparent governance, and trained discernment**. The future of warfare is not only drones, missiles, or malware. It is the attempt to destabilize an enemy's relationship to reality without appearing to lift a finger. The future of defense is therefore the organized preservation of reality-contact: the ability of a people to perceive clearly, verify claims, repair trust, absorb shock, and continue lawful action under pressure. The controlling phrase for this entire section is **strategic imagination, not accusation** — capability convergence is real, attribution must be disciplined, and resilience is the answer that must arrive before certainty does.
---
## 8. Countermeasures: Cognitive Sovereignty Infrastructure
One cannot end on the threat alone. The adversary's desired condition is a **cognitively degradable population**; the friendly objective is a **cognitively resilient civilization**. This is the defensive half of primacy, and it is non-negotiable: **the same world that makes adversary self-attrition possible also makes American society vulnerable if left cognitively unhardened.** American primacy therefore requires **two simultaneous achievements** — hostile forces must remain cognitively degradable, while American forces and institutions become cognitively resilient. The strategic contest is no longer only whose weapons are faster; it is **whose population, military, and institutions can preserve orientation under autonomous informational pressure.**
The master defensive term is **Cognitive Sovereignty Infrastructure**, chosen deliberately over "counter-disinformation," "cybersecurity," or "resilience training" because it names the **whole stack** rather than a single layer. If the offensive loop is *access → profile → perturb → observe → recalibrate*, the defensive loop is its mirror: **sense → authenticate → stabilize → inoculate → recover → adapt**. The architecture is layered, and each layer is populated by real, named, mostly-public capability.
### Information-Environment Radar
The first layer is the capacity to **see** the adversary's influence activity in near-real time: the detection, characterization, and tracking of campaigns across platforms and languages with quantified confidence. Its instruments are the sensemaking programs surveyed above — **DARPA INCAS** and **SocialSim**, **MIT Lincoln Laboratory RIO**, the **DISARM** taxonomy that lets defenders speak a common language about adversary tactics, and the civil-society and commercial analytics of **DFRLab, Graphika, and Microsoft MTAC**. The radar's purpose is to compress the latency between an adversary campaign's launch and its recognition, and to make *confidence* an explicit, calibrated property of analytic conclusions rather than an unstated assumption.
### Truth-Chain Infrastructure
The second layer addresses **provenance and authentication** — the chain of custody for reality itself. Its research roots are **DARPA MediFor and SemaFor**. Its operational backbone is the **C2PA (Coalition for Content Provenance and Authenticity)** standard and its consumer-facing implementation, **Content Credentials** — a cryptographically signed, tamper-evident manifest that travels inside a media file and records who created it, when, with what tools, and whether AI was involved. Founded in February 2021 by Adobe, Arm, the BBC, Intel, Microsoft, and Truepic, C2PA had by early 2026 grown to a coalition and affiliate base exceeding 6,000 organizations, with a steering committee including Adobe, BBC, Google, Intel, Microsoft, OpenAI, Sony, and Truepic, and a specification advanced to v2.3 by December 2025; the urgency is quantified by the surge in tracked deepfake incidents from roughly 500,000 in 2023 to over 8 million in 2025 **[CONFIRMED]**. A critical epistemic caveat must be stated plainly: **C2PA asserts provenance, not truth.** It demonstrates that a signer made certain claims; it does *not* detect deepfakes or adjudicate whether the claims are accurate. Its proper role is one layer of a defense-in-depth — complemented by invisible **watermarking** and by anomaly-based **detection** — never a single oracle of authenticity.
### AI Immune Systems
The third layer hardens the **machine cognition** on which friendly forces increasingly depend, recognizing that an adversary who poisons a recommender, jailbreaks an assistant, or corrupts a battlefield model attacks the orientation layer directly. Its instruments are the assurance programs surveyed above — **DARPA GARD** (and its open Armory/ART/APRICOT tooling), **SABER** (operational AI red-teaming), **AIxCC** (autonomous vulnerability discovery and patching), and **IARPA ReSCIND** (turning attackers' own cognitive biases against them) — together with the broader disciplines of **adversarial testing, model red-teaming, recommender-system auditing, AI-assistant hardening, data-poisoning detection, and human-in-the-loop assurance**. This is the layer where the defender's own AI is treated not as a trusted tool but as a **contested surface** requiring continuous assurance.
### Cyber Hardening
The fourth layer is the classical foundation reconceived as **cognitive** defense: account integrity, impersonation resistance, access continuity, workflow resilience, sensor integrity, infrastructure hardening, and **anti-friction design**. The reframing matters — every account compromise, every impersonation, every denial of access, every sensor deception is not merely a technical loss but an **injection of friction and mistrust into the decision loop**. Cyber hygiene is, in this frame, cognitive hygiene.
### Psychological Inoculation
The fifth layer builds **population-level resistance to manipulation** through the science of **inoculation theory** — the empirically supported finding that pre-exposing people to weakened forms of manipulation techniques, together with refutations (*prebunking*), confers durable resistance, much as a vaccine does. The research base spans the **Cambridge Social Decision-Making Lab**, the **University of Bristol**, **Jigsaw**, and **BBC Media Action**, and the practical competencies it cultivates include manipulation-tactic literacy, recognition of emotional exploitation and false dilemmas, and detection of **synthetic consensus**. Inoculation is the layer that scales best, because it operates on the human rather than requiring an instrument for every threat — and it is the direct kin of the cognitive-literacy mission developed in Section 12, which extends the same logic from tactics to whole systems.
### Human-Performance Resilience
The sixth layer protects the **physiological and social substrate of decision quality** under sustained pressure, recognizing that adversarial cognitive attrition exploits sleep fragility, stress dysregulation, social-threat perception, and cognitive overload. Its institutional expression is the U.S. military's human-performance ecosystem: the Army's **Holistic Health and Fitness (H2F)** system and its predecessor **Ready & Resilient** and **Master Resilience Training (MRT)**; special operations' **Preservation of the Force and Family (POTFF)**; the joint **Total Force Fitness (TFF)** framework; the **Military Operational Medicine Research Program (MOMRP)**; and the **Consortium for Health and Military Performance (CHAMP)** with its **Human Performance Resources** outreach **[CONFIRMED]**. The resilience competencies that matter most against cognitive attrition are **sleep protection, circadian stabilization, stress inoculation, unit cohesion, emotional regulation, adversarial-media literacy, and operational trust** — because the OODA loop runs on a brain, and a sleep-deprived, socially fractured, chronically stressed brain is a pre-degraded decision system.
### Bio-Neuro Readiness
The seventh and most sensitive layer is treated in full in Section 9.
The integrating insight across all seven layers is that the defender's objective is not merely **surviving manipulation** but **preserving primacy** — maintaining tempo, judgment, cohesion, and lawful initiative under pressure. **A nation that cannot authenticate reality, preserve trust, protect sleep, harden its AI, maintain cohesion, detect synthetic consensus, and inoculate its population becomes cognitively permeable; a nation that can preserve orientation under adversarial pressure possesses cognitive sovereignty.**
### A Cognitive Effect Assessment Framework
Resilience is meaningless to an acquisition or operational community until it is measurable, and the absence of measurement is precisely the gap the Strategic Capabilities Office's **Basic Information Awareness Operations (BIAO)** project was created to close: a common technology stack for the cognitive domain spanning adversary-content detection, multimodal effect generation, and — decisively — a **simulation environment for large-scale population modeling that produces quantitative metrics**, so that an operator can ask, in the project lead's own framing, whether a narrative "resonated like we thought it was going to" and retrain the models when it did not **[CONFIRMED]**. This paper's resilience indicators should be sharpened, in the same test-and-evaluation register, into a **cognitive effect assessment framework**: decision latency under information pressure and **OODA-loop continuity** as tempo measures; **trust-network integrity** and source-verification speed as cohesion measures; **provenance adoption rates** and AI-assistant robustness as authentication measures; and a set of operation-level metrics drawn directly from the diagnostic lenses of Section 7 — an **entropy measure for attribution fog** (how widely causation has been smeared), **amplification-signature velocity** (the rate and synchronization of cross-platform propagation), **pre- and post-perturbation coherence deltas** (the measurable change in a population's or unit's ability to orient before and after a campaign), and **beneficiary-analysis scoring** (which actor's strategic position improves if the target reacts as predicted). Such metrics convert the preservation of orientation from slogan into an auditable effect channel — the language that acquisition and operational communities require for program justification, and the standard against which both offensive effect and defensive resilience can be validated rather than merely asserted.
### Coalition Interoperability and Allied Baseline Standards
No cognitively sovereign democracy defends alone, and the defensive architecture acquires force only when it is interoperable across the alliances that share the threat. The **NATO Chief Scientist's 2025 Report on Cognitive Warfare** (Blatny and Søndergaard Steen) frames contemporary conflict as **behavior-centric** — the decisive terrain being how individuals and groups perceive, interpret, decide, and act — and emphasizes bio-psychosocial effect layers, the synchronization of detection and resilience across allies, and the necessity of shared standards and joint wargaming **[CONFIRMED]**, building on the earlier NATO ACT Cognitive Warfare exploratory concept. The implication for this paper's architecture is direct: the elements of Cognitive Sovereignty Infrastructure are candidates for **alliance-grade baseline standards**. Truth-chain authentication (C2PA/Content Credentials) can serve as a shared provenance standard across NATO and Five Eyes communications; psychological-inoculation and **cognitive-literacy curricula** can be harmonized so that allied populations are hardened to a common floor; the cognitive effect assessment framework above can supply a shared measurement language for combined wargaming; and DISARM can function as the common taxonomy through which allies describe adversary tactics. Framing these as interoperability requirements rather than national programs is the move that interagency and coalition environments reward — and, as Section 7 will argue, it also forces the harder and more honest question of *which* partners are inside the trust perimeter and on what terms.
### The Substrate Layer Is the Contest: A Contemporary Illustration Among Allies
Coalition interoperability raises a question it cannot itself answer: *whose* standards, evaluation grammars, and certification regimes become the shared baseline — and that question is a competitive surface even among close partners. The most current, high-signal illustration is the 2025–2026 rebranding and partnership architecture around the **UK AI Security Institute** and its American counterpart. In February 2025 the United Kingdom reoriented its institute from **AI safety** — the broad field of unintentional societal and individual risk — to **AI security**, the protection of models, systems, and infrastructure from external threats and malicious actors; the United States simultaneously rebranded its own counterpart as the **Center for AI Standards and Innovation (CAISI)** at NIST/Commerce, emphasizing standards development, voluntary industry agreements, unclassified national-security evaluations, and an explicit mandate to defend against "burdensome and unnecessary regulation of American technologies by foreign governments" **[CONFIRMED]**. The UK institute retains deep technical partnerships with **OpenAI, Anthropic, and Google DeepMind** for model access, pre-deployment evaluations, safeguard testing, and joint research memoranda; it co-leads elements of the **International Network of AI Safety Institutes** (now with shifting US participation) and has executed recent agreements with Canada, France, and Australia on evaluation best practices and shared findings. The effect is structural rather than rhetorical: these arrangements **embed UK-originated evaluation frameworks and risk taxonomies into the workflows of the leading US frontier labs** at the precise moment when both governments are tightening their focus on security-relevant capabilities and standards dominance, continuing to shape what counts as a legitimate capability threshold or mitigation requirement for American systems **without requiring formal regulatory extraterritoriality**. That the American rebrand names "foreign governments" as the thing to guard against is itself the tell that the standards layer is understood, on both sides, as a contested lever and not merely a shared public good.
The same access-versus-substrate distinction appears in physical infrastructure. **Meta's Project Waterworth**, announced and advanced through 2025, is the contemporary physical-layer counterpart to the historical cable topology, optimized explicitly for the AI era: a 50,000-kilometer-plus system — the world's longest — routing through three new oceanic corridors connecting the United States, India, Brazil, South Africa, and additional nodes across five continents, designed to power AI-driven transformation, increase resilience against disruptions at chokepoints such as the Red Sea and Suez, and carry the hyperscale data flows that frontier-model training and inference demand **[CONFIRMED]**. It deliberately diversifies away from legacy routes that concentrate jurisdiction and repair capacity in traditional hubs, creating a parallel backbone aligned with Pax Silica-style architectures (and paired, in the US–India "trusted vendors" undersea-cable commitment, with an explicit allied-provenance frame). Yet the physical rerouting, while it reduces certain regulatory leverage points attached to older fiber geography, **does not touch the higher-layer control surfaces** — ITU-T standards authorship, certification regimes, alignment-evaluation frameworks, and firmware-level compliance mechanisms — that continue to operate on the data once it reaches shore or is processed in cloud and AI environments. Waterworth therefore exemplifies the paper's central distinction between **access-layer victories and substrate-layer competition**: the cables can be rerouted, but the protocols, evaluation grammars, and certification chokepoints that govern what those cables are permitted to carry — and how the models trained on that data are constrained — remain active surfaces.
Read together with the neural-interface standards now being authored around the wireless magnetoelectric technologies of Section 9, these three vectors — an allied AI-evaluation lattice, an AI-optimized cable diversification, and an emerging neuromodulation standards frontier — are the contemporary expressions of a single competitive topology, and they supply the falsifiable, post-2023 evidence that a **temporarily aligned competitor** retains both the structural incentive and the technical means to author or constrain the layers on which American decision dominance in the cognitive-cyber and neurotechnological domains will actually be exercised. The honest analytic posture holds two readings at once: the cooperative reading, in which allied evaluation-sharing and resilient infrastructure are sincere and net-beneficial to collective defense; and the competitive reading, in which standards authorship, evaluation grammar, and certification jurisdiction are durable instruments of influence that no serious power surrenders to another, however friendly. The operational consequence is the same under either reading and is therefore robust to the disagreement: **alliance-origin signals in AI governance, neural-interface standards, and infrastructure certification require the same provenance discipline this paper demands of any other input** — sourced, graded, and weighed for whose strategic position improves if their framing prevails. This is the seam at which coalition interoperability hands off to the trust-perimeter analysis of Section 7, where the distinction between an intrinsic partner and a temporarily aligned competitor is developed in full.
*The author develops this competitive topology across several companion analyses: [Allies Are Not Friends: The Evolutionary Truth People Forget Before They Get Conquered](https://bryantmcgill.blogspot.com/2026/01/allies-are-competitors.html), on alliances as temporary alignments between competitors; [Prestige Networks: Transatlantic Blame from the Civil War to Modern America](https://bryantmcgill.blogspot.com/2026/01/xclub.html), on the prestige apparatus that exports causality while importing stewardship under the language of safety and ethics; [From Telegraph to Waterworth: The Cable War the UK Already Lost](https://bryantmcgill.blogspot.com/2026/04/cable-war-from-telegraph-to-waterworth.html), on the access-layer cable decoupling; and [The British Are Coming. Again? Not by Sea, but by Standard.](https://bryantmcgill.blogspot.com/2026/04/the-british-are-coming-again.html), which maps this same access-versus-substrate distinction onto the OSI model and argues that a Layer-1 victory may remain enclosed by standards, certification, firmware, and alignment authorship at Layers 3 through 7. The emerging neural-interface standards examined in Section 9 are a further instance of the same contest, traced in [The Architecture of Continuity and Emerging Neuroinformatics Standards](https://bryantmcgill.blogspot.com/2026/05/continuity.html).*
---
## 9. Genetic, Epigenetic, Neurocognitive, and Human-Performance Resilience
This layer requires the most careful handling in the entire paper, because it is where serious science and dangerous pseudoscience share a vocabulary, and where the analytic discipline that protects the rest of the document is most easily lost. The governing commitment is absolute and stated first: **resilience is polygenic, pleiotropic, developmental, epigenetic, physiological, social, and situational.** There is no resistance gene. There is no bloodline. There is no warrior caste, no super-soldier genotype, no selectionist or coercive biological policy that this analysis endorses or that the science supports. Any framing that drifts toward heritable hierarchy is both **scientifically false** and **ethically disqualifying**, and its appearance in discourse on this subject is itself a marker of bad faith.
With that perimeter fixed, the legitimate science is genuinely interesting. Certain genes and pathways are credible **candidate hypothesis fields** — not switches — because they touch systems that adversarial pressure exploits: **OXTR** (oxytocin receptor; social bonding), **COMT** (catecholamine metabolism; prefrontal dopamine regulation), **DRD4** (dopamine D4 receptor; novelty and reward sensitivity), **BDNF** (neuroplasticity), **ANK3** (neuronal excitability), **SLC6A4** (serotonin transport; affective stability), and **KIAA0319** (language and reading-related processing). The honest scientific statement about all of them together is that each contributes individually small, context-dependent effects within a polygenic architecture heavily shaped by environment and gene-environment interaction; none is a clean "cognitive-warfare resistance" variant **[CREDIBLE ADJACENCY as research signal; WATCHLIST for any deterministic interpretation]**. The tradeoffs are precisely why editing such pathways across a population would be reckless even if it were feasible: blunting threat sensitivity may impair vigilance, increasing trust may increase exploitability, raising dopamine tone may increase impulsivity, and altering plasticity may amplify both learning *and* maladaptation. Resilience is a property of an adaptive organism embedded in a social and informational ecology — not a parameter to be set.
The decisive technical point is that the plausible biomedical future is **not population gene editing**. A population-scale mRNA-CRISPR cognitive-resilience regimen is neither scientifically nor ethically tractable, and this analysis does not entertain it as a design target. The reasons are concrete: cognitive resilience is not a single-gene trait; the relevant tissues are distributed across brain, endocrine, immune, autonomic, vascular, gut-brain, sleep, and social-stress systems rather than confined to one editable organ; and even therapeutic editing for *defined single-gene diseases* still confronts off-target edits, mosaicism, immune reactions, delivery and durability problems, and long-term surveillance burdens, with regulators focusing recent guidance heavily on off-target risk. To attempt cognitive resilience by editing is to attempt to rewrite an organism embedded in a social ecology — which is exactly where biological intervention becomes both unstable and unethical.
The defensible model is **transient, reversible modulation**, and its conceptual exemplar in the public research record is DARPA's **PREPARE (PReemptive Expression of Protective Alleles and Response Elements)**, which aims to activate or modulate the body's *own* protective genetic programs **without altering the underlying genetic code** **[CONFIRMED]**. PREPARE is the bridge from the crude idea of "editing people for resilience" to the defensible idea of **programmable, temporary biological readiness**: short-lived RNA, small molecules, neurostimulation, biomarker-guided intervention, and sleep optimization that tune stress response, inflammation, recovery, attention, and learning during defined windows of high threat, and then stand down. This is **resilience medicine**, not population engineering. Its companions in the public portfolio include **ECHO (Epigenetic Characterization and Observation)** for reading accumulated exposure and recovery state, **Safe Genes** for the safety and reversibility of genetic intervention, **TNT (Targeted Neuroplasticity Training)** — which uses non-invasive peripheral-nerve stimulation to accelerate the acquisition and retention of cognitive skills such as language, analysis, and target discrimination — and **N3 (Next-Generation Nonsurgical Neurotechnology)**, a bidirectional, man-portable, *non-surgical* brain-machine interface program for able-bodied service members, developed with embedded ethical and legal review from inception **[CONFIRMED]**. N3 is also the program whose maturation, noted in Section 4, will begin moving the entire contest from the informational substrate toward the neural one.
It is worth making the convergence concrete, because it is where the bio-neuro layer stops being a list of programs and becomes an architecture. The public record gives N3 unusual specificity: managed by Dr. Al Emondi in DARPA's Biological Technologies Office under BAA HR001118S0029, it sought wearable, bidirectional interfaces able to read from and write to neural tissue at near-clinical spatial and temporal resolution through light, acoustic, or electromagnetic energy that traverses skull and tissue, with Battelle's **BrainSTORMS** concept proposing injectable **magnetoelectric nanotransducers** magnetically guided to target regions and later flushed through the bloodstream — Emondi credited advances in "synthetic biology and nanotechnology" with rendering the goal attainable **[CONFIRMED]**. Read alongside PREPARE's transient gene-expression modulation and TNT's stimulation-accelerated plasticity, these supply, respectively, the **sensing/actuation, modulation, and learning** layers of a closed-loop neural-substrate system: N3-class interfaces could detect cognitive-attrition signatures — stress loading, decision fatigue, orientation degradation — and trigger reversible pharmacological or stimulation-based restoration of coherence, sleep stability, and stress recovery on operational timescales. This is the technical substance behind the NATO Chief Scientist's 2025 emphasis on **bio-psychosocial effect layers** and the defense of emotional, subconscious, and decision processes against technology-enabled cognitive effects. Stated as defense, it is resilience medicine at the neural layer; stated honestly, the same loop run by a hostile hand is closed-loop cognitive attrition at the neural layer — which is exactly why the perimeter restated below is not optional ornament but the load-bearing constraint of the entire program. Every element must remain **consent-based, reversible, medically governed, provenance-secured, and protective**, with neural data streams treated as continuity records under the same authentication discipline the paper applies to media and decision records; the adversary mirror in the China Brain Project is the reason the perimeter must be American policy before the capability is American practice.
The convergence has moved, in the most recent literature, from injectable transducers toward genuinely wireless, transgene-free neuromodulation — which both shortens the timeline and sharpens the perimeter. An October 2024 *Nature Nanotechnology* paper from MIT's Polina Anikeeva laboratory (lead author Ye Ji Kim) demonstrated **magnetoelectric nanodiscs** — a core–double-shell architecture roughly 250 nanometers across — that enable remote, wireless brain stimulation **without surgical implants or genetic modification**, converting externally applied magnetic fields into localized electric fields for precise neuromodulation and thereby addressing the depth and heating limitations of conventional radio-frequency approaches **[CONFIRMED]**. This is a direct evolution beyond the injectable magnetoelectric-nanotransducer concept Battelle advanced under N3 Phase II. Complementing it, a 2026 patent filing from Rice University describes a **magnetoelectric thin-film backscatter** system for passive, power-efficient wireless data transmission from sub-millimeter nerve-stimulation implants, using resonant-frequency modulation **without active onboard power circuitry** and explicitly positioned for distributed networks of implants at depth; a 2026 study on wireless magnetoelectric-driven **nose-to-brain delivery** further illustrates the pharmacological intersection, with magnetoelectric nanotransducers enabling targeted central-nervous-system access without systemic exposure **[emerging; CREDIBLE ADJACENCY]**. These are not incremental refinements: they close the loop on the exact requirements N3 articulated — sub-millimeter spatial resolution, bidirectional read/write, minimal invasiveness — while adding the **modulation layer** on which PREPARE-style transient pharmacological or gene-expression tuning could, in principle, ride. Taken together they constitute the actual hardware substrate on which closed-loop neural attrition or resilience systems can now be engineered at scale **[the system-level closed loop remains HORIZON/converging, not a fielded capability]** — which is precisely why neural-interface standards belong inside the consent-and-provenance perimeter now, while the standards are still being authored, rather than after the substrate has shifted beneath them.
*The technical substrate surveyed here is documented at greater length in the author's [Organic–Synthetic Brain Atlas](https://bryantmcgill.blogspot.com/2026/05/organicsynthetic-brain-atlas.html), which traverses living neural tissue, neuromorphic hardware, connectomics, semantic decoding, and interface systems; the governance dimension — neural-interface and neuroinformatics standards as an authored, contestable layer rather than a neutral given — is developed in [The Architecture of Continuity and Emerging Neuroinformatics Standards](https://bryantmcgill.blogspot.com/2026/05/continuity.html).*
The right way to phrase the whole layer for a policy audience is this. **The plausible future of genetic cognitive resilience is not an edited population but the integration of genomics into a reversible, consent-based readiness system.** Genetics may help identify *differential vulnerability* to stress, trauma, sleep loss, social threat, and cognitive overload; epigenetics may reveal accumulated exposure and recovery state; RNA medicine may eventually provide temporary protective modulation; neurotechnology may accelerate adaptive learning; and behavioral and social doctrine may preserve trust and orientation under attack. The actual program is built around **phenotypes** — sleep stability, stress recovery, autonomic flexibility, attention control, source-verification speed, emotional regulation, unit cohesion, resistance to synthetic consensus, and recovery after manipulation exposure — with candidate genes remaining research signals in the background. The summative principle: **the goal is not a genetically engineered caste, but a cognitively sovereign population whose biological, psychological, informational, and institutional systems remain coherent under personalized machine-mediated pressure**, and the only acceptable interventions are **lawful, consent-based, medically governed, reversible, and protective**.
---
## 10. Confidence Tiers: Confirmed, Adjacent, Dual-Use, Foreign, Weak Signal
The intellectual integrity of this entire analysis rests on refusing to let the tiers collapse. The following consolidates the grading.
**Confirmed statute, doctrine, programs, and operations.** 10 U.S.C. §397 / the PIOA; the 2023 DoD SOIE; JP 3-04 and the JP 3-13 / JP 3-13.2 lineage; **DoD Directive 3000.09** (Autonomy in Weapon Systems, 2023) and the **DoD Law of War Manual**; the 2018 JCOIE; OIOP; USSOCOM's JMWC (and its DoD IG evaluation); the Army's TIADs and the 8 May 2025 inactivation of 1st IO Command; the 7 November 2025 activation of 1st TIAD; the March 2024 DoD IG finding on PSYOP force shortfalls; USCYBERCOM's Persistent Engagement / Defend Forward posture; JTF-ARES and Operation Glowing Symphony (FOIA-documented, November 2016); the 16th Air Force, Marine Corps Information Command, MEF Information Groups, and Navy/Space Force OIE doctrine; the FBI's COINTELPRO (1956–1971) as the documented American analog prototype of non-kinetic cognitive attrition; DARPA INCAS, SemaFor, MediFor, SocialSim, MIP, GARD, SABER, AIxCC; IARPA ReSCIND, HIATUS, BENGAL; DARPA PREPARE, ECHO, Safe Genes, TNT, N3; MIT Lincoln Laboratory RIO; the DISARM framework; the C2PA standard and Content Credentials; the RAND generative-AI influence acquisition report; the attributed adversary campaigns Spamouflage and DoppelGänger (the latter the subject of a 2024 DOJ disruption); and the documented amplification of antisemitic and anti-Israel content by Iranian and Russian influence networks (Network Contagion Research Institute, Microsoft MTAC, Simon Wiesenthal Center briefings, ODNI 2026, ADL 2025, OpenAI 2024, and a 2026 State Department report to Congress) as an exploitation of the U.S.–Israel fracture line. To these are added: the **FY2026 NDAA cognitive-warfare and narrative-intelligence definitional mandate** (SASC Report 119-39); the Strategic Capabilities Office's **BIAO** project (National Defense Magazine and Washington Times reporting, March–April 2026); the **NATO Chief Scientist's 2025 Report on Cognitive Warfare** (Blatny and Søndergaard Steen); the DARPA **N3** program specifics (Emondi, BTO, BAA HR001118S0029) and Battelle's **BrainSTORMS** magnetoelectric-nanotransducer concept; and the administrative renaming of the department to the **Department of War** and the reversion of MISO to **PSYOP** (December 2025). The most current standards- and infrastructure-layer developments are likewise confirmed: the **February 2025 rebranding of the UK AI Safety Institute to the AI Security Institute** and the **June 2025 establishment of the US Center for AI Standards and Innovation (CAISI)** at NIST/Commerce; the UK institute's pre-deployment evaluation partnerships with OpenAI, Anthropic, and Google DeepMind and the International Network of AI Safety Institutes; **Meta's Project Waterworth** (February 2025), the 50,000-kilometer AI-era subsea cable system; and, at the neural layer, the **October 2024 MIT *Nature Nanotechnology* demonstration of magnetoelectric nanodiscs** enabling wireless transgene-free neuromodulation (Anikeeva laboratory). The 2026 Rice University magnetoelectric thin-film backscatter patent filing and the 2026 wireless magnetoelectric nose-to-brain delivery study are graded **[CREDIBLE ADJACENCY / emerging]**, and the system-level closed-loop neural attrition-or-resilience capability they would enable remains **[HORIZON / converging]** rather than fielded.
**Credible adjacency.** The *integration* of the INCAS/SemaFor/SocialSim triad into a single operational influence-detection pipeline; the application of candidate-gene research to personalized resilience support; and the operational maturity of contractor-provided influence tooling beyond demonstrated product capability.
**Dual-use commercial infrastructure.** Ntrepid (managed attribution / persona management, the Earnest Voice lineage); Palantir and Maven Smart System / Project Maven; Scale AI Donovan; Primer AI; ClearForce continuous-evaluation analytics; IWEK-D / Ombra; the commercialized persona-management and influence-vendor layer named in the OpenAI disruption reporting; recommender systems, psychographic-inference pipelines, and synthetic-media generation generally — civilian by design, weaponizable by repurposing.
**Foreign and allied doctrine.** PRC Three Warfares (codified December 2003), Cognitive Domain Operations (renzhiyuzuozhan) seeking "command of the mind," and algorithmic cognitive warfare (per SCSP analysis); Base 311 / Unit 61716 targeting Taiwan; Russian reflexive control and information confrontation; Iranian influence operations; Islamist and jihadist grievance-narrative infrastructure (per ODNI assessment); the PRC **China Brain Project (2016–2030)** fusing brain science, AI, brain-computer interfaces, and synthetic biology (a confirmed national megaproject, directed in part by Mu-Ming Poo of the Chinese Academy of Sciences); NATO ACT's cognitive-warfare exploratory concept and the EU/EEAS FIMI countermeasure framework.
**Weak signal / watchlist.** "ShadowNet" as a confirmed unified system (uncorroborated); the Shadowgate coup/election claims (debunked); the merger of Dynology, CGI Federal, Jones Group International, and ClearForce into a single asserted command stack (not independently verified); confirmed autonomous individualized cognitive-collapse programs (no credible evidence); the popular "set-and-forget self-neutralization" claim (defensible only as the conceptual asymptote of attrition — the self-sustaining collapse of hostile operational coherence, not a fielded capability); and the "silent war" hypothesis of an already-active campaign against the public (offered as strategic imagination, not asserted fact — see Section 7); and the offensive **"NeuroStrike"** framing of PLA neurocognitive capability, which originates in Western analytic and advocacy reporting rather than confirmed PLA doctrine and should be read as a competitive-warning signal, not an established fact. Any claim of a *U.S. Digital Authenticity and Provenance Act of 2025* should be treated as **unverified** pending a primary legislative source; the operative, verifiable provenance development is the **C2PA standard**, not any specific statute.
---
## 11. Civil Liberties, Ethics, and Domestic Safeguards
The same capabilities that defend cognitive sovereignty can erode it from within, and a paper that named the external threat without naming the internal hazard would be guilty of the very asymmetry it warns against. The safeguards belong early and throughout, not as an afterthought — and they are the condition under which an unapologetic pursuit of primacy remains a defense of a free society rather than a betrayal of it.
The foundational legal boundary is the **Smith-Mundt** tradition and its persistent misreading. Contrary to a widely circulated myth, the Smith-Mundt Modernization Act of 2012 did not authorize the government to propagandize the American public; the legitimate concern it crystallizes is real nonetheless: the **U.S.-person exposure problem**, the risk that influence capability built for foreign audiences blows back onto domestic populations through the borderless architecture of the internet. The 2023 SOIE's own definition — encompassing *automated systems* and operating across a global information environment — makes this boundary harder to police precisely because the environment does not respect it. This is also the precise lesson of the COINTELPRO lineage examined in Section 4: a powerful non-kinetic capability turned *inward*, against lawful domestic life, is the historical failure mode the modern architecture exists to prevent by orienting the capability outward under oversight. The **Principal Information Operations Advisor**'s risk-management obligations under 10 U.S.C. §397, privacy and civil-liberties review (the SOIE itself contemplates coordination with the office responsible for privacy, civil liberties, and transparency), and congressional oversight are the institutional checks that must scale with the capability.
The **provenance paradox** is the sharpest near-term civil-liberties tension. Content provenance infrastructure built to defend against deepfakes — C2PA and Content Credentials — generates, by design, large quantities of shareable metadata about creators, and the World Privacy Forum's 2025 analysis warns that this can enable **doxing**: the non-consensual exposure of a creator's identity, with severe consequences for journalists in authoritarian contexts, whistleblowers, activists, and abuse survivors, and the possibility of linkage to commercial, government, or biometric identity systems **[CONFIRMED]**. The lesson is structural: **a truth-chain that authenticates reality must not become a surveillance chain that de-anonymizes dissent.** Provenance must be designed with consent, selective disclosure, and identity-protection as first-class requirements.
The **continuous-evaluation and behavioral-analytics** layer raises parallel concerns. Tools that score behavioral risk against individuals — ClearForce-class systems and their kin — operate adjacent to **FCRA and consent boundaries** and to the broader law of employment, privacy, and due process, and they must be governed accordingly. Platform governance, recommender transparency, and the auditability of the AI assistants increasingly mediating citizens' access to reality are civil-liberties questions, not merely technical ones.
The bio-neuro layer carries its own absolute perimeter, restated for emphasis: **consent-based, reversible, medically governed, protective, oriented toward readiness rather than domination over the person** — and a categorical rejection of eugenic, coercive, non-consensual, caste-based, or deterministic application. Neurotechnology programs such as N3 model the right posture by embedding independent ethical and legal review from inception; that posture should be the floor, not the ceiling, and it grows more urgent precisely as the contest migrates toward the neural substrate. The governing test for the whole domain is a **symmetry principle**: any cognitive-defense capability must survive the question, *would we accept this being done to us, by our own institutions, without our knowledge or consent?* If it would not, it is not a defense of cognitive sovereignty; it is a breach of it. Primacy that fails the symmetry test is not primacy worth having.
---
## 12. Cognitive Literacy: Learning to Read Systems, Not Messages
The most important vulnerability in the American cognitive terrain is not gullibility, partisanship, or even disinformation as such; it is **category absence** — the simple fact that most people cannot perceive a pattern for which they possess no operating vocabulary. A citizen watches a protest, a viral phrase, a campus rupture, a sudden moral inversion, or a reputational cascade, and the inherited interpretive kit offers only familiar explanations: people are angry, the left did this, the right did this, a foreign state did this, the media is biased, antisemitism is rising, the issue is simply controversial. Some of these may be locally true, but each is a **surface diagnosis**. None rises to the level of **systems attribution** — the discipline of asking how a semantic object is being moved through a network, who benefits from its deformation, which actors are amplifying opposite sides at once, what emotional payload is being welded onto it, and whether the objective is persuasion, destabilization, exhaustion, coalition fracture, or identity coercion. The deficit is not intelligence. It is a missing **conceptual grammar**, and no amount of raw cognitive horsepower compensates for the absence of the categories themselves.
This is precisely why the familiar remedy — **media literacy** — is no longer adequate to the threat, and naming its insufficiency is not a criticism of it but a measurement of how far the ground has moved. Media literacy was built for a world of **discrete messages** evaluated for truth or bias: consider the source, check the claim, notice the framing. But cognitive-cyber warfare does not principally traffic in false individual messages; it engineers **fields of pressure** — routing, timing, repetition, actor diversity, phrase mutation, platform incentive, emotional valence, institutional uptake, adversarial benefit, and the deliberate manufacture of repair failure. A perfectly "media-literate" citizen who still reads one message at a time, asking only whether it is true, is **structurally blind** to an operation whose individual messages may each be true, or sincerely believed by their carriers, while the aggregate effect is the corrosion of trust and the fracturing of a coalition. What is required is a successor competency — call it **cognitive literacy** — that teaches people to read the *system* rather than the *message*.
The pedagogical shift resembles teaching someone to see **weather systems rather than raindrops**. The untrained observer says only that it is raining; the trained observer reads pressure gradients, moisture, wind shear, temperature differentials, topography, and forecastable movement. Cognitive warfare rewards the same upgrade of perception. Where the untrained eye sees content, the trained eye sees **routing, timing, repetition, actor diversity, phrase mutation, platform incentives, emotional valence, institutional uptake, adversarial benefit, and repair failure**. The first-order mind asks whether a statement is true or false; the higher-order analyst asks **why this statement is appearing now, through these accounts, in this emotional form, across these constituencies, with this specific reputational consequence, and to whose strategic advantage if everyone reacts exactly as expected.** The cognitively literate citizen can then distinguish an originator from an amplifier, an amplifier from a beneficiary, a beneficiary from a dupe, a dupe from an authentic grievance carrier, and an authentic grievance from an exploited fracture line — distinctions that are invisible without the vocabulary and nearly automatic with it.
The subject is difficult to teach for one stubborn reason: it sounds conspiratorial to ears that have only two settings, *nothing is coordinated* and *everything is controlled*. People hear "engineered dynamics" and picture a cartoon control room, then reject the cartoon and, with it, the real phenomenon. But the actual concept is subtler and more dangerous than puppetry. The hostile actor does not invent every belief, command every activist, or fabricate every outrage. It **identifies existing fractures, adds selective energy, intensifies moral language, launders frames through credible carriers, and makes reconciliation more costly than escalation.** This is not control; it is the **adversarial shaping of probability fields** — cybernetic gradient management rather than command. Teaching this single distinction is most of the battle, because a public that can only choose between naïve dismissal and paranoid totalization will oscillate uselessly between them, which is itself an outcome the adversary is content to produce.
The case examined in Section 7 — the semantic capture of "Zionism" and the besieging of Jewish and Israeli communities — is the worked example of exactly this deficit. The activists punching at shadows are not unintelligent; they are **operating without the grammar**, over-personalizing the carrier and under-abstracting the system, and their exhaustion is the predictable result of fighting symptoms while the hostile function — the maintenance of misattribution itself — runs free. The same dynamic produces the broader epidemic of public disorientation: a population that lacks systems attribution will reliably **over-personalize and under-abstract**, blaming visible neighbors for invisible operations, which is precisely the fracture-widening the adversary seeks. Cognitive literacy is the inoculation, because it converts the citizen from a reactive last-mile carrier into an analyst who can decline the predicted reaction — and a reaction declined is an operation defeated.
The conclusion follows cleanly: **cognitive-cyber warfare is invisible to people who only know how to read messages, and becomes visible to people trained to read systems.** The civic countermeasure, therefore, is not censorship, not reflexive trust, and not a fact-checking apparatus that arrives after the damage is done — it is the broad cultivation of the perceptual apparatus itself: what an information environment is, what a perception-action loop is, what an influence chain is, what semantic capture is, what attribution laundering is, what a beneficiary analysis is, what an amplification signature is, and what the adversarial use of authentic grievance looks like. Once a population holds these categories, the same events that looked like isolated outrage reorganize into legible structure — **pressure against meaning, trust, alliance, morale, and group self-definition.** The purpose is emphatically **not to make people paranoid but to give them enough abstraction to stop being trapped inside the surface theater.** A people that can see the weather is no longer at the mercy of every storm it cannot name — and that perceptual sovereignty is, in the end, the most democratic countermeasure this paper proposes, because it lives not in an agency or a program but in the trained attention of the citizen.
### From Civic Competency to Intelligence Discipline: Narrative Intelligence
Cognitive literacy is the population-scale form of a skill that, professionalized and equipped with collection authorities and tradecraft, becomes a distinct intelligence discipline — the **narrative intelligence (NARINT, sometimes COGINT)** that the FY2026 NDAA explicitly directs the Department to define. The framing is the natural completion of the paper's symmetry principle: the same lenses that defend a community's semantic sovereignty are, turned outward, **collection requirements** against an adversary's relay ecology. Where cognitive literacy teaches a citizen to read routing, timing, and beneficiary structure, narrative intelligence tasks collection and analysis against precisely those features — mapping **relay-ecology topology** (originators, amplifiers, laundering institutions, persona scaffolds), characterizing **semantic-capture dynamics** (how a term is being moved through its degradation stages), and tracking **amplification signatures** (velocity, synchronization, cross-platform and cross-lingual propagation) — in order to answer the question Congress posed: not what an adversary is saying, but **which of our decisions he is trying to degrade.** This closes the loop between protection and exploitation that governs the rest of the analysis: semantic-sovereignty restoration is simultaneously a defensive objective for friendly populations and a collection priority against hostile ones, assessed against the cognitive effect assessment framework of Section 8 and bounded, like every capability in this paper, by the symmetry principle. Treating cognitive warfare as an intelligence problem set with its own requirements, tradecraft, and assessment standards — rather than only an operational domain — is itself one of the maturations the NDAA mandate is reaching for.
---
## 13. Policy Recommendations: A Cognitive-Cyber Resilience Initiative
The recommendations that follow are oriented toward **primacy through resilience** — and they are framed to be defensible to oversight bodies, allied governments, and a skeptical public, because durable primacy is the kind that survives daylight.
First, **answer the congressional mandate: define the domain and assign it an owner.** The FY2026 NDAA (SASC Report 119-39) directs the Department to define cognitive warfare and narrative intelligence and to delineate both from information warfare, PSYOP, and influence activities; this paper's constructs — closed-loop cognitive attrition, the adaptive governor, decision degradation as objective, and the relay-ecology/semantic-capture lenses — are offered as candidate definitional content. But definition without ownership is inert. The RAND finding that influence-AI acquisition is ad hoc and bottom-up generalizes to the whole enterprise, whose equities are scattered across the Joint Staff, USCYBERCOM, USSOCOM, the SCO, the PIOA/OIOP, and the intelligence community. A **designated integrating authority** — built on the PIOA (10 U.S.C. §397) and OIOP — should convert definition into accountable capability across detection, provenance, AI assurance, and human-performance resilience, with explicit civil-liberties review integrated rather than bolted on.
Second, **invest in the truth-chain as critical infrastructure.** Treat content provenance (C2PA/Content Credentials), media forensics (the SemaFor transition catalog), and watermarking as a layered national authentication capability, adopted across government communications and incentivized across the commercial media ecosystem — while statutorily protecting against the provenance-to-surveillance failure mode.
Third, **build the AI immune system as permanent infrastructure, not episodic challenge.** Institutionalize the operational AI red-teaming model that SABER prototypes and the autonomous-defense capability that AIxCC demonstrated, with recommender auditing and AI-assistant hardening as standing functions.
Fourth, **make cognitive literacy a national civic competency.** Cognitive literacy is the highest-leverage, most rights-compatible countermeasure available, because it strengthens the human rather than surveilling the environment, and it is the necessary successor to a media literacy that no longer matches the threat. It should be embedded in professional military education and offered broadly through trusted civil-society and educational channels, teaching the practical disciplines named throughout this paper — **systems attribution, beneficiary analysis, provenance discipline, amplification-signature reading, and the recognition of semantic capture and attribution fog** — so that citizens learn to read the relay rather than swing at the last-mile carrier.
Fifth, **protect the physiological substrate of decision quality.** The human-performance ecosystem (H2F, TFF, POTFF, MOMRP, CHAMP) should be explicitly oriented toward **cognitive-attrition resistance**, and the documented PSYOP and influence-force readiness gaps should be closed — primacy is impossible with an undermanned influence force.
Sixth, **govern the bio-neuro layer with a consent-and-reversibility framework of its own**, modeled on the embedded-ethics posture of N3, with an explicit prohibition on selectionist or coercive application — a framework that must be in place *before* non-surgical neural interfaces reach public scale, not after.
Seventh, **measure effect, not engagement.** Adopt the cognitive effect assessment framework of Section 8 — OODA-loop continuity and decision latency under pressure, trust-network integrity, provenance adoption, AI-assistant robustness, plus the operation-level measures of attribution-fog entropy, amplification-signature velocity, pre/post-perturbation coherence deltas, and beneficiary-analysis scoring — aligned with the simulation-and-metrics direction of the SCO's BIAO project, so that cognitive sovereignty becomes an auditable, test-and-evaluable national-security property rather than a slogan, and so that success is judged by decision performance rather than reach or sentiment.
Eighth, **treat supply-chain integrity as cognitive infrastructure.** Because supply chains are chains of confidence as much as chains of goods, continuity of semiconductors, pharmaceuticals, rare earths, energy, undersea cables, payment and identity systems is a precondition of public orientation; resilience here is psychological as well as material.
Ninth, **invest in cognitive-domain awareness of the adversary.** Sustained, unclassified analysis of PRC Cognitive Domain Operations and algorithmic cognitive warfare, and Russian reflexive control — through the NATO ACT cognitive-warfare concept, the EU FIMI framework, SCSP, and allied research nodes — is the strategic-warning layer of the whole architecture.
Tenth, **stand up narrative intelligence as a discipline.** Acting on the NDAA's explicit naming of narrative intelligence, establish NARINT/COGINT as a defined collection-and-analysis function with its own requirements and tradecraft — relay-ecology mapping, semantic-capture characterization, amplification-signature tracking, and beneficiary analysis — bounded by the symmetry principle and integrated with the cognitive effect assessment framework, so that the United States can read which decisions an adversary is trying to degrade rather than merely catalog what it is saying.
Eleventh, **build for the alliance, not just the nation.** Propose Cognitive Sovereignty Infrastructure elements as candidate baseline standards for NATO and Five Eyes — shared truth-chain provenance, harmonized inoculation and cognitive-literacy curricula, a common effect-assessment vocabulary for combined wargaming, and DISARM as the shared tactics taxonomy — consistent with the NATO Chief Scientist's 2025 emphasis on synchronized detection and resilience, while applying the trust-perimeter discipline of Section 7 to distinguish intrinsic partners from temporarily aligned competitors among them.
Twelfth, **contest the substrate layer, not only the access layer, and apply provenance discipline to alliance-origin signals.** The decisive competition is not over who routes the cables but over who authors the protocols, evaluation grammars, certification regimes, and alignment frameworks that govern what those cables may carry and how the models trained on that data are constrained — a lesson made concrete by the 2025–2026 architecture in which a temporarily aligned competitor's AI-evaluation institute embeds its frameworks and risk taxonomies into American frontier labs while the United States rebrands its own counterpart toward standards authorship and defense against foreign regulatory capture, and by AI-optimized cable diversification (Meta's Project Waterworth) that wins the access layer while leaving the substrate-layer control surfaces untouched. The United States should therefore treat **standards and evaluation-grammar authorship in AI governance, neural-interface specification, and infrastructure certification as a national-security competition in its own right** — pursuing authorship rather than mere participation, and subjecting alliance-origin evaluation taxonomies, capability thresholds, and certification requirements to the same provenance discipline applied to any other input: sourced, graded, and weighed for whose strategic position improves if their framing prevails. Owning the substrate is the precondition for exercising decision dominance on it.
---
## 14. Conclusion: The Decisive Terrain
The argument of this paper reduces to a single proposition with operational consequences: the mature objective of cyber-enabled conflict is not the machine but the mind that depends on it, and the decisive terrain of strategic competition is therefore the **orient phase** of the human and organizational decision cycle — the interval, in Boyd's terms, between observation and action, where meaning is assigned and judgment is formed. Offensively, the threat has matured from broadcast persuasion into **closed-loop cognitive attrition**: an adaptive, AI-governed cycle that profiles a target, perturbs its orientation, observes the effect, and recalibrates — its purpose not to change minds but to degrade the capacity to decide, the coordination, trust, tempo, cohesion, and lawful will to act on which every other instrument of power depends. Defensively, the answer is not counter-messaging but **cognitive sovereignty**: the engineered and cultivated capacity of a population, a force, and an institution to keep orienting accurately under personalized, machine-mediated pressure.
This reframes the defensive enterprise in terms the operational community already owns. The objective is to operate **left of decision** — to authenticate reality, preserve trust, harden the AI layer, protect the physiological substrate of judgment, inoculate the population, and read the relay rather than the message, so that the adversary's attrition cycle is detected and broken before it reaches the moment of choice. Each layer of Cognitive Sovereignty Infrastructure is a means of preserving friendly **decision dominance** while rendering hostile decision systems degradable — the same asymmetry the United States pursues in every other domain, now applied to the one that governs all the others, because a force that cannot orient cannot maneuver, target, or command regardless of its kinetic superiority.
The action-forcing event is already on the record. When Congress directed the Department to define cognitive warfare and narrative intelligence, it opened the way to convert a scattered set of equities into an owned, accountable, and measurable capability — to build deliberately rather than react episodically. The single constraint on that build is the **symmetry principle**: any capability the United States would not accept being turned against its own citizens, without their knowledge or consent, is not a defense of cognitive sovereignty but a breach of it, and primacy that fails that test is not primacy worth holding. The competition will be decided by the side that can keep its people, its forces, and its institutions **oriented and free** under sustained machine-mediated pressure. That capability — not the control of any cable, platform, or model — is what this paper exists to recommend the United States build first, and build right.
---
## Appendix A — Glossary of Core Concepts and Acronyms
**Cognitive-Cyber Warfare** — machine-mediated warfare aimed at perception, orientation, trust, coordination, decision quality, morale, tempo, and behavioral endurance; cyber is the substrate, cognition the target.
**Cognitive-Cyber primacy** — decisive U.S./allied superiority over the adversary's perception-action loop, paired with the cognitive sovereignty of friendly forces, institutions, and population.
**Closed-loop cognitive attrition** — the offensive mechanism: a persistent, feedback-sensitive cycle of *access → profile → perturb → observe → recalibrate* whose objective is degradation of functional coherence rather than persuasion.
**Behavioral self-neutralization** — the terminal condition in which a hostile actor or unit can no longer function as an effective fighting system: surrender, defection, desertion, exposure, paralysis, capture, organizational fracture, or operational uselessness, reached because coherence has become too costly to sustain; the lawful neutralization of hostile combat power through the collapse of operational coherence rather than through physical destruction alone.
**Cognitive Sovereignty Infrastructure** — the master defensive concept: a layered national immune system preserving orientation, provenance, AI robustness, cohesion, resilience, decision quality, and cognitive literacy under adversarial pressure.
**COINTELPRO** — the FBI's Counterintelligence Program (1956–1971); the documented American analog prototype of non-kinetic cognitive attrition, whose operational charter (*expose, disrupt, misdirect, discredit, neutralize*) is a genealogical ancestor of modern doctrine, distinguished from it by its unlawful *inward* targeting of domestic political life — the failure mode the modern outward-facing, oversight-bound posture exists to prevent.
**Silent War Hypothesis** — the strategic-imagination proposition that adversarial cognitive-cyber pressure may already be underway against the public beneath the sanitized vocabulary of "cybersecurity" and "resilience"; offered as disciplined public reasoning, not asserted fact.
**Adaptive governor** — the function of AI within the attrition loop: sensing, modeling, generating, testing, and recalibrating, rather than merely generating messages.
**Adaptive constraint field / weaponization of intimacy** — a per-individual, AI-built micro-environment of differential friction, as opposed to broadcast messaging.
**Relay ecology** — the multi-actor structure (originators, amplifiers, laundering institutions, persona scaffolds, algorithmic selection effects, authentic carriers, opportunists, and state-aligned systems) that produces coordinated influence effects *without* centralized control, distributing blame so widely that no node feels responsible.
**Semantic capture** — the hostile re-engineering of a word through the stages *political noun → accusation → stigma → exclusion protocol* until the community it describes (e.g., "Zionism") must litigate its own legitimacy on the adversary's terms; an attack on a community's semantic sovereignty.
**Attribution fog** — the engineered condition in which causation is so widely distributed that every party blames another while the initiating and accelerating nodes remain unpriced, unexposed, and operationally free; not incidental noise but the terrain itself.
**Cognitive literacy** — the successor competency to media literacy: the capacity to read influence *systems* rather than discrete *messages*, distinguishing originator from amplifier from beneficiary from dupe from authentic grievance carrier, and recognizing routing, timing, phrase mutation, amplification signatures, and beneficiary structure.
**Narrative intelligence (NARINT / COGINT)** — the professionalized, collection-equipped form of cognitive literacy and a discipline named in the FY2026 NDAA: intelligence concerning the story an adversary is building and the decisions it seeks to degrade, with requirements against relay-ecology topology, semantic-capture dynamics, and amplification signatures.
**Cognitive effect assessment framework** — the test-and-evaluation measurement set proposed for the domain: OODA-loop continuity, decision latency, trust-network integrity, provenance adoption, AI-assistant robustness, plus attribution-fog entropy, amplification-signature velocity, pre/post-perturbation coherence deltas, and beneficiary-analysis scoring; the answer to the NDAA's concern that success is wrongly measured by engagement rather than decision performance.
**China Brain Project (2016–2030)** — the PRC national megaproject fusing brain science with artificial intelligence, brain-computer interfaces, and synthetic biology; the adversary mirror to the U.S. N3/PREPARE/TNT convergence, and the reason the neural-substrate technology-control perimeter must precede capability.
**Access layer vs. substrate layer** — the distinction between the physical and routing tier of information infrastructure (cables, corridors, data centers) and the governing tier that determines what that infrastructure may carry and how systems trained on it are constrained (protocols, standards authorship, evaluation grammars, certification regimes, alignment frameworks, firmware compliance). A power can win the access layer — e.g., by rerouting cables — while a competitor retains the substrate layer; the substrate layer is the decisive surface.
**AI Security Institute (UK) / CAISI (US)** — the rebranded national AI-evaluation bodies. In February 2025 the UK reoriented its AI Safety Institute toward AI *security* (protecting models, systems, and infrastructure from threats); in June 2025 the US recast its counterpart as the Center for AI Standards and Innovation at NIST/Commerce, emphasizing standards authorship and defense against foreign regulatory capture. Their evaluation frameworks and risk taxonomies are a substrate-layer competitive surface even among allies.
**Decision dominance** — preservation of friendly tempo, judgment, and lawful initiative while the adversary's decision cycle degrades.
**Reflexive control [FOREIGN DOCTRINE]** — Russian concept of compelling an adversary decision-maker to act in one's favor by shaping how the target's mind processes a manipulated reality.
**Three Warfares (san zhong zhanfa) [FOREIGN DOCTRINE]** — PLA doctrine codified December 2003: public-opinion warfare, psychological warfare, and legal warfare (lawfare).
**Cognitive Domain Operations (renzhiyuzuozhan) [FOREIGN DOCTRINE]** — PLA next-generation psychological warfare aiming at "command of the mind" (zhi nao quan); related to PRC "algorithmic cognitive warfare."
**OIE** — Operations in the Information Environment
**IO** — Information Operations
**MISO** — Military Information Support Operations
**PSYOP** — Psychological Operations
**IIA** — Interactive Internet Activities
**CNO** — Computer Network Operations
**CO** — Cyberspace Operations
**EW** — Electronic Warfare
**MILDEC** — Military Deception
**OPSEC** — Operations Security
**CEMA** — Cyber Electromagnetic Activities
**FIMI** — Foreign Information Manipulation and Interference
**MDM** — Mis-, Dis-, and Malinformation
**OODA** — Observe, Orient, Decide, Act
**PIOA** — Principal Information Operations Advisor (10 U.S.C. §397)
**OIOP** — Office of Information Operations Policy
**JMWC** — Joint MISO Web Operations Center
**TIAD** — Theater Information Advantage Detachment
**JTF-ARES** — Joint Task Force ARES
**C2PA** — Coalition for Content Provenance and Authenticity
---
## Appendix B — Chronological Lineage
The lineage is best read as a single migrating topology rather than a ledger of discrete events. It begins in the analog era: through the **1950s–1989** the Stasi refined **Zersetzung** into artisanal cognitive attrition built on concealed causation, while in the United States the FBI's **COINTELPRO (1956–1971)** prototyped the same non-kinetic logic — *expose, disrupt, misdirect, discredit, neutralize* — as an early, domestically-aimed implementation of cognitive-attrition doctrine. Across the broader Cold War, legacy PSYOP matured and Soviet and Russian thought developed the theory of **reflexive control**.
The adversary's modern doctrine crystallized next. In **December 2003** the PRC codified the **Three Warfares**, and by **2005** had established **Base 311 / Unit 61716** at Fuzhou for Three-Warfares operations against Taiwan. The digital hinge arrived with the **2007** emergence of **Interactive Internet Activities** authorities and contractor-enabled WebOps; by **2011** the **Operation Earnest Voice** persona-management contracting surfaced in public reporting. The decisive cyber-psychological demonstration came in **November 2016** with **Operation Glowing Symphony** under Joint Task Force ARES — the first acknowledged U.S. offensive cyber operation.
Doctrine and defensive science then matured in rapid succession: the **2018 JCOIE** was published and DARPA announced **N3**; **2020** brought DARPA's **SemaFor** and the NATO ACT cognitive-warfare exploratory concept; **2021** saw DARPA's **INCAS** begin and the **C2PA** standard founded (February). The present era opens with the **2023 DoD SOIE** (signed July, released November — the first update since 2016), followed in **March 2024** by the DoD Inspector General's finding of a PSYOP force shortfall against China and Russia, and through **2024** by Graphika's attribution of **Spamouflage** to the PRC, the surfacing and DOJ disruption of Russia's **DoppelGänger**, OpenAI's first covert-influence-operations disruption report, IARPA's **ReSCIND** awards, and — at the neural layer — the **October 2024** MIT demonstration of magnetoelectric nanodiscs for wireless transgene-free neuromodulation. **February 2025** brought a cluster of substrate-layer moves: the UK's rebranding of its **AI Safety Institute to the AI Security Institute** (Munich Security Conference) and Meta's announcement of **Project Waterworth**, the 50,000-kilometer AI-era subsea cable; the US **CAISI** rebrand at NIST/Commerce followed in **June 2025**. In **May 2025** the Army inactivated **1st IO Command** (8 May) and C2PA reached v2.2; **July 2025** brought the RAND generative-AI influence-acquisition report; **August 2025** saw **AIxCC** conclude at DEF CON 33 (Team Atlanta winning); **November 2025** brought the activation of the **1st TIAD** at Fort Shafter; and **December 2025** brought C2PA v2.3, the **NATO Chief Scientist's 2025 Report on Cognitive Warfare**, the **FY2026 NDAA** with its SASC Report 119-39 cognitive-warfare and narrative-intelligence definitional mandate (and the administrative renaming to the Department of War and reversion of MISO to PSYOP), and the DoD's China report noting the narrowing PRC large-language-model gap and Cognitive Domain Operations against Taiwan. In **March 2026** the Strategic Capabilities Office's **BIAO** cognitive-warfare project surfaced in public reporting. Planned for **2026** are the **2nd TIAD** under Army Cyber Command (spring) and the **3rd TIAD** under U.S. Army Europe and Africa (fall) — even as the substrate itself begins its projected migration from the informational layer toward the neural one.
---
## Appendix C — Measures and Countermeasures
The architecture is most legible as a set of paired oppositions, each naming the offensive *measure* and its defensive *countermeasure*. Across the **information environment**, the measure is narrative injection, synthetic consensus, visibility shaping, and trust erosion; the countermeasure is the information-environment radar of INCAS, SocialSim, RIO, the DISARM taxonomy, and the civil-society analytics of DFRLab, Graphika, and Microsoft MTAC. In **media authenticity**, the measure is deepfakes, manipulated evidence, and false provenance; the countermeasure is SemaFor and MediFor forensics, the C2PA standard and Content Credentials, watermarking, and chain-of-custody discipline. In **AI systems**, the measure is data poisoning, adversarial machine learning, recommender manipulation, and AI-assisted influence; the countermeasure is GARD, SABER, AIxCC, ReSCIND, red-teaming, and assistant hardening.
In the **supply-chain and continuity** domain, the measure is logistics disruption, scarcity signaling, infrastructure probing, and confidence shock; the countermeasure is supply-chain integrity, redundancy, undersea-cable protection, and continuity assurance. Against **human cognition**, the measure is stress loading, sleep disruption, decision fatigue, identity fracture, and social isolation; the countermeasure is the human-performance ecosystem of MRT, H2F, POTFF, TFF, MOMRP, and CHAMP, together with psychological inoculation. In the **bio-neuro** layer, the measure is trauma-mediated epigenetic damage, HPA-axis dysregulation, and cognitive overload; the countermeasure is ECHO, PREPARE, Safe Genes, TNT, N3, and biomarker-informed recovery, all consent-based and reversible.
Across the **public cognitive terrain**, the measure is the manufacture of attribution fog, semantic capture, synthetic consensus, and relay-ecology amplification; the countermeasure is **cognitive literacy** — systems attribution, beneficiary analysis, provenance discipline, and amplification-signature reading. And in the **legal and ethical layer**, the measure is mission creep, domestic spillover, and unaccountable contractor influence; the countermeasure is PIOA oversight under 10 U.S.C. §397, the outward-orientation and lawful-target discipline that distinguishes a defensive instrument from a domestic one, FCRA and consent boundaries, and congressional oversight.
---
## Appendix D — Selected Sources
The following high-quality sources ground the substantive claims above; readers are directed to primary documents for verification.
- 10 U.S.C. §397 (Principal Information Operations Advisor); 2023 DoD Strategy for Operations in the Information Environment (media.defense.gov; defense.gov release, Nov 2023).
- On lawful neutralization and the autonomy/law-of-war framework: **DoD Directive 3000.09, "Autonomy in Weapon Systems"** (25 January 2023), requiring appropriate levels of human judgment over the use of force; and the **DoD Law of War Manual** (most recent update), on distinction, proportionality, military necessity, target verification, and feasible precautions in attack.
- U.S. Army and USARPAC releases on 1st IO Command inactivation (May 2025) and 1st TIAD activation (Nov 2025); DefenseScoop, Breaking Defense, and Task & Purpose reporting on TIADs; DoD Office of Inspector General evaluation of USSOCOM's Joint MISO WebOps Center, and the DoD IG (March 2024) on PSYOP force readiness.
- National Security Archive Cyber Vault, JTF-ARES / Operation Glowing Symphony FOIA collections (2018, 2020); Atlantic Council, "The American way of cyber warfare and the case of ISIS"; Church Committee and FBI records on COINTELPRO (1956–1971) as documented historical lineage.
- DARPA program pages: INCAS, SemaFor, SABER, AIxCC results (DEF CON 33), TNT, N3, PREPARE; DARPA "Modeling Influence Pathways" materials; IARPA / SRI ReSCIND announcement.
- FDA genome-editing guidance; peer-reviewed literature on the polygenic architecture of complex traits.
- C2PA / Content Authenticity Initiative specification and adoption reporting (2025–2026); World Privacy Forum and Fortune analyses of C2PA privacy implications.
- Jamestown Foundation and DoD reporting on PLA Three Warfares and Cognitive Domain Operations; SCSP, "Decoding China's AI-Powered Algorithmic Cognitive Warfare"; NATO ACT Innovation Hub cognitive-warfare concept (du Cluzel / Claverie).
- RAND, *Acquiring Generative Artificial Intelligence for U.S. Department of Defense Influence Activities* (RRA3157-1, July 2025); *The Guardian* (2011) on Operation Earnest Voice / Ntrepid.
- On the congressional definitional mandate: FY2026 National Defense Authorization Act and **Senate Armed Services Committee Report 119-39, "Narrative Intelligence and Cognitive Warfare"**; Rushing, Hersch & Xu, "Cognitive Warfare: Definition, Framework, and Case Study" (2026) and the *Small Wars Journal* treatment "Defining Cognitive Warfare" (May 2026).
- On the U.S. technology stack: National Defense Magazine, "Strategic Capabilities Office Launching Cognitive Warfare Project" (26 March 2026) and *Washington Times* coverage of **BIAO** (April 2026), quoting SCO's Sam Gray; DARPA N3 program page and BAA HR001118S0029 (Dr. Al Emondi, Biological Technologies Office), and Battelle press materials on the **BrainSTORMS** magnetoelectric-nanotransducer concept (PI Patrick Ganzer).
- On allied frameworks: NATO Chief Scientist's 2025 Report on **Cognitive Warfare** (Blatny & Søndergaard Steen, NATO STO), and James Giordano's INSS/NDU commentary (January 2026).
- On adversary neuro-programs: reporting and analysis on the **China Brain Project (2016–2030)** and Mu-Ming Poo (Chinese Academy of Sciences), and Elsa Kania's work on PLA military biotechnology and cognitive warfare; the offensive "NeuroStrike" framing is drawn from Western analytic/advocacy reporting and is treated here as a watchlist signal rather than confirmed doctrine.
- On the standards and AI-governance competition: UK Department for Science, Innovation and Technology announcement and Hansard record of the **AI Safety Institute → AI Security Institute** rebrand (Peter Kyle, Munich Security Conference, 14 February 2025); US Department of Commerce / NIST on the **Center for AI Standards and Innovation (CAISI)** (June 2025, Secretary Lutnick), including its mandate to guard against burdensome foreign regulation of US technologies; and reporting on the International Network of AI Safety Institutes and UK frontier-lab evaluation partnerships (OpenAI, Anthropic, Google DeepMind).
- On AI-era physical infrastructure: Meta Engineering, "Unlocking global AI potential with next-generation subsea infrastructure" (**Project Waterworth**, 14 February 2025), and the US–India joint leaders' statement on undersea-cable cooperation using "trusted vendors."
- On wireless neuromodulation: Kim, Kent, Vargas Paniagua, et al., "Magnetoelectric nanodiscs enable wireless transgene-free neuromodulation," *Nature Nanotechnology* (2024; Anikeeva laboratory, MIT); the 2026 Rice University magnetoelectric thin-film backscatter patent filing; and the 2026 literature on wireless magnetoelectric nose-to-brain delivery (treated as emerging).
- On the multi-actor exploitation of antisemitism and the U.S.–Israel fracture line: U.S. Department of Justice, disruption of the Russian-government-sponsored Doppelgänger operation (2024); Graphika, "The #Americans" (Spamouflage); OpenAI, "Disrupting deceptive uses of AI by covert influence operations" (2024) and "PRC-linked influence operations are targeting AI debates in the US" (2026); the 2026 ODNI Annual Threat Assessment; ADL, "Mis- and Disinformation Trends and Tactics to Watch in 2025"; the Network Contagion Research Institute (with Rutgers and the ADL) on amplified antisemitic messaging during the May 2021 escalation; Microsoft Threat Analysis Center reporting (2024); Simon Wiesenthal Center briefings (2026); and Axios (June 2026) on the State Department report to Congress accusing Iran, Russia, China, and affiliated non-state actors of weaponized antisemitism.
---
## Appendix E — About the Author
*[Bryant McGill](https://bryantmcgill.com/about/) is a Wall Street Journal and USA Today Best-Selling Author. He is the founder of Simple Reminders, a United Nations appointed Global Champion, and a Congressionally Recognized Ambassador of Goodwill. His work spans naval intelligence systems, computational linguistics, and civilizational governance architecture. His forward analysis on U.S.–Israel Pax Silica frameworks has appeared in Jewish News Syndicate (JNS).*
---
## A Note on Method and Confidence
This document is an exercise in **capability-convergence analysis**, not exposé. It does not assert the existence of a single hidden machine, a unified command stack, or a confirmed program of autonomous individualized psychological collapse. It argues something more disciplined and, in the end, more consequential: that the **component technologies, doctrines, organizations, and research programs** required to wage warfare against cognition itself are already individually visible in the open record, already converging, and already strategically legible to any analyst willing to read doctrine, follow procurement, and track the research portfolio. The threat — and the corresponding opportunity for American advantage — is not a secret superweapon; it is the **lawful, fundable, documentable assembly** of parts whose integration requires no conspiracy, only momentum and intent.
The paper is also unambiguous about its normative position. It is written from the standpoint of **American and allied national interest**, and it treats **Cognitive-Cyber primacy** — decisive superiority over the adversary's perception-action loop, paired with the cognitive sovereignty of one's own forces, institutions, and population — as a legitimate and necessary objective of national defense. That position is stated openly rather than smuggled in, because clarity of purpose is itself a cognitive-sovereignty discipline. Where the paper engages in forward projection — most explicitly in the Silent War Hypothesis of Section 7 and the projected migration of the contest toward the neural substrate — it labels that reasoning as **strategic imagination, not accusation**, and holds it to the same evidentiary honesty as everything else.
Every substantive claim is graded against a deliberately coarse key, coarse so that it cannot be gamed by rhetorical inflation. **[CONFIRMED]** denotes public doctrine, named and funded programs, FOIA-released operations, statute, and official statements. **[CREDIBLE ADJACENCY]** denotes real research and development whose influence-domain relevance is documented but whose operational integration is inferred. **[DUAL-USE]** denotes commercial infrastructure with influence-relevant capability, civilian by design and weaponizable by repurposing. **[FOREIGN DOCTRINE]** denotes adversary or allied published concepts, named and attributable. **[WATCHLIST]** denotes uncorroborated integration claims, contested testimony, and low-confidence theory. **[HORIZON]** denotes forward-projected convergence, defensible as trajectory rather than as present fact.
The central intellectual hazard of this subject is the slippage by which a **[CONFIRMED]** doctrine, a **[CREDIBLE ADJACENCY]** research program, and a **[WATCHLIST]** rumor get welded into a single sentence and presented as one fact. That slippage is itself a cognitive-warfare failure mode, and a paper on the subject must refuse to commit it — most especially when arguing for an aggressive national posture, because aggression without epistemic discipline is exactly how a great power talks itself into error.
---
*This document is defensive, policy-oriented, historically grounded, and analytically precise. It is unambiguous about the goal of American Cognitive-Cyber primacy and uncompromising about the legal, ethical, and constitutional constraints that make such primacy worth holding. It contains no operational instructions for conducting influence operations or for harming individuals. Every major claim is graded; uncertainty is marked; the asymptote is distinguished from the present; strategic imagination is distinguished from accusation. The hostile objective is an engineered constraint field; the defensive objective is the preservation of orientation — attention, trust, sleep, morale, coherence, decision quality, and the trained cognitive literacy of a free people. Countermeasures exist to keep that capacity intact under adversarially engineered friction — and to keep a free people clear-eyed, well-governed, and unafraid.*
---
### Cognitive-Cyber Warfare: Measures and Countermeasures
Substack: https://bryantmcgill.substack.com/p/cognitive-cyber-warfare-measures
Blogger: https://bryantmcgill.blogspot.com/2026/06/cognitive-cyber-warfare.html
Soundcloud: https://soundcloud.com/bryantmcgill/cognitive-cyber-warfare
Obsidian: https://bryantmcgill.xyz/articles/Cognitive-Cyber+Warfare+Measures+and+Countermeasures
#CognitiveWarfare #NarrativeIntelligence #CyberWarfare #InfoOps #PSYOP #DARPA #IARPA #NDAA #NatSec #CognitiveSecurity #Cyber #Warfare #Cognitive #ShadowGate
#SenateArmedServicesCommittee #SASC #FY2026 #NationalDefenseAuthorizationAct #NDAA #Congress #DepartmentOfDefense #DoD #JointStaff #J2 #J3 #J39 #DARPA #IARPA #RAND #CNAS #SCSP #UnitedStates #US #COINTELPRO #OperationGlowingSymphony #PIOA #10USC397 #NATO #FiveEyes #AI
ORCID iD: 0009-0003-2345-5390
Posts
0 Comments