Fubar Ethos
OPSEC-blind Hegseth not only set up our military leaders for the worst ambush of the century, but utterly neglected to consider how terrifyingly vulnerable we currently are to cyberattack.
Preface: I am deeply proud of our armed forces, who are amongst the most capable, tough, esteemed, and smart militaries on earth. They also deserve far better veteran’s benefits. If anyone can save us, it is them.
This is criticism directed at Hegseth and Trump only.
Loser Ethos
“We have the strongest, most powerful, most lethal, and most prepared military on the planet.”
“War Secretary”, fantasizing of glorious battle while violating the entirety of the OPSEC manual….AGAIN.
None of that matters if you’re dumb. Or unprepared.
After considering alternative monikers such as “Secretary of War [Loss]”, I propose a more suitable title, since we’re keen on making new ones up these days: “Secretary SPOF”.
Single Point of Failure.
Loser OPSEC
Hegseth demanded :
Every top commander from every U.S. military branch
From every deployment theater
Report to a single, internationally-publicized location, even broadcasting THE EXACT TIME
With 72 hours’ notice.
This is not someone who understands war whatsoever.
That is how you LOSE one.
There are some words to describe how terrifyingly clueless this is.
Ambush-naive
Failure to appropriately assess risk1
Grandma-level knowledge of how mobile phones work
Gallingly violating every principle of OPSEC while insulting our armed forces
Immediately before they won’t even be PAID for who knows how long
Feeling awfully like a setup in a spy movie where they kill everybody at the party
Seriously. I would have done anything to get out of going to that meeting, because I’d be terrified the food would be laced with plutonium.
Awful death.
That brings me to the OPSEC manual; one of the many dry, boring military instruction textbooks that will save your life -
Should you bother to read it.
Let Me Read This For You
Our competent forebears wrote the book on OPSEC, which Sec. SPOF doesn’t seem to realize exists.
I present to you JP 3-13.3-OPSEC.pdf , posted on the media.defense.gov subdomain (have fun fixing those DNS records!)
RTFM
(“Read The Fucking Manual.”)
Single Points of Failure Are Disastrous
Bringing every senior officer across all branches to a single, publicly-known location violates the doctrine’s cardinal rule.
Hegseth has violated basically everything on every page.
Failure Ethos
This is truly epic level of fucking-up, dwarfing “Signalgate” by a large margin.
SecDef Responsibilities:
Per DoDD 5143.01:
Responsible for setting and enforcing the rules for:
Classified information handling
OPSEC
SCIF accreditation and usage
Insider threat mitigation
Cyber risk posture
Ouch.
The entire world is confounded.
But I’m not writing this because of his incompetence. Nothing new there.
Here’s my unsolicited risk assessment, written so civilians know exactly what a travesty this was. Nothing below is news to anyone on active duty.
Here’s A Calendar Invite To Attack Us
8. Operations Security and Cyberspace
a. OPSEC officers, in coordination with the public affairs officer (PAO) and cybersecurity personnel, should review their command’s presence on the World Wide Web through the eyes of the adversary, looking for critical information and indicators that may reveal sensitive operations, movement of certain assets, personal information about US citizens and employees, and technological data.
The issues begin in-transit to this internationally-broadcast, unclassified, zero-notice scramble.
Assumptions
I’m going to assume best-case scenarios, as our military commanders were aware of how bad this was, and did what they could to mitigate.
So let’s assume:
In and out; no one stayed overnight, however brutally exhausting the trip
Subway sandwiches the only food provided in order to limit government spending
All transit to and from the event was via military vehicles operated by military personnel
Secret Service coordination, sniper cover, and upgraded perimeter security
Satellite and drone surveillance
Personal devices off everywhere at the facility
But not geo-fenced once inside the United States
Short-notice chaos means above-average incidents of mistakes by human and machine alike
Secret Service Presence Makes A Location Safer, Not Secure.
They’re world-class at physical protection (and a few other roles.) They’ll do RF-jamming, restrict nearby airspace, provide sniper cover, and other high-level tasks.
They’ll inspect the surrounding area for shooting positions and egress. Perhaps a hidden treehouse.
The Asymmetric Pineapple of Awesome Power
The Secret Service is not trained or responsible for defense against this device, which I explain below, although there is almost certainly a sub-team that handles presidential comms hardening in hotels, etc., while traveling.
Trump didn’t spend the night, and while I’m not familiar with perimeter security there, an expertly-upgraded device could have been drone-deployed during the chaos of preparation about 300 yards away, bottom right:
Or maybe near that convenient little access road on the left, capturing anything it could on the main route to the parking lot.
FAFO2, I guess?
Let’s hop to kinetic for a second though - everyone loves explosions. Asymmetric warfare is a long game.
Unauthorized, Likely Attack-Capable Drones Breaching Restricted Airspace
This is plausible. They haven't been dropping off payloads.
Air Force Gen. Mark Kelly told The Wall Street Journal that at least one of the drones was “roughly 20 feet long and flying at more than 100 miles an hour, at an altitude of roughly 3,000 to 4,000 feet. Other drones followed, one by one, sounding in the distance like a parade of lawn mowers.”
[Describing 2023 Langley AFB incident]
Everybody in aviation is struggling with stupid civilians flying their toy drones irresponsibly, but a 20-foot drone flying 100mph at that altitude featuring in a “parade” is exceedingly unlikely to be of civilian origin. The FAA prohibits shooting them down.
Nearly a year later:
[Oct 2024] The Department of Defense hasn’t figured out the source of the uncrewed aerial systems that flew over the base for 17 days in December 2023, breaking into restricted air space several times.
Langley is close to Quantico, and while of course Sec. SPOF has it handled, yeah yeah “classified”…
Unless General Guillot got his requested modern radar systems deployed way faster than his best-case-scenario of March 2026 -
Or, maybe they got some shiny new classified drone-jammers? Or something?
Nobody has figured this out.
Similar activity reappeared in Europe September 25, 2025, with multiple sightings throughout Denmark and Germany.
All Critical Assets Observed In-Transit
The rest of the world knows exactly who our higher-ranking officers are. The intelligence agencies have a dossier of their personality type, likes/dislikes, sexual orientation and preferences, and actively monitor to see if a vulnerability in their professional or personal life has emerged for them to exploit.
This is what intelligence agencies do. The CIA is scary-good. But so is the FSB, MSS, don’t think for a second the Israelis aren’t watching our every step, the Iranians are likely not as scary anymore, and guess what - our 5 Eyes and NATO allies are watching our every move, too.
This is normal. You simply can’t trust people.
But the world used to trust the United States.
Who Traveled, How
All generals and admirals 1-star rank or higher
All their senior advisers
Short notice; not every group had security and comms-support staff available
Adversaries knew exactly who was in this category
Some number of attendees likely forced to pass through civilian airspace
Zero reason provided despite availability of hardened comms gear
Likely multiple instances of hardened comms equipment broken/crashed + non-repairable in-transit
After several personnel purges:
May 2025: 20% of 4-star generals
Feb 2025: Firing the Joint Chief of Staff (formerly Air Force Chief of Staff) for not being white
10% general/flag officers globally cut, 20% National Guard
Very clear GTFO3 if female messaging
If you didn’t show up to this, I imagine you stood a good chance of losing your military pension.
Talk about financial waste.
Personal Devices In-Transit
Our military restricts the use of personal devices, but exactly how depends on an individual’s job role, whether they have a security clearance and if so, what kind, and more.
Well-established protocols exist for important meetings in-person, and remote. Amongst these are standards for classified meeting rooms called SCIFs (Sensitive Compartmented Information Facility (SCIF) or Special Access Program Facility (SAPF)), and fall entirely under DoD purview.
I am not a military-trained physical risk assessor, but common sense would dictate that a meeting of a far fewer number of 1-star generals would have invoked a need to gather in a comms-hardened SCIF facility.
My guess is that a SCIF facility big enough to hold everyone did not exist.
Here is what SPOF does not understand:
Data Is Now A Theater Of Warfare
This is one of the cyber theater’s biggest attack vectors, and it is always offensively engaged. It doesn’t matter what you say, or if you say anything at all. It doesn’t matter if your device is off. And it’s not just comms.
It’s simply being alive. Your body gives off a thermal signature. Your walking gait is a unique identifier. Your fitness tracker is a goldmine.
And That Was Before AI Agents Existed
We can assume that China has already deployed the most sophisticated AI agents currently possible, we can assume they are directly targeting our top-level military personnel, and not only are they collecting any and all data they can extract from their targets, they are contextualizing it with the data they already have.
Before long, a surveillance AI agent won’t simply know your deepest secret. They will be able to predict your behavior.
Newly divorced? Perhaps testing ethical polyamory before informing your spouse? You just met your soulmate on Tinder! They’re smashingly hot, share your values, and even grew up near your childhood home!
They can impersonate your brother, your sister, yes, of course they’re watching your mom. She’s taking care of your dog while you are away. The automatic pet feeder just broke. What do you think of this replacement on Amazon?
Gotcha.
And chances are, neither you nor your mom realize anything happened.
This is reality NOW. Here. Today.
It’s going to take a lot of awful things to happen before anyone can write a coherent manual on AI agent defensive protocols.
Given the above, was the facility holding some of our most precious minds adequately secured?
Looks like they collected devices. But if you’ve got a smartphone manufactured since 2023ish -
It never truly powers off. The data still flows, although your phone isn’t shrieking for its mother WiFi network.
Your Smartphone Has A Wi-Fi Anxiety Disorder
It constantly yells, “Are any of my old Wi-Fi networks here? Please reconnect me!”
“Wi-Fi! Panic attack! Wi-Fi!”
“Wiiiiiii-Fiiiiii!!!”
It does this every few seconds, for every network it remembers—hundreds of them, on any given device, on average.
Every second, every minute, that it is powered on.
This is how your phone connects to networks automatically. Via neurosis.
I worry for the AIs.
Enter The Pineapple
A Pineapple listens for those screams, pretends to be those networks, and your phone connects—silently, invisibly, and catastrophically. The prize is your WiFi password. (The kind of Pineapple I’m referring to broadcasts on multiple bands, not just WiFi.)
You won’t notice a thing, if you are a normal person unfamiliar with networking devices. Your adversary, however, has entered what I’ll term “God mode”. Very bad. They can simp\ly eavesdrop, or they can ruin your life. Their call.
Now, our military is sophisticated enough to consider even a state-actor-range-extended Pineapple about as threatening as a fly -
IF they have the equipment on hand to defend against it, and I’m sure that they brought plenty of Faraday bags, which are inexpensive pouches lined with a material that blocks the electromagnetic spectrum.
They know exactly what to do and wrote the manual on how to do it: burner phones, SCIF facilities, name it. But if the Secretary of Defense flunks/abdicates/ignores everything about what “protecting the troops” means, that’s not just immature irresponsibility.
Warrior ethos?
No.
Betrayal Ethos
The nation places enormous trust and responsibility on the shoulders of the Secretary of Defense. It is a role one will answer for on their deathbed.
I’m not a solider, but I’m pretty sure that when your life is on the line, you and your teammates keep each other alive. '“Having one’s back”, as they say. We all need support.
But as a soldier, without support - you die.
Pete Hegseth knows nothing of war, and nothing of support, either. A Secretary of Defense who only cares about performing on camera cannot whatsoever be trusted with the lives of millions. In a nuclear-armed nation…even the planet. You think it’s merely the President holding responsibility for a nuclear order?
In a time of war, who do you think is the advisor offering the counsel most likely to be followed?
Nobody Is Leading Federal Cyber Defense
If someone wants to chat about genuine emergencies: this.
Kash Patel has refused - in front of Congress, refused - to ID who is in charge here, likely because Ghost Cyber Tzar thinks nearly-EOL4 firewalls are DoD-grade security and that Christopher Krebs is an election-stealer.5
Big Balls is likely the best we have right now. Maybe some fancy CrowdStrike scripting, if we’re lucky.
Somebody lifted those DoD-level security controls for DOGE, and they did it FAST. You think anyone ever put them back?
Not to mention that when you go around indiscriminately unplugging legacy IT systems, you’re likely to initiate a failure cascade to a lot more systems than just those unplugged.
Often the only way to fix them is to replace them. If you even plan to.
We are more vulnerable to a cyberattack right now than we have ever been.
This is REALLY not the time.
All this blathering about “enemies”, as the world watches our nation implode, the bond market fracture, and our military being clearly prepped for a “war within”?
China has been around…10 times as long as we have. No need for the multiple Microsoft 0-days they're assuredly sitting on; for now they simply observe as we destroy ourselves.
The Enemy Within?
That would be the greed of ~400ish corporate board members who skipped the French Revolution chapter in high school.
The author writes pretty good enterprise risk assessments, with a lot of technical review.
“Fuck Around and Find Out.“
“Get The Fuck Out.“
“End of Life“. Equipment is no longer updated or supported by vendor. Fully obsolete.
Christopher Krebs is a former head head of CISA, a federal cybersecurity agency. Immediately after the 2020 election, a CISA website page was created to address election misinformation. Years later, he is now the subject of a baseless federal investigation, to the point of being on, the official White House site.