Geopolitics, Hybrid Threats
& Strategic Intelligence
Japan Centralizes Its Intelligence Services — Takaichi Strengthens Strategic Intelligence and Prepares the Expansion of Operational Capabilities
15. Juli 2026
Richard Krauss
Key Assessment
Japan is undertaking the most extensive restructuring of its intelligence architecture since the end of the Second World War. On 27 May 2026, the National Diet passed legislation establishing a National Intelligence Council. At the same time, the existing Cabinet Intelligence and Research Office will be expanded into a higher-ranking central intelligence body within the Cabinet Secretariat. Prime Minister Sanae Takaichi will chair the new council, giving her direct access to a formally strengthened national intelligence and assessment organization.
The reform initially centralizes political direction, the definition of national intelligence priorities, interagency information exchange and strategic all-source assessment. The Ministry of Foreign Affairs, Ministry of Defense, police, Public Security Intelligence Agency and other authorities will remain organizationally independent. They will, however, be placed under stronger obligations to provide intelligence in accordance with centrally defined requirements.
The new structure does not yet create an independent operational foreign intelligence service comparable to the CIA or the British Secret Intelligence Service. The immediate capability gain lies in coordination, assessment and intelligence support to the political leadership. Japan’s limited HUMINT capacity will therefore remain in place for the time being.
Takaichi has described the new system as the first step in a broader intelligence reform. Further measures include a national intelligence strategy, the expansion of counterintelligence, legislation against foreign intelligence and influence activities, and the possible establishment of an independent foreign intelligence service.
The principal risk lies in the institutional asymmetry between stronger executive authority and limited independent oversight. Japan is creating more binding leadership, coordination and information-access powers without simultaneously establishing a parliamentary intelligence oversight system comparable to those maintained by established Western democracies.
Russian FSB Operation Against Routers and Network Devices: Strategic Access to Critical Infrastructure
14. Juli 2026
Richard Krauss
Key Finding
Western cyber and intelligence authorities warn of an ongoing global operation targeting routers, switches and other network components. The activity is attributed to Russia’s FSB Center 16. The unit combines cross-border signals intelligence with technical network reconnaissance and long-term access operations.
The campaign focuses on devices whose management services are exposed to the internet, whose firmware contains known vulnerabilities or whose administrative protocols lack modern authentication and encryption. The operators extract device configurations, reconstruct internal network structures and establish access for subsequent espionage operations.
The technical core of the operation is an attack chain based on the Simple Network Management Protocol and unsecured file-transfer services. Center 16 searches for devices that respond to known or weak community strings such as “public” and “private.” “Public” is conventionally used for read access. Manipulation of a device configuration requires a write community with modification privileges, frequently using the default value “private.” Through an SNMP Set Request, the target device can be instructed to transfer its configuration to an external TFTP server or a compromised FTP server.
The exfiltrated files may contain internal address ranges, routing relationships, administrator accounts, VPN parameters, additional community strings and information on connected systems. Observed filenames such as “config.bkp” and “output.txt” constitute concrete indicators for log analysis and threat hunting.
No complete list of affected models is available. Exposure depends on the software version, device configuration, enabled services and external accessibility. Within Cisco environments, particular attention should be given to older Catalyst platforms supporting Smart Install and to devices outside the manufacturer’s support lifecycle. Current German home routers have not been identified as specific target models of the operation.
The operation is of elevated relevance to Germany. Explicitly identified target sectors include communications infrastructure, the defence industry, energy, finance, government institutions and healthcare. Additional technical reporting indicates activity against telecommunications companies, universities and manufacturing. Risks to logistics, transport and research arise from the structure of German infrastructure and should be assessed as a national risk inference.
Reform von Nachrichtendienstrecht und IFG: Ausweitung exekutiver Befugnisse bei gleichzeitiger Einschränkung der Informationsfreiheit - Parallelen zum Patriots Act?
13. Juli 2026
Richard Krauss
Das Wichtigste in 30 Sekunden
Der Referentenentwurf zur Reform des Nachrichtendienstrechts erweitert die technische, analytische und operative Reichweite von Bundesnachrichtendienst und Bundesamt für Verfassungsschutz. Vorgesehen sind eine umfassendere automatisierte Datenauswertung, weiterentwickelte Befugnisse zur strategischen Fernmeldeaufklärung und aktive Maßnahmen gegen technische oder operative Strukturen gegnerischer Akteure. Ein wesentlicher Teil der Reform setzt verbindliche Vorgaben des Bundesverfassungsgerichts um. Die Übergangsfrist für die beanstandeten Vorschriften endet am 31. Dezember 2026.
Die angekündigte Neufassung des Informationsfreiheitsgesetzes könnte den bislang voraussetzungslosen Zugang zu amtlichen Informationen auf natürliche Personen mit berechtigtem Interesse begrenzen. Weitere Eckpunkte betreffen den Wohnsitz oder die Staatsangehörigkeit der Antragsteller, zusätzliche Schutzbereiche und eine stärkere Ausrichtung der Gebühren am Verwaltungsaufwand. Betroffen wären vor allem journalistische Recherche, wissenschaftliche Analyse und zivilgesellschaftliche Kontrolle.
Der Nachrichtendienstentwurf enthält zugleich eine Neuordnung der Aufsicht. Der seit 2022 tätige Unabhängige Kontrollrat soll zusätzliche Zuständigkeiten erhalten. Seine Wirksamkeit hängt von personeller Stärke, technischer Expertise, unmittelbarem Systemzugang und durchsetzbaren Prüfungsrechten ab.
Beide Vorhaben bilden kein gemeinsames Gesetzespaket. Werden die operativen Nachrichtendienstbefugnisse weitgehend verabschiedet und die angekündigten IFG-Hürden umgesetzt, vergrößert sich voraussichtlich der strukturelle Informationsvorsprung der Bundesexekutive.
Deutschlands Nachrichtendienste vor dem Systemwechsel
12. Juli 2026
Richard Krauss
Kernbefund
Der Referentenentwurf zur Reform des Nachrichtendienstrechts verändert die gesetzliche Stellung des Bundesamtes für Verfassungsschutz und des Bundesnachrichtendienstes grundlegend. Beide Dienste sollen Bedrohungen weiterhin aufklären und analysieren, künftig jedoch zusätzlich selbst auf bestimmte Gefährdungsabläufe einwirken können.
Die Entwurfsbegründung bezeichnet diese Erweiterung als begrenzte Interventionsbefugnisse beziehungsweise als aktive Schutzmaßnahmen. In der öffentlichen und fachpolitischen Debatte werden sie überwiegend unter dem Begriff aktive Maßnahmen zusammengefasst.
Der Instrumentenkatalog umfasst Telekommunikationsüberwachung, biometrische Identifizierung, Zugriffe auf private informationstechnische Systeme, automatisierte Datenanalysen sowie technische Einwirkungen auf laufende Cyberoperationen. Vorgesehen sind außerdem Maßnahmen, durch die Datenströme verändert, Angriffsinfrastrukturen beeinträchtigt oder beteiligte Akteure gezielt fehlgeleitet werden können.
Private Unternehmen werden unter den gesetzlichen Voraussetzungen zur Auskunft, Datenübermittlung, technischen Unterstützung und Geheimhaltung verpflichtet. Betroffen sind unter anderem Telekommunikationsanbieter, Verkehrsbetriebe, Finanzdienstleister, Fahrzeughersteller, Werkstätten, Hostinganbieter und Betreiber von Videoüberwachungsanlagen.
Das Bundesamt für Sicherheit in der Informationstechnik soll technische Erkenntnisse über Cyberangriffe und Sicherheitslücken frühzeitig an den BND weitergeben. Damit entsteht eine engere Verbindung zwischen defensiver Cybersicherheit und nachrichtendienstlicher Nutzung technischer Schwachstellen.
Die operative Rechts- und Datenschutzkontrolle wird beim Unabhängigen Kontrollrat konzentriert. Die G-10-Kommission soll entfallen. Der Entwurf reagiert damit auf Vorgaben des Bundesverfassungsgerichts, erweitert zugleich jedoch Reichweite und operative Wirkung der Nachrichtendienste.
Germany: AfD Resonance Spaces, Extremist Linkages and Escalation Indicators
5. Juli 2026
Richard Krauss
Key Findings
Germany’s right-wing extremist threat environment combines a large extremist personnel base, sustained violence orientation, digitally accelerated mobilisation and regionally capable political-extremist linkage spaces.
The right-wing extremist spectrum comprised 58,700 persons in 2025. Of these, 15,600 were assessed as violence-oriented. Authorities recorded 36,951 offences with a right-wing extremist background, including 1,395 violent offences.
The AfD’s nationwide parliamentary, organisational and digital presence creates a politically relevant resonance environment in which narratives can gain wider visibility and may be adopted, intensified or operationalised by actors in the broader right-wing extremist spectrum.
The decisive operational requirement is the early identification of regional convergence zones where political visibility, extremist networks, digital amplification, local mobilisation capacity and concrete intimidation or violence indicators coincide.
NATO Summit Ankara 2026: European Burden Assumption Under Continued US Strategic Dependence
5. Juli 2026
Richard Krauss
The Essentials in 30 Seconds
The NATO Summit in Ankara on 7–8 July 2026 will formalise a revised Alliance burden architecture. The United States is expected to reaffirm its commitment to Article 5 while reducing selected conventional capability allocations within the NATO Force Model.
European Allies and Canada have largely compensated for the immediate shortfalls through additional force contributions, readiness measures and alternative capability packages. The remaining high-value gaps concern strategic bombers, air-to-air refuelling, persistent ISR, maritime long-range surveillance, carrier-based naval power, sea-based long-range strike and rapid global reinforcement.
The summit will assess whether European defence expenditure can be converted into deployable formations, ammunition production, air and missile defence, command-and-control resilience, military mobility and industrial regeneration capacity.
The central operational issue is the gap between political reassurance and force availability. Article 5 remains the political foundation of collective defence. European readiness, industrial output and sustainment capacity determine the Alliance’s ability to manage simultaneous pressure in Europe, the Middle East and the Indo-Pacific.
Iran, Terrorist Organizations, Israel, USA, and Gulf Partners - Military and Intelligence Situation Assessment
4. Juli 2026
Richard Krauss
Core Findings
The situation between Iran, Israel, the United States, and the Arab Gulf states is not a stable ceasefire, but a limited escalation regime carrying a high risk of relapse. De-escalation efforts rest on the Memorandum of Understanding signed in Islamabad, which establishes a 60-day window for a comprehensive agreement. Two weeks into this window, both sides continue to dispute the interpretation of the signed MOU, making a failure of the initial agreement currently appear more likely than a final settlement. Additionally, a one-week temporary truce is in place for the Strait of Hormuz; renewed clashes remain highly possible immediately after July 4.
Two structural factors dominate the negotiation landscape. First, Iran has institutionalized its claims over the Strait of Hormuz through the newly created Persian Gulf Strait Authority (PGSA). Teheran is operating a de facto transit regime featuring approved corridors, mandatory coordination with the IRGC Navy, and transit fees. Second, following the death of Supreme Leader Ali Khamenei, Iran is undergoing a leadership succession phase. Mourning ceremonies are scheduled from July 4 to July 9, and the next negotiation meeting has been postponed until their conclusion. This succession represents the primary variable affecting Iran's negotiation mandate, escalation discipline, and the internal cohesion of the Revolutionary Guards.
Militarily, Iran remains weakened—US strikes have repeatedly degraded its missile, drone, and coastal radar capabilities according to CENTCOM reports—yet strategically operational. Teheran's operational impact stems from its capacity to project power across multiple theaters simultaneously: the maritime domain (Hormuz, Persian Gulf, Red Sea), ground fronts (Northern Israel, Southern Lebanon, Iraq, Syria), the Gulf monarchies hosting US forces, and critical digital infrastructure. Israel and the United States maintain clear advantages in air power, ISR (Intelligence, Surveillance, and Reconnaissance), target development, precision strikes, missile defense, and maritime projection. While this superiority is sufficient to repeatedly degrade Iranian infrastructure, it fails to permanently deter Iran from maritime coercion, missile reconstitution, cyber operations, or supporting terrorist and other armed proxies.
Russian Forces in Ukraine: Exploitable Weaknesses and Counter-Approaches
3. Juli 2026
Richard Krauss
Key Judgment
Russian forces have measurably expanded their capacity for tactical adaptation since 2024, yet highly likely continue to fail at converting tactical penetrations into operational breakthroughs. From this discrepancy, eight exploitable weakness complexes emerge: the unprotected consolidation phase following infiltrations, the predictability of reconnaissance-by-force, the dependence of small assault groups on rearward connectivity, the incomplete handoffs within combined arms operations, the concentration of key personnel in centralized drone structures, the channeling of movement corridors, the exposed tactical supply chain, and the recognizable operating pattern of the glide bomb campaign. None of these complexes requires new major weapon systems to exploit; all counter-approaches rest on available means whose effect derives from prioritization and temporal compression.
Methodology and limitations: This assessment draws exclusively on open sources (RUSI, CSIS, ISW, Jamestown Foundation). Reliable Russian casualty and inventory figures are not available. Probability statements follow the scale: almost certain – highly likely – likely – possible.
Switzerland: Drone Formation Over Military Facility Exposes Low-Altitude Protection Gap
1. Juli 2026
Richard Krauss
Key Finding
Several unidentified drones flew in formation over a Swiss military facility. The location, time, platform type, control point and operators remain undisclosed. The military character of the protected site has been confirmed.
Tactical pre-operational reconnaissance aimed at testing detection, alarm procedures and response times is likely. An imminent sabotage or attack operation is not substantiated. There are no reliable technical or forensic indicators supporting attribution to a state actor or intelligence service.
The Chief of the Armed Forces announced a review of the existing catalogue of critical infrastructure. The Armed Forces are now recording drone sightings systematically and are examining a flight-restricted zone above the affected facility. Until integrated Counter-UAS systems are available more widely, passive protection remains the most immediately effective measure.
Germany in the Crosshairs of Hybrid Operations
30. Juni 2026
Richard Krauss
The Essentials in 30 Seconds
Russia treats Germany as an intelligence, influence and potential disruption environment. Military logistics, defence industry, transport, energy, digital infrastructure and political decision-making are priority target sets.
The 2025 constitutional protection report documents sabotage preparation against transport infrastructure, reconnaissance of military-relevant routes and persistent cyber access. It also identifies the use of low-level agents as a Russian operating pattern. Russian direction of extremist actors in Germany for sabotage has not been proven.
China pursues long-term strategic acquisition and influence activity against technology, research, industry and political target structures. Iran is intensifying surveillance and repression against the exile opposition, Jewish and Israeli institutions, and US-linked targets.
- 8Page 1
