DOMINIC VENTIMIGLIA and JARRETT LANE were teammates in the Middle East over ten years ago. Dom retired from the U.S. Army Special Forces as a Chief Warrant Officer 5 and is now a Principal at Squadra Ventures. Jarrett is Chair and Co-Founder of the N.C. Critical Technologies Alliance.

At the height of the war with Iran, the regime systematically struck U.S. military radars, communications infrastructure, air-defense systems, and other assets across the Middle East with low-cost drones — basically cheap missiles and flying improvised explosive devices. Seemingly surprised by the Iranians’ response, the U.S. military moved THAAD systems and Patriot batteries from the Indo-Pacific into the Middle East to guard against these relentless drone attacks. The United States and its partners in the region quickly depleted their supplies of expensive, hard-to-produce munitions to shoot down cheap Iranian drones.

A common refrain at the moment is that the U.S. military failed to learn lessons from the Russia-Ukraine war, as if drones did not emerge as a real threat until the last four years. It is hard to excuse the Department’s slow reaction to the innovations in drone warfare the world has witnessed since the Russia-Ukraine war started in 2022. However, focusing on the failures to learn from Ukraine actually gives the Department too much benefit of the doubt.

In reality, commercial, improvised, and low-cost kamikaze drones were a known threat long before Russia and Ukraine began using them. Iran has prioritized its drone program as a core component of its asymmetric military strategy since at least the 1980s. The Shahed has been part of Iran’s drone fleet since 2012, and Iran has used kamikaze drones since at least 2015. ISIS weaponized commercial drones across the Middle East, including against U.S. forces.

While assigned to the U.S. Central Command between 2015 and 2017, we saw first-hand the threats drones posed to U.S. servicemembers and critical assets across the Middle East. Our mission was to simulate attacks by adversarial special operations elements to test the security and resilience of U.S. military installations and critical infrastructure. We applied known and emergent adversarial tactics and imagined potential new tactics to identify courses of action that an enemy might realistically pursue. Drones quickly became one of our go-to tools.

Unfortunately, many were slow to appreciate the threat this new tool posed. In our experience, the idea of using cheap drones to degrade or dismantle critical capabilities was typically met with one of three responses. The first was incredulity. To some, drone attacks posed a nominal force protection problem because they were crude and usually unsuccessful. There was little appreciation that new forms of warfare usually begin crudely. The second response was dismissal. Drones could be easily dealt with by shooting them down or taking out the operators. The third response was acknowledgement that drones were a problem—but that they were somebody else’s problem to solve.

To be clear, our experience was not unique. We are far from the only people who anticipated the drone threat and called attention to it. At the time, the Joint Improvised-Threat Defeat Organization, or “JIDO,” which operated under the Defense Threat Reduction Agency, was working with “a sense of urgency” to field counter-UAS capabilities.

And yet, here we are: Iran successfully targeted the backbone of the U.S. military’s operational capabilities across the Middle East. As Iran moved up its escalation ladder, commercially-owned infrastructure that the U.S. military may use in the region was also targeted. Though more Iranian drones have been intercepted than not, as one outlet reported, the number of successful drone strikes on U.S. military assets and infrastructure reveals “a pattern of inadequate protection for strategic locations.” The U.S. military’s unpreparedness is particularly troubling when one considers that Iran’s response represents just a fraction of what China could employ to disrupt and degrade mission-essential capabilities.

Such unpreparedness is not just an operational failure; it is the symptom of systemic breakdowns in policy, process, and programs that should be helping the Department get ahead of threats and field appropriate solutions. While fielding counter-UAS solutions is critical, addressing the systemic challenges must be done, too, for the Department to not get caught flat-footed by new threats again. Drawing from our own experience, we have a few recommendations to offer and thoughts on what else is to come.

Feedback loops from rigorous exercises and red teaming can help the Department foresee threats and proactively develop solutions.

The wars in Ukraine and Iran should create a sense of urgency within the Department to build, scale, and institutionalize mechanisms to identify new threats from the tactical edge, rapidly iterate solutions, and push them into the field. These mechanisms should extend beyond just capturing lessons from troops in contact. Exercises that meaningfully stress-test operational proficiency, resilience, and adaptability — as opposed to running exercises focused on relationships and posturing — can help expose weaknesses and threats. Those exercises must also be integrated with acquisition processes. An after-action report isn’t good enough — senior leaders almost never read them. Acquisition executives and technical experts should take a front-row seat as observers in these exercises to see for themselves the problems that need solving. First-hand understanding can help leaders drive top-down decisions through the Pentagon’s bureaucracy about how to get ahead of emerging requirements and threats.

The Department should also revitalize and expand red-teaming functions to expose vulnerabilities in multiple domains. One hub of such activity, the Army’s Asymmetric Warfare Group (AWG), was shuttered in 2021 despite its successes. The AWG provided advice and support to Army commanders at the tactical and operational levels. It was celebrated for its work developing solutions to threats like IEDs. The AWG was geared more for the age of counterterrorism than great-power competition. Yet the decision to close the AWG instead of updating its mission implies an assumption that countries like China and Russia would not wage asymmetric warfare against the United States and our allies and partners. This assumption could not be more wrong.

The wars in Ukraine and Iran show that dismantling the AWG was a mistake. Further, asymmetric warfare isn’t just kinetic: China and Russia are doubling down on other methods, including cognitive warfare, precisely because of its asymmetric advantages. To the authors’ knowledge, nothing has functionally replaced the AWG. The Department should reconstitute the AWG, or some variation of it, with a remit that reflects the fact that asymmetric warfare is not just the tool of violent extremists; it’s an increasingly sophisticated, multi-dimensional discipline used daily by our most capable adversaries.

Further, the multi-domain nature of asymmetric threats from our adversaries requires a joint perspective, not just solutions through the lens of one Service. The Department should also think anew about how to use red teaming to map and understand interdependencies of critical assets and networks — military and commercial alike — so it can make informed investments into protection measures and build the redundancy needed for the modern threat environment.

The qualities and experience of the personnel that comprise a joint AWG 2.0, or similar red-teaming functions, are essential to the organizations’ efficacy. The teams should be capable of thinking creatively and should be empowered to do so. They should draw on skill sets from special operations, the intelligence community, social engineering (e.g., social media expertise), and engineering and product development (e.g., rapid prototyping).

Finally, as with exercises, robust feedback loops are foundational to the red teams’ ultimate success. For the Department to gain real value out of red-teaming activities, feedback loops must inform institutional learning and strategic decision-making. Learnings should not just inform protection measures or tactics at the unit, installation, or theater level. Rather, learnings need to translate into new resources, updated theater and global-level contingency plans, and even training and doctrinal revisions.

One potential approach to bridge the gap between red teams’ operational and tactical learnings and strategic decisionmaking is to directly involve elements of the Office of the Secretary of Defense (e.g., Strategy, Plans, and Forces) or the Joint Staff. For example, OSD or the Joint Staff could provide direction on what vulnerabilities they want tested. They could also be the primary consumers of red teaming results.

Translating learning from partners and technical experts into action will be critical to stay ahead of future threats.

Despite Ukrainians’ clear expertise in drone production, drone operations, and counter-drone capabilities, the U.S. government was slow to accept help from Ukraine, even as Iranian drones began striking assets across the Middle East. The United States ultimately made the right call by welcoming Ukrainian drone experts to help protect military bases in the Middle East. These sorts of cooperative efforts and knowledge exchanges should be encouraged going forward. Learning from allies and partners — especially those with first-hand experience of new threats, technologies, and tactics — will be crucial for the U.S. military to stay ahead of emergent challenges.

Ongoing changes to the Department’s security cooperation enterprise present an opportunity to improve our own learning from allies and partners. Aligning the Defense Security Cooperation Agency—the organization responsible for arms transfers—to the Undersecretary of Defense for Acquisition and Sustainment could create a clearer through-line for learnings from allies and partners to the Department’s acquisition leadership.

The Department should also send teams to interface with allies and partners explicitly for the purpose of gleaning and exchanging lessons learned. To date, very few personnel have been assigned to systematically learn from Ukraine. U.S. military personnel assigned to embassies have an important role to play in helping facilitate learning from allies and partners, but these personnel are already task saturated promoting weapons sales, facilitating combined training, and more.

Drones abroad are just the start. The United States is vulnerable at home and new threats are rapidly emerging.

Drone threats will continue to spread and intensify. Without serious attention to domestic counter-UAS policies and solutions, the United States remains vulnerable to an Operation Spiderweb-esque event here at home. A recent incident in which waves of jam-resistant drones reportedly flew over Barksdale Air Force base show just how far the government still has to go in developing a coherent counter-drone strategy and response options.

The threat is not just purpose-built military drones. Commercial off-the-shelf drones and drones custom-built with commercial components pose a serious danger, too. For example, Houthis are using commercial micro-jet engines to build fast drones with significant range. And drones are just one example of how commercially available technologies pose a serious threat.

While the Department is still adjusting to using commercial off-the-shelf solutions, adversaries, violent extremist organizations, and criminal groups are using them with greater and greater effect. Electronic warfare technologies are increasingly available on the open market. Criminal organizations are already using signal scramblers and GPS jammers to disrupt law-enforcement communications. For a few hundred dollars, just about anybody can buy the necessary parts to build a crude anti-aircraft missile or shoulder-fired rocket. Autonomous and semi-autonomous systems, including robotics and maritime systems, will increasingly threaten U.S. military personnel and assets, as well as commercial infrastructure like ports, power generation, and oil and gas. Biological threats, including weapons concocted in illegal labs here in the United States, could be used to infect human populations or agriculture.

Artificial intelligence will amplify the threat by making the production and coordination of these technologies easier. For example, consider human-machine integration. Imagine human operators seamlessly interfacing with swarms of drones and robotic systems — commanded with nothing more than thought — using widely-available technologies. It sounds like science fiction, but it is coming. Three years ago, the IEEE published an article covering how the costs of “open-source neuroscience hardware” are coming down. Expect that trend to continue.

Sticking with human-machine integration as an example, the Department should be collaborating with technical experts in startups and universities to red-team scrappy human-machine systems built using only commercial off-the-shelf and open-source technologies. Operational experts in the special operations community, for instance, can apply their know-how to imagine new types of complex attacks or battlefield awareness systems.

The Department should learn from its drone failures to avoid future surprises.

The ultimate lesson is not simply about drones. It is about a system that struggles to recognize, prioritize, and act on emerging threats before they scale. Fixing that system, not just fielding the next countermeasure, is what will determine whether the United States can compete in an era defined by rapid, asymmetric innovation. Re-investing in teams and programs to forecast future threats and, most importantly, listening to and acting on the expertise of others, can go a long way toward making sure the Department isn’t caught flat-footed by the next threat.

The next disruption is already taking shape; it will not wait for us to catch up.