banner
dmitri.silverado.org
Dmitri Alperovitch
@dmitri.silverado.org
29K followers 870 following 530 posts
Geopolitics, Russia, China, Cyber Chairman @silverado.org Author of WorldOnTheBrink.com Host GeopoliticsDecanted.com podcast Founder Alperovitch Institute for Cybersecurity Studies at Johns Hopkins SAIS Co-Founder CrowdStrike @DAlperovitch elsewhere
Posts Media Videos Starter Packs
Pinned
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Nov 23
Very proud to have my #WorldOnTheBrink with @vermontgmg.bsky.social named as one of the best books of 2024 by the @economist.com!
www.economist.com/culture/2024...
18 20 250
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Aug 26
I haven’t. What do you think has changed primarily?
1
Reposted by Dmitri Alperovitch
hvanderaxe.bsky.social
Hidde van der Bijl @hvanderaxe.bsky.social · Aug 15
Very interesting podcast by @dmitri.silverado.org why drones are a useful addition to the European military but shouldn't be the main focus for investment in building our military capabilities.
Why Drones Can’t Replace Traditional Firepower
Geopolitics Decanted by Silverado · Episode
open.spotify.com
1 3 11
Reposted by Dmitri Alperovitch
andreashopf.bsky.social
Andreas Hopf 🇩🇪 🇨🇭 🇬🇧 🇸🇪 @andreashopf.bsky.social · Aug 11
Great discussion with @justin-br0nk.bsky.social and @dmitri.silverado.org about the "drone panacea myth".

See also the RUSI article www.rusi.org/explore-our-...
Why Drones Can’t Replace Traditional Firepower
Podcast-Folge · Geopolitics Decanted by Silverado · 05.08.2025 · 49 Min.
podcasts.apple.com
4 19
Reposted by Dmitri Alperovitch
profjwdavidson.bsky.social
Jason Davidson @profjwdavidson.bsky.social · Aug 6
I found this discussion between @dmitri.silverado.org and @justin-br0nk.bsky.social on the limitations of drones to be very useful. podcasts.apple.com/us/podcast/g...
Geopolitics Decanted by Silverado
News Commentary Podcast · Geopolitics Decanted is a podcast featuring geopolitical analysis and in-depth expert interviews on topics ranging from War in Ukraine, Great Power Competition with China, ch...
podcasts.apple.com
1 16
Reposted by Dmitri Alperovitch
zathras5.bsky.social
Joseph Britt @zathras5.bsky.social · Aug 6
Justin Bronk — @justin-br0nk.bsky.social — is a keen observer of military affairs. Talking with @dmitri.silverado.org, he challenges the view that Ukraine’s success with UAVs against Russia is a model for what the US and other western nations should focus on. podcasts.apple.com/us/podcast/g...
Why Drones Can’t Replace Traditional Firepower
Podcast Episode · Geopolitics Decanted by Silverado · 08/05/2025 · 49m
podcasts.apple.com
2 4 23
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Aug 5
Hopefully we made it clear on the podcast!
1 1
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Aug 5
Link to @justin-br0nk.bsky.social article 👇
www.rusi.org/explore-our-...
NATO Should Not Replace Traditional Firepower with ‘Drones’
Over-reliance on uncrewed aerial systems or ‘drones’ is leading to significant problems for the Armed Forces of Ukraine, and is not something Western militaries should attempt to replicate
www.rusi.org
3 21
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Aug 5
Why Drones Can’t Replace Traditional Firepower

My @GeopolDecanted discussion with @justin-br0nk.bsky.social about his recent provocative @rusi.bsky.social piece on this topic.

We also discuss efficacy of Ukrainian F-16s, Operation SpiderWeb and much more. Watch 👇

youtu.be/ykLIH2kY1U8
Why Drones Can’t Replace Traditional Firepower
YouTube video by Dmitri Alperovitch
youtu.be
3 17 75
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
The key is to keep the implementation as simple as possible (attestation via Intel Trust Authority or mTLS) and not include poison pills like kill switches and geofencing that would make this unworkable and too onerous for end-users and chip designers alike

END
1 12
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
Through this lens, the Chip Security Act or similar solutions would help accomplish the goal of identifying export control violators with minimal overhead to AI chip companies and exporters
1 8
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
The goal here would not be to identify and stop every AI chip export violation but to collect additional data that might help identify export control violators
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
In another scenario, if you have a customer that has purchased tens of thousands of AI chips which are not reporting in every month (accounting for typical chip failure rates, etc), it is also grounds for a BIS investigation of an importer
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
A typical hop between eg Shanghai and Singapore will add 40-300ms of consistent latency which can be easily detected. This would then be a clue for BIS to investigate further
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
To mitigate against this, the exporter's webserver can measure round trip time (RTT) for packets inside the mTLS connection and then compare it to pings to the IP from which the connection is originating
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
Of course, this is not full-proof. Chinese companies can purchase AI chips through shell companies elsewhere, reship the chips to China and then proxy their mTLS connections through VPNs and proxies in countries where the shell companies are based
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
Another way to accomplish this might to be use existing Intel Trust Authority for GPU remote attestation architecture that Intel and Nvidia have partnered on but that creates a requirement to use Intel CPUs, which may not be ideal in every case docs.trustauthority.intel.com/main/article...
GPU Remote Attestation With Intel® Trust Authority | Intel® Tiber™ Trust Authority
Learn about the Intel® Trust Authority Python Client, CLI for Intel TDX and NVIDIA GPU, and Intel Trust Authority REST API that support GPU attestation.
docs.trustauthority.intel.com
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
GPU drivers can already do mTLS handshake operations like ECDSA signing, so this doesn’t even require any new code from the chip designers
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
The connection can be trivially initiated via a simple script from other parts of the environment where the AI chip is deployed, but just talk to the GPU driver for handshake initiation/client key exchange with the EXPORT_CERT. This minimizes the technical reqs for AI chips
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
The mTLS connection would not originate from the chip itself. In fact, it doesn’t even have to originate from the server that the chip is in
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
So if a chip is being sold to a data center in Singapore but the connection originates from an IP address in China (or anywhere else), well, that means you might have a potential transshipment on your hands that warrants BIS investigation
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
The US exporter would then have the country from where the secure mTLS conn is originating from and match it against the customer KYC and export info data that they had been collected during the export process to determine whether country of shipment matches country of use
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
US exporters would run mTLS webservers with public key versions of the EXPORT_CERTs loaded on them (they would get them from the chip designers) to record the IP addresses and their geolocation from where the connections are originating
1 1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
Foreign end-users (wouldn’t apply to US customers or perhaps to trusted foreign govs) would then be obligated by BIS to use this cert for mTLS (mutual-auth) Client Key Exchange connection generation to the US exporter of the chip on a periodic basis (ex. once a week/month)
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
New AI chips going forward can incorporate a new certificate with a private key (EXPORT_CERT) in their Secure Enclave (they already have other certs for secure boot/attestation). So this is a very simple task
1 2
dmitri.silverado.org
Dmitri Alperovitch @dmitri.silverado.org · Jul 16
Here is one technical solution for chip location verification that can be easily implemented by AI chip designers, which is not onerous and won’t require GPS receivers or comms functionality inside the chip or significantly restrict its use in air gap environments👇
1 2