Aug. 26, 2025

Forging the Future of Cyber Defense in an Era of Change and Uncertainty: Introduction to Volume 10 Issue 1

The need for agile thinking, strategic clarity, and resilient infrastructures in the cyber domain has never been greater. This issue of The Cyber Defense Review brings together timely insights from senior military leaders, policy analysts, legal scholars, and emerging voices, each viewing through a unique lens the challenges and opportunities shaping the future of cyber defense. As the famous football coach Bill Walsh said, “if we are all thinking alike, then no one is thinking.”

Aug. 25, 2025

Lights Out: What Hurricanes Reveal about Cyberattacks and Blackouts

It is time to critically reassess the fear that a hostile state will launch a cyberattack on energy infrastructure to plunge a society into darkness and civil unrest. Not only has it never happened, but the component parts of the chain required in such a scenario are fragile. A lot must go wrong for an effort of that kind to achieve even partial success. This article offers an original contribution by examining the risk of cyberattack against the energy grid as a driver of civil unrest. In the absence of direct historical precedents, the analysis draws on adjacent cases from blackouts unrelated to cyberattacks to assess the potential societal impact of mass outages. While energy infrastructure remains a frequent target for cyberattacks, the existing security architecture has largely held, provided it continues to adapt. Persistent fear surrounding this threat may therefore misdirect resources and attention from more pressing security challenges.

Aug. 25, 2025

Fighting Through Disruption: Reframing Cyber Resilience for Power Projection and Strategic Credibility

Cyberattacks are often framed as discrete emergencies—events requiring swift, pre-planned recovery. Yet the geostrategic cyber threat is emergent and deeply embedded in the civilian infrastructure that underpins U.S. military operations. This paper argues for a dynamic conception of cyber resilience—not merely withstanding disruption, but fighting through it, adapting in contact, and sustaining initiative in a contested environment. Cyber resilience is a shared military-civilian challenge that often requires extending capacity from already degraded conditions (graceful extensibility) and adapting across multiple cycles of stress (sustained adaptability). Prevailing definitions, including the widely referenced National Institute of Standards and Technology (NIST) standard, treat resilience as a static, information technology (IT)-centric function focused on rebound and robustness. These commercial paradigms fall short in conflict conditions, where disruption is sustained, deliberate, and often combined with informational and/or kinetic effects. Drawing on the cases of China’s Volt Typhoon campaign, Ukraine’s cyber defense, and the Jack Voltaic exercises, this paper explores the operational stakes and the socio-technical character of cyber resilience. It critiques institutional fragmentation and outdated assumptions that undermine integrated defense at the civil-military seam. In light of persistent threats, cyber resilience is not a state, but a practice and a core operational capability—planned, exercised, and sustained.

Aug. 25, 2025

Toward Clarity in Cyber's "Fog of Law"

The international legal framework governing state-sponsored cyber operations remains in a state of pronounced ambiguity, reflecting both the technical novelty of cyber capabilities and prior deliberate strategic choices of States to prioritize flexibility over clarity. This article explores the persistent “fog of law” surrounding international law and norms relating to cyber operations and the structural and substantive barriers to developing clear legal norms in the cyber domain. This article first assesses the structural and technical bases for the underdevelopment of legal norms as to cyber operations, before turning to the static ambiguity present in the United States Department of Defense Law of War Manual (the “Manual”). The piece describes the growing misalignment between the “strategic ambiguity” present in the Manual and the shift toward persistent engagement and “defending forward” that has been adopted by the U.S. and its allies. The article urges recalibration of the U.S. and other states’ legal positions, most notably through a revision of the Manual’s cyber operations chapter. By advancing clearer legal boundaries and unilaterally clarifying state positions, the U.S. and others can promote the development of customary international law, enhance legal predictability, and better align legal policies with contemporary cyber strategies. Addressing deficiencies of existing norms will also facilitate the evolving alignment of international law with Western strategic interests and values.

Aug. 25, 2025

The Sword of Damocles: A Cybersecurity Paradigm Shift for the Defense of Critical Infrastructure

The decentralized nature of U.S. critical infrastructure, while an engine and source of enormous societal wealth, creates significant vulnerabilities. Systems and their defenders are unknowingly operating underneath a modern Sword of Damocles—a constant and catastrophic threat of disruption from sophisticated and persistent adversaries. Drawing a parallel to the defensive failures of the October 7th Attacks, this article demonstrates how current cybersecurity strategies, heavily reliant on probabilistic, detect-and-respond tools, have proven insufficient to secure the complex Operational Technology (OT) systems and vast supply chains at the core of this infrastructure. This article argues that the fundamental asymmetry between attacker and defender can only be redressed by a new defensive paradigm. By integrating scalable, deterministic, and fact based security methods with existing tools, defenders can enable automated, offense-for-defense capabilities. This approach, grounded in game theory, is the key to imposing tangible costs on adversaries in real time, finally allowing defenders to step out from under the sword and instead wield it.

Aug. 25, 2025

The Battlefield is not 'Over There' - It is Here, 24/7

Lieutenant General Jeth Rey is the Deputy Chief of Staff, G-6 of the United States Army. As a principal military advisor to the Chief of Staff of the Army and the Chief Information Officer (CIO), he is responsible for planning, strategy, network architecture, and implementation of Army command, control, computers, and communications (C4) systems. He also oversees cyber operations and networks for Army operations globally. In this ever-present, constantly evolving cyber battleground, the Army is relentlessly pursuing technological advantage by prioritizing capabilities such as the Electronic Warfare Planning and Management Tool (EWPMT), and by conducting realistic, demanding training and wargaming at all echelons and in joint environments. Maintaining the strategic high ground in the contested digital domain—which links Soldiers and battlefield sensors to command centers and weapons systems—requires a team effort. This includes leveraging the combined expertise of Soldiers, scientists, engineers, analysts, operators, and leaders across signal, cyber, and electronic warfare forces. A failure to build resilience, confidence, and trust hinders the accomplishment of the mission. If unprepared, commanders and lives are at risk when adversaries inevitably disrupt and deny access to the tools and spectrum upon which they depend. In a fight against a determined and sophisticated opponent, there is no certainty that these digital capabilities will always be accessible, here and now, in the most decisive moments of battle.

Aug. 25, 2025

A Conversation with the U.S. Army Chief Information Officer

Appointed Chief Information Officer (CIO) of the U.S. Army in July 2023, Mr. Leo Garciga sets the strategic direction for and oversees the execution of policies and programs for information resource management (IRM) and information technology (IT). His responsibilities include managing the Army's IT architecture, information sharing and cybersecurity policy, IT life cycle and resource management processes, and synchronizing the information enterprise. He is focused on accelerating digital transformation, redefining authority to operate (ATO) processes, and aligning the right problems with the right talent and technologies. In this conversation, Deborah S. Karagosian engages with Mr. Garciga on how IT and cyber policy serve as strategic levers that touch every part of the Army. He reflects on the need to optimize lethality, innovation, enterprise coherence, cost efficiency, and industry collaboration—while carefully managing operational and strategic risk. The discussion offers insight into how the Army is reimagining its cyber strategy to remain agile, secure, and mission-ready in a rapidly evolving digital environment.

Aug. 25, 2025

Southeast Asia: Where Facebook is the Internet

Since its inception in the first decade of the new millennium, Facebook has developed a vast audience and user base that propagates immense influence. The social media platform has proven to be a catalyst for significant social and political action. Its extensive global reach and its usefulness in communication and the dissemination of information have also made it a tool for government repression. This phenomenon is known as digital authoritarianism. Governments of authoritarian states around the world have widely co-opted the platform to exert control over their populations and gain leverage over adversaries. Especially in countries with poor digital literacy, Facebook is the internet itself. This analysis examines the methods used by the Southeast Asian governments of Malaysia, Vietnam, and Myanmar to utilize Facebook for digital authoritarianism, revealing a range of activities in the region. It also assesses Facebook's responses to co-optation by these governments and the effectiveness of using the platform as a tool for digital authoritarianism.

Dec. 19, 2024

Reimagining the Future

This Fall Edition of The Cyber Defense Review is largely influenced by the need for all of us to reimagine the future. How do we help create positions of relative advantage in competition while also preparing for future crisis and conflict? Reimagining the future requires our community to expand our thinking to understand more of the world around us and how our great power rivals are leveraging information, the electromagnetic spectrum, and cyberspace to build power. We hope the articles presented here increase your knowledge, expand your understanding, and make you think about how to compete and win in the future.

Dec. 19, 2024

The Need for a Cyber Smoke Screen: A Tactical Action that Instantly Becomes Strategic in an All-Domain Operation

Battle space is increasingly transparent. This transparency includes not only electronic signatures but also other actors in the environment. Cell phones today make the movement of military troops and equipment particularly problematic. In order to safely maneuver on the future battlefield, this article proposes the development of a cyber smoke screen. Unfortunately, such a smoke screen, while defensive in nature, would require temporary disruption of local internet and cellular access, thereby bringing this essential defensive maneuver under offensive cyber operations, which implicates both strategic and moral concerns.