May 26, 2026

From Bytes to Satellites: Improving U.S. Joint Force All-Source Intelligence To Counter The PLA Cyberspace Force Threat

This paper applies the ends, ways, and means framework to analyze the cyberspace threat posed by the People’s Republic of China (PRC) and discuss the U.S. Joint Force’s defensive response posture. First, it examines how the PRC's goals of national rejuvenation and security are pursued through the People's Liberation Army's conduct of system destruction warfare, executed by a well-resourced Cyberspace Force. To counter this persistent threat to U.S. force projection, the Joint Force must adopt a coherent and proactive defensive strategy. The paper argues that U.S. defensive objectives must focus on identifying and securing key cyber terrain and mission-critical dependencies through the standardized use of existing cyber intelligence frameworks by all-source intelligence analysts. Operationally, this can help network defenders transition from reactive incident response to predictive, threat-driven defense. To do so, the Joint Force should institutionalize its cyber intelligence capabilities by establishing dedicated cyber career pathways and mandating advanced tradecraft training for all-source analysts. By leveraging predictive all-source intelligence to enhance cyber operations, the U.S. military can mitigate risks, maintain freedom of action in contested environments, and secure the information domain against advanced state-sponsored adversaries.

May 26, 2026

Exhaust, Don’t Deter: Ukraine’s Lessons for Allied Strategy Against Russia in Cyberspace

Russian cyber operations have persisted for more than a decade not because they are decisive, but because cyberspace rewards continuous campaigning below the threshold of armed conflict. Drawing on Ukraine’s frontline experience under sustained hybrid aggression, this Senior Leader Perspective argues that the prevailing Western emphasis on cyber deterrence fundamentally misreads the nature of the domain. Russia’s cyber activity is not a discrete series of attacks that can be prevented through threatened retaliation; it is a permanent instrument of statecraft designed to generate cumulative strategic pressure over time. The essay contends that the appropriate strategic objective is therefore not deterrence, but exhaustion. Rather than attempting to convince Russia to stop campaigning, Ukraine and its allies should seek to impose sustained operational and resource costs that gradually erode Russia’s capacity to conduct concurrent cyber and hybrid operations across multiple fronts. The argument builds on concepts of persistent engagement, defend forward, and cyber persistence theory, while grounding them in Ukraine’s operational experience during the full-scale war. Ultimately, the author proposes a coalition strategy centered on continuous defensive and offensive cyber pressure designed to force Russia to divert finite cyber resources toward self-defense, thereby weakening the cyber support structure that underpins Russian military operations and long-term hybrid aggression.

May 22, 2026

The Missing Grammar of Cyber Operations: Toward a Theory of Cyber Operational Art

Cyber operations are now a permanent feature of modern conflict and competition, but they have not become a central component of modern war. Recent conflicts show that cyber can disrupt, degrade, deceive, and impose friction; yet, these effects rarely accumulate into sustained operational advantage. This essay argues that cyber lacks a mature operational grammar that allows commanders to arrange tactical actions in time, space, and purpose to achieve strategic objectives. Current doctrine is still relevant: it is the grammar used to implement that doctrine that differs for terrain, maneuver, fires, and effects, tempo, risk, and command. A separate theory of war or a new planning framework is not needed. What is needed is the understanding that the cyber terrain is socio-technical at its core, maneuver is positional, fires often consume access, tempo is governed by adaptation, risk accumulates over time, and command requires judgment across distributed authorities and consequences. The article advances a commander-centric framework for translating foundational concepts of military campaign design into the cyber domain.

May 21, 2026

A Decade of Insight, Driven by Necessity: From the Shoddy Cyber Substrate to Great Systems Conflict, and the Alliance That Must Defend What Remains

Cyberspace has evolved into a persistent arena of “Great Systems Conflict” in which states increasingly target the socio-technical-economic foundations of rival societies through continuous, digitally enabled campaigns. The insecure and commercially driven foundations of the modern cyber substrate created enduring offense advantages that have systematically favored adversaries, particularly China, in areas ranging from intellectual property extraction to technological dependency and cognitive influence operations. As a result, democratic societies face mounting strategic vulnerability across the interconnected systems that underpin governance, critical infrastructure, economic competitiveness, and public trust. This Senior Leader Perspective argues that the strategic edge of the coming decade will depend on whether democratic states can transition from fragmented and reactive cyber defense toward a Cyber Operational Resilience Alliance (CORA): an integrated defense architecture uniting allied governments, militaries, private-sector technology providers, academia, and legal institutions into a collective defense-in-depth ecosystem. The perspective highlights Ukraine’s wartime cyber resilience as an operational proof of concept for such collaboration. Ultimately, the author calls for wartime-tempo institutional coordination, allied technological integration, and sustained public-private collaboration to preserve democratic resilience in an increasingly contested digital century.

May 18, 2026

Playing the Future: Insights from Wargaming Cyber Conflict

This piece explores how cyber warfare is evolving by combining professional wargaming with analysis of real‑world cyber incidents. It highlights the lessons that have emerged from iterations of wargames about actual and potential cyber conflicts. As cyber conflict lacks the rich campaign histories available for conventional war, repeated wargaming of past operations is used to understand attacker intent, capability, and effectiveness. Several consistent patterns emerge across two decades of state‑level cyber activity, including strategic signaling, integration with wider political and military campaigns, a focus on critical infrastructure, and the concentration of major cyber operations at the start of conflict. Looking ahead, the paper argues that while cyber capabilities are becoming more significant, they will take decades—and multiple major conflicts—to mature into a dominant class of weapons. A key strategic challenge is mobilizing national cyber power, particularly given the concentration of expertise in the private sector. Effective mobilization requires pre‑planned public–private integration, cyber reserves, and extensive peacetime wargaming. It concludes that despite technological advances, human expertise remains the decisive factor in cyber conflict; wargaming is an essential part of developing these people.

May 14, 2026

Grand Challenges in Agentic AI for Cyber Operations: A Research Agenda

Agentic AI systems are reshaping cyber operations at a pace that outstrips the mechanisms needed to deploy them responsibly. The first documented autonomous cyber attack, in September 2025, demonstrated that the technology has crossed the threshold from research capability to operational threat, yet the technical robustness, human-AI trust, and governance frameworks required for responsible adoption remain underdeveloped. This paper argues that the resulting gaps constitute a control deficit manifested through a set of grand challenges across four reinforcing dimensions: technical limitations and vulnerabilities, the trust deficit between operators and AI agents, insufficient governance, and dual-use escalation risks. Through a structured expert analysis that draws on operational, technical, human, and policy perspectives, we characterize the interactions among these dimensions. We then propose a research agenda to help the cyber operations community address these grand challenges in a coordinated manner, accounting for both the dependencies among dimensions and the operational urgency posed by the adversary's adoption of the same technology. In doing so, the paper calls on researchers, practitioners, and policy-makers to collectively shape the responsible integration of agentic AI into cyber operations without ceding the advantages it provides.

May 11, 2026

Leadership Beyond the Easy No: Mastering the Basics and Breaking Constraints in Cyber Defense

The organizations that consistently perform under pressure in cyberspace are not the ones with the most advanced tools — they are the ones that master the basics and empower leaders at every level to think beyond perceived constraints. Drawing on experiences from combat operations, electronic warfare, data science education, and command of the U.S. Army Cyber Protection Brigade, the author argues that the future of cyber defense rests on two inseparable pillars. The first is an unwavering commitment to fundamentals — teamwork, expertise, and the holistic fitness of our people — practiced daily by officers, warrant officers, non-commissioned officers (NCOs), and civilians. The second is a culture that encourages leaders to innovate at the tactical level while searching for the dimension that nullifies constraints and makes our nation's hardest problems solvable. Mastery of the basics creates the trust and discipline that makes bold innovation possible, and bold innovation gives meaning to the fundamentals we practice every day.

May 5, 2026

China's Cyber Explosives are in Place. Where's our Response?

Drawing on recent cyber intrusions into U.S. critical infrastructure, Rob Joyce, former Acting Homeland Security Adviser on the U.S. National Security Council and retired NSA Director of Cybersecurity, argues that the People’s Republic of China’s campaigns—such as Volt Typhoon and Salt Typhoon—are not routine espionage, but deliberate preparations for conflict. These operations reflect a coordinated effort to pre-position access across vital systems, enabling the potential disruption of military logistics and civilian infrastructure in the early stages of a crisis. The article contends that U.S. deterrence has failed not for lack of capability, but for lack of resolve and strategic coherence. Cyber operations exploit a critical asymmetry: their effects are often invisible, deniable, and insufficient to trigger decisive political action. As a result, adversaries have been able to operate below the threshold of response while steadily expanding their foothold. The temporary decline in activity following the 2015 U.S.–China cyber agreement demonstrates that deterrence is achievable—but only when costs are imposed visibly and across domains, particularly through economic and diplomatic leverage. The piece concludes by calling for a whole-of-government approach that treats cyber intrusions into critical infrastructure as intolerable national security threats. It emphasizes the need for visible, coordinated responses—led at the presidential level—to restore credible deterrence and prevent adversaries from exploiting persistent access within U.S. systems.

May 4, 2026

Embracing a Whole-of-Nation Approach to the 2026 National Cybersecurity Strategy Inspired by the Manhattan Project

This Senior Leader Perspective examines the 2026 U.S. National Cyber Strategy through the lens of a “whole-of-nation” approach, arguing that current fragmented efforts are insufficient to address the scale and complexity of modern cyber threats. Drawing inspiration from the Manhattan Project, the author advocates for a coordinated national model that integrates government, private industry, academia, and national laboratories into a unified cybersecurity ecosystem. The article highlights how cyber risks transcend institutional boundaries, targeting critical infrastructure, economic systems, and civil society, and therefore require synchronized action across all sectors. It further emphasizes the need to operationalize this vision by clearly defining roles and responsibilities, fostering innovation through collaborative hubs, and embedding cybersecurity awareness into education and public life. Ultimately, the piece contends that resilience in cyberspace depends not only on technological advancement but on collective responsibility, cultural change, and sustained national commitment to shared defense.

May 4, 2026

We Are the Attack Surface: Conway’s Law, the Sociotechnical Layer, and the Resilience the Next Decade Demands

The defense cyber community has made genuine progress at the technical layer over the past decade. Continuous software delivery and security practices, supply chain security certification frameworks, and the maturation of dedicated military cyber forces represent real and consequential structural advances. That progress now reveals the layer above it. The seams adversaries exploit with consistent effectiveness are not technical seams—they are organizational seams, the predictable product of how complex work is organized across institutional boundaries at scale. This essay synthesizes a decade of research and acquisition practice to advance three connected arguments. First, existing cybersecurity and resilience frameworks systematically address the technical layer while leaving the sociotechnical and ecosystem layers under-addressed—a gap that represents the defining strategic liability of the coming decade. Second, Conway’s Law and panarchy theory together explain why this gap persists: organizations produce systems that mirror their communication structures, and cross-scale dynamics ensure that fast-cycle compromises can cascade upward to destabilize strategic command and control. Third, addressing this gap requires deliberate attention across the full lifecycle of cyberphysical systems—from development through deployment, fielding, active defense, and sustainment—not only at initial program authorization. Artificial intelligence amplifies both the consequences of the problem and the cost of its continued deferral, while simultaneously offering new analytical tools for ecosystem-level situational awareness. The path forward requires treating resilience as a continuous lifecycle obligation, mandating ecosystem-level threat modeling, and recognizing operational commanders as the essential demand signal for resilient outcome specifications.