May 14, 2026

Grand Challenges in Agentic AI for Cyber Operations: A Research Agenda

Agentic AI systems are reshaping cyber operations at a pace that outstrips the mechanisms needed to deploy them responsibly. The first documented autonomous cyber attack, in September 2025, demonstrated that the technology has crossed the threshold from research capability to operational threat, yet the technical robustness, human-AI trust, and governance frameworks required for responsible adoption remain underdeveloped. This paper argues that the resulting gaps constitute a control deficit manifested through a set of grand challenges across four reinforcing dimensions: technical limitations and vulnerabilities, the trust deficit between operators and AI agents, insufficient governance, and dual-use escalation risks. Through a structured expert analysis that draws on operational, technical, human, and policy perspectives, we characterize the interactions among these dimensions. We then propose a research agenda to help the cyber operations community address these grand challenges in a coordinated manner, accounting for both the dependencies among dimensions and the operational urgency posed by the adversary's adoption of the same technology. In doing so, the paper calls on researchers, practitioners, and policy-makers to collectively shape the responsible integration of agentic AI into cyber operations without ceding the advantages it provides.

May 11, 2026

Leadership Beyond the Easy No: Mastering the Basics and Breaking Constraints in Cyber Defense

The organizations that consistently perform under pressure in cyberspace are not the ones with the most advanced tools — they are the ones that master the basics and empower leaders at every level to think beyond perceived constraints. Drawing on experiences from combat operations, electronic warfare, data science education, and command of the U.S. Army Cyber Protection Brigade, the author argues that the future of cyber defense rests on two inseparable pillars. The first is an unwavering commitment to fundamentals — teamwork, expertise, and the holistic fitness of our people — practiced daily by officers, warrant officers, non-commissioned officers (NCOs), and civilians. The second is a culture that encourages leaders to innovate at the tactical level while searching for the dimension that nullifies constraints and makes our nation's hardest problems solvable. Mastery of the basics creates the trust and discipline that makes bold innovation possible, and bold innovation gives meaning to the fundamentals we practice every day.

May 5, 2026

China's Cyber Explosives are in Place. Where's our Response?

Drawing on recent cyber intrusions into U.S. critical infrastructure, Rob Joyce, former Acting Homeland Security Adviser on the U.S. National Security Council and retired NSA Director of Cybersecurity, argues that the People’s Republic of China’s campaigns—such as Volt Typhoon and Salt Typhoon—are not routine espionage, but deliberate preparations for conflict. These operations reflect a coordinated effort to pre-position access across vital systems, enabling the potential disruption of military logistics and civilian infrastructure in the early stages of a crisis. The article contends that U.S. deterrence has failed not for lack of capability, but for lack of resolve and strategic coherence. Cyber operations exploit a critical asymmetry: their effects are often invisible, deniable, and insufficient to trigger decisive political action. As a result, adversaries have been able to operate below the threshold of response while steadily expanding their foothold. The temporary decline in activity following the 2015 U.S.–China cyber agreement demonstrates that deterrence is achievable—but only when costs are imposed visibly and across domains, particularly through economic and diplomatic leverage. The piece concludes by calling for a whole-of-government approach that treats cyber intrusions into critical infrastructure as intolerable national security threats. It emphasizes the need for visible, coordinated responses—led at the presidential level—to restore credible deterrence and prevent adversaries from exploiting persistent access within U.S. systems.

May 4, 2026

Embracing a Whole-of-Nation Approach to the 2026 National Cybersecurity Strategy Inspired by the Manhattan Project

This Senior Leader Perspective examines the 2026 U.S. National Cyber Strategy through the lens of a “whole-of-nation” approach, arguing that current fragmented efforts are insufficient to address the scale and complexity of modern cyber threats. Drawing inspiration from the Manhattan Project, the author advocates for a coordinated national model that integrates government, private industry, academia, and national laboratories into a unified cybersecurity ecosystem. The article highlights how cyber risks transcend institutional boundaries, targeting critical infrastructure, economic systems, and civil society, and therefore require synchronized action across all sectors. It further emphasizes the need to operationalize this vision by clearly defining roles and responsibilities, fostering innovation through collaborative hubs, and embedding cybersecurity awareness into education and public life. Ultimately, the piece contends that resilience in cyberspace depends not only on technological advancement but on collective responsibility, cultural change, and sustained national commitment to shared defense.

May 4, 2026

We Are the Attack Surface: Conway’s Law, the Sociotechnical Layer, and the Resilience the Next Decade Demands

The defense cyber community has made genuine progress at the technical layer over the past decade. Continuous software delivery and security practices, supply chain security certification frameworks, and the maturation of dedicated military cyber forces represent real and consequential structural advances. That progress now reveals the layer above it. The seams adversaries exploit with consistent effectiveness are not technical seams—they are organizational seams, the predictable product of how complex work is organized across institutional boundaries at scale. This essay synthesizes a decade of research and acquisition practice to advance three connected arguments. First, existing cybersecurity and resilience frameworks systematically address the technical layer while leaving the sociotechnical and ecosystem layers under-addressed—a gap that represents the defining strategic liability of the coming decade. Second, Conway’s Law and panarchy theory together explain why this gap persists: organizations produce systems that mirror their communication structures, and cross-scale dynamics ensure that fast-cycle compromises can cascade upward to destabilize strategic command and control. Third, addressing this gap requires deliberate attention across the full lifecycle of cyberphysical systems—from development through deployment, fielding, active defense, and sustainment—not only at initial program authorization. Artificial intelligence amplifies both the consequences of the problem and the cost of its continued deferral, while simultaneously offering new analytical tools for ecosystem-level situational awareness. The path forward requires treating resilience as a continuous lifecycle obligation, mandating ecosystem-level threat modeling, and recognizing operational commanders as the essential demand signal for resilient outcome specifications.

May 4, 2026

The Invisible Battlefield: Defending Key Terrain in Operational Technology by Leveraging National Laboratories

The nature of cyber threats has undergone a fundamental transformation over the past two decades, shifting from the exploitation of information systems to the deliberate targeting of the operation systems and physical infrastructure upon which national security and public safety depend – our nation's key terrain on the digital battlefield. This article argues that the defense and policy communities have yet to fully reckon with this shift, largely due to a persistent "digital threat bias" — an institutional tendency to treat cybersecurity as an IT problem rather than a matter of physical and operational consequence. This bias produces measurable failures: misaligned investment priorities that leave operational technology (OT) environments underfunded; governance structures that exclude engineers who understand physical systems best; and threat categorization frameworks that obscure the asymmetrical character of attacks on critical infrastructure, thereby limiting policy and response authorities. Drawing on high-profile incidents, this article makes the case that cyberattacks targeting OT environments constitute a form of irregular warfare requiring a fundamentally different strategic response. The author identifies three imperatives for senior leaders and policymakers: reframing OT cyber-attacks on critical infrastructure as irregular warfare, overcoming digital threat bias, and integrating the capabilities of the Department of Energy national laboratory system to strengthen national defense. Failure to act with urgency risks leaving critical defense infrastructure, and the military readiness it sustains, vulnerable to adversaries who have already spent years mapping and accessing these systems.

May 4, 2026

Wrong Players, Wrong Game: Rethinking Who Belongs in Cyber

The term ‘cyber’ no longer maps cleanly onto the domain it once described. Today, ‘cyber’ encompasses everything from data governance, autonomous systems, artificial intelligence, to the cascading interdependencies of critical infrastructure — yet the workforce structure and team compositions have not kept pace with these changes. This article argues that the mismatch is not primarily a technology problem, but a talent and framing issue. By continuing to recruit and organize cyber teams as though ‘cyber’ remains a narrow technical discipline, the United States risks fielding the wrong players for a global competition that has fundamentally changed. Drawing from direct leadership experience navigating these gaps in the Air Force, Joint Force, and across industry, the author identifies five non-technical disciplines that belong inside the cyber tent. She outlines the justification for including behavioral science, political science and international relations, economics and game theory, organizational behavior, and public health. She then proposes a corrective strategic approach to workforce development, hiring, and institutional culture that would begin to close the gap.

April 29, 2026

Is Cyberwar War – and Why Might it Matter?

This article examines the persistent question of whether cyberwar constitutes “war” and why this distinction matters for international stability and escalation dynamics. It argues that attempts to define cyberwar through fixed technical or quantitative criteria—such as scale, damage, or attribution—are ultimately insufficient, as the designation of cyber actions as “war” is inherently political and shaped by strategic interests. The analysis focuses on escalation, particularly the role of thresholds that distinguish escalation by degree from escalation by type, emphasizing how the classification of cyber operations influences whether responses cross into kinetic conflict. The author outlines three perspectives—consensus that cyberwar is war, consensus that it is not, and disagreement between actors—and argues that instability is greatest when perceptions diverge. It further explores the complicating role of cyberespionage, sanctions, and the ambiguous positioning of cyber operations within an “escalation lattice.” The article concludes that predictability in how states interpret and respond to cyber operations is essential to reducing miscalculation and unintended conflict, even if clear and universally accepted thresholds remain elusive.

April 1, 2026

Advancing Strategic Thought and Practice in Cyberspace

The publication of Volume 11, Issue 1 marks an important moment in the continued evolution of The Cyber Defense Review (CDR). Over the past year, the journal has undergone a series of deliberate transformations aimed at ensuring its long-term sustainability, strengthening the quality of its publications, and expanding its role as a trusted forum at the intersection of military practice, policy, and scholarship. As cyber operations become increasingly central to national security, the expectations placed upon professional and academic outlets have evolved. Readers—whether military leaders, policymakers, or scholars—are not only seeking timely insights, but also clarity, rigor, and durability. In response, the CDR has refined its editorial processes to better meet these expectations...

April 1, 2026

Conceptualizing Cyber Strategy: Mapping Theories of Security in Cyberspace

As cyber operations become central to national security, policymakers still lack a clear framework to distinguish, compare, and evaluate competing cyber strategies. This article offers a novel framework for understanding strategy in cyberspace by describing and comparing theories of security in the digital domain. It argues that most cyber theories of security fall under one of four strategic ideal types: resilience, selective response, persistence, and extraction. Each ideal type represents a distinct way that states prioritize scarce resources to maximize power and minimize harm to networks and assets. Scholars and practitioners have often relied on familiar analogies such as conventional war, coercion, and irregular warfare to describe the promise of cyber power. Yet policymakers and students would benefit from a theoretical framework to distinguish, compare, and evaluate cyber strategies. Following a brief review of current scholarship, the article develops this typology and uses it as the foundation of a comparative framework. It examines the four strategic ideal types across three policy-relevant dimensions: reliance on coercion, risks of escalation, and preparations for conflict. It then explores how to assess their effectiveness, how strategies interact between competitors, and how emerging technologies may reshape the attractiveness of each approach. Although theories of land, air, and maritime power are well established, strategic thought in cyberspace must mature to better guide policymakers in understanding the tradeoffs, advantages, and limitations associated with each strategy.