June 5, 2026

Winning the War, Not Just the Cyber Fight

For much of the cyber era, policymakers and practitioners have debated whether the United States is winning or losing in cyberspace. This essay argues that this framing is increasingly outdated. Cyber capabilities are no longer a discrete instrument operating at the margins of conflict, but a foundational component of modern military power, strategic competition, and statecraft. The more relevant challenge is not whether the United States can achieve victory in cyberspace alone, but whether it can effectively integrate cyber capabilities into broader efforts to deter adversaries, shape strategic outcomes, strengthen resilience, and support military campaigns. The essay examines the limitations of a predominantly reactive and defense-oriented approach in an era of continuous competition, highlighting how adversaries employ cyber capabilities persistently to shape the strategic environment below the threshold of armed conflict. The author argues for a more proactive and integrated posture that combines offensive and defensive capabilities, leverages partnerships across government and industry, and incorporates cyber considerations into military planning from the outset. The ultimate measure of success is not winning individual cyber engagements, but leveraging cyber capabilities to help win the broader strategic competition and, when necessary, the wars of the future.

June 5, 2026

Initiative, Not Attrition: Reconceiving Cyber Operations as Maneuver

Sophisticated state cyber actors with mature doctrine and pre-staged accesses have repeatedly failed to convert tactical competence into strategic effect. The source of this failure is a misapplied theory of victory: cyber operations are a maneuver problem, not a fires problem. Until campaign logic, authority structures, and assessment frameworks are redesigned accordingly, tactical cyber competence will continue to produce strategic irrelevance — and adversaries who already understand this will continue to exploit the gap. Drawing on Boyd's theory of conflict, this essay argues that cyberspace is inherently initiative-dominant, requiring continuous seizure and maintenance of initiative rather than attrition of adversary capability. The decisive variable in any cyber campaign is orientation — the adversary's capacity to maintain a coherent model of the world adequate for decision and action — not technical infrastructure. The Cheng/Chi dynamic of persistent prior conditioning followed by disproportionate exploitation provides the campaign logic that attritionist frameworks cannot. The essay derives implications for authority structures, assessment frameworks, and the language through which senior cyber leaders must communicate campaign outcomes to civilian oversight.

June 4, 2026

Cyber War Did Not Take Place

Thirteen years ago, I argued that "cyber war will not take place", and that the more productive questions were how espionage, sabotage, and subversion — and the attribution of these covert activities — were evolving. This essay revisits that argument in light of a dozen pivotal years. Cyberwar as an idea has continued to recede, yet the covert contest beneath it has intensified. I survey three major trends: a mid-2010s visibility spike into signals intelligence and advanced threat actors that has since collapsed; the rise of sabotage from rarity to routine, increasingly fused with subversion and military operations; and a subversive turn in which authentic exposure operations and old-fashioned physical active measures outperform synthetic content. I then ask whether large language models (LLMs) will amplify or break these trends. My answer is that they will largely amplify them: deepening stealth in espionage, integrating sabotage more fully into combined operations, and raising the premium on authenticity in subversion. The essay concludes that what gets buried alongside cyberwar is the field's youthful confidence that clear lines once separated espionage, sabotage, subversion, and counterintelligence.

June 3, 2026

Cyber Persistence Theory Is Cyber Praxis

Cyber persistence theory (CPT) emerged from efforts to explain how the structural characteristics of cyberspace shape state behavior, competition, and security. Over the past decade, the theory has moved beyond academic debate and into operational practice. This essay argues that CPT has become cyber praxis, as its core logic increasingly informs national cyber strategies, operational doctrines, and campaigning approaches across leading cyber powers. Drawing on developments in the United States, Europe, and Asia, the authors contend that states are shifting away from reactive models based on restraint and deterrence toward proactive approaches centered on initiative persistence, continuous engagement, and strategic campaigning. The essay examines how this evolution reflects a broader break from legacy paradigms inherited from conventional and nuclear security thinking. It also highlights challenges for policymakers, military organizations, educators, and researchers, including workforce development, campaign assessment, human-machine teaming, and the extension of CPT into managing crisis and armed conflict. Looking ahead, the authors call for closer interaction between theory and practice, arguing that rigorous academic engagement is essential to refining CPT’s explanatory, predictive, and prescriptive power. As cyberspace becomes increasingly central to national power and international stability, the continued development of CPT offers a foundation for understanding and securing the digital strategic environment.

June 1, 2026

Cyber Defense in an Interdependent World: A Critique of Digital Decoupling

The United States needs to reconsider its decade-long shift toward "digital decoupling" from China. These measures are built upon a flawed premise: that cybersecurity can be achieved by treating cyberspace as a "territorial fortress" and withdrawing from globalized data exchanges, capital flows, and supply chains. Evidence demonstrates that decoupling has not reduced cyber threats; that nearly all breaches result from vulnerabilities in U.S. software rather than foreign hardware or services in the U.S. market; and that export controls have incentivized Beijing’s drive toward technological self-reliance, reduced Western visibility into Chinese markets, and cost American firms critical R&D revenue, threatening their leadership in the sector. Further, by militarizing civilian sectors and weaponizing interdependence, the U.S. risks provoking retaliatory blockades of essential raw materials. The author concludes that decoupling is an expensive, indirect approach to cybersecurity that ignores the irreversible reality of a shared, interconnected digital domain. Rather than pursuing a zero-sum technological arms race, the U.S. should pivot toward a strategy of persistent engagement, systemic hardening of domestic infrastructure, and pragmatic competition with China as a technological peer.

May 31, 2026

Defense in a Denser Fog of War

Technical innovation throws off side effects. This essay argues that as machine learning overlays a densely interconnected cyberspace, the most telling side effect is indeterminism, the conversion of cyberspace from a deterministic setting (outcomes can be traced to demonstrable causes) to an indeterministic one (outcomes cannot be traced to demonstrable causes). Just as offense rewards creativity, defense rewards discipline, but discipline is based on that deterministic traceability of outcome back to cause. We have long suspected that cyber offense had an inherent strategic advantage over cyber defense; perhaps now it will be proven, not merely suspected. Nevertheless and heretofore, the thorniest problems have fallen to infosec people to fix, and there is no reason that will not be the case here: An indeterministic cyberspace is a dangerous one; can infosec people step up to the challenge?

May 29, 2026

Responsible Disclosure in the Age of AI: A Call for Urgent Action

Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This development exposes decades of accumulated technical debt created by a software industry that prioritized rapid deployment over secure-by-design engineering practices. Drawing on the evolution of software assurance, vulnerability disclosure frameworks, and U.S. cyber policy, this perspective argues that the current moment represents a strategic inflection point for governments, industry, and critical infrastructure operators. The author examines the growing tension between offensive and defensive equities in cyberspace, the emergence of AI-enabled vulnerability discovery capabilities in both the U.S. and China, and the increasing risks posed by unsupported legacy systems and AI-assisted code generation practices. Responsible disclosure can no longer remain a reactive or fragmented process, but must become a coordinated national and international resilience effort involving governments, software vendors, infrastructure operators, and emergency response organizations. The article concludes with an urgent call for accelerated remediation, large-scale patch management coordination, and sustained investment in automated vulnerability repair capabilities before adversaries exploit this rapidly narrowing window of opportunity.

May 27, 2026

Seven Cyber Trends Shaping Modern Conflict: Twenty Years and Counting

Cyber operations have transformed from niche technical activities into persistent instruments of strategic competition. Over the past two decades, cyber capabilities have become more available, dependable, pervasive, aggressive, continuous, integrated, and influential. This article examines these seven interrelated trends and situates them within broader global developments, including the commodification of cyber capabilities, expanding digital dependence, the growing strategic consequences of cyber operations, the transformation of the information environment, and the rapid acceleration of artificial intelligence (AI). Drawing on examples ranging from Stuxnet and NotPetya to Persistent Engagement, Hunt Forward Operations, ransomware campaigns, cyber-enabled influence operations, and multidomain military operations, the author illustrates how cyberspace evolved into an operational environment central to military, political, economic, and social competition. The article further argues that AI is likely to accelerate all seven trends by increasing automation, operational scale, analytical reach, and coordination across domains. Overall, the paper offers a structured way to interpret the evolution of cyberspace over the past two decades and to better understand the strategic trajectory of future cyber competition and conflict.

May 26, 2026

From Bytes to Satellites: Improving U.S. Joint Force All-Source Intelligence To Counter The PLA Cyberspace Force Threat

This paper applies the ends, ways, and means framework to analyze the cyberspace threat posed by the People’s Republic of China (PRC) and discuss the U.S. Joint Force’s defensive response posture. First, it examines how the PRC's goals of national rejuvenation and security are pursued through the People's Liberation Army's conduct of system destruction warfare, executed by a well-resourced Cyberspace Force. To counter this persistent threat to U.S. force projection, the Joint Force must adopt a coherent and proactive defensive strategy. The paper argues that U.S. defensive objectives must focus on identifying and securing key cyber terrain and mission-critical dependencies through the standardized use of existing cyber intelligence frameworks by all-source intelligence analysts. Operationally, this can help network defenders transition from reactive incident response to predictive, threat-driven defense. To do so, the Joint Force should institutionalize its cyber intelligence capabilities by establishing dedicated cyber career pathways and mandating advanced tradecraft training for all-source analysts. By leveraging predictive all-source intelligence to enhance cyber operations, the U.S. military can mitigate risks, maintain freedom of action in contested environments, and secure the information domain against advanced state-sponsored adversaries.

May 26, 2026

Exhaust, Don’t Deter: Ukraine’s Lessons for Allied Strategy Against Russia in Cyberspace

Russian cyber operations have persisted for more than a decade not because they are decisive, but because cyberspace rewards continuous campaigning below the threshold of armed conflict. Drawing on Ukraine’s frontline experience under sustained hybrid aggression, this Senior Leader Perspective argues that the prevailing Western emphasis on cyber deterrence fundamentally misreads the nature of the domain. Russia’s cyber activity is not a discrete series of attacks that can be prevented through threatened retaliation; it is a permanent instrument of statecraft designed to generate cumulative strategic pressure over time. The essay contends that the appropriate strategic objective is therefore not deterrence, but exhaustion. Rather than attempting to convince Russia to stop campaigning, Ukraine and its allies should seek to impose sustained operational and resource costs that gradually erode Russia’s capacity to conduct concurrent cyber and hybrid operations across multiple fronts. The argument builds on concepts of persistent engagement, defend forward, and cyber persistence theory, while grounding them in Ukraine’s operational experience during the full-scale war. Ultimately, the author proposes a coalition strategy centered on continuous defensive and offensive cyber pressure designed to force Russia to divert finite cyber resources toward self-defense, thereby weakening the cyber support structure that underpins Russian military operations and long-term hybrid aggression.