May 4, 2026

The Invisible Battlefield: Defending Key Terrain in Operational Technology by Leveraging National Laboratories

The nature of cyber threats has undergone a fundamental transformation over the past two decades, shifting from the exploitation of information systems to the deliberate targeting of the operation systems and physical infrastructure upon which national security and public safety depend – our nation's key terrain on the digital battlefield. This article argues that the defense and policy communities have yet to fully reckon with this shift, largely due to a persistent "digital threat bias" — an institutional tendency to treat cybersecurity as an IT problem rather than a matter of physical and operational consequence. This bias produces measurable failures: misaligned investment priorities that leave operational technology (OT) environments underfunded; governance structures that exclude engineers who understand physical systems best; and threat categorization frameworks that obscure the asymmetrical character of attacks on critical infrastructure, thereby limiting policy and response authorities. Drawing on high-profile incidents, this article makes the case that cyberattacks targeting OT environments constitute a form of irregular warfare requiring a fundamentally different strategic response. The author identifies three imperatives for senior leaders and policymakers: reframing OT cyber-attacks on critical infrastructure as irregular warfare, overcoming digital threat bias, and integrating the capabilities of the Department of Energy national laboratory system to strengthen national defense. Failure to act with urgency risks leaving critical defense infrastructure, and the military readiness it sustains, vulnerable to adversaries who have already spent years mapping and accessing these systems.

May 4, 2026

Wrong Players, Wrong Game: Rethinking Who Belongs in Cyber

The term ‘cyber’ no longer maps cleanly onto the domain it once described. Today, ‘cyber’ encompasses everything from data governance, autonomous systems, artificial intelligence, to the cascading interdependencies of critical infrastructure — yet the workforce structure and team compositions have not kept pace with these changes. This article argues that the mismatch is not primarily a technology problem, but a talent and framing issue. By continuing to recruit and organize cyber teams as though ‘cyber’ remains a narrow technical discipline, the United States risks fielding the wrong players for a global competition that has fundamentally changed. Drawing from direct leadership experience navigating these gaps in the Air Force, Joint Force, and across industry, the author identifies five non-technical disciplines that belong inside the cyber tent. She outlines the justification for including behavioral science, political science and international relations, economics and game theory, organizational behavior, and public health. She then proposes a corrective strategic approach to workforce development, hiring, and institutional culture that would begin to close the gap.

April 29, 2026

Is Cyberwar War – and Why Might it Matter?

This article examines the persistent question of whether cyberwar constitutes “war” and why this distinction matters for international stability and escalation dynamics. It argues that attempts to define cyberwar through fixed technical or quantitative criteria—such as scale, damage, or attribution—are ultimately insufficient, as the designation of cyber actions as “war” is inherently political and shaped by strategic interests. The analysis focuses on escalation, particularly the role of thresholds that distinguish escalation by degree from escalation by type, emphasizing how the classification of cyber operations influences whether responses cross into kinetic conflict. The author outlines three perspectives—consensus that cyberwar is war, consensus that it is not, and disagreement between actors—and argues that instability is greatest when perceptions diverge. It further explores the complicating role of cyberespionage, sanctions, and the ambiguous positioning of cyber operations within an “escalation lattice.” The article concludes that predictability in how states interpret and respond to cyber operations is essential to reducing miscalculation and unintended conflict, even if clear and universally accepted thresholds remain elusive.

April 1, 2026

Advancing Strategic Thought and Practice in Cyberspace

The publication of Volume 11, Issue 1 marks an important moment in the continued evolution of The Cyber Defense Review (CDR). Over the past year, the journal has undergone a series of deliberate transformations aimed at ensuring its long-term sustainability, strengthening the quality of its publications, and expanding its role as a trusted forum at the intersection of military practice, policy, and scholarship. As cyber operations become increasingly central to national security, the expectations placed upon professional and academic outlets have evolved. Readers—whether military leaders, policymakers, or scholars—are not only seeking timely insights, but also clarity, rigor, and durability. In response, the CDR has refined its editorial processes to better meet these expectations...

April 1, 2026

Conceptualizing Cyber Strategy: Mapping Theories of Security in Cyberspace

As cyber operations become central to national security, policymakers still lack a clear framework to distinguish, compare, and evaluate competing cyber strategies. This article offers a novel framework for understanding strategy in cyberspace by describing and comparing theories of security in the digital domain. It argues that most cyber theories of security fall under one of four strategic ideal types: resilience, selective response, persistence, and extraction. Each ideal type represents a distinct way that states prioritize scarce resources to maximize power and minimize harm to networks and assets. Scholars and practitioners have often relied on familiar analogies such as conventional war, coercion, and irregular warfare to describe the promise of cyber power. Yet policymakers and students would benefit from a theoretical framework to distinguish, compare, and evaluate cyber strategies. Following a brief review of current scholarship, the article develops this typology and uses it as the foundation of a comparative framework. It examines the four strategic ideal types across three policy-relevant dimensions: reliance on coercion, risks of escalation, and preparations for conflict. It then explores how to assess their effectiveness, how strategies interact between competitors, and how emerging technologies may reshape the attractiveness of each approach. Although theories of land, air, and maritime power are well established, strategic thought in cyberspace must mature to better guide policymakers in understanding the tradeoffs, advantages, and limitations associated with each strategy.

April 1, 2026

Mapping Communication Hijacking in the Asia-Pacific: Data-Driven Insights into Disinformation Networks

This study investigates "communication hijacking"—the strategic co-option and redirection of online discourse—by PRC-sponsored actors within the Asia-Pacific information environment. Using a novel seven-level framework (Persona, Hashtag, Media, Narrative, Campaign, Brand, and Newsjacking), the research categorizes diverse influence activities, including efforts to diminish organizational or individual reputation and exploit real-time media events. Through a multi-lingual, open-source analysis of data from 2021 to 2024, the study identifies specific hijacking cases that utilize coordinated inauthentic behavior (CIB) and synthetic amplification. While finding a preference for creating inauthentic news outlets over direct media hijacking, the research reveals that PRC-sponsored operations use persona-level attacks to target dissidents whereas campaign-level efforts focus on broader objectives like electoral interference. By mapping these tactics, the study provides a taxonomic foundation for communication practitioners in business, government, and the military—particularly those engaged in cognitive warfare and military Operations in the Information Environment (OIE)—to better understand and detect the evolution of digital interference and disinformation practices.

April 1, 2026

David’s Sling, Goliath’s Bill: The Economics of Drone Defense - A Layered Defense Framework

Drones have emerged as a dominant weapon system and force enabler on the modern battlefield. From reconnaissance to resupply to precision strike, drones have fundamentally reshaped how wars are fought. One of the most pressing challenges they pose is a persistent cost asymmetry: defending against low-cost unmanned aerial systems (UAS) is often far more expensive than deploying them. Despite advances in counter-drone technologies, kinetic munitions remain the most reliable means of neutralization. However, the cost of these defenses frequently exceeds the value of the drones they destroy. This paper examines the economic dynamics of contemporary drone warfare and proposes the Resilient Adaptive Multi-layered Protective Air Response Technology (RAMPART) framework, a decision-support model designed to optimize cost-effective counter-UAS strategies. Building on principles of layered air defense and informed by analysis of recent conflicts, the framework introduces the adjusted defense cost fraction (aDCF), a formal metric that integrates defender costs, adversary costs, and the value of protected assets to guide engagement decisions. The model enables a least-cost-first approach, dynamically prioritizing electronic warfare, directed energy, interceptor drones, and kinetic systems based on operational conditions. By formalizing the economic logic of counter-drone engagements, RAMPART provides a scalable analytical tool for improving resource allocation, enhancing operational sustainability, and informing both tactical decision-making and future force design in increasingly contested environments.

March 26, 2026

The Offense Death Cycle: Proactive Environmental Control as a Method of Persistent Cyber Defense

Modern defensive frameworks such as the Cyber Kill Chain, ATT&CK, and D3FEND focus on cataloguing and countering the tactics, techniques, and procedures (TTP) of cyber attackers. While invaluable for incident response, these models remain tactically reactive. In persistent competition, however, Advanced Persistent Threat (APT) attackers and defenders operate in continuous contact within the same contested environment, which renders reactive defensive approaches incomplete. This commentary argues that enduring cyber defense against persistent attackers emerges not from proper reaction but from controlling the environment that the attacker depends on. Building upon Fischerkeller, Goldman and Harknett’s Cyber Persistence Theory (CPT), Monte’s Network Attacks and Exploitation, and Smeets’s PETIO framework, and informed by the author’s operational experience, it proposes the Offense Death Cycle (ODC) – a field-informed operational concept for defensive persistence. The ODC translates strategic persistence into a practical loop of intelligence, induced friction, and anticipation, enabling defenders to transform home-field advantage into a source of initiative and to exhaust APTs through executing proactive environmental control.

March 24, 2026

Digital Force Protection for Expeditionary Land Forces: An Early-Warning Framework for Mission Command Resilience

Digital force protection (DFP) is increasingly a survivability requirement for expeditionary land forces because adversaries can generate operational effects without penetrating classified systems. Exploitation can occur through enabling infrastructure, metadata, and traffic analysis, coalition seams, and commercially available data that makes units and patterns of life observable and correlatable at scale. This commentary proposes a practical early-warning framework that links shifts in strategic competition to measurable geopolitical indicators and observable pressure in the information environment. It then translates those signals into tiered posture adjustments for communications resilience, reduction of digital and commercial observability, and management of mission-partner dependencies. The approach emphasizes explainability and repeatability for commander decision-making under tempo, using transparent indicator families rather than attribution or predictive certainty. The central contribution is a decision-focused method for acting earlier and more deliberately as conditions deteriorate, treating cyberspace defense as force protection and mission assurance rather than a narrow information technology compliance function.

March 19, 2026

Protecting Energy Systems for Power Projection: The Promise and Peril of AI for Cyber Early Warning Systems

Military power projection depends on resilient energy infrastructure, yet the grids supporting the United States and allied forces are increasingly vulnerable to cyberattacks. This article examines how intrusions against national power systems and on-base microgrids threaten operational continuity. Through illustrative case studies of Germany, Japan, and the United States, it identifies recurring weaknesses in both legacy and modern grid architectures and demonstrates the insufficiency of current defensive measures. As a solution, the paper evaluates the use of Large Language Models (LLMs) for a more adaptive cyber early warning system (CEWS). Drawing on experiments from the NATO Systems Analysis and Studies (SAS-183) project, it presents findings from tests using LLMs to analyze real-world energy-system data. The results confirm that Artificial Intelligence (AI) can significantly improve anomaly detection and threat contextualization. However, the article cautions that without secure, human-supervised architectures, these same systems introduce risks of high-consequence false positives and adversarial manipulation. Ultimately, this research concludes that AI enhances energy resilience only when its computational speed is balanced by disciplined human judgment.