Nov. 28, 2025

Defending Health Security: Securing Healthcare Infrastructure against Ransomware

Ransomware attacks pose a significant threat to the United States, particularly when they target the healthcare sector. State-affiliated and cybercriminal groups exploit vulnerabilities across healthcare networks, supply chains, and software systems, causing financial and operational disruptions and undermining national security. These incidents are increasing in frequency, sophistication, and impact, signaling a deepening cybersecurity crisis. Healthcare remains a prime target due to its reliance on interconnected legacy systems, weak cybersecurity baselines, sensitive patient data, and the need to maintain continuity of care. Large-scale breaches, such as the Change Healthcare incident, underscore ransomware’s devastating implications for public health and safety. This paper introduces cyber health security theory, extending the notion of human security into the cyber domain. It posits that the integrity of health systems, data, and care is foundational to national security. Attacks on healthcare infrastructure are direct assaults on sector resilience and individual well-being, with cascading effects on economic and societal stability, and strategic power. Drawing on three case studies and related mitigation strategies, this analysis highlights the urgent need for stronger cybersecurity measures, public-private collaboration, and targeted policy reforms. Strengthening cyber resilience in healthcare is a national security imperative for protecting citizens and preserving societal stability.

Nov. 28, 2025

Autonomous Vehicles in Critical Infrastructure: Technologies, Vulnerabilities, and Implications

Autonomous vehicles (AVs) are quickly emerging as a critical component of the Transportation Systems Sector (TSS), one of the essential infrastructure sectors designated by the Department of Homeland Security (DHS). While autonomy is not a new concept, advancements in artificial intelligence (AI), real-time data processing, and sensor fusion have accelerated the deployment of AV technology in both military and commercial civilian sectors. These technologies enable AVs to operate with varying levels of autonomy but also introduce significant cybersecurity, legal, and ethical challenges. As AV integration into critical infrastructure scales and military reliance on interconnected autonomous systems grows, ensuring cyber and operational resilience becomes a national security imperative to guard against cyber-physical threats. This article explores the technological foundation of AVs, their military and commercial applications, and the cybersecurity risks impeding safe deployment. We examine specific frameworks, such as the commercial SAE autonomy levels (1-5) and military adaptations like the Robotic Combat Vehicle (RCV) program, alongside key cybersecurity threats, including remote hacking, GPS spoofing, and Denial-of-Service (DoS) attacks. This analysis highlights the immense potential and inherent vulnerabilities of AV technology as it becomes more deeply integrated into civilian and military systems. The paper concludes by addressing critical cybersecurity measures, including strong encryption and AI model training, to mitigate these risks and enhance AV security in commercial and defense applications.

Nov. 28, 2025

Pulling the Thread: A Campaign Approach to Mission Thread Defense of Force Projection

The U.S. military’s ability to rapidly project power around the globe is a cornerstone of American defense strategy, and adversaries leverage denial strategies across domains to disrupt this capability. Recent cyberspace exploitation campaigns have infiltrated U.S. critical infrastructure, raising concerns about the military’s ability to project decisive force during crises. Increasing cyber resilience for force projection requires transitioning from an asset-focused approach to a more proactive, mission-driven approach for defensive cyberspace operations (DCO). U.S. Army Cyber Command (ARCYBER) is implementing a campaign approach to address the cross-organizational challenge of increasing cyber resilience by leveraging partnerships to facilitate collaboration, leading the process of identifying critical systems, and producing plans to align requirements with resources. ARCYBER works closely with the Total Army (Active, Guard, and Reserve) and Joint and Interagency partners to promote effective collaboration, providing a common framework to translate organizational missions into cyberspace defense priorities. ARCYBER defends the Army’s mission threads by maneuvering forces and hardening networks. Beyond proactive mitigation, the logistics enterprise must be prepared to “fight through” or bypass disruptions that penetrate defenses, ensuring mission success even in contested environments.

Nov. 28, 2025

Toward a Global Framework for Cyber Threat Intelligence Sharing

Establishing a trusted global framework for cyber threat intelligence (CTI) sharing is essential to collective cyber resilience, deterrence, and defense. The lack of a global framework for CTI sharing hampers timely prevention of, and response to, cyberattacks. Governments, allies, and the private sector must collaborate across borders to establish secure, standardized, and legally compliant mechanisms for CTI exchange. Policy disparities and resistance to change remain key obstacles. This article examines essential elements of effective CTI sharing—data security with validation, anonymization, and authorization—and proposes trust-based practices that can be implemented within existing legal frameworks. As cyber threats grow in sophistication and complexity, routine, responsible CTI sharing must become a global norm. International and U.S. law permit such cooperation, enabling nations and organizations to enhance resilience, protect critical infrastructure, and strengthen collective defense. Transparent, trusted sharing not only improves cyber readiness but also projects power by enabling allies to deter adversaries and deny them the element of surprise.

Nov. 28, 2025

Ensuring the Cyber Resilience of Critical Infrastructure Serving Domestic Military Installations: Questions for Senior Leadership

Department of War (DoW) installations in the United States are heavily dependent for electricity, natural gas, drinking water and wastewater treatment, telecommunications, and rail transportation on critical infrastructure owned and operated by contractors, whether inside or outside the fence. The availability of these services is controlled by operational technology (OT) that is uniquely vulnerable to cyberattack. The regulatory structure for U.S. critical infrastructure cybersecurity is spotty, with jurisdiction divided among federal, state, and local governments. Assets inside-the-fence fall outside the utility regulatory structure entirely. DoW can use its procurement power, through contract clauses or requirements, to improve the cybersecurity of the OT in the critical infrastructures it depends on. However, there is no contract clause for the OT of utilities outside the fence, and the standard that DoW currently relies on for utilities inside the fence was not designed for OT. Key questions need to be addressed by senior leadership, beginning with a survey of the OT of utilities to identify internet-capable products or configurations, the presence of China-made equipment, and the use of OT devices with known security vulnerabilities. The DoW needs to accelerate the development of contract clauses or requirements that specify a set of prioritized controls for OT.

Nov. 28, 2025

Voices from Cyber Yankee: Lessons for Strengthening Critical Infrastructure Cyber Protection

Cyberattacks on critical infrastructure increasingly threaten national security, public safety, and economic stability. This commentary analyzes Cyber Yankee—a regional, multi-agency cyber exercise in New England (United States)—as a model exercise for the U.S. Department of War (DoW) and its partners. Drawing on perspectives from senior military and National Guard leaders, it traces the evolution of the exercise since 2014 and examines its distinctive integration of utilities and operational technology (OT) operators through a collaborative Blue–Orange Team format. The paper situates Cyber Yankee within the broader cyber Unified Coordination Group (UCG) framework and identifies opportunities to adapt its principles for active-duty operations under the Defense Support of Civil Authorities (DSCA) model. Findings highlight the enduring value of long-term public–private partnerships, the cultivation of trust and interoperability before crises, and the replicability of the UCG model for coordinated cyber response. The commentary concludes with recommendations to enhance readiness nationwide, including deeper engagement with critical-infrastructure operators in exercise design, routine practice of Request for Support and Cyber 9-Line processes, expanded OT- and ICS-focused training for Guard cyber teams, alignment of these skills within Joint Qualification Records, and the development of flexible, modular response packages that reflect real-world incident needs.

Nov. 28, 2025

Preparedness Wargaming for Critical Infrastructure Resilience: Taiwan Digital Blockade Wargame

For any developed country, the stable conduct of life for citizens, economies, and militaries—and the capacity to govern—depends on regular access to data and communications. This reliance makes communications and data flows a strategic target, not only for criminals but also for adversaries seeking geopolitical advantage. Defending against such threats is difficult because communication infrastructures are complex, interdependent systems with no single point of control. Addressing this challenge requires militaries, governments, and the private sector to coordinate and plan for attacks and conflict in the cyber domain. This article presents the Taiwan Digital Blockade Wargame, a scenario-based exercise designed to explore ways to improve the resilience of Taiwan’s information and communications technology (ICT) infrastructure in the event of a conflict with the People’s Republic of China (PRC). The wargame intends to identify overlapping opportunities that militaries, industry, and policymakers could jointly implement to enhance cyber defense and societal resilience during conflict. Methodologically, the paper contributes to the emerging practice of “preparedness wargaming," a form of critical infrastructure game that moves beyond diagnosing weaknesses to generating actionable solutions for resilience and defense. By framing wargaming as a generative research method, we show how structured gameplay and facilitated dialogue can surface novel, cross-sectoral strategies not apparent to any single actor. The article reports on the game design, process, and key recommendations, and argues that such generative wargames offer a promising tool for anticipating and mitigating complex, interdependent cyber disruptions in an era of increasing geopolitical tension.

Nov. 28, 2025

Access Denied and Sector Down: Introducing Resilience Games for Critical Infrastructure Preparedness

Critical infrastructure (CI) organizations increasingly face disruptions that cascade across interdependent systems. Preparing for this fact requires thorough training, yet many existing training methods, especially tabletop exercises, are too resource-intensive, classified, or narrowly scoped to prepare diverse civilian and military stakeholders effectively. To address this gap, we introduce resilience games, a form of serious gaming with wargaming elements. First, we present the JV4.0 technical framework, the latest iteration of the U.S. Army Cyber Institute’s Jack Voltaic series, an open-source, modular architecture for creating, running, and adapting such games. Second, we demonstrate Access Denied and Sector Down as two implementations of the framework. Access Denied is an entry-level, non-technical card game focused on incident recognition and communication. Sector Down is a cross-sector game that trains CI decision-makers to sustain essential functions under cascading attrition. We describe gameplay mechanics, alignment with practitioner taxonomies (e.g., CISA lifelines, MITRE ATT&CK/ICS, D3FEND), and insights from formative playtesting across military, academic and public venues. We conclude by outlining next steps for empirical evaluation and policy integration. The aim is to provide a scalable, accessible tool to help Department of War installations and civilian communities prepare for disruptions ranging from cyberattacks to extreme weather events.

Nov. 28, 2025

Strengthening Cyber Resilience by Building Critical Infrastructure Communities: the C-CIC Pilot Study

Community resilience is crucial in addressing cyber threats to critical infrastructure, as these threats are often complex and require a multi-layered approach. In this paper, we explore how practices used to build trust and mutual support in face-to-face communities can be adapted to strengthen cyber resilience. Specifically, we apply the idea of community resilience as an effective response to cyber threats by examining the importance of building trust and social capital and discussing lessons learned from a pilot project designed to establish an intentional online cyber critical infrastructure community (C-CIC) in the metro Atlanta area. By analyzing the interplay of technological affordances, social norms, and individual behaviors, this research offers a deeper understanding of how trust shapes the structure and function of resilient cyber community ecosystems. Based on lessons learned from the Atlanta C-CIC pilot, the paper concludes with recommendations for building effective intentional online cyber critical infrastructure communities.

Nov. 28, 2025

A Human-AI Teaming Approach to Closing the Talent Gap in Critical Infrastructure

Many critical infrastructure sectors are facing significant talent gaps among their workforce. The Industrial Internet of Things revolution has introduced new technologies and requirements for workers to understand while continuing to perform the duties for which they were hired, and the introduction of these data-driven technologies has concurrently created the need for new team roles with their own sets of capabilities. One possible solution for overcoming these talent gaps is the integration of artificially intelligent teammates. Research suggests human-AI teaming could potentially offload tedious, repetitive, or dangerous human work and accomplish tasks that, while difficult for a human to complete, cater well to what computers do best. This paper proposes a simple 3-steps guiding framework for teams in critical infrastructure organizations to determine a) the gaps on their team, by distinguishing between gaps caused by insufficient personnel (capacity) and those driven by new technological demands (capability), b) which roles are well-suited for an AI teammate, based on the match between task demands and AI capabilities, and c) the human-centered design considerations, including presence, explainability, autonomy management, and ethical alignment, that are essential to its integration as an effective teammate.