Dec. 2, 2025

Widening the Aperture: A Global Perspective on Cyber Resilience of Critical Infrastructure

The cyber defense of critical infrastructure is a national security imperative. The articles in this special issue of The Cyber Defense Review focus on cyber resilience and examine its role in enabling global power projection. Adversaries actively target, and have successfully infiltrated, the information technology (IT) and operational technology (OT) systems that underpin all sectors of critical infrastructure. In the United States, Presidential Policy Directive 21, issued in 2013, emphasized the importance of resilience—the ability of critical systems to recover quickly from threats ranging from cyberattacks to natural disasters. It identified sixteen sectors whose assets are considered so vital that their incapacitation would have "a debilitating effect on security, national economic security, national public health or safety." The directive's core tenets still underscore modern approaches to building resilience: unity of effort across levels of government and between sectors, risk-based management of vulnerabilities, and effective cross-border information sharing. Critical infrastructure is a fundamental necessity for sustaining human health and safety; defending it against adversaries who play by different rules requires "whole of society" strategies and carefully engineered defenses that draw from multiple disciplines...

Nov. 28, 2025

Resilient Dependencies: Preparing to Fight Through Cyber Disruption

In a volatile threat environment, the Army’s readiness and ability to execute missions at home and abroad increasingly hinge on digital dependencies spanning commercial software, IT/OT infrastructure, utilities, and the organic industrial base. This opener frames a cohesive approach to mission thread resilience across the Unified Network, emphasizing three imperatives: partner early and often with program managers, vendors, contractors, and local utilities to rehearse crisis response and establish shared understanding; procure secure by design capabilities with transparent vulnerability disclosure and rapid patching; and make data informed, commander owned risk decisions that enable formations to “fight through” disruption. Drawing lessons from the Army Cyber Institute’s Jack Voltaic workshops and the inaugural Army Defensive Cyberspace Operations Optimization Conference, the article illustrates how civil military interdependencies can cascade and how rehearsals reveal hidden assumptions. A “fort to port” vignette, where a cyber compromise of national rail switching triggers operational delays, shows the value of synchronized public-private response, near real-time operational data, and flexible branches and sequels. The piece calls for acquisition leaders to weigh vendor track records on zero days and patch latency, signals the need to report and coordinate through ARCYBER’s Information Warfare Operations Center and NETCOM’s Global Cyber Center, and argues for a whole-of-nation model akin to the Civil Reserve Air Fleet to surge cyber resilience. Ultimately, it celebrates the tenacity of signal and cyber professionals and invites continued thought leadership that prevents strategic surprise in cyberspace while transforming how the Army teams, trains, and fights in and through a contested homeland.

Nov. 28, 2025

Beyond the Fence Line: Operationalizing Civil-Military Cyber Coordination at U.S. Military Installations

U.S. military power projection increasingly depends on civilian critical infrastructure outside Department of War (DoW) control. Recent cyber campaigns—including China’s Volt Typhoon pre-positioning in energy grids, water systems, and transportation networks—have systematically targeted the “civil-military seam” where DoW authority ends but operational dependencies continue. Federal-state-local coordination architecture is inadequate to defend this seam. Military installations often depend on state-regulated utilities, locally-managed water systems, and privately-operated transportation networks, yet lack formalized coordination mechanisms with these entities. Resource constraints at state and local levels, jurisdictional fragmentation, and classification barriers preventing information sharing leave installations vulnerable to disruption of surrounding civilian infrastructure. DoW’s December 2024 directive requiring installations to coordinate “beyond the fence line” with state and local governments acknowledges this challenge but lacks an implementation framework. This article proposes operationalizing military installations as regional cyber resilience coordination nodes, or “seeds,” from which federal-state-local partnerships develop.

Nov. 28, 2025

Defending Health Security: Securing Healthcare Infrastructure against Ransomware

Ransomware attacks pose a significant threat to the United States, particularly when they target the healthcare sector. State-affiliated and cybercriminal groups exploit vulnerabilities across healthcare networks, supply chains, and software systems, causing financial and operational disruptions and undermining national security. These incidents are increasing in frequency, sophistication, and impact, signaling a deepening cybersecurity crisis. Healthcare remains a prime target due to its reliance on interconnected legacy systems, weak cybersecurity baselines, sensitive patient data, and the need to maintain continuity of care. Large-scale breaches, such as the Change Healthcare incident, underscore ransomware’s devastating implications for public health and safety. This paper introduces cyber health security theory, extending the notion of human security into the cyber domain. It posits that the integrity of health systems, data, and care is foundational to national security. Attacks on healthcare infrastructure are direct assaults on sector resilience and individual well-being, with cascading effects on economic and societal stability, and strategic power. Drawing on three case studies and related mitigation strategies, this analysis highlights the urgent need for stronger cybersecurity measures, public-private collaboration, and targeted policy reforms. Strengthening cyber resilience in healthcare is a national security imperative for protecting citizens and preserving societal stability.

Nov. 28, 2025

Autonomous Vehicles in Critical Infrastructure: Technologies, Vulnerabilities, and Implications

Autonomous vehicles (AVs) are quickly emerging as a critical component of the Transportation Systems Sector (TSS), one of the essential infrastructure sectors designated by the Department of Homeland Security (DHS). While autonomy is not a new concept, advancements in artificial intelligence (AI), real-time data processing, and sensor fusion have accelerated the deployment of AV technology in both military and commercial civilian sectors. These technologies enable AVs to operate with varying levels of autonomy but also introduce significant cybersecurity, legal, and ethical challenges. As AV integration into critical infrastructure scales and military reliance on interconnected autonomous systems grows, ensuring cyber and operational resilience becomes a national security imperative to guard against cyber-physical threats. This article explores the technological foundation of AVs, their military and commercial applications, and the cybersecurity risks impeding safe deployment. We examine specific frameworks, such as the commercial SAE autonomy levels (1-5) and military adaptations like the Robotic Combat Vehicle (RCV) program, alongside key cybersecurity threats, including remote hacking, GPS spoofing, and Denial-of-Service (DoS) attacks. This analysis highlights the immense potential and inherent vulnerabilities of AV technology as it becomes more deeply integrated into civilian and military systems. The paper concludes by addressing critical cybersecurity measures, including strong encryption and AI model training, to mitigate these risks and enhance AV security in commercial and defense applications.

Nov. 28, 2025

Pulling the Thread: A Campaign Approach to Mission Thread Defense of Force Projection

The U.S. military’s ability to rapidly project power around the globe is a cornerstone of American defense strategy, and adversaries leverage denial strategies across domains to disrupt this capability. Recent cyberspace exploitation campaigns have infiltrated U.S. critical infrastructure, raising concerns about the military’s ability to project decisive force during crises. Increasing cyber resilience for force projection requires transitioning from an asset-focused approach to a more proactive, mission-driven approach for defensive cyberspace operations (DCO). U.S. Army Cyber Command (ARCYBER) is implementing a campaign approach to address the cross-organizational challenge of increasing cyber resilience by leveraging partnerships to facilitate collaboration, leading the process of identifying critical systems, and producing plans to align requirements with resources. ARCYBER works closely with the Total Army (Active, Guard, and Reserve) and Joint and Interagency partners to promote effective collaboration, providing a common framework to translate organizational missions into cyberspace defense priorities. ARCYBER defends the Army’s mission threads by maneuvering forces and hardening networks. Beyond proactive mitigation, the logistics enterprise must be prepared to “fight through” or bypass disruptions that penetrate defenses, ensuring mission success even in contested environments.

Nov. 28, 2025

Toward a Global Framework for Cyber Threat Intelligence Sharing

Establishing a trusted global framework for cyber threat intelligence (CTI) sharing is essential to collective cyber resilience, deterrence, and defense. The lack of a global framework for CTI sharing hampers timely prevention of, and response to, cyberattacks. Governments, allies, and the private sector must collaborate across borders to establish secure, standardized, and legally compliant mechanisms for CTI exchange. Policy disparities and resistance to change remain key obstacles. This article examines essential elements of effective CTI sharing—data security with validation, anonymization, and authorization—and proposes trust-based practices that can be implemented within existing legal frameworks. As cyber threats grow in sophistication and complexity, routine, responsible CTI sharing must become a global norm. International and U.S. law permit such cooperation, enabling nations and organizations to enhance resilience, protect critical infrastructure, and strengthen collective defense. Transparent, trusted sharing not only improves cyber readiness but also projects power by enabling allies to deter adversaries and deny them the element of surprise.

Nov. 28, 2025

Ensuring the Cyber Resilience of Critical Infrastructure Serving Domestic Military Installations: Questions for Senior Leadership

Department of War (DoW) installations in the United States are heavily dependent for electricity, natural gas, drinking water and wastewater treatment, telecommunications, and rail transportation on critical infrastructure owned and operated by contractors, whether inside or outside the fence. The availability of these services is controlled by operational technology (OT) that is uniquely vulnerable to cyberattack. The regulatory structure for U.S. critical infrastructure cybersecurity is spotty, with jurisdiction divided among federal, state, and local governments. Assets inside-the-fence fall outside the utility regulatory structure entirely. DoW can use its procurement power, through contract clauses or requirements, to improve the cybersecurity of the OT in the critical infrastructures it depends on. However, there is no contract clause for the OT of utilities outside the fence, and the standard that DoW currently relies on for utilities inside the fence was not designed for OT. Key questions need to be addressed by senior leadership, beginning with a survey of the OT of utilities to identify internet-capable products or configurations, the presence of China-made equipment, and the use of OT devices with known security vulnerabilities. The DoW needs to accelerate the development of contract clauses or requirements that specify a set of prioritized controls for OT.

Nov. 28, 2025

Voices from Cyber Yankee: Lessons for Strengthening Critical Infrastructure Cyber Protection

Cyberattacks on critical infrastructure increasingly threaten national security, public safety, and economic stability. This commentary analyzes Cyber Yankee—a regional, multi-agency cyber exercise in New England (United States)—as a model exercise for the U.S. Department of War (DoW) and its partners. Drawing on perspectives from senior military and National Guard leaders, it traces the evolution of the exercise since 2014 and examines its distinctive integration of utilities and operational technology (OT) operators through a collaborative Blue–Orange Team format. The paper situates Cyber Yankee within the broader cyber Unified Coordination Group (UCG) framework and identifies opportunities to adapt its principles for active-duty operations under the Defense Support of Civil Authorities (DSCA) model. Findings highlight the enduring value of long-term public–private partnerships, the cultivation of trust and interoperability before crises, and the replicability of the UCG model for coordinated cyber response. The commentary concludes with recommendations to enhance readiness nationwide, including deeper engagement with critical-infrastructure operators in exercise design, routine practice of Request for Support and Cyber 9-Line processes, expanded OT- and ICS-focused training for Guard cyber teams, alignment of these skills within Joint Qualification Records, and the development of flexible, modular response packages that reflect real-world incident needs.

Nov. 28, 2025

Preparedness Wargaming for Critical Infrastructure Resilience: Taiwan Digital Blockade Wargame

For any developed country, the stable conduct of life for citizens, economies, and militaries—and the capacity to govern—depends on regular access to data and communications. This reliance makes communications and data flows a strategic target, not only for criminals but also for adversaries seeking geopolitical advantage. Defending against such threats is difficult because communication infrastructures are complex, interdependent systems with no single point of control. Addressing this challenge requires militaries, governments, and the private sector to coordinate and plan for attacks and conflict in the cyber domain. This article presents the Taiwan Digital Blockade Wargame, a scenario-based exercise designed to explore ways to improve the resilience of Taiwan’s information and communications technology (ICT) infrastructure in the event of a conflict with the People’s Republic of China (PRC). The wargame intends to identify overlapping opportunities that militaries, industry, and policymakers could jointly implement to enhance cyber defense and societal resilience during conflict. Methodologically, the paper contributes to the emerging practice of “preparedness wargaming," a form of critical infrastructure game that moves beyond diagnosing weaknesses to generating actionable solutions for resilience and defense. By framing wargaming as a generative research method, we show how structured gameplay and facilitated dialogue can surface novel, cross-sectoral strategies not apparent to any single actor. The article reports on the game design, process, and key recommendations, and argues that such generative wargames offer a promising tool for anticipating and mitigating complex, interdependent cyber disruptions in an era of increasing geopolitical tension.