March 19, 2026

Protecting Energy Systems for Power Projection: The Promise and Peril of AI for Cyber Early Warning Systems

Military power projection depends on resilient energy infrastructure, yet the grids supporting the United States and allied forces are increasingly vulnerable to cyberattacks. This article examines how intrusions against national power systems and on-base microgrids threaten operational continuity. Through illustrative case studies of Germany, Japan, and the United States, it identifies recurring weaknesses in both legacy and modern grid architectures and demonstrates the insufficiency of current defensive measures. As a solution, the paper evaluates the use of Large Language Models (LLMs) for a more adaptive cyber early warning system (CEWS). Drawing on experiments from the NATO Systems Analysis and Studies (SAS-183) project, it presents findings from tests using LLMs to analyze real-world energy-system data. The results confirm that Artificial Intelligence (AI) can significantly improve anomaly detection and threat contextualization. However, the article cautions that without secure, human-supervised architectures, these same systems introduce risks of high-consequence false positives and adversarial manipulation. Ultimately, this research concludes that AI enhances energy resilience only when its computational speed is balanced by disciplined human judgment.

March 17, 2026

Trust After the Fight: Long-Horizon Cyber Risk in Occupational and Environmental Health Surveillance

Cyber defense literature has focused primarily on threats measured within operational timeframes, such as data breaches, system outages, and denial-of-service attacks. This commentary identifies a distinct failure mode that operates on a longer horizon. Occupational and environmental health surveillance exists to document potential exposures during military operations and preserve information for health risk assessments that may not occur for years or decades afterwards. As the U.S. military transitions toward data-centric, mesh-based operational architectures optimized for speed and decision advantage, surveillance data increasingly depends on information systems designed for near-term utility rather than long-horizon accountability. This mismatch introduces vulnerabilities not through data compromise, but through erosion of data provenance, contextual fidelity, and analytic explainability. These are epistemic failure modes distinct from the traditional confidentiality, integrity, and availability triad. Drawing on the author's experience as a deployed medical detachment commander and subsequent engagement with veteran exposure accountability, this commentary examines occupational and environmental health surveillance as a case study in long-horizon cyber risk. It argues that preserving defensible uncertainty, the documented and bounded acknowledgment of what is known and what cannot be resolved, is an emerging obligation for cyber architects and data engineers. The commentary does not propose system redesigns or technical prescriptions. It reframes occupational and environmental health surveillance as a nontraditional but revealing cyber-reliant mission set and argues that the credibility of future institutions will depend in part on cyber design decisions made today.

March 13, 2026

Why Alignment Matters: Cyber Capabilities and Military Operational Schemes in All-Domain Operations

Cyber capabilities and operations properly aligned to a military’s operational scheme can provide commanders with additional ways to prevail in armed conflict. Leveraging the potential operational impact of cyber capabilities in all-domain operations requires policymakers and contingency planners to adopt an operational scheme framework as a first step. A military operational scheme indicates how a state plans to fight. The impact of various conventional military capabilities varies across such schemes as blitzkrieg, limited aims, attrition, and insurgency. The same holds for cyber means. When planning beforehand and assessing afterwards, alignment with an operational scheme is a key variable. Cyber capabilities and operations are not one-size-fits-all. This article offers a framework and illuminates the importance of alignment or misalignment with a brief examination of how Russia employed cyber operations in Ukraine from 2015 through the opening weeks of its 2022 full-scale invasion. We conclude that poor alignment of cyber capabilities with Russia’s warfighting scheme limited the operational impact of cyber means.

Feb. 20, 2026

Toward Integrated Persistence: A Comparative Study of U.S., Australian, and Japanese Military Cyber Policy through Cyber Persistence Theory

This article analyzes the military cyber policies of the United States and its critical Indo-Pacific allies, Australia and Japan, through the lens of Cyber Persistence Theory (CPT), a framework that has increasingly informed U.S. military cyber operations. It examines the extent to which these three countries have aligned, or not, their military cyber laws and policies with CPT principles. To do so, the article synthesizes the core tenets of CPT into a parsimonious policy analysis framework and applies it comparatively to recent cyber legislation and policy documents in the United States, Australia, and Japan. The analysis shows that, across all three cases, momentum and scale remain underdeveloped, despite more uneven progress on other CPT criteria. U.S. and Australian cyber forces are generally empowered to seize operational initiative, while Japanese cyber forces, despite significant recent legislative reforms, remain more constrained in practice. The U.S. has articulated cyberspace as a distinct military domain at the doctrinal level, whereas Australia and Japan continue to embed cyber operations primarily within conventional deterrence and kinetic domain frameworks. The article concludes by critically assessing current U.S. approaches to allied cyber operations in the Indo-Pacific. It proposes the concept of ‘integrated persistence’ as a policy-level alternative to integrated deterrence, aimed at strengthening CPT-consistent coordination across allied defense systems.

Jan. 27, 2026

Why Culture Matters: Organizational Culture and Force Generation for the Cyber Domain

Public discourse about the potential for a new organization, a United States Cyber Force, reflects a growing consensus that significant organizational change is required to meet the U.S. military’s current and future challenges in cyberspace. However, much of the discussion takes a mechanistic perspective, centering around restructuring cyber teams, creating new organizations, changing authorities, creating new policies, and so on. This perspective is important but it is insufficient. Culture matters. Organizations ignore culture at their peril. This paper focuses on how service culture has shaped the U.S. Army’s experiences with cyberspace as a case study to illustrate why culture must be considered in any organizational approach to how the U.S. generates cyber forces and conducts cyberspace operations. If the U.S. does not get organizational culture "right", no amount of organizational change will be effective in addressing its force generation challenges.

Jan. 27, 2026

Erratum

Erratum to: “Why Culture Matters: Organizational Culture and Force Generation for the Cyber Domain,” The Cyber Defense Review, Volume 10, Issue 3 (2025). Following publication, a correction to the list of authors was requested for the above-mentioned article. This erratum records the updated authorship information. The correct list of authors is as follows: John Fernandes, Erica D. Lonergan, Alexander Master. This correction concerns only the authorship attribution. The content, analysis, and conclusions of the article remain unchanged. The online version of the article has been updated accordingly.

Jan. 16, 2026

Defeating the Cyber Invasion with a National Cyber Force

The revelation of China-sponsored Typhoon cyberattacks against critical infrastructure signals an escalation of threat facing the United States. The scope of adversarial penetration and nature of these attacks—including malware inserted into thousands of computers—constitutes nothing less than a cyber invasion. Currently, the United States Government (USG) lacks unity of effort and comprehensive resources to deter and defeat such determined adversaries. Countering this cyber invasion requires a transformed national cyber force model, one that seamlessly integrates capabilities and expertise from America’s civilian cyber workforce. To achieve this, the authors recommend five specific actions: 1) establish an Integrated Cyber Provider Corps (ICPC) of cybersecurity and cloud service providers under the National Cyber Director (NCD) to scale active cyber defense for critical infrastructure; 2) create a national lab cyber cohort of experts from research centers and national laboratories to provide technical direction and support for cyber defense and offensive planning; 3) expand cyber capabilities of the National Reserve Force and utilize them more frequently to bridge federal and state coordination gaps; 4) establish a civilian cyber reserve force to leverage private sector expertise and resources to increase domestic cybersecurity capacity; and 5) develop regional resilience districts comprised of private critical infrastructure owners and operators, and their federal, state, and local government agency partners, to ensure continuity and build resilience of critical national defense and commerce hubs.

Dec. 31, 2025

What Comes Next? Alternative Futures for U.S. Cyber Forces; Introduction to Volume 10 Issue 3

U.S. Cyber Command was born to fix a failure. In 2008, the U.S. military failed to detect Buckshot Yankee, a breach of its classified network. In response, Secretary of Defense Robert Gates tasked General Keith Alexander at the National Security Agency to establish and lead USCYBERCOM (Gates 2009). Since then, the Command has grown in size, authority, and autonomy. Its Cyber Mission Force achieved full operational capacity in 2018 and, shortly thereafter, the president delegated additional authorities to USCYBERCOM through the Secretary of Defense (CRS 2025). Congress has also increased its resources, given it greater control over budget and acquisitions, and expanded its freedom of action to conduct offensive and defensive cyberspace operations...

Dec. 31, 2025

Answer This Before Changing U.S. Cyber Command or Adding a Cyber Service

As debate intensifies over reorganizing U.S. Cyber Command (USCYBERCOM) or establishing a separate military cyber service, this senior leader perspective argues that structural change should not precede rigorous problem definition and analysis. Drawing on extensive experience commanding joint cyber and intelligence organizations, the author contends that current discussions risk focusing on organizational form rather than mission clarity, readiness baselines, and resource alignment. The article examines unresolved questions about what constitutes “cyber” within the Joint Force, how cyber capabilities are integrated across domains, and how readiness should be measured in a force engaged in continuous competition. It highlights gaps in data regarding manning, training pipelines, and force-generation overhead, cautioning against reorganization without evidence-based assessment. The piece proposes a disciplined, data-driven framework to evaluate mission requirements, readiness, and force design before pursuing major institutional change. It concludes that meaningful improvement in U.S. cyber operational effectiveness depends on answering fundamental questions first—rather than accepting years of disruption from premature structural reform.

Dec. 31, 2025

A New Cyber Service is Not the Answer

Debate over establishing a separate U.S. military Cyber Service has intensified as cyber threats grow in scale, speed, and strategic impact. Drawing on decades of senior leadership experience and recent operational reforms, this Senior Leader Perspective argues that creating a new Cyber Service would be costly, slow, and counterproductive. Instead, it contends that U.S. Cyber Command (USCYBERCOM) already possesses—and is now expanding—the authorities necessary to organize, train, equip, and employ cyber forces effectively. The article explains why cyberspace differs fundamentally from traditional warfighting domains, requiring joint integration across all services rather than separation into a standalone bureaucracy. It assesses recent gains in manning, training authority, acquisition flexibility, and operational readiness, and warns that a new Service would duplicate functions, disrupt momentum, and divert scarce talent and resources. The piece concludes that empowering USCYBERCOM to fully execute its existing authorities is the fastest, least risky, and most effective path to maintaining cyber superiority in an era of persistent conflict.