Dec. 31, 2025

U.S. Cyber Command Evolution and the Increasing Role of the Private Sector

The United States must effectively leverage all its capabilities to prepare for and prosecute conflicts with a cyber dimension. Both U.S. Cyber Command (USCYBERCOM) and the private sector play crucial roles. However, their efforts remain largely uncoordinated due to limits in traditional approaches to private-sector collaboration. This paper advocates establishing collaboration mechanisms to increase the effectiveness of both USCYBERCOM and the private sector, improving cyber defense at home and in support of friends and allies. Examples such as the Cyber Defense Assistance Collaborative (CDAC) illustrate how both general capacity building and targeted defense assistance are increasingly led by private companies. Key contexts in Europe and Asia highlight the need for deeper private-sector involvement. Numerous current and potential cyber conflict scenarios show where private actors can offer more effective support through intelligence, defensive capabilities, and training that can supplement or sometimes surpass military cyber operations. We conclude that USCYBERCOM should work more directly with the private sector. We propose establishing a Cyber Command Private Sector Collaboration Center (CCPSCC) to enable consistent blue-force tracking across government and private activities; coordinated threat hunting; and improved operations centers supporting cyber defense in conflict.

Dec. 31, 2025

Evaluating Alternative Models for Organizing U.S. Cyber Forces

Despite the significant investment of attention and resources, the Pentagon and armed services continue to struggle to find, train, and retain the cyber personnel needed for great power competition. The 2025 National Defense Authorization Act directs an evaluation of alternative organizational models for U.S. cyber forces. Traditional models for military force generation, including special operations, have received significant attention. However, Congress also requires an assessment of alternative organizational models that could prove to be more effective. This article seeks to do so, challenging common assumptions about which organizational models are most relevant and instructive. In particular, we explore alternative models for cyber force generation that include the Uniformed Health Services, Defense Combat Support Agencies, Department of Defense specialized career paths, and private-sector workforce development. We assess each alternative in terms of its applicability, limitations, lessons for force generation, and potential to inform the dominant models in the current debate—namely the status quo, a special operations (SOCOM) model, or a separate cyber force.

Dec. 31, 2025

Built for Land, Not Cyber

Despite a decade of reform and Congressional intervention, the military services continue to struggle to meet the operational requirements of cyberspace. Informed by my experience in both traditional Army and cyber units, this article argues that the root of the problem lies not in neglect or leadership resistance alone, but more prominently in structural misalignment. The services are optimized for their physical domains of warfare, not for the characteristics of cyberspace. My analysis utilizes Clayton Christensen’s Resources, Processes, and Values (RPV) framework to examine constraints on how the Army generates cyber forces. Although suitable for land warfare, the Army’s RPV is ill-suited to a domain characterized by interconnectedness, constant contact, dynamic terrain, and dual character as both weapon and battlespace. I highlight the friction that arises when an organization built for one domain is asked to generate forces for a different domain. Consequently, rather than continuously retrofitting existing services, I argue that the United States should establish a dedicated cyber service designed to maximize the unique capabilities inherent to the digital domain.

Dec. 31, 2025

Reclaiming the Cyber Domain: Revising U.S. Doctrine to Treat Cyberspace as Battlespace and Not a Function

Cyberspace has been formally recognized as a domain of warfare for over two decades, yet U.S. military doctrine and practice continue to treat it primarily as a cross-domain enabler rather than a battlespace of independent operational and strategic consequence. This paper argues that the prevailing doctrinal framing—cyber as a support function within joint operations—has hindered the development of operational art, force generation models, and integrated campaign design for cyberspace. The paper critiques the conceptual conflation of cyberspace with the information environment and with electromagnetic warfare; it also bridges doctrine with recent scholarship on whether cyberspace constitutes an operational domain. It proposes the adoption of new doctrinal concepts, such as cyberspace control operations, as a foundation for differentiating cyberspace as battlespace rather than a supporting function. The paper highlights the risk of sustaining the supporting-role mindset in an era when adversaries, such as the PRC, employ cyberspace operations as primary tools for competition and deterrence. By clarifying the doctrinal vocabulary and contrasting U.S. practice with the approaches of its adversaries, this paper offers a framework for treating cyberspace as a true domain of warfighting in its own right.

Dec. 31, 2025

Breaking the "Cyber" Cage: Reinventing Cyber Command for Great Systems Conflict

In an era of escalating and pervasive digital conflict, this paper argues that the U.S. Cyber Command must be updated in its remit, reputation, and structure. In order to effectively match the changing global distribution of power and capabilities, especially with the rise of China, the Command’s mission space should expand well beyond the "cyber" designation and constraints. Its broader mandate must encompass and employ the entire spectrum of advanced technologies from artificial intelligence and robotics to quantum computing. The renewed organization also needs to directly manage the intake and development of a robust digital talent pipeline for the needs of its own operations and those of the traditional services. Such restructuring and rebranding (potentially as a Digital Vanguard Command or a Cyber, Robotics, and Information Systems Command) places the organization as the central hub of advanced and comprehensive digital warfighting. By reinventing itself, in its publicly acknowledged function and in an expanded structure, U.S. Cyber Command can break out of the conceptual cage of a dated “cyber” identity, attract talent and enthusiasm for service, and more effectively bolster U.S. analytic superiority, operational effectiveness, deterrence, and systemic resilience in the turbulence of the mid-21st century’s technology-driven Great Systems Conflict.

Dec. 31, 2025

Bring Cyber to the Tactical Edge: The Case for Decommissioning USCYBERCOM

Public debates over the creation of a separate Cyber Force service, along with directives to expand the role of U.S. Cyber Command (USCYBERCOM), raise an opportunity to examine the control of cyber operations in a high-intensity war between technological near-peers. Fighting such a war effectively would require high-speed decisions within a contested electromagnetic environment. Sensors, satellites, networks, and long-haul communications would be continuously under attack. In addition to electronic warfare, the use of anti-satellite weapons should be expected. Data transmission between forward operational units—particularly strike groups at sea—and the rear area headquarters of the Combatant Commands (COCOMs) would be, at best, narrow-band and intermittent. So would cyber support operations emanating from Ft. Meade, with USCYBERCOM-controlled operations confined to strategic-level attacks (and defense). Tactical units may be left to their own devices when integrating kinetic and non-kinetic operations against enemy forces. These possibilities argue for moving cyber warfare capabilities out to the tactical edge—to strike groups, Army divisions, Marine expeditionary units (MEU), and expeditionary air forces. There, they can be directly applied to engaging enemy combat networks and, especially, operational technology (OT)—perhaps the most vulnerable and least protected cyber-enabled systems. The article examines whether the current USCYBERCOM structure as an independent COCOM should be ‘decommissioned’ and its components ‘recommissioned’ under the command of the regional COCOMs, with the Cyber National Mission Force under either U.S. Strategic Command (USSTRATCOM) or U.S. Special Operations Command (USSOCOM).

Dec. 31, 2025

Reform or Replace: The Strategic Dilemma of U.S. Cyber Forces

The essays in this volume collectively address a wide range of questions related to the debate about force generation and employment in cyberspace. Among the authors, there is a near-universal consensus that the status quo could—and should—be improved in meaningful ways. The overarching sentiment that major changes are needed is widely shared. However, the diagnosis of the problem and the remedies offered vary dramatically.

Dec. 2, 2025

Cyber Resilience and Power Projection: Introduction to Volume 10 Issue 2

The assumption that the United States homeland is a sanctuary from attack no longer holds. Americans now depend so deeply on cyber-enabled IT and OT systems that rivals—whether strong or weak—can reach directly into the infrastructures that support U.S. military power and social stability. What once appeared to be distant “away-game” contests now routinely materialize at home: within the systems of military installations, logistics networks that sustain readiness, and civilian systems on which mobilization depends. These intrusions do not resemble declared hostilities. Instead, they unfold as hybrid campaigns marked by ambiguity: state-directed actors working through criminal proxies, covert exploitation disguised as routine network activity, and operations deliberately crafted to obscure attribution and intent...

Dec. 2, 2025

Widening the Aperture: A Global Perspective on Cyber Resilience of Critical Infrastructure

The cyber defense of critical infrastructure is a national security imperative. The articles in this special issue of The Cyber Defense Review focus on cyber resilience and examine its role in enabling global power projection. Adversaries actively target, and have successfully infiltrated, the information technology (IT) and operational technology (OT) systems that underpin all sectors of critical infrastructure. In the United States, Presidential Policy Directive 21, issued in 2013, emphasized the importance of resilience—the ability of critical systems to recover quickly from threats ranging from cyberattacks to natural disasters. It identified sixteen sectors whose assets are considered so vital that their incapacitation would have "a debilitating effect on security, national economic security, national public health or safety." The directive's core tenets still underscore modern approaches to building resilience: unity of effort across levels of government and between sectors, risk-based management of vulnerabilities, and effective cross-border information sharing. Critical infrastructure is a fundamental necessity for sustaining human health and safety; defending it against adversaries who play by different rules requires "whole of society" strategies and carefully engineered defenses that draw from multiple disciplines...

Nov. 28, 2025

Resilient Dependencies: Preparing to Fight Through Cyber Disruption

In a volatile threat environment, the Army’s readiness and ability to execute missions at home and abroad increasingly hinge on digital dependencies spanning commercial software, IT/OT infrastructure, utilities, and the organic industrial base. This opener frames a cohesive approach to mission thread resilience across the Unified Network, emphasizing three imperatives: partner early and often with program managers, vendors, contractors, and local utilities to rehearse crisis response and establish shared understanding; procure secure by design capabilities with transparent vulnerability disclosure and rapid patching; and make data informed, commander owned risk decisions that enable formations to “fight through” disruption. Drawing lessons from the Army Cyber Institute’s Jack Voltaic workshops and the inaugural Army Defensive Cyberspace Operations Optimization Conference, the article illustrates how civil military interdependencies can cascade and how rehearsals reveal hidden assumptions. A “fort to port” vignette, where a cyber compromise of national rail switching triggers operational delays, shows the value of synchronized public-private response, near real-time operational data, and flexible branches and sequels. The piece calls for acquisition leaders to weigh vendor track records on zero days and patch latency, signals the need to report and coordinate through ARCYBER’s Information Warfare Operations Center and NETCOM’s Global Cyber Center, and argues for a whole-of-nation model akin to the Civil Reserve Air Fleet to surge cyber resilience. Ultimately, it celebrates the tenacity of signal and cyber professionals and invites continued thought leadership that prevents strategic surprise in cyberspace while transforming how the Army teams, trains, and fights in and through a contested homeland.