Nov. 28, 2025

Access Denied and Sector Down: Introducing Resilience Games for Critical Infrastructure Preparedness

Critical infrastructure (CI) organizations increasingly face disruptions that cascade across interdependent systems. Preparing for this fact requires thorough training, yet many existing training methods, especially tabletop exercises, are too resource-intensive, classified, or narrowly scoped to prepare diverse civilian and military stakeholders effectively. To address this gap, we introduce resilience games, a form of serious gaming with wargaming elements. First, we present the JV4.0 technical framework, the latest iteration of the U.S. Army Cyber Institute’s Jack Voltaic series, an open-source, modular architecture for creating, running, and adapting such games. Second, we demonstrate Access Denied and Sector Down as two implementations of the framework. Access Denied is an entry-level, non-technical card game focused on incident recognition and communication. Sector Down is a cross-sector game that trains CI decision-makers to sustain essential functions under cascading attrition. We describe gameplay mechanics, alignment with practitioner taxonomies (e.g., CISA lifelines, MITRE ATT&CK/ICS, D3FEND), and insights from formative playtesting across military, academic and public venues. We conclude by outlining next steps for empirical evaluation and policy integration. The aim is to provide a scalable, accessible tool to help Department of War installations and civilian communities prepare for disruptions ranging from cyberattacks to extreme weather events.

Nov. 28, 2025

Strengthening Cyber Resilience by Building Critical Infrastructure Communities: the C-CIC Pilot Study

Community resilience is crucial in addressing cyber threats to critical infrastructure, as these threats are often complex and require a multi-layered approach. In this paper, we explore how practices used to build trust and mutual support in face-to-face communities can be adapted to strengthen cyber resilience. Specifically, we apply the idea of community resilience as an effective response to cyber threats by examining the importance of building trust and social capital and discussing lessons learned from a pilot project designed to establish an intentional online cyber critical infrastructure community (C-CIC) in the metro Atlanta area. By analyzing the interplay of technological affordances, social norms, and individual behaviors, this research offers a deeper understanding of how trust shapes the structure and function of resilient cyber community ecosystems. Based on lessons learned from the Atlanta C-CIC pilot, the paper concludes with recommendations for building effective intentional online cyber critical infrastructure communities.

Nov. 28, 2025

A Human-AI Teaming Approach to Closing the Talent Gap in Critical Infrastructure

Many critical infrastructure sectors are facing significant talent gaps among their workforce. The Industrial Internet of Things revolution has introduced new technologies and requirements for workers to understand while continuing to perform the duties for which they were hired, and the introduction of these data-driven technologies has concurrently created the need for new team roles with their own sets of capabilities. One possible solution for overcoming these talent gaps is the integration of artificially intelligent teammates. Research suggests human-AI teaming could potentially offload tedious, repetitive, or dangerous human work and accomplish tasks that, while difficult for a human to complete, cater well to what computers do best. This paper proposes a simple 3-steps guiding framework for teams in critical infrastructure organizations to determine a) the gaps on their team, by distinguishing between gaps caused by insufficient personnel (capacity) and those driven by new technological demands (capability), b) which roles are well-suited for an AI teammate, based on the match between task demands and AI capabilities, and c) the human-centered design considerations, including presence, explainability, autonomy management, and ethical alignment, that are essential to its integration as an effective teammate.

Nov. 28, 2025

Protecting Communities while Training Future Cybersecurity Professionals: Lessons from the Consortium of Cybersecurity Clinics

Communities across the United States and globally are increasingly vulnerable to cyberattacks targeting critical infrastructure, nonprofits, and other trusted institutions. In response, a national consortium of universities and community colleges has established cybersecurity clinics to address this challenge through an innovative, action-oriented approach. This article explores the role of clinical education not only in training cybersecurity professionals, but also in scaling the development of clinics to improve the security posture of critical infrastructure providers. By integrating classroom instruction, hands-on practice, direct client interaction, and close supervision, clinics can bridge the gap between theory and practice, enhancing public sector cyber resilience while having institutions of higher education meet their larger social obligations. Case studies from the consortium of cybersecurity clinics—including those at Indiana University, MIT, and UC Berkeley—illustrate the role these clinics have already played in supporting critical infrastructure and advancing national cyber resilience efforts. Furthermore, we examine the clinics’ role in promoting change and improvement in cyber culture within a wide range of government and non-governmental organizations. This work provides a foundation for the continued expansion of cybersecurity clinics as a model for national cyber resilience, offering key insights into ways of strengthening cyber defenses and protecting critical infrastructure.

Aug. 26, 2025

Forging the Future of Cyber Defense in an Era of Change and Uncertainty: Introduction to Volume 10 Issue 1

The need for agile thinking, strategic clarity, and resilient infrastructures in the cyber domain has never been greater. This issue of The Cyber Defense Review brings together timely insights from senior military leaders, policy analysts, legal scholars, and emerging voices, each viewing through a unique lens the challenges and opportunities shaping the future of cyber defense. As the famous football coach Bill Walsh said, “if we are all thinking alike, then no one is thinking.”

Aug. 25, 2025

Lights Out: What Hurricanes Reveal about Cyberattacks and Blackouts

It is time to critically reassess the fear that a hostile state will launch a cyberattack on energy infrastructure to plunge a society into darkness and civil unrest. Not only has it never happened, but the component parts of the chain required in such a scenario are fragile. A lot must go wrong for an effort of that kind to achieve even partial success. This article offers an original contribution by examining the risk of cyberattack against the energy grid as a driver of civil unrest. In the absence of direct historical precedents, the analysis draws on adjacent cases from blackouts unrelated to cyberattacks to assess the potential societal impact of mass outages. While energy infrastructure remains a frequent target for cyberattacks, the existing security architecture has largely held, provided it continues to adapt. Persistent fear surrounding this threat may therefore misdirect resources and attention from more pressing security challenges.

Aug. 25, 2025

Fighting Through Disruption: Reframing Cyber Resilience for Power Projection and Strategic Credibility

Cyberattacks are often framed as discrete emergencies—events requiring swift, pre-planned recovery. Yet the geostrategic cyber threat is emergent and deeply embedded in the civilian infrastructure that underpins U.S. military operations. This paper argues for a dynamic conception of cyber resilience—not merely withstanding disruption, but fighting through it, adapting in contact, and sustaining initiative in a contested environment. Cyber resilience is a shared military-civilian challenge that often requires extending capacity from already degraded conditions (graceful extensibility) and adapting across multiple cycles of stress (sustained adaptability). Prevailing definitions, including the widely referenced National Institute of Standards and Technology (NIST) standard, treat resilience as a static, information technology (IT)-centric function focused on rebound and robustness. These commercial paradigms fall short in conflict conditions, where disruption is sustained, deliberate, and often combined with informational and/or kinetic effects. Drawing on the cases of China’s Volt Typhoon campaign, Ukraine’s cyber defense, and the Jack Voltaic exercises, this paper explores the operational stakes and the socio-technical character of cyber resilience. It critiques institutional fragmentation and outdated assumptions that undermine integrated defense at the civil-military seam. In light of persistent threats, cyber resilience is not a state, but a practice and a core operational capability—planned, exercised, and sustained.

Aug. 25, 2025

Toward Clarity in Cyber's "Fog of Law"

The international legal framework governing state-sponsored cyber operations remains in a state of pronounced ambiguity, reflecting both the technical novelty of cyber capabilities and prior deliberate strategic choices of States to prioritize flexibility over clarity. This article explores the persistent “fog of law” surrounding international law and norms relating to cyber operations and the structural and substantive barriers to developing clear legal norms in the cyber domain. This article first assesses the structural and technical bases for the underdevelopment of legal norms as to cyber operations, before turning to the static ambiguity present in the United States Department of Defense Law of War Manual (the “Manual”). The piece describes the growing misalignment between the “strategic ambiguity” present in the Manual and the shift toward persistent engagement and “defending forward” that has been adopted by the U.S. and its allies. The article urges recalibration of the U.S. and other states’ legal positions, most notably through a revision of the Manual’s cyber operations chapter. By advancing clearer legal boundaries and unilaterally clarifying state positions, the U.S. and others can promote the development of customary international law, enhance legal predictability, and better align legal policies with contemporary cyber strategies. Addressing deficiencies of existing norms will also facilitate the evolving alignment of international law with Western strategic interests and values.

Aug. 25, 2025

The Sword of Damocles: A Cybersecurity Paradigm Shift for the Defense of Critical Infrastructure

The decentralized nature of U.S. critical infrastructure, while an engine and source of enormous societal wealth, creates significant vulnerabilities. Systems and their defenders are unknowingly operating underneath a modern Sword of Damocles—a constant and catastrophic threat of disruption from sophisticated and persistent adversaries. Drawing a parallel to the defensive failures of the October 7th Attacks, this article demonstrates how current cybersecurity strategies, heavily reliant on probabilistic, detect-and-respond tools, have proven insufficient to secure the complex Operational Technology (OT) systems and vast supply chains at the core of this infrastructure. This article argues that the fundamental asymmetry between attacker and defender can only be redressed by a new defensive paradigm. By integrating scalable, deterministic, and fact based security methods with existing tools, defenders can enable automated, offense-for-defense capabilities. This approach, grounded in game theory, is the key to imposing tangible costs on adversaries in real time, finally allowing defenders to step out from under the sword and instead wield it.

Aug. 25, 2025

The Battlefield is not 'Over There' - It is Here, 24/7

Lieutenant General Jeth Rey is the Deputy Chief of Staff, G-6 of the United States Army. As a principal military advisor to the Chief of Staff of the Army and the Chief Information Officer (CIO), he is responsible for planning, strategy, network architecture, and implementation of Army command, control, computers, and communications (C4) systems. He also oversees cyber operations and networks for Army operations globally. In this ever-present, constantly evolving cyber battleground, the Army is relentlessly pursuing technological advantage by prioritizing capabilities such as the Electronic Warfare Planning and Management Tool (EWPMT), and by conducting realistic, demanding training and wargaming at all echelons and in joint environments. Maintaining the strategic high ground in the contested digital domain—which links Soldiers and battlefield sensors to command centers and weapons systems—requires a team effort. This includes leveraging the combined expertise of Soldiers, scientists, engineers, analysts, operators, and leaders across signal, cyber, and electronic warfare forces. A failure to build resilience, confidence, and trust hinders the accomplishment of the mission. If unprepared, commanders and lives are at risk when adversaries inevitably disrupt and deny access to the tools and spectrum upon which they depend. In a fight against a determined and sophisticated opponent, there is no certainty that these digital capabilities will always be accessible, here and now, in the most decisive moments of battle.