Nov. 28, 2025

Toward a Global Framework for Cyber Threat Intelligence Sharing

Establishing a trusted global framework for cyber threat intelligence (CTI) sharing is essential to collective cyber resilience, deterrence, and defense. The lack of a global framework for CTI sharing hampers timely prevention of, and response to, cyberattacks. Governments, allies, and the private sector must collaborate across borders to establish secure, standardized, and legally compliant mechanisms for CTI exchange. Policy disparities and resistance to change remain key obstacles. This article examines essential elements of effective CTI sharing—data security with validation, anonymization, and authorization—and proposes trust-based practices that can be implemented within existing legal frameworks. As cyber threats grow in sophistication and complexity, routine, responsible CTI sharing must become a global norm. International and U.S. law permit such cooperation, enabling nations and organizations to enhance resilience, protect critical infrastructure, and strengthen collective defense. Transparent, trusted sharing not only improves cyber readiness but also projects power by enabling allies to deter adversaries and deny them the element of surprise.

Nov. 28, 2025

Ensuring the Cyber Resilience of Critical Infrastructure Serving Domestic Military Installations: Questions for Senior Leadership

Department of War (DoW) installations in the United States are heavily dependent for electricity, natural gas, drinking water and wastewater treatment, telecommunications, and rail transportation on critical infrastructure owned and operated by contractors, whether inside or outside the fence. The availability of these services is controlled by operational technology (OT) that is uniquely vulnerable to cyberattack. The regulatory structure for U.S. critical infrastructure cybersecurity is spotty, with jurisdiction divided among federal, state, and local governments. Assets inside-the-fence fall outside the utility regulatory structure entirely. DoW can use its procurement power, through contract clauses or requirements, to improve the cybersecurity of the OT in the critical infrastructures it depends on. However, there is no contract clause for the OT of utilities outside the fence, and the standard that DoW currently relies on for utilities inside the fence was not designed for OT. Key questions need to be addressed by senior leadership, beginning with a survey of the OT of utilities to identify internet-capable products or configurations, the presence of China-made equipment, and the use of OT devices with known security vulnerabilities. The DoW needs to accelerate the development of contract clauses or requirements that specify a set of prioritized controls for OT.

Nov. 28, 2025

Voices from Cyber Yankee: Lessons for Strengthening Critical Infrastructure Cyber Protection

Cyberattacks on critical infrastructure increasingly threaten national security, public safety, and economic stability. This commentary analyzes Cyber Yankee—a regional, multi-agency cyber exercise in New England (United States)—as a model exercise for the U.S. Department of War (DoW) and its partners. Drawing on perspectives from senior military and National Guard leaders, it traces the evolution of the exercise since 2014 and examines its distinctive integration of utilities and operational technology (OT) operators through a collaborative Blue–Orange Team format. The paper situates Cyber Yankee within the broader cyber Unified Coordination Group (UCG) framework and identifies opportunities to adapt its principles for active-duty operations under the Defense Support of Civil Authorities (DSCA) model. Findings highlight the enduring value of long-term public–private partnerships, the cultivation of trust and interoperability before crises, and the replicability of the UCG model for coordinated cyber response. The commentary concludes with recommendations to enhance readiness nationwide, including deeper engagement with critical-infrastructure operators in exercise design, routine practice of Request for Support and Cyber 9-Line processes, expanded OT- and ICS-focused training for Guard cyber teams, alignment of these skills within Joint Qualification Records, and the development of flexible, modular response packages that reflect real-world incident needs.

Nov. 28, 2025

Preparedness Wargaming for Critical Infrastructure Resilience: Taiwan Digital Blockade Wargame

For any developed country, the stable conduct of life for citizens, economies, and militaries—and the capacity to govern—depends on regular access to data and communications. This reliance makes communications and data flows a strategic target, not only for criminals but also for adversaries seeking geopolitical advantage. Defending against such threats is difficult because communication infrastructures are complex, interdependent systems with no single point of control. Addressing this challenge requires militaries, governments, and the private sector to coordinate and plan for attacks and conflict in the cyber domain. This article presents the Taiwan Digital Blockade Wargame, a scenario-based exercise designed to explore ways to improve the resilience of Taiwan’s information and communications technology (ICT) infrastructure in the event of a conflict with the People’s Republic of China (PRC). The wargame intends to identify overlapping opportunities that militaries, industry, and policymakers could jointly implement to enhance cyber defense and societal resilience during conflict. Methodologically, the paper contributes to the emerging practice of “preparedness wargaming," a form of critical infrastructure game that moves beyond diagnosing weaknesses to generating actionable solutions for resilience and defense. By framing wargaming as a generative research method, we show how structured gameplay and facilitated dialogue can surface novel, cross-sectoral strategies not apparent to any single actor. The article reports on the game design, process, and key recommendations, and argues that such generative wargames offer a promising tool for anticipating and mitigating complex, interdependent cyber disruptions in an era of increasing geopolitical tension.

Nov. 28, 2025

Access Denied and Sector Down: Introducing Resilience Games for Critical Infrastructure Preparedness

Critical infrastructure (CI) organizations increasingly face disruptions that cascade across interdependent systems. Preparing for this fact requires thorough training, yet many existing training methods, especially tabletop exercises, are too resource-intensive, classified, or narrowly scoped to prepare diverse civilian and military stakeholders effectively. To address this gap, we introduce resilience games, a form of serious gaming with wargaming elements. First, we present the JV4.0 technical framework, the latest iteration of the U.S. Army Cyber Institute’s Jack Voltaic series, an open-source, modular architecture for creating, running, and adapting such games. Second, we demonstrate Access Denied and Sector Down as two implementations of the framework. Access Denied is an entry-level, non-technical card game focused on incident recognition and communication. Sector Down is a cross-sector game that trains CI decision-makers to sustain essential functions under cascading attrition. We describe gameplay mechanics, alignment with practitioner taxonomies (e.g., CISA lifelines, MITRE ATT&CK/ICS, D3FEND), and insights from formative playtesting across military, academic and public venues. We conclude by outlining next steps for empirical evaluation and policy integration. The aim is to provide a scalable, accessible tool to help Department of War installations and civilian communities prepare for disruptions ranging from cyberattacks to extreme weather events.

Nov. 28, 2025

Strengthening Cyber Resilience by Building Critical Infrastructure Communities: the C-CIC Pilot Study

Community resilience is crucial in addressing cyber threats to critical infrastructure, as these threats are often complex and require a multi-layered approach. In this paper, we explore how practices used to build trust and mutual support in face-to-face communities can be adapted to strengthen cyber resilience. Specifically, we apply the idea of community resilience as an effective response to cyber threats by examining the importance of building trust and social capital and discussing lessons learned from a pilot project designed to establish an intentional online cyber critical infrastructure community (C-CIC) in the metro Atlanta area. By analyzing the interplay of technological affordances, social norms, and individual behaviors, this research offers a deeper understanding of how trust shapes the structure and function of resilient cyber community ecosystems. Based on lessons learned from the Atlanta C-CIC pilot, the paper concludes with recommendations for building effective intentional online cyber critical infrastructure communities.

Nov. 28, 2025

A Human-AI Teaming Approach to Closing the Talent Gap in Critical Infrastructure

Many critical infrastructure sectors are facing significant talent gaps among their workforce. The Industrial Internet of Things revolution has introduced new technologies and requirements for workers to understand while continuing to perform the duties for which they were hired, and the introduction of these data-driven technologies has concurrently created the need for new team roles with their own sets of capabilities. One possible solution for overcoming these talent gaps is the integration of artificially intelligent teammates. Research suggests human-AI teaming could potentially offload tedious, repetitive, or dangerous human work and accomplish tasks that, while difficult for a human to complete, cater well to what computers do best. This paper proposes a simple 3-steps guiding framework for teams in critical infrastructure organizations to determine a) the gaps on their team, by distinguishing between gaps caused by insufficient personnel (capacity) and those driven by new technological demands (capability), b) which roles are well-suited for an AI teammate, based on the match between task demands and AI capabilities, and c) the human-centered design considerations, including presence, explainability, autonomy management, and ethical alignment, that are essential to its integration as an effective teammate.

Nov. 28, 2025

Protecting Communities while Training Future Cybersecurity Professionals: Lessons from the Consortium of Cybersecurity Clinics

Communities across the United States and globally are increasingly vulnerable to cyberattacks targeting critical infrastructure, nonprofits, and other trusted institutions. In response, a national consortium of universities and community colleges has established cybersecurity clinics to address this challenge through an innovative, action-oriented approach. This article explores the role of clinical education not only in training cybersecurity professionals, but also in scaling the development of clinics to improve the security posture of critical infrastructure providers. By integrating classroom instruction, hands-on practice, direct client interaction, and close supervision, clinics can bridge the gap between theory and practice, enhancing public sector cyber resilience while having institutions of higher education meet their larger social obligations. Case studies from the consortium of cybersecurity clinics—including those at Indiana University, MIT, and UC Berkeley—illustrate the role these clinics have already played in supporting critical infrastructure and advancing national cyber resilience efforts. Furthermore, we examine the clinics’ role in promoting change and improvement in cyber culture within a wide range of government and non-governmental organizations. This work provides a foundation for the continued expansion of cybersecurity clinics as a model for national cyber resilience, offering key insights into ways of strengthening cyber defenses and protecting critical infrastructure.

Aug. 26, 2025

Forging the Future of Cyber Defense in an Era of Change and Uncertainty: Introduction to Volume 10 Issue 1

The need for agile thinking, strategic clarity, and resilient infrastructures in the cyber domain has never been greater. This issue of The Cyber Defense Review brings together timely insights from senior military leaders, policy analysts, legal scholars, and emerging voices, each viewing through a unique lens the challenges and opportunities shaping the future of cyber defense. As the famous football coach Bill Walsh said, “if we are all thinking alike, then no one is thinking.”

Aug. 25, 2025

Lights Out: What Hurricanes Reveal about Cyberattacks and Blackouts

It is time to critically reassess the fear that a hostile state will launch a cyberattack on energy infrastructure to plunge a society into darkness and civil unrest. Not only has it never happened, but the component parts of the chain required in such a scenario are fragile. A lot must go wrong for an effort of that kind to achieve even partial success. This article offers an original contribution by examining the risk of cyberattack against the energy grid as a driver of civil unrest. In the absence of direct historical precedents, the analysis draws on adjacent cases from blackouts unrelated to cyberattacks to assess the potential societal impact of mass outages. While energy infrastructure remains a frequent target for cyberattacks, the existing security architecture has largely held, provided it continues to adapt. Persistent fear surrounding this threat may therefore misdirect resources and attention from more pressing security challenges.