The nature of cyber threats has undergone a fundamental transformation over the past two decades, shifting from the exploitation of information systems to the deliberate targeting of the operation systems and physical infrastructure upon which national security and public safety depend – our nation's key terrain on the digital battlefield. This article argues that the defense and policy communities have yet to fully reckon with this shift, largely due to a persistent "digital threat bias" — an institutional tendency to treat cybersecurity as an IT problem rather than a matter of physical and operational consequence. This bias produces measurable failures: misaligned investment priorities that leave operational technology (OT) environments underfunded; governance structures that exclude engineers who understand physical systems best; and threat categorization frameworks that obscure the asymmetrical character of attacks on critical infrastructure, thereby limiting policy and response authorities. Drawing on high-profile incidents, this article makes the case that cyberattacks targeting OT environments constitute a form of irregular warfare requiring a fundamentally different strategic response. The author identifies three imperatives for senior leaders and policymakers: reframing OT cyber-attacks on critical infrastructure as irregular warfare, overcoming digital threat bias, and integrating the capabilities of the Department of Energy national laboratory system to strengthen national defense. Failure to act with urgency risks leaving critical defense infrastructure, and the military readiness it sustains, vulnerable to adversaries who have already spent years mapping and accessing these systems.
READ THE FULL ARTICLE HERE
doi.org/10.55682/cdr/6gfb-fcp6
The Cyber Defense Review
Volume 11, Issue 2