The defense cyber community has made genuine progress at the technical layer over the past decade. Continuous software delivery and security practices, supply chain security certification frameworks, and the maturation of dedicated military cyber forces represent real and consequential structural advances. That progress now reveals the layer above it. The seams adversaries exploit with consistent effectiveness are not technical seams—they are organizational seams, the predictable product of how complex work is organized across institutional boundaries at scale. This essay synthesizes a decade of research and acquisition practice to advance three connected arguments. First, existing cybersecurity and resilience frameworks systematically address the technical layer while leaving the sociotechnical and ecosystem layers under-addressed—a gap that represents the defining strategic liability of the coming decade. Second, Conway’s Law and panarchy theory together explain why this gap persists: organizations produce systems that mirror their communication structures, and cross-scale dynamics ensure that fast-cycle compromises can cascade upward to destabilize strategic command and control. Third, addressing this gap requires deliberate attention across the full lifecycle of cyberphysical systems—from development through deployment, fielding, active defense, and sustainment—not only at initial program authorization. Artificial intelligence amplifies both the consequences of the problem and the cost of its continued deferral, while simultaneously offering new analytical tools for ecosystem-level situational awareness. The path forward requires treating resilience as a continuous lifecycle obligation, mandating ecosystem-level threat modeling, and recognizing operational commanders as the essential demand signal for resilient outcome specifications.
READ THE FULL ARTICLE HERE
doi.org/10.55682/cdr/kjm8-q2dm
The Cyber Defense Review
Volume 11, Issue 2