The Financial Times described a U.S. Cyber Command hunt forward mission where members of the Cyber National Mission Force worked alongside Ukrainian network operators in December 2021 to discover and mitigate a wiper malware capable of disrupting rail networks across the country. Millions of Ukrainians later used the railway system to escape the Russian assault on their cities. This may be the first report of a cyber activity that directly saved lives. Some speculate that Russia’s initial plan was to place intense pressure on the Ukrainian government to cause a quick collapse. Did that plan rest on a strategic assumption that civilians would be trapped in cities because the rail system would not function, and thereby intensify political pressure and popular panic? If historians find this to be the case, we may look back on this hunt-forward operation as having had a strategic impact on the conduct of a conventional war.

Additional examples of initiative persistence in the shadow of conflict have come to the fore. Hours before the Russian invasion, Microsoft detected a new malware, known as FoxBlade, intended to disrupt Ukraine’s digital infrastructure. Heeding the U.S. government’s advice, Microsoft immediately extended the warning to neighboring NATO countries. Ukraine’s cyber operators, for their part, shared with the United States (and others) the discovery of a novel industrial control system malware known as Industroyer2.

Moments that lead to fundamental changes in how national security is achieved are rare. But when they do occur, failure to adjust correctly and effectively can mean the difference between growing as a great power or being pushed off of the pedestal. Persistent engagement is the correct adjustment to the reality of cyber insecurity. The critical next steps are to scale it up while maintaining tempo and building it into a cornerstone of a whole-of-nation-plus (WON+) cyber framework. Initiative persistence in managing the potential exploitation of network vulnerabilities must drive inter-agency coordination and action, public-private alignment of interests and activities, and citizen engagement. All three elements must also align with international partners’ orientations and actions (i.e., the “+” in WON+). In an environment of continual action in the setting and resetting of network structures, processes, and components, the stark choice is to persist or lose. The good news is that the United States, as a status quo defensively oriented state, is beginning to regain some initiative in cyberspace by cultivating norms of responsible behavior and setting the terms for stabilizing global cyber activity. For the United States, the strategic stakes in moving forward on this course cannot be overstated.

The views are those of the authors and do not necessarily represent official positions of any US government agency.

Dr. Michael P. Fischerkeller is a research staff member in the Information, Technology and Systems Division at the Institute for Defense Analyses, a Federally Funded Research and Development Center.

Dr. Emily O. Goldman serves as a strategist at U.S. Cyber Command and a thought leader on cyber policy.

Dr. Richard J. Harknett is Professor and Director of the School of Public and International Affairs at the University of Cincinnati and co-director of the Ohio Cyber Range Institute and Chair of the Center for Cyber Strategy and Policy.

Image: DVIDS.