ArchiveOODA OriginalSecurity and Resiliency

Goodbye to All That

It was the cyberwar we were promised; it was the cyberwar nobody expected…

The conflict in Ukraine has validated a number of assumptions cyberspace strategy and intelligence thinkers have been promulgating for over 20 years. The use of cyber attacks in conjunction with the traditional components of armed conflict, for example. Likewise, the involvement of “patriotic hackers” in an armed conflict, with or without the approval of the national government, is a phenomenon that has been around since at least the Hainan Island incident, and the fall of what used to be Yugoslavia.

This same conflict has also revealed a few surprises. For example, everyone assumed the bulk of cyber attacks carried out in this conflict would originate from Russia. The fact that such attacks have not substantially manifested (yet) – and the relative silence on the wire from the US and NATO countries – may be an indicator that such activity can in fact be deterred: if you’re inclined to adhere to an implied nonproliferation agreement… which random Ukrainians and their friends on the Internet are not. I also don’t recall anyone envisioning a community under threat going all Fire of Moscow on their own infrastructure.

Between the time when a website defacement was considered an event worth briefing to the highest defense and intelligence officials in the land, to the conflict we’re witnessing today, a cottage industry has sprung up around efforts to envision how warfare (and actions short of war) will play out now that we have this fifth domain to deal with. But shortcomings in how we’ve been doing this work, and with whom, threatens our ability to effectively deal with the issues.

In any conflict first reports are often wrong, but if a fraction of what is being talked about regarding things-cyber in Ukraine is true, we have only the slightest grasp of what is possible when people faced with an existential threat arm themselves with CPUs and a decent Wi-Fi connection. It is too soon to craft the after-action report of current events, but there are a couple of early observations that will probably be around long after the shooting stops.

Norms that only apply to some are not norms. Standards of good behavior in cyberspace have to be applied universally. You have to have the intestinal fortitude to apply the standard even when actions are carried out by “the good guys.” People are outraged that cryptocurrency exchanges are not banning Russian transactions, but that’s called adhering to one’s principles. The Vice Prime Minister of Ukraine calls for the formation of an “IT Army” and the “norms in cyberspace” community is strangely silent.

What happens when this happens everywhere? There are 59 armed conflicts going on in the world, and there is no reason why any of them couldn’t develop a cyber component that could impact lives thousands of miles away. When we’re hacked by Russians or Chinese there is always an indictment at the ready; what exactly is our response to a Colonial Pipeline-type event perpetrated by the EZLN?

What happens when anyone is a combatant? Private enterprises and citizens are not staying in their lanes. What are our adversaries to think – or do – when private enterprises take sides? What is government to do when its citizens find themselves on the business end of another nation-state’s capabilities because they joined the digital militia du jour?

It is clear that when it comes to armed/cyber conflict, the issues are not as mature or well-understood as we may have thought. Current events illustrate that the operative aspect of these issues is more politics than it is technology or methodology. Cyber issues do not stand apart from everything else that makes up a state’s toolkit. They must be understood on their own terms and viewed in an integrated fashion. We use analogies to explain things-cyber because it is easier than talking in zeros and ones, but our solutions will come up short if we mistake abstraction for reality.

In a time when diversity and inclusion are so valued, we must recognize the importance of including more intellectually and culturally (hackers, not soldiers) diverse voices in our discussions about and preparations for cyber conflict. The lack of imagination, or even understanding of the art of the possible, is a disservice gatekeepers perpetuate to keep those with rare skills and unique experience – along with their penchant for pointing out imperial nudity – at bay. This is a situation we maintain at our peril if we hope to emerge victorious from the conflicts we will face, vice preparing for the ones we want to be in.

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency


The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Michael Tanji

Michael Tanji

Michael Tanji spent nearly 20 years in the US intelligence community. Trained in both SIGINT and HUMINT disciplines he has worked at the Defense Intelligence Agency, the National Security Agency, and the National Reconnaissance Office. At various points in his career he served as an expert in information warfare, computer network operations, computer forensics, and indications and warning. A veteran of the US Army, Michael has served in both strategic and tactical assignments in the Pacific Theater, the Balkans, and the Middle East.