Key Takeaways
- The Pentagon is moving to embed cyber capabilities into every phase of operational planning rather than treating them as an after‑the‑fact add‑on.
- Recent conflicts have demonstrated that information advantage, amplified by cyber and space effects, is now as decisive as traditional kinetic force.
- A cultural shift within the Department of Defense recognizes cyber as integral to mission success, a change underscored by leadership statements and new oversight assignments.
- Senior officials stress that securing artificial intelligence (AI) must be built in from the outset, lest the department repeat past mistakes of retrofitting security after deployment.
- The Army’s principal cyber adviser now oversees both physical and cyber critical infrastructure, highlighting the department’s view of the two domains as inseparable.
- Cross‑domain exercises are being used to rehearse threat scenarios that blend cyber, space, and kinetic effects, reinforcing the need for integrated planning.
Introduction
The U.S. Department of Defense is undergoing a strategic reevaluation of how cyber capabilities are employed in modern warfare. Speaking at the GDIT’s Emerge: Battlespace of the Future conference, senior cyber policy officials outlined a vision in which cyber is no longer a separate silo but a foundational element woven into every operational plan from day one. Their remarks reflect a broader recognition that information dominance, enabled by cyber, space, and AI tools, is now as critical to battlefield success as traditional firepower.
Cyber Integration into Operations
Katherine Sutton, assistant secretary for cyber policy and principal cyber adviser at the DOD, emphasized that the Pentagon must “fully pull cyber out of its silo.” This means integrating cyber effects not only during execution but also during the earliest stages of operational planning. By embedding cyber considerations from the outset, the department aims to ensure that cyber capabilities are synchronized with kinetic, space, and other non‑kinetic actions to create a coherent, multi‑domain effect.
Lessons from Recent Conflicts
Sutton pointed to recent wars as evidence of cyber’s growing importance. She noted that when cyber is paired with physical force, it can degrade an adversary’s information advantage, thereby weakening their ability to command and control troops. The insight is that information—whether transmitted via communications networks, satellite links, or data streams—has become a decisive factor on the modern battlefield, making its protection and manipulation a top priority for U.S. forces.
Cultural Shift at the Department of Defense
Defense officials have observed a notable cultural change regarding cyber’s role within the department. The war in Iran and the capture of Venezuelan leader Nicolás Maduro were cited as turning points that highlighted how cyber operations can achieve strategic objectives that previously required conventional military action. This shift has moved cyber from a niche technical function to a core component of joint warfighting doctrine.
Statements from Katherine Sutton
Sutton warned that treating cyber as an afterthought is no longer viable. She stressed that the department must start thinking about how to secure new capabilities—especially artificial intelligence—right from the beginning of adoption. The historical pattern of adding security after a tool is fielded creates vulnerabilities that adversaries can exploit, a risk the Pentagon cannot afford to repeat with emerging AI technologies.
Brandon Pugh’s Perspective
Brandon Pugh, principal cyber adviser for the Army, echoed Sutton’s message, asserting that cyber “being considered in a silo is not where it’s most effective.” Instead, cyber achieves maximum impact when it blends seamlessly with kinetic operations while still retaining the ability to act independently when needed. This blended approach allows commanders to apply cyber effects to shape the battlespace before, during, and after kinetic engagements.
Integration of Cyber with Kinetic Effects
Pugh’s comments underscore a doctrinal evolution: cyber is not merely a supporting tool but a co‑equal element of combat power. By synchronizing cyber attacks—such as disrupting enemy command networks or spoofing sensor data—with kinetic strikes, U.S. forces can amplify the effect of each bullet or bomb. Conversely, cyber can be used in isolation to achieve objectives where physical force would be imprudent or escalatory, such as influencing adversary decision‑making without triggering open conflict.
Hegseth’s Oversight and Critical Infrastructure
Defense Secretary Pete Hegseth has assigned Pugh oversight of all defense critical infrastructure, encompassing both physical assets (power plants, communications hubs) and cyber components (networks, data centers). This dual mandate signals the department’s conviction that protecting the nation’s warfighting capability requires a unified view of cyber and physical security. Vulnerabilities in one domain can quickly cascade into the other, making integrated risk management essential.
Army Exercise on Cross‑Domain Threats
To operationalize this integrated mindset, the Army recently convened agencies for a cross‑domain exercise designed to contemplate threat scenarios that span cyber, space, land, sea, and air. Participants explored how adversaries might exploit weaknesses in one domain to gain advantages in another, rehearsing responses that require coordinated action across service branches and government agencies. The exercise reinforced the idea that future conflicts will be fought not just on geographic frontiers but also in the electromagnetic and information realms.
Securing AI from the Outset
Sutton reiterated that as the Defense Department expands its use of advanced AI models, security must be a design principle rather than an after‑the‑fact patch. She drew a parallel to the early Internet, which was built without security considerations, resulting in decades of costly remediation. With AI, the stakes are higher: adversaries could weaponize vulnerabilities to manipulate decision‑making algorithms, poison training data, or hijack autonomous systems. Proactive security measures—such as robust validation, continuous monitoring, and adversarial testing—are therefore indispensable.
Challenges of Retrofitting Security
The officials acknowledged a persistent challenge: the tendency to adopt new tools first and address security later. Sutton warned that this approach leaves critical gaps that adversaries are quick to exploit. For AI, the window for correction may be especially narrow because malicious actors can rapidly develop exploits that target model biases or inference pipelines. Consequently, the Pentagon is advocating for a “security‑by‑design” framework that incorporates threat modeling, secure coding standards, and independent verification from the project’s inception.
Conclusion
The Pentagon’s current strategy reflects a decisive move toward treating cyber, space, and AI as integral, inseparable components of modern military power. By embedding cyber considerations into operational planning from day one, aligning cyber effects with kinetic actions, and securing emerging technologies before deployment, the Department of Defense aims to maintain information superiority and reduce the attack surface available to adversaries. The cultural shift, reinforced by leadership directives and cross‑domain exercises, signals that future conflicts will be won not only by firepower but by the ability to control, protect, and manipulate the information environment.