ABSTRACT: Cyberattacks are often framed as discrete emergencies—events requiring swift, pre-planned recovery. Yet the geostrategic cyber threat is emergent and deeply embedded in the civilian infrastructure that underpins U.S. military operations. This paper argues for a dynamic conception of cyber resilience—not merely withstanding disruption, but fighting through it, adapting in contact, and sustaining initiative in a contested environment. Cyber resilience is a shared military-civilian challenge that often requires extending capacity from already degraded conditions (graceful extensibility) and adapting across multiple cycles of stress (sustained adaptability). Prevailing definitions, including the widely referenced National Institute of Standards and Technology (NIST) standard, treat resilience as a static, information technology (IT)-centric function focused on rebound and robustness. These commercial paradigms fall short in conflict conditions, where disruption is sustained, deliberate, and often combined with informational and/or kinetic effects. Drawing on the cases of China’s Volt Typhoon campaign, Ukraine’s cyber defense, and the Jack Voltaic exercises, this paper explores the operational stakes and the socio-technical character of cyber resilience. It critiques institutional fragmentation and outdated assumptions that undermine integrated defense at the civil-military seam. In light of persistent threats, cyber resilience is not a state, but a practice and a core operational capability—planned, exercised, and sustained.

Click here for the full article.