EXPERT PERSPECTIVE — When we think about the arteries of global power, images of oil pipelines or shipping lanes often come to mind. They are visible, tangible, and easy to picture on a map. The digital world has its own arteries, equally vital but far less visible: undersea cables, satellites, and semiconductor supply chains. These systems allow our economies to function, our militaries to coordinate, and our societies to remain connected.

We rarely stop to consider how very fragile they are. A fiber-optic cable lying quietly on the seabed, a satellite orbiting high above, or a single Dutch firm making the machines that build the world’s most advanced chips? Each represents a potential point of failure. And when one of them falters, whether by accident or design, the consequences ripple instantly across the globe. What makes this even more concerning is that adversaries understand their potential value. They have studied the geography of our digital world with the same intensity that past powers studied maritime routes. Increasingly, they are testing ways to hold these chokepoints at risk, not in open war, but in the murky space called the gray zone.

Consider the seabed. Nearly all intercontinental internet traffic runs not through satellites, as many imagine, but along the ocean floor. The “cloud” is, in truth, anchored to the seabed. These cables are resilient in some respects, yet highly vulnerable in others. Russia has long deployed specialized vessels (such as the Yantar) to loiter near critical routes, mapping them and raising concerns about sabotage. The People’s Republic of China has taken subtler approaches. On several occasions, cables linking Taiwan’s outlying islands have been cut by Chinese vessels in incidents they described as accidental. Taipei viewed them, by contrast, as deliberate acts of pressure that left communities offline for weeks.

Nature has been no less disruptive. A volcanic eruption severed Tonga’s only international cable in 2022, cutting off connectivity entirely. A landslide off Côte d’Ivoire in 2024 damaged four cables at once, leaving more than a dozen African states scrambling to restore service. These episodes remind us that chokepoints need not be destroyed to reveal their importance.

For China, the issue is a strategic one. Through its Digital Silk Road initiative, Beijing has financed and built cables across Asia, Africa, and Europe. Chinese firms now sit at landing stations and repair depots. In times of peace these investments look like connectivity. In times of crisis, they can become instruments of leverage or coercion.

Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.

The same logic applies in orbit. Satellites and global navigation systems act as the nervous system of modern life. They time banking transactions, guide aircraft, and support military operations. Disrupting them unsettles the rhythms of daily existence. Russia previewed this dynamic in 2022 when it launched a cyberattack against the Viasat KA-SAT network on the first day of its invasion of Ukraine. Thousands of modems across Europe went dark, cutting off critical communications. More routinely, Russian jamming and spoofing around Kaliningrad and Moscow have disoriented navigation systems, with civilian pilots suddenly reporting the loss of GPS mid-flight.

China has created its own path through BeiDou, a rival to GPS that is already woven into infrastructure and commerce across large swaths of the world. Countries adopting BeiDou for civilian uses also create dependencies that, in a crisis, could become channels of influence. China’s so-called inspector satellites, capable of shadowing Western systems in orbit, serve as a reminder that the domain is contested and difficult to police. Jamming, spoofing, or orbital surveillance are rarely attributable in real time. They can be dismissed as interference or technical glitches even when deliberate. That ambiguity is precisely what makes them effective tools of gray-zone leverage.

Vulnerability also extends to the factories that produce the silicon chips powering the digital age. No chokepoint illustrates fragility more starkly than semiconductors. Advanced chips are the foundation of artificial intelligence, modern weapons systems, consumer electronics, modern automobiles, and more. Yet their production is concentrated in very few hands. One company in Taiwan manufactures most of the world’s leading-edge chips. A single Dutch firm produces the extreme ultraviolet lithography machines needed to make them. And China has demonstrated repeatedly how control over upstream minerals can be wielded as leverage. Restrictions on gallium, germanium, and graphite have caused immediate price spikes and sent Western companies scrambling for alternatives.

The global chip shortage during the pandemic provided a glimpse of how disruption can have cascading impacts. Automotive plants shut down, electronics prices soared, and entire supply chains stalled. That was the result of market forces. In a geopolitical crisis, disruption would be intentional, targeted, and likely more devastating.

The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access to exclusive content by becoming a subscriber.

None of these vulnerabilities exist in isolation. Together, they form part of a broader and comprehensive strategy, particularly for China, where digital infrastructure has become a deliberate instrument of national power. Through the Digital Silk Road, through export controls on critical minerals, through investments in semiconductor capacity, through an ambitious national AI strategy, and BeiDou’s global adoption, Beijing is systematically building positions of leverage.

Is this preparation for an open assault on global systems? Maybe not, but it is a strategy designed for options in the gray zone. By holding digital chokepoints at risk, China can complicate allied decision-making and cast doubt on the reliability of critical systems, thereby slowing or obstructing responses at moments when speed is decisive. The ambiguity of each incident – whether it appears to be an accident, a policy choice, or something more calculated – becomes a tool of coercion.

The reality is that these risks cannot be eliminated. The very efficiency of the digital age depends on concentration. A single company leads in chipmaking, a limited set of satellites provides global timing, and relatively few cables carry the world’s data vast distances across the open ocean. Efficiency brings tremendous capability, but it also brings fragility. And fragility invites exploitation.

The counterweight must be resilience. That means redundant routes and suppliers, pre-positioned repair capacity, diversified supply chains, hardened infrastructure, and rehearsed recovery plans. The point is to recover and regain capacity as quickly as possible. To do so requires deeper public-private partnerships and closer coordination among allies, since no nation can protect these domains on its own. Resilience is not a one-time investment but a cultural shift. A culture that assumes disruption will come, prepares for it, and ensures that no single outage or shortage can paralyze us.

History offers some perspective. Nations once fought to control straits, canals, and oil fields. They still do so today, but increasingly our chokepoints are digital, hidden from sight yet just as consequential. Whoever shapes them, shapes the balance of global power.

Global stability today depends on foundations that are often invisible. Fiber-optic cables under the sea, satellites crossing the skies, and factories producing chips with microscopic precision form the backbone of our digital age. They showcase human ingenuity while highlighting profound vulnerabilities. Recognizing the duality of innovation’s promise alongside its fragility may be the most important step toward protecting what matters most in the digital age. And, yes, we must defend these technologies. But it’s about something bigger. It’s about ensuring that the digital world we depend on remains a source of strength, and not a lever of coercion.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. Government. Nothing in the contents should be construed as asserting or implying U.S. Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Future of Cyber Resilience The algorithms are hunting us. Not with malicious code, but with something far more insidious. During a recent Black Hat Conference roundtable hosted by Chuck...

The post Innovator Spotlight: 360 Privacy appeared first on Cyber Defense Magazine.

By Gary Miliefsky, Publisher of Cyber Defense Magazine Black Hat, the cybersecurity industry’s most established and in-depth security event series, has once again proven why it remains the go-to gathering...

The post Black Hat USA 2025 – AI, Innovation, and the Power of the Cybersecurity Community appeared first on Cyber Defense Magazine.

Black Hat USA 2025 was nothing short of groundbreaking. The show floor and conference tracks were buzzing with innovation, but one theme stood above all others – the rapid advancement...

The post AI Takes Center Stage at Black Hat USA 2025 – Booz Allen Leads the Conversation appeared first on Cyber Defense Magazine.

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures.

What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and train together as a team with the goal of being prepared for potential incidents.

Another force driving demand for cyber ranges is the rapid growth of high-profile attacks with seven-figure loss events and the public disclosure of attacks, impacting reputation and financial results. Damaging attacks, like data breaches and ransomware, have cemented the criticality of effective incident response to prevent worst-case outcomes and rapidly contain eventual ones.

Once you decide that your cybersecurity team and other actors in your cyberattack response protocols need to practice together, the economics for a dedicated cyber range is compelling. An organization can train many more employees more quickly through a dedicated cyber range.

But before you pull the trigger and order a cyber range, you should make a full evaluation of the pros and cons. The primary con, of course, is that a dedicated cyber range might be oversized for the organization’s long-term needs. You might not use it enough to justify the costs of building and operating an actual range. Alternatively, you might prefer to run cyberattack exercises remotely to more closely simulate the real work environment of your teams.

This post will provide a primer on conducting a graduated cyber range evaluation and help set up processes to think through what type of drilling grounds might be best suited for your team.

Why Build a Cyber Range? Mandatory Training, Certifications and Compliance

The most compelling reason for building a cyber range is that it is one of the best ways to improve the coordination and experience level of your team. Experience and practice enhance teamwork and provide the necessary background for smart decision-making during a real cyberattack. Cyber ranges are one of the best ways to run real attack scenarios and immerse the team in a live response exercise.

An additional reason to have access to a cyber range is that many compliance certifications and insurance policies cite mandatory cyber training of various degrees. These are driven by mandates and compliance standards established by the National Institute of Standards and Technology and the International Organization for Standardization (ISO). With these requirements in place, organizations are compelled to free up budgets for relevant cyber training.

There are different ways to fulfill these training requirements. Per their role in the company, employees can be required to undergo certifications by organizations such as the SANS Institute. Training mandates can also be fulfilled by micro-certifications and online coursework using remote learning and certification platforms, such as Coursera. The decision to avail a company of a cyber range does not always mean building one in-house.

Learn more

A Cyber Training Progression in Stages: From Self-Study to Fully Operational Cyber Ranges

In talking with our customers, we offer them multiple options for cyber range setups, and we advise them to carry out the implementation in stages. Each stage is appropriate for a different level of commitment, activity and desire for a fully immersive cyber range experience.

Stage 1: Self-Training, Certifications and Labs

Stage 1 is blocking and tackling, the bare minimum for competent cybersecurity training. This provides the basics required for continuing education and fulfilling cyber training requirements. Stage 1 can include:

• SANS training course in desired areas of expertise
• Completion of Coursera online self-paced or Massive Open Online Course classes with requisite certification of completion
• Specific class focus, such as reverse engineering malware or network forensics to explain how attackers traverse networks without being detected, etc.

An added part to Stage 1 is holding hands-on labs where participants complete tasks or simulate blue team or red team activities. The labs should focus on outcomes and metrics as much as they focus on completion. Participants should understand whether they are able to efficiently and effectively find indicators of compromise and mitigate attacks, as well as map the primary tactics, techniques and procedures (TTPs) associated with those attack simulations.

Stage 2: Team and Wider-Scale Corporate Exercises

In Stage 2, the more mature companies can escalate to coordinated group exercises that are planned and follow a curriculum. This requires dedicated compute infrastructure or hardware (some organizations choose to do it all from their existing workstations). In these exercises, all stakeholders take the lessons they have learned and bring them together to orchestrate a coordinated response. You may choose to have red teams attempt to infiltrate and go up against blue teams and involve threat intelligence teams and other security staff in the company’s security operations center.

If you want to make this stage a more immersive and realistic experience, you may also choose to include other teams, such as marketing. Bringing in operational technology (OT) teams at this stage is strongly suggested. Many of the most recent ransomware attacks have targeted not just laptops and other IT devices but also OT devices.

Business leaders tend to benefit strongly from witnessing and experiencing immersive coordinated exercises. Giving them insights into what other teams are experiencing and how they need to respond provides invaluable context that comes into play during an actual crisis. The most advanced team cyber response exercises can involve dozens or hundreds of team members and last several days.

Stage 3: The Collaborative Cyber Range With Vendors, Customers and Partners

Coordinating responses for your organization is a great start. But what about those around you — your customers, vendors and partners? The nature of your digital infrastructure, the ubiquitous connection to application programming interfaces, the proliferation of connected devices and the varying types of connections make it critical to coordinate an attack response with your closest third parties.

It’s easy to understand the criticality of an orchestrated response. The world has become more and more connected; the digital links among vendors, customers and partners have grown. An organization can have hundreds of third-party connections at a time. This has increased the attack surface and made supply chain attacks a preferred tactic with cyber criminals and nation-state actors alike. Supply chain attacks can be hard to detect because they come through a trusted intermediary. They are also a general-purpose exploit for securing future access, traversing networks and expanding horizontally inside an organization.

With awareness of third-party risk management, software supply chain risk growing and attacks in this realm more complex than ever, we are seeing customers asking to take their cyber readiness and exercises to the ecosystem level.

More than a concept to eventually consider, we actually see some companies demanding this participation as a condition of a partnership or becoming a key vendor. Chief information security officers (CISOs) and risk teams want to see beyond the attestations of SOC2 or ISO 2700 and test out the actual capabilities and readiness of their core partners and vendors.

For example, if an organization uses a bank that employs a payment processor that subsequently uses a clearinghouse, all three are tightly knit and have likely established some playbooks on how to work together, how to identify where the chain of interactions encounters a problem or when a breach has occurred. Ultimately, they should know how to contain and stop a cyberattack involving one or more of the three entities. Proactively establishing a risk-aware working relationship and identifying and introducing specific risks for each stakeholder can facilitate a more robust, comprehensive and rapid response in case of an attack. Often this is the point of bringing several parties into the collaborative exercise: to set up the procedures and norms for a collaborative response that’s agile and precise.

Keeping Your Training and Range Lively With Fresh Content and Context

A key part of why we believe organizations are seeking to build their own cyber ranges is the rapid acceleration of attack types and the extent of attacks. Threats that used to emerge over the course of months now emerge in weeks or days. CISOs and risk management leaders recognize this and understand that there are two key ways to address this shift:

• Increase the frequency of exercises
• Improve the content of exercises to keep things fresh over time

With cyber ranges, we can use both static, curriculum-driven content for stage 1 exercises and push evolving content with industry context for those moving to more elaborate exercises. We typically insert lessons and exercises based on attacks that may be happening concurrently with the exercise itself.

Ideally, you want your range to allow for customizable content that can be modified on the fly. This allows a company with a cyber range to load up an exercise on a major attack days after the attack is revealed. That capability makes cyber ranges more relevant and valuable because it enables organizations to speed up their security metabolism and learn faster.

Conclusion: Are You Ready for a Dedicated Cyber Range?

Before you get to the point of thinking about a dedicated cyber range, we highly recommend you work through stage 1 and stage 2 capabilities. At a minimum, you should run a cyber range exercise as a one-off to see how it works for your team and your organization. Most crucially, consider what the utilization rate of your cyber range will be when planning. Ideally, it should be in use most of the time to maximize your investment. Think through whether this is viable for your team and your enterprise before pulling the trigger. As a mitigating factor, think through whether you can use your dedicated cyber range as a pop-up or quick-start cyber operations command center in case of emergency.

After you feel comfortable with the idea of a cyber range and have confirmed its value, consider the positives and negatives of the three types of cyber ranges or outsourcing exercises to a trusted vendor.

• Dedicated on-premise ranges are more expensive to build and maintain but can help teams create in-person chemistry. This has become a more viable option in the past year as more workforces are convening in person again.
• Creating an entirely virtual cyber range prior to the pandemic was not something many organizations were considering. Virtual versions are cheaper to stand up and upgrade and offer more flexibility. However, for some organizations, face-to-face interactions are important.
• A number of customers have come to us requesting hybrid versions with both virtual and in-person components. Hybrid models are flexible and can extend to vendors and partners but are also the more expensive installations.

Having a cyber range at the ready is a fabulous foundation for upping your security metabolism and readiness. Follow a rigorous decision-making process to ensure you get the right kind for your organization and needs. To learn whether a cyber range is right for your organization and how to set up a cyber range program, talk to IBM X-Force Cyber Range Consulting here.

Want to hear directly from the experts? Register for the webinar, Tips and Best Practices for Cyber Ranges: How Your Organization Can Train as First Responders in the Face of an Attack.

The post Everyone Wants to Build a Cyber Range: Should You? appeared first on Security Intelligence.