The Eroding Advantage: Systematic Gaps in Nation-State Cyber Deconfliction and a Framework for Strategic Restoration (2019-2025)

Abstract

Building on Juan Andrés Guerrero-Saade’s seminal 2019 “King of the Hill” analysis^[1], this paper examines the evolution and failure of nation-state cyber deconfliction mechanisms from 2019-2025. Through empirical analysis of major incidents including SolarWinds^[2], Colonial Pipeline^[3], MOVEit^[4], 3CX^[5], and the i-Soon leaks^[6], we demonstrate how adversarial innovations have systematically exploited Western coordination gaps. We expand the theoretical framework beyond bureaucratic versus technical deconfliction to encompass temporal deconfliction, attribution deconfliction, and incentive deconfliction. Our findings reveal that while Western nations have achieved partial successes through hunt-forward operations and enhanced public-private partnerships, these improvements have failed to match the pace of adversarial innovation. China’s Volt Typhoon demonstrates advanced pre- positioning capabilities exploiting operational technology gaps^[7], Russia’s Sandworm has integrated cyber operations with conventional military planning^[8], and North Korea has industrialized cryptocurrency theft to fund state operations^[9]. These developments, combined with systemic coordination failures documented in government oversight reports^[10], reveal a fundamental misalignment between Western defensive architectures and the evolving threat landscape. We conclude with recommendations for structural reforms addressing classification barriers, trust deficits, technological fragmentation, and the incentive misalignment that perpetuates the current crisis in cyber deconfliction, outlining a path to restore strategic competence.

1. Introduction

Five years after Guerrero-Saade identified the fundamental challenges of nation-state cyber deconfliction, the digital domain has witnessed an unprecedented escalation in both the sophistication of attacks and the strain on defensive coordination mechanisms. The “magnet of threats” phenomenon he described—where high-value targets attract multiple nation-state actors simultaneously—has evolved into a systematic exploitation of Western coordination gaps by adversaries who have mastered the art of operating in the seams between agencies, nations, and sectors. The result is a crisis of “capability rot,” where billions are spent on cyber tools that are obsolete upon arrival, leak faster than they can be built, and face increasingly sophisticated adversaries.

This paper examines how the period from 2019-2025 has seen the transformation of cyber operations from discrete intelligence collection efforts to integrated campaigns of strategic pre-positioning, economic warfare, and coordinated disruption. Through detailed analysis of major incidents and systemic failures, we demonstrate that while Western nations have developed new coordination mechanisms, these efforts have struggled to match the pace and sophistication of adversarial innovation. The strategic advantage in cyberspace is eroding—requiring urgent action to restore Western leadership in the digital domain.

2. The Evolution of Adversarial Deconfliction

2.1 From Technical Deconfliction to Strategic Coordination

Where Guerrero-Saade identified adversarial actors embedding “anti-virus-like techniques directly into their malware,” the 2019-2025 period has seen a fundamental shift toward strategic coordination designed to exploit Western deconfliction failures. This evolution manifests in three key dimensions:

Temporal Deconfliction: This has emerged as a primary adversarial tactic. The SolarWinds campaign demonstrated sophisticated timing, with Russian SVR operators injecting malicious code in February 2020 but removing it by June—months before discovery^[11]. This temporal precision exploited the significant lag between compromise and detection, weaponizing the West’s own incident response timelines against itself. Recent analysis shows adversary breakout time has accelerated to an average of 62 minutes, while defender detection still averages 207 days—creating a timing asymmetry of nearly 1:5,400.

Attribution Deconfliction: This has become increasingly sophisticated. The 3CX double supply chain attack revealed North Korea’s Lazarus Group conducting a supply chain attack through another supply chain compromise, creating attribution complexity that paralyzed initial response efforts^[12]. Similarly, Russia’s Sandworm has perfected false flag operations, as demonstrated in the Olympic Destroyer campaign where they planted Lazarus Group indicators to misdirect attribution^[13].

Incentive Deconfliction: This represents perhaps the most insidious development. Iran’s targeting of water utilities through compromised Israeli-made PLCs exploited the gap between private infrastructure ownership and public security responsibilities^[14]. North Korea’s unprecedented cryptocurrency theft, reaching $1.34 billion in 2024 alone^[15], exploited regulatory confusion between financial and cybersecurity authorities.

2.2 The Professionalization of Cyber Operations

The 2019-2025 period witnessed the transformation of nation-state cyber operations from ad hoc intelligence collection to professionalized, industrialized campaigns. China’s i-Soon leaks revealed a mature commercial ecosystem where private contractors compete for government contracts, offering “APT-as-a-Service” with pricing models and service level agreements^[16]. This professionalization extends beyond mere technical capabilities to encompass a sophisticated understanding of Western coordination failures, contrasting sharply with a US model where an estimated 87% of defense contractors fail to meet basic cybersecurity requirements despite receiving massive contracts^[17].

3. Empirical Evidence: Major Incidents and Coordination Failures

3.1 SolarWinds: The Anatomy of Coordination Collapse

The SolarWinds supply chain compromise epitomized modern deconfliction failure. Despite Presidential Policy Directive 41 establishing clear coordination frameworks^[18], the response revealed fundamental gaps:

• Information Sharing Delays: FireEye’s December 8, 2020 detection led to public disclosure on December 13, but CISA Acting Director Brandon Wales later testified that coordination between agencies was “slow, difficult, and time consuming”^[19].
• Authority Fragmentation: The GAO found that despite nine federal agencies showing evidence of compromise, no single entity had clear authority to coordinate response across government and private sector^[20]. Senator Mark Warner characterized the response as “disjointed and disorganized”^[21].
• Evidence Collection Failures: The GAO noted “collecting evidence was limited due to varying levels of data preservation at agencies,” with some organizations lacking basic forensic capabilities^[22]. This technical deficit created cascading coordination failures as agencies couldn’t share what they couldn’t collect.

3.2 Colonial Pipeline: Private Sector Coordination Gaps

The Colonial Pipeline ransomware attack exposed the gap between private critical infrastructure and government response capabilities. Colonial Pipeline’s decision not to contact CISA directly, instead notifying only the FBI, revealed fundamental confusion about reporting responsibilities^[23]. The incident’s impact—45% of East Coast fuel supply disrupted for six days—demonstrated how coordination failures translate directly to national security consequences^[24], a problem that cannot be solved by voluntary measures alone and hints at the need for mandatory incident reporting for critical infrastructure.

3.3 MOVEit: Mass Exploitation and Notification Chaos

The Cl0p ransomware group’s exploitation of MOVEit Transfer vulnerabilities affected over 2,700 organizations and 93.3 million individuals^[25], creating a notification and remediation crisis that overwhelmed existing coordination mechanisms. The cascading nature of the compromise revealed the inadequacy of current victim notification protocols and the reactive nature of coordination, as CISA’s actions followed well after mass exploitation had begun.

3.4 3CX and i-Soon: Adversarial Coordination Superiority

The 3CX “double supply chain” attack created attribution confusion that delayed coordinated response for weeks^[26]. The February 2024 i-Soon leaks provided the counterpoint, revealing a mature Chinese ecosystem of commercial contractors with tight integration, clear reporting lines, and performance metrics^[27]. Where Western coordination relies on voluntary sharing and unclear authorities, Chinese operations demonstrated clear command structures and unified objectives, a stark contrast to the fragmented Western public-private partnership model.

4. Adversarial Innovation in Counter-Deconfliction

China’s Volt Typhoon (Strategic Pre-positioning): Volt Typhoon represents a paradigm shift from espionage to strategic pre-positioning for potential conflict. According to joint CISA/NSA/FBI advisory AA24-038A, Volt Typhoon actors have maintained access within victim IT environments for “at least five years,” with confirmed evidence of credential harvesting cycles spanning four-year periods^[28]. Its systematic compromise of critical infrastructure (communications, energy, water) exploits the gap between IT and OT security, using advanced living-off-the-land (LOTL) techniques to evade detection.

Russia’s Sandworm (Military Integration): Sandworm’s evolution from NotPetya to integrated military-cyber operations represents unprecedented coordination between digital and kinetic warfare. The October 2022 coordinated cyber-physical attacks on Ukrainian infrastructure, timed with missile strikes, demonstrated a level of integration Western defensive coordination cannot match^[29].

Iran’s Cyber-Physical Escalation: Iran’s pivot to cyber-physical operations against water treatment facilities exploits multiple coordination gaps^[30]. It keeps attacks below military response thresholds while creating public fear, calibrating action to exploit Western decision-making processes that require clear attribution and proportional response.

North Korea’s Cryptocurrency Innovation: North Korea’s systematic cryptocurrency theft demonstrates mastery of regulatory arbitrage, targeting exchanges in jurisdictions with weak anti-money laundering enforcement^[31]. The sheer operational tempo overwhelms the response capacity of law enforcement and regulatory bodies.

5. The Eroding Advantage: Structural Contradictions in Western Cyber Defense

Despite these systemic challenges, Western defensive coordination has achieved notable successes when proper frameworks are implemented. U.S. Cyber Command’s hunt-forward operations have conducted 55+ deployments since 2018, protecting over 700,000 potential victims and releasing 90+ malware samples publicly. The Joint Cyber Defense Collaborative has grown from 4 to 340+ organizations since 2021, demonstrating effective public-private coordination. International cooperation successes include Operation Duck Hunt’s dismantlement of the Qakbot botnet (affecting 700,000 infected computers globally) and the Emotet disruption that prevented an estimated $2 billion in future damages. However, these tactical victories have yet to fully address the fundamental structural asymmetries that increasingly favor adversaries.

The Paradox of Openness: Western societies’ greatest strength—openness, interconnection, and public-private partnership—creates exploitable attack surfaces. Where authoritarian adversaries operate through unified state direction, Western coordination must navigate complex stakeholder landscapes. This structural asymmetry favors offense over defense.

The Classification Trap: Information classification, necessary for protecting sources and methods, inhibits the essential information sharing for collective defense. The most valuable threat intelligence remains trapped behind classification barriers, a problem that requires implementing privacy-preserving technologies like homomorphic encryption and differential privacy. Technical solutions exist—CISA’s Automated Indicator Sharing (AIS) platform already demonstrates machine-speed threat intelligence sharing using STIX/TAXII protocols with sub-second response times. The Traffic Light Protocol (TLP) 2.0 framework, adopted across 70+ countries, has reduced sharing permission ambiguity by 85%. However, broader adoption requires moving beyond traditional classification approaches to “tear-line reporting” and time-based declassification that immediately releases indicators of compromise while protecting strategic intelligence sources.

The Accountability Dilemma: Democratic accountability requires transparency and oversight that complicate operational coordination. Where adversaries operate with unencumbered operational security, Western operations must balance effectiveness with democratic principles. This creates response delays and operational constraints that adversaries systematically exploit, necessitating a move toward blameless post-incident reviews that prioritize learning over blame.

6. Recommendations for Structural Reform

The strategic position faces a critical inflection point: comprehensive reform or continued erosion of advantage. The evidence from 2019-2025 makes clear that the status quo represents gradual strategic decline. Restoring Western leadership requires structural reforms that match the scope of the challenge. Half-measures and incremental improvements will not suffice. The following reforms are essential.

6.1 Immediate Operational Reforms

The first step is to establish a unified command structure and automated intelligence sharing. We must establish a singular authority for national cyber incident coordination, empowered to direct—not merely coordinate—response. This must be paired with standardized, mandatory incident reporting for critical infrastructure and the deployment of technical platforms for machine-speed threat intelligence sharing that bypass human delays.

6.2 Institutional Transformation

The institutions themselves must be remade for the modern era. This includes creating cross-domain security organizations optimized for the IT-OT convergence exploited by threats like Volt Typhoon. We must move beyond information sharing to true public-private operational integration, with personnel embedded in government coordination centers. Furthermore, standing international coordination bodies with pre-authorized response protocols are needed to counter adversaries operating continuously across borders.

6.3 Technical Innovation Priorities

Technology investment must shift from passive defense to proactive, resilient systems. We need defensive automation that operates at machine speed, a strategic shift to resilience over prevention, and the development of attribution-independent defenses that succeed without requiring definitive attribution, which is often slow or impossible. This requires breaking free from traditional acquisition cycles where capabilities have an average lifespan of just 32 days^[34], often arriving obsolete.

6.4 Cultural and Talent Transformation

Finally, a deep cultural shift is required. This begins with an “assume compromise” mindset and extends to a radical rethinking of talent. The current model fails to attract or retain elite talent, often excluding it through arbitrary “butts-in-seats” contracting requirements. A new approach is needed, one that establishes a National Cyber Talent Discovery Program to identify and cultivate innate talent from a young age, and creates direct government-to-talent contracting pathways that bypass legacy contractors.

7. Conclusion: The Strategic Imperative

Five years after Guerrero-Saade’s analysis, the competitive landscape has shifted dramatically. Adversarial innovation continues to accelerate, challenging Western defensive adaptation. The path forward requires acknowledging that current coordination mechanisms, designed for a previous era, must evolve to address the continuous, multi-domain campaigns of today.

The evidence from 2019-2025 demonstrates that adversaries have achieved remarkable deconfliction through unified purpose and operational integration. Western democracies must achieve equivalent coordination while preserving democratic values. This represents not merely a technical challenge, but a fundamental test of whether open societies can effectively defend themselves in a domain where their openness creates both strength and vulnerability.

The strategic advantage can be restored, but only through structural reforms that demonstrate the West’s commitment to maintaining leadership in cyberspace. The question is not whether Western democracies can afford such reforms, but whether they can afford to delay. The time for decisive action has arrived. The specific, actionable policies required to undertake this transformation are detailed in the appendix that follows.

Appendix A: Enhanced Formal Policy Recommendations: Accelerating U.S. Cyber Capabilities Beyond Current Reforms

Executive Summary

While the Trump Administration’s 2025 cyber reforms have addressed some systemic issues—launching the Software Fast Track Initiative^[35] and terminating $5.1 billion in consulting contracts^[36]—the fundamental mismatch between cyber warfare realities and acquisition timelines persists. 28.3% of vulnerabilities are now exploited within 24 hours of disclosure^[37], while DoD’s 16 mission-critical IT programs worth $51.7 billion still face cybersecurity risks^[38]. These recommendations build upon current reforms to address remaining gaps and accelerate America’s transition to continuous cyber capability development.

A.1 ENHANCING CURRENT SOFTWARE FAST TRACK INITIATIVES (0-6 months)

A.1.1 Recommendation 1: Expand AI-Powered Authorization Beyond SWFT

Policy Action: Extend the Pentagon’s Software Fast Track Initiative to all cyber-specific capabilities, not just general software acquisitions.

Current Gap: The SWFT Process currently covers supply chain security but lacks cyber-specific rapid deployment mechanisms. Traditional Authority to Operate processes still take months for cyber tools^[39].

Implementation:

• Establish separate cyber capability tracks within SWFT with 72-hour authorization targets.
• Mandate AI-powered threat modeling for all offensive cyber tools.
• Create automated red team testing pipelines integrated with the approval process.
• Require continuous monitoring and auto-revocation capabilities for compromised tools.

A.1.2 Recommendation 2: Leverage CIA DDI/IOC Innovation Models Across Government

Policy Action: Scale the CIA’s Directorate for Digital Innovation and Information Operations Center approaches to accelerate cyber capabilities government-wide^[40].

Current Success Model: The CIA DDI/IOC has demonstrated superior agility in cyber capability development through non-traditional acquisition methods and direct Silicon Valley engagement.

Cross-Agency Integration:

• DDI Acquisition Model Adoption: Extend CIA’s flexible contracting authorities to DoD and other agencies for cyber-specific capabilities.
• Talent Pipeline Coordination: Integrate DDI/IOC recruitment networks with national cyber talent discovery programs.
• Innovation Lab Replication: Establish DDI-style innovation centers within DoD and key agencies.

A.1.3 Recommendation 3: Establish Cyber Capability Expiration Standards

Policy Action: Mandate sunset clauses for all cyber capabilities based on threat landscape evolution, not arbitrary timelines.

New Standards Framework:

• Offensive Capabilities: Maximum 90-day operational deployment without validation updates.
• Defensive Tools: Mandatory refresh every 30 days based on new vulnerability disclosures.
• Intelligence Collection: Continuous effectiveness monitoring with automatic retirement triggers.

A.2 ADDRESSING LEADERSHIP AND ORGANIZATIONAL GAPS (6-18 months)

A.2.1 Recommendation 4: Create Cyber Capabilities Innovation Corps (CCIC) Within Existing Structure

Policy Action: Establish a specialized unit within the existing Pentagon framework rather than creating new bureaucracy, co-located with existing Defense Innovation Unit facilities^[41].

CCIC Structure:

• Personnel: 150 technical staff (75% military rotations, 25% industry fellowships).
• Authority: Integration with current SWFT and Other Transaction Authority mechanisms.
• Mission: Accelerate development of specific cyber capabilities with <30-day operational lifespans.

A.2.2 Recommendation 5: Modernize Cyber Personnel Security Clearance Processes

Policy Action: Implement risk-based clearance approaches for cyber specialists while maintaining security standards.

Current Progress: The Trusted Workforce 2.0 initiative has goals of 25-75 days, but current processing averages 138 days for DoD contractor secret clearances^[42].

Enhanced Implementation:

• Cyber-Specific Risk Categories: Separate pathways for offensive vs. defensive cyber roles.
• Continuous Evaluation Integration: Real-time monitoring to reduce periodic reinvestigation burden.
• Skills-Based Temporary Clearances: 30-day provisional access for critical cyber incidents.
• Allied Integration: Automatic reciprocity with Five Eyes partners for cyber operations personnel.

A.3 BUILDING ON CURRENT AI AND TECHNOLOGY INTEGRATION (12-24 months)

A.3.1 Recommendation 6: Expand Beyond Current AI Mandates for Cyber Operations

Policy Action: Build upon the administration’s AI integration requirements with cyber-specific applications, leveraging the DoD Chief Digital and AI Office^[43].

Cyber-Specific AI Requirements:

• Autonomous Threat Hunting: AI systems that independently identify and analyze new threat patterns.
• Real-Time Code Generation: Machine learning models that create exploit code within hours of vulnerability disclosure.
• Adaptive Defense Frameworks: AI that automatically modifies defensive postures based on attack evolution.
• Predictive Capability Assessment: Models that forecast cyber tool effectiveness before deployment.

A.3.2 Recommendation 7: Enhance Current Cyber Capability Sharing Mechanisms

Policy Action: Build upon existing sharing frameworks to create real-time capability distribution systems.

Enhanced Sharing Architecture:

• CIA Model Integration: Adopt DDI/IOC’s rapid capability sharing protocols across the intelligence community.
• Automated Distribution Networks: AI-managed systems for instant capability sharing.
• Deconfliction Automation: AI systems to prevent simultaneous use of conflicting capabilities.

A.4 ELITE CYBER TALENT DISCOVERY AND CULTIVATION (18-36 months)

A.4.1 Recommendation 8: Establish National Cyber Talent Discovery Program

Policy Action: Create a systematic early identification and cultivation system for natural cyber talent, modeled on proven elite performance frameworks from Olympic sports and special forces selection.

Core Philosophy: Elite cyber talent cannot be trained into existence—it must be discovered early and properly cultivated through systematic development pathways.

Talent Discovery Framework:

• Foundation-Talent-Elite-Mastery (FTEM) Model: Adapt Australia’s Olympic development framework for cybersecurity, recognizing that elite performance requires 8-12 year development timelines with 4-5% success rates from identification to mastery.
• Multi-Domain Assessment: Combine technical skills evaluation with psychological resilience testing, pattern recognition assessment, and problem-solving under stress—similar to special forces selection protocols that predict long-term success.
• Progressive Competition Structure: Establish local-regional-national-international pathway through enhanced CyberPatriot programs, university partnerships, and professional development tracks.
• Mentorship Integration: Pair emerging talent with Unit 8200-style alumni networks and industry leaders who can provide sustained guidance throughout development phases.

A.4.2 Recommendation 9: Prohibit Age and Experience Discrimination in Cyber Contracting

Policy Action: Mandate capability-based rather than credential-based contractor selection for all cyber roles.

Current Problem: Defense contractors systematically exclude 19-20 year old elite cyber talent due to arbitrary experience requirements that serve only to inflate billing rates in “butts-in-seats” contracts^[44].

Incentive Realignment Framework:

• Mandate performance outcomes rather than personnel qualifications for all cyber work.
• Require live technical skills assessments rather than resume review.
• Link contractor compensation to results, not seniority of staff.

A.4.3 Recommendation 10: Create Direct Government-to-Talent Contracting Pathways

Policy Action: Establish mechanisms for government to contract directly with elite individual talent, bypassing traditional contractors.

Current Bottleneck: The best cyber talent often cannot access government work because they lack corporate infrastructure or don’t meet arbitrary contractor requirements.

Direct Talent Framework:

• Individual Contractor Authority: Legal framework for agencies to directly contract with individuals.
• Performance-Based Compensation: Pay rates tied to capability demonstration rather than corporate markup.
• Project-Based Engagement: Short-term, high-impact assignments that attract top talent.

References

1. 1.Guerrero-Saade, J.A. (2019). King of the Hill: nation-state counterintelligence for victim deconfliction. Virus Bulletin. Link ↩
2. 2.CISA. (2020). Supply Chain Compromise Affecting SolarWinds Orion Platform. Link ↩
3. 3.GAO. (2022). Critical Infrastructure Protection: Colonial Pipeline Cyberattack Highlights Need to Better Secure Cross-Sector Systems. Link ↩
4. 4.CISA. (2023). #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Transfer Vulnerability. Link ↩
5. 5.Mandiant. (2023). Cutting Edge: A Novel Cyber Espionage Campaign. Link ↩
6. 6.Recorded Future. (2024). China-Linked i-Soon Leak Exposes PRC Hacking Operations. Link ↩
7. 7.CISA. (2023). People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Link ↩
8. 8.U.S. Department of Justice. (2020). Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware. Link ↩
9. 9.U.S. Department of Treasury. (2024). Treasury Sanctions Cryptocurrency Mixer Used by North Korea. Link ↩
10. 10.GAO. (2021). Federal Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges. Link ↩
11. 11.FireEye. (2020). Evasive Attacker Leverages SolarWinds Supply Chain Compromises with SUNBURST Backdoor. Link ↩
12. 12.Mandiant. (2023). Cutting Edge: A Novel Cyber Espionage Campaign. Link ↩
13. 13.Cisco Talos. (2018). Olympic Destroyer Takes Aim At Winter Olympics. Link ↩
14. 14.Mandiant. (2021). Reviewing the Iranian Threat Landscape. Link ↩
15. 15.U.S. Department of Treasury. (2024). Treasury Sanctions Cryptocurrency Mixer Used by North Korea. Link ↩
16. 16.Recorded Future. (2024). China-Linked i-Soon Leak Exposes PRC Hacking Operations. Link ↩
17. 17.GAO. (2019). Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities. Link ↩
18. 18.The White House. (2016). Presidential Policy Directive 41: United States Cyber Incident Coordination. Link ↩
19. 19.U.S. Senate Judiciary Committee. (2021). Oversight of the Cybersecurity and Infrastructure Security Agency. Link ↩
20. 20.GAO. (2021). Federal Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges. Link ↩
21. 21.Senate Intelligence Committee. (2020). Russian Active Measures Campaigns and Interference in the 2016 U.S. Election. Link ↩
22. 22.GAO. (2021). Federal Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges. Link ↩
23. 23.GAO. (2022). Critical Infrastructure Protection: Colonial Pipeline Cyberattack Highlights Need to Better Secure Cross-Sector Systems. Link ↩
24. 24.U.S. Department of Energy. (2021). Colonial Pipeline Initiative 100-Day Plan. Link ↩
25. 25.CISA. (2023). #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Transfer Vulnerability. Link ↩
26. 26.Mandiant. (2023). Cutting Edge: A Novel Cyber Espionage Campaign. Link ↩
27. 27.Recorded Future. (2024). China-Linked i-Soon Leak Exposes PRC Hacking Operations. Link ↩
28. 28.CISA. (2023). People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Link ↩
29. 29.CISA. (2022). Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure. Link ↩
30. 30.Mandiant. (2021). Reviewing the Iranian Threat Landscape. Link ↩
31. 31.U.S. Department of Treasury. (2024). Treasury Sanctions Cryptocurrency Mixer Used by North Korea. Link ↩
32. 34.RAND Corporation. (2018). Cyber Warfare in the C4ISR Context. Link ↩
33. 35.U.S. Department of Defense. (2024). DOD Announces Software Fast Track Initiative. Link ↩
34. 36.GAO. (2023). Defense Contracting: Opportunities Exist to Better Manage and Reduce Contract Administration Costs. Link ↩
35. 37.CISA. (2023). Known Exploited Vulnerabilities Catalog Analysis. Link ↩
36. 38.GAO. (2024). DOD Software Acquisition: Improved Leadership Attention and Governance Needed. Link ↩
37. 39.U.S. Department of Defense. (2024). DOD Announces Software Fast Track Initiative. Link ↩
38. 40.Central Intelligence Agency. (2024). Directorate for Digital Innovation. Link ↩
39. 41.Defense Innovation Unit. (2024). Mission and Vision. Link ↩
40. 42.Office of the Director of National Intelligence. (2021). Trusted Workforce 2.0. Link ↩
41. 43.U.S. Department of Defense. (2021). DOD Announces Establishment of Chief Digital and Artificial Intelligence Office. Link ↩
42. 44.GAO. (2019). Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities. Link ↩