Why recovery speed matters when the homeland is the cyber battlefield
According to Army Lt. General Jeth Rey, in cyber war, “the battlefield is already here in our daily lives – on our phones and smart devices, in our digital infrastructure, across the electromagnetic spectrum (EMS) and hovering unseen in our skies and beyond.”
Cyber recovery is an indicator of operational military strength, as U.S. forces recognize that breaches, disruptions and denial-of-service attacks are inevitable rather than a rare occurrence. Instead of aiming for prevention, defense agencies must adopt a military doctrine that emphasizes anticipating disruptions, absorbing cyberattacks and restoring mission-critical battlefield capabilities faster than exploitation.
The always-on cyber battlefield
Historically, personnel relegated network security to a back-office IT function, disconnected from the air, sea and land domains. Today, military leaders increasingly recognize this overlap, though confidence in secure environments can exceed current realities. Their approach matters because artificial intelligence (AI) is evolving faster than zero-trust implementations. The military no longer just defends against adversaries with predictable signatures. Instead, it faces autonomous AI agents operating from decentralized clouds. These agents act independently, beyond the reach of kinetic cyber retaliation. In this scenario, the misconception that defense agencies have control over their networks is a gift to AI adversaries. These adversaries exploit the slow adoption of cyber prevention as the attack surface expands.
Antiquated systems, hidden risks
A challenge for agencies is their reliance on antiquated systems that are hard to update and don’t support modern security protocols. Nation-state adversaries exploit these slow, predictable and rigid environments to hide, move laterally and exfiltrate data.
The Department of War (DoW) has faced — and continues to struggle with — challenges in maintaining complete, real-time oversight of its interconnected networks. Despite efforts, the immense size and complexity of the Department of Defense Information Network (DoDIN) lead to blind spots.
Recovery and continuity as battlefield advantages
U.S. Cyber Command emphasizes forward defense and has relied on this strategy since its inception for neutralizing threats before they reach U.S. networks. A proactive approach is supported by the need for robust, regularly tested recovery plans and a comprehensive strategy to ensure operational resilience and protect critical infrastructure. Therefore, agencies should elevate cyber recovery from an IT afterthought to a maneuver and logistics function. The force that can quickly restore systems to a trusted state under attack maintains operational continuity and hinders the adversary from advancing. To achieve this, agencies should adopt a Minimum Viable Mission (MVM) approach. Even if attackers get past outer defenses, mission capabilities continue to operate.
The MVM approach is grounded in several design principles:
- Immutable data backups: Defense agencies should engineer data that cannot be altered, encrypted or deleted by an adversary to ensure the truth of command data remains intact.
- Isolated recovery environments (IRE): The military requires the digital equivalent of a hardened bunker. These are segmented networks where systems can be reconstituted and verified without risk of re-infection.
- AI-enabled reconstitution: As adversaries leverage AI in attacks, the military employs AI to automate recovery drills, which ensures the operational tempo stays ahead of machine-speed disruptions hitting the network.
- Native and purpose-built defensive cyber operations capabilities: Leveraging these tactics within the backup data minimizes costs and complexity while ensuring speed, resilience and a reduced attack surface.
Mastering the degraded environment
The military must replace the illusion of "breach-free" networks with the reality of assured reconstitution. Congress has begun to shed light on these gaps through language in the National Defense Authorization Act (NDAA), but the cultural shift must occur at the command level. How readiness is measured must evolve. Commanders should be measured by how quickly they recover and protect data, not by how few alerts they receive. Agencies should also train for uncertainty to empower response cells to make time-sensitive decisions even when data is contested or degraded.
Addressing cyber conflict at home
Today’s cyber battlefield is always active and no longer geographically distant. In 2026, mission success depends on data. If data cannot be fully protected, it must be rapidly and reliably recovered, even in contested conditions. The cyber battlefield will continue to be the homeland, and defense agencies must continue adapting how they ensure mission continuity within it.
Travis currently serves as the Public Sector CTO at Rubrik helping organizations become more cyber and data resilient. Prior to Rubrik, Travis held several leadership roles including the Chief Technology and Strategy Officer at BluVector, CTO at Tychon, Federal CTO at FireEye, a Principal at Intel Security/McAfee and Leader at the Defense Information Systems Agency (DISA).
The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik.
]]>