COMMENTARY
Chris Inglis, First U.S. National Cyber Director, Semperis Strategic Advisor: For much of my career, battlefields were tangible places, deserts, cities, mountains, and oceans you could see and touch. You could point to the terrain, define the front line, and distinguish between the fight abroad and life at home. Today, one of the most consequential battlefields of all is almost entirely invisible. It is cyberspace: ambient, persistent, and woven into nearly every part of modern life.
That invisibility has led many people to misunderstand the nature of the contest now underway. Cyber conflict is still too often treated as a narrow technical issue, the province of IT departments and security teams. That is no longer sufficient. Cyber is not a side issue in modern conflict. It is a central arena in which nations compete, criminals disrupt, and societies are tested. And unlike traditional battlefields, this one is not somewhere “over there.” The front line is wherever networks exist—and today, that means almost everywhere.
We rely on digital infrastructure for the essentials of modern life. Hospitals depend on it to coordinate care and deliver medication. Utilities depend on it to keep electricity and water flowing. Financial institutions depend on it to move money and sustain commerce. Local governments depend on it to deliver emergency services, education, and social support. Even the ordinary conveniences of daily life—buying groceries, communicating with family, navigating a city—rest on systems few people ever see. When those systems fail, or are deliberately disrupted, the consequences are no longer abstract. They are immediate, personal, and public.
That is why a cyber incident should never be dismissed as “just an IT problem.” When a hospital is locked out of its systems, that is not simply a technical outage. It is a threat to patient care and, potentially, to human life. When a pipeline is shut down, the result is not merely inconvenience for engineers; it is fuel shortages, economic dislocation, and public anxiety. When a city government loses access to essential systems, the effects ripple outward to schools, first responders, and vulnerable citizens who depend on those services. In cyberspace, the attack may be invisible, but the consequences are felt in the physical world.
We should also be clear-eyed about the nature of this competition. For some adversaries, the aim is not only to steal data or extort money. It is to put critical infrastructure at risk, undermine confidence, and create a sense of disorder that exceeds the immediate scope of the breach itself. In that sense, cyber conflict is as much about psychology as it is about technology. The fear, confusion, and loss of trust that follow a major incident can do as much damage as the technical compromise that caused it.
One of the greatest challenges in this space is that defenders often still think in silos while attackers think systemically. We tend to focus on a device, a network, a data center, or a business unit. Adversaries look at the full connected system and ask where it is fragile, where dependencies converge, and how a localized breach can create broader disruption. To defend effectively, we need to adopt that wider view. The resilience of digital infrastructure cannot be built one isolated node at a time. It requires understanding how systems interconnect, where single points of failure exist, and how to ensure continuity when—not if—something goes wrong.
That mindset is not foreign to those who have served in national security. In uniform, we assumed systems would fail. We planned for disruption. We invested in redundancy, continuity of operations, and fallback options because we understood that resilience is not a luxury; it is the difference between absorbing a blow and collapsing under it. The same principle must now apply in cyberspace, from the boardroom to city hall. It is no longer enough to focus narrowly on prevention. Organizations must be able to respond, recover, and restore trust quickly when defenses are breached.
These dynamics are vividly illustrated in Midnight in the War Room, which will have its world premiere on August 5 at the Black Hat conference in Las Vegas. The film dramatizes a cyber crisis inside a hospital, where patient care is put at risk and leaders confront a grim reality: the adversary has compromised not only operational systems, but also the very backup and crisis-response plans meant to save them. The scenario is dramatized, but the underlying danger is real. Around the world, organizations are facing similar threats, often without the preparation, coordination, or resilience such a moment demands.
The broader message is straightforward. Cybersecurity is not merely about protecting data. It is about protecting lives, livelihoods, and the essential systems on which modern society depends. The battlefield may be invisible, but the war is already here. It is shaping daily life in ways many people do not yet fully appreciate. It is time we treated that reality with the seriousness it deserves.
