7 hours ago
1
Events have moved faster than doctrine. Part 1 of this series diagnosed the rise of synthetic asymmetry, an era where technological convergence allows small actors to impose disproportionate costs on states and institutions. Unlike the guerrillas of the past, today's asymmetric threats are engineered by design. This essay asks the harder question: How should democracies respond to a threat that is diffuse, deniable, and constantly mutating?
The Failure of Traditional Deterrence
The foundational flaw in applying Cold War security strategies to synthetic asymmetry is the breakdown of attribution and retaliation. Deterrence requires a clear threat of punishment against a visible state actor. Synthetic attackers thrive in gray zones: non-state groups, state proxies, or anonymous cyber operators whose acts are plausibly deniable, and whose tools can blur or obscure attribution by design.
When ransomware shuts down a critical pipeline, the target state faces a genuine conundrum. Is this an act of war demanding a kinetic response? Or a crime demanding law enforcement? That ambiguity makes the nuclear-era playbook obsolete. The attacker's goal is often strategic paralysis: erode trust, impose economic costs far exceeding the effort required to launch the operation.
The costs of these attacks, typically low-cost, remote, and cross-border, are negligible compared to the billions required for a proportional kinetic response. Traditional punitive deterrence buckles under that math.
The answer is to supplement deterrence with a doctrine of synthetic resilience: the capacity of democratic societies to absorb, adapt to, and recover from engineered multi-domain disruption before it produces strategic paralysis or loss of legitimacy. A powerful kinetic threat must remain, but democracies must also assume they will be attacked across multiple domains simultaneously. Survival depends on absorbing disruption, adapting rapidly, and ensuring the continuity of core societal functions and political legitimacy.
What the intervening period has clarified is that this assumption is no longer theoretical. Advanced AI and synthetic media are turning this from a theoretical concern into a systemic global risk (the World Economic Forum and allied intelligence communities have reached this conclusion independently) with opportunistic actors exploiting psychological profiling and emotional triggers to manipulate public perception at scale. The threat environment Part 1 described has accelerated.
The predictable objection is that synthetic resilience sounds resource-intensive and risks replicating the bureaucratic complexity it claims to replace. The cost-of-failure data argues otherwise. The 2021 Colonial Pipeline attack cost the company $4.4 million in ransom, but the downstream economic disruption across the eastern United States ran into the billions. The 2024 CrowdStrike outage, which involved no adversary at all, produced an estimated $10 billion in global losses from a single software update. The NotPetya campaign of 2017 caused over $10 billion in damage across multiple sectors and countries from a single piece of malware. Against those losses, resilience is not a fiscal luxury. It is actuarially rational. The question is never whether democracies can afford to build it. It is whether they can afford not to.
Principles of a New Doctrine
A coherent strategy cannot be built on isolated, domain-specific efforts. It must rest on three integrated principles, Alignment, Adaptation, and Agility, woven into national security planning, budgetary decisions, and interagency cooperation.
1. Alignment over Silos
Defense planners have historically treated cyber, space, and economic security as separate verticals, managed by different agencies with distinct budgets and legal authorities. Adversaries operate horizontally, leveraging convergence to create effects greater than the sum of their parts. A modern influence campaign is simultaneously a cyber attack (to steal data), a financial operation (to fund bot networks via crypto), and a kinetic risk (to incite real-world violence), often without a shot fired.
Nations must respond in kind. That means permanent interagency teams pulling together financial regulators, public health officials, and economic ministers alongside military and national security planners, trained together on synthetic asymmetry scenarios that force convergence. It also means a national risk framework that maps cascading dependencies: how a cyber attack on a single grain futures exchange could trigger a financial crisis, which enables a cognitive influence campaign built on food scarcity fears. The unit of analysis must shift from individual assets to systemic functions.
Recent events illustrate why. Rapid, uncoordinated changes to critical IT infrastructure, where operational decisions bypass standard security review, create systemic confusion between authorized and unauthorized system changes. When the mechanisms for coordination and attribution are themselves disrupted, adversaries inherit a structural advantage at no cost. This is a doctrinal vulnerability, not just an operational one.
2. Adaptation over Retaliation
The priority must shift from punishment to continuity. Against a deniable actor, resilience ensures the adversary gains nothing even if an attack succeeds (the same logic by which the internet routes around failures regardless of cause).
This requires reallocating resources toward the "invisible victory" of hardened defense over the more politically visible power projection of offense. The practical mechanism is hardening-in-depth: mandatory standards for redundancy, self-healing networks, and decentralized systems across the grid, finance, and logistics. Resilience cannot stop at government networks. It must be built into the economy itself, with strategic national reserves of critical goods and supply chains diversified enough that no single political event can halt production of essential materials.
The lesson is direct. When critical cybersecurity functions, including incident reporting oversight, real-time vulnerability monitoring, and analytical data systems, are degraded during periods of institutional restructuring, recovery timelines run into adversary windows. Denying adversaries strategic impact requires institutional capacity to be intact when the attack arrives.
3. Agility over Bureaucracy
Threats emerge at machine speed, powered by generative and agentic AI and automated reconnaissance. Acquisition cycles and regulatory processes measured in years are becoming strategically untenable.
The solution is defense architecture built around interchangeable, open-source, and rapidly updateable components. The Modular Open Systems Approach offers a workable template: technology insertion on the order of weeks, not years. Regulatory sandboxes where government agencies partner with startups to test and certify next-generation tools, from quantum-resistant encryption to AI-driven attribution models, can compress the path from lab to deployment substantially.
The goal is simple: evolve as fast as the threat. That requires institutional depth to sustain capabilities across political transitions. Agility without continuity is a vulnerability, not a strategy.
Putting the Doctrine to Work
The three-principle framework only has force if it connects to concrete action. What follows is not a comprehensive policy platform. It is an illustration of how Alignment, Adaptation, and Agility translate into operational commitments across the domains where synthetic asymmetry is already active.
Alignment: Interagency Teams, Systemic Risk Mapping, Private-Sector Crisis Agreements
Alignment means building the interagency connective tissue that adversaries already assume democracies lack. Every national security council should maintain a standing synthetic-asymmetry cell with authority to convene defense, finance, health, energy, intelligence, and private-sector infrastructure leaders before a crisis begins. A national risk framework that maps cascading dependencies, such as how a cyber attack on a grain futures exchange could enable a food-scarcity influence campaign, shifts the unit of analysis from individual assets to systemic functions.
The private sector belongs inside this framework, not adjacent to it. Corporations are no longer adjacent to national security conflict, they are participants in it, operating on infrastructure adversaries deliberately target. Legally robust agreements with critical technology and infrastructure providers, covering roles, responsibilities, and pre-agreed crisis protocols, are the mechanism. These agreements must be written to survive leadership transitions. Tax benefits and procurement preference tied to resilience standards convert security from a state-imposed cost into a financially rational business position.
Adaptation: Infrastructure Redundancy, Cognitive Inoculation, Public Health Surge Capacity
Adaptation means building systems that deny adversaries strategic effect even when attacks succeed. For physical infrastructure, that requires legally mandated geographical diversity, making single-point failure structurally impossible, and jointly funded international rapid-response capacity targeting repair times measured in days, not weeks. On space systems, rapid reconstitution matters more than norms compliance: pre-negotiated commercial surge contracts for replacement satellite launches, hardened ground stations continuously monitored for intrusion. A jammed satellite is a setback. A seized ground station is a disaster.
In the cognitive domain, adaptation means inoculation before manipulation takes hold, not crisis management after. Sweden’s model is the operational benchmark: psychological defense embedded within total defense doctrine, with a dedicated national agency running continuous environmental monitoring. Several NATO allies are already looking closely at this model. Digital provenance, verifiable watermarks and metadata on all AI-generated or heavily altered content, must become a global standard. Without it, citizens and news organizations cannot reliably distinguish reality from synthetic manipulation. An allied intelligence-sharing entity focused exclusively on influence operations would allow attribution data on foreign manipulation tactics to move across borders before the manipulation has time to work.
Public health resilience belongs in this category too. The democratization of tools like CRISPR means engineered pathogen capability is no longer exclusive to state WMD programs. Permanently maintained, distributed vaccine manufacturing facilities and stockpiles of broad-spectrum antivirals represent the same logic as military pre-positioning: make the local response fast enough that the epidemic phase never gains traction. International agreements must move beyond bans toward regulating access, with mandatory safeguards on DNA synthesis services and flagging of suspicious orders, before the capability is in widespread use.
Agility: Modular Systems, Regulatory Sandboxes, Commercial Surge Capacity
Agility means closing the gap between threat speed and response speed. Defense architecture built around interchangeable, open-source, rapidly updateable components, along the lines of the Modular Open Systems Approach, enables technology insertion on the order of weeks, not years. Regulatory sandboxes where government agencies partner with startups to test and certify next-generation tools, from quantum-resistant encryption to AI-driven attribution models, compress the path from lab to deployment. The financial domain requires the same logic: cooperative regulatory frameworks for crypto and DeFi across allied jurisdictions create a unified digital perimeter that forces transparency on illicit cross-border flows, closing the sanctions-evasion channel that currently funds a significant share of adversary low-cost operations.
Democracies hold one structural advantage that agility can amplify but authoritarians cannot replicate: decentralized command cultures that empower local actors to respond faster than centralized systems allow. The spontaneous, bottom-up innovation visible in Ukraine’s use of commercial technology is the template, capability flowing upward from the edge, not downward from the center. Alliances provide redundancy and burden-sharing no single state can match. A vulnerability in one ally’s financial system can be compensated by the strength of another. Allied nations that have invested in psychological defense, infrastructure redundancy, and cross-border intelligence sharing are likely better positioned today. That gap is widening. Maintaining trust and legitimacy under attack is the ultimate measure of democratic power. A democracy that comes through a crisis with its institutions functional and trusted has, in the most consequential sense, won.
The Path Forward
Synthetic asymmetry is not a temporary challenge. The period since this series began has confirmed that it is already shaping outcomes.
The choice before democracies has sharpened. The question is no longer simply whether they will update Cold War playbooks. It is whether they will recognize that the preconditions for synthetic resilience, including institutional depth, continuity of expertise, and coordinated capability, are themselves potential targets and must be treated as strategic assets accordingly.
Resilience infrastructure is not self-sustaining. It must be actively maintained, resourced, and insulated from the same political volatility it is designed to help societies weather. When incident reporting mechanisms, real-time vulnerability monitoring, and the talent pipelines that sustain them are degraded for any reason, the recovery timeline runs into adversary windows. The "invisible victory" of hardened defense becomes invisible in a different and more dangerous sense: it disappears precisely when it is most needed.
Synthetic resilience cannot be built after the disruption arrives. It must exist before.
Governments that adapt now will be better positioned to survive and to operate from strength. Those that inadvertently erode the institutional foundations of resilience while pursuing other priorities risk watching synthetic asymmetry become not just an adversary's tool but a permanent feature of global order.
Nuclear weapons reshaped the strategic logic of the 20th century. Synthetic asymmetry may do the same for the 21st. The choice is clear: write the doctrine of synthetic resilience, resource it, protect it, or be overtaken by disruption engineered to exploit the void.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
