{"id":226943,"date":"2026-06-05T16:15:00","date_gmt":"2026-06-05T20:15:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/05\/a-first-step-to-unpacking-cyber-deception-and-intelligence-contests\/"},"modified":"2026-06-05T16:25:12","modified_gmt":"2026-06-05T20:25:12","slug":"a-first-step-to-unpacking-cyber-deception-and-intelligence-contests","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/05\/a-first-step-to-unpacking-cyber-deception-and-intelligence-contests\/","title":{"rendered":"A First Step to Unpacking Cyber, Deception, and Intelligence Contests"},"content":{"rendered":"<p><a href=\"https:\/\/www.lawfaremedia.org\/article\/a-first-step-to-unpacking-cyber--deception--and-intelligence-contests\">A First Step to Unpacking Cyber, Deception, and Intelligence Contests<\/a><\/p>\n<p><a href=\"https:\/\/www.lawfaremedia.org\/article\/a-first-step-to-unpacking-cyber--deception--and-intelligence-contests\">https:\/\/www.lawfaremedia.org\/article\/a-first-step-to-unpacking-cyber&#8211;deception&#8211;and-intelligence-contests<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-05 16:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.lawfaremedia.org\">www.lawfaremedia.org<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n                    In our first jobs in cybersecurity, at the Pentagon in 1998, Greg Rattray and I had to help the Air Force to \u201cnormalize\u201d cyber and other information operations. But was it more \u201cnormal\u201d to treat such operations as an aspect of intelligence or instead as warfighting in a new domain? Our answer matters little to history, as the Air Force and Pentagon subsequently seesawed many times about what was \u201cnormal.\u201dJon Lindsay\u2019s \u201cAge of Deception\u201d sides with those saying cyber operations predominantly serve intelligence functions. Since cybersecurity is driven by the \u201clogic of deception,\u201d normalizing it requires treating it as a new form of an ancient type of international contest, what he calls \u201csecret statecraft.\u201d\u201cAge of Deception\u201d is two books in one. The first explores secret statecraft, drawing from international relations, intelligence, and cyber conflict. Anchored in crucial case studies, it provides novel insights about how the logic of deception affects gray-zone cyber competition between states.The second book extends that foundation to claim that all of cybersecurity\u2014not just the competition between states taking place in cyberspace, but all of it\u2014is best seen through the lens of deception. Here Lindsay overreaches. Deception of course matters, but he overlooks other key factors, especially vulnerability.Deception in cybersecurity may never have received such sustained attention from an academic of Lindsay\u2019s caliber. His book deserves the attention of all those interested in the ways in which governments use their intelligence and cyber capabilities. The book\u2019s importance would have been magnified had he either focused more fully on developing his theory of deception and secret statecraft or more systematically addressed the complex ways deception plays out across all of cybersecurity.Deception and Secret Statecraft\u201cSecret statecraft,\u201d the book begins, \u201cis the use of organized deception for strategic advantage.\u201d And while it is an ancient practice, \u201ccyberspace dramatically expands the scope and scale of secret statecraft,\u201d expanding the opportunities \u201cbut also its liabilities.\u201d After all, Lindsay argues, \u201cif technology gives advantages to the offense in intelligence then defenders can enjoy the same advantage in counterintelligence.\u201dLindsay\u2019s theory of secret statecraft uses well-chosen case studies to demonstrate how \u201cvulnerable institutions (a permissive operational environment) and clandestine organization (a proficient operational actor) improve intelligence performance (persistent secret channels)\u201d as actions across intelligence contests. His cases\u2014Bletchley Park in World War II, Stuxnet, Russia\u2019s 2016 election interference, and Chinese cyber power\u2014are indeed \u201ccritical cases\u201d in the history of cybersecurity that \u201cany theory of intelligence performance must be able to explain.\u201dAnd explain them he does, to me most convincingly for the joint U.S.-Israeli Stuxnet malware program, as \u201csecret statecraft offered a third option\u201d to disrupt Iranian nuclear enrichment, \u201cbetween war and doing nothing.\u201d Lindsay explains how the United States \u201cused covert action to dissuade Israel from starting a preventive war [and] encouraged Iran to enter diplomatic negotiations.\u201d Readers will especially appreciate Lindsay\u2019s candid assessment of his earlier take on Stuxnet, framed as a case of cyberwarfare, compared to the greater explanatory power of the lens of secret statecraft.His theory, backed by these cases, leads to important insights:\u201cNetwork intrusions are at once a normal feature of global politics and an enduring source of dread, threatening yet tolerated, provocative yet restrained, alluring yet frustrating, neither peaceful nor warlike.\u201dA \u201cparadoxical feature of the digital liberal order is that it interconnects its own challengers\u201d\u201cIt is profoundly mistaken to describe cyberspace as anarchy. On the contrary, cyberspace is the largest experiment in institutions that we have ever had.\u201d\u201cThe most complex system of control ever devised by humanity, in turn, gives rise to the most complex contests of deception in history.\u201d\u201cWe have China to thank, in no small part, for the professional state of the art in cybersecurity today.\u201dLindsay is slinging truth here, and I wish there were more of it. Countless tiny details\u2014such as the internal schematics of Germany\u2019s Enigma machine\u2014could have been dropped to leave room for other predigital cases, such as Washington\u2019s Culper ring or Richelieu\u2019s \u201cCabinet Noir\u201d. It is likewise a shame that his Russia example includes only the 2016 election interference, untethered from previous dark exploits of the NKVD or KGB or current sabotage and assassination plots of the GRU.Such cases would have added strength to his arguments that the patterns of deception are timeless and will not be changed, for example, by changes in technology such as artificial intelligence (AI).And while many readers will appreciate the case study on Chinese cyber power, a narrower case study on Chinese theft of intellectual property would have better built on the prior case studies. Or Lindsay might have tested his theory by comparing China\u2019s cyber power with Russia\u2019s, Iran\u2019s, and the United States\u2019, as Daniel Moore does in his 2022 \u201cOffensive Cyber Operations.\u201dStill, readers interested in the interplay of intelligence, international relations, and cyber will gain many historical insights from these chapters.Jamming Cybersecurity Into a Deception-Based TheoryThe book is not as convincing that all of cybersecurity should be understood through Lindsay\u2019s preferred lens of secret statecraft and deception. It was hard at times to understand whether statements such as the following were assumptions, strawmen, or conclusions:Cybersecurity is all about \u201cdeceiving deceivers\u201d in which defenders have \u201creinvent[ed] classic counterintelligence practice.\u201d\u201cInformation technology does not create any simple (systemic) advantage for offense or defense.\u201d\u201cIf technology gives advantages to the offense in intelligence, then defenders can enjoy the same advantage in counterintelligence.\u201d\u201cThese patterns are unlikely to change with artificial intelligence or any other technology \u2026 because technology did not create these patterns in the first place.\u201d\u201cThis reality is at odds with the popular assumption that cyberspace makes hacking cheap and easy for weaker actors.\u201d\u201cThere is \u2026 a state-centric bias in my cases, there is also a state-centric bias at the higher end of the spectrum of cyber conflict.\u201dBy being \u201cnoisy,\u201d ransomware operations create a \u201cless permissive environment for future operations.\u201dLindsay might have been able to support such definitive statements, but not just with four cases, all similarly focused on high-end intelligence forces in sensitive operations. Of those, one (Bletchley) was pre-internet, another swerved into disinformation (election interference), and a third into domestic information control (China). You cannot shed much meaningful light into cybersecurity, much upend it, with just one full (Stuxnet) and two half cases.U.S. cyber operations focus on quality; nearly everyone else depends on quantity. As I wrote in Lawfare in 2021, relying too much on the \u201csingularly high-end, targeted and sophisticated\u201d Stuxnet is \u201clike trying to understand the dynamics of the global auto industry using a case study of Rolls-Royce,\u201d but ignoring down-market GM, BYD, and the secondhand car market.Josephine Wolff explores both quality and quantity with a broader set of nine cases in \u201cYou\u2019ll See This Message When It Is Too Late\u201d; Scott Shapiro likewise used 10 in \u201cFancy Bear Goes Phishing.\u201dBy ignoring quantity, Lindsay misses the main reasons cyber practice and literature argue there is a bias to the offense. \u201cAge of Deception\u201d accordingly needed a survey exploring the role of deception in cybersecurity and reinforced with other \u201ccritical cases\u201d that any theory \u201cmust be able to explain,\u201d such as fraud, cybercrime, and ransomware.Had he done so, he might have found that assessments on topics such as offense bias are guided not by \u201cpopular assumptions,\u201d but by literature driven by databases with over 22,000 confirmed data breaches just in 2025. These drive billions of dollars of investment, and Federal Reserve economists have found such tools rigorous enough to improve predictions of \u201cwhether a bank will experience a cyber incident within the next year.\u201dMany such findings, we shall see, bolster Lindsay\u2019s own; others the opposite. Missing such context, Lindsay both underanalyzes deception and overemphasizes its importance in cybersecurity.Underanalyzing DeceptionLindsay missed opportunities to explore the rich role of deception in cyberspace.For example, to attempt to eliminate deception, zero-trust architectures have become a $48.3 billion market by assuming that all people, systems, agents, and actions are fraudulent unless repeatedly proved to be authentic.Indeed, whether cyber defenders are better at finding or attackers are at hiding is such a core question that practitioners have long prioritized precise measurements. In 2011, it took on average 416 days to discover a breach. By 2018, 31 percent of incidents were discovered within 30 days, improving to 61.6 percent by 2025, driven by advancements in technologies like end-point detection and response and security incident and event management (with market sizes of $6.3 billion and $12 billion, respectively).This reduction is needed but not enough. The fastest quartile of attackers in 2025 were using AI and other advanced automation tools to exfiltrate information within 72 minutes, down from 285 minutes the year prior. This feels like an advantage as even AI-driven defenses struggle to detect so quickly, much less stop the bleeding.These are not obscure statistics; they are crucial to cybersecurity practice and literature. \u201cAge of Deception\u201d would have been richer with a chapter-length survey of such factors.Lindsay\u2019s arguments rely heavily on his assessment that technology gives defenders the \u201csame advantages\u201d as the offense. But does this include all information technologies or only some? Are the advantages necessarily the same, with zero bias either way? Does balancing happen automatically or is it conditional on defenders\u2019 implementation? Is there a lag between when the advantages accrue to offense versus defense?This needed further exploration, not least to understand the impact of AI. Any conditionality or lag is likely to prefer the offense: a small number of agile, focused predators choosing from a herd of plodding, low-capability prey.Lindsay might also have examined why his assessment that the offense has no overall advantage in the intelligence contest of cybersecurity differs from those of Gen. Michael Hayden, who regularly referred to an internet-driven \u201cgolden age\u201d of signals intelligence, and Chris Inglis, who wrote that the score in cyberspace \u201cis not 1-0 or 2-1; the score is 423 to 352. That is not a game you want to be in if you are a defender.\u201d\u201cAge of Deception\u201d accordingly needed chapters on fraud, cybercrime, or ransomware or a survey chapter on the complex interplay of deception across all cybersecurity.Fraud. AI \u201cis transforming criminal practice by industrializing deception, compressing attack cycles, and corroding evidentiary trust,\u201d with AI-generated phishing clicked on nearly half the time and over four times more frequently than traditional frauds. Equal improvements in counterdeception seem distant: Neither human nature, corporate controls, nor law enforcement can easily match technology\u2019s acceleration of fraud.Cybercrime. Enabled by U.S.-government funded innovations, dark web sites rely heavily on deception to sell malware, drugs, and weapons while groups such as Scattered Spider\/Lapsus$ have had substantial success not easily explained by \u201cAge of Deception.\u201d Mostly teenagers or in their early 20s, and using attacks of only modest sophistication, their campaigns had repeated successes against well-defended targets such as Microsoft and major casinos.Ransomware. Similar dynamics drive ransomware, on which Lindsay spends fewer than 200 words. In the closing pages of the book, he dismisses all ransomware, because the DarkSide gang only got a $4.4 million payment from Colonial Pipeline in 2021.There are few aspects of offensive cyber operations, however worrying, which are not similarly rejected. There\u2019s always another side, always some difficulty in trying to pull off a success. \u201cAge of Deception\u201d is rarely so generous to defenders and the complexity and difficulties they face fending off relentless attackers.A richer assessment would not have ignored the nearly 1,800+ ransomware victims that same year of 2021 from whom $602 million was successfully extorted. It is not clear that being \u201cnoisy\u201d is such a losing proposition, nor how the environment became subsequently \u201cless permissive,\u201d when gangs stole a further $1.1 billion the following year, targeting 2,800+ victims. Indeed, 2022 would have been even worse had the FBI not used their own deceptive operations to infiltrate the Hive ransomware group. An \u201cage of deception\u201d indeed!President Biden, in contrast to Lindsay, treated Colonial Pipeline and related ransomware attacks as core to Russian secret statecraft. Making it a central topic of his one-and-only summit with Russian President Vladimir Putin, Biden might disagree with Lindsay about making too much of any \u201cstabilizing\u201d role of cyber operations.Lindsay missed these opportunities to explore secret statecraft and cybersecurity. Can we really say nothing meaningful, as Lindsay would have it, about some kind of offense advantage using such statistics without individually examining tens of thousands of cases?Overemphasizing DeceptionDeception is important, but it is incorrect to treat all of cybersecurity as secret statecraft in an intelligence contest.A book on deception in American football would be an amazing read, exploring its impact as offense and defense compete over 60 minutes of iterated violence. A book that reduced all football to a deception contest might not, as it would minimize aggression, skill, strength, speed, and strategy.It was the development of cryptocurrencies, after all, not any improvements in deception, which sparked the rise of ransomware, as criminals could easily monetize their intrusions. Across a range of criminal behavior, \u201cillicit cryptocurrency addresses received at least $154 billion in 2025,\u201d a 162 percent annual increase. Cryptocurrencies supersize crime with few compensating defensive advantages. Yet \u201cAge of Deception\u201d mentions them only once.In addition, many simple and devastating attacks barely rely on deception. The first White House cyber summit, in 2000, was convened in response to denial-of-service attacks against web-commerce sites. And cybersecurity from 1998 to 2005 was driven by the \u201cgreat worms\u201d like ILOVEYOU, Melissa, Nimda, Slammer, and Sobig, which caused astounding levels of disruption. Sobig itself caused perhaps $37 billion in damage. None of these was caused by states; several were the handiwork of teenagers.Moreover, \u201cAge of Deception\u201d would have been more relevant in 2026 had it built on Moore\u2019s distinction in \u201cOffensive Cyber Operations\u201d between military-like event-based attacks and deception-reliant, intelligence-like presence-based attacks. Lindsay elsewhere calls it a \u201ccategory mistake\u201d to consider offensive cyber effects as anything other than an intelligence contest, a perhaps uncomfortable contrast with the Pentagon\u2019s seeming wartime enthusiasm for its Joint Integrated Fire Center.Likewise, though Lindsay includes \u201cvulnerable institutions\u201d as a core part of his theory, he does not explore cyber vulnerabilities in any depth, missing three opportunities to enrich his book and our understanding.First, common-mode vulnerabilities allow attackers to have impact-at-scale. The worms mentioned above \u201cspread from one to another computer at high rates,\u201d a group of cybersecurity luminaries wrote in 2003, because \u201cthey did not have to guess much about the target computers because nearly all computers have the same vulnerabilities.\u201d Such \u201cunacknowledged correlated risk of cyberspace\u201d leads to very unpredictable, extremely high-consequence incidents.\u00a0Broadly similar logic applies to ransomware. Such quantity-versus-quality, one-on-multitude attacks succeed because the attackers need not be interested in highly deceptive, \u201ccomplex operations against sensitive targets,\u201d just whichever will pay them off.Second, most organizations skip \u201cdeceiving deceivers\u201d to prioritize risk management, especially patching vulnerabilities. As Jen Easterly, former head of the Cybersecurity and Infrastructure Security Agency summarized, \u201cthe United States does not have a cybersecurity problem. It has a software quality problem.\u201dAnd there are already a lot of vulnerabilities. Despite improvements in application security (to fix bugs early, a $14.8 billion market), the growth rate of vulnerabilities has held steady over the past several years, with 237,687 known vulnerabilities as of May 2024, of which approximately 14,000 have been actively exploited. The year 2025 was particularly challenging, with a 36 percent increase in highly exploitable, high-severity flaws.Worse, the gap from when vulnerabilities are first reported to when they are first exploited dropped precipitously from 2.3 years in 2018 to 2.6 days in 2026, outpacing the average patching cadence of organizations, which barely improved, from 252 to 243 days, despite the $17.8 billion market for vulnerability-management tools and services.Vulnerabilities also drive public policy, to convince companies to include security by design and default, reduce market incentives for insecure software, push for memory safe languages, and reduce single points of failure.Third, there is no iron law that technology need affect attackers and defenders equally. AI might revolutionize deception and counterdeception, but it is first revolutionizing vulnerability discovery. The Cloud Security Alliance recently warned:AI, as demonstrated by Anthropic\u2019s Mythos, has significantly increased the likelihood of attackers discovering new vulnerabilities, creating new exploits, and using them in complex automated attacks at scale. While AI also increases the speed of patch development and reduces defects in new software, defenders still face a heavier relative burden due to the inherent limitations of patching. Attackers gain asymmetric benefits.Lindsay suggests all such assessments are mistaken: Since there is no systemic bias, assessments of offense-defense bias can be understood only via \u201cdetails of specific cyber campaigns \u2026 between particular competitors in specific circumstances.\u201dAs Lindsay\u2019s theory suggests, Mythos and other AI systems may someday provide enough defensive benefit to balance the gains to attackers, or even to surpass them. Easterly agrees that \u201cwe may finally have tools powerful enough to begin reducing the cost and difficulty of addressing the root causes of cyber risk.\u201dBut success is not guaranteed, she continues, as \u201cprogress will still depend on human judgment, institutional will, and organizations prepared to do the hard work of acting on what these systems reveal.\u201dPessimistic readers will note these are precisely the same elements that were lacking in the decades prior to the rise of AI.Conclusion\u201cAge of Deception\u201d is a good read, rich with detail and insights on secret statecraft and intelligence contests. It weaves together technology, international relations, and intelligence studies to shed important light on intelligence power, which states have increasingly been using to contest one another below the level of armed conflict. Lindsay\u2019s retelling of Stuxnet and of Russia\u2019s 2016 election interference were especially compelling to this reviewer.Deception matters in cybersecurity, and Lindsay is spot on with his conclusions about high-end cyber operations against well-defended targets. Echoing what Rattray wrote in 2001, strategic effects in cyberspace are indeed difficult, especially against the \u201csecurity one percent\u201d of truly capable defenders.However, because Lindsay dismisses non-state cyber incidents\u2014the vast majority\u2014and a substantial amount of cybersecurity literature and practice, readers should be cautious about the applicability of his theory and conclusions for cybersecurity to the rest of us.And can any of us be sure that future deception will play out the same as it has since before Machiavelli, when most of the participants are nonhuman intelligences?This book would have surpassed Lindsay\u2019s earlier, excellent \u201cInformation Technology and Military Power\u201d had his editors pushed him to either write the best book on deception and secret statecraft or the best on deception and cybersecurity. By aiming for both, he hit neither.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A First Step to Unpacking Cyber, Deception, and Intelligence Contests https:\/\/www.lawfaremedia.org\/article\/a-first-step-to-unpacking-cyber&#8211;deception&#8211;and-intelligence-contests Publish Date: 2026-06-05 16:15:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":226944,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/lawfare-assets-new.azureedge.net\/assets\/images\/default-source\/article-images\/artificial-intelligence-(ai)-security.jpg?sfvrsn=982907ba_5","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,30,24,32,25,27],"class_list":["post-226943","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-breach","tag-cybersecurity","tag-malware","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226943"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=226943"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226943\/revisions"}],"predecessor-version":[{"id":226945,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226943\/revisions\/226945"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/226944"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=226943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=226943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=226943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}