The Column – Cyber Security Week
As 2025 comes to an end, the dominant theme has been war. An obvious observation, much less banal, however, should be the reflections that accompany it because we live in the era of hybrid conflict not because it mixes different tools, but because it confuses the categories with which we are used to interpreting war itself. The confusion comes from the convergence of the digital universe with the physical one; from the pervasiveness of the first within the second. In the physical world, war has always been a recognizable fact. There is a before and an after, a border that is violated, an enemy that takes shape with flags and uniforms. In the digital domain all this evaporates. The attack does not coincide with the beginning of hostilities, because there is no real beginning. It is a permanent condition, a latent state that occasionally emerges to the surface. Peace simply ceases to be a useful category. This ambiguity is not a flaw of language, but a structural feature of cyberspace. The Internet is another world, built on rules that have nothing to do with physics, geography or biology, although they mimic some of their features. In this environment, borders do not exist, distance does not matter and time is compressed. Continuing to interpret it with the categories of traditional warfare is like trying to measure the temperature with a ruler: the instrument is not wrong, it is simply unsuitable. If that wasn’t enough, there is a second element that contributes to this confusion: attribution. In the real world, knowing who hit you is the first step in reacting. In the cyber domain, however, the attacker’s face is often blurred, if not completely invisible. States, criminal groups, false flag operations coexist in an environment in which we only hear background noise. Thus without a clearly identifiable enemy, even the very idea of war loses consistency. Finally, there is a structural imbalance between attack and defense. In cyberspace the attacker always has an initial advantage: he chooses the moment, the target, the technique. The defender must protect everything, always, knowing that a single “door or window” is enough for someone to enter. It is not a question of skill or investments, but of the geometry of the system. And this is why declaring ourselves “ready” for a cyber war sounds more like a political formula than a technical reality. States know this, but struggle to admit it. Declaring oneself “cyber ready” is a politically useful, technically fragile formula. The digital infrastructures on which our societies are based are complex, stratified, often built over time without a unified design. Energy, transport, healthcare, finance: everything is interconnected, everything depends on systems that must work without interruptions. Defending them means chasing a perfection that, by definition, is unattainable. In this scenario, preparation takes on a different meaning. It is not the promise of invulnerability, but the ability to absorb the impact, to continue to function, to recover quickly, but in addition to being resilient it is necessary to be “resistant” because the front, in cyber, also passes through desks, habits, daily routines. Hybrid warfare does not aim to destroy, but to wear out. It is not a “blitzkrieg”, but the slow erosion of the enemy. It affects the invisible infrastructures on which daily life rests, making what we thought solid fragile. And while we try to pigeonhole her into reassuring definitions, she continues to elude us. Perhaps the real problem is not that war has changed, but that we continue to see it through the same lenses as the last 4 thousand years. However, when categories stop working, it’s not the world that’s wrong: it’s us who have to learn a new language to read it.
