Cyber Operations in Geopolitical Conflict
Dustin Droullard, a former Army intelligence analyst turned cyber threat intelligence expert, explains how nation-state cyber operations manifest during geopolitical tensions. He distinguishes between two primary approaches: espionage (quiet intelligence collection for strategic advantage) and effects (noisy operations like ransomware and DDoS intended to demonstrate attribution and alignment with geopolitical events). While cyber warfare hasn't yet reached the prominence many predicted, recent conflicts involving Iran, Israel, China, and North Korea demonstrate the convergence of kinetic and digital operations. Iranian banks were targeted in retaliation, Israeli tech research facilities faced physical missile strikes to eliminate cyber capabilities, and China's Volt Typhoon campaign appears to be staging infrastructure for future operations. Droullard emphasizes that every organization will eventually be caught up in geopolitical affairs regardless of intent, making proactive defense preparation essential before becoming a target.
Accessible Defense Resources for Under-Resourced Organizations
For organizations lacking massive cybersecurity budgets, Droullard highlights several accessible resources. Federal agencies like CISA provide critical infrastructure guidance, while the NSA and DOD Cybercrime Center offer support for government contractors. Information Sharing and Analysis Centers (ISACs) deliver affordable, sector-specific threat intelligence feeds. He advocates for industry collaboration, even among competitors, arguing that sharing threat information strengthens collective defenses without harming individual organizations. This counterintuitive approach recognizes that geopolitical threats target entire sectors, making cooperation a strategic necessity rather than a competitive risk.
The Human Factor in Cyber Intelligence
Droullard's anthropology background informs his approach to cyber threat intelligence, emphasizing that all technology is fundamentally human-created and human-operated. Cultural indicators embedded in malware source code, language settings, and infrastructure choices provide attribution clues about threat actors' geographic and cultural origins. Understanding human behavior, cultural contexts, and linguistic patterns enhances open-source intelligence investigations and strategic analysis. He argues that diverse educational backgrounds—anthropology, business, literature—develop the critical thinking skills essential for cybersecurity, challenging the notion that only computer science degrees prepare professionals for the field.
Reforming Cybersecurity Education
As an instructor at the Institute of World Politics, Droullard critiques current cybersecurity education for remaining siloed and overly generalized. He advocates for programs that integrate technical foundations with business acumen and geopolitical awareness, preparing graduates to collaborate across disciplines. Specializations are essential—SOC analysts, penetration testers, threat hunters, and CTI analysts require distinct skill sets that generalized programs fail to develop. Above all, he emphasizes critical thinking over tool-specific training, arguing that cybersecurity's dynamic nature demands professionals who can develop hypotheses, pivot on information, and operate in ambiguous scenarios rather than following prescribed workflows.
