Cyber survivability — the ability to withstand a cyberattack and keep operating — is fast becoming the Pentagon’s defining goal for the next era of conflict. In the final segment of Fed Gov Today, Francis Rose sits down with John Garstka, Director for Cyber Warfare in the Office of the Deputy Assistant Secretary of Defense for Platform and Weapon Portfolio Management, to explore how the Department of Defense (DOD) is preparing for a future in which cyber conflict is not just possible, but expected.
Garstka sets the stage by describing a world where contested cyberspace is the norm. The DoD, he explains, is working on two parallel tracks. The first track focuses on proactive activities — hardening DoD’s own systems internally, building in resilience at the platform and network level, and reducing vulnerabilities wherever possible. The second track is just as crucial: working with the commercial partners who own and operate much of the infrastructure DoD depends on to perform its missions.
Cyber Command, the National Guard Bureau, and other partners are deeply engaged in this effort. The reason is simple: the DoD cannot do this alone. The military’s supply chains, data flows, and logistics operations are all deeply intertwined with civilian infrastructure. As Garstka points out, the defense industrial base and critical infrastructure providers must be part of the solution if the nation is to stay resilient in a major cyber conflict.
To help explain the concept of cyber survivability, Garstka offers a powerful analogy: stealth technology. Just as stealth aircraft were designed from the ground up to be difficult to detect by radar, weapon systems today must be designed from the outset to withstand cyberattacks. This is not simply a software patch or a network firewall — it is a fundamental design principle. Systems must be resilient by design, capable of taking a hit, recovering, and continuing to operate under degraded conditions.
For existing systems already in service, the DoD is pursuing what Garstka calls “block upgrades.” These are targeted improvements meant to secure data buses, harden critical components, and align dedicated cyber defenders to each mission platform. In practice, this means making sure that an F-16, a ground vehicle, or a ship can keep performing its mission even in the event of a cyber intrusion.
The DoD has been testing these concepts in real-world conditions. Garstka points to recent experiments at Edwards Air Force Base where sensing and monitoring technologies were deployed across operational technology systems. These tests proved that integrated monitoring can detect intrusions quickly, gather actionable data, and even support predictive maintenance. In one case, such monitoring helped investigators understand the sequence of events leading to an in-flight engine fire — data that might otherwise have been lost.
Despite these promising developments, Garstka is candid about the threat landscape. Adversaries, he says, are already “inside the wire.” In other words, foreign cyber actors have pre-positioned themselves inside U.S. systems, ready to act when the timing suits them. This reality changes the mission: it is no longer just about keeping adversaries out, but about ensuring that the U.S. military can “operate through compromise.” That means having contingency plans, segmenting networks so attackers cannot move laterally, and recovering functionality as quickly as possible when an incident occurs.
Garstka concludes with a striking historical parallel. Before the attack on Pearl Harbor, U.S. Navy leadership assumed that Japanese torpedoes could not function in the shallow waters of the harbor. As a result, no torpedo nets were deployed — a costly miscalculation. Today, Garstka and his team are determined not to make the same mistake in cyberspace. Their goal is to metaphorically “deploy the torpedo nets” ahead of time, anticipating adversaries’ capabilities and building defenses that blunt attacks before they can succeed.
The message from the Pentagon is clear: cyber survivability is not optional. In an era where cyber operations will be integral to any future conflict, the ability to withstand attacks, keep critical systems online, and complete the mission is central to national security. The work being done now — from proactive hardening to industry collaboration — is laying the groundwork for a U.S. military that can fight and win, even in the harshest digital battlespace.