Risky Bulletin: Between Two Nerds – "Make Cyber, Not War"

Hosts: Tommy Wren & Grok
Date: April 6, 2026

Episode Overview

In this episode, Tommy Wren and Grok dive into the evolving cyber dimension of the recent war involving Iran, the US, Israel, and Gulf States. The discussion focuses on how cyber tactics are being leveraged for intelligence, disruption, and escalation management, with parallels drawn to prior Russian strategies in Ukraine. The hosts analyze reported events, operational doctrines, and the calculated restraint or use of cyber capabilities against critical infrastructure. The episode explores whether "cyber war" is overtaking traditional kinetic options and what this means for the future of international conflict.

Key Discussion Points

1. Initial Cyber Activity in the Iran Conflict

Early Days: Conventional news had little to report in the war's early days, but US officials were keen to highlight their cyber operations.
US & Israeli Operations: Reports cited high-profile actions, such as Israel compromising Tehran's traffic cameras and targeted disabling of Iranian infrastructure to support air strikes.
- Quote:
  “The Americans … used cyber attacks before the airstrikes to disrupting and degrading and blinding Iran's ability to see, communicate and respond.”
  —Grokk, referencing US General Dan Kane (02:18)

2. Intelligence Sharing and Adoption of Russian Cyber Doctrine

Iran Following Russia’s Lead: Iran appears to be emulating Russia’s use of cyber operations for battle damage assessment (BDA) and intelligence, especially targeting local municipalities.
- This method exploits the lower security of local offices and yields more accurate emergency response information.
- Quote:
  “Iran started doing that immediately. They opened not just with the strikes, but with this type of BDA ... you would figure this out, but it's not obvious you would start with it.”
  —Grok (03:22)
Indications of Russian Support:
“It feels very much like they [Russians] were supplying this sort of trade craft.”
—Grok (06:07)

3. The Value & Methodology of Municipal Espionage

Targeting Local Administration:
- Discussed the intelligence cycle (SIGINT/OODA loop) and the challenge of rapidly recognizing and infiltrating local admin IT systems.
- Quote:
  “There's a lot of reconnaissance that has to be done first and the fact that they're doing this so quickly ... is a sign of intelligence sharing.”
  —Grokk & Tommy (06:07–07:45)

4. Cyber Operations as an Accessible Tool for "Tier 2 or Tier 3" Powers

Accessibility: Even lesser powers can mimic these cyber strategies without needing vast ISR (intelligence, surveillance, reconnaissance) resources.
- Quote:
  “If you can launch a Shahed, you can absolutely support a cyber team that can break into the provincial administration.”
  —Grok (08:15)
Suitability for Top Powers Too: Espionage via cyber can supplement even the most advanced ISR.

5. Escalation Management: Absence of "Spectacular" Attacks

Restraint in Critical Infrastructure Attacks:
- Despite Israeli claims of widespread business disruption (e.g., wiping 50 companies), there’s conspicuously no publicized successful attack on critical infrastructure (power, water, etc.).
- Quote:
  “There's no mention of a single attack on critical infrastructure—nothing disruptive. And I thought, I was frankly a bit surprised.”
  —Tommy (11:22)

6. The Escalatory Nature of Cyber vs. Kinetic

Cyber as Escalatory?—Discussed ongoing academic debate, but both agree escalation is political, not technical.
- Quote:
  “It's a political decision whether you escalate or not. And it's got nothing to do with what happened.”
  —Grok (13:17)

7. Deterrence and The Role of Media

Risk of Provoking Overreaction:
- Any attack on Gulf critical infrastructure could provoke American (or allied) kinetic response—potentially why Iran is holding back.
- Media Sensitivity:
  “Even the most minor cyber attack on a critical ... would be big news ... I think we would have heard about it.”
  —Tommy (12:00)
- Strategic Calculus:
  “It’d be very rational to make sure your responses are either things the US can't do anything about, like the Strait of Hormuz, or are one-to-one tit-for-tat.”
  —Grok (15:21)

8. Pre-positioning and Reconnaissance

Gathering Intelligence Over Disruptions:
- Iran’s hackers are reportedly focused on pre-positioning inside engineering and infrastructure networks for future options, rather than immediate destructive actions.
- Quote:
  “Doing BDA for drone attacks is actually more valuable ... Even doing ISR for future attacks. So if you do get onto an electrical station ... you're much better off using that access to find out where everything is, what the most vulnerable parts are.”
  —Grok (18:16)

9. Information Operations & Public Messaging

Psychological Operations:
- Iranian hackers reportedly took over digital signs in Israeli train stations, displaying messages like “the subway is not safe right now”—evocative of tactics used by Israeli-linked groups against Iran in the past.
- Quote:
  “He specifically mentioned an Iranian cyber attack that took over digital signs at Israeli railway stations displaying panic inducing messages such as ‘the subway is not safe right now.’”
  —Tommy (21:25)
- Both hosts recognize these as attempts to sway public sentiment but regard their impact as limited.

10. Long-Term Outlook: Cyber as the Persistent Battlefield

Cyber "Ceasefire" Is Not Synchronous:
- Even after kinetic hostilities end, cyber operations continue—and may even intensify.
- Quote:
  “Even if the kinetic war with Iran and Hezbollah ends, there will be no ceasefire in cyberspace. … The number of cyber attacks on Israel doubled.”
  —Tommy, quoting Israel’s National Cyber Authority (24:45)
- Further, Tommy and Grok agree: “If you had to choose between a bomb and a cyber attack, you would rather be hit with a cyber attack.” (16:35)

Notable Quotes & Memorable Moments

US & Israel’s Heavy Communication:
“The generals immediately went and called up all the reporters and said, ‘I can’t talk about it, but here’s what happened.’”
—Grok (01:22)
On Escalation Management:
“The only thing worse than blowing up all the critical infrastructure in the Gulf on purpose is to do it by accident.”
—Tommy (13:22)
On Pre-positioning:
“If the worst comes to the worst, then we will do that as well. … But it doesn’t really, I think, make any difference.”
—Tommy (17:33)
SOE Locomotive Reference:
“When they were training SOE operatives to blow up locomotives in France, what you’re supposed to do is the pistons that drive the wheels… The pistons are like precision made things and very hard to get. … The train is out for two weeks, whereas if you blow a hole anywhere else, it’s out for a couple of hours.”
—Grok (18:45)
Summary Conclusion:
“I guess that’s the best case for a resolution is that less bombs, but more cyber attacks—make cyber, not war.”
—Tommy (25:55)

Timestamps for Important Segments

00:11–01:09: Introduction; overview of lack of initial Iranian cyber response; Stryker attack recap
01:09–02:18: US and Israeli offensive cyber actions—traffic cameras, comms disruption
03:22–05:28: The Russian municipality model adopted by Iran; challenges in targeting local government
06:07–07:45: Rapid adaptation—signs of Russian support; reconnaissance hurdles
08:15–09:11: Cyber as a tool for all military tiers
10:04–12:14: Lack of critical infrastructure attacks; theories on intent/escalation
13:17–14:06: Debate on cyber as escalation; media and political context
15:21–16:05: Escalation management and deterrence logic
17:33–18:45: Pre-positioning vs. active disruption; intelligence value
21:15–22:19: Information operations—digital sign hacks; callback to past incidents
24:45–25:55: Ongoing, post-ceasefire cyber ops; “make cyber, not war” conclusion

Tone & Style Notes

The conversation remains analytical, insightful, and leavened with dry, self-aware humor—Grok, in particular, uses wry language and real-world intelligence analogies.
Both hosts favor analysis over alarmism, framing developments as rational choices within broader conflict management rather than sensational cyber “doomsday” events.

Takeaway

This episode of Between Two Nerds presents a nuanced view: In modern conflict, cyber operations serve as both an intelligence multiplier and a tool for managing escalation, often preferred—or at least contained—over disruptive kinetic actions. The future of warfare will likely see cyber persist as a parallel, sometimes primary, domain of contest even as bombs stop falling. As Tommy sums up: “Less bombs, but more cyber attacks—make cyber, not war.”

Risky Bulletin: Between Two Nerds – "Make Cyber, Not War"

Hosts: Tommy Wren & Grok
Date: April 6, 2026

Episode Overview

Key Discussion Points

1. Initial Cyber Activity in the Iran Conflict

Early Days: Conventional news had little to report in the war's early days, but US officials were keen to highlight their cyber operations.
US & Israeli Operations: Reports cited high-profile actions, such as Israel compromising Tehran's traffic cameras and targeted disabling of Iranian infrastructure to support air strikes.
- Quote:
  “The Americans … used cyber attacks before the airstrikes to disrupting and degrading and blinding Iran's ability to see, communicate and respond.”
  —Grokk, referencing US General Dan Kane (02:18)

2. Intelligence Sharing and Adoption of Russian Cyber Doctrine

Iran Following Russia’s Lead: Iran appears to be emulating Russia’s use of cyber operations for battle damage assessment (BDA) and intelligence, especially targeting local municipalities.
- This method exploits the lower security of local offices and yields more accurate emergency response information.
- Quote:
  “Iran started doing that immediately. They opened not just with the strikes, but with this type of BDA ... you would figure this out, but it's not obvious you would start with it.”
  —Grok (03:22)
Indications of Russian Support:
“It feels very much like they [Russians] were supplying this sort of trade craft.”
—Grok (06:07)

3. The Value & Methodology of Municipal Espionage

Targeting Local Administration:
- Discussed the intelligence cycle (SIGINT/OODA loop) and the challenge of rapidly recognizing and infiltrating local admin IT systems.
- Quote:
  “There's a lot of reconnaissance that has to be done first and the fact that they're doing this so quickly ... is a sign of intelligence sharing.”
  —Grokk & Tommy (06:07–07:45)

4. Cyber Operations as an Accessible Tool for "Tier 2 or Tier 3" Powers

Accessibility: Even lesser powers can mimic these cyber strategies without needing vast ISR (intelligence, surveillance, reconnaissance) resources.
- Quote:
  “If you can launch a Shahed, you can absolutely support a cyber team that can break into the provincial administration.”
  —Grok (08:15)
Suitability for Top Powers Too: Espionage via cyber can supplement even the most advanced ISR.

5. Escalation Management: Absence of "Spectacular" Attacks

Restraint in Critical Infrastructure Attacks:
- Despite Israeli claims of widespread business disruption (e.g., wiping 50 companies), there’s conspicuously no publicized successful attack on critical infrastructure (power, water, etc.).
- Quote:
  “There's no mention of a single attack on critical infrastructure—nothing disruptive. And I thought, I was frankly a bit surprised.”
  —Tommy (11:22)

6. The Escalatory Nature of Cyber vs. Kinetic

Cyber as Escalatory?—Discussed ongoing academic debate, but both agree escalation is political, not technical.
- Quote:
  “It's a political decision whether you escalate or not. And it's got nothing to do with what happened.”
  —Grok (13:17)

7. Deterrence and The Role of Media

Risk of Provoking Overreaction:
- Any attack on Gulf critical infrastructure could provoke American (or allied) kinetic response—potentially why Iran is holding back.
- Media Sensitivity:
  “Even the most minor cyber attack on a critical ... would be big news ... I think we would have heard about it.”
  —Tommy (12:00)
- Strategic Calculus:
  “It’d be very rational to make sure your responses are either things the US can't do anything about, like the Strait of Hormuz, or are one-to-one tit-for-tat.”
  —Grok (15:21)

8. Pre-positioning and Reconnaissance

Gathering Intelligence Over Disruptions:
- Iran’s hackers are reportedly focused on pre-positioning inside engineering and infrastructure networks for future options, rather than immediate destructive actions.
- Quote:
  “Doing BDA for drone attacks is actually more valuable ... Even doing ISR for future attacks. So if you do get onto an electrical station ... you're much better off using that access to find out where everything is, what the most vulnerable parts are.”
  —Grok (18:16)

9. Information Operations & Public Messaging

Psychological Operations:
- Iranian hackers reportedly took over digital signs in Israeli train stations, displaying messages like “the subway is not safe right now”—evocative of tactics used by Israeli-linked groups against Iran in the past.
- Quote:
  “He specifically mentioned an Iranian cyber attack that took over digital signs at Israeli railway stations displaying panic inducing messages such as ‘the subway is not safe right now.’”
  —Tommy (21:25)
- Both hosts recognize these as attempts to sway public sentiment but regard their impact as limited.

10. Long-Term Outlook: Cyber as the Persistent Battlefield

Cyber "Ceasefire" Is Not Synchronous:
- Even after kinetic hostilities end, cyber operations continue—and may even intensify.
- Quote:
  “Even if the kinetic war with Iran and Hezbollah ends, there will be no ceasefire in cyberspace. … The number of cyber attacks on Israel doubled.”
  —Tommy, quoting Israel’s National Cyber Authority (24:45)
- Further, Tommy and Grok agree: “If you had to choose between a bomb and a cyber attack, you would rather be hit with a cyber attack.” (16:35)

Notable Quotes & Memorable Moments

US & Israel’s Heavy Communication:
“The generals immediately went and called up all the reporters and said, ‘I can’t talk about it, but here’s what happened.’”
—Grok (01:22)
On Escalation Management:
“The only thing worse than blowing up all the critical infrastructure in the Gulf on purpose is to do it by accident.”
—Tommy (13:22)
On Pre-positioning:
“If the worst comes to the worst, then we will do that as well. … But it doesn’t really, I think, make any difference.”
—Tommy (17:33)
SOE Locomotive Reference:
“When they were training SOE operatives to blow up locomotives in France, what you’re supposed to do is the pistons that drive the wheels… The pistons are like precision made things and very hard to get. … The train is out for two weeks, whereas if you blow a hole anywhere else, it’s out for a couple of hours.”
—Grok (18:45)
Summary Conclusion:
“I guess that’s the best case for a resolution is that less bombs, but more cyber attacks—make cyber, not war.”
—Tommy (25:55)

Timestamps for Important Segments

00:11–01:09: Introduction; overview of lack of initial Iranian cyber response; Stryker attack recap
01:09–02:18: US and Israeli offensive cyber actions—traffic cameras, comms disruption
03:22–05:28: The Russian municipality model adopted by Iran; challenges in targeting local government
06:07–07:45: Rapid adaptation—signs of Russian support; reconnaissance hurdles
08:15–09:11: Cyber as a tool for all military tiers
10:04–12:14: Lack of critical infrastructure attacks; theories on intent/escalation
13:17–14:06: Debate on cyber as escalation; media and political context
15:21–16:05: Escalation management and deterrence logic
17:33–18:45: Pre-positioning vs. active disruption; intelligence value
21:15–22:19: Information operations—digital sign hacks; callback to past incidents
24:45–25:55: Ongoing, post-ceasefire cyber ops; “make cyber, not war” conclusion

Tone & Style Notes

The conversation remains analytical, insightful, and leavened with dry, self-aware humor—Grok, in particular, uses wry language and real-world intelligence analogies.
Both hosts favor analysis over alarmism, framing developments as rational choices within broader conflict management rather than sensational cyber “doomsday” events.

wavePod

Between Two Nerds: Make cyber, not war

Summary

Risky Bulletin: Between Two Nerds – "Make Cyber, Not War"

Episode Overview

Key Discussion Points

1. Initial Cyber Activity in the Iran Conflict

2. Intelligence Sharing and Adoption of Russian Cyber Doctrine

3. The Value & Methodology of Municipal Espionage

4. Cyber Operations as an Accessible Tool for "Tier 2 or Tier 3" Powers

5. Escalation Management: Absence of "Spectacular" Attacks

6. The Escalatory Nature of Cyber vs. Kinetic

7. Deterrence and The Role of Media

8. Pre-positioning and Reconnaissance

9. Information Operations & Public Messaging

10. Long-Term Outlook: Cyber as the Persistent Battlefield

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone & Style Notes

Takeaway

Summary

Risky Bulletin: Between Two Nerds – "Make Cyber, Not War"

Episode Overview

Key Discussion Points

1. Initial Cyber Activity in the Iran Conflict

2. Intelligence Sharing and Adoption of Russian Cyber Doctrine

3. The Value & Methodology of Municipal Espionage

4. Cyber Operations as an Accessible Tool for "Tier 2 or Tier 3" Powers

5. Escalation Management: Absence of "Spectacular" Attacks

6. The Escalatory Nature of Cyber vs. Kinetic

7. Deterrence and The Role of Media

8. Pre-positioning and Reconnaissance

9. Information Operations & Public Messaging

10. Long-Term Outlook: Cyber as the Persistent Battlefield

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone & Style Notes

Takeaway