Podcast Summary: Risky Bulletin – Between Two Nerds: The Power of Cyber

Date: September 29, 2025
Hosts: Tommy Wren (“A”) and The Gruk (“B”)
Format: Expert cybersecurity discussion

Overview: Main Theme and Purpose

In this episode of "Between Two Nerds," Tommy Wren and The Gruk critically examine the military utility of cyber operations, particularly in the context of warfare. Their conversation is centered around the recent paper, Narrow Windows of Opportunity: The Limited Utility of Cyber Operations in War, using it as a springboard to explore how cyber is framed by different nations, its strategic effects in both wartime and peacetime, and the conceptualization of cyber effects beyond traditional Western military doctrine.

Key Discussion Points and Insights

1. The Framing Problem: Narrow Definitions of Cyber in Military Thinking

Initial reaction and skepticism:
Tommy expresses immediate skepticism toward the paper’s premise, which frames cyber’s military utility as inherently limited ([00:34]):

"I almost immediately had an instinctive rejection of the title... it seems that a lot of time the people who talk about cyber operations in war... start out with this funnel where they look at narrower and narrower aspects and, of course, they end up in a place where it's not very useful."
Doctrine-driven limitations:
Both hosts highlight that Western military doctrine narrows "offensive cyber" to destructive actions — the “five Ds” (destroy, disrupt, degrade, deny, deceive) — which may miss the true strength of cyber ([02:18]):

"That is an extremely military, relevant definition, but also a very narrow one. And... that definition is just missing the point entirely of what cyber operations are actually good for." — Tommy ([02:18])
What cyber does best:
Gruk points to China's long-term IP theft as an example of impactful cyber operations that don’t fit the 5D model:

"Which of those 5Ds is China's two decades of IP theft? Like, none of them. But in terms of overall impact to geopolitical strengths... the IP theft was much more impactful overall." ([03:04])

2. Strategic Impacts: War, Peace, and the “Drip, Drip, Drip” of Cyber

Cyber’s gradual, strategic effect:
Long-term, strategic impacts (e.g., IP theft, information operations) are where cyber excels — not in immediate battle outcomes ([03:42], [11:41]):

"It actually is the thing that states use in peacetime to have strategic effects. It's just that any single incident doesn't cause a strategic effect. It's the sort of slow accumulation over time..." — Tommy ([11:41])
Wartime: Cyber rarely decisive:
The discussion cites the lack of major breakthroughs in events like the Russia-Ukraine war, suggesting cyber has not been a “game changer” in active conflict ([06:26]):

"Cyber hasn't been decisive, but nothing else has either." — Tommy

Both hosts agree this doesn't mean cyber is ineffective; it reflects the realities of modern warfare, where stalemate is common and transformative “game changers” are rare outside of things like nuclear weapons ([06:54]).

3. Information Operations and Non-Western Perspectives

Russian and Chinese views:
The hosts discuss how Russia contextualized offensive cyber as information warfare: undermining cohesion, morale, and societal stability — elements the West has traditionally dismissed ([04:16], [05:53]):

"The Russians put forward their ideas and their ideas were things like break the social cohesion... interfere with moral and psychological aspects... disrupt spiritual cohesion." — Gruk ([04:16])

"If you decide that cyber is a thing that can do these five Ds and anything else just doesn't count... you're going to find that, like, cyber is kind of weak, like, it's not a very strong force because you've just ignored all of the possible ways that it's strong." — Gruk ([05:53])
The power of cognitive effects and shaping perception:
Both see the shaping of perceptions and the psychological impact as areas where cyber can be powerful, especially in peacetime ([12:42]):

"Cyber is actually really good at persuading people and influencing perceptions, it sort of naturally makes the most sense as a peacetime strength, like a peacetime power." — Gruk ([12:42])

4. Resilience and Context: Why Effectiveness Differs

Case studies – Ukraine vs. Albania:
- Ukrainian resilience due to years of prior attacks blunted the impact of “wiper” cyberattacks that, in other contexts (e.g., Albania), were disruptive ([09:37]):
  
  "If it were to happen in Europe, I don't think that there's any European states that are resilient enough to bounce back quickly." — Gruk ([09:37])

5. Expanding the Concept: UK and Broader Definitions of "Cyber Effects"

Beyond the Five Ds:
The UK’s National Cyber Force and strategy documents propose a broader understanding — including “cognitive effects”: influencing the thinking of targeted groups ([16:37], [21:29]):

"It talks about a doctrine of cognitive effects. And their idea is that they want to shape the thinking of small groups of people in a proportionate and responsible way." — Tommy ([16:59])

"The UK's definition of offensive cyber... is adding, deleting, or manipulating data on systems or networks to deliver a physical, virtual or cognitive effect. So that's far broader than the five Ds." — Tommy ([21:29])

The hosts suggest this broader framework better captures cyber's strategic power, though Western democracies self-limit widespread influence operations for ethical reasons ([22:07]).

6. Critique of Analytical Models

Techie/TECI model limitations:
Gruk critiques the TECI (Target, Effects, Complexity, Integration) model for being overly mechanical and failing to account for low-complexity but high-impact incidents, as seen with LAPSUS$/Scattered Spider ([24:02]):

"Just from that, it's not a useful metric because if we look at scattered spider and lapses, they're all low complexity, but very, very high impact."

High-tech, high-integration cyber-kinetic operations (e.g., the Israeli disabling of Syrian air defense) are rare and not representative of cyber’s day-to-day value ([25:11], [25:42]).

Notable Quotes & Memorable Moments

On the fallacy of looking for cyber game-changers:

"If poison gas is not the game changer it was imagined to be... why should cyber be a game changer now? Nothing fits that definition except for nuclear weapons." — Gruk ([06:54])
On peacetime power:

"The most effective offensive use of cyber is during peace time, sort of gray zone conflict... where you can just use small things... to have long term consequences." — Gruk ([12:18])
On Russian anxieties:

"Manipulation of information flows, disinformation and concealment of information with a view to undermining society's psychological and spiritual environment and eroding traditional cultural morale, ethical and aesthetic values." — Gruk, reading Russian UN submission ([19:00])
On the West’s "healthy" approach to influence operations:

"Sugar is for breakfast approach. Whereas, you know, we're trying to be healthy." — Gruk ([22:01])
On what truly matters:

"To focus on where [cyber's] not particularly strong is a misunderstanding... the UK gets it right when they talk about cognitive effects, virtual effects, physical effects." — Gruk ([26:13])

Important Timestamps & Segments

[00:34] — Discussion begins on the premise of the academic paper and cyber's military framing
[03:04] — Critique of the "5Ds" and real-world examples (China’s IP theft)
[06:54] — Parallels between cyber, poison gas, and other non-nuclear “game changers”
[09:37] — Ukraine and Albania as contrasting case studies for cyber’s wartime impact
[11:41] — Highlighting cyber's strategic, long-term peacetime effect
[16:59] — Analysis of UK National Cyber Force’s "cognitive effects" doctrine
[19:00] — Reading from the Russian UN submission on information warfare
[21:29] — UK's broader definition of cyber effects ("physical, virtual, or cognitive")
[24:02] — Critique of TECI analytical framework
[25:42] — The rarity and limited representativeness of high-impact “cyber-kinetic” operations
[26:13] — Conclusion: Cyber is most powerful before wars (“influence before trenches”)

Final Thoughts

Tommy Wren and The Gruk convincingly argue that the Western military conception of cyber — focused on discrete battlefield effects — fails to recognize cyber's potent, long-term, and often invisible power. They emphasize that the “real” power of cyber shines in peacetime: through slow, persistent shaping of societies, economies, and perceptions. Accordingly, limiting definitions and models miss both cyber’s danger and its utility. The UK’s evolving doctrine towards “cognitive effects” is recognized as a progressive step, but Western restraint (for legal and ethical reasons) means adversaries’ approaches will often be broader and more aggressive.

Quote to remember:

"Cyber is useful before you get to trenches... that's more powerful than on the battlefield.” — Gruk ([26:13])

For listeners:
This episode provides a thoughtful counter-narrative to the common Western framing of cyber operations — advocating for a recognition of cyber’s true strategic potential and how, for most states most of the time, its greatest power is in the quiet, persistent work it does in the shadows of peacetime.

Podcast Summary: Risky Bulletin – Between Two Nerds: The Power of Cyber

Date: September 29, 2025
Hosts: Tommy Wren (“A”) and The Gruk (“B”)
Format: Expert cybersecurity discussion

Overview: Main Theme and Purpose

Key Discussion Points and Insights

1. The Framing Problem: Narrow Definitions of Cyber in Military Thinking

Initial reaction and skepticism:
Tommy expresses immediate skepticism toward the paper’s premise, which frames cyber’s military utility as inherently limited ([00:34]):

"I almost immediately had an instinctive rejection of the title... it seems that a lot of time the people who talk about cyber operations in war... start out with this funnel where they look at narrower and narrower aspects and, of course, they end up in a place where it's not very useful."
Doctrine-driven limitations:
Both hosts highlight that Western military doctrine narrows "offensive cyber" to destructive actions — the “five Ds” (destroy, disrupt, degrade, deny, deceive) — which may miss the true strength of cyber ([02:18]):

"That is an extremely military, relevant definition, but also a very narrow one. And... that definition is just missing the point entirely of what cyber operations are actually good for." — Tommy ([02:18])
What cyber does best:
Gruk points to China's long-term IP theft as an example of impactful cyber operations that don’t fit the 5D model:

"Which of those 5Ds is China's two decades of IP theft? Like, none of them. But in terms of overall impact to geopolitical strengths... the IP theft was much more impactful overall." ([03:04])

2. Strategic Impacts: War, Peace, and the “Drip, Drip, Drip” of Cyber

Cyber’s gradual, strategic effect:
Long-term, strategic impacts (e.g., IP theft, information operations) are where cyber excels — not in immediate battle outcomes ([03:42], [11:41]):

"It actually is the thing that states use in peacetime to have strategic effects. It's just that any single incident doesn't cause a strategic effect. It's the sort of slow accumulation over time..." — Tommy ([11:41])
Wartime: Cyber rarely decisive:
The discussion cites the lack of major breakthroughs in events like the Russia-Ukraine war, suggesting cyber has not been a “game changer” in active conflict ([06:26]):

"Cyber hasn't been decisive, but nothing else has either." — Tommy

Both hosts agree this doesn't mean cyber is ineffective; it reflects the realities of modern warfare, where stalemate is common and transformative “game changers” are rare outside of things like nuclear weapons ([06:54]).

3. Information Operations and Non-Western Perspectives

Russian and Chinese views:
The hosts discuss how Russia contextualized offensive cyber as information warfare: undermining cohesion, morale, and societal stability — elements the West has traditionally dismissed ([04:16], [05:53]):

"The Russians put forward their ideas and their ideas were things like break the social cohesion... interfere with moral and psychological aspects... disrupt spiritual cohesion." — Gruk ([04:16])

"If you decide that cyber is a thing that can do these five Ds and anything else just doesn't count... you're going to find that, like, cyber is kind of weak, like, it's not a very strong force because you've just ignored all of the possible ways that it's strong." — Gruk ([05:53])
The power of cognitive effects and shaping perception:
Both see the shaping of perceptions and the psychological impact as areas where cyber can be powerful, especially in peacetime ([12:42]):

"Cyber is actually really good at persuading people and influencing perceptions, it sort of naturally makes the most sense as a peacetime strength, like a peacetime power." — Gruk ([12:42])

4. Resilience and Context: Why Effectiveness Differs

Case studies – Ukraine vs. Albania:
- Ukrainian resilience due to years of prior attacks blunted the impact of “wiper” cyberattacks that, in other contexts (e.g., Albania), were disruptive ([09:37]):
  
  "If it were to happen in Europe, I don't think that there's any European states that are resilient enough to bounce back quickly." — Gruk ([09:37])

5. Expanding the Concept: UK and Broader Definitions of "Cyber Effects"

Beyond the Five Ds:
The UK’s National Cyber Force and strategy documents propose a broader understanding — including “cognitive effects”: influencing the thinking of targeted groups ([16:37], [21:29]):

"It talks about a doctrine of cognitive effects. And their idea is that they want to shape the thinking of small groups of people in a proportionate and responsible way." — Tommy ([16:59])

"The UK's definition of offensive cyber... is adding, deleting, or manipulating data on systems or networks to deliver a physical, virtual or cognitive effect. So that's far broader than the five Ds." — Tommy ([21:29])

The hosts suggest this broader framework better captures cyber's strategic power, though Western democracies self-limit widespread influence operations for ethical reasons ([22:07]).

6. Critique of Analytical Models

Techie/TECI model limitations:
Gruk critiques the TECI (Target, Effects, Complexity, Integration) model for being overly mechanical and failing to account for low-complexity but high-impact incidents, as seen with LAPSUS$/Scattered Spider ([24:02]):

"Just from that, it's not a useful metric because if we look at scattered spider and lapses, they're all low complexity, but very, very high impact."

High-tech, high-integration cyber-kinetic operations (e.g., the Israeli disabling of Syrian air defense) are rare and not representative of cyber’s day-to-day value ([25:11], [25:42]).

Notable Quotes & Memorable Moments

On the fallacy of looking for cyber game-changers:

"If poison gas is not the game changer it was imagined to be... why should cyber be a game changer now? Nothing fits that definition except for nuclear weapons." — Gruk ([06:54])
On peacetime power:

"The most effective offensive use of cyber is during peace time, sort of gray zone conflict... where you can just use small things... to have long term consequences." — Gruk ([12:18])
On Russian anxieties:

"Manipulation of information flows, disinformation and concealment of information with a view to undermining society's psychological and spiritual environment and eroding traditional cultural morale, ethical and aesthetic values." — Gruk, reading Russian UN submission ([19:00])
On the West’s "healthy" approach to influence operations:

"Sugar is for breakfast approach. Whereas, you know, we're trying to be healthy." — Gruk ([22:01])
On what truly matters:

"To focus on where [cyber's] not particularly strong is a misunderstanding... the UK gets it right when they talk about cognitive effects, virtual effects, physical effects." — Gruk ([26:13])

Important Timestamps & Segments

[00:34] — Discussion begins on the premise of the academic paper and cyber's military framing
[03:04] — Critique of the "5Ds" and real-world examples (China’s IP theft)
[06:54] — Parallels between cyber, poison gas, and other non-nuclear “game changers”
[09:37] — Ukraine and Albania as contrasting case studies for cyber’s wartime impact
[11:41] — Highlighting cyber's strategic, long-term peacetime effect
[16:59] — Analysis of UK National Cyber Force’s "cognitive effects" doctrine
[19:00] — Reading from the Russian UN submission on information warfare
[21:29] — UK's broader definition of cyber effects ("physical, virtual, or cognitive")
[24:02] — Critique of TECI analytical framework
[25:42] — The rarity and limited representativeness of high-impact “cyber-kinetic” operations
[26:13] — Conclusion: Cyber is most powerful before wars (“influence before trenches”)

Final Thoughts

Quote to remember:

"Cyber is useful before you get to trenches... that's more powerful than on the battlefield.” — Gruk ([26:13])

wavePod

Between Two Nerds: The power of cyber

Powered by Wave AI

Summary

Podcast Summary: Risky Bulletin – Between Two Nerds: The Power of Cyber

Overview: Main Theme and Purpose

Key Discussion Points and Insights

1. The Framing Problem: Narrow Definitions of Cyber in Military Thinking

2. Strategic Impacts: War, Peace, and the “Drip, Drip, Drip” of Cyber

3. Information Operations and Non-Western Perspectives

4. Resilience and Context: Why Effectiveness Differs

5. Expanding the Concept: UK and Broader Definitions of "Cyber Effects"

6. Critique of Analytical Models

Notable Quotes & Memorable Moments

Important Timestamps & Segments

Final Thoughts

Summary

Podcast Summary: Risky Bulletin – Between Two Nerds: The Power of Cyber

Overview: Main Theme and Purpose

Key Discussion Points and Insights

1. The Framing Problem: Narrow Definitions of Cyber in Military Thinking

2. Strategic Impacts: War, Peace, and the “Drip, Drip, Drip” of Cyber

3. Information Operations and Non-Western Perspectives

4. Resilience and Context: Why Effectiveness Differs

5. Expanding the Concept: UK and Broader Definitions of "Cyber Effects"

6. Critique of Analytical Models

Notable Quotes & Memorable Moments

Important Timestamps & Segments

Final Thoughts