Cyber Conflict vs War on Drugs: Mitigating the Unwinnable
As a national security professional developing next-generation tools and tradecraft on the front lines of the cybersecurity war, I’ve been wondering: Is this conflict winnable?
I polled a couple dozen friends and colleagues—CISOs, federal law enforcement officers, hackers, interns, and others, and the consensus was sobering: the cybersecurity war is a stalemate. Tech cuts both ways. Attackers and defenders keep leveling up, and there’s no silver-bullet tool that ends the fight.
That led me to a question: Is this cyber conflict fundamentally analogous to the War on Drugs? Both look like persistent, systemic battles that can never be fully won, unlike, say, train robbery in the American West—a criminal trend that burned out by the early 1900s.
It seems to me that these two wars are not merely technical or economic problems; they are enduring conflicts.
That nature determines how we should engage. If the cyber war could be ended by single technical breakthrough—like train robbery faded with the disappearance of physical cash on trains—we should put all effort into inventing and adopting that tool. If, on the other hand, it is an enduring arms race, we shift focus from preventing every breach to building a resilient digital immune system.
Pivoting the Mission From Preemption to Fault Tolerance at Speed
The strategy shifts from prevention to resilience, reflected in today’s emphasis on ZTA (Zero Trust Architecture), SOAR (Security Orchestration, Automation, and Response), and XDR (Endpoint Detection and Response). Success for a CISO is measured less by the absence of breaches and more by speed and recovery: mean time to detect, time to contain, and time to recover.
Both the cybersecurity war and the War on Drugs are enduring struggles powered by strong economic incentives, global in scope, and defined by asymmetric contests against adaptive, networked adversaries.
President Richard Nixon declared the War on Drugs in 1971; the Drug Enforcement Administration followed in 1973. For decades, the focus was enforcement. In recent years, many states have legalized or decriminalized marijuana and the federal stance has shifted toward more public-health-oriented approaches. After immense effort and sacrifice, the practical outcome resembles a stalemate rather than a decisive victory.
By contrast, train robbery in the late-19th-century American West was a localized, tactical crime against fixed infrastructure. Consider the Wild Bunch’s 1900 attack on a Union Pacific train near Tipton, Wyoming: the target was a safe with gold and banknotes. As banks shifted to electronic transfers and reduced the movement of physical cash, the opportunity evaporated and the crime largely disappeared.
The War on Drugs and cybersecurity don’t behave that way. They are global and dynamic, with adversaries who adapt to every intervention. They demand continuous management and strategic adaptation, not promises of final eradication.
Structural Parallels
Both domains operate as markets with durable incentives. Enforcement and defense actions raise operational risk; in illicit markets, that can increase margins, attracting more sophisticated actors—the Hydra effect.
Operations are borderless. Transnational networks span jurisdictions; gray logistics, cryptocurrency rails, and dark-web marketplaces collapse distance and jurisdiction, enabling payments, laundering, procurement, and coordination. In narcotics markets, growing use of cryptocurrencies and dark-web services shows the convergence; in cybercrime, the same rails fund ransomware and broker access.
Adversaries are adaptive and decentralized. Networked cells and affiliate models enable rapid mutation in tactics, techniques, and procedures.
Human Costs
The general population bears the brunt of these illicit economies. This includes the terrible crisis of drug addiction, the devastating impact of violence on civil society, and the massive financial loss and disruption of trust caused by cybercrime and data breaches. Additionally, law enforcement, officers, and military personnel globally endure intense danger as they confront sophisticated, well-funded criminal networks. Their dedication comes at a high cost.
The lesson from the War on Drugs is that we must abandon the language of winning a war that is fundamentally systemic and adopt a posture of strategic management and resilience.
In cybersecurity, every early detection, every rapid containment, and every clean recovery is a tactical win that raises the adversary’s cost of doing business. Cybersecurity leaders should emphasize the achievable and sustainable goals of availability and resilience. We may never win this war outright, but we can ensure our vital functions retain availability.
As a national security professional developing next-generation tools and tradecraft on the front lines of the cybersecurity war, I’ve been wondering: Is this conflict winnable?
I polled a couple dozen friends and colleagues—CISOs, federal law enforcement officers, hackers, interns, and others, and the consensus was sobering: the cybersecurity war is a stalemate. Tech cuts both ways. Attackers and defenders keep leveling up, and there’s no silver-bullet tool that ends the fight.
That led me to a question: Is this cyber conflict fundamentally analogous to the War on Drugs? Both look like persistent, systemic battles that can never be fully won, unlike, say, train robbery in the American West—a criminal trend that burned out by the early 1900s.
It seems to me that these two wars are not merely technical or economic problems; they are enduring conflicts.
That nature determines how we should engage. If the cyber war could be ended by single technical breakthrough—like train robbery faded with the disappearance of physical cash on trains—we should put all effort into inventing and adopting that tool. If, on the other hand, it is an enduring arms race, we shift focus from preventing every breach to building a resilient digital immune system.
Pivoting the Mission From Preemption to Fault Tolerance at Speed
The strategy shifts from prevention to resilience, reflected in today’s emphasis on ZTA (Zero Trust Architecture), SOAR (Security Orchestration, Automation, and Response), and XDR (Endpoint Detection and Response). Success for a CISO is measured less by the absence of breaches and more by speed and recovery: mean time to detect, time to contain, and time to recover.
Both the cybersecurity war and the War on Drugs are enduring struggles powered by strong economic incentives, global in scope, and defined by asymmetric contests against adaptive, networked adversaries.
President Richard Nixon declared the War on Drugs in 1971; the Drug Enforcement Administration followed in 1973. For decades, the focus was enforcement. In recent years, many states have legalized or decriminalized marijuana and the federal stance has shifted toward more public-health-oriented approaches. After immense effort and sacrifice, the practical outcome resembles a stalemate rather than a decisive victory.
By contrast, train robbery in the late-19th-century American West was a localized, tactical crime against fixed infrastructure. Consider the Wild Bunch’s 1900 attack on a Union Pacific train near Tipton, Wyoming: the target was a safe with gold and banknotes. As banks shifted to electronic transfers and reduced the movement of physical cash, the opportunity evaporated and the crime largely disappeared.
The War on Drugs and cybersecurity don’t behave that way. They are global and dynamic, with adversaries who adapt to every intervention. They demand continuous management and strategic adaptation, not promises of final eradication.
Structural Parallels
Both domains operate as markets with durable incentives. Enforcement and defense actions raise operational risk; in illicit markets, that can increase margins, attracting more sophisticated actors—the Hydra effect.
Operations are borderless. Transnational networks span jurisdictions; gray logistics, cryptocurrency rails, and dark-web marketplaces collapse distance and jurisdiction, enabling payments, laundering, procurement, and coordination. In narcotics markets, growing use of cryptocurrencies and dark-web services shows the convergence; in cybercrime, the same rails fund ransomware and broker access.
Adversaries are adaptive and decentralized. Networked cells and affiliate models enable rapid mutation in tactics, techniques, and procedures.
Human Costs
The general population bears the brunt of these illicit economies. This includes the terrible crisis of drug addiction, the devastating impact of violence on civil society, and the massive financial loss and disruption of trust caused by cybercrime and data breaches. Additionally, law enforcement, officers, and military personnel globally endure intense danger as they confront sophisticated, well-funded criminal networks. Their dedication comes at a high cost.
The lesson from the War on Drugs is that we must abandon the language of winning a war that is fundamentally systemic and adopt a posture of strategic management and resilience.
In cybersecurity, every early detection, every rapid containment, and every clean recovery is a tactical win that raises the adversary’s cost of doing business. Cybersecurity leaders should emphasize the achievable and sustainable goals of availability and resilience. We may never win this war outright, but we can ensure our vital functions retain availability.
.png)
