Louis Zezeran
9. apr. 2026
Modern defense is changing fast. The image of military power as purely tanks, ships, fighter jets, and troop numbers is no longer enough to explain how nations protect themselves. In today’s security environment, cyber resilience, trusted data, interoperability, and digital readiness are now part of the foundation of military strength. That is the central message of this episode of the NEVERHACK Cybercast, featuring Graham Taylor CBE, Director Defence Strategy for Northern Europe at OPSWAT and Anett Numa, Chief of International Affairs for NEVERHACK. His conversation offers a timely and practical look at how defense strategy is evolving — and why cyber is now inseparable from national security.
From the start, the episode is framed around a simple but urgent reality: the battlefield is no longer only physical. It is digital, interconnected, and increasingly dependent on secure information flows. Graham explains that we are living through an extraordinary geopolitical moment. He highlights three major factors that define the current strategic environment. First is NATO’s expansion over recent decades, which has strengthened the alliance but also expanded its complexity. Second is Russia’s invasion of Ukraine, which has shattered assumptions about stability in Europe and reminded the continent that large-scale war on its borders is still possible. Third is the political effect of Donald Trump’s return to office, which has intensified pressure on European nations to carry more of the defense burden themselves. Together, these shifts have forced governments and militaries to think more seriously about what readiness actually means.
One of the strongest ideas in the episode is that cyber is no longer an add-on to conventional warfare. Graham pushes back against any outdated separation between “traditional” military operations and cyber operations. In his view, the military world has already moved from joint operations into multi-domain operations. That means land, air, sea, cyber, and space must all be considered together. Once you accept that reality, cyber stops being a side discipline and becomes part of the operational core.
This matters because modern military platforms do not function in isolation. Hardware still matters enormously, and Graham is clear that visible combat power remains essential. Nations still need tanks, ships, aircraft, and missile systems. Hard power still deters and still defends. But he also makes an equally important point: if those systems cannot communicate securely, share data, integrate with allied forces, and operate across domains, then their military value is weakened. In other words, a military’s digital architecture is now just as important as its physical inventory.
That insight has major implications for defense budgets. Across Europe, defense spending has risen significantly in response to Russia’s war against Ukraine and wider geopolitical instability. But where should that money go? Graham describes this as a difficult balancing act. Governments do not fund defense in a vacuum. They are also under pressure to spend on healthcare, housing, welfare, transport, and education. Every ministry can make a strong case for more money. Defense, however, occupies a unique position because the first responsibility of government is to protect the nation and its people. Still, even when more money is available, deciding how to divide it between traditional hardware and digital capability is not straightforward.
The episode makes a persuasive case that this cannot be an either-or discussion. Nations do need visible, credible military power. But it is increasingly inaccurate to assess strength only through hardware counts. Real military effectiveness now depends on whether forces can operate securely in a complex digital environment. That includes data sharing, interoperability, command systems, network resilience, and confidence in information integrity. Cyber investment is not abstract or optional; it is what allows physical military capability to function as intended.
The discussion of interoperability is especially valuable because it moves beyond slogans. NATO speaks often about interoperability, but Graham explains what that actually means in practice. He notes that multinational military cooperation is nothing new. Alliances have fought and operated together for generations, despite differences in language, doctrine, and culture. The move into cyber and space adds complexity, but in his view, those challenges are still technically solvable.
The bigger obstacle, he argues, is political. Not all sovereign states are equally willing to share information. Some are more cautious, protective, or restrictive when it comes to intelligence and operational data. Others are more open. That tension is one of the most important underlying challenges in modern defense cooperation. Systems may be capable of working together, but alliances only reach their full potential when member states are willing to trust each other enough to share what matters. Graham also references a NATO-style model of interoperability that starts with human integration, then technical integration, and finally conceptual integration. This is a useful reminder that people, relationships, doctrine, and trust must come before technology can deliver its full value.
Of course, no modern cybersecurity or defense discussion avoids AI, and this episode handles the topic well by keeping it grounded. Rather than treating AI as a distant theory or a source of generic hype, Graham frames it in simple operational terms: AI speeds everything up. It accelerates the movement, analysis, storage, and processing of data. For defense organizations dealing with massive information flows, that is highly significant. Faster processing can support faster decision-making, quicker reactions, and better operational tempo.
But Graham also adds an important strategic nuance. If both sides in a conflict are using AI, then simply having AI is not enough. The competitive advantage comes from using it more effectively and more quickly than the adversary. That is a practical and realistic way to think about AI in defense. It is not magic, and it does not automatically create superiority. It is an amplifier. The side that integrates it better into decision-making and operations gains the advantage.
Another standout theme is the growing strategic importance of cyber talent. Graham makes the case that cyber skill is already a strategically valuable capability, not something that may become important someday. He places cyber specialists alongside other crucial defense roles such as linguists, analysts, and drone operators. But he also explains that cyber creates a special challenge for military recruitment and retention. Traditional armed forces have often recruited from broad pools and then trained individuals into military roles. Today, they increasingly need people with highly technical knowledge — people who may resemble software engineers as much as soldiers.
That creates a serious tension. The private sector can often offer cyber professionals higher salaries and different career incentives. The military, by contrast, usually attracts people through mission, service, and purpose. Graham speaks candidly here: people generally do not join the military to make a lot of money. They join to serve, to contribute, and to make a difference. That means defense organizations need to think carefully about how to attract, train, and retain technical talent in a world where cyber expertise is in high demand everywhere.
The OPSWAT perspective also brings a strong operational principle into the episode: treat every file as a threat. Graham explains that this idea reflects a mindset shift. Instead of focusing only on detection after something suspicious appears, organizations should begin with the assumption that every file or device could present risk. From that starting point, they can build processes to inspect, validate, and protect systems from the outset.
This philosophy becomes especially powerful in military and critical infrastructure environments, where the quality and integrity of incoming data can influence operational decisions. Commanders cannot operate effectively unless they trust the information they receive. That means they need confidence not only in the accuracy and timeliness of data, but also in its security. Malware, spyware, and compromised files are not merely IT problems in such settings; they are operational threats. The lesson is clear: cyber resilience is as much about trusted information as it is about blocking attacks.
The episode closes strongly with a discussion about strategic risk and priorities. When asked whether organized cybercrime or nation-state cyber warfare poses the larger strategic threat, Graham acknowledges that both can have serious impact. Cybercrime can inflict massive economic damage, and in some cases that damage can feel strategic. But his view is that nation-state cyber warfare ultimately poses the greater risk because of its potential existential consequences for democracy, national security, and human life. That distinction helps anchor the conversation in the realities of defense rather than purely commercial cyber risk.
Finally, when pressed for the single capability NATO allies should prioritize, Graham resists narrowing the answer too far. Instead, he offers three essentials: robust and secure interoperability, recognition that every member state brings something valuable to collective defense, and trust. That final word — trust — may be the most important in the whole episode. Technology matters. Hardware matters. Talent matters. But alliances function at their best when there is trust in systems, trust in partners, and trust in the information that underpins decision-making.
For listeners, this episode offers more than a high-level discussion of cyber and defense. It provides a practical framework for understanding how military power is evolving, why cyber resilience must now be treated as foundational, and how governments and organizations should think about readiness in a multi-domain world. It is especially relevant for defense professionals, cybersecurity leaders, policy audiences, and anyone trying to understand how digital transformation is reshaping national security.
If you want a smarter, sharper perspective on the future of defense — one rooted in strategy, realism, and operational lessons — this is an episode worth hearing.
Listen now on Cybercast, visit our website for more cybersecurity insights, and subscribe to NEVERHACK Estonia Cybercast for more expert conversations on the future of security.
