Every so often, history forces leaders to make choices that shatter the status quo. Choices that reject “containment” and instead embrace decisive paradigm shifts. Whether in war, politics, or economics, these inflection points become lessons for every CISO, policymaker, and business leader facing the pandemic of cybercrime today.

This scene from The West Wing is one I’ve been reflecting on as I write this (watch here).

Today’s example comes from Israel’s airstrike in Doha, Qatar, eliminating senior Hamas leadership hiding under diplomatic cover. But to truly understand why this matters for cyber strategy, we need to look at leadership across history — where breaking the cycle of “managing” threats became the only path to survival.

Case Study: Netanyahu and the Post–October 7th Paradigm

Since October 7th, 2023, Prime Minister Benjamin Netanyahu has made it clear: terrorism would no longer be managed, contained, or tolerated. Israel’s response — from the targeted strike on Hamas’ cyber unit in 2021, to the pager operations, the elimination of Nasrallah, strikes in Iran and Yemen, and now the Doha operation — redefined the conversation globally.

For decades, Western democracies absorbed terror as an inevitability: negotiate, trade for hostages, strike back selectively, pay when convenient, and otherwise hope for deterrence. Before October 7th, Netanyahu himself was guilty of this calculus. But Israel broke that cycle, insisting instead on dismantling terror infrastructure wherever it exists — even under immense international pressure.

This isn’t a political argument. It’s a leadership doctrine: the cost of tolerating the status quo eventually outweighs the cost of breaking it. The same is true for cyber.

Historical Parallels: Other Leaders Who Changed the Game

Israel’s doctrine isn’t unique — history is full of leaders who confronted status quo thinking and chose transformation instead of tolerance.

• Winston Churchill (WWII): While many in Britain pushed for appeasement with Nazi Germany, Churchill insisted appeasement was suicide. His “we shall fight on the beaches” stance reframed the conflict as existential — not negotiable.

• Franklin Roosevelt (Great Depression): Facing economic collapse, Roosevelt abandoned laissez-faire orthodoxy and launched the New Deal. He didn’t just manage unemployment — he redefined the role of government in economic life.

• Ronald Reagan (Cold War): For decades, the U.S. followed détente — managing the Soviet threat. Reagan flipped the script with “peace through strength,” investing in military and economic pressure that accelerated the Soviet collapse.

• Lee Kuan Yew (Singapore): In the 1960s, Singapore was written off as a vulnerable trading outpost. Lee shattered that narrative, imposing strict governance, investing in infrastructure, and transforming it into a global financial hub.

Each confronted the same equation: status quo management meant inevitable decline. Breaking the paradigm was survival.

Terrorism and Cybercrime: The Parallel

For years, Western democracies adopted a “mitigate and negotiate” posture with terrorism. Strike back selectively, negotiate for hostages, pay off where expedient, and otherwise hope for deterrence.

Sound familiar? That’s been the playbook for cybercrime too:

• Pay ransoms to “get the data back.”

• Accept breaches as a cost of doing business.

• Announce new frameworks and sanctions that barely sting.

• Hope law enforcement picks off the occasional threat actor.

Neither approach stops the bleeding. It normalizes the threat. It empowers nation-states like China and Russia to keep pushing — China with its 100-year plan to dethrone the U.S., Russia with its hybrid playbook to destabilize Europe.

Israel broke that cycle against terrorism. Churchill broke it against fascism. Reagan broke it against Soviet containment. And we must break it against ransomware cartels, data extortion gangs, and state-backed cyber units.

Shifting the Paradigm: No More Containment

When leaders moved from deterrence to dismantlement, they made a clear point: managing existential threats is not enough. The same shift must happen in cyber.

What would that look like?

• Offense, not just defense. Governments must expand offensive cyber operations to dismantle ransomware cartels before they hit hospitals, pipelines, or schools. As Alexei Bulazel at the National Security Council said at Billington last week, the U.S. must embrace offense (Cybersecurity Dive).

• No safe havens. Just as Israel pressures governments hosting terror groups, the West must do the same with states sheltering cybercriminal gangs. Sanctuary is complicity.

• Unified doctrine. Just as nations rebuilt doctrines after crises, Western democracies must move past piecemeal laws and craft a coherent doctrine for cyber resilience and retaliation.

• Create deterrence. Leaders — public and private — must create systems that shift the equation for adversaries, leveraging trade, market access, and diplomacy to hold states accountable for harboring cybercriminals.

The Cost of the Status Quo

LoanDepot. Ingram Micro. Colonial Pipeline. Snowflake. Farmers Insurance. The list is endless.

But let’s quantify:

• SolarWinds (2020): Still costing billions in remediation and geopolitical fallout.

• Clorox (2023): Over $380 million in losses from downtime and disruption.

• Maersk (2017, NotPetya): Over $300 million in direct losses, with over $1.2 billion in global supply chain disruption.

• Target (2013): $300 million in litigation and recovery costs.

• Yahoo (2013–2014): Nearly $470 million in settlements, plus brand collapse.

• Capital One (2019): Costs exceeding $300 million after 100 million records stolen.

• Marks & Spencer (2025): Estimated £300 million (~$400 million) in lost revenue.

Beyond company losses:

• Consumer confidence erodes. After Colonial, Americans feared gas shortages. After Clorox, shelves went bare. During the CO-OP attack, food disappeared from supermarkets.

• Markets react. Stocks dip, brands suffer long-term erosion, investor skepticism deepens.

• Economies absorb shocks. Cyberattacks ripple into energy, healthcare, and food supply chains. Look no further than the Jaguar Land Rover breach this month for proof.

This isn’t just a “data security” problem. It’s an economic security problem with national consequences.

Governance Matters: Beyond the Presidency

Here’s where the U.S. faces its unique challenge. Unlike Israel’s parliamentary model or Churchill’s wartime cabinet, America’s separation of powers means paradigm shifts can’t be driven by the President alone.

Yes, the White House sets tone and policy — but lasting transformation requires Congress and the Senate.

We’ve seen the problem before:

• Presidents issue Executive Orders, but the next administration can weaken or reverse them.

• Funding for resilience initiatives evaporates with a change in party control.

• Doctrine gets stuck in committees, reduced to partisan soundbites.

That’s why the U.S. needs a bipartisan cybersecurity doctrine, not just presidential directives. The stakes are too high to let cyber strategy swing every four years.

What does that look like?

• Legislative backbone. Codify cyber doctrine into law — resilience standards, vendor accountability, offensive capabilities — so it cannot be undone by executive fiat.

• Funding stability. Multi-year, bipartisan appropriations for critical infrastructure, cyber talent pipelines, and offensive operations.

• Shared liability. Just as Sarbanes-Oxley and Dodd-Frank created accountability in finance, Congress must legislate enforceable accountability for cyber resilience and deterrence.

• National unity. A doctrine signed by both parties makes cyber defense a national imperative, not a partisan wedge issue.

Without legislative alignment, we’ll keep oscillating between bold executive orders and quiet rollbacks. The result? A brittle doctrine easily dismantled — and adversaries like Russia and China know it, and abuse it.

James Azar’s CISO Take

History tells us one thing: leaders who cling to the status quo when faced with existential threats always lose. Leaders who pivot, who break paradigms — they may face international pressure, political backlash, or near-term pain, but they reset the game and deliver long-term change.

Churchill. Roosevelt. Reagan. Lee Kuan Yew. Netanyahu. Different eras, different enemies, same truth: containment is not strategy. Containment is surrender by delay.

But in the U.S., leadership isn’t just the President. It’s Congress. It’s the Senate. It’s the political courage to put cyber resilience above partisanship — and the pressure from business leaders demanding real results to break the status quo.

We cannot afford a cyber doctrine that changes with the occupant of the Oval Office. We need law, not memos. Bipartisan resolve, not partisan drift.

Because ransomware gangs and state-backed adversaries don’t care who controls the Senate. Volt Typhoon isn’t waiting for the next election cycle. Midnight Blizzard doesn’t pause for a budget reconciliation.

If the U.S. wants to shift the paradigm the way Israel did post–October 7th, it must write a cyber doctrine in ink, not pencil — and then export it across the free world to hold malicious state actors accountable.

☕ Stay vigilant, stay caffeinated, and as always — stay cyber safe.

Leave a comment