What cyber conflict reveals about power and doctrine, with Allie Mellen

Cyber conflict is easiest to misread when we treat it as an isolated technical event. In this episode of Chasing Entropy, Dave Lewis speaks with analyst and author Allie Mellen about her book Code War and why the cyber strategies of the United States, China, and Russia make more sense when viewed through the lens of history, doctrine, and political intent.

From the Gulf War to Russia’s war in Ukraine, cyberattacks are most effective when they reinforce defined objectives within a larger campaign and help a state apply pressure, gather intelligence, or shape the environment around a conflict.

History shapes cyber strategy

A nation’s cyber strategy is rooted in its political history and military doctrine.

Mellen traces the US approach to a culture of experimentation and technical tinkering. China’s cyber ecosystem emerged from hacktivism and state-linked talent pipelines. Russia’s path was shaped by the post-Soviet collapse, when cybercrime became tied to survival and later overlapped with state interests.

Those origins still influence how each country organizes teams, chooses targets, and pursues advantage. Countries do not enter cyberspace as blank slates. They bring older power habits with them, and those habits continue to shape how cyber campaigns are built and used.

That is the first step to decode cyber conflict. The tools may be technical, but the logic behind them is familiar. States still pursue leverage. They still coordinate across different forms of power. They still use whatever tools best support their goals.

Mellen also pushes back on the way cyber conflict is portrayed in pop culture, often appearing as code on screens and elite operators in high-tech rooms. That framing misses the larger story. One of the more memorable examples in the episode is her discussion of how WarGames helped push US policymakers to take computer security more seriously in the 1980s. Public narratives matter, even when they get parts of the story wrong.

Attribution defines intent

This is where the conversation becomes especially useful for security teams.

Mellen argues that defenders need to understand who is behind an operation, not just what malware was used. Attribution helps explain motive, likely targets, and what may come next. It helps distinguish between disruption, intelligence gathering, and influence activity, which changes how defenders prioritize response and what they watch for next.

That matters for governments, but it matters for enterprises too. Security teams build better threat models when they understand how a group typically operates and what it wants. Technical indicators still matter, but they are more useful when paired with context about intent.

This is also where the episode connects to a broader shift in the security landscape. As more activity is delegated to automation and AI systems, defenders need better ways to understand who acted, under whose authority, and toward what goal. The attribution problem is becoming more central.

AI makes deception cheaper and attribution harder

The episode closes on AI with a sober tone. Mellen sees real value in automation, especially when it speeds up workflows and reduces manual effort. She also points to a growing challenge: AI lowers the cost of deception, makes false flag activity easier, and adds friction to attribution.

That raises the stakes for defenders. In a more fragmented internet and a less stable geopolitical environment, it becomes harder to tell what an operation is meant to do, who benefits from it, and how confidently you can respond. The problem is no longer just technical detection; it’s an interpretation.

That is what makes Mellen’s argument so useful. The mistake is a misunderstanding of the role cyber plays inside broader campaigns of pressure, intelligence, and influence. When defenders treat cyber incidents as isolated technical events, they miss the larger strategic context.

Listen to the full conversation with Allie Mellen on Chasing Entropy, then take another look at whether your threat model reflects how cyber conflict actually works.