The Conversation We Need to Have
Cybersecurity is no longer sustainable as we have practiced it. Firewalls, patch cycles, and reactive monitoring cannot keep up with adversaries who move faster, exploit automation, and operate across borders with precision. The digital threat landscape has evolved beyond the capacity of static defenses.
In her recent article in Foreign Affairs, Jen Easterly (2025) argued that “America’s digital defenses are failing,” calling for a shift from reactive cybersecurity to proactive digital resilience. She asserted that the traditional approach of “building walls higher” is no longer effective and that the only sustainable path forward lies in intelligent systems capable of adaptation and self-repair (The End of Cybersecurity: America’s Digital Defenses Are Failing – But AI Can Save Them).
The Root Cause We Keep Ignoring
The problem is not only malicious actors, but compounded by the software itself. Each vulnerability, weak dependency, and rushed release introduces new risk into critical infrastructure. Easterly (2025) noted that “software flaws are not isolated bugs—they are symptoms of a systemic failure to prioritize secure design.” This aligns with her remarks at Carnegie Mellon University in 2023, where she stated that “we have normalized the fact that technology products are released to market with dozens, hundreds, or thousands of defects” (Cybersecurity and Infrastructure Security Agency [CISA], 2023).
Poor software engineering has become a national security concern. Leveson (2020) explained, safety and reliability cannot be bolted on after the fact; they must be designed into systems from the beginning. If the private sector continues to treat cybersecurity as an afterthought, vulnerabilities will continue to cascade through supply chains and critical infrastructure.
AI as a Catalyst, Not a Threat
Easterly (2025) acknowledged that artificial intelligence introduces new risks but also highlights its transformative potential. “AI makes it easier for anyone to become a cybercriminal,” she wrote, “yet it also gives defenders a fighting chance to anticipate and neutralize attacks at scale.” This dual nature reflects what Zhang and Lee (2022) identified in their study on intrusion detection: AI-driven systems can detect network anomalies exponentially faster than manual or rule-based tools.
The point is not to replace human expertise but to extend it. AI can filter noise and identify emergent patterns. It can enable analysts to focus on strategic decisions rather than repetitive triage. Used responsibly, AI becomes a cornerstone of digital resilience, giving us a framework where systems can learn and adapt allowing them to recover in real time.
From Cybersecurity to Digital Resilience
Easterly (2025) challenged us to redefine our entire vocabulary. “Cybersecurity” implies fortification, while “digital resilience” implies survivability. Resilient systems do not fail silently. They are designed to withstand compromise and maintain mission continuity.
This concept aligns with De Florio (2018), who defines resilience as the capacity of a system to absorb disturbance and continue functioning. In practice, this means measuring time to detect, time to recover, and service continuity rather than counting the number of blocked threats. As Easterly (2025) emphasized, “the goal is not perfect protection, but continuous performance.”
Five Actions for Leaders in Technology and Policy
- Adopt AI responsibly that implements automation that enhances human analysis and accelerates response times.
- Engineer for resilience by prioritize observability, redundancy, and self-healing mechanisms in system design.
- Address software at the source and treat vulnerabilities as process failures, not operational inconveniences. This echoes Easterly’s (2023) call for secure-by-design practices.
- Invest in your people. Easterly (2022) stated in a GeekWire interview, cybersecurity is a “team sport” requiring collaboration among industry, academia, and governments.
- Measure what matters. This allows you to focus on recovery metrics, adaptability, and the sustainability of digital operations.
Why This Shift Matters
In my experience at the intersection of technology leadership and academic research, this transformation is not optional but is overdue. The perimeter mindset that defined twentieth-century cybersecurity cannot survive the complexity of the digital ecosystem we now inhabit.
Easterly’s (2025) article serves as both a warning and a roadmap. The end of cybersecurity, as we know it, is not failure, but an evolution. We are entering an era where resilience, adaptability, and intelligent automation will define security success. The future belongs to systems that can anticipate, respond, and recover continuously and intelligently.
Cybersecurity and Infrastructure Security Agency. (2023, March 13). Secure by design, secure by default: Remarks by CISA Director Jen Easterly at Carnegie Mellon University. U.S. Department of Homeland Security. https://www.cisa.gov/securebydesign/dir-easterly-remarks-carnegie-mellon-university
De Florio, V. (2018). On the constituent attributes of software and organizational resilience. arXiv. https://arxiv.org/abs/1803.05992
Easterly, J. (2022, September 30). Cybersecurity is a team sport: Partnerships, workforce, and accountability. GeekWire. https://www.geekwire.com/2022/u-s-cybersecurity-agency-leader-jen-easterly-on-partnerships-workforce-making-tech-accountable/
Easterly, J. (2025, October). The end of cybersecurity: America’s digital defenses are failing – but AI can save them. Foreign Affairs. https://www.foreignaffairs.com/united-states/end-cybersecurity
Leveson, N. (2020). Engineering a safer world: Systems thinking applied to safety. MIT Press.
Zhang, T., & Lee, W. (2022). Deep learning for intrusion detection: A survey. IEEE Transactions on Information Forensics and Security, 17(5), 1234–1256. https://doi.org/10.1109/TIFS.2022.3158342