* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/)
* From WarGames to Cyberwar

# From WarGames to Cyberwar

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2026%2F05%2Ffrom-wargames-to-cyberwar%2F)  
[](https://twitter.com/share?text=From+WarGames+to+Cyberwar&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2026%2F05%2Ffrom-wargames-to-cyberwar%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2026%2F05%2Ffrom-wargames-to-cyberwar%2F&title=From+WarGames+to+Cyberwar&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2026/05/from-wargames-to-cyberwar/&ts=markdown)  
\[\](mailto:?subject=From WarGames to Cyberwar)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
May 13, 2026  
6 minutes  
[AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[national security](https://www.paloaltonetworks.com/blog/tag/national-security/?ts=markdown)  
[podcast](https://www.paloaltonetworks.com/blog/tag/podcast/?ts=markdown)  
[Threat Vector](https://www.paloaltonetworks.com/blog/tag/threat-vector/?ts=markdown)

# *How Nations Hack, Why Attribution Fails, and What AI Changes*

#### Executive Summary:

*Code War* author Allie Mellen, argues that cyberwarfare must be understood through a human and geopolitical lens to close the knowledge gap between the security community and the public.

*Disclaimer:
This post reflects the perspectives shared in the book Code War: How Nations Hack, Spy, and Shape the Digital Battlefield, and does not represent the views of the publisher of this blog.*

*** ** * ** ***

The summer of 1983, President Reagan watched *WarGames* at Camp David and couldn't get it out of his head. A week later, he walked into a White House meeting with cabinet members and Congress and launched into a detailed plot summary of a Matthew Broderick movie about a teenager who nearly hacks the world into nuclear war. The room full of defense experts sat uncomfortably, suppressing smirks. Then Reagan turned to General John Vessey, Chairman of the Joint Chiefs, and asked if something like that could actually happen.

Vessey came back a week later with an answer: "Mr. President, the problem is much worse than you think."

Fifteen months after that, Reagan signed a classified presidential directive titled "National Policy on Telecommunications and Automated Information Systems Security" -- the first federal policy of its kind. A movie had done what years of expert warnings hadn't: It made the most powerful person in the world stop and ask the right question.

Allie Mellen, author of *Code War: How Nations Hack, Spy, and Shape the Digital Battlefield* , loves to tell this story, and it captures exactly why she wrote the book. In a [conversation recorded at RSA 2025](https://thecyberwire.com/podcasts/threat-vector/113/notes), Mellen joined Threat Vector host, David Moulton, to talk about nation-state threats, attribution pitfalls, and why the security industry's biggest problem isn't technical.

> "They're human stories, and if we can communicate them that way to the general public, then we'll get more people interested in cybersecurity, invested in cybersecurity, and invested in protecting their data."

That gap, between what the security community understands and what everyone else grasps, is the core problem Mellen set out to solve. And in today's geopolitical moment, closing it has never been more urgent.

## Every Nation Hacks Differently

One of the central arguments in *Code War* is that you can't understand a nation's cyber behavior without understanding its history, doctrine and social contract. China, Russia, Iran, North Korea and the U.S. each approach offensive and defensive cyber operations from completely different starting points, and those differences matter enormously to defenders.

China operates with patience. Its attacks tend to be low and slow, focused on long-term espionage rather than loud disruption. But that changes sharply in its own region, where operations targeting Taiwan are aggressive and relentless. Russia, by contrast, is bombastic; they want you to know it was Russia. Its influence operations have been some of the most effective in modern history, studied and imitated by Iran and others.

Interestingly, the very system China built to protect itself has become a liability in one specific domain. Because Chinese operators live behind the Great Firewall, without access to western social media, they lack the cultural fluency that makes Russian disinformation so effective. "They try to use memes, but it's like 'uncanny valley'," Mellen explains. "They just slightly miss every time and so it doesn't go viral." The walled garden that gives China control over its own population makes it harder to manipulate everyone else's.

## Attribution Is a Geopolitical Tool, Not Just a Technical One

Mellen is careful about attribution, and she wants defenders to be too. The standard technical signals (coding language, infrastructure patterns, operational hours) are necessary but not sufficient. Nation-states, especially the U.S., have developed tools specifically designed to mimic other actors' signatures. AI will make that problem significantly worse.

But the bigger issue is motivation. Mellen walks through a case from the Olympics where an attack was initially attributed to North Korea, even though North Korea was actively trying to normalize relations at the time by sending Kim Jong Un's sister to the games. The actual perpetrator was Russian, using a false flag to obscure its involvement. The lesson: Attribution requires asking not just "who has the technical capability?" but "who has the motive right now, given everything happening geopolitically?"

The pitfalls are real:

* Tools once used exclusively by intelligence agencies are now publicly available, making code signatures unreliable.
* Working-hours analysis is easy to spoof, especially for sophisticated actors.
* Government-controlled research in adversarial nations can deliberately skew attribution findings.
* False flag operations are increasingly sophisticated and harder to disentangle.

## Why Your Data Is a Geopolitical Asset

One of the more powerful sections of the conversation centers on a question Mellen hears constantly: why would China care about my data?

Her answer cuts through the dismissiveness. These nations aren't collecting data out of idle curiosity. They're willing to constrain companies for it, invest billions in infrastructure for it, and in some cases, far worse. "Whether you wanna be involved in that system or not, you are involved in that system," she says. "And so you can either choose to take control of your information in that environment, or you can just pretend like it's not your problem."

The historical context she offers is striking. One of the driving forces behind GDPR in the EU was the collective memory of how Nazi Germany used data to target Jewish people during the Holocaust. Europe built privacy protections into law because it had seen what happens when governments gain unrestricted access to population data. That's not an abstract concern. It's a lesson written in history that the rest of the world is still catching up to.

## AI Makes Everything Harder

Mellen isn't optimistic about the trajectory. Attribution is about to get much harder. Attacks are about to get much more dynamic. And AI is the reason for both.

She points to research on Chinese state-sponsored actors using AI to orchestrate attacks across the full kill chain, with only a couple of human checkpoints in the loop. The implication isn't just faster attacks. It's more adaptive malware that can adjust to different operating environments, more convincing disinformation that clears the cultural context bar, and reconnaissance-to-exploitation cycles that move faster than most defenders can process.

The constraints that have always slowed sophisticated attackers -- understanding the operating system, identifying vulnerabilities, crafting exploits, mimicking attribution -- all get easier with AI. All of that becomes more dynamic. And most enterprises, Mellen acknowledges, are not yet equipped to respond effectively.

The investment required is in the basics the industry has always struggled to get right, executed now at a pace and scale that demands automation and AI on the defensive side. [Fighting AI with AI](https://www.paloaltonetworks.com/blog/2026/05/how-long-it-takes-to-lose-data/?ts=markdown) isn't a vendor talking point. It's the only math that works.

### More to Explore

The nation-state threats Mellen describes aren't theoretical. Unit 42 responded to more than 750 major incidents in 2025. See what they found. [Download the 2026 Global Incident Response Report.](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown)

*Listen to the full conversation with Allie Mellen, author of Code War, on* [*the Threat Vector podcast*](https://thecyberwire.com/podcasts/threat-vector/113/notes)

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [People of Palo Alto Networks](https://www.paloaltonetworks.com/blog/category/people-of-palo-alto-networks/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### When Security Becomes an Afterthought](https://www.paloaltonetworks.com/blog/2026/02/when-security-becomes-an-afterthought/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### The Challenge of Cybersecurity Frenemies and Collaboration](https://www.paloaltonetworks.com/blog/2025/08/cybersecurity-frenemies-collaboration/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown)

[#### Security by Design --- UX and AI in Modern Cybersecurity](https://www.paloaltonetworks.com/blog/2025/07/security-by-design-ux-ai-modern-cybersecurity/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Global Reach --- The New Scale of Chinese Cyberthreats](https://www.paloaltonetworks.com/blog/2025/06/new-scale-chinese-cyberthreats/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Baby Tigers Bite --- The Hidden Risks of Scaling AI Too Fast](https://www.paloaltonetworks.com/blog/2025/06/hidden-risks-scaling-ai-too-fast/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Bruce Byrd on Public-Private Partnerships in Cybersecurity](https://www.paloaltonetworks.com/blog/2025/04/bruce-byrd-on-public-private-partnerships-in-cybersecurity/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer} Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown)

* [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown)

* [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown)

* [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown)

* [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown)

* [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown)

* [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown)

* [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown)

* [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown)

* [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown)

* [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)  
  Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)

* [Careers](https://jobs.paloaltonetworks.com/en/)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)

* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)

* [Investor Relations](https://investors.paloaltonetworks.com/)

* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)

* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)  
  Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)

* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)

* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)

* [Event Center](https://events.paloaltonetworks.com/)

* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)

* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)

* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)

* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)

* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)

* [Tech Docs](https://docs.paloaltonetworks.com/)

* [Unit 42](https://unit42.paloaltonetworks.com/)

* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)

* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)

* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)

* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)

* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language