Comment by XorNot

Cyber-defensive measures aren't very useful though. Once malware is known to exist, you don't "reveal a capability" by detecting it - it all boils down to basically signature analysis, or just good standard practice (air gaps, software supply chain accountability etc).

This is vastly different to real world military systems, where there are a lot more variables and no guarantees - i.e. countries have limited numbers of air defense systems and missiles, the missiles have finite non-zero flight times, the physics of detection systems and sensors are not absolute etc.

The real world is just more complicated, so the value of buzzing someone's airspace reveals a lot more information then "huh, guess they didn't click on that email".