Ten years after the war in Georgia, which marks the first use of cyber attacks in support of kinetic operations, no one doubts that future armed conflicts will be waged also in cyberspace. In 2016 NATO has declared cyberspace as a “domain of operations”, and it has recently agreed to establish a Cyber Operations Center at SHAPE. The Command Vision for US Cyber Command, published last March, confirms that cyberspace is “already militarized”, and that it is, in fact, a continuously contested domain where deterrence is impossible without persistent engagement with the adversaries. How are the Armed Forces adapting their mandate, doctrines, capabilities and force structures to the evolving security scenario? Is it possible to establish humanitarian norms and red lines applicable to the use of force in cyberspace? What are the major difficulties in creating an international cyber armament control regime? Why are national critical infrastructures so relevant in cyber defence?