The US must create an independent cyber armed service, report argues

Capt. Taiwan Veney, cyber warfare operations officer, watches members of the 175th Cyberspace Operations Group analyze log files and provide a cyber threat update at Warfield Air National Guard Base, Middle River, Md., June 3, 2017.

Capt. Taiwan Veney, cyber warfare operations officer, watches members of the 175th Cyberspace Operations Group analyze log files and provide a cyber threat update at Warfield Air National Guard Base, Middle River, Md., June 3, 2017. J.M. Eddins Jr./U.S. Air Force

The study involved interviews with over 75 active-duty and retired U.S. military officers and argues an independent Cyber Force is an ideal operating model.

A whitepaper released Monday urges Congress to create a new military service branch dedicated to cybersecurity operations that would sit alongside the Air Force, Navy and other armed forces, arguing that current military configurations don’t give the U.S. the best chance at combating adversaries in cyberspace.

The 40-page research paper from the Foundation for Defense of Democracies calls for a Cyber Force branch to be stood up as the seventh military branch in the Pentagon on grounds that current cyber forces are not ideally aligned, citing input from some 75 anonymous current and retired service members.

“China has already centralized its cyber, space, electronic warfare, and psychological warfare capabilities within its Strategic Support Force. Russia is actively leveraging cyber operations both on the battlefield and to threaten U.S. critical infrastructure and interfere in American politics,” the report says, calling the matter an “alarming picture” that needs addressing.

The U.S. military’s cyberspace oversight is currently anchored to Cyber Command, one of several unified combatant commands that amalgamates service staff across multiple branches. The head of CYBERCOM has joint command of the cyber operation and the National Security Agency, focusing on defending Pentagon networks and offensive military operations in cyberspace.

The proposed branch would be tethered to the Army and granted 10,000 personnel with a $16.5 billion budget. FDD, a national security think tank, argues the Department of Defense’s current cyber staff buildout has caused multiple shortfalls, including inability to fully use cyber talent and tools, compensation gaps and poor culture that damages cyber servicemembers’ morale.

The research unpacked military cyber occupations across each service, showing training cost inconsistencies across job types like technicians and intelligence analysts and noting that service branches don’t designate individuals for specific roles linked to CYBERCOM.

It adds that these formations cause cyber staff to be passed over for advancements because they don’t serve in prior traditional roles, leading branches to promote operatives that don’t possess cyber expertise into commanding positions.

The speed of cyber tool development, by nature, is faster than that of tools and equipment procured in other branches, yet acquisition budgets for other services are much higher than what is allotted to CYBERCOM, which is often “stuck with out-of-date capabilities and is forced to borrow the NSA’s tools,” leading to other “detrimental effects,” FDD says. 

Despite intense working conditions, cyber operatives are also not afforded the same mental health care as counterparts in other roles, it says.

“I think many folks in military cyber have been struggling with inexperienced leadership. But in [my service], those put in charge of cyber units can be downright hostile to technical cyber officers,” said one officer interviewed in the study, who described their experience of retaliation by their commanding officer for seeking mental health treatment.

A draft of last year’s must-pass defense policy bill called for the National Academy of Public Administration to study the creation of a cyber force, but that provision was ultimately cut in the final version, leaving the upcoming 2025 defense policy blueprint as the next opportunity for lawmakers to include a related measure.

Standing up such a force would have at least some short-term implications. For instance, transferring proper IT personnel to the new branch would take time and risk depleting essential staff already at CYBERCOM, FDD acknowledged. Others in the study argued the Space Force should be focused on cyber capabilities because space assets like satellites and other communications equipment often intersect with cybersecurity through their role in data transfers.

“We need to absolutely get better or we’re going to create a catastrophic condition where an adversary’s cyber capabilities either enable him to do something we can’t stop or [enable] him to stop us from doing something we need to do,” Mark Montgomery, senior director of FDD’s Center on Cyber and Technology Innovation and the study’s co-author, told reporters ahead of the release.

Montgomery added that the analysis will soon be floated to lawmakers in an effort to get a renewed Cyber Force study off the ground.