From the American Homefront Project:
In 2019 the Space Force became the nation’s first new military branch in nearly 80 years. Now Congress is already thinking about starting another one — a cyber force.
For years, there’s been talk of creating a military branch that concentrates on the cyber domain, driven by the increasing threat posed by geopolitical rivals like China and by organizational and staffing problems with the existing U.S. military cyber operations.
Now, members of the House of Representatives and Senate have inserted language into the annual defense policy bill that calls for a study into the idea. It’s not yet clear whether the study will make it into the final version of the legislation, but Congress approved a similar study of a Space Force just before creating that branch.
The military’s current cyber structure is complicated. Each service branch has its own cyber units, while the Pentagon’s overarching U.S. Cyber Command relies on teams of troops on loan from the branches.
But at times, Cyber Command has struggled to get enough troops from the services. In 2022, Congress expressed concern about “chronic shortages of proficient personnel in key work roles.”
Backers of a new cyber force say it could fix ongoing organizational and staffing problems at the Command that are partly due to having troops from different services with different recruiting priorities, pay, and promotion standards.
“Every other domain has a force tailored to its needs,” said Emily Harding,
Director of the Intelligence, National Security, and Technology Program at the Center for Strategic and International Studies.
“There’s a Navy that really understands how to operate on and under the water,” she said. “There’s an Air Force that really understands how to operate in the air and how to bring that to the table. There’s now a Space Force that understands how space operates as a separate domain. There is no force directly directed at cyber.”
Harding said a separate cyber force could avoid the recruiting struggles that have plagued the other branches because it could set its own qualification standards.
“The cadre of people you might want to hire for a cyber force might not necessarily need to meet the same physical specifications, and that can be physical fitness, but it can also be just appearance,” she said.
For instance, a person with tech skills the military needs might not like to wear short hair, shave, or put on a uniform every day.
“And that really should be OK,” Harding said. “There’s room for that in a cyber force where there wouldn’t be in, say, the Marine Corps.”
She said a cyber force also could address recruiting challenges by relying largely on part-time National Guard and reserve troops, who could continue to work full-time private sector jobs in the high-paying tech industry, while getting advanced training and government benefits through their military duties.
‘Training that you don’t get anywhere else’
The existing cyber units at the North Carolina National Guard offer an example of how that could work. Leaders said they’ve had no trouble recruiting for the units, which help protect the computer networks of the Department of Defense and state and local governments.
“There are a lot of people that want to do cyber,” said Lieutenant Colonel Seth Barun. “There’s so many I don’t even have enough slots to put them all into.”
He said the Guard has been able to recruit both full-time troops and part-timers, who in some cases simultaneously work cyber security jobs for major corporations.
“We have access to training that you don’t get anywhere else,” he said. “And so the companies, as long as we don’t abuse it, are more than happy to let them participate in our missions.”
Cyber experts also are attracted to the North Carolina Guard, he said, because of the challenges. They often get to handle real-world cyber attacks, which they may seldom see with their employers. The Guard has hundreds of potential clients, from major state universities to small town utility systems, and it typically responds to 15 to 20 real-world attacks a year.
On a recent day, in a small dimly lit room inside the Guard’s heavily-secured headquarters, a cyber team prepared simulations for a periodic training event called Operation Tobacco Road. It’s designed to help people who run state and local government networks recognize and respond to attacks. For this one, about 60 people had signed up.
“We let them remediate any vulnerabilities or issues that they find,” said Clintonia Crocker, who helps lead the simulation exercise. “Then we move into the penetration testing phase, where these individuals come in and drive that risk through exploitation by any remaining vulnerabilities that exist.”
Some see risk in creating a new cyber service
The argument over the creation of a new cyber service has been intense, and some experts sharply disagree with the idea.
Charlie Moore, a retired Air Force lieutenant general and former deputy commander of U.S. Cyber Command, said starting a new military branch would
be dangerously disruptive.
“The threats are too great right now and the costs are too high for us to lose focus on what’s going on inside the domain at the current moment,” said Moore, who is now a Vanderbilt University professor. “We’re in a state of persistent engagement with our adversaries in cyberspace, and those threats and the level of engagement are continuing to advance at an accelerated pace.”
He said recent changes will help Cyber Command address organizational issues without creating a whole new branch. The Command now has more power to make its own budget, buy equipment, and set training standards for cyber operators across all services.
Moore is confident the Command and the individual services can address the recruiting issues together.
“That’s a much easier fix than going down the road of standing up an individual service,” Moore said. “If you want to establish a new service that’s going to take years with no guarantees of success, much longer than simply allowing U.S. Cyber Command to fully execute its new service-like authorities, it involves a very lengthy bureaucratic process and a significant transition period.”
People on both sides of the debate agree that regardless of whether Congress decides to create the Cyber Force, each of the existing services would still have to handle its own specific needs. Cybersecurity for a submarine, for example, is substantially different from a fighter jet or tank. So the branches would all need to retain at least some of their own cyber specialists.
This story was produced by the American Homefront Project, a public media collaboration that reports on American military life and veterans.