WASHINGTON — While the Pentagon studies the pros and cons of standing up a Space Force-like independent cyber military service, one official today warned that it could potentially pose new challenges for the department when it comes to understanding warfighting needs within the military services.
“I think the question is that for people who think the cyber service is the answer to our…current challenges in cyber personnel management: be careful what you wish for,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, said today at a Defense Writers Group event. “A cyber service might have some benefits in ease of administrative management, but we have a variety of…military services in the Department of Defense who perform a variety of missions.” Eoyang added that “those missions are enabled by technologies that are particular to those mission sets,” and that “having a cyber service that is divorced from those particular mission sets may pose some challenges in understanding the warfighting needs of the services to provide cyber to enable that fight.”
DoD is “going to study” the feasibility of creating an independent cyber force and its pros and cons, Eoyang added. She referred to section 1533 of the fiscal 2023 version of the National Defense Authorization Act [PDF] which required DoD to “study the prospect of a new force generation model” for US Cyber Command. As it currently stands, USCYBERCOM is responsible for employing personnel from each military service to combatant commands. One provision directly related to the creation of a cyber force was included in the Senate Armed Services Committee’s (SASC) version of the FY24 National Defense Authorization Act requires the secretary of defense to work with the National Academy of Public Administration to evaluate the efficacy of a “separate Armed Force dedicated to operations in the cyber domain.”
In July, Lt. Gen. Timothy Haugh, then-nominee to head USCYBERCOM and the National Security Agency, was asked by the SASC [PDF] ahead of his nomination hearing whether DoD should continue to mature CYBERCOM following the US Special Operations Command model or create a separate cyber service.
“Congress and the Department have set the conditions for US Cyber Command to achieve this same success, leveraging expanded acquisition authorities and enhanced budget control to train and equip our cyberspace forces,” Haugh said then. “These tools are just now coming to a point that will allow the command to ensure prioritization, resource allocation, and efforts to deliver the necessary cyber systems and capabilities. We should continue this approach to allow adequate time to see the results of these authorities in improving the readiness and capabilities of our cyberspace forces.”
Comment: Fresh off the successful implementation of the Space Force, The Senate now has a hankering for establishing a Cyber Force. So far, they’re just asking CYBERCOM to study the idea. Since it’s establishment, CYBERCOM has used the SOCOM model to shape the development of necessary forces by the services. Note there is no real push to establish a Special Operations Force. Every service is eager to develop their own cyber forces much like they all want their own special operations forces. This model of force generation has worked very well for SOCOM and it will probably do the same for CYBERCOM. What makes this system work is that both unified combatant commands have been given enhanced authorities to shape the services’ force generation and acquisition processes.
I have come to see the value of creating the Space Force. Colonel Lang was always a big supporter. I had my doubts and thought that reestablishing the SPACECOM as a combatant command was the more important task. But space is a research, development and acquisition heavy domain. As Colonel Lang often noted, the Air Force fighter pilot mafia would never give space the same priority as its aircraft. I doubt the other services would either. The cyber domain is more reliant on a well trained force rather than expensive technology. This makes it much closer to the special operations realm.
Much like SOCOM has JSOC, CYBERCOM has established the Cyber National Mission Force (CNMF) as a subordinate unified command. This is the force charged with planning and conducting defensive and offensive cyber operations usually overseas and in foreign networks. To accomplish this mission the CNMF teams work closely with foreign partners, US law enforcement and intelligence agencies and the private US IT industry. As the Cyber Command website tells it: “today, CNMF is composed of 39 joint cyber teams organized in six task forces with 2,000-plus Soldiers, Sailors, Marines, Airmen, Coast Guardsmen, Guardians, and NSA and DIA civilians.”
The Army has established a cyber branch for career development, just like we now have a special operations career field. We had to wait decades for that to happen. Cyber operators should consider themselves lucky they didn’t have to wait for this. Other services have established their equivalent of cyber branch. CYBERCOM establishes the training standards for these forces and the services man and train the CNMF teams.
These CNMF teams appear to be the closest thing, organizationally, to my cyber HUMINT collection team back at the dawn of the millennium. We had HUMINT collectors, linguists, technical pros (self-trained hackers, network engineers and software developers). We also had embedded NSA personnel and contractors. We had near daily contact with NSA, CIA and FBI offices as well as our own DIA General Counsel. We worked in the wild, but we were purely an intelligence collection outfit. We could not execute defensive or offensive cyber operations like these CNMF teams.
One thing we were exploring when I retired was the addition of an advanced AI suite to assist in the targeting and tracking of our targets. I hope the CNMF teams have a similar capability to assist in their operations. Whether DIA followed through with this or even kept my old collection platform is unknown to me. I made a hell of a lot of enemies among the Defense HUMINT bureaucracy with my highly unorthodox ideas.
The SASC questionnaire filled out by Lt Gen Haugh contains a wealth of unclassified information on CYBERCOM and the current state of US cyber operations. It’s a long, but easy read. The short video interview with him at the Billington CyberSecurity Summit is also informative. Haugh will be the next CINCCYBERCOM and DIRNSA so his ideas should carry through the next few years. I share his stated preference for no separate Cyber Force and no separate CYBERCOM. He makes a good case for remaining dual hatted as CINCCYBERCOM and DIRNSA… at least for the foreseeable future.