“Be careful what you wish for:” DoD official warns separate cyber force could pose new challenges

WASHINGTON — While the Pentagon studies the pros and cons of standing up a Space Force-like independent cyber military service, one official today warned that it could potentially pose new challenges for the department when it comes to understanding warfighting needs within the military services. 

“I think the question is that for people who think the cyber service is the answer to our…current challenges in cyber personnel management: be careful what you wish for,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, said today at a Defense Writers Group event. “A cyber service might have some benefits in ease of administrative management, but we have a variety of…military services in the Department of Defense who perform a variety of missions.” Eoyang added that “those missions are enabled by technologies that are particular to those mission sets,” and that “having a cyber service that is divorced from those particular mission sets may pose some challenges in understanding the warfighting needs of the services to provide cyber to enable that fight.”

DoD is “going to study” the feasibility of creating an independent cyber force and its pros and cons, Eoyang added. She referred to section 1533 of the fiscal 2023 version of the National Defense Authorization Act [PDF] which required DoD to “study the prospect of a new force generation model” for US Cyber Command. As it currently stands, USCYBERCOM is responsible for employing personnel from each military service to combatant commands. One provision directly related to the creation of a cyber force was included in the Senate Armed Services Committee’s (SASC) version of the FY24 National Defense Authorization Act requires the secretary of defense to work with the National Academy of Public Administration to evaluate the efficacy of a “separate Armed Force dedicated to operations in the cyber domain.” 

In July, Lt. Gen. Timothy Haugh, then-nominee to head USCYBERCOM and the National Security Agency, was asked by the SASC [PDF] ahead of his nomination hearing whether DoD should continue to mature CYBERCOM following the US Special Operations Command model or create a separate cyber service.

“Congress and the Department have set the conditions for US Cyber Command to achieve this same success, leveraging expanded acquisition authorities and enhanced budget control to train and equip our cyberspace forces,” Haugh said then. “These tools are just now coming to a point that will allow the command to ensure prioritization, resource allocation, and efforts to deliver the necessary cyber systems and capabilities. We should continue this approach to allow adequate time to see the results of these authorities in improving the readiness and capabilities of our cyberspace forces.”

https://breakingdefense.com/2023/09/be-careful-what-you-wish-for-dod-official-warns-separate-cyber-force-could-pose-new-challenges/

Comment: Fresh off the successful implementation of the Space Force, The Senate now has a hankering for establishing a Cyber Force. So far, they’re just asking CYBERCOM to study the idea. Since it’s establishment, CYBERCOM has used the SOCOM model to shape the development of necessary forces by the services. Note there is no real push to establish a Special Operations Force. Every service is eager to develop their own cyber forces much like they all want their own special operations forces. This model of force generation has worked very well for SOCOM and it will probably do the same for CYBERCOM. What makes this system work is that both unified combatant commands have been given enhanced authorities to shape the services’ force generation and acquisition processes.

I have come to see the value of creating the Space Force. Colonel Lang was always a big supporter. I had my doubts and thought that reestablishing the SPACECOM as a combatant command was the more important task. But space is a research, development and acquisition heavy domain. As Colonel Lang often noted, the Air Force fighter pilot mafia would never give space the same priority as its aircraft. I doubt the other services would either.  The cyber domain is more reliant on a well trained force rather than expensive technology. This makes it much closer to the special operations realm. 

Much like SOCOM has JSOC, CYBERCOM has established the Cyber National Mission Force (CNMF) as a subordinate unified command. This is the force charged with planning and conducting defensive and offensive cyber operations usually overseas and in foreign networks. To accomplish this mission the CNMF teams work closely with foreign partners, US law enforcement and intelligence agencies and the private US IT industry. As the Cyber Command website tells it: “today, CNMF is composed of 39 joint cyber teams organized in six task forces with 2,000-plus Soldiers, Sailors, Marines, Airmen, Coast Guardsmen, Guardians, and NSA and DIA civilians.”

The Army has established a cyber branch for career development, just like we now have a special operations career field. We had to wait decades for that to happen. Cyber operators should consider themselves lucky they didn’t have to wait for this. Other services have established their equivalent of cyber branch. CYBERCOM establishes the training standards for these forces and the services man and train the CNMF teams.

These CNMF teams appear to be the closest thing, organizationally, to my cyber HUMINT collection team back at the dawn of the millennium. We had HUMINT collectors, linguists, technical pros (self-trained hackers, network engineers and software developers). We also had embedded NSA personnel and contractors. We had near daily contact with NSA, CIA and FBI offices as well as our own DIA General Counsel. We worked in the wild, but we were purely an intelligence collection outfit. We could not execute defensive or offensive cyber operations like these CNMF teams.

One thing we were exploring when I retired was the addition of an advanced AI suite to assist in the targeting and tracking of our targets. I hope the CNMF teams have a similar capability to assist in their operations. Whether DIA followed through with this or even kept my old collection platform is unknown to me. I made a hell of a lot of enemies among the Defense HUMINT bureaucracy with my highly unorthodox ideas. 

The SASC questionnaire filled out by Lt Gen Haugh contains a wealth of unclassified information on CYBERCOM and the current state of US cyber operations. It’s a long, but easy read. The short video interview with him at the Billington CyberSecurity Summit is also informative. Haugh will be the next CINCCYBERCOM and DIRNSA so his ideas should carry through the next few years. I share his stated preference for no separate Cyber Force and no separate CYBERCOM. He makes a good case for remaining dual hatted as CINCCYBERCOM and DIRNSA… at least for the foreseeable future. 

TTG

https://www.defense.gov/Multimedia/Videos/videoid/817065/

https://www.cybercom.mil/Media/News/Article/3250075/the-evolution-of-cyber-newest-subordinate-unified-command-is-nations-joint-cybe/

This entry was posted in Cyber, Intelligence, The Military Art, TTG. Bookmark the permalink.

13 Responses to “Be careful what you wish for:” DoD official warns separate cyber force could pose new challenges

  1. drifter says:

    Hoping the military police get their own branch. Nice to have someone against the other a**holes.

  2. James says:

    The ability for the US military to carry out offensive cyber operations relies on security holes that exist in the software that we all use – Linux, Windows, MacOS, Kubernetes. I wonder if keeping those holes open (rather than building truly secure operating systems with microkernels and Mandatory Access Controls) will continue to be a good cost/benefit trade off for us. China and Russia both have a lot of math skills – which is what hacking ability is based on.

    • jld says:

      Is seriously doubt that “hacking ability” is based on math skills.
      Programming proficiency is in the neighbourhood of maths but very different.
      Saying this as a (retired) software engineer.

      • James says:

        jld,

        Perhaps I am biased because at my university the Computer Science department was part of the Math faculty … but they indoctrinated me well because I think it should be.

      • TTG says:

        jld,

        I agree that coding is not dependent on math skills, but AI coding is apparently very dependent on high level math concepts. A buddy of mine who develops truly state of the art AI developed an entirely new branch of geometric algebra in order to continue his coding. I can’t understand any of it.

    • different clue says:

      Perhaps we could keep our swissy-cheesey full-of-holes internet for those who consider it good enough, and create a locky-downy securenet for those who would prefer a hacker-proof securenet.

      ( I am just an old analog refugee in this new digital world, so its just a free-form thought).

    • TTG says:

      James,

      The USG owns only a small fraction of the internet. They can secure a lot of it, but not all of it. The internet outside of USG control is massive and ever changing. It will remain full of holes with new holes appearing with every new piece of software added. It’s a target rich jungle out there.

  3. leith says:

    General Haugh’s and DASD Eoyang’s arguments persuade me there should not be a separate CyberForce. And hell, we already have six service branches. Another would be too many. I dread to think what their uniforms would look like – perhaps a digital rain as depicted in lala-land’s version of The Matrix?

    But the bigger issue is that Haugh is spread too thin by wearing three hats – NSA Director, CSS Chief and CyberCom Commander. Austin (or Congress?) should split off the CyberCom job so that commander can devote full time to the mission. And DASD Eoyang’s position in Cyber Policy seems to be buried somewhere in the cluttered org chart labyrinth at the pentagon. She should be a full Assistant Secretary and not a Deputy two layers down underneath the ASD for Space. And why would cyber policy be subordinate to space policy? Seems the Air Force Blob is trying to take over the world.

    • TTG says:

      leith,

      I watched Defense Intelligence go through a monstrous organizational expansion while I was still in it. It became the Defense Intelligence Enterprise with all kinds of dual hatted and parallel headquarters elements. I could not chart it out if a gun was held to my head. Maybe it makes sense. It definitely made for a lot more SES/SIS billets. I bet the NSA/CYBERCOM lashup is just as convoluted. I would imagine Haugh would have separate staffs for each of his hats. I also think CYBERCOM and NSA should eventually separate if only to separate the operational attack/defend mission from the NSA intelligence mission. The CNMF is, in my opinion, the key to the cyber mission. I’m glad that’s a subordinate unified command like JSOC.

      I’m not surprised that the DASD for cyber policy is under the ASD for space. When Joint Task Force-Computer Network Defense (JTF-CND) was established in 1998, it was under SPACECOM. It and JFCC-NW eventually moved to STRATCOM before they both were merged in what was to become CYBERCOM. It’s always been convoluted. Give it a couple of years, the DOD level organization will undoubtedly change again.

      The Air Force has always been a major player, but the Army moved quickly to also grow the mission. NSA always laid claim to all things cyber. Rice bowl wars have always been and always will be. This is another good reason to end the dual hat lash up.

  4. Keith Harbaugh says:

    Benjamin Netanyahu has some words of wisdom concerning AI:

    Netanyahu warns of potential ‘eruption of AI-driven wars’
    that could lead to ‘unimaginable’ consequences

    https://www.foxnews.com/world/netanyahu-warns-potential-eruption-ai-driven-wars-lea

    “The perils are great, and they are before us:
    The disruption of democracy,
    the manipulation of minds,
    the decimation of jobs,
    … and
    the hacking of all the systems that facilitate modern life,”
    [Netanyahu] said. 

    “Yet, even more disturbing is the potential eruption of AI-driven wars that could achieve an unimaginable scale,” Netanyahu said.
    “Behind this perhaps looms an even greater threat, once the stuff of science fiction —
    that self-taught machines could eventually control humans
    instead of the other way around.”

    Netanyahu called on other nations to address such concerns about a future where
    “self-taught machines could eventually control humans” and to ensure “that
    the promise of an AI utopia does not turn into an AI dystopia.”

    • TTG says:

      Keith Harbaugh,

      On the other end, we have more squad level, face-to-face fighting in the trenches. Even the FPV drone strikes are far more personal than the old artillery barrages. AI is a well controlled assistant to the soldier at this level. The danger of AI is if professional soldiers hand over the battle to AI-driven decision making machines.

      BTW, your link was cut off.

      https://www.foxnews.com/world/netanyahu-warns-potential-eruption-ai-driven-wars-lead-unimaginable-consquences

      • wiz says:

        TTG

        soon there will be no choice. The number and sophistication of drones in Ukraine are rising exponentially. A year from now, there will be many tens of thousands of drones of various types wizzing around over the battlefield. Add to that the imminent emergence of AI driven drones. The complexity and the necessary reaction times will require an AI to coordinate much of it.

        Netanyahu is ofc concerned cause he understand that Iron Dome will not be able to cope with this new threat.

Comments are closed.