An argument against establishing a U.S. Cyber Force

Over the past twenty plus years, the Department of Defense has made significant progress normalizing cyberspace operations. After United States Cyber Command was established in 2010, DOD continued to conduct most facets of DOD cyberspace operations through the command. This Cybercom-centric approach, built on centralized authorities and control, has resulted in many significant operational outcomes for the nation. Despite that progress, DOD struggles with recruiting, training, retaining, and tracking operational readiness of its cyberspace forces. 

Through several National Defense Authorization Acts, Congress mandated studies focused on these challenges. The Office of the Secretary of Defense, the Principal Cyber Advisor, Cybercom, and the rest of the DOD cyberspace operations community are currently supporting DOD’s response to each study. Cybercom 2.0 is the capstone response which will include the command’s recommendations to the secretary of defense and Congress. Recent academic examination and inquiry into these challenges has produced a variety of solutions — not all informed by realism or logic. Some academics, military leaders and politicians believe that establishing a U.S. Cyber Force will address challenges faced by the DOD cyberspace operations community. We disagree.

Proponents of USCF establishment often cite excision of the U.S. Army Air Corps from the Army to form the U.S. Air Force as precedent for their argument. Equating the creation of the USAF to the proposals for a USCF is built on flawed logic and a fundamental misunderstanding of DOD cyberspace operations missions. 

Proponents leverage the aforementioned force generation and readiness challenges then employ a logic that there are no unique aspects of cyberspace, or cyberspace functions, specific to the services to justify the establishment of a USCF. The argument continues that this homogenous domain requires a standalone advocate because the services do not have unique equities and therefore cannot advocate properly for the maturity of DOD cyberspace operations overall. But cyberspace is not the same across the services, and the excision argument built on this is therefore similarly challenged. 

For example, DOD cyberspace enclaves are not separable components that can be removed and used to create a USCF. These enclaves, and their interconnected functions, permeate all facets of DOD operations and support activities. Furthermore, the cyberspace expertise resident within each service is tailored to the unique mission and domain-specific requirements for the cyberspace elements supporting the warfighting platforms in the physical domains (land, air, maritime and space.) 

A USCF would, by necessity, be forced to integrate itself within each of the other services, since cyberspace systems, and the forces that secure, operate and defend them cannot be extracted from the existing services. Such an integration has already been most efficiently accomplished by establishing cyberspace forces within each of the services. Giving these cyberspace forces a new uniform and a new chain-of-command will not improve the operational integration of cyberspace with the other domains.  

Following the logic applied by most proponents, establishing a separate USCF would be equivalent to establishing a separate service that flies all military aircraft or a separate service to drive and maintain all military trucks. Of course, that is not a reasonable approach, but neither is establishing a service whose forces would need to be similarly integrated at the tactical level with the forces of other services. 

Practically, the Marine Corps’ experience in Guadalcanal and the resultant establishment of the Marine Air-Ground Task Force (MAGTF) are illustrative comparisons. During the Marine campaign in August 1942, Naval air and amphibious support forces “left the 1st Marine Division alone” and “exposed to Japanese attacks,” rendering them “virtually a besieged garrison.” In December 1963, the Marine Corps published Marine Corps Order 3120.3 which formalized the MAGTF as an organization to ensure the Marine Corps deployed projection forces with the ability to move ashore with sufficient sustainability for prolonged operations, including organic air, ground and support assets. Today cyberspace operations are also integrated into the standard MAGTF structure. There are similar examples that demonstrate how quintessential elements of force projection are retained within each service, and cyberspace forces should be no different. Cyberspace operations are inherently connected to the modern battlefield, so cyberspace forces must be integrated down to the tactical level — an effect which is best achieved by the current model.

A recent article claimed that a USCF should be established because only a USCF could adequately develop and maintain doctrine for cyberspace operations. The article claims that the Army is primarily responsible for developing cyberspace operations doctrine today. These claims are false. Congress gave the Cybercom commander authority to develop doctrine for DOD cyberspace operations in section 167b of Title 10 U.S. Code, and Cybercom has diligently worked to do so.

The article claims that there is only one joint doctrine publication for cyberspace operations. This claim is also false. There are two joint publications for cyberspace operations (Joint Publication 3-12 Joint Cyberspace Operations, and Joint Publication 6-0 Joint Communications).

Furthermore, Cybercom develops and maintains many command-level doctrine publications in a Cyber Warfighting Library, and some of the services have developed service-specific doctrine for cyberspace operations (e.g. Army Field Manual 3-12 Cyberspace Operations and Electromagnetic Warfare and Air Force Doctrine Publication 3-12, Cyberspace Operations, and Navy Warfare Publication 3-12 Cyberspace Operations). Doctrine development for DOD cyberspace operations is not a challenge equivalent to recruiting, training, retaining, and tracking readiness of cyberspace forces.

Proponents of USCF establishment often present creation of a new service as the only reasonable approach to address training and readiness issues faced by Cybercom and the services. This assertion is false. Congress recently expanded Cybercom service-like authorities to include enhanced budgetary control, and the president designated the command as joint force provider and joint cyberspace trainer for cyberspace forces. Despite becoming a unified combatant command in 2018, it is only now in 2024 that there is a complete alignment between acquisition, the scope of training and provisioning, and budgetary responsibility and authorities. Therefore, it is only in fiscal 2024 that the commander responsible for readiness of cyberspace forces now has the authority over the acquisitions and resources to drive that readiness. These authorities have not yet been fully implemented and evaluated, but external commentators are already calling for a solution that is completely divergent from the Cybercom-centric approach U.S. leadership has advocated for consistently over the past 15-plus years. 

Both the former Cybercom commander, retired Gen. Paul Nakasone, and the current Cybercom commander, Gen. Timothy Haugh, answered congressional inquiry about establishing a new service with discussion on how effective the existing U.S. Special Operations Command (Socom)-like model is. Nakasone also publicly declared his opposition to the creation of a new service for cyberspace operations. A recent article highlights Mieke Eoyang, deputy assistant secretary of defense for cyber policy, advising caution toward the idea of creating a USCF. The article quotes her as warning “be careful what you wish for” in reference to the aforementioned excision fallacy.

Recent articles claim that existing services place a low priority on, and perform poorly at, recruiting and retaining cyberspace forces. Creating a new service is not the only way of addressing this problem and it should not be presented as such. Congress, DOD and Cybercom need to hold the services accountable for providing the trained and ready cyberspace forces they’ve been tasked to deliver. What existing programs can be used to improve performance? How might the Congress, DOD and Cybercom help the services improve recruiting and retention? Ultimately, what is evident to us is that some current scholarship proposes a course of action without adequately considering alternatives to the one they prefer. Without providing complete evaluation criteria to compare proposals against, the community of interest is left wanting.

However, aside from the obvious associated cost, the most critical evaluation criteria must be disruption. Cybercom is responsible for ensuring the security, operations and defense of all DOD-controlled cyberspace, defending the nation from advanced cyber threats, and providing cyberspace operations support to other combatant commands. These are critical all-day-every-day missions. Among the wide range of possible solutions, which options are least disruptive to these ongoing missions? What options are most likely to result in steady improvement while minimizing the disruption of these missions? It is reasonable to assume that creation of a USCF would be the most disruptive option. It is highly likely that all the personnel that are actively working to implement new service-like authorities and address these challenges today would have to cease their progress to “Go figure out how to establish a cyber service.” This disruptive proposal presents unacceptable risk to the nation.

A more reasonable approach is to build up the existing Cybercom-centric model while allowing for controlled progress toward a more robust model like that of the Socom. The force generation model of Socom works because each of its service components deliver domain-peculiar forces and capabilities to the Joint Force. Maturing Cybercom’s employment of the Socom-like force generation model has the potential to address the recruiting, training, retention and readiness challenges. 

It is essential that U.S. leaders give Cybercom a reasonable amount of time to implement, test and iterate on its newly enhanced budgetary control authority, doctrine development authority, and joint force provider and joint cyberspace trainer responsibilities. Leaders, and the broader community of interest, should also allow highly-qualified DOD experts with firsthand experience to complete and present maturation recommendations under the Cybercom 2.0 initiative and likewise consider how leaders in the services, DOD and Congress can enable more rapid progress toward Cybercom 2.0-recommended solutions to address DOD’s challenges in cyberspace. 

DOD has made significant progress toward integrating cyberspace operations within broader department operations. Many challenges remain to optimizing DOD processes that enable successful cyberspace operations, but the arguments for establishing a new service do not justify this extremely expensive and radically disruptive course of action. Instead, U.S. leaders should stay the course, double down on the Cybercom-centric model for military cyberspace operations, and trust the expert recommendations of the experienced individuals they have appointed to lead military cyberspace operations on behalf of the nation. Any solution presented to address these challenges should include robust course of action evaluation criteria, including the degree to which they are likely to disrupt ongoing cyberspace operations and put the nation’s cybersecurity at risk. Future analysis should be focused on evaluating, implementing and refining Cybercom 2.0-recommended solutions.

Authors’ note: The views expressed in this work are those of the authors and do not reflect the official policy or position of the U.S. Cyber Command, the Department of Defense, or any other U.S. government entity.

Alan Brian Long Jr. is a Senior Policy and Doctrine Analyst at U.S. Cyber Command, where he serves as one of the foremost experts on DOD cyber policy and doctrine. He has 11 years of experience at Cybercom, and prior to arriving at the command, he served in the U.S. Marine Corps signals intelligence community. Brian is credited with authoring several notable cyber policy and doctrine documents within the DOD cyberspace operations community. He has deep institutional knowledge about the maturation of Cybercom and the broader DOD cyberspace operations community derived from over a decade of firsthand experience as a practitioner and action officer.

Maj. Alexander Pytlar is an Army Strategist (Functional Area 59) at U.S. Cyber Command, where he serves as the Deputy Branch Chief for the Strategy Branch within the Cybercom J55 Strategy, Policy, and Doctrine Division. His most recent assignment was as an assistant professor of geography at the United States Military Academy at West Point. Prior assignments include reconnaissance platoon leader and tank company commander, with deployments supporting Operation Enduring Freedom and Operation Spartan Shield, respectively.