Despite softened bill language, observers still optimistic about independent cyber force assessment
Following the inclusion of language in the annual defense policy bill to study alternate organizational models for military cyber forces — albeit softer than initially proposed — those in the cyber community remain positive regarding an independent assessment of a potential standalone service.
The House and Senate Armed Services Committees released the text of the compromise fiscal 2025 National Defense Authorization Act on Dec. 7, which included a provision calling for an independent assessment by the National Academies of Sciences, Engineering, and Medicine to “conduct an evaluation of alternative organizational models for the cyber forces of the Armed Forces.”
Each chamber passed nearly identical provisions earlier this year directing the Defense Department to enter into an agreement with the Academies to conduct an evaluation regarding the advisability of establishing a separate military service focused on cyber or refining and further evolving the current organizational approach for Cybercom based on the Special Operations Command model.
However, the final compromise version stripped some of the original language, and some sources referred to the final version as being watered down.
There is no longer due date for such an assessment, meaning it will likely fall down on the prioritization list unless funds are allocated to the Academies to conduct the assessment.
Moreover, the final version placed a larger focus on alternative models for cyber forces rather than solely focusing on an independent armed service, likely a nod to efforts currently underway by DOD and Cybercom to examine other readiness models and force generation, dubbed Cybercom 2.0.
These measures likely have been put in place to weaken the overall provision and effort to examine a potential sixth armed service.
In a statement, Rep. Morgan Luttrell, R-Texas, who co-sponsored the measure in the House Armed Services Committee, said he was “disappointed that my amendment to evaluate the need for a Cyber Force was scaled back.”
Members believe that while some progress has been made to advance America’s cyber forces, much more work is left to do and all options are on the table.
“Since arriving in Congress, I have used my role on the House Armed Services Committee to advance several initiatives to strengthen and expand the cyber capabilities of our armed forces,” Rep. Chrissy Houlahan, D-Pa., said in a statement. “Although significant progress has already been made to ensure our military’s cyber capabilities are the most advanced in the world, there is still more work to be done to ensure that we remain ahead of our adversaries in this important domain. It is important that we remain open to all options to move forward, including the creation of a distinct uniformed Cyber Force, and I am glad that the Fiscal Year 2025 National Defense Authorization Act mandated a new independent study on this important question.”
Others in Congress are positive they can use their oversight powers to push the DOD.
“This study is a step in the right direction and Congress, through its power of oversight can work to ensure the sense of the language is executed,” Rep. Pat Fallon, R-Texas, said in a statement. “All options are on the table except the status quo regarding the DOD’s manning, training, and operations in the cyber domain because the scope, scale, and level of sophistication of the threat has changed. We all agree that we need to adapt fast to show our adversaries power through strength. … I am sure that the incoming administration will take a hard look at everything within the cyber realm to ensure maximum protection, efficiency, and lethality. We in Congress will do the same and I am confident we’ll see changes based on the level of threats we are faced with.”
Some close observers were also optimistic and excited that the assessment made it into the compromised version, despite the changes, especially given a similar proposal that passed the Senate last year was axed from the final bill.
The Cyber Force provision “was diluted — but I am glad it made it — and it remained independent,” Mark Montgomery, senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation and former executive director of the congressionally mandated Cyberspace Solarium Commission, said. “I think DOD may come to regret this effort to weaken the study if the incoming Administration has any plans if its own with regard to an independent cyber service.”
The Record previously reported that DOD formally objected to the assessment proposal that came out of the Armed Services Committees earlier this year.
Some observers are also under the impression that the incoming Trump administration might be more inclined to back — or even direct — the creation of a Cyber Force, much like it did for the Space Force.
Others indicated that the legislation is overall a positive development.
“This legislation is a major step in the right direction,” said Dan Van Wagenen, co-founder and vice president of the Association of the United States Cyber Forces (AUSCF), a nonprofit dedicated to supporting the cyber warfighter. “After five years of debate and analysis, there is a growing consensus that the U.S. needs a dedicated Cyber Force to defend America in Cyberspace. While AUSCF would have liked to have seen the provision go further with the National Academies having a due date to report to the Congress, we are excited to see this critical first action necessary for the establishment of an independent US Cyber Force. It is our hope the incoming Congress and Administration continue to prioritize Cyber in 2025 and beyond.”
There is widespread agreement, however, that the current model needs to be refined, especially in light of advances in adversary capabilities and number of cyber forces.
“If there’s one thing history teachers us, it’s that the enemy gets a vote. Since U.S. Cyber Command was established about a decade and a half ago, our forces have adapted to the evolving operational environment,” Chris Cleary, national president of the Military Cyber Professionals Association (MCPA), a nonprofit dedicated to advocating for military cyber issues, said. “What the MCPA stands firm on is calling for the continued refinement to organizational constructs to better enable success in combat, conflict, and competition. We, as a nation, must continue investing in serious sober analysis of how to increase effectiveness in cyberspace … just like we do for other domains such as the land and sea. This is why we at the MCPA host critical dialogue on such topics. Our national strategic leadership may want incremental change, or something more bold. I’m excited to see what comes of a new study.”
The House passed the NDAA on Wednesday. It must also be passed by the Senate and signed by the president to become law.
