New commission to examine how to create an independent Cyber Force

A new commission has been established to chart a path toward developing an independent Cyber Force for the U.S. military.

The commission was started by the Center for Strategic and International Studies in partnership with the Cyber Solarium Commission 2.0 project at the Foundation for Defense of Democracies.

While there have been calls historically to create a new dedicated, standalone cyber service, the effort has gained steam in recent years.

Congress has sought to address these shortfalls, mostly through studies, previously.

The fiscal 2025 National Defense Authorization Act initially mandated a study for alternate organizational models for military cyber elements, to include a Cyber Force, which was considered a watered-down version from previous drafts.

The new commission won’t be examining the efficacy of a Cyber Force — something congressional studies have already been tasked with doing — but rather, looking at the foundational issues of establishing that type of entity such as the organizational structure, core functions, roles and responsibilities, and necessary authorities, according to a press release.  

Currently, the services are responsible for providing a set number of cyber mission force teams to U.S. Cyber Command, know as force generation, which employs those forces in operations.

Within the military, the services are responsible for providing the right number of trained personnel with weapons — known as “man, train and equip” — to the combatant commands that conduct the warfighting.

Outside voices have expressed concern that the services aren’t living up to this arrangement in cyber, due in part to the fact it’s not always a priority and those forces belong to Cybercom, not the services.

This has led to persistent readiness issues across the cyber mission force for years.

Moreover, each service has its own culture, rotation system and pay scale leading to incongruencies in how the joint digital warriors are treated within their respective roles.

“Given the well-documented shortcomings in current force generation and readiness models to organize, train, and equip for military cyber operations, momentum is building for a dedicated Cyber Force,” a press release from the commission states.

The commission is made up of people with a variety of backgrounds to include former military cyber commanders, former service chiefs — charged with the task of manning, training and equipping forces for Cybercom — academics, former congressional staff and civilian cyber leaders.

It is led by co-chairs Josh Stiefel, former professional staff member on the House Armed Services Committee, and Ed Cardon, former commander of Army Cyber Command.

Other notable members include Michael Sulmeyer, the inaugural assistant secretary of defense for cyber policy; Ryan Heritage, the most recent director of operations at Cybercom and commander of Marine Corps Forces Cyberspace Command; Mike Gilday, former chief of naval operations and commander of Fleet Cyber Command; and George Barnes, former deputy director of the National Security Agency, among others.

The commission attempts to get ahead of a potential decision to create a Cyber Force to put in the necessary planning.

“Having supported multiple organizational transformations within the Department of Defense, the most consequential phase begins after a decision is made — implementation. When this phase is neglected or rushed, the result is enduring organizational friction with inefficiencies, confusion that can persist for years, and degraded mission effectiveness,” Cardon said. “This project takes a different approach: it invests in implementation planning up front to generate momentum, reduce downstream risk, and accelerate outcomes if and when there is a decision to create a Cyber Force.”

Cybercom has been in the process of several modernization efforts.

Congress in fiscal 2024 provided Cybercom with service-like authorities called enhanced budget control that now afford the command oversight of the offensive and defensive budgets for the cyber mission force, acquisition authority, capability integration authority and training, among others, which were fully realized with the passage of the budget in March 2024. Critics of proposals for a Cyber Force have said the command hasn’t had enough time to realize these authorities yet and needs time to mature them.

The command has also charted down what officials dubbed Cybercom 2.0. That effort is an ambitious plan first unveiled by former commander Gen. Paul Nakasone and other top DOD officials, spurred largely by a report requested by Congress in the fiscal 2023 annual defense policy bill to evaluate how Cybercom generates its forces.

The initiative was meant to provide a holistic examination of the command and its forces to better posture them for the future, serving as the first major update since Cybercom was formed over 10 years ago when many of today’s sophisticated threats and challenges in cyberspace did not exist.

Proponents of a Cyber Force argue that these efforts aren’t enough to fix the shortfalls, and only a new service is the right solution.

The commission will aim to provide recommendations to policymakers in government. It will formally launch Sept. 16.