The United States can no longer wait for a cyberforce

NDIA Policy Points: US Can’t Wait Any Longer for a Cyber ​​Force

Illustration from iStock

In 1947, the United States recognized that air power had fundamentally changed warfare by creating the Department of the Air Force.

Legislators saw the need for a service that could independently train, equip and prepare for the full range of air operations.

They foresaw that control of the air domain had become one of the ends of the war, and not just a means of controlling land and sea. the reorganization was successful. Today, the absence of a service independent of the air domain would be unthinkable for most political decision-makers.

Yet warfare changed again when space became a key area of ​​operation. Congress authorized the “National Security Space Organization and Management Review Commission of the United States” to investigate the military’s posture in space in 2000. When its own report was released in 2001, the idea of ​​an independent space force gained traction.

However, policymakers did not establish the Space Force until 2019. The predictions of the 2000 space commission had finally come true.

The work needed to prepare the nation for future conflicts remains unfinished. The cyber domain has rapidly transformed from an auxiliary theater of operations into an ever-evolving domain of warfare that requires its own offensive and defensive capabilities. The United States faces threats to its public, military, and private infrastructure that can emerge instantly, long before war materializes in a traditional domain. Future geopolitical events, especially in this age of increasing great power conflict and advanced threats, could very well be influenced by cyber actions – or the leverage produced by cyber threats.

In this context, policymakers should urgently consider the design of a more robust cyberinfrastructure, such as a “Cyber ​​Force” or a “Cyber ​​Guard” that can join the existing roster of uniformed services, or a new combat support agency.

Today, US Cyber ​​Command and its Cyber ​​Mission Force work alongside the National Security Agency and Central Security Service to organize, train, and equip cyber fighters. They also act operationally through the combatant commands and the intelligence community.

However, according to the Congress-mandated Cyberspace Solarium Commission, the rapidly growing cyber mission requires ambitious government reform and reorganization that creates an agile, less disjointed force structure that can take on more “reach and scale.” .

Above all, the commission’s final report released in March 2020 calls for big, concrete ideas, ranging from a reassessment of the division of labor between the NSA and the rest of the US cyber warfare apparatus to the creation of a military cyber reserve. .

A small new e-service might be the best home to foster the next generation of innovative leaders. This would provide the organizational perspective necessary to identify the cyber capabilities that the military will need to fight in the field in the decades to come. It would also create new acquisition and supply structures that produce innovative technologies. With the long-term mission in mind, the new service could also consider a cyber domain strategy that goes beyond support operations taking place in other domains.

There are many options available to achieve this goal. The most drastic reorganization would be the creation of a cyber force within one of the three military departments of the Department of Defense. For example, strength could reside within the military in accordance with its multi-domain operations reform framework, which advocates an all-domain deterrence and combat model for dealing with close adversaries.

As the Army continues its reorganization in preparation for these theater-level adjustments, a cyberservice could help the Army succeed in what it calls its narrative, direct and indirect competitions with rising powers.

The Ministry of Defense is not the only potential home for a cyber service. Just as the Department of Homeland Security hosts the Coast Guard in peacetime, it would be a plausible host for a similar “cyberguard” with similar security and law enforcement capabilities to be transferred to the Coast Guard. army or air force in time of war.

While not the only federal department to house a uniformed service, a home within DHS would bring the cyber service closer to agencies with similar, society-wide protective mission areas, such as the Cybersecurity and Infrastructure Security Agency and the Federal Emergency Management Agency.

A third way to achieve this objective is to forego creating a service and design instead a new combat support agency on the model of the Missile Defense Agency and the Defense Threat Reduction Agency.

The commission called for a layered deterrence structure for cyber warfare, and the MDA’s emphasis on layered deterrence to prevent a missile attack could be used by a new agency to “shape behavior, deny benefits and impose costs”.

The new agency could also incorporate the DTRA’s mandate to prepare for the worst-case scenario and ensure nuclear deterrence by preparing for a persistent cyber attack on the nation, enabled by artificial intelligence, while working to establish cyber deterrence.

While these paths forward are not exhaustive and imperfect, US national security would be well served by designing a more ambitious cyberinfrastructure. Policymakers should heed warnings from the Cyberspace Solarium Commission that we are unprepared for imminent confrontations in the cyber realm. The United States must take steps to reorganize itself in a way that reduces fragmentation, mobilizes industry to tackle the problem, and articulates a forward-looking cyber strategy for US security.

Unlike the delay between the Space Commission and the Space Force, we cannot wait another 18 years to tackle the cyber domain.

Jacob Winn is a Strategy Partner in NDIA’s Strategy and Policy team. Contact him at: [email protected]


Topics: Cyber, cyber-augmented operations, cybersecurity

Comments are closed.