Why Now Is The Time To Establish A Standalone Cyber Force

Share

Does America need a cyber force? On one side of the debate is retired Adm. James Stavridis who analogizes the requirement to have a separate entity capable of operating in cyberspace to the creation of the U.S. Air Force. To Stavridis, the growing importance of cyberspace in future conflict is clear and the need for a cyber force obvious, and America can speed up adoption by bypassing the 20-year debate that surrounded the creation of the Air Force.

On the other side of the debate are the current heads of the Navy and Marine Corps, Adm. John Richardson and Gen. Robert Neller. Neither sees the need for a standalone cyber service. While the truth of the matter lies somewhere in the middle, it is probably closer to Stavridis’ point of view. In the wake of the official Defense Department recognition of cyberspace as an operating environment, it is time to seriously consider standing up an independent cyber force.

Classic models of bureaucratic politics could have predicted these positions and without powerful advocates the likely outcome is no new force. A new cyber force would likely subsume current service cyber forces (e.g., Army Cyber Command, Marine Corps Forces Cyberspace Command). No service likes to lose resources and assets. Setting aside arguments rooted in bureaucratic infighting and jockeying, does the overall argument for an independent cyber service hold up?

The main thrust of the pro-cyber force argument moves forward along two avenues: First, that cyberspace represents a distinct operating environment; and second, that in order to effectively operate in this domain, a separate and standardized set of skills needs to be developed, which are distinct from the sets of skills developed by existing services. In other words, warfare has changed so much that it necessitates a unified cyber capability.

Related: More cyber professionals at the Pentagon doesn’t guarantee better security »

Widespread convergence of physical and virtual realities, or the ability of the physical to be controlled via the virtual, seems to confirm this notion. Add in the amount of value in the world that exists mostly at a virtual plane — such as the billions of dollars of market cap in companies like Facebook and the amount of capital that flows through the world’s banking systems that never existed as hard currency — and the notion of cyber being a separate domain seems uncontroversial. Manipulating matter in cyberspace, aside from physically destroying datastores and network communications lines, requires a skill set distinct from rifle marksmanship and driving an MRAP.

The follow-on question from the domain question is whether the military needs a separate and unified cyber force to effectively fight in cyberspace? Both separate and unified are important to this argument because one could envision the status quo going forward where each service has its own force (non-unified) with coordination occurring through U.S. Cyber Command. The notion of separate traditions, doctrine, equipment, and organization is a major part of the argument forwarded by the anti-cyber force camp. One issue that always comes up when depicting “cyber warriors” is of an out-of-shape hacker who refuses to wear a uniform. While this seems to be a major preoccupation of the service chiefs (when asked about more lax physical and appearance standards, Neller refused to consider such possibilities), it doesn’t necessarily follow that these “cyber warriors” all would fit this mold.

First, it is well established that exercise aids cognition. One need only look at exercise regimen of top video gamers and Silicon Valley programmers who are also obsessed with CrossFit to know that fitness and computing skill are not orthogonal concepts. Second, the entire argument about uniforms is a red herring designed to take attention away from the real issues. After all, what uniforms do special operations personnel wear while deployed? Clothes do not make people better at their job nor does it make them more professional. And if it really is a problem for recruits, they can always go and join the National Security Agency.

Beyond resourcing issues, the Navy and Marine Corps chiefs stated that coordination and integration would be impeded if cyber warriors were in their own service.

No doubt, integration and coordination are essential to proper employment of cyber capabilities. The “interagency” process is notorious for being an essential but ineffective part of Washington policy and war-making. However, this same line of argumentation, when taken to its logical conclusion, would also obviate the need for the entire Marine Corps because we already have the Army to fight on land and could also train the Army to do amphibious operations. A similar argument exists in favor of entirely subsuming the waterborne parts of the Marine Corps mission into the wider Navy. Coordination and integration are always hard, even within services. So, on its own, the coordination argument doesn’t hold much water.

Further dissecting the opposition, the question remains whether or not the additional coordination burden and resource expenditure is justified in terms of additional warfighting capability created. In other words, will housing all cyber forces under one roof create a net benefit? One important benefit would be the creation of unified training and skill standards for offensive cyber and network defense capabilities. Others include common operational language and standard procedures, programming language fluency, and uniform equipment base. Best practices, exploitations, and vulnerabilities can be rapidly shared, which is of utmost importance in a domain where information perishability and competitive advantages appear and disappear in minutes and seconds rather than days and years.

Ultimately the two sides are arguing past each other a bit. The issues regarding coordination are symptoms of long-recognized problems that arose with the last major reorganization of defense forces under the Goldwater-Nichols Act. By institutionalizing today’s current structure of regional combatant commands, the advisory function of the Joint Chiefs, and relegation of the services to the role of “force provider,” no service chiefs likely want to see further erosion of their responsibilities. In addition, the Goldwater-Nichols reorganization made sense in the age in which they were made, but today’s world demands an overarching coordinating body for “whole-of-government” defense strategies. Even basic questions such as which DoD entity is in charge of civil assistance in the case of a domestic cyber emergency remains unsettled, according to a recent Government Accountability Office report.

Cyberspace, being everywhere (all pervasive), nowhere (owing to the replicability of data structures), and somewhere (servers and fiber exist in physical space), is not like the other domains. Organizations should adapt to environmental and technological changes or risk obsolescence. While the standup of a separate cyber force could be a massive waste of time and money without changes to the upstream command and control structure, it could also be a great net benefit to U.S. defense capabilities.