A U.S. Cyber Force moved a step closer to reality this week after the House Armed Services Committee approved language authorizing a National Academy of Sciences (NAS) study of the issue.
The amendment, proposed by Rep. Morgan Luttrell (R-TX), was included in the committee’s markup of the fiscal 2025 defense bill, which now goes to the full House for a vote.
The amendment – which can be found as log 4401 in the Chairman’s En Bloc – gives the Defense Department 60 days after enactment to engage the Academy, which then has 270 days to submit the report to Congress, so the U.S. is unlikely to get the new armed services branch before fiscal 2027 at the earliest, if it happens at all.
But as Sen. Kirsten Gillibrand (D-NY) unsuccessfully pushed a similar measure last year, the study appears to have a better chance of approval this year.
CYBERCOM Under Siege
Cyber defense has been under the U.S. Cyber Command, or CYBERCOM, since 2010. CYBERCOM brings together personnel from the separate service branches, but that arrangement has come under increasing scrutiny as an inadequate solution to a growing global threat.
A 2022 GAO study noted problems with cyber training, staffing and retention across the service branches, and a Foundation for Defense of Democracies (FDD) study in March of this year detailed problems with the lack of a singular approach to cyber defense.
“The inefficient division of labor between the Army, Navy, Air Force, and Marine Corps prevents the generation of a cyber force ready to carry out its mission,” the FDD report said.
“Recruitment suffers because cyber operations are not a top priority for any of the services, and incentives for new recruits vary wildly. The services do not coordinate to ensure that trainees acquire a consistent set of skills or that their skills correspond to the roles they will ultimately fulfill at CYBERCOM.”
Promotion systems often hold back skilled cyber personnel because the systems were designed to evaluate service members who operate on land, at sea, or in the air, not in cyberspace. Retention rates for qualified personnel are low because of inconsistent policies, institutional cultures that do not value cyber expertise, and insufficient opportunities for advanced training.
“Resolving these issues requires the creation of a new independent armed service – a U.S. Cyber Force – alongside the Army, Navy, Air Force, Marine Corps, and Space Force.”
The FDD report concluded, “America’s cyber force generation system is clearly broken. Fixing it demands nothing less than the establishment of an independent cyber service.”
CYBERCOM Retools for the Future
CYBERCOM, which was elevated to a unified command in 2018, is taking its own steps to address the growing cyber warfare threat.
In testimony last month before the Senate Armed Services Committee, Air Force General Timothy D. Haugh, who serves as CYBERCOM’s commander and director of the NSA, noted some of the ways CYBERCOM is addressing those challenges.
“CYBERCOM 2.0” is an initiative under way “to develop a bold set of options to present to the Secretary of Defense on the future of USCYBERCOM and DoD cyber forces,” Haugh told the committee. “To maximize capacity, capability, and agility, we are addressing readiness and future force generation.”
Enhanced Budgetary Control (EBC) authority granted by Congress gave more than $2 billion in DoD budget authority to CYBERCOM for the current fiscal year, and “streamlines how we engage the Department’s processes,” Haugh said. “EBC is already paying dividends in the form of tighter alignments between authorities, responsibility, and accountability in cyberspace operations. Greater accountability, in turn, facilitates faster development and fielding of capabilities.”
It remains to be seen whether the U.S. will get a seventh military service branch – after the Army, Navy, Marine Corps, Air Force, Coast Guard, and Space Force – or if current initiatives will be enough to address cyber defense challenges. But it seems likely that the issue will get a lot more scrutiny before it’s settled.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
