U.S. military needs to create a Cyber Force
Two disturbing incidents roiled the cyber seas recently, one foreign and one domestic. They both strengthen the case — which was already convincing, and which I have been making for almost a decade now — for the creation of a U.S. Cyber Force.
The first incident was yet another cyberattack on a NATO member, Albania, by Iran. The attacks have included zeroing out personal bank accounts, unmasking government and police informants, and degrading command-andcontrol networks. Iran conducts the attacks because Albania is not prosecuting an anti-Iranian group, the Mujahedeen Khaleq, that has a large presence in Albania.
The second incident involved a ransomware attack on the U.S. Marshals Service. A huge amount of sensitive data was compromised, including information on fugitives, high-security individuals and lawenforcement operations. The attack has been designated a “major incident” requiring significant interagency investigation and remediation.
Ironically, that was also when Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, released the National Cybersecurity Strategy, which has been in the works for many months.
When I was Supreme Allied Commander at NATO, the alliance created a small center of excellence in Tallin, Estonia, to coordinate NATO cyber capabilities. It has since grown in importance. As I watch the level of cyber threat continue to grow exponentially — matching the enormous surge of devices connected to the “internet of things,” which is topping 50 billion — I worry about how to protect America’s and Americans’ cyber assets.
The U.S. has very competent armed forces defending us 24/7 — the Army, Navy, Marine Corps, Air Force and Space Force within the Department of Defense, and the Coast Guard in the Department of Homeland Security. A U.S. Cyber Force is now also necessary.
The successful creation of the U.S. Space Force three years ago provides a good blueprint for a U.S. Cyber Force. While the force is a tiny fraction of the rest of the Department of Defense, with less than 10,000 uniformed personnel, it operates nearly 100 spacecraft and a complex global network that supports U.S. satellite systems.
A U.S. Cyber Force would likely be even smaller than the Space Force, probably about 5,000 uniformed personnel. It could be lodged within either the Department of Defense or in the Department of Homeland Security (like the Space Force, it could be placed in an existing civilian-led agency or military department, reducing the need for newly created overhead). As a uniformed service, its members would be full-fledged members of the armed forces — with ranks, uniforms and a disciplined, patriotic ethos.
Most important, the creation of a U.S. Cyber Force would move America beyond the current “pick-up team” approach to cybersecurity, wherein each of the armed forces has a small number of cyber experts (most of whom rotate in and out of pure cyber jobs).
As the U.S. looks to a future that includes not only great-power cyber competition from Russia and China, but also mid-level cyberattacks from nations such as Iran and North Korea, the time is nigh. The nation should move forward with a dedicated U.S. Cyber Force.