The Mercury News Weekend

Why military should craft a dedicated U.S. cyber force

- By James Stavridis James Stavridis is a Bloomberg columnist and a former supreme allied commander of NATO. © 2023 Bloomberg. Distribute­d by Tribune Content Agency.

Two disturbing incidents roiled the cyber seas last week, one foreign and one domestic. They both strengthen the case — which was already convincing, and which I have been making for almost a decade now — for the creation of a U.S. Cyber Force.

The first incident was yet another cyberattac­k on a NATO member, Albania, by Iran. It was part of an ongoing Iranian campaign to attack Albania, a small Muslim nation of only about 3 million in the Balkans.

The attacks have included zeroing out personal bank accounts, unmasking government and police informants, and degrading command-and-control networks. Iran conducts the attacks because Albania is not prosecutin­g an anti-Iranian group, the Mujahedeen Khaleq, that has a large presence in Albania.

The attack has raised the issue of whether to invoke NATO's Article 5, which says that an attack on one nation will be regarded as an attack on all. Because the NATO treaty was drafted many decades ago, it does not say whether a cyberattac­k activates Article 5. But given the evolution in warfare and expansion of cyber operations, such attacks should now fall into that category.

The second incident involved a ransomware attack on the U.S. Marshals Service. A huge amount of sensitive data was compromise­d, including informatio­n on fugitives, high-security individual­s and law-enforcemen­t operations. The attack has been designated a “major incident” requiring significan­t interagenc­y investigat­ion and remediatio­n.

Ironically, last week was also when Jen Easterly, director of the U.S. Cybersecur­ity and Infrastruc­ture Security Agency, released the National Cybersecur­ity Strategy, which has been in the works for many months.

When I was Supreme Allied Commander at NATO, the alliance created a small center of excellence in Tallinn, Estonia, to coordinate NATO cyber capabiliti­es. It has since grown in importance. As I watch the level of cyber threat continue to grow exponentia­lly — matching the enormous surge of devices connected to the “internet of things,” which is topping 50 billion — I worry about how to protect America's and Americans' cyber assets.

The U.S. has very competent armed forces defending us 24/7 — the Army, Navy, Marine Corps, Air Force and Space Force within the Department of Defense, and the Coast Guard in the Department of Homeland Security. A U.S. Cyber Force is now also necessary.

The successful creation of the U.S. Space Force three years ago provides a good blueprint for a U.S. Cyber Force. While the force is a tiny fraction of the rest of the Department of Defense, with less than 10,000 uniformed personnel, it operates nearly 100 spacecraft and a complex global network that supports U.S. satellite systems.

Most important, the creation of a U.S. Cyber Force would move America beyond the current “pick-up team” approach to cybersecur­ity, wherein each of the armed forces has a small number of cyber experts (most of whom rotate in and out of pure cyber jobs).

The creation just over a decade ago of the U.S. Cyber Command has immensely improved America's national security. Located at Fort Meade, Maryland, with the National Security Agency, it is led by a four-star uniformed officer. Many of the veterans of U.S. Cyber Command would form the core of a new U.S. Cyber Force. A Cyber Force would also allow for an independen­t voice in the councils of the Joint Chiefs of Staff, much as U.S. Space Force's Chief of Space Operations provides.

As the U.S. looks to a future that includes not only great-power cyber competitio­n from Russia and China, but also midlevel cyberattac­ks from nations such as Iran and North Korea, the time is nigh. The nation should move forward with a dedicated U.S. Cyber Force.

Newspapers in English

Newspapers from United States