Pentagon gives thumbs-down to cyber service proposal in defense bills
The U.S. Department of Defense this week formally asked lawmakers to kill a proposal that would require an independent assessment of establishing a separate cyber service.
The request was submitted to the House and Senate Armed Services committees in an initial batch of “appeals” to provisions within the respective drafts of the fiscal 2025 National Defense Authorization Act (NDAA), according to three people familiar with the matter who are not authorized to speak publicly about the petition.
DOD also asked lawmakers to nix another proposal, backed by both chambers, that would make Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN) — responsible for defending the Pentagon’s networks worldwide — a “subordinate unified command” beneath U.S. Cyber Command, similar to the Cyber National Mission Force, which received such a promotion in 2022.
House and Senate staffers are set to meet next week and begin negotiations on a final, compromise NDAA that will be taken up after Congress returns in November from the campaign trail.
The full House passed its version of the $895 billion policy roadmap in June. The Senate committee approved its version the same day, but it did not receive floor time because the Democratic-controlled chamber has prioritized approving Biden administration nominees and judges.
Appeals are common throughout the annual NDAA conference process, but the department’s demand to strike the cyber force study will likely inflame tensions between the lawmakers who believe a third-party examination on creating a new military branch is warranted, and the Pentagon brass, who have long resisted the prospect of a cyber-specific service.
“I am increasingly concerned that the United States is not postured to overwhelm and out maneuver our enemies in cyberspace,” Rep. Morgan Luttrell (R-Texas), who sponsored the amendment that got the study into the House’s NDAA, said in a statement to Recorded Future News.
“It is extremely perplexing that the Pentagon would not want to assess the value of a Cyber Force to ensure we can effectively operate in cyberspace.”
A Pentagon spokesperson did not respond to a request for comment by publication time.
In its plea, the department argued that Congress already ordered an evaluation of the current cyber enterprise and different models for how cyber personnel should be trained and equipped — including the impact of establishing a uniformed cyber branch — in the fiscal 2023 NDAA.
That effort, known as the Section 1533 study, was due to Congress on June 1. DOD farmed out the task to the RAND Corporation. But while the think tank has finished its work, the department won’t make any decisions based on its conclusions until next June.
The Pentagon also warned that if the National Academies doesn’t recruit a research outfit with national security credentials to undertake the cyber force study, it will have to rely on public, unclassified information and therefore not have a full picture of the readiness challenges that have plagued Cyber Command since its inception in 2010.
“It is troubling to me that DOD’s response to a request for a transparent look is, ‘No, we don't want transparency,’” said Mark Montgomery, senior director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation and former executive director of the congressionally chartered Cyberspace Solarium Commission.
“The last organization I saw deny transparency when caught in the open was TikTok … that's who they're acting like right now,” according to Montgomery, who speculated the appeal originated within Cyber Command.
Earlier this year, FDD released a study that urged the creation of a military service for cyber. It recommended the branch be placed under the Army, with 10,000 personnel and a $16.5 billion budget.
How seriously lawmakers weigh a DOD appeal is usually specific to the issue and its legislative history. In terms of a cyber force study, a similar provision made it into the Senate’s defense bill last year but was ultimately stripped from the final legislation during conference negotiations with the House.
Since the independent assessment was included in both bills, and enjoyed bipartisan backers with Luttrell in the House and Kirsten Gillibrand (D-NY) in the Senate, the appeal could very well fall on deaf ears and ultimately cost the department, and Cyber Command, precious political capital.
JFHQ-DODIN provision
After the cyber force study, the next cyber-related proposal with the most potential impact in the authorization bills are similar provisions to elevate JFHQ-DODIN to a permanent military organization, with Cyber Command serving as its parent.
In a separate appeal, the Pentagon asked to strike both proposals because they would define command relationships, something the department has historically objected to, and potentially hamstring a future Defense secretary or Cyber Command chief.
In April, Gen. Timothy Haugh, who leads both Cyber Command and the National Security Agency, told senators the digital warfighting outfit is “evaluating” the role of the headquarters as part of a broader review, dubbed “Cyber Command 2.0”
Montgomery suspected command leadership is not “intrinsically” against promoting the organization.
“They may be told by DOD to be opposed to it,” he said. “But is the current system for dealing with Volt Typhoon, Salt Typhoon, Corn Dog Typhoon, whatever's coming next, is it working? Are they comfortable with their defensive responses …? I don't think so.”
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.