A Cyber Force for the military? Senators want to know
The Senate’s annual defense policy bill would require the Defense Department to study the viability of creating a separate, uniformed Cyber Force.
The provision is a sign that some lawmakers want DoD to consider establishing a seventh, cyber-specific military branch despite years of resistance from Pentagon brass. The Senate Armed Services Committee added the proposal by Sen. Kirsten Gillibrand (D-NY) during a two-day, closed-door markup of its fiscal 2024 National Defense Authorization Act (NDAA).
The full committee approved the bill Thursday. It’s unclear when the full text of the $886 billion legislation will be available.
Gillibrand’s amendment would direct the Pentagon to commission the National Academy of Public Administration to conduct the roughly six-month examination, according to legislative text obtained by The Record.
In tapping the Academy — an organization that has conducted federal cyber workforce studies in the past but doesn’t have particularly close DoD ties — the New York Democrat seemingly wants to insulate the study from the Pentagon’s bureaucracy or any tampering by leadership.
To that end, the amendment contains a “prohibition against interference” that explicitly warns no DoD personnel “may interfere, exert undue influence, or in any way seek to alter” the Academy’s findings.
The idea of creating an independent cyber service has been bandied about Capitol Hill and within the Pentagon for more than a decade, since shortly after U.S. Cyber Command was created. Cyber Command is one of 11 unified combatant commands that pull resources from all the armed services.
Such conversations have only grown more prevalent as digital threats from China, Russia and other foreign adversaries have multiplied and become more sophisticated.
Meanwhile, Cyber Command’s reliance on the Army, Navy, Marine Corps, Air Force and Space Force to provide personnel has been a persistent source of stress, with each branch placing its own emphasis on the digital mission at any given time.
Yet despite the perpetual tensions, DoD leaders have shied away from advocating for a separate service — worried that doing so would cause the branches to stop caring about cybersecurity entirely or sow confusion within the military’s already existing cyber infrastructure.
Congress previously asked the department to include an assessment of the costs and benefits of establishing a cyber service in the 2022 cyber posture review.
However, the Pentagon left that out of the review, opting instead to include the assessment in a report requested in last year’s NDAA detailing today’s cyber enterprise and if a service should be responsible for the Cyber Mission Force or a new military branch is required — a move that displeased lawmakers.
“It’s not the prerogative of the department to decide which part of the congressional mandate you get to comply with, or will answer it in a different report at a different time. We wanted that assessment in the cyber posture review,” Rep. Mike Gallagher (R-WI), chair of the House Armed Services Committee’s cyber panel, scolded DoD’s top cyber adviser during a March hearing.
Gillibrand’s amendment states the Academy will “conduct an evaluation regarding the advisability of establishing a separate Armed Force dedicated to operations in the cyber domain” and how it “compare in performance and efficacy to the current model,” including taking lessons learned from the creation of the Space Force in 2019.
It’s unclear if Gillibrand’s language will survive conference negotiations with the House and ultimately be included in a final, compromise measure.
The Republican-led House Armed Services Committee’s draft of the massive legislation, which the full panel approved early Thursday morning, did not include a similar provision.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.