‘Be careful what you wish for:’ DoD official warns separate cyber force could pose new challenges

Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang speaks during Cybercon, virtually, at the Pentagon, Washington, D.C., Nov. 10, 2021. (DoD photo by U.S. Air Force Staff Sgt. Brittany A. Chase)

WASHINGTON — While the Pentagon studies the pros and cons of standing up a Space Force-like independent cyber military service, one official today warned that it could potentially pose new challenges for the department when it comes to understanding warfighting needs within the military services. 

“I think the question is that for people who think the cyber service is the answer to our…current challenges in cyber personnel management: be careful what you wish for,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, said today at a Defense Writers Group event. “A cyber service might have some benefits in ease of administrative management, but we have a variety of…military services in the Department of Defense who perform a variety of missions.”

Eoyang added that “those missions are enabled by technologies that are particular to those mission sets,” and that “having a cyber service that is divorced from those particular mission sets may pose some challenges in understanding the warfighting needs of the services to provide cyber to enable that fight.”

DoD is “going to study” the feasibility of creating an independent cyber force and its pros and cons, Eoyang added. She referred to section 1533 of the fiscal 2023 version of the National Defense Authorization Act [PDF] which required DoD to “study the prospect of a new force generation model” for US Cyber Command. As it currently stands, USCYBERCOM is responsible for employing personnel from each military service to combatant commands.

One provision directly related to the creation of a cyber force was included in the Senate Armed Services Committee’s (SASC) version of the FY24 National Defense Authorization Act requires the secretary of defense to work with the National Academy of Public Administration to evaluate the efficacy of a “separate Armed Force dedicated to operations in the cyber domain.” 

“There are certainly challenges to managing a career field that spans multiple services, their challenges to jointness…the question is, which set of problems are we willing to live with and taking a look at all these things to understand that better, before we throw out what we have in favor of something else or decide, actually what we have needs to be fixed, or there’s something else completely?” Eoyang said. “I think that is a study that we are taking very seriously because it is important in the Department of Defense for us to get people right. And we are committed to doing that.”

Eoyang’s comments come days after the Pentagon released an unclassified summary of its new cyber strategy building off of lessons learned from the Russia-Ukraine conflict. The summary outlined actions DoD would take to develop new cyber capabilities and expand information sharing with allies and partners in order to stay ahead of any threats posed by adversaries.

One part of the unclassified summary noted that DoD would prioritize allies and partners in order to build cyber resiliency through efforts like “augmenting partner capacity, expanding partners’ access to cybersecurity infrastructure and maturing their cyber workforce though combined training events and exercises.” Today, Eoyang said that DoD is working with industry to “identify particular bureaucratic barriers” they might be facing.

Congressional Cyber Interest

In February, Rep. Mike Gallagher, R-Wisc., chairman of the House Armed Services Committee’s cyber, innovative technologies and information systems subcommittee, told reporters following a hearing that the subcommittee was open to the idea of creating an independent cyber military service, although the idea needed to be studied further. One of his concerns was that it would create more bureaucracy. 

“I think the hesitancy on our side would be — well, so soon after creating the Space Force, we don’t want to just create a bunch of bureaucracy. So we can find a way to do it that isn’t a massive increase in bureaucracy that in some ways is sort of consolidation efficiently of existing cyber warriors, then it could get compelling,” he said then. “I have yet to do my own homework on it.”

In July, Lt. Gen. Timothy Haugh, then-nominee to head USCYBERCOM and the National Security Agency, was asked by the SASC [PDF] ahead of his nomination hearing whether DoD should continue to mature CYBERCOM following the US Special Operations Command model or create a separate cyber service.

“Congress and the Department have set the conditions for US Cyber Command to achieve this same success, leveraging expanded acquisition authorities and enhanced budget control to train and equip our cyberspace forces,” Haugh said then. “These tools are just now coming to a point that will allow the command to ensure prioritization, resource allocation, and efforts to deliver the necessary cyber systems and capabilities. We should continue this approach to allow adequate time to see the results of these authorities in improving the readiness and capabilities of our cyberspace forces.”