Military Leaders Question New Cyber Force: Debate Intensifies Over Federal Cybersecurity Structure

## Opening The debate over how the United States should organize its cybersecurity capabilities has reached a critical juncture, with military leaders and policy experts increasingly questioning whether creating an entirely new military branch is the right approach. Recent discussions in defense circles have highlighted a growing divide between those advocating for organizational restructuring and others pushing for fundamental improvements to existing cybersecurity infrastructure. The conversation centers around proposals to establish a dedicated Cyber Force as a separate military branch, similar to how the Space Force was created in 2019. Proponents argue that cyber warfare has become so critical to national security that it deserves its own independent command structure, complete with dedicated resources, personnel, and strategic focus. However, a growing chorus of voices suggests this approach may be addressing the wrong problem entirely. Critics of the Cyber Force proposal argue that the United States faces more pressing cybersecurity challenges that cannot be solved through organizational charts and bureaucratic restructuring. Instead, they contend that America's cyber vulnerabilities stem from fundamental weaknesses in cybersecurity practices, infrastructure protection, and coordination between existing agencies. This perspective suggests that creating new institutions may actually divert attention and resources from addressing the root causes of cyber insecurity. The timing of this debate is particularly significant as cyber threats continue to evolve rapidly, with nation-state actors, criminal organizations, and terrorist groups increasingly sophisticated in their digital attack capabilities. The question facing policymakers is whether institutional innovation or foundational strengthening represents the better path forward for protecting American interests in cyberspace. ## What Happened The latest phase of this ongoing debate emerged from congressional hearings and policy discussions where defense officials and cybersecurity experts presented conflicting views on how to best organize America's cyber defense capabilities. Military leaders have been grappling with the question of cyber organization structure since at least 2018, when initial discussions about a potential Cyber Force began gaining traction among some lawmakers and defense contractors. The Cyber Force proposal draws inspiration from the successful creation of the Space Force, which became the sixth branch of the U.S. military in December 2019. Advocates argue that just as space operations required dedicated focus and resources, cyber operations have become too important and complex to remain scattered across multiple military branches. They point to the growing sophistication of cyber threats from countries like China, Russia, Iran, and North Korea as evidence that a specialized military branch is necessary. However, critics of this approach have begun articulating a fundamentally different perspective on America's cyber challenges. Rather than focusing on organizational structure, they argue that the United States suffers from more basic cybersecurity problems that would persist regardless of how military cyber units are organized. These experts point to recurring incidents involving critical infrastructure vulnerabilities, outdated government IT systems, and inadequate coordination between federal agencies and private sector partners. The criticism extends to questioning whether military solutions are appropriate for many of America's most pressing cyber challenges. While military cyber capabilities are essential for national defense, critics argue that many of the country's cyber vulnerabilities exist in civilian infrastructure, private companies, and government agencies that operate outside the military structure. Creating a new military branch, they contend, does nothing to address the cybersecurity weaknesses in power grids, water treatment facilities, financial institutions, and healthcare systems that have been repeatedly targeted by malicious actors. Furthermore, opponents of the Cyber Force proposal highlight existing coordination challenges between military and civilian cybersecurity efforts. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the FBI's cyber division, and various military cyber commands already struggle with overlapping responsibilities and information sharing. Adding another military branch to this complex ecosystem could potentially exacerbate coordination problems rather than solve them. The debate has also revealed deeper philosophical differences about how to approach cybersecurity at the federal level. Some experts argue that the focus should be on improving basic cybersecurity hygiene across government agencies, updating legacy IT systems, and strengthening partnerships with private sector entities that control most of America's critical digital infrastructure. This approach emphasizes practical improvements over organizational changes. Military cyber capabilities currently exist within U.S. Cyber Command, which operates under the Department of Defense and coordinates with service-specific cyber units across the Army, Navy, Air Force, and Marine Corps. This existing structure has achieved significant operational successes, leading some to question whether reorganization is necessary or whether resources would be better spent enhancing current capabilities and addressing fundamental cybersecurity gaps across the broader federal enterprise. ## Why It Matters The outcome of this debate will have profound implications for how the United States approaches cybersecurity challenges over the next decade. The decision between creating new institutions or strengthening existing capabilities represents more than just an administrative choice; it reflects fundamentally different philosophies about the nature of cyber threats and the most effective responses to them. If policymakers choose to pursue the Cyber Force approach, it could signal a shift toward treating cybersecurity primarily as a military problem requiring military solutions. This perspective emphasizes offensive cyber capabilities, deterrence through strength, and the importance of competing with adversaries in cyberspace using military doctrine and organization. The creation of a new military branch would require significant resources, congressional authorization, and years of implementation effort that could divert attention from other cybersecurity priorities. Alternatively, focusing on foundational cybersecurity improvements would represent a different strategic approach that prioritizes defense over offense and emphasizes the civilian aspects of cyber threats. This approach recognizes that most cyber attacks target civilian infrastructure and private companies rather than military assets. Strengthening basic cybersecurity practices, improving information sharing between government and industry, and addressing fundamental vulnerabilities in critical systems could potentially provide more comprehensive protection for American society as a whole. The debate also reflects broader questions about the militarization of cybersecurity policy. While military cyber capabilities are undoubtedly important for national defense, critics worry that over-emphasizing military solutions could lead to neglect of civilian cybersecurity needs. Private companies, state and local governments, and individual citizens face cyber threats that cannot be addressed through military action but require different types of support, coordination, and resources. The international implications of this decision are equally significant. How the United States organizes its cyber capabilities sends signals to both allies and adversaries about American priorities and strategic thinking. A new Cyber Force might be interpreted as an escalatory move that prioritizes cyber warfare over cyber defense, potentially influencing how other countries structure their own cyber capabilities and approach international cyber norms. The economic impact of cyber threats also factors into this debate. Major cybersecurity incidents like the Colonial Pipeline attack, the SolarWinds hack, and ransomware attacks on healthcare systems demonstrate that cyber threats primarily affect civilian economic infrastructure rather than military targets. Addressing these vulnerabilities requires close coordination with private sector entities and may be better served by civilian cybersecurity agencies rather than military organizations. ## What To Do Organizations and policymakers should focus on several key areas while this debate continues to unfold. First, government agencies at all levels should prioritize implementing basic cybersecurity fundamentals regardless of how federal cyber organizations are eventually structured. This includes regular software updates, multi-factor authentication, employee training programs, and incident response planning. These foundational practices provide protection regardless of broader organizational decisions. Private sector organizations should engage actively in this policy debate by providing input to lawmakers about their cybersecurity needs and challenges. Companies should participate in information sharing programs with existing agencies like CISA and work to strengthen their own cybersecurity postures while policy discussions continue. The private sector controls most critical infrastructure, making their voice essential in determining the most effective approach to national cybersecurity. Federal agencies should continue improving coordination and information sharing mechanisms between existing cyber organizations while policy decisions are being made. Rather than waiting for organizational changes, current agencies can strengthen partnerships, improve data sharing protocols, and enhance joint operations. These improvements will be valuable regardless of whether new institutions are created. Congress should carefully evaluate evidence about the effectiveness of current cyber capabilities before authorizing major organizational changes. Lawmakers should request detailed assessments of existing military cyber operations, civilian cybersecurity programs, and coordination mechanisms. They should also consider the resource implications of creating new institutions versus strengthening current capabilities. Cybersecurity professionals should stay informed about this debate and prepare for potential changes in federal cybersecurity structure. Professional development should focus on skills that will remain valuable regardless of organizational changes, including technical cybersecurity capabilities, risk management, and public-private partnership experience. Educational institutions and training programs should continue developing cybersecurity expertise while remaining flexible about how that expertise might be employed as federal cybersecurity organizations evolve. The demand for cybersecurity professionals will continue growing regardless of how federal agencies are structured. ## Closing The debate over creating a Cyber Force versus strengthening existing cybersecurity capabilities represents a critical decision point for American cybersecurity strategy. While organizational structure matters, the focus should remain on achieving the fundamental goal of protecting American interests in cyberspace through the most effective means available. The resolution of this debate will likely require compromise and recognition that both organizational innovation and foundational improvements may be necessary. The key is ensuring that policy decisions are based on evidence about cybersecurity effectiveness rather than institutional preferences or bureaucratic considerations. As cyber threats continue evolving, America's response must be both strategic and practical.