A commission established by the Center for Strategic and International Studies (CSIS) is recommending the creation of a standalone U.S. Cyber Force and says the new military service could achieve initial operating capability within 12 to 18 months without disrupting ongoing cyber operations.
The Commission on Cyber Force Generation released its report on June 3, outlining a phased approach to establish a dedicated military cyber service responsible for recruiting, training, educating, certifying, and managing the cyber workforce.
Under the proposal, the Cyber Force would eventually comprise about 30,000 personnel and assume responsibility for force generation functions now spread across the military services. U.S. Cyber Command (CYBERCOM) would remain responsible for planning and conducting cyber operations.
While the commission says the Defense Department (DOD) should move quickly to establish the service, it cautions against simply transferring existing cyber personnel into a new organization. Instead, commissioners recommend a phased approach designed to build force-generation capacity while minimizing disruptions to current operations.
What it takes to build a cyber military branch
The report recommends staffing the Cyber Force with commissioned officers, warrant officers, civilians, and contractors, rather than enlisted personnel.
The proposed force would include about 20,000 active-duty personnel, between 3,500 and 5,000 National Guard members, and between 5,000 and 6,000 civilians and contractors, totaling roughly 30,000 personnel.
The proposed workforce would be organized around a limited number of specialties, including offensive cyber operations, defensive cyber operations, operational preparation of the environment, intelligence and target analysis, and capability development and engineering.
The commission also recommends establishing a Cyber National Guard rather than a reserve component. It said that Guard personnel could operate under both federal and state authorities and assist states responding to cyberattacks against critical infrastructure.
The report also discourages maintaining both a Cyber National Guard and a Cyber Force Reserve, stating it would be less efficient than establishing a single part-time component.
To fund the service, the report estimates an initial budget of approximately $10 billion to $11 billion. Much of that funding would come from reorganizing existing cyber-related spending rather than new appropriations.
The Cyber Force would become the military’s central cyber training organization, standardizing instruction, certifying readiness, and operating a dedicated Force Generation and Training Command.
The service would also be responsible for developing cyber doctrine and operational concepts.
Commissioners envision the Cyber Force advancing concepts for persistent engagement, autonomous cyber operations, large-scale cyber campaigns, human-machine teaming, artificial intelligence integration, and the use of emerging technologies such as quantum computing.
CYBERCOM or Cyber Force
A central question surrounding a standalone Cyber Force is whether it would replace CYBERCOM.
The commission’s answer is no.
According to the report, CYBERCOM has gradually accumulated force-generation responsibilities that should belong to a military service. Under the proposal, CYBERCOM would remain the operational headquarters responsible for planning and executing cyber operations, while the Cyber Force would generate and sustain the personnel and capabilities needed to conduct those missions.
The report describes the relationship as similar to that between the military services and combatant commands. Under the proposed model, the Cyber Force would oversee recruiting, personnel management, training, education, readiness certification, capability development, and service budgeting. CYBERCOM would remain responsible for operational planning, command and control, offensive and defensive cyber campaigns, and the employment of assigned forces.