Calls to create a stand-alone U.S. cyber force gained momentum Tuesday as industry experts warned Congress that America’s cyber deterrence has eroded, leaving adversaries free to penetrate networks and critical infrastructure with little fear of consequences.
“Cyber actors continue to penetrate American networks, steal sensitive data, surveil communications, and position themselves inside critical infrastructure with little fear of meaningful consequence,” Rep. Andy Ogles, R-Tenn., chair of the House Subcommittee on Cybersecurity and Infrastructure Protection, said during opening statements at a subcommittee hearing Tuesday.
“The question [before the subcommittee] is why they continue and what it will take to change the cost-benefit calculation for adversaries who believe they can operate against the United States with impunity,” Ogles added.
Industry experts said the answer lies in strengthening the United States’ offensive cyber capabilities, arguing that a good offense is the best defense. But experts and lawmakers alike cautioned that such a shift would require a highly capable workforce.
“The United States is not postured to deter or defeat its adversaries in cyberspace,” Joe Lin, co-founder and CEO of Twenty Technologies, told lawmakers.
That deterrence has historically been based on the “implied escalation dominance in any domain, but that foundation has failed in the context of cyber,” Emily Harding, vice president of the Center for Strategic and International Studies’ Defense and Security Department, explained.
A proposed cyber force, backed by some bipartisan lawmakers, would establish a new dedicated military branch focused exclusively on cyberspace operations that could help rebuild that deterrence, Harding said.
“This is something I believe will actually close the gap faster than pretty much anything,” she said.
“Congress has a critical role to play in that recalibration, by modernizing authorities, strengthening oversight, and ensuring our institutions can operate with both agility and accountability,” Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security, added.
However, panel Democrats said that the federal government does not currently have sufficient funding and staffing at key cybersecurity agencies to get there, amid Trump administration policies and recent cuts.
“[If we are] going to shift toward a more aggressive, offensive cyber strategy we’ll need to ensure that agencies responsible for such efforts … have the staff and the resources necessary to carry out offensive cyber operations,” Rep. Bennie Thompson, D-Miss., ranking member of the subcommittee, said in reference to major staffing cuts made by the Trump administration.
Rep. James Walkinshaw, D-Va., agreed with Thompson, adding that “a talented workforce combined with a federal IT infrastructure that embraces cutting-edge technologies … should be the foundation of our efforts to counter cyber threats and to maintain … or grow our offensive cyber posture.” Recent staffing cuts though, he said, have “left a big hole in our cyber defenses, our ability to combat attacks from [China,] Iran, Russia.”
Harding said that while there has been an exodus of talented cyber personnel from the federal government, something like a Cyber Force could curate a “a very specific set of skills” and have “the right talent in place to be able to fight back against these particularly talented adversaries.”
While there is no cyber force yet, the fiscal 2025 National Defense Authorization Act mandated a study of alternate organizational models for military cyber elements, including the creation of a unified cyber force. Last fall, a commission was established to conduct that research.