Today’s columnist, Morgan Wright of SentinelOne, makes the case for the U.S. to create a separate branch of the military for cybersecurity.(Adobe Stock)
COMMENTARY: In my last column on Dec. 9 about the new Trump administration’s potential impact on U.S. cybersecurity policy, I highlighted how China restructured its military operations to include a Cyberspace Force.Here in the United States, the time has come to finally combine the National Security Agency (NSA) with the U.S. Cyber Command (USCYBERCOM) — a move initially proposed in 2017.
The country needs for cybersecurity to have its own branch of the military for two reasons: First, we have branches of the military for the sea (Navy), air (Air Force), land (Army and Marines), and space (Space Force). Our military doctrine and branches align with the domains of war. Today, cyberspace has no equivalent military branch.
The second reason we need a separate cybersecurity force: our largest adversary now has one — and they are way ahead of us.The need to integrate operations across the full spectrum of military activities has become a must-have. This isn't about cyber being an adjunct — it's about a robust and potentially lethal component across all branches and domains of the military.The NSA's mission differs fundamentally from USCYBERCOM. NSA collects signals intelligence (SIGINT) to help America understand the capabilities, actions, and intentions of our adversaries. USCYBERCOM defends Department of Defense (DoD) information systems, supports joint force commanders with cyberspace operations, and defends the nation from significant cyberattacks.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts.Read more Perspectives here.]From a military viewpoint, it's inconceivable that someone who never fired a weapon would command an infantry unit. Yet, it’s what’s happening at CYBERCOM. Well-meaning, but under-equipped and under-trained officers and senior enlisted personnel hold important positions. There's another important reason to create a distinct cyberforce. The Army, Air Force, Navy, and Marines currently manage their respective pipelines for recruiting, training, and promoting personnel. This approach has resulted in a shortage of qualified and trained operators at CYBERCOM. A single branch of the service with its own budget and mission could hope to attract the better technical young talent. Unfortunately, superiority functions as a game of numbers, and China has been winning. When this past spring China’s Strategic Support Force (SSF) broke into three and the new Cyberspace Force was created, it pulled from an estimated 250,000 personnel. Considering it would be a win for the United States to staff the new Cyberspace Force with 10,000 people, we are already orders of magnitude behind.Another aspect that’s far less sexy: procurement, or the lack thereof. In a recent study of the 2024 DoD budget, the Foundation for Defense of Democracies (FDD) found that CYBERCOM remains at the mercy of the other military branches.According to FDD, the lion's share of cyber funding in the FY 2024 budget remains with the established services. CYBERCOM's budget request is approximately $2.9 billion, while DoD's total Cyberspace Activities Budget request for the services stands at $13.5 billion.The balkanization of funding has inevitably led to misplaced priorities. The needs of one service don't always match the needs of CYBERCOM. This approach inhibits full funding and development of advanced cyber tools and capabilities. Invariably, CYBERCOM borrows personnel and capabilities instead of owning their own: not the most effective way to confront China or Russia, two nation-states that have made proactive cybersecurity a priority.But don't take it from me. One of the last statements by Gen. Paul Nakasone before he retired in January 2024 as the head of NSA and USCYBERCOM made the case for change:"I think all options are on the table except the status quo," said Nakasone. "We built our force in 2012 and 2013. We've had tremendous experience, but scope, scale, sophistication and the threat has changed, the private sector has changed, our partners have changed. I think that we've got to be able to take a look at how we're going to change as well."Regardless of what it's called, a new branch of the military around cybersecurity must have independent recruiting, retainment, promotion, and acquisition. It cannot expect to operate on the same principles as armed conflict, where weapon systems might take 10 to 20 years to develop and come online. It took 23 years for the F-35 to clear the final hurdle and enter production.We can’t afford that kind of time lag in today’s cyberwarfare. Usually, predictions for the New Year are full of fluff. While it’s always hard to predict the future, I think we’ll see a new cyber branch of the U.S. military proposed and approved before the end of 2025.China — and the rest of our adversaries, including Russia, Iran, and North Korea — are watching!Morgan Wright, chief security advisor, SentinelOneSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Morgan Wright, an internationally recognized expert on cybersecurity strategy, cyberterrorism, national security, and intelligence, serves as a senior fellow at The Center for Digital Government, chief security advisor for SentinelOne, and the chief technology analyst for Fox News and Fox Business. In addition to 18 years in state and local law enforcement as a state trooper and detective, Morgan has developed solutions in defense, justice and intelligence for the largest technology companies in the world, including Cisco, SAIC, Unisys and Alcatel-Lucent/Bell Labs.
The Institute for Critical Infrastructure Technology (ICIT) Digital Consolidation Risk and National Security briefing addresses the growing risks associated with IT and cybersecurity consolidation. The briefing showcases the findings and recommendations of ICIT's six-member Task Force, composed of industry experts and leaders to shape cybersecurity policy for the next Administration. Panel 1: Fireside Chat- Digital Consolidation
Wiz has dominated the cloud startup market for several years, but there are lesser-known startups that offer some very targeted cloud security products.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
