Given the ever-increasing cyber threats and attacks, is it time for the countries to create an independent cyber force? This question is looming over the minds of the US strategic elites, including the lawmakers, like never before.
China Launches ‘Great Stealth’ Attack On US’ Key Military Location; NYT Says Malware Targeted Telcom In Guam
Of course, cyber threats as a phenomenon have not suddenly appeared. Worries over them have existed over the years. Each service in the US has had a cyber service of its own.
But the willingness of China, Russia, Iran, and North Korea to utilize their cyber power against their adversaries has made the American policymakers, particularly the Congress, dance around the idea of creating a separate cyber force.
Two recent cyber incidents have intensified the call for a US cyber force. The US Cyber Command operators have confirmed that they carried out an online defensive mission in Albania in response to last year’s cyber attacks against the local government.
The attack had shut down the NATO member’s online public services and websites. It was alleged that Iran had conducted the attack.
Accordingly, the US Treasury Department issued sanctions against Iran’s intelligence service in retaliation, and later, US Cyber Command worked with Albanian cyber experts to track digital threats and detect vulnerabilities in the country’s online defenses.
It was said that Iran had attacked Albania for refusing to prosecute the Mujahideen Khaleq, an anti-Iranian group with a presence in Albania.
Second Incident
The second incident was the recent February ransomware attack on the US Marshals Service, which compromised data on law enforcement operations, high-security people, and fugitives.
All this has made the US Congress seek an assessment of the costs, benefits, and values of establishing a uniform cyber service.
Incidentally, the prestigious think tank Council on Foreign Relations set up an “independent task force” last year to produce a report titled “Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet Confronting Reality.”
This report said that “Countries around the world now exert a greater degree of control over the internet, localizing data, blocking and moderating content, and launching political influence campaigns. Nation-states conduct massive cyber campaigns, and disruptive attacks are growing. Adversaries are making it more difficult for the United States to operate in cyberspace. Parts of the internet are dark marketplaces for vandalism, crime, theft, and extortion.
“Malicious actors have exploited social media platforms, spread disinformation and misinformation, incited disparate forms of political participation that can sway elections, engendered fierce violence, and promoted toxic forms of civic division.”
Among significant findings of the Task Force, the following were particularly noteworthy:
- The era of an open, global internet is over.
- Data is a source of geopolitical power and competition and is central to economic and national security.
- Increased digitization increases vulnerability, given that nearly every aspect of business and statecraft is exposed to disruption, theft, or manipulation.
- Most cyber-attacks that violate sovereignty remain below the threshold focusing on force or armed attack. These breaches are generally used for espionage, political advantage, and international statecraft, with the most damaging attacks undermining trust and confidence in social, political, and economic institutions.
- Cybercrime is a national security risk, and ransomware attacks on hospitals, schools, businesses, and local governments should be seen as such.
- Artificial intelligence (AI) and other new technologies will increase strategic instability.
- The United States has failed to impose sufficient costs on attackers to fight cyber threats.
The task force, given its nature, concentrated more on diplomatic measures such as consolidating “a coalition of allies and friends around a vision of the internet that preserves—to the greatest degree possible—a trusted, protected international communication platform,” balancing “more targeted diplomatic and economic pressure on adversaries,” and negotiating “with adversaries to establish limits on cyber operations directed at nuclear command, control, and communications (NC3) systems.”
However, the Military Cyber Professionals Association, a non-profit dedicated to advocating for military cyber issues, argues for a harder option of creating “a United States cyber force.” In March, this Association prepared a memo and sent it to Congress and the Biden Administration.
The memo is said to have noted that its thousands of members across the nation and the broad military cyber community believe that “a cyber service is needed and inevitable.”
It may be noted that, at present, every military service in the US possesses a cyber component. The Navy has Fleet Cyber Command (CYBERCOM), the Air Force has Air Force Cyber Command, and the Marine Corps has Marine Forces Cyber Command. The Army and Coast Guard also have similar units.
Secondly, each service provides personnel for a set number of teams to US Cyber Command (CYBERCOM), which then employs those forces in operations for the other geographic combatant commands.
The CYBERCOM and its cyber mission force work alongside the National Security Agency and the Central Security Service to organize, train, and equip cyber warfighters.
These services also act operationally through the combatant commands and the intelligence community. Although technically subordinate to CYBERCOM, each service’s cyber warriors support joint missions.
In other words, they answer to their Service Chief, Operational heads, and the CYBERCOM commander. After all, the present cyber warriors are soldiers, airmen, or sailors first, focusing on the cyber second. And each of them, depending on their respective services, has its own identity, culture, and way of classifying and supporting CYBERCOM.
Utter confusion that these multiple accountabilities create will be over only when there is an autonomous cyber force, its proponents point out. They also cite other reasons, prominent among them being as follows:
First, each service’s cyber division adversely affects the unity of command and fosters unhealthy competition among the services. It also inhibits the establishment of universal standards.
Second, conflicts inevitably arise if CYBERCOM and an individual service do not share the same interests and priorities.
Therefore, it is argued that only a stand-alone force would eliminate the unity-of-command problem and the inter-service rivalries. It would prevent the inefficiencies associated with disparate personnel standards. This will also facilitate the judicious allocation of resources based on objectively adjudicated priorities.
Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies and the director of the Cyberspace Solarium Commission 2.0, argues, “A separate service will give you, when properly established and resourced, the agility, and the platform to ask for resources and the focus to ensure that force generation is optimized for whatever Cyber Command demands for force employment.”
Montgomery told a House Armed Services Committee’s members recently, “US cyber forces really inconsistent in their organization, readiness, and training across the various military services, and the size of each military service’s contribution to the cyber mission has not changed appreciably since the original agreements of 2010, despite significant changes in the threat from China and Russia.”
Against this background, one comes across the argument that “a small new cyber-service could be the best home for fostering the next generation of innovative leaders. It would enable the organizational perspective to identify which cyber capabilities the military will need to fight in the domain in a decade.
“It would also create new acquisition and procurement structures that produce innovative technologies. With the long-term mission in mind, the new service could also look towards a cyber-domain strategy that exceeds supporting operations taking place within other domains.”
Of course, some do not readily accept the idea of a separate cyber force. For instance, Rep. Mike Gallagher, R-Wisc., chairman of the HASC CITI subcommittee, told reporters recently that while the subcommittee is open to the idea, it could create more bureaucracy.
“I think we’re definitely going to consider it in the subcommittee’s work… I think we have to hake a public sort of analysis of it,” Gallagher said. “I think the hesitancy on our side would be — well, so soon after creating the Space Force, we don’t want just to create a bunch of bureaucracy. So we can find a way to do it that isn’t a massive increase in bureaucracy that in some ways is sort of a consolidation efficiently of existing cyber warriors, then it could get compelling. I have yet to do my own homework on it.”
Besides, some opponents of a separate cyber force argue that if US Special Operations Command, or SOCOM, which has representations from all five services, is working efficiently, then why cannot the CYBERCOM, drawing personnel from all the services, function effectively?
But then, the proponents of special Cyber force counter-argue that while SOCOM’s functions span multiple domains, CYBERCOM’s functions only involve one domain—cyberspace. And that being the case, SOCOM indeed requires the core competencies of all the services to carry out its missions in the sea, air, and land.
In contrast, cyberspace operations do not require any of the core competencies of the five (now six) services; “in fact, the cyber domain requires precisely the core competencies that none of the other branches possesses.” In that sense, SOCOM and CYBERCOM are not comparable.
Viewed thus, the debate on the subject will be a prolonged affair. But that does not negate the importance of the subject. Otherwise, Congress would not have asked the Pentagon to assess the costs, benefits, and values of establishing a uniform cyber service.
The Congress wants to know how the services should man, train and equip for cyber. It has inquired if a single military service should be responsible for the cyber mission force’s basic, intermediate, and advanced cyber training and if the Department of Defense should create a separate service.
- Author and veteran journalist Prakash Nanda has been commenting on politics, foreign policy, on strategic affairs for nearly three decades. A former National Fellow of the Indian Council for Historical Research and recipient of the Seoul Peace Prize Scholarship, he is also a Distinguished Fellow at the Institute of Peace and Conflict Studies. VIEWS PERSONAL OF THE AUTHOR
- CONTACT: prakash.nanda (at) hotmail.com
- Follow EurAsian Times on Google News