November 7, 2024 | CyberScoop
Congress must demand a study of America’s cyber forces
A bipartisan proposal should move forward despite Defense Department objections.
November 7, 2024 | CyberScoop
Congress must demand a study of America’s cyber forces
A bipartisan proposal should move forward despite Defense Department objections.
In an era of political polarization, congressional efforts to shore up America’s cybersecurity offer a rare beacon of bipartisanship. But these legislative efforts are currently under threat.
Recently, the Defense Department asked lawmakers to kill a bipartisan proposal — across both chambers of Congress — that would mandate an independent study of the readiness of America’s cyber forces. As cybersecurity leaders, we know that the two oceans that have long deterred a physical invasion of our homeland do not protect us in cyberspace. Our adversaries are already compromising our critical infrastructure, conducting covert cyber activities in our networks, inserting malicious software payloads, and gathering information from government and the private sector, all to gain a competitive advantage and prepare for potential conflict. Congress is right to ask for an independent study to ascertain whether the United States is appropriately postured to recruit, train, and retain the personnel needed to overpower and outmaneuver our adversaries in cyberspace.
This is not just a federal government or military issue. Cyberattacks overwhelmingly impact state and local governments — like New York — and the companies, corporations, organizations, and individuals within their jurisdictions. For example, in September 2022, Suffolk County, N.Y., the largest county outside of New York City, was hit with a devastating cyberattack that took several months and over $25 million to fully recover from.
As part of an independent study, the proposed legislation includes a provision to consider whether a new military service responsible for generating the forces required for cyber conflict is needed. Just as the Space Force was created in 2019 to recruit and train personnel for military space operations, a new Cyber Force would focus on cultivating personnel with the requisite technical acumen, domain knowledge, and strategic outlook to deter and defend America in cyberspace.
A Cyber Force would also be able to develop a more effective and unique cyber National Guard, Reserve, and auxiliary component. Unlike the traditional military domains, much of the knowledge, skills, and abilities needed for military cyber operations resides in the private sector. An independent study is also needed to weigh in on the optimal model for how to structure the total Cyber Force and to better capitalize on distinctive relationships between the public and private sectors, military and civilian personnel, and federal, state and local governments.
Occam’s razor — meaning the simplest explanation is usually right — suggests the Defense Department is trying to squash the bipartisan congressional effort because officials are concerned about what an independent study might reveal: that America’s cyber forces are at an insufficient level of readiness to compete and win in cyberspace. Currently, recruiting and training personnel for cyber roles is fragmented across the various military services, none of which sees cyberspace as their priority effort. This is causing well-documented, negative consequences for readiness. Yet, deep-seated organizational interests seem to prefer to continue with the unacceptable status quo rather than implement necessary changes. After all, history shows that institutional change is not something the Defense Department usually does of its own accord.
We urge Congress to ignore the pressure coming from the Defense Department and require an independent study to assess America’s force posture in cyberspace. With instability mounting around the world, the United States cannot afford to wait for a crisis or conflict to improve our cyber readiness. Recent revelations about the Chinese government’s incursions into critical infrastructure, Iranian hacks on our water systems, and the proliferation of cyberattacks alongside the battlefield in Ukraine underscore the centrality of the digital world in modern conflict. Only an independent, transparent study, shielded from the power and influence of entrenched interests, can provide what Congress demands and the American people deserve — even over the objections of the Defense Department.
Colin Ahern is the first-ever chief cyber officer of the State of New York. He previously served as the acting chief information security officer of New York City, and commanded a cyberspace operations company in the Army Cyber Brigade. Erica Lonergan is an assistant professor at Columbia University’s School of International and Public Affairs. She previously served as a senior director on the bipartisan Cyberspace Solarium Commission. Mark Montgomery is a retired rear admiral and senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. Previously, he served as the executive director of the bipartisan Cyberspace Solarium Commission.