In a brief email Nov. 6, Defense Secretary Pete Hegseth laid out a new Cyber Force Generation plan, meant to give U.S. Cyber Command more authority over the employment, training, and equipping of U.S. troops preparing for and waging cyber war. Former Air Force officers and national security officials say the plan is meant to fix longstanding problems that have beset the U.S. military’s cyberspace efforts—and to head off growing calls for an entirely new military service.
Yet to some experts who have spent years working in cyber and believe a new service is needed, the new plan is destined not to succeed. Mark Montgomery, a retired rear admiral, praised some of the ideas in the plan, but argued that “it’s like installing a 70 mile-long screwdriver at [Cyber Command headquarters at] Fort Meade and expecting to drive a bunch of screws at the Pentagon. This is not going to work.”
Montgomery runs CSC 2.0, a nonprofit focused on implementing the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he previously served as executive director.
“It’s great that they [Pentagon leaders] are thinking about force generation,” he said, adding that the list of seven “core attributes” central to the plan is “a wonderful list.”
“There’s good ideas, but I believe they’re tasking the wrong person with it,” said Montgomery, who is also a member of the Commission on Cyber Force Generation, launched in September by CSC 2.0 and the Center for Strategic and International Studies.
The commission was set up to provide the White House and Pentagon with the policy framework they will need if the administration decides to go ahead and establish a separate cyber force, explained former White House national security staffer Lauryn Williams, commission co-director and a senior fellow at CSIS. It will report no later than June 2026, she added.
“The bottom line is, we’re not recruiting the right force,” Montgomery said. “We’re not training them consistently. We’re certainly not paying them consistently, and as a result, we’re not retaining them at the proper levels.”
Those problems are due to the fact that cyber is not the number one priority for any of the other military services, not issues with CYBERCOM, he said.
And so the new Cyber Force Generation plan is “not addressing the problem, [it’s] addressing some of the symptoms of the problem,” he concluded.
A Longstanding Problem
The context is the bifurcated structure of the U.S. military developed under the 1986 Goldwater-Nichols defense reorganization act, explained commission co-chair Joshua Stiefel, a former staffer on the House Armed Services Committee. While the military services provide trained troops and their equipment, those troops are commanded in operations by the heads of the 11 unified combatant commands.
Stiefel said that the problems faced by U.S. Cyber Command today are with “force generation,” the function statutorily assigned to the military services, as opposed to “force employment” which is the responsibility of the unified combatant commands. Issues such as readiness and retention are the remit of the services, resulting in a “dependency that Cyber Command has on the services. There’s nothing in this new force generation model that mitigates or addresses that dependency,” Stiefel said.
At its core, Stiefel explained, there is “dissonance” in the plan between imbuing Cyber Command with greater authorities over the training and equipping of cyber mission forces; and the reality that “the service chiefs have absolute control over the ‘man, train, and equip’ [functions] for personnel in their service.” When unified combatant commanders clash with service chiefs, “the service chiefs win 100 percent of the time,” he argued.
The new cyber force generation model is the latest effort to solve this longstanding problem, said Stiefel.
“A lot of the things they’re talking about [in this announcement] are a rehash of prior CYBERCOM efforts in 2019 and 2017,” he said. Hegseth’s announcement “seems to be another attempt to strike at this target, but it’s never been successful before, and frankly I’m doubtful that it will be any more successful this time.”
A New Service?
While some members of the commission clearly favor a separate cyber force, there’s far from universal agreement about that.
The problem with a new service is that “nothing new comes without cost and comes without risk,” said a former senior Cyber Command official, now in the private sector and not authorized by their current employer to speak to the media. He urged reformers to be careful: “Whatever you do, you can’t break today’s mission because the threat is too high. … It’s got to be a very calculated approach.”
He suggested that any reform plan should consider the experience of the Space Force.
“Look at what the Space Force spent a lot of time on. … They are fascinated with their uniforms. They’re fascinated with what song they’re going to sing, and what their flag looks like, what their pins look like, and what their ranks are. That’s culture stuff. And that’s all really important, right? But none of that helps lethality and warfighting today,’ said the former senior official.
The creation of the Space Force also created some inevitable friction with U.S. Space Command, the unified combatant command for the “astrographic” region of space. “They want to do each other’s jobs. It’s very confusing. I think you would run into the same thing with cyber pretty quick,” they added.
The former official pointed out that the new force generation plan creates three “enabling organizations” in Cyber Command that align with the three responsibilities of a military service: Recruit, train, and equip. CYBERCOM’s Cyber Talent Management Organization will “identify, attract, recruit, and retain an elite cyber force,” according to the announcement. Its Advanced Cyber Training and Education Center will “develop mission-specific training and education to build expertise and mastery.” And its Cyber Innovation Warfare Center will “accelerate the rapid development and delivery of operational cyber capabilities.”
“These are service-like authorities,” the former official said.
Stiefel added that the force generation changes Hegseth announced—and the enhanced budgetary control previously granted by Congress—has brought the command uncomfortably close to the duality that the Goldwater-Nicholls law effectively abolished nearly four decades ago.
“What Cyber Command is attempting is to be responsible for both force generation and force employment, and that’s a model that has never worked, and which we felt imperative [to scrap] to the point that we legislated the separation between them 39 years ago,” he said.
“There’s a tension between what we’ve been saying forever, which is we need to normalize ‘cyberspace operations’, but at the same time pushing for Cyber Command to look, act, walk and talk and operate in a way that’s different from every other unified combatant command. No one else—no other component, no other combatant command—does both force generation and force employment, and yet that is explicitly what Cyber Command is seeking. The more you do that, the more unlike the rest of the Department [of Defense] you are.”
Authorities and Funding?
Moreover, the additional authorities Cyber Command has previously been granted have not solved the problem, explained another commission member, former Air Forces Cyber Commander Lt. Gen. Chris Weggeman.
Cyber Command “has received all it’s asked for in terms of authorities and budget/funding. So now it comes down to implementation, planning and execution,” Weggeman said.
Cyber Command hasn’t been able to leverage the authorities it’s been granted, Weggeman told Air & Space Forces Magazine in an email interview. “In my opinion, what Cyber Command lacks today is sufficient capability and capacity to clutch all their new authorities and deliver required outcomes at relevant speed/scale. They are undermanned, lack the talent and experience required at scale, [and] lack the data-fabric and state-of-the-art analytics/automation to fuel process efficiency.”
The services are dragging their feet when it comes to provisioning the cyber force, said Weggeman, and it has to stop. Cyber Command “continues to face parochial service headwinds in terms of personnel support, career field progression, and capability development. … Cyberspace superiority must be declared a common core mission for all the services, full stop. It cannot continue to be relegated to a lesser status across our Joint ecosystem.”
Even when ordered to make cyber a priority, service chiefs tend to suffer from institutional inertia, said Williams. “There is naturally a prioritization within the existing services of their specific domains. So, for example, the Air Force’s priority is aircraft and use of aircraft.” Cyber is understood to be a critical element of modern warfare, “but is that going to be the first topic issue top of mind for senior leaders within the Air Force? Not necessarily.”
If the services continued to slow walk the demands of Cyber Command, Weggeman said, “then we must create a standalone service” that will meet demands of the domain, “as we did with the Air Force in 1947 and the Space Force in 2019.”
