New Report: U.S. Should Stand Up a 10,000-Man Cyber Force

A new report calls on Congress to create a stand-alone military Cyber Force to Lead the Pentagon’s cyber capabilities, and an influential lawmaker endorsed the idea this week. 

Report authors retired Rear Adm. Mark Montgomery and Dr. Erica Lonergan from Columbia University’s School of International and Public Affairs came to their conclusion after interviewing 76 active and retired military cyber professionals. Writing for the Foundation for Defense of Democracies, they propose creating a Cyber Force modeled in part on the U.S. Space Force, and housing it inside the Department of the Army.

They join a growing chorus of advocates who say spreading cyber expertise across the military forces waters down the potential expertise that could be gained from more centralized leadership.  

Montgomery and Lonergan note that the military services are struggling with recruiting, acquisition, readiness, and leadership. 

“This paper is a criticism of the current system of force generation in cyber, the Army, the Navy, the Air Force, the Marine Corps, even Space Force now,” said Montgomery. “That system is not working.” 

The services are not recruiting the right talent, too often focusing on the kinds of people who fit the physical demands of their other missions. 

“What’s happening now in the services, we get the best most cyber relevant person the service happened to have recruited,” Montgomery said. “Unless of course, that person is needed as a special operator [or] a nuclear operator in the Navy.” 

Cyber training, certifications, and pay standards vary among the services, Montgomery said, so troops with the same skills are sometimes paid at vastly different rates. In some cases, cyber units are completely reliant on a very few people for certain missions. 

“There are units that do complex work with malware development, and less than 10 percent of the unit is doing 90 percent of the work, because they’re the only ones who are qualified to do it,” Montgomery said. “Can you imagine going to an F-22 squadron and having the CO say, ‘I know I’ve got 25 pilots in here, but I just use two of them’?” 

Nor is there any guarantee that commanders of cyber units have the relevant background. 

“Interviewees for this project cite numerous examples of senior officers who have little to no experience in the cyber domain—even though the services have had 13 years since the creation of CYBERCOM to develop qualified senior leaders,” the report notes. 

And because no service owns the cyber mission, cyber acquisition tends to get lower priority than other missions, despite its importance across all domains. Congress has sought to remedy that by giving U.S. Cyber Command, a joint-force combatant command, more acquisition authority, but that arrangement is inconsistent with the military services’ missions, which are to recruit, train and equip their forces.  

“I actually think Cyber Command has done the best job it could have possibly done dealt the cards it had,” Montgomery said. “But if it’s going to do the job we expect it to do three years, five years, 10 years from now, we need a new model.”

A rendering of a prospective seal for U.S. Cyber Force (Design by Daniel Ackerman/FDD)

Montgomery and Lonergan argue for placing a new Cyber Force within the Department of the Army, just as the Marine Corps is in the Department of the Navy and the Space Force is in the Department of the Air Force. Once established, each military department would lead two service branches. Yet the similarities end there. The Marine Corps was created as naval militia, and its role as a naval service dates to its foundation; likewise, the Space Force was formed almost entirely from elements of the U.S. Air Force.

But military cyber skills are spread throughout the other military services, so drawing them together into a single branch would be a major hurdle.  

The bulk of Cyber Force billets would draw the 133 teams from all the services that conduct everyday cyberspace operations. These teams make up what CYBERCOM calls the Cyber Mission Force. Once combined, the authors envision a service of some 10,000 personnel managing a budget of $16.5 billion to start—roughly analogous to the Space Force, which is by far the smallest military service. 

Each of the individual services would retain some cyber-focused personnel, primarily to conduct defensive cyber operations tied to their military capabilities and information networks. 

A counter argument to a unified cyber force would be to treat CYBERCOM more like U.S. Special Operations Command, which also draws forces from across the services and has some of its own acquisition authorities. But that comparison misses some nuances, said Lonergan.  

“In the SOCOM model, each of the services is still providing the personnel to SOCOM to be employed, and those individuals are all trained in their unique domain-specific warfighting competency,” Lonergan said. In other words, Navy SEALs operate from the sea, while Army Green Berets operate on land. “But cyberspace isn’t like that,” Lonergan said. “There are no domain-specific functions that only a particular service is able to provide.” 

Retired Navy Adm. James Stavridis, former head of U.S. Southern Command and U.S. European Command, has also advocated for a cyber force, as has retired Army Lt. Gen. David W. Barno. The Military Cyber Professionals Association, an advocacy group that has dozens of general and flag officers among its board of advisors, has also called for such a change.

But the idea faces resistance in both the Pentagon and on Capitol Hill. Late last year, Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang said creating a new service would come at significant costs. “Be careful what you wish for,” she warned. Lawmakers considered tasking the Pentagon to study a cyber force last year, but dropped the idea from the 2024 National Defense Authorization Act before passing it. 

Yet there are also signs of shifting opinion. An earlier NDAA passed by Congress required the Pentagon to “study the prospect of a new force generation model” for U.S. Cyber Command, and then-CYBERCOM boss Gen. Paul Nakasone said shortly before his departure that “all options are on the table except status quo.” 

Rep. Mike Gallagher (R-Wisc.), chair of the House Armed Services cyber, information technologies, and innovation subcommittee, endorsed more study of the Cyber Force idea. 

“I’m disappointed that we didn’t get the provision for a more fulsome study across the finish line in last year’s NDAA,” Gallagher said at the rollout of the new report. “But I hope we can in [the 2025] NDAA.” 

Gallagher stopped short of calling for a Cyber Force explicitly and he has cited the potential for bureaucratic bloat and inefficiency in the past. But he said the new report is “so powerful that it’s challenging my priors.” 

Gallagher won’t be in Congress to get such a measure approved, however. He announced in March that he is resigning effective April 19, leaving the Cyber Force without the kind of clear champion on the Hill that helped get the Space Force across the finish line. Reps. Mike Rogers (R-Ala.) and Jim Cooper (D-Tenn.) led the charge for the Space Force.