Does the U.S. need a cyber force?

Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, told lawmakers that infrastructure deficits could prevent the creation of a service modeled on Space Force.

By Gorodenkoff shutterstock ID 761940757
 

With the increased frequency and intensity of cyberattacks, the idea of having a separate military branch focused on virtual battlespace has cropped up. But is it a good idea?

Rep. Austin Scott (R-Ga.) said he supported the idea "if that helps us better carry out the mission," during a House Armed Services Subcommittee on Intelligence and Special Operations hearing in the defense intelligence enterprise on June 11.

Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, told lawmakers Friday that infrastructure deficits could prevent achieving that.

Nakasone said his focus is on developing Cyber Command's 133 teams, but he has concerns about creating a Cyber Force that emulates the mold of U.S. Space Force.

"My concern with moving towards a cyber force right now is the infrastructure, the other elements that take away from what we want. We want the best cyber operators working [their] mission every single day," Nakasone said.

"The most important thing we can do is to continue to have outcomes, positive outcomes."

That includes being able to have cyber operators dedicated to specific missions, such as the "Russia Small Group," an NSA and CYBERCOM task force created in 2018 to prevent and mitigate foreign meddling in U.S. elections.

"We took the same approach in 2020. And so being able to ensure that adversaries operating outside the United States could not impact through influence operations is one of the things that was clearly what we focused on."

Nakasone's comments come after the White House issued a cybersecurity executive order, mandating several basic practices across the federal government, including multi-factor authentication and encryption. They also come as lawmakers increasingly look for legislative and policy fixes to curb cyberattacks and improve the government, and contractors', cyber resilience.

Rep. Mike Waltz (R-Fla.) suggested potentially using Title 10 to bring the military to bear on cyber threats that are categorized as criminal, saying that cyberattacks by foreign nation state actors, such as those seeking financial gain from a ransomware attack, can rise to the level of a military threat.

"It reminds me of the terrorism problem in the [1990s] when it was viewed as a 'criminal issue' and we couldn't apply Title 10 and military assets to that," Waltz said. "After 9/11, obviously, we changed our view."

Nakasone concurred, saying "I do see a role for Title 10 in the space" and that

policies to shore up cyber deterrence would need to clearly "address adversaries, whether or not it's criminal behavior or whether it's nation state behavior" and that infrastructure resilience would need to improve.

"This is about our critical infrastructure in terms of what's most vulnerable right now," Nakasone said.