The House and Senate Armed Services Committees approved versions of an NDAA 2025 amendment that — if passed — would require studying the creation of an independent military branch dedicated to cybersecurity, dubbed the Cyber Force. The study would consider how well a Cyber Force could meet workforce and training needs, compared to if the military just built on its current model for Cyber Command.
This amendment isn’t the first try. A similar measure in 2024 failed to make it into final legislation. Meanwhile, in 2023 there was a measure passed requiring a study into efforts to meet cyber workforce needs. That study was to consider both “existing models for total force generation practices and programs, as well as nontraditional and creative alternatives.” That report does not appear to have been released to the public as of yet.
Cyber Force isn’t the only option. Cyber Command has gained new authorities, which some believe could help address problems. Others like the think tank Foundation for Defense of Democracies (FDD), meanwhile, have upheld Cyber Force as the fix.
So, what are the problems, and how could either approach help?
Cyber Command works to keep democratic processes and critical infrastructure safe from cyber threats, defend its own information networks, support the joint forces and work with allies, said Gen. Timothy Haugh in recent statements. Nation-state-linked cyber attackers have gone after critical infrastructure like the water sector and energy grid.
Traditionally, each military branch hired and trained its own cyber personnel, and Cyber Command borrowed them. But it hasn’t always been enough: In 2022, Congress said it worried about “chronic shortages of proficient personnel in key work roles."
The military branches have struggled to recruit and retain cyber specialists, in part because of policies still designed for personnel doing a different kind of work, per a report from the FDD. For example, the Army can only promote lieutenants who’ve first served as platoon leaders — something irrelevant for cyber officers. This can lead to cyber officers overseen by leaders without hands-on technical experience, who then struggle to mentor them or to evaluate cyber risks. Cyber is often not highly valued in military branches focused on kinetic operations, and some personnel find it discouraging to continue in cyber roles, per the report, which drew on interviews with 75 active and retired military officers.
The branches also traditionally varied in their compensation and recruitment for cyber experts. For example, in 2022, the Army didn’t offer enlistment bonuses to cyber recruits, while the Navy offered an initial $5,000 plus $30,000 more from completing training, per the FDD. And the branches reportedly do not train their cyber teams to the same standards — or to meet Cyber Command’s needs, resulting in an uneven and insufficient skillset.
The FDD report asks for a Cyber Force with a $16.5 billion budget and 10,000 personnel. Just as Space Force is housed within the Department of the Air Force, the Cyber Force would be housed in the Department of the Army. Under this vision, Cyber Force could hire, train and equip staff. This would create an unified approach, without adding more responsibilities onto Cyber Command.
Cyber Command has seen some changes, too, which might help. In remarks, Gen. Haugh said Cyber Command used “special hiring authorities” and faster hiring processes to attract recruits in 2023. And, by Jan. 1, 2025, Cyber Command gets authority to set “joint training curriculum for operational technology-focused Cyberspace Operations Forces,” per the NDAA FY 22.
Procurement has been another concern. Traditionally, Cyber Command relied on the military branches for procurement, and it could only contract for a limited dollar amount, per the FDD. Cyber acquisitions must be handled differently than those for traditional military items like tanks or jets, however, because software and exploits become obsolete much faster, the FDD warns.
Newly enacted authorities give Cyber Command a designated budget and more procurement capabilities. Gen. Haugh said in published comments that partnerships among Cyber Command, the military branches, the Defense Advanced Research Projects Agency and others this year are expected to ensure acquisitions happen “at cyber-relevant speed.” Meanwhile, the FDD says a dedicated Cyber Force would help because it could focus on cyber procurements.
Some argue for seeing how well Cyber Command’s new capabilities address problems before creating a new military branch. Former Cyber Command Deputy Commander Charlie Moore, for example, told WUNC he fears the work of creating a whole new military branch would distract from focusing on cyber threats. Moore said changes to Cyber Command could be enough to fix its issues.
Of course, the NDAA 2025 amendment doesn’t require making a Cyber Force, just evaluating the idea.
