In the early 1980s cyber fiction film, “War Games,” a young hacker played by Matthew Broderick almost managed to start World War III when he accidentally nearly launched nuclear strikes against the Soviet Union. It seemed unlikely in those relatively primitive days before the widespread use of the Internet, but it foreshadowed the emerging era of the profound intersection of national security and the cyber world.
If we think of cyber as we did of aviation a little more than 100 years ago, we are just now on the beach at Kitty Hawk. In the cyber world, we have much yet to finalize. While some nascent structures and norms exists, we do not have functional equivalents for: precisely developed and institutionalized norms for air traffic control; airports operating under national and international regulation; well-defined international civil aviation routes; methods and means for military uses of air power; a civilian Federal Aviation Authority with broad jurisdiction and powers; or a Transportation Security Administration.
And just as the United States realized the need for a professional military cadre to operate in the air — the US Air Force — it should now consider the need for military professionals to serve and defend in the cyber world with the creation of a US Cyber Force.
Consider the history of the creation of the Air Force. During and after the First World War, both the Navy and the Army explored the use of aviation assets for reconnaissance, surveillance, and ultimately for offensive attack operations. In the interwar period, a series of experiments demonstrated the capability of air attack, notably against large, slow US Navy capital ships. Throughout the Second World War, the use of long-range bombers, tactical fighter aircraft, over-land and over-water surveillance, troop transport and insertion, and many other aviation missions came to the fore.
As aviation operations became more specific and needed expert execution, proponents of a separate service built a coherent case. Over the objections of the Army in particular, the old Army Air Corps was transformed into a separate US Air Force in 1947, about 40 years after Kitty Hawk.
It is time we considered the creation of a US Cyber Force for many of the same reasons we needed a US Air Force.
First, it would immediately improve command and control in the cyber sphere. The cyber world is a distinctive medium of operations requiring deep expertise. Each of the US Armed Services is operating in that sphere, training cyber operators and conducting operations. While loosely under the direction of US Cyber Command, the disparities between the services’ approach to cyber have the potential to create operational rivalries, discontinuities, and inefficiencies. This could be addressed by unifying these efforts into a single service and streamlining command and control.
Second, the personnel systems that are used by the services — initial entry at a low level, uniformity of appearance, low pay, and an aversion to individuality — are a poor match for recruiting those most likely to have the skills and experience in the cyber world. A separate service would have the ability to train, equip, and organize cyber specialists.
Third, a focused and dedicated service, reporting to civilian leadership, would create true singularity of strategic purpose in respect to military operations — defense, intelligence, surveillance, and potentially offense — in the cyber world. Today, each of the services has a different approach in all these missions, and combining to a single service would allow unified operational focus.
Fourth, a US Cyber Service would be a single point of contact for the many and varied interagency and private-sector entities involved in the cyber world. As part of US Cyber Command, these professionals would have a shared culture, background, and sense of environment with the civilian partners, both public and private. The Department of Homeland Security, Department of Justice, FBI, CIA, and virtually every large corporation in the United States all have cyber-skilled operators. Pairing them with dedicated military equivalents who have likewise spent their entire careers focused on cyber would be helpful as our nation seeks to prepare for the cyber world.
None of this means we are militarizing the cyber world. Just as in aviation, we must recognize the reality that there will be some level of military activity in the cyber world. And this is not about vast new spending — the resources can come from what the individual services are currently spending. A US Cyber Force would rationalize and create fiscal efficiencies.
The question is: How can we as a nation best be prepared to meet the challenges we face in this new world? The answer is to begin serious discussions about creating a US Cyber Force to help interagency and private sector partners be ready to keep our nation secure on this new frontier.
James Stavridis, a retired Navy admiral and former Supreme Allied Commander at NATO, is dean of the Fletcher School of Law and Diplomacy at Tufts University.