Cyber Military Branch: Rethinking Need

Army Col. Gregory Conti believes that, one day, cyber could be the fourth military branch, on par with the Air Force, Army and Navy, an idea he first proposed with Col. John "Buck" Surdu five years ago (see New Cyber Warfare Branch Proposed).

See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001

But, if a cyber branch is created, Conti says it would come later, rather than sooner, because of the way the United States Cyber Command - which was launched more than a year after he published his article justifying a new military service - is progressing as a force within the military.

"Now that we have champions in the force that get it, that understand the problems, and are backed up by the real-world headlines every day, a lot of the requisite cultural change that's required is taking place," Conti, director of the Army Cyber Institute, a think tank based at West Point, told me in a recent conversation (see A Multidisciplinary Approach to InfoSec). "Is it messy? Sometimes, absolutely. But are we heading in the right direction? Yes, and I'd say pretty aggressively."

Ready for Battle

That aggressiveness was reflected in a recent interview Navy Adm. Michael Rogers, the head of Cyber Command, gave to Cheryl Pellerin of the Department of Defense News Service.

In the interview, Rogers sounds like a commander building a fighting corps specializing in cybersecurity, comparing it to what the kinetic services do to prepare for combat. "Is what U.S. Cyber Command needs to know about what's going on in the network world the same thing as a strike group commander needs in the Western Pacific?" Rogers rhetorically asks. "The same thing an Air Force air wing needs in Minot, North Dakota? The same thing a brigade combat team needs in Afghanistan? It will vary, so we've got to create a system that you can tailor to the needs of each commander."

Rogers, who also serves as director of the National Security Agency, outlines in the interview his five priorities for Cybercom:

• Build a trained and ready cyber force;
• Put tools in place that create true situational awareness in cyberspace;
• Create command-and-control and operational concepts to execute the mission;
• Develop a joint defensible network; and
• Ensure Cybercom has the right policies and authorities to allow it to execute full-spectrum operations in cyberspace.

His ultimate goal is to bring Cybercom to a level where it's every bit as trained and ready as any carrier strike group or any brigade combat team on the ground in Afghanistan. "My objective during my time as the commander, first and foremost, is to ensure that we have brought to fruition the operational vision in cyber ... [to make sure] it's something real, it's something tangible, and it is operationally ready to execute its assigned missions," he tells the DoD news service.

Operational Vision

Rogers has not advocated a separate military branch for cyberwarfare. Instead, Rogers seeks to unify the networks operated by the Defense Information Systems Agency and the military branches through a military command. "Because, under the current network structure today, those networks are largely run by [the] services," he says. "So we've got to create a relationship between DISA and the services that is very operational because you've got to maneuver networks, you've got to react to changes and you can't do that in a static kind of environment."

Cybercom, compared with the three military branches, is minuscule; it expects to have a force of 6,000 people by 2016. Is a military command for cyberwarfare a suitable substitute for a separate military branch? Perhaps so, at least for the foreseeable future.

Conti's gut tells him that one far-off day - perhaps in two decades - a cyber service will be created. But he says that, with the right moves, a separate branch might not be needed after all. "I really see us on a trajectory where I think we're doing all the right things right now," he says. "That may be sufficient [rather than] creating a new service. It might not be necessary."

What does your gut tell you? Will Cyber Command provide the necessary structure to defend military IT and the nation or should a separate service branch be created? Share your thoughts below.