It’s time to reboot U.S. cyber power
By Andrew Brown
Real Clear Wire
Nearly every aspect of American life runs on code, from national security to finance to healthcare to education. Yet, the country is falling behind in cyberspace. A former U.S. Cyber Command (CYBERCOM) chief warned that America is “increasingly behind” its adversaries, while the Cybersecurity and Infrastructure Security Agency revealed that China-backed hackers have gained “persistent access” to U.S. critical infrastructure, enabling them to disrupt power grids, pipelines, and communications at will. To catch up, the United States needs a new military service dedicated to cyberspace.
Created in 2009, CYBERCOM was tasked with directing, synchronizing, and coordinating military operations in cyberspace. Eight years later, it became a unified combatant command (UCC), which means that it integrates forces from multiple services under one structure to achieve cyber missions. But cracks appeared almost immediately. Within a year, the Government Accountability Office found that many of CYBERCOM’s teams were understaffed and failing readiness standards. CYBERCOM was so focused on conducting missions that it neglected its talent pipeline.
The problem has only deepened since. A 2025 RAND Corporation study concluded that leaders face “hundreds” of challenges in managing the cyber workforce. Training is inconsistent because each military branch prepares cyber operators for its own missions, not for dominance in cyberspace as a whole. Pay and incentives lag behind the private sector, making it easy for companies to poach personnel. Technically inexperienced leadership exacerbates the problem. As one analyst said, the military would never let someone who had never fired a rifle lead an infantry unit, yet it routinely assigns leaders with no technical background to cyber units.
When a system malfunctions, developers have two options: patch or update. A patch is a small fix for a specific flaw, whereas an update is a broad upgrade designed to introduce new features and optimize performance. For years, the Defense Department has tried to patch CYBERCOM with budget increases and minor reforms, but these tweaks haven’t kept pace with cyber-savvy adversaries like China and Russia.
Just this month, the Pentagon released yet another patch under the CYBERCOM 2.0 initiative. It creates three new organizations: the Cyber Talent Management Organization to recruit and manage people; the Advanced Cyber Training and Education Center to coordinate training and education; and the Cyber Innovation Warfare Center to develop doctrine. This is a step in the right direction, but it isn’t enough.
Unlike most UCCs, CYBERCOM is responsible for both “force generation,” which includes training, organizing, and equipping personnel, and “force employment,” which involves using those forces. Asking it to do both is like forcing one program to run two complex processes simultaneously. Eventually, the system crashes.
This duality goes against a core principle of modern U.S. military organization. Throughout the Vietnam War, each service prioritized its own parochial needs over national mission requirements, much like what is happening with cyber training today. To fix this, Congress passed the 1986 Goldwater-Nichols Act to divide force generation and force employment and create greater accountability. Services would prepare forces and the UCCs would use them. As a result of this reform, each domain of warfare has a dedicated service responsible for force generation: the Army for land, the Navy for sea, the Air Force for air, and the Space Force for space. Only the cyber domain lacks its own service.
CYBERCOM 2.0 may improve talent and training, but it cannot fix the deeper mismatch between CYBERCOM’s structure and the expanding strategic importance of cyberspace. After fifteen years, the command has shown it cannot manage both force generation and force employment. America needs a cyber capability that can move as fast as the domain itself. That will only be possible if force generation is pulled out of CYBERCOM’s mandate.
Critics call the idea of a dedicated cyber service a “disruptive proposal” that carries “unacceptable risk” to current cyber operations. But stability is not equivalent to success. Software pioneer Jeff Sutherland once observed, “If a bug was addressed on the day it was created, it would take an hour to fix; three weeks later, it would take twenty-four hours.” The longer the United States waits to modernize its cyber architecture, the harder and costlier it becomes.
A cyber service could start small. It could follow a technical-focused talent model like the Space Force, attracting private-sector experts with competitive pay and domain-appropriate incentives. Experienced operators would shape doctrine and training. The service could grow iteratively, adding new missions only after each previous sprint proved successful. CYBERCOM could focus entirely on force employment, confident that it would have fully trained and equipped personnel. Over time, this would build a resilient, agile force tailored to the domain it protects.
Enough with the patches. It’s time for a full update. It’s time to create a U.S. Cyber Corps.
Andrew Brown is a doctoral student in Missouri State University’s Defense and Strategic Studies program.
* * *
••• Publisher's note: A free press is critical to having well-informed voters and citizens. While some news organizations opt for paid websites or costly paywalls, The Highland County Press has maintained a free newspaper and website for the last 26 years for our community. If you would like to contribute to this service – and want it to continue – it would be greatly appreciated. Donations to help offset ever-rising expenses may be made to: The Highland County Press, P.O. Box 849, Hillsboro, Ohio 45133. Please include "for website" on the memo line.