Why America Needs a Cyber Force

And What It Should Look Like

October 2, 2025

The Need for a New Approach

Put simply, the military’s current force generation model—its approach to organizing, training, and equipping personnel—for cyberspace is broken. Force generation is fragmented across the existing Services: Army, Navy, Air Force, Marine Corps and, soon, Space Force. Understandably, each Service is prioritizing recruiting, training, managing, and equipping personnel for the distinct warfighting requirements of their primary operational domains, not the cyber domain. Moreover, unlike special operations, there is little overlap between the skills, physical standards, and capabilities needed to fight in cyberspace versus on land, at sea, in the air, or in space. 

At the same time, US Cyber Command—the primary force employer for the cyber domain—has gained increasing “service-like” responsibilities, such as enhanced budgetary authority to acquire capabilities and ownership of major aspects of training and workforce development. However, US Cyber Command is limited in its ability to impose requirements on the Services for recruiting and initial training. And even if it sets higher standards, it has little recourse if (and when) the Services fail to meet them.

This distributed approach to force generation has resulted in inconsistencies and shortfalls in the proficiency and readiness of US  military cyber capabilities. The best and only way to fix these widely-recognized readiness challenges is to establish an independent branch of the Armed Forces dedicated to organizing, training, and equipping the military for the cyber domain—a US Cyber Force. An independent cyber service would naturally prioritize the creation of a consistent approach to recruitment, training, promotion, and retention of qualified personnel whose skills correspond to the requirements of warfighting in cyberspace. 

Such an approach would be in line with historical precedent, following in the footsteps of the establishment of the Air Force in 1947 and the Space Force in 2019. The creation of both of these services reflected a recognition that the air and space domains, respectively, play unique roles in warfighting and demand a single service laser-focused on generating capabilities that align to those domains. So too, cyberspace is a distinct operational domain with unique force generation requirements—and thus demands its own service that can optimize organizing, training, and equipping for that domain.

How a Cyber Force Would Work

If created, what might a US Cyber Force look like and what would its responsibilities be? At its core, this service would be the nation’s principal force for the cyber domain. It would be a separate, independent military service of the Armed Forces. We propose that the most pragmatic approach would be to establish the US Cyber Force under the Department of the Army, in part due to the Army’s greater bandwidth to manage a new service (the Departments of the Air Force and Navy also oversee the US Space Force and US Marine Corps, respectively). That said, it will be critical for the US Cyber Force to have the opportunity to develop a distinct service culture matched to the requirements of the cyber domain, rather than be dominated by Army culture. 

Similar to the other services, the enduring purpose of the US Cyber Force would be to generate the capabilities required to leverage cyberspace as an instrument of power to achieve national and strategic objectives—even as how it does so will likely change over time, given the dynamism of cyberspace. It would be the proponent for joint concepts in cyberspace operations and drive requirements across doctrine, organization, training, material, leadership and education, personnel, facilities, and policy.

It is also imperative to specify what will be beyond the scope of the US Cyber Force’s responsibilities, because cyberspace is integral to many missions across the Department of Defense. For one, we propose that the US Cyber Force would not be responsible for generating capabilities for Department of Defense Information Network operations. This is an enormous and complex task that would overwhelm the US Cyber Force in its initial instantiation and would detract from its core mission set. Additionally, the US Cyber Force should not be the primary force generator for information operations or other  cyber-related emerging technologies, such as artificial intelligence. Unlike cyberspace, neither the information environment nor artificial intelligence are standalone operational domains. There are many activities that occur in the information environment that are beyond the scope of cyberspace. Similarly, AI is a general-purpose technology that has a range of applications across the Defense Department. 

The decision-makers charged with building the service will need to grapple with critical questions about how existing cyber-related organizations within the Defense Department, such as the various operational groups within the Cyberspace Operations Forces, would relate to a US Cyber Force. For example, a non-controversial assumption is that the US Cyber Command would continue to exist as a unified combatant command and would be the primary force employer for the cyber domain. In addition, the other services would continue to retain some cyber capabilities that are directly relevant to their distinct joint functions (such as electronic warfare capabilities for the Army). Furthermore, each service will need to retain cybersecurity-related capabilities including the establishment, maintenance, and defense of their own IT infrastructure and defense of their segments of the Department of Defense Information Network.

Key Principles

To be successful, a US Cyber Force should prioritize four core objectives. The first is to produce the world’s preeminent cyber personnel. The service must recruit, train, and retain the nation’s most promising cyber talent. This will require looking beyond traditional recruitment pools and developing mechanisms for leveraging talent within and outside of the government, in both uniformed military and civilian roles. The second is to develop innovative and agile cyber leaders. The US Cyber Force must develop cyber-native leaders who grasp the technical, organizational, and strategic complexities of cyberspace, and be able to communicate the operational and strategic relevance of cyberspace across the Joint Force. Third, a US Cyber Force must continually equip the most advanced cyber warfighting capabilities. It must become the predominant leader in the development and employment of cyber capabilities, leveraging commercial, experimental, and exquisite technologies to achieve and maintain technical overmatch within defensive and offensive cyber operations. And finally, it is essential for the service to establish a distinct culture that reflects the defining features of the cyber domain. The service will require organizations and individuals to be adaptable and embrace different behaviors, values, and paradigms that reflect and reinforce these attributes.

A Time to Act

A US Cyber Force need not be large. An examination of existing cyber billets suggests it would initially comprise about 10,000 personnel, but might grow over time. As the US Space Force has shown, a smaller service can be more selective and agile in recruiting skilled personnel. Additionally, our research suggests that the initial budget for a US Cyber Force will be neutral—if anything, the Pentagon will reap significant efficiencies in consolidating force generation responsibilities within one entity, rather than the current duplicative and suboptimal structure.

Some argue that a US Cyber Force is not needed, and that the current readiness challenges can be address through providing US Cyber Command with greater “service-like” authorities, similar to US Special Operations Command. However, even with such changes, the reality is that US Cyber Command cannot induce the requisite changes across the existing Services to optimize recruiting and initial training for cyber personnel, nor can it induce the Services to reorient their priorities around the cyber domain. 

Others posit that establishing a US Cyber Force is the right choice—but at some later date, because doing so will hamper operational readiness.

There is a dangerous gap between the centrality of cyberspace for modern warfighting and the US military’s persistent lack of readiness to fight and win in the cyber domain. If establishing an independent service for cyberspace is more a matter of “when” than “if,” then answering the tough questions about how to do so must be an urgent priority. 

The views represented herein are those of the author(s) and do not necessarily reflect the views of the Aspen Institute, its programs, staff, volunteers, participants, or its trustees.

Mark Montgomery's headshot.

Mark Montgomery is the Senior Director of the Center on Cyber and Technology Innovation and a Senior Fellow at the Foundation for Defense of Democracies. He serves as the Executive Director of Cybersolarium.org, a non-profit organization which works to implement the recommendations of the Cyberspace Solarium Commission, where he was Executive Director from 2019 to 2021. Prior to this, Mark was Policy Director for the Senate Armed Services Committee under the leadership of Senator John S. McCain and completed 32 years as a nuclear trained surface warfare officer in the U.S. Navy, retiring as a Rear Admiral in 2017.  As a flag officer his assignments included Director of Operations at U.S. Indo-Pacific Command; Commander of Carrier Strike Group 5 homeported in Japan; and Deputy Director, Plans, Policy and Strategy at U.S. European Command.