We do need to work on cyber, but a separate service is mos def not the answer

By Ian Wallace
Best Defense guest respondent

Once again, the old idea that there should be a new independent military Service to take responsibility for operations in the ‘cyberspace domain’ is, thanks to a recent Best Defense post, back in the headlines.

Tom’s guest columnist Brian Hill’s case builds on an argument similar to that  made by such notables as  Col Greg Conti, head of the Army Cyber Institute, and Adm James Stavridis, the former Supreme Allied Commander, Europe. Meanwhile, this proposal has been raised in testimony to Congress by respected cyber expert Richard Bejtlich and at least entertained by the Defense Secretary as an idea worthy of consideration.  

In each case, the basic thrust has been that the existing Services are so enamored with what they consider their core missions that they will never give operations in cyberspace the attention it deserves. The only solution, the argument goes is a separate Service responsible for its own recruitment, training and ethos.

Unfortunately such proscriptions would fail to deliver what the military requires — not because they are too radical, but rather because the idea of a new Service for a new environment actually represents an outdated twentieth century solution to a 21st century set of problems. Too often such proposals go undebated because few believe that such significant organizational change is achievable, let alone desirable; there aren’t enough people invested in making the change to speak specifically about how best to bring it about. But a reasoned counter-argument is important, not just because this suggestion appears to be slowly gathering momentum, but because it risks distracting from more practical debate about how the U.S. Armed Services are organized for the Information Age.

Setting aside the fact that the last thing the Pentagon needs is another set of bureaucratic actors with turf to defend and agendas to promote, the key problem with the Cyber Service idea lies in what ‘cyberspace’ (the emergence of which provides the implicit justification for a separate Cyber Service) is becoming. The rationale for a separate Service rests largely on the idea of a ‘fifth domain’ of ‘information’ (and subsequently ‘cyberspace’) which grew out of doctrinal battles in the 1990s. As a device to underscore the importance of taken seriously ‘information’ as a factor in war-fighting, it undoubtedly worked. But meanwhile, ‘cyberspace’ has itself begun evolving.  We are moving into what computer scientist Butler Lampson has called ‘The Third Age of Computing’. He has convincingly argued that after a first Age (from about 1950) in which computers were mostly used for simulation, and a second Age (from about 1980) in which the main use was communication, we are now beginning a new age of ‘embodiment.’ This has heralded what has become known by others as the ‘Internet of Things’. With this shift towards ‘ubiquitous computing’ we may need to rethink the model that we have used to incorporate ‘cyber’ into our military thinking.  Once everything is ‘cyber,’ then the very idea of a separate ‘warfighting domain,’, and with it much of the case of a separate Cyber Service, not only looks wrong-headed, but potentially positively dangerous distraction from the sort of organizational reform required to be sure of winning future wars.

In other words, despite the Pentagon having just settled to the idea of cyberspace as a warfighting domain and build a set of command on that premise, the goalposts are shifting.  As the ‘Internet of Things’ starts to proliferate across the battlespace (one that now necessarily includes the homeland), there is a risk that the mind-bending challenge of integrating the ‘cyberspace domain’ into commanders’ thinking actually causes more problems than it solves.

A full development of this line of thinking belongs elsewhere, but more attention certainly deserves to be given to the argument, most notably made by Martin Libicki in 2012, that cyberspace should not be treated as a ‘warfighting domain’ after all. And for the reasons mentioned above that argument is likely to become more convincing over time.  In any case, in such circumstances, the suggestion that we should establish a new Service looks at best premature, if not seriously unhelpful.

Some argue that the story of early military aviation leads inexorably towards the conclusion that a separate Service is the correct approach. Unlike the United States, however, Britain did establish its Air Force as a separate Service between the World Wars (in 1918, just over a decade and a half after the Wright brothers’ first flight). While members of the Royal Air Force were to serve with distinction in the Second World War, it can be argued that the establishment of RAF was a decidedly mixed blessing for overall British military capability.  

First, the British emerged from the First World War as the leaders in armored warfare, and as the leaders in carrier aviation. But by the Second World War, Britain had been eclipsed in both by Germany (along with integrated air support) in the case of the former and the U.S. and Japan in the latter. While there is a lot more to challenges faced by the British Army and the Royal Navy in the Interwar years, at least part of the difficulties they faced resulted from the loss, at a key point in time, of aviation expertise to a completely separate Service.

Second, like many military organizations, especially those at the cutting edge of new technology, having been given its autonomy, the Royal Air Force set about showing that it could win wars on its own.  The result was the now known to be flawed and doctrine of strategic bombing. In other words, the senior leadership of the Royal Air Force became convinced that the best defense is a good offense, which, given the uncertainties and vulnerabilities, is the opposite of the posture most experts would recommend for cyberspace (despite what you sometimes hear from the U.S.’s top cyber commanders).

None of this is to suggest that organizational innovation is not required. As the British Interwar experience shows, a failure of military organizations to adapt to exploit new technology not only risks foregoing the military utility it might bring, but also almost invites  adversaries who are able to adapt turning that innovation against you.

Nor should we expect to know today what organizational adaption we should pursue. But if we want to maintain our edge in a field where proliferation of the technology is relatively simple, we do need to be sure that we are investing in ways to develop that understanding and then acting on it.

This new thinking will require at least four elements.

First, it will require investment in a concerted program of operational experimentation, led by the military’s leading operators. Just as for the U.S. Navy, seeking to come optimize it’s use of carrier aviation in the 1920s, that experimentation will need to include a combination of theory and practice: wargaming in the classroom and the field.

Second, such efforts will need to be led the best and brightest. Again as the U.S. Navy did in the 1920s and 1930s, it was not a specialist cadre of officers working in isolation that developed the operational concepts that put the aircraft carrier in the center of the battlefleet in lieu of the battleship. It was the future leaders like Chester Nimitz. Equally, the Services need to adapt their staffing practices to ensure that the military leaders of the future have the knowledge and understanding to operate effectively in the new environment. Both Ernest King and William Halsey were hand-picked to learn to fly in their fifties in order to qualify them for the command of aircraft carriers.

While that requirement was driven by a Congressional mandate, it is exactly the sort of innovative thinking required today. Put simply, no senior officer in an operational billet feel they can credibly begin a presentation with the words “I am not a cyber expert…” And any who do should be considered for retraining or removal.

Third, and in this case very unlike the U.S. Navy’s Interwar experience, it will need to be a Joint endeavor. New technologies offer real opportunities to explore new ways of fighting across the ‘full spectrum’ of conflict. But not only would such an effort need to be properly resourced, but to make them worthwhile, senior leaders would need the commitment to keep such efforts genuinely Joint and experimental and, most importantly, to follow through with the insights that they generate. It will help if the best and brightest operators are leading this work, but they will need encouragement and reassurance from the top if their thinking is to be genuinely unconstrained. Even if you park the concern that the latest DOD Cyber Strategy is too focused on addressing the security concerns of today at the expense of preparing for the wars of tomorrow, it is difficult to avoid the sense that much of the current efforts to integrate cyber capabilities are operating in single Service stovepipes. But rather than each Service rethinking the way in which it fights, we (primarily DOD, but they will need help) should be more fundamentally about such capabilities change the plans themselves.

Fourth, to be successful, such measures will require strong external pressure, including from Congress. Clay Christensen’s oft quoted but less well understood theory of disruptive innovation highlights the fact that even the most successful organizations get disrupted.  In fact, his thesis is that it is their very success at doing what they do best that make it difficult for them to recognize the need to change until it is too late.

Exactly how information technologies will change warfare is unclear. On the one hand, we will be surprised how little difference it makes: Affecting people living in the real world will remain central to wars’ outcomes. On the other hand, technology will evolve in ways that we can barely imagine, creating both opportunities and challenges. What is certain is that organizational innovation will be required to capitalize on those opportunities or mitigate the challenges.

But carving out a separate Service is unlikely to be the answer. The sooner everyone — especially the cyber operators community — gets past that and starts thinking more imaginatively about the future, the better.

Ian Wallace is a Senior Fellow in the International Security Program at New America and Co-Director of New America’s Cybersecurity Initiative. 

Image credit: Wikimedia Commons