A Cyber Force may be coming. This team is planning for the hard part
A national debate has been simmering over whether the U.S. needs a dedicated Cyber Force – but for retired Lt. Gen. Ed Cardon and national security expert Josh Stiefel, the real issue isn’t whether. It’s when and how.
Congress has tasked the National Academies of Sciences, Engineering, and Medicine (NASEM) with studying the idea. Their report, due in November, could shape a major shift in how the U.S. organizes its cyber operations. But history suggests that the real barrier may not be political consensus – it’s execution.
To get ahead of that risk, Cardon and Stiefel are part of a new commission launched by the Center for Strategic and International Studies (CSIS) and the Cyber Solarium Commission 2.0 (CSC 2.0) to study the foundational details of implementation: structure, authorities, transition risk and operational integration.
“We don’t have five years to – once the decision is made – [say] let’s figure it out,” Cardon, former commanding general of U.S. Army Cyber Command, said on the Cyber Focus podcast.
The CSIS-CSC 2.0 commission isn’t advocating for or against the creation of a Cyber Force. Instead, it’s trying to ensure that if the decision is made, the government is ready to act – avoiding the planning delays that have slowed past defense reforms.
Stiefel, who previously oversaw cyber and IT policy as a professional staff member on the House Armed Services Committee, said there is danger in delaying this type of structural change.
“How many of these have we been through, these ‘watershed moments’ that were going to change everything? And they didn’t,” he said. “So how cataclysmic does an incident have to be to get us to actually move one way or the other?”
That pattern of delayed response isn’t limited to strategy or structure. It also shows up in workforce development and education – a foundational issue the commission believes must be addressed up front.
“There are seven degree-granting institutions in the Navy for the maritime space. There is one in the Department of Defense dedicated to cyber, and the department tried to shut it down four years ago,” Stiefel noted. “Is that something that’s the right thing for the department to be removing?”
He compared the lack of cyber-specific educational infrastructure to well-established programs in other military domains.
“In the case of the Army, you have SAMS, the School of Advanced Military Studies; you have SAWS in the Marine Corps; you have SAS in the Air Force,” he said. “Each service has said, ‘I need a place where I can build and develop and teach the most exquisite planners on the planet.’ … In cyber, we have nothing really resembling that.”
Without those institutional commitments, Stiefel warned, it’s difficult to build long-term expertise – not just for cyber operators but for the full range of support roles modern operations require.
“Everyone can talk about the operational stuff, but what about the things that people don’t think about?” he said. “The intelligence support, the legal support, the targeting support.”
Funding isn’t necessarily the issue. From fiscal year 2020 to 2025, the U.S. invested nearly $30 billion in cyber operations. But Stiefel questioned whether those investments have translated into mission-ready capability.
“That’s enough for two Ford-class aircraft carriers,” he noted. “Do we have the equivalent combat capability in cyberspace as two Ford-class carriers?”
Cardon echoed that concern when it comes to domestic resilience.
“We created this thing called Hunt Forward [Operations], which I think is fantastic. … Where’s the Hunt Backward?” he said. “Inside our own infrastructures. Where is that? And who does it?”
For Cardon and Stiefel, the mindset behind the commission reflects hard-earned lessons from previous efforts at military reform – many of which faltered not for lack of vision, but for lack of groundwork. Their message: If Cyber Force is coming, the time to lay the foundation is now.
Watch the full discussion here.