By James Stavridis | Updated on Jun 11, 2026 at 11:00 AM
Given the immense threat of cyberattacks to national security, it may surprise Americans that the US military has no dedicated force overseeing all operations to defend the nation, troops abroad and major corporations from cyberattacks. That may change soon.
In an insightful and timely new report , the Center for Strategic and International Studies lays out the case for a new Cyber Force to undertake that mission. The contributors include some of the nation’s foremost military experts on cybersecurity, including a former chief of naval operations, Admiral Mike Gilday, and retired Rear Admiral Mark Montgomery, former executive director of the congressionally mandated Cyberspace Solarium Commission .
The CSIS report will receive significant attention on Capitol Hill, where efforts to stand up an independent force for cyberwarfare have been gaining traction. As a model, some in Congress are looking at the successful launch of the US Space Force as the sixth branch of the military in 2019.
So, does a Cyber Force make sense? What are the key risks it needs to address? And how should it be structured?
Going back to my days as Supreme Allied Commander of the North Atlantic Treaty Organization, I have been seized by the importance of cybersecurity. In 2009, I pushed the alliance to fully fund its new Cyber Center of Excellence in Tallinn, Estonia. That operation is increasingly vital given the frequent attacks by Russia against that small, technologically proficient nation and its neighbors.
There are plenty of reasons the global cyber threat is rapidly increasing, but I’ll focus on a few. First is the explosive growth in devices connected to the internet — estimated at 30 billion — which creates an enormous “threat surface.” Then there are the trillions of dollars lost every year to cybercrime, such as theft of personal information, ransomware and phishing. Finally, geopolitical unrest creates enormous incentives for cyberwarfare; we’ve seen its importance to both sides of Russia’s war on Ukraine. Cyberwar is also an asymmetric weapon for weaker countries such as North Korea and Iran to use against the West.
Yet America’s cyber defenses are a patchwork of governmental and private-sector efforts.
The military portion is centered on US Cyber Command, which has dual responsibility for general military cyber operations and for running the National Security Agency.
On the civilian side of government, the Department of Homeland Security has several cyberdefense organizations, including the Cybersecurity and Infrastructure Security Agency (CISA). Yet that agency is under significant budgetary pressure, with proposed cuts of nearly $400 million and more than 800 jobs for fiscal 2027.
State and local governments — notably big cities — also have cyberdefense capabilities through their law-enforcement agencies. Finally, US businesses, especially large financial institutions, spend heavily on protecting information technology.
The problem is that these agencies and companies don’t coordinate well. And in the military, cyberdefense positions tend to be filled by non-experts because there is no cadre of uniformed professionals.
The idea behind creating a Cyber Force is that by giving it the sole mission and full responsibility to train, equip, staff and organize military cybersecurity, the US could over time build a cohort of truly professional cyberwarriors — a sort of Green Berets of cyber. This unit could work across not just government but also the public-private divide — coordinating operations, sharing ideas and spreading risk deterrence among governmental, corporate and military cyber-defense systems.
The CSIS analysts estimate that this force would require an initial budget of around $10 billion, much of which is already allocated within the armed forces and distributed — quite inefficiently in my view — to cyber programs currently running.
The most expensive part of any organization tends to be personnel, and the report foresees an eventual force of around 20,000 active-duty troops, 3,500 to 5,000 from the National Guard, and 6,000 civilians. My own experience, both at NATO and in the civilian world, leads me to believe a capable force could be created at roughly half that level, at least initially. In large part, this can be done by taking advantage of gains in artificial intelligence.
One catch: Pay within the Cyber Force would need to be high by military standards, given the need to compete with Silicon Valley and other private-sector innovation centers. Hiring should probably be limited to commissioned and warrant officers, not to enlisted troops, reflecting the need for high levels of education. There are precedents for this exclusion: The military contingent to the US Public Health Service, for example, has only commissioned officers.
Finally, there is the question of where to place the Cyber Force. This may not seem important to civilians, but it will be a big issue in a military where every branch wants to defend and expand its turf. There are a few options: as a stand-alone seventh service branch; in an existing service (probably the Army); or perhaps merged with the Space Force. That can be settled later.
The key is to move quickly. It will take a year or more to get the basics in place, and the threats of cybercrime, cyberwarfare and geopolitical disorder are only going to rise.
Stavridis is dean emeritus of the Fletcher School of Law and Diplomacy at Tufts University. He is on the boards of Aon, Fortinet and Ankura Consulting Group.
More From Bloomberg Opinion:
Want more Bloomberg Opinion? OPIN <GO> . Or subscribe to our daily newsletter .