A Cyber Service, or The Return of the Specialists?

A couple of reports talking about the need for a “Cyber Service” along the lines of the existing military services have come out recently. None of them seem to be aware of Rick Forno’s InfoCorps paper from 1998, back before everyone was slapping “cyber” in front of everything and calling it something new. The idea of a separate service to deal with problems digital is an attractive one, but I would not count on it happening in any meaningful time-frame for a couple of reasons.

C.R.E.A.M.

First, we have five services and each one is fighting for a finite amount of appropriations in order to operate. The shooting war ‘over there’ is largely over, so Congress is not letting the Pentagon print money in the basement anymore. Everyone can’t have everything they want, so instead of bombing the Taliban we’re back to sniping our sister services over cash. Adding a new service means throwing another player into the mix, one that would take away human AND financial resources from the others, which no existing service is going to take lying down.

Mission Creep

A given government agency might have dominance over a given mission or function, but that does not mean other agencies or military services stop doing that mission or performing that function. This is a famous and perennial battle in intelligence circles: ‘Those guys can’t be trusted to look after my interests or share with me, so I’m going to stand up my own duplicative capability, call it something else, and keep doing what I want.’ The probability that this would happen upon creation of a cyber service is 1.

Incident or Event?

We still can’t get the existing services to agree on all things cyber. This after nearly two decades of intensive interest in the subject matter and several decades more of knowledge about the problems, but willful ignorance of the potential impact. One service could establish and promulgate standard definitions, doctrine and standards…but not everyone has to toe the line.

On the Other Hand

The one good thing a cyber service could bring to the problem is a structure and culture that the current services cannot and will not provide. While all services are ostensibly a meritocracy, the best rifleman in the Corps can’t jump from Private to Gunnery Sergeant: he still has to wait till a sufficient amount of time has passed, and have the right cutting score, before he can get past Terminal Lance. That’s a situation no serious computer security practitioner I know would stand for.

You also can’t maintain the very perishable skills required of a digital warrior if every two or three years you have to rotate out of a cyber unit and head off to a tactical one where you spend more time on long, vigorous strolls through the woods than you would on keyboard, which is how most services operate today (supposed to make you well-rounded or something). A cyber service would have no need to rotate people and minimal PCS or deployment requirements (at last check we were still killing terrorist in Afghanistan via a facility in Nevada).

One thing the legacy services (in particular the Army) might do to abate calls for a separate service is to bring back “technical” ranks. Denoted by a “T” in the rank insignia in the WW II era, and later distinct “specialist” ranks in the 50s through the mid- 80s. Specialists were technical experts, and while they earned as much as their non-commissioned counterparts, no specialist of any grade outranked an NCO of a lesser grade, nor did they hold leadership positions. Absent additional reforms Specialists would of course be “second class” in the eyes of hard-stripe soldiers, but cyber specialists wouldn’t care and it would be a small, internal price to pay in order to avoid a full-on external political-financial battle over who leads the way in cyberspace.