Reevaluating Cyber Operations in the DoD: Emerging Proposals from Congress

In a significant move to enhance the synchronization and effectiveness of cyber operations within the Department of Defense (DoD), both the House and Senate are advancing proposals that could fundamentally reshape how these critical capabilities are managed. These proposals are encapsulated in their respective versions of the National Defense Authorization Act (NDAA) for fiscal year 2026.

Legislative Initiatives

The Senate Armed Services Committee’s draft calls for the DoD to conduct an extensive assessment on the employment of cyber forces to support the various combatant commands. Additionally, it emphasizes the potential establishment of Joint Task Force-Cyber groups distributed across these geographic commands. Meanwhile, the House version advocates for a similar evaluation focused primarily on the Indo-Pacific Command’s area of responsibility, spearheaded by Rep. Don Bacon, R-Neb.

Notable Perspectives

Rep. Bacon has expressed concerns regarding the current organizational structure of the military in relation to ongoing cyber threats. He argues that the existing framework is ill-equipped for both present cyber conflicts and anticipated future challenges, particularly in the context of rising tensions with China concerning Taiwan. Bacon is advocating for the immediate establishment of a Joint Task Force-Cyber rather than merely assessing its feasibility when Congress convenes to reconcile the two bills.

He remarked, “If we accept the reality that we are already in hostilities with our principal adversary in cyberspace, then there is no time to waste.” This sentiment is echoed by previous legislative efforts that sought to establish a similar organization within the Indo-Pacific Command, driven by a perceived need for improved joint operations in both the kinetic and non-kinetic realms.

Historical Context and Current Gaps

This initiative is not without precedent; the fiscal 2023 NDAA mandated the formation of a Joint Task Force to facilitate joint operations prior to kinetic conflict. Observers indicate that this earlier construct has yielded positive outcomes and that similar benefits could arise from applying it to the cyber domain.

Evidence supporting this organizational shift is reinforced by a classified DoD Inspector General report, which critically evaluated Cyber Command’s (Cybercom) execution of offensive operations in collaboration with Indo-Pacific Command. The report recommended the formation of Joint Task Force-Cyber to address existing vulnerabilities in command and control.

Insights on Cyber Command Structure

A significant challenge lies in the fact that unlike traditional military domains—land, air, and sea—there remain no dedicated cyber component commands within geographic combatant commands. Instead, cyber operations are managed through the Joint Force Headquarters-Cyber, comprising specialized units operated by each military service:

• Army: Operates under Central Command, Africa Command, and Northern Command.
• Navy: Oversees Indo-Pacific Command, Southern Command, and United States Forces Korea.
• Air Force: Coordinates within European Command and others.
• Marine Corps: Engages with Special Operations Command.

This fragmented structure complicates the clear chain of command that exists in kinetic operations, where geographic combatant commanders possess direct oversight over their forces. Additionally, the Cyber National Mission Force, while globally aligned, operates autonomously, often without direct input from regional commanders, which can create friction in balancing national priorities with regional needs.

Tensions and Strategic Implications

The existing framework reveals tensions between the regionally focused combatant commands and Cybercom’s global mission. Observers have articulated concerns that this dynamic can dilute the effectiveness of operations, particularly in complex environments like the Indo-Pacific, where multiple threat actors are at play.

A key point to consider is the urgency of decisions required in future conflict scenarios. Recent events, such as the Ukraine-Russia war, highlight the necessity for rapid command decisions and unified operational directions. The proposals being discussed in Congress aim to streamline and expedite these processes, enabling combatant commands to take command of cyber operations directly.

Addressing Resource and Capability Questions

As discussions regarding a potential Joint Task Force-Cyber gain traction, several questions arise that merit careful consideration:

• Comparative Analysis: How do existing operations compare to proposed frameworks? Have previous assessments yielded actionable insights?
• Efficiency vs. Control: Will the introduction of a new task force enhance operational efficiency or create additional bureaucratic hurdles?
• Education Gaps: Are combatant commands adequately versed in how to employ existing cyber capabilities?

Former military officials have suggested that historical gaps in understanding and practicing joint cyber operations could benefit from further training and integrated planning exercises. Intriguingly, proposals have also emerged suggesting that cyber forces could be co-located within combatant commands, mimicking the model used by Special Operations Command’s theater special operations commands.

Prioritization of Cyber Resources

Lastly, a pivotal aspect of these discussions is the prioritization of resources among competing cyber entities—Cyber National Mission Forces versus combatant command-related cyber capabilities. Enhanced emphasis on regional capabilities may enable a more balanced distribution of national cyber resources and improve overall readiness.

As both chambers of Congress seek to refine and finalize their defense bills, the implications of these proposals extend far beyond policy; they could significantly alter the operational landscape of U.S. cyber capabilities, providing a more responsive and integrated approach to modern warfare in cyberspace.

By addressing these complex layers of command and control, Congress aims to fortify the U.S. military’s cyber posture against ever-evolving threats.