As a combat veteran with 14 years of military service, I have experienced conflict up close. I know it intimately -- determined adversaries using a multitude of tactics, techniques, and procedures on unpredictable terrain, accomplishing tactical and strategic objectives by leveraging years of training.
While I’ve closed that chapter of my life and begun a new one serving my country in the House of Representatives, I remain committed to defending our nation. I want to ensure that our military can meet any adversary in any space. However, since coming to Congress, I’ve grown concerned that we are not postured to overwhelm and out maneuver our enemies in arguably the most dynamic domain: cyberspace. All the elements of conflict that I prepared for and operated within not only exist in cyberspace, but it’s also where our nation is engaged with multiple adversaries every single day.
It’s a warfighting domain more complex and far more active than I could ever have appreciated before.
Despite the volume of adversarial activity, the military seems to consistently underappreciate the cyber domain. President Biden’s defense budget request for 2025 reduced funding for cyber operations by $1 billion, or almost 15 percent, compared to last year. In total, there are fewer than 6,500 positions on the nation’s operational teams for cyberspace, a diminutive size when considering the breadth and scope of the responsibilities they are assigned. More concerning, is how many of these positions are unfilled.
From ransomware to protecting critical defense infrastructure to supporting the cybersecurity of our partners and allies, demand is only growing for the service members and civilian cyber experts operating in this space. Frustratingly, the size of the collective force has grown by less than 6.5% since they were conceived almost fifteen years ago.
In the military, special warfare operators are the ones on the ground performing direct action missions, special reconnaissance, and other specialized operations. For operators to accomplish their objectives, they are supported by an innumerable collection of analysts, targeters, armorers, intelligence collectors, communications professionals, maintainers, and logisticians, among many others.
Our teams of cyber operators are essentially asked to perform the equivalent work that I did in the Navy, along with all the support and enabling functions performed by countless others. There’s nowhere else in the military where this occurs. In an aviation context, this would be equivalent to having the pilots forecast the weather, repair their own aircraft, pick their own targets, load their munitions, fuel up their jets, conduct their mission, fly back, and debrief themselves.
For the last ten years, we’ve relied on U.S. Cyber Command (CYBERCOM), a Combatant Command pulling personnel from the Army, Navy, Air Force, and Marine Corps. In that time, CYBERCOM has performed extremely well, however the organization remains limited by what the military services provide. Much in the same way that the Army’s failures around aviation in the 1920s and 1930s necessitated the establishment of the Air Force, and the shortcomings of the Air Force in prioritizing space necessitated the creation of the Space Force, we see the same scenario playing out today with cyberspace. The only difference is the problems we face in cyberspace are found across four military services instead of one.
In the early 2010s, both the Defense Department and Congress were thinking through how to leverage cyberspace militarily. At the outset, there were seemingly two paths, either leverage existing capability that had been developed within the Army, Navy, Air Force, and Marine Corps in support of a joint command, or build a entire new service. Given how new the concept of military operations in cyberspace was, the choice between the two options was obvious.
Once the initial question was settled, Congress provided the Department of Defense with ample time and resources required to develop the joint, multi-service approach. Beyond legislative patience, Congress supported the Pentagon’s multi-service approach with every authority, legislative tool, and legal mechanism available, spanning control of budgets, personnel, and training.
Despite the best efforts of the Department and Congress, the issues around building capability, capacity, and talent for cyber operations remain the most intractable facing the Department. After so much time, effort, and attention, we must reconsider whether it makes sense to allow four independent military services to perform the functions of one service.
This is not an indictment of the immense effort expended by CYBERCOM leadership over the years. In fact, quite the opposite. CYBERCOM has been an incredibly well-led organization that has made the best of the hand it’s dealt. But the limitations of the current structure – with cyber officers and enlisted personnel spread across the Army, Navy, Air Force, and Marine Corps – are more apparent and the implications are more dangerous than ever before.
Cyber warfare requires a unique approach to recruiting, retaining, and compensating service members. It requires a robust research and development apparatus and an exemplary ability to train personnel. These tasks are difficult, and they’re only made harder when fragmented across multiple services, which are already challenged with wider recruitment and modernization objectives. When the Chief of Naval Operations is struggling to recruit the numbers required to fill crews for the surface fleet, it’s understandable that Navy isn’t prioritizing its requirements for cyber operations.
To succeed, there must be a single entity that can be held accountable and responsible for the “Organize, Train, and Equip” functions that are performed by the uniformed services today. No different from the Army for ground combat or the Navy for global maritime operations. It would be a mistake to believe that a Combatant Command can perform the functions of both a Combatant Command and a Service.
This year marks the 20th anniversary of the Department of Defense’s recognition of cyberspace as a warfighting domain, on par with air, sea, land, and space. As a member of the House Armed Services Committee, I am working with colleagues to ensure that the National Defense Authorization Act we are debating this week puts the nation on the right path when it comes to defending the nation in cyberspace.
We simply can’t afford to wait any longer.
Rep. Morgan Luttrell, R-Texas, is a military veteran and has represented Texas’ 8th congressional district since 2023.