Within the U.S. military, cyber warfare leaders are often denied the critical technical training and operational experiences required to make them effective leaders in cyberspace. To remedy this, commissioned officers in charge of offensive cyberspace operations must have the opportunity to become cyber warfare operators. This will yield excellent operators, but more important, it will give future commanders firsthand knowledge of what it means to maneuver and execute fires within cyberspace—something considered critical knowledge within other warfare domains.
The current practice of allowing nontechnical leaders from outside the cyberspace domain to lead various Cyber Mission Forces (CMF) can have negative consequences. Experience has shown that problems can occur when an officer lacks operational cyber warfare experience, including:
1. Risk aversion
2. Decision paralysis
3. Assuming too much risk
4. Improper staffing of subordinate positions
5. Inability to employ technical solutions that achieve operational and tactical objectives
Without hands-on cyber warfare experience it can be difficult to translate doctrine into action, separate bad operational and tactical advice from good, or predict enemy maneuver. While this may be difficult to conceptualize from a purely cyberspace perspective, there are several examples from other domains that can help articulate and address the problem.
Every Marine a Rifleman
This tenet is a foundational component of all U.S. Marine Corps training for both enlisted members and officers, as it demonstrates the primary purpose of the Marine Corps is to fight pitched infantry battles. Perhaps more important, it shows the Marine Corps is meant to be flexible enough that any Marine, from a lance corporal grunt in a fighting hole to a colonel in command, can pick up a rifle should the need arise. Beyond its immediate practical nature, this tenet underlines a subtler truth: There is a basic level of combat training and experience common throughout the service. Fundamental principles of infantry tactics are well understood by all Marines, and all Marines are experts with their weapon.
Imagine, then, placing an officer who has never fired a rifle in charge of a Marine infantry company or platoon. Suppose this individual has been trained on the concept of the rifle and its potential effects on the enemy. He or she understand the concepts of “fires” and “maneuver,” “key terrain,” and “cover,” and whatever else might be in a classroom course on infantry tactics. Furthermore, perhaps because of a lack of funding and time, the officer has never been trained to fire a weapon or attended a combat tactics school. In fact, he or she was never given a weapon at all.
Given this scenario, would those in a combat unit serving under this officer be confident in their leader? Would the officer be able to effectively read the terrain and anticipate enemy maneuvers? Would he or she understand the consequences of engaging a target at 50 meters versus 500 meters? The answer to all these questions is almost certainly no. Yet, this is precisely the position the U.S. military puts many new cyber leaders in every day. Many officers who lead CMF teams or service-specific cyber units lack the critical technical training and experiences required to effectively engage in cyber warfare. Those at the tip of the spear must be technical experts in their domain, should the United States expect to maintain dominance in cyberspace.
While the Marine Corps’ infantry challenges are not necessarily direct corollaries to cyberspace challenges, one can look to other highly technical military leadership roles to see specific examples of how a cyber warfare leader could be forged.
The Aviation Model
On land and at sea, arguments can be made for specific delineations between technical tasks. Electricians maintain cables, engineers run engines, drivers drive, ordnancemen deploy and load weapons, navigators navigate, and so on. However, aviators in an offensive air-to-air or air-to-ground mission are often alone, left to control their platform as they see fit within mission parameters. Their airframe is a single integrated system of systems, controlled (while in flight) completely by a single individual. One could say the aviator is a “master of systems” controlling all aspects of in-flight operations.
Cyber warfare operators, too, are masters of systems. During operations they must manage operational objectives, technical conflicts, target conditions, capabilities deployment, infrastructure complexities, mission management concerns, and more. The operators are in total control of the information that travels from their fingertips to the target.
For both naval aviators and cyber warfare operators, rigorous multimonth operational training is required before they can perform real-world check rides on their given platforms.1 When aviators and cyber warfare operators are finally qualified, they have significant operational autonomy and power. Given the complexity, gravity, and autonomy of their tasks, commissioned officers make up the bulk of aviators in the military. Only a handful of cyber warfare operators are commissioned officers.
Despite the similarities, the career paths of cyber warfare operators and naval aviators begin to diverge at the end of the training pipeline. Years of operational experience will grant aviators elevated status within their community; they may eventually rise to squadron commanding officer, which could lead to selection as the commanding officer of a carrier air wing or other service equivalent. Cyber warfare operators do not have a similar path.
For Air Force officers, while selection as a cyber warfare operator is possible, there is currently no clear path to command.2 Most other services will strongly discourage commissioned officers from performing cyber warfare operations. Navy officers have fared the worst in this regard, being all but denied the opportunity to train as cyber warfare operators until very recently.3 Denying officers cyber warfare operator training locks tactical and operational knowledge in at the lowest level. As a result, officers from the mission commander on up depend almost entirely on the expertise of enlisted and civilian cyber warfare operators and analysts. In the aviation community, this would be an untenable situation; however, it is the day-to-day reality for Navy cyber warfare.
The SOCOM Model
While the technical complexity of cyber warfare lends itself well to comparison with the aviation career model, the tradecraft, missions, and team integration components bear a greater similarity to the Special Operations Command training (SOCom) pipeline.
The Special Operations Forces Reference Manual defines special operations forces (SOF) as “small, specially organized units manned by carefully selected people using modified equipment and trained in unconventional applications of tactics against strategic and operational objectives.”4
The first three words in this statement also are an apt description of CMF. The degree of technical training and experience required to operate offensively in cyberspace is not dissimilar to the level of SOF training needed. But are the mission types similar enough to warrant comparison between SOF and CMF?
Per the SOF reference manual:
• Special operations normally require operator-level planning and detailed intelligence.
Conventional military forces tend to move in broad strokes, often with only general information about the adversary (troop number ranges, possible vehicle types, unit types, etc). However, both SOF and CMF require exceptionally detailed intelligence on their targets, often down to the physical building plan for SOF or system configuration for CMF. Furthermore, both types of operators must plan for the specific layout and the precise actions needed to achieve their objectives.
• Special operations require rigorous training and mission rehearsals. These are integral to mission success.
Cyber warfare operators practicing system exploitation, denial operations, and system lateral movement are critical to the success of any cyber warfare operation. In addition, because of the necessarily high pace of new capabilities being deployed, it is critical that operators test these tools in a virtual environment as well.
• Special operations frequently require discriminate and precise use of force. This often requires development, acquisition, and employment of equipment that is not standard for other Department of Defense (DoD) forces.
Given the abstraction and misdirection in cyber warfare, the precision required to ensure a given target is related to the mission objective is at least an order of magnitude more difficult than in conventional operations.5 Even if a target is properly identified, offensive actions against it can produce unanticipated third- or fourth-order effects, which, without careful and precise planning, can cause a far wider denial than was originally anticipated or intended. Adversaries can easily mitigate these cyber effects if they discover the means of system exploitation and attack. All this demonstrates that the specialized tools required for cyber missions must be developed, acquired, and deployed through means typically far outside the normal DoD acquisition process.
SOF Leader Training Model
Because SOF and CMF missions have similar characteristics, the SOF leader training model could be applicable to CMF.
Each service’s SOF training model integrates officers into its operational training pipeline. The pipeline to create a Navy SEAL, for example, is a long and arduous progression, not dissimilar from the time it takes to train a fully functional cyber warfare operator.
Most important, the SEAL training pipeline is nearly identical for both officers and enlisted members, because officers are closely embedded with enlisted team members during operations. All SEAL officers spend two to three tours performing operations with their teams before they are taken out of a direct-combatant role at the senior level.6 SEALs (much like their other SOF counterparts) require leaders to understand the complexities and nuances of special warfare—which cannot be fully taught in a classroom—and only those with operational experience are allowed to lead SOF units. In other words, only a SEAL should lead a SEAL. Similarly, only a cyber warrior should lead another cyber warrior.
Cyber warfare Leader Training Model
Given the complexities and ever-changing dynamics of the cyber domain, as well as the highly specific technical skills required, a special training and career pipeline is required for cyber warfare officers that combines elements of the aviation and SOF models. It will not fit for all aspects of cyberspace operations, but the pipeline’s primary purpose would be to prepare leaders for offensive cyberspace roles—in and on actual networks. In other words, to prepare leaders to wage effective cyber warfare against U.S. adversaries.
Opening operational schools and certification programs to leaders will solve only part of the problem. Changing how uniformed services think about the cyber warfare community and its leaders is the second, perhaps more difficult, step. With that in mind, there are a few core tenets that should be adopted for this cyber warfare leadership model to succeed:
• Accept insularity. Much like SOF members, and to a lesser extent aviators, service members who join the cyber warfare community will stay in the community. The pipeline for nearly all positions (not just leaders) is far too specialized, costly, and lengthy to cycle individuals out every two to three years. Cyber warfare leaders should not be penalized in their careers because they choose to remain in the field.
• Mandate hands-on technical training. If operational experience is key for effective cyber warfare leaders, then the training model must match this objective. Leaders must be qualified as cyber warfare operators and receive deep technical training.
• Emphasize operational experience. Hands-on experience will be the primary driver for excellence in the cyber warfare domain, for both leaders and individual contributors.
• Promote technical leadership. Instead of restricting deep technical training and operational experience for leaders, the services should encourage it. Cyber warfare leaders with advanced technical degrees and senior-level operator certifications should be the norm.
• Maintain a warfighter mentality. While technical aptitude and operational experience are core to this leadership model, they must be used to generate effects both within the cyberspace domain and the physical world. Never forget that cyber warfare is a single component of a multifaceted combined-arms force that exists to defend the nation and address adversary threats in all domains.
Ultimately, what is needed to grow cyber warfare leaders is not just a change in training pipelines but a change in culture, career perceptions, and milestones. The CMF and related units are not a conventional force and, therefore, the training and experience models used for cyber warfare leaders should not be conventional either. Other warfare communities prize operational domain experience and weapon system expertise. Gaining and retaining specialized operational experience ensures future leaders can make decisions based on weapons system knowledge and tactical acumen, as opposed to often ossified doctrine and training.
Exceptional agility is critical to most nonconventional forces. Nowhere is this more evident than in cyber warfare, in which the very domain changes dramatically and continually. Leaders with direct operational experience in cyber warfare will learn this early on. Those whose understanding of cyber warfare is based solely on classroom learning, abstraction, and simulation will not.
1.Chief of Naval Air Training, “Naval Flight Officer (NFO) Aviation Training Pipeline;” and “Student Naval Aviator Aviation Training Pipeline.”
2. Department of the Air Force, Cyber Operations Officer: Career Field and Training Plan (Washington, DC: Headquarters, U.S. Air Force, June 2015).
3. Bureau of Naval Personnel, “MILPERSMAN 1306-980: Navy Interactive ON-NET (ION) Computer Network Exploration (CNE) Operation Certification Program” (Washington, DC: Bureau of Naval Personnel, 24 April 2018); and Mark Pomerleau, “Navy Details Its Plan to Build a New Cyber-Specific Work Role,” DefenseScoop, 15 February 2023.
4. Special Operations Forces Reference Manual, 4th ed., Joint Special Operations University and the Center for Special Operations Studies and Research.
5. Michael N. Schmitt, “The Law of Cyber Targeting,” Naval War College Review 68, no. 2 (Spring 2015).
6. U.S. Navy, “Career Paths,” www.navyseals.com.