Two disturbing incidents roiled the cyber seas recently, one foreign and one domestic. They both strengthen the case -- which was already convincing, and which I have been making for almost a decade now -- for the creation of a U.S. Cyber Force.
The first incident was yet another cyberattack on a NATO member, Albania, by Iran. It was part of an ongoing Iranian campaign to attack Albania, a small Muslim nation of only about three million in the Balkans. The attacks have included zeroing out personal bank accounts, unmasking government and police informants, and degrading command-and-control networks. Iran conducts the attacks because Albania is not prosecuting an anti-Iranian group, the Mujahedeen Khaleq, that has a large presence in Albania.
The attack has raised the issue of whether to invoke NATO's Article 5, which says that an attack on one nation will be regarded as an attack on all. Because the NATO treaty was drafted many decades ago, it does not say whether a cyberattack activates Article 5. But given the evolution in warfare and expansion of cyber operations, such attacks should now fall into that category.
The second incident involved a ransomware attack on the U.S. Marshals Service. A huge amount of sensitive data was compromised, including information on fugitives, high-security individuals and law-enforcement operations.
Ironically, Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, also just released the National Cybersecurity Strategy, which has been in the works for many months.
The U.S. has very competent armed forces defending us 24/7 -- the Army, Navy, Marine Corps, Air Force and Space Force within the Department of Defense, and the Coast Guard in the Department of Homeland Security. A U.S. Cyber Force is now also necessary.
The successful creation of the U.S. Space Force three years ago provides a good blueprint for a U.S. Cyber Force. While the force is a tiny fraction of the rest of the Department of Defense, with less than 10,000 uniformed personnel, it operates nearly 100 spacecraft and a complex global network that supports U.S. satellite systems.
A U.S. Cyber Force would likely be even smaller than the Space Force, probably about 5,000 uniformed personnel. It could be lodged within either the Department of Defense or in the Department of Homeland Security. As a uniformed service, its members would be full-fledged members of the armed forces -- with ranks, uniforms and a disciplined, patriotic ethos.
Most important, the creation of a U.S. Cyber Force would move America beyond the current "pick-up team" approach to cybersecurity, wherein each of the armed forces has a small number of cyber experts.
The creation just over a decade ago of the U.S. Cyber Command has immensely improved America's national security. Located at Fort Meade, Maryland, with the National Security Agency, it is led by a four-star uniformed officer. Many of the veterans of U.S. Cyber Command would form the core of a new U.S. Cyber Force. A Cyber Force would also allow for an independent voice in the councils of the Joint Chiefs of Staff, much as U.S. Space Force's Chief of Space Operations provides.
As the U.S. looks to a future that includes not only great-power cyber competition from Russia and China, but also mid-level cyberattacks from nations such as Iran and North Korea, the time is nigh. The nation should move forward with a dedicated U.S. Cyber Force.
James Stavridis, former supreme allied commander of NATO and dean emeritus of the Fletcher School of Law and Diplomacy at Tufts University, is vice chairman of global affairs at the Carlyle Group.
Bloomberg