this is 45 minutes. >> our cyberprofessionals have helped our allies and partners uncover and defeat cyberthreats in their networks, including they have helped other partners respond to or recover from attacks by iran. and they have defended against attacks. the cyberthreats to our country may be outpacing the growth in our nation's cyber capabilities.

er as a result, the margin of safety for americans may be narrowing. so what's to be done? our panelists today have an answer in a new monograph titled united states cyberforce, a defense imperative. they argue that the united states should create a new independent armed service, a u.s. cyberforce, alongside the navy, air force marks are incorps and spaceforce -- marine corps and space force. they say the status quo creates an inefficient division of labor and prevents the generation of a cyber force ready to carry out its mission, end quote. this report draws on the expertise of the authors and more than 75 interviews with u.s. military officers, both active duty and retired, with significant leadership and command experience in the cyber domain. the authors are dr. erica and mark and they will be joined today by congressman mike

gallagher. let me introduce each of them. congressman gallagher has represented wisconsin's eighth district in the house of representatives since 2017 and served as co-chair of the congressionally mandated cyber commission or c.f.c., and continues to serve as co-chair of c.f.c.2.0 in a mission that works to implement recommendations. in addition, congressman gallagher is the chairman of the select committee on the strategic competition between the united states and the chinese communist party and chairman of the house armed services subcommittee on cyber information technologies and innovation. he also sits on the permanent select committee on intelligence. all committee positions are very relevant to today's talk. congressman gallagher and i are both recovering senate staffers and i'm proud to say he was previously a national security fellow here. dr. erica is an assistant professor in the school of

international and public affairs at columbia university. she has impressive experience in strategy and policy, having served as a lead rider of the -- writer of the 2023 u.s. department of defense cyber strategy in the congressionally mandated department of defense cyber posture review. i have something in common with the doctor as well. we both previously served as assistant professors in the department of social sciences at west point. last but certainly not least is my great colleague and friend, mark montgomery. he serves as senior director of the center on cyber and technology innovation and directs, having previously served as the executive director there. previously mark served as policy director for the senate armed services committee, coordinating policy efforts on national security strategy, capabilities and requirements and cyber policy. he served for 32 years in the u.s. navy, returning as a u.s. admiral in 2017. a few words. for more than 20 years, it has

operated as a fiercely independent, nonpartisan research institute exclusively focused on national security and foreign policy. as a point of pride and principle, we do not accept foreign government funding. for more on our work, please visit our website and follow us on x. that's enough from me. congressman gallagher, over to you. >> well, thank you, brad. thank you for hosting this critical conversation today. for the work your expert does every day. your research and analysis and the solutions you articulate are some of the best i've seen and the topic that brings us together today is the readiness of our military forces to conduct cyber operations. we ask a lot of our military cyber operators. these men and women in uniform secure operating networks and weapons systems, they support functional and geographic

commands, they conduct reconnaissance and operational preparation of the environment. and they hold our adversaries at risk and they can even assist the private sector with their interaction with the defense industrial base. a variety of critical tasks. i am most concerned, having studied this, working extensively with mark and erica, i am most concerned about the chronic issue in force readiness that effects those efforts. the question is, is the tip of the spear in cyber space as sharp as it needs to be? i'm concerned about the recruitment, training and development of our cyber warriors. i worry about insufficient intelligence support that cyber space operations and the shortcomings and the acquisition of cyber capabilities, all of which can continue to plague our ability to effectively conduct cyber operations. but most of all, i'm concerned that these problems aren't new. for the past decade, my colleagues in congress, both republicans and democrats,

working together have tried to address force design and readiness. we passed dozens of pieces of legislation to try to fix the problem in the military cyber work force acquisition -- [indiscernible] -- readiness and yet we are seemingly no better off because of it. so i'm looking forward to talking with our cyber command leadership about these issues after this recess period is over but in the meantime, i'm going to treat this discussion a little bit like a hearing, asking the experts to explain the topic in front of us and, like the hearing, i expect our experts to keep their respongeses brief, especially you, admiral. we know you're smart but you're going to be time limited. don't try to filibuster us. while you don't have a light in front of you, i'll cut you off if you exceed your allotted time. additionally, the military is notorious for acronyms but i will enforce another of my rules which is we will speak in language that the average american understands, not the pentagon-military jargon. we will not tolerate that. so, first, mark, at a high

level, brad provided us an explanation of the paper you have out this morning. walk us through the problem in a bit more depth. what are we seeing on force generation for cyber space? i realize i'm getting dangerously close to jargon with the term course generation. so, first please explain what do we mean by force generation and force employment and what does it mean in the cyber context in particular? >> thanks, representative gallagher. thanks for being here today and thanks for your leadership on cyber issues over the past five years. in congress with me and senator king. so, first, force employment consideration. they're very distinct things. force employment is how the joint force uses military forces to execute missions. this is normally done by combatant command. indo-pacific command, european command, central command is the one we hear about a lot but u.s.

cyber command does that as well. that is tpwhaot we saw, it's where the problem evidenced itself, not the causal factor. now, force generation, that's different. force generation is how military services recruit, onboard, train, develop and retain forces. this paperer is a criticism of the current system of force generation in cyber. the army, the in a i i have, the air force -- the navy, the air force, the marine corps, even space force now. that system is not working. i'll start at the very first part of it which is recruiting. we're recruiting the wrong people for cyberforce. what we're get something the most cyber relevant people the service happened to have recruited. services, which are struggle, we both heard from the army and the navy, the army quantity tatively had the biggest miss in recruiting last year but as a percentage of the need the navy was even greater.

both services come up short. they need to be recruiting aggressively. what they're doing to recruit is the right thing. they're going to be the kids that are physically fit, mentally able and that means they're sitting outside the basketball locker rooms, football locker rooms, i get it. but if they're recruiting the right space force, excuse me, cyber force, they would be sitting outside the robotics lab. what's happening now in the services are we get the best, most cyber hell advantage person the service happened to recruit unless of course that person is needed as a special operator and nuclear operator in the navy. then they're going to these other ones. that's where the money is and the service's greatest demand is. we're also training differently across different standards. redundant training facilities

for the army, navy, air force, marines. and we're renumerating them differently. you'll see in the report interviews there's two kids sitting next to each other, both e-5's, both have six years of service and they're both equally certified and they're getting vastly different pay remuneration based on bonus and other things. then they're utilized in different ways. some use officers, others enlisted. it's different. this generation is leading the readiness. one story in there, we saw it from two different squadrons so i feel it's true. there are units that do complex work with malware development and less than 10% of the unit is doing 90% of the work. they're the only ones qualified to do it. can you imagine going to an f-22 squadron and having a c.o. say, i know i got 25 pilots here but i just use two of them? that's not an allowable thing.

and the final thing i say is, this readiness challenge is generated by the force generation issue. coming just as f.b.i. director wray testified to you along with director easterly and others that we have an adversary conducting an aggressive operation where they're working their offensive systems, their offensive operators are aggressively installing malwear against us and we need to keep up. we're at the point now where we really -- having an effective force employment means you can't take the luxury and force generation. so kind of the final thought i have is that we can't grow our force if the force isn't even ready at the level it is now. in other words, if they can't meet the readiness for today, how can you possibly grow it? so we're stuck kind of at our 2012 force levels. that's a long answer but that's where it's at.

>> a quick follow-up before we get to erica. so if i were to say to you, i get your point about recruiting the nerds, not the jocks, sa*eubg that because i was a nerd -- say that because i was a nerd. but there has to be a single standard. particularly as a marine, right? we sort of rebel against this idea that you'd have a separate pathway even for someone with exceptional talent. address that pushback because i get that a lot when we talk about this. >> i don't think you have to worry about that. i think they're going to be recruited to army, if we had our way, the army standards in terms of drug usage, ability to get a clearance, all those kinds of things. that's not going to change. what i'm talking about is

going for people that you probably don't even show up at the door if you haven't learned basic coding. that's the problem. the ma ribs can't afford to do that distribute marines can't afford to do that. they can't say, we're going to take recruiters, stop recruiting at 92% and your last 8% needs to be going out and finding python recruiters. to me the cyber force, having the standard of what you need is easier across a single force. by the way, then you get into a critical mass number-wise, several thousand a year recruited in, that's probably executable. >> erica, would love you to comment on anything that mark said but i think what's unique about this paeuper is that you have done such ex tensive interviews with active duly military officers. i'd be curious for to you summarize what was the feedback you got from that interview process and how did it weave its way into the report. >> thanks for asking that question because i actually -- i really do think that that's something that distinguishes

this report from a lot of other great writing and conversations happening in washington, as you know, for many, many years now about the proper sort of organization of the millertary for spao*eurb space -- cyber space. it was a priority for us to hear from those men and women who are out in the cyber fight every day and to hear from them in their own words and to do our best job to capture kind of what their takeaways and reflections were from their own experiences. that's why we make these interviews the center of our report and the driving force behind our recommendations. so our findings are based on interviews for more than 75 active duty and also recently retired personnel. together they have significant experience in the cyber domain and we really made a concerted effort to make sure those interviews were representative across the services. so in a report we have a breakdown of some of the more specifics, but it's about 30% from the army, from the navy and

from the air force respectively. the remainder, proportion to the size of those services, are from the marine corps and the space force and then a handful of senior civilians. it's also important to emphasize that to avoid your military jargon, sergeant first class in the army up to one star general officer. it's diversity across services and rank and grade. i think it's important to emphasize that the preponderance of those interviews did come from field grade and above officers which means, as you know that, they're coming in with more than decades' plus of experience. they can really speaks to those experiences in those interviews. with that said, let me sort of briefly highlight some of the key findings. first, i just want to emphasize

that we found overwhelmingly that these individuals are passionate about and dedicated to missions, not surprisingly they all care deeply and express their concern about the future of u.s. military cyber readiness. and i think it's also important to underscore that these interviews were not about people's personal rights. these weren't complaints about their time in service. they really reflected their deliberate and considered conclusions about the lessons they drew from their sprofpgsal experience. the -- professional experience. the consensus was universal and overwhelming in that everyone who was interviewed agreed that the status quo is not sustainable. and everyone expressed serious concerns in different ways about the current state of readiness. ing ands the vast majority of the interviewees attributed that lack of readiness to the very challenges that mark was just talking about a few minutes ago which is the fact that

responsibilities for cyber space are fractured across all of the various services who in turn understandably don't necessarily always prioritize organizing, training and equipping personnel for cyber space because the services have their own significant big mission needs and priorities. so cyber doesn't easily fit within any of the services. while not everyone we interviewed necessarily agreed that the solution is to establish an independent uniform cyber service, everyone agreed that the status quo is not tenable, working and something has to change. and so just by way of example, obviously we don't have the time here to share all of the quotations and reflections from the interviews but i wanted to highlight one quote from the general officer who was interviewed and i'll keep the specific service unanimous. to protect their contribution. but this person write, quote,

our strategy of relying on the existing services to build the cyber expertise and capabilities required is inefficient, ineffective and unlikely to succeed despite years of investments. without a doubt, the only viable path forward for u.s. cybercommis to establish a new service focused on organizing, training and equipping forces and win in cyberspace. so i think that brings home the general point and i think it's representative of the individuals who contributed their perspectives to this report. >> let's stay on that. this is the heart of it, right? this is what headlines are going to be and this is what the debate should be about. you recommend the creation of a new military service for cyber space, a cyberforce, will if you will. at the start of this debate i came in skeptical, right? because mark had alluded, we just created space force. we don't need more different uniforms. the risk is you create more

bureaucracy and efficiency over time. you've written something so powerful that it's challenging my priors and i agree with what you said, that the status quo is unacceptable. so just status quo is not acceptable but talk us through what -- for those two are a little nervous about creating another thing, what would this look like and how would it be an efficiency over time? >> so let me jump in on that. mark, i'm sure you'll have some thoughts to add too after my comments. it's important to emphasize, the core proposition of this report was to articulate the problem with the status quo and provide justification for why we think a cyber force is the best and most appropriate solution to the problem. we do offer our ideas of what a cyberforce could and should look like but i do think that, and i think mark would agree with me

here, that there should be a more complete, independent studdie of this question, right? we were relying on a significant number of interviews and our own expertise in backgrounds to make these recommendations, but an independent study that has the appropriate access to really deeply examine this issue and offer recommendation based on that i think would be essential. so with that said, and we talk about this more in a report, but our basic proposition is that you don't need a huge service for the cyberforce. we propose it would comprise about 10,000 personnel, if you compare that to the space force, which was, as we know just recently created, i think the space force is slated to grow to about 15,000 or so personnel this year. >> space force is 17,000, and will grow to 25,000 over time. >> yes. so i think the one kind of thing to emphasize is that when it comes to cyberspace, quality is

more important than quantity. that's something that came out of our spwe views -- interviews. a single operator can have effects disproportionate to their size. being just one person. and the nature of operating in cyberspace means having a small anding an aisle but highly technically skilled and proficient force is really the goal. that's the number that we propose. so not some big giant bureaucracy. we also envision that sort of the initial bills for the cyberforce would comprise billets that are currently in the cybermission force which is about 6200 personnel. it's slated to grow. it would be 6200-plus, as well as billet for supporting staff and so on. i think it's important to underscore that this wouldn't require a complexer burdensome shifting of personnel and to your point about efficiencies. this would reduce the redundancies and the duplication that already exists across all of the services because

everyone, every single service is organizing, training and equipping to their own service needs and requirements. you have duplication that exists that would be in theory gotten rid of. so when we think about -- a question that we considered was, what would be the primary role and responsibility of the cyberforce in this vision? it would be responsible for organizing, training and equipping personnel for offensive cyberoperations, defensive cyber operations and then of course the portion of the d.o.d. information network that would own and operate and their own i.t. infrastructure. that means that the existing services would still have some responsibilities in cyberspace. those wouldn't all go away. they would retain responsibility for organizing, training and equipping personnel for those operations that are specifically linked to their domain-specific war fighting competencies and also the portions of the

department of defense information network that existing services operate their i.t. infrastructure and so on. it wouldn't be a wholesale gutting of existing cybersecurity responsibilities from across the services. and then a final note is that we do propose a cyberforce should be initially stupid within the department of the army. similar to how the space force is within the department of the air force, the marine corps is within the department of the navy. that said i think it's important to emphasize that it will be critical for a cybergnu cyberforce to have the autonomy and the space to develop a distinct service culture. one that reflects all of the things we've been talking about. so this will need to be deliberate, especially for the cyberforce, because unlike the space force, for example, which essentially was created out of personnel from the air force, a

cyber force would be drawing in personnel from across all of the existing services. and so really be able to cultivate that unique, he could he's haddive and spweg -- cohesive and integrated culture will be essential. let me turn it over to mark if there's anything that i missed on that. >> i agree that space supposer about 90% air force. couple thoughts i had. one was, you know, you can't just take all the cyber responses away. there's between 150,000 and 200,000 people doing i.t. administration, cyber management in the services. we're not talking about touching all of that. we're talking about the c.m.f. which has been 6200. not changed much in size over 12 years, while the chinese and russians have changed quite a bit. some training commands on the offensive side particularly in some elements of the defense and the recruit, things like that. you're going to need about 10,000. if i had my guess it would grow and set billion 17,000.

by the way, the only way this is going to grow and settle is to have a unique cyber force. we've noticed trying to grow it by going to services and saying, could you man one less destroyer or one less f-35 squadron or one less battalion and give us the troops? they're not going to do that. the i understand the services feel they -- the only way you're going to raise this is the cyber force commander joined at the hip with the cyber command commander. one of the things i wanted to mention that's kind of funny is the -- everyone's like, oh, there's a model out there, we can -- socom does this. this isn't socom. i get it. if i'm sitting on a submarine as a captain and i'm told -- [indiscernible] -- blow up a train trefting, i'm looking for a navy sele, right? -- navy s.e.a.l., right? in cyber it's different, it

could be an air force operator, marine corps, navy, it doesn't matter. the socom model is not near as appropriate here as it is in socom. so i think we need to take -- i'm afraid we're kind of barreling along toward that solution and i think that it's not applicable and it's another five to 10 years finding out it's not applicable when the chinese and russians aren't waiting. >> if you need someone to write a book about that operation, call up the navy s.e.a.l.s. just kidding, dan crenshaw. just kidding. so, you talked, you've explained the broad contours what have a cyber force would look like. does this mean that cyber command isn't doing its job? >> not at all. it's the reverse. you in the last four years have indicated that with the legislation that you and mike and joe manchin and jim langevin and now ro khanna have asked. in the past cyber committee.

the cyber command is doing a good job with what it's given. our argument is they're not given the right forces to generate a force you need to employ. in fact, i would say, you can go back to general alexander, admiral rogers, a general particularly in his extended tour and now general hawk. we've had the right people. we've had the people -- we have good leaders there. and good things. in fact, we're almost making a mistake. the last couple of years, we put forward -- we've transferred and really because cyber command which is perked in our ear and ask -- whispered in our ear and asked us to do it, they said the services aren't pwhr-gt tools you need, the cyber infrastructure and tools you need, they weren't doing a good enough job to get cyber command operating up and running properly. so they came and whispered in ears and said, we need acquisition authority. we've actually transferred what should be naturally service-retained acquisition authorities to cyber command and

i worry a little bit. it was the right thing to do given the abject failure we were at. but now we've walked that kind of civilian oversight you expect. in fact, one of the reasons i would argue for cyber force is so it can do the acquisition as well with the department of the army's oversight. except now instead of being the department of army acquisition being twisted between an army budget, you'll have a separate cyber budget which you'll decide how much goes to acquisition and goes to pepper el -- personnel, how much does the budget need to grow independently? and it won't matter how many battalions you have or air defense requirements or submarine acquisition. this will be a decision done in a uniquely cyber environment. so i think cyber command's done the best job it could have possibly done, giving dealt the cards it had, but if it's going to do the job we expect it to do, you know, three years, five years, 10 years from now, we need a new model, in my mind

that new model is this kind of independent cyber force. >> erica, any additional thoughts on that cyber command question? >> no. i would just echo mark's comments that what really came across from our interviews, problem-wise with how the services priority their needs and where cyber falls along that prioritization, again, i guess i would just echo that the challenge lies with the fourth generation model existing across the services. but we also understand why the army may not prioritize the cyber space. the unique sort of requirements of operating in a cyber domain may not align with the priorities of the existing services. i would add that it makes sense given the way the structure currently is that we have these

problems. then the question becomes whereas the right path forward to fix them? and we obviously think it's creating an independent cyber force. i agree with what we know from how cyber command has mature and grown in the decades, almost 15 years, since its establishment, it's been doing phenomenally well with the structure that currently exists. the question is, is that -- are we content with things as they are knowing how the threats are continuing to evolve in cyber space you? look at typhoon, for example, you know, knowing how our adversaries are thinking about and playing in cyber space, not just in the gray zone sort of below the level of -- [indiscernible] -- but also as part of the reality of modern high-end conventional conflict. cyber will be a part of that fight. we all know it. our adversaries know it. so with reoptimally organized on

our side of the house to succeed in that sight in. >> so obviously not everyone agrees with you two about the need for a new military service. your paper actually addresses some of of other those proposals. i think it's another strength of the paper, you go in depth into the counterproposals. so that includes moving further toward the model mark talked about our just tasking cyber command with force generation. walk me through these other proposals and where you think they fall short. >> so mark's sort of touched on the so com model issue. i'll talk about the idea of cyber commanding with fourth generation responsibilities outright. special operations command is a force employer but it is unique compared to other combatant commands in that it does have some service-like authorities, especially when it comes to acquisitions. a lot of experts have drawn lynx between the cyber command model

and have advocated for making cybercom look more and more like socom there. have been efforts to grant them greater purview over acquisitions because of challenges with the acquisition models across the services. a great recent example of this is the 2022 national defense authorization act where congress granted cyber command enhanced budgetary controls which would allow cyber command to control resources for equipping the cyber mission force rather than have the services control their resources. that's just the latest example of what has beenen incremental increasingly greater and greater service-like responsibilities for acquisitions that have been granterred to cyber command. so this is bringing cyber command more in line with the socom model but from our perspective, the comparison between cyberspace and special operations falls short in a critical way and mark alluded to

this already in his reflection. in a socom model each of the services is still providing the personnel to socom to be employed. and those individuals are all trained in their unique domain-specific war fighting competencies. so mark gave the example of what we would want a navy s.e.a.l. to be doing given their unique competencies. the same vein, an army ranger is trained specifically for special operations on the land domain. and there's no other service that can provide that particular training and skill set. but cyber space isn't like that. to mark's point. there are no domain-specific functions that only a particular service is able to provide. saopbd this is a crit -- and so this is a critical flaw that weakens the case for the comparison between the socom model and the cybercom model. any other major proposal that's an alternative to steak an independent uniform -- to

establishing an independent uniform service is give the cyber command fourth generation authorities. that's basically creating all but a service in name, right? and i think that's equally if not more problematic than the socom model. for one, mark mentioned this, this runs counter to the goldwater-nichols act and how we think about rules and responsibilities for the services to do fourth generation and the combatant command to do force deployment. it would put a burden on the command. this would essentially add yet another hat to that role. it would give that commander less time to focus on their core missions and priorities of being director of the n.s.a. and the primary force employer for the u.s. military and cyberspace. the arguments -- some of the arguments that have been made in

various circles against continuing the structure is precisely that even just -- i wouldn't say just, right, these are two significant responsibilities, being commander of cybercommand and the director of the n.s.a., is too much for one person. and so if we add another hat on top of that, i think that not only adds a significant burden, but also re-energizes the case for splitting the dual hat, which my position would be against that. finally, mark made his point, getting back to gold water nichols about civil -- goldwater-nichols about creating civilian oversight. the way we've established and organized our military and the relationship between civilian leaders and uniform military personnel is through -- having a service that is accountable to obviously to congress and a civilian secretary. and if you simply provide the commander of u.s. cyber command

with the full scope of responsibilities and authorities for force generation, you don't have a comparable mechanism for civilian oversight and i do think that's problematic in terms of how we traditionally think about civilian control. and so while i respect the experts and arguments of those making alternative proposals and it was important to us in this report to really take those into account in considering viable paths forward, and also everyone agrees, all of those alternatives reflect either implicitly or explicitly a recognition that the current state is not tenable. and something has to change. but i personally disagree with making incremental changes that don't get at the root of the problem give be the threat -- given the threat environment we're in and also create unnecessary challenges and problems in their own right. that's our perspective on the alternative.

looking forward to this debate continuing in the public sphere going forward. >> any of the thwarts on the alternative proposal -- any thoughts on the alternative proposal you want to offer? >> one quick thing. we had general dunnford study the dual arrangement and they came back with, hey, cyber command isn't ready. the reason they weren't ready is the things the force would generate, the services were supposed to generate for them, which was the infrastructure and the tools to operate independently from n.s.a. and i respect general dunnford's feeling on that. i think we ended up, i mean, this isn't official, but i think we're probably in a five-year, you know, observe and report each year for the next five years and then make another decision on this. the genoas right. the services aren't doing what they need to be doing and so i wouldn't want to get it like this. in the end, our report's not enough. our report, i'm passing it back to you as a sitting congressman, we need some kind of direction

to the department of defense to do an independent report. you've asked them to do lots of reports on readiness and on feasibility of the current model. and i would say gently that they have not treated those with the seriousness required in getting the data back to you that you as members need. khaeurbman wrongers a few -- chairman wrongers a few years ago made an aare -- rogers a few years ago made a compelling argument for a space force and i think almost every element he saw, plus additional ones, exist now in the cyber force. so i would hope, because he had that kind of vision and creativity six, five years ago, chairman rogers when he looks at this will see the same, will recognize the same challenges facing us in the cyber space domain and join onboard with getting some kind of independent study to look at this. >> as you look back not only on the process for this report but both of your experiences in working with the cyber space

commission, how do you just -- put this in the context of -- one that's clear in our final report for the commission is that there are a lot of threats on cyber. china is the main threat, right? >> i would say somewhere in the 50 to 100,000 range as compared to our 6200. not all of which are even on mission all the time. now, our quality does have a

value all its own. so i don't say that there could be the 100,000 yet exceed our offensive capability but it's interesting. so that's one model. the russian model is much different where they spin people off between their intel and military, it's very hard to see the difference. and their contractors, you know, through wagner was running one of the largest cyber hacker kind of contract situation which included a good chunk of the world's ransomware. >> they do cyber letters of reprisal. >> they do. they have decatur and bainbridge out there looking for prizes, right? so from my point of view, they are growing. we see this -- you look at our closest partners. the israelis, they don't mess around with different services. they got the army doing this.

they have this down. by the way, it feeds their whole g.d.p. developing cyber security thing. so i would say, if we get the cyber force right, it's going to help the military, it's going to help the intelligence community who by the way poaches our very best operators frequently. particularly when we have these pay disparity issues going on. and it's going to help our private sector. if we get this right now, that's why erica's right. don't fiddle around with interim like tweaks on the marneens, see if -- margins, see if we can get there. get this fixed right. the good news is we have the cyber mission force right now in place. it will not fall apart as you rename. it you'll be fine. it will be very clear. so from my point of view, we have a path forward on this. our adversaries -- it's not their path, it's our path. >> we're running out of time. any other thoughts on that question of where we are versus our adversaries? >> yeah. i mean, i agree with everything that mark said.

thinking about china in particular kind of made a series of significant reforms almost a decade ago, integrating its forces and creating the strategic support forces. and not that we want to -- i would caution against mirror imaging what our adversary does but obviously it's important to take into -- adversary does but obviously it's important to take into account how they're organizing their forces to fight in cyberspace. trying to recognize over a year ago that you need one integrated entity that's responsible for developing forces in cyberspace. i do think -- i was going to mention the 8200 example so i'm glad you mentioned it. i think one thing that -- obviously comparing to our allies and partners also creates challenges because the u.s. is organized differently. a key difference between us and israel is we don't have universal conscription. but i thinking is that 2800 prioritizes that is worth

emphasizing here is quality over quantity and really hone in on -- they have a rigorous process starting all the way in elementary school for identifying the potential for high-skill technical competency and really cultivating and refining that through service. and so i think a prospective u.s. cyberforce in the united states should similarly focus on that quality over quantity and that technical knowledge in training which can't be static, right? it has to be dynamic given the nature of the cyber domain. >> i don't want to piss aclu off. we're not for the 8200 model. except for -- [indiscernible] -- not checking out elementary school grade -- >> i was not suggesting -- >> like an ender's game model. >> there we go. >> well, great.

your paper is a remarkable piece of work. i recommend it to all my colleagues. you have to read more than the executive summary, read the whole thing. it seems to me we have a clear next step here which is that congress needs to have the department of defense commission an independent assessment of the force generation challenges to include some recommended ways forward. i think we need the department to have an outside assessor replicate this study but i think even deeper level, they recently had a commitment to create a vision for cybercommand 2.0 which is a recognition that the status quo is not working but i worry that it might not be an honest, independent assessment of how we fix readiness -ptd and i worry that the general had a statement that all solutions are on the table except the status quo and that if fact the straightforward solution that mark and erica have laid out may not be on the table if d.o.d. looks at this internally. what i admire about f.d.d. is you don't just sit around and admire the problem, but you actually put it the hard work to figure out solutions and put forward clear recommendations to

take on our biggest national security challenges. so thank you for your research and analysis. i'm disappointed that we didn't get the provision for a study in last year's ndaa but i hope we can in this ndaa. that brings us to the end of today's discussion. i don't have my chairman's gavel to adjourn this event in my usual way but just wanted to say thank you to our speakers for shedding critical light on the shortcomings of the u.s. military cyber readiness and proposing a concrete solution. thank you all fortuning into this discussion -- for tuning into this discussion. there's a lot more work to be done a