Congressman Mike Gallagher spoke about cybersecurity and its role in National Defense. During a discussion hosted by the foundation for defense of democracies. This is 45 minutes. Our cyberprofessionals have helped our allies and partners uncover and defeat cyberthreats in their networks, including they have helped other partners respond to or recover from attacks by iran. And they have defended against attacks. The cyberthreats to our country may be outpacing the growth in our nations cyber capabilities. Er as a result, the margin of safety for americans may be narrowing. So whats to be done . Our panelists today have an answer in a new monograph titled United States cyberforce, a defense imperative. They argue that the United States should create a new independent armed service, a u. S. Cyberforce, alongside the navy, air force marks are incorps and spaceforce marine corps and space force. They say the status quo creates an inefficient division of labor and prevents the generation of a cyber force ready to carry out its mission, end quote. This report draws on the expertise of the authors and more than 75 interviews with u. S. Military officers, both active duty and retired, with significant leadership and command experience in the cyber domain. The authors are dr. Erica and mark and they will be joined today by congressman Mike Gallagher. Let me introduce each of them. Congressman gallagher has represented wisconsins eighth district in the house of representatives since 2017 and served as cochair of the congressionally mandated Cyber Commission or c. F. C. , and continues to serve as cochair of c. F. C. 2. 0 in a mission that works to implement recommendations. In addition, congressman gallagher is the chairman of the select committee on the strategic competition between the United States and the Chinese Communist party and chairman of the House Armed Services subcommittee on cyber Information Technologies and innovation. He also sits on the Permanent Select Committee on intelligence. All Committee Positions are very relevant to todays talk. Congressman gallagher and i are both recovering Senate Staffers and im proud to say he was previously a National Security fellow here. Dr. Erica is an assistant professor in the school of international and Public Affairs at columbia university. She has impressive experience in strategy and policy, having served as a lead rider of the writer of the 2023 u. S. Department of Defense Cyber strategy in the congressionally mandated department of Defense Cyber posture review. I have something in common with the doctor as well. We both previously served as assistant professors in the department of social sciences at west point. Last but certainly not least is my great colleague and friend, mark montgomery. He serves as senior director of the center on cyber and Technology Innovation and directs, having previously served as the executive director there. Previously mark served as policy director for the senate Armed Services committee, coordinating policy efforts on National Security strategy, capabilities and requirements and cyber policy. He served for 32 years in the u. S. Navy, returning as a u. S. Admiral in 2017. A few words. For more than 20 years, it has operated as a fiercely independent, nonpartisan Research Institute exclusively focused on National Security and foreign policy. As a point of pride and principle, we do not accept Foreign Government funding. For more on our work, please visit our website and follow us on x. Thats enough from me. Congressman gallagher, over to you. Well, thank you, brad. Thank you for hosting this critical conversation today. For the work your expert does every day. Your research and analysis and the solutions you articulate are some of the best ive seen and the topic that brings us together today is the readiness of our military forces to conduct Cyber Operations. We ask a lot of our military cyber operators. These men and women in uniform secure operating networks and weapons systems, they support functional and geographic commands, they conduct reconnaissance and operational preparation of the environment. And they hold our adversaries at risk and they can even assist the private sector with their interaction with the Defense Industrial base. A variety of critical tasks. I am most concerned, having studied this, working extensively with mark and erica, i am most concerned about the chronic issue in force readiness that effects those efforts. The question is, is the tip of the spear in cyber space as sharp as it needs to be . Im concerned about the recruitment, training and development of our cyber warriors. I worry about insufficient intelligence support that cyber Space Operations and the shortcomings and the acquisition of cyber capabilities, all of which can continue to plague our ability to effectively conduct Cyber Operations. But most of all, im concerned that these problems arent new. For the past decade, my colleagues in congress, both republicans and democrats, working together have tried to address force design and readiness. We passed dozens of pieces of legislation to try to fix the problem in the military cyber work force acquisition [indiscernible] readiness and yet we are seemingly no better off because of it. So im looking forward to talking with our Cyber Command leadership about these issues after this recess period is over but in the meantime, im going to treat this discussion a little bit like a hearing, asking the experts to explain the topic in front of us and, like the hearing, i expect our experts to keep their respongeses brief, especially you, admiral. We know youre smart but youre going to be time limited. Dont try to filibuster us. While you dont have a light in front of you, ill cut you off if you exceed your allotted time. Additionally, the military is notorious for acronyms but i will enforce another of my rules which is we will speak in language that the average american understands, not the pentagonmilitary jargon. We will not tolerate that. So, first, mark, at a high level, brad provided us an explanation of the paper you have out this morning. Walk us through the problem in a bit more depth. What are we seeing on force generation for cyber space . I realize im getting dangerously close to jargon with the term course generation. So, first please explain what do we mean by force generation and force employment and what does it mean in the cyber context in particular . Thanks, representative gallagher. Thanks for being here today and thanks for your leadership on cyber issues over the past five years. In congress with me and senator king. So, first, force employment consideration. Theyre very distinct things. Force employment is how the joint force uses military forces to execute missions. This is normally done by combatant command. Indopacific command, european command, Central Command is the one we hear about a lot but u. S. Cyber command does that as well. That is tpwhaot we saw, its where the problem evidenced itself, not the causal factor. Now, force generation, thats different. Force generation is how military services recruit, onboard, train, develop and retain forces. This paperer is a criticism of the Current System of force generation in cyber. The army, the in a i i have, the air force the navy, the air force, the marine corps, even space force now. That system is not working. Ill start at the very first part of it which is recruiting. Were recruiting the wrong people for cyberforce. What were get something the most cyber relevant people the service happened to have recruited. Services, which are struggle, we both heard from the army and the navy, the army quantity tatively had the biggest miss in recruiting last year but as a percentage of the need the navy was even greater. Both Services Come up short. They need to be recruiting aggressively. What theyre doing to recruit is the right thing. Theyre going to be the kids that are physically fit, mentally able and that means theyre sitting outside the basketball locker rooms, football locker rooms, i get it. But if theyre recruiting the right space force, excuse me, cyber force, they would be sitting outside the robotics lab. Whats happening now in the services are we get the best, most cyber hell advantage person the service happened to recruit unless of course that person is needed as a special operator and Nuclear Operator in the navy. Then theyre going to these other ones. Thats where the money is and the services greatest demand is. Were also training differently across different standards. Redundant Training Facilities for the army, navy, air force, marines. And were renumerating them differently. Youll see in the report interviews theres two kids sitting next to each other, both e5s, both have six years of service and theyre both equally certified and theyre getting vastly different pay remuneration based on bonus and other things. Then theyre utilized in different ways. Some use officers, others enlisted. Its different. This generation is leading the readiness. One story in there, we saw it from two different squadrons so i feel its true. There are units that do complex work with Malware Development and less than 10 of the unit is doing 90 of the work. Theyre the only ones qualified to do it. Can you imagine going to an f22 squadron and having a c. O. Say, i know i got 25 pilots here but i just use two of them . Thats not an allowable thing. And the final thing i say is, this readiness challenge is generated by the force generation issue. Coming just as f. B. I. Director wray testified to you along with director easterly and others that we have an adversary conducting an aggressive operation where theyre working their offensive systems, their offensive operators are aggressively installing malwear against us and we need to keep up. Were at the point now where we really having an effective force employment means you cant take the luxury and force generation. So kind of the final thought i have is that we cant grow our force if the force isnt even ready at the level it is now. In other words, if they cant meet the readiness for today, how can you possibly grow it . So were stuck kind of at our 2012 force levels. Thats a long answer but thats where its at. A quick followup before we get to erica. So if i were to say to you, i get your point about recruiting the nerds, not the jocks, sa eubg that because i was a nerd say that because i was a nerd. But there has to be a single standard. Particularly as a marine, right . We sort of rebel against this idea that youd have a separate pathway even for someone with exceptional talent. Address that pushback because i get that a lot when we talk about this. I dont think you have to worry about that. I think theyre going to be recruited to army, if we had our way, the Army Standards in terms of drug usage, ability to get a clearance, all those kinds of things. Thats not going to change. What im talking about is going for people that you probably dont even show up at the door if you havent learned basic coding. Thats the problem. The ma ribs cant afford to do that distribute marines cant afford to do that. They cant say, were going to take recruiters, stop recruiting at 92 and your last 8 needs to be going out and finding python recruiters. To me the cyber force, having the standard of what you need is easier across a single force. By the way, then you get into a Critical Mass numberwise, several thousand a year recruited in, thats probably executable. Erica, would love you to comment on anything that mark said but i think whats unique about this paeuper is that you have done such ex tensive interviews with active duly military officers. Id be curious for to you summarize what was the feedback you got from that interview process and how did it weave its way into the report. Thanks for asking that question because i actually i really do think that thats something that distinguishes this report from a lot of other great writing and conversations happening in washington, as you know, for many, many years now about the proper sort of organization of the millertary for spao eurb space cyber space. It was a priority for us to hear from those men and women who are out in the cyber fight every day and to hear from them in their own words and to do our best job to capture kind of what their takeaways and reflections were from their own experiences. Thats why we make these interviews the center of our report and the driving force behind our recommendations. So our findings are based on interviews for more than 75 active duty and also recently retired personnel. Together they have significant experience in the cyber domain and we really made a concerted effort to make sure those interviews were representative across the services. So in a report we have a breakdown of some of the more specifics, but its about 30 from the army, from the navy and from the air force respectively. The remainder, proportion to the size of those services, are from the marine corps and the space force and then a handful of senior civilians. Its also important to emphasize that to avoid your military jargon, Sergeant First Class in the army up to one star general officer. Its diversity across services and rank and grade. I think its important to emphasize that the preponderance of those interviews did come from field grade and above officers which means, as you know that, theyre coming in with more than decades plus of experience. They can really speaks to those experiences in those interviews. With that said, let me sort of briefly highlight some of the key findings. First, i just want to emphasize that we found overwhelmingly that these individuals are passionate about and dedicated to missions, not surprisingly they all care deeply and express their concern about the future of u. S. Military cyber readiness. And i think its also important to underscore that these interviews were not about peoples personal rights. These werent complaints about their time in service. They really reflected their deliberate and considered conclusions about the lessons they drew from their sprofpgsal experience. The professional experience. The consensus was universal and overwhelming in that everyone who was interviewed agreed that the status quo is not sustainable. And everyone expressed serious concerns in different ways about the current state of readiness. Ing ands the vast majority of the interviewees attributed that lack of readiness to the very challenges that mark was just talking about a few minutes ago which is the fact that responsibilities for cyber space are fractured across all of the various services who in turn understandably dont necessarily always prioritize organizing, training and equipping personnel for cyber space because the services have their own significant big Mission Needs and priorities. So cyber doesnt easily fit within any of the services. While not everyone we interviewed necessarily agreed that the solution is to establish an independent uniform cyber service, everyone agreed that the status quo is not tenable, working and something has to change. And so just by way of example, obviously we dont have the time here to share all of the quotations and reflections from the interviews but i wanted to highlight one quote from the general officer who was interviewed and ill keep the specific service unanimous. To protect their contribution. But this person write, quote, our strategy of relying on the existing services to build the cyber expertise and capabilities required is inefficient, ineffective and unlikely to succeed despite years of investments. Without a doubt, the only viable path forward for u. S. Cybercommis to establish a new service focused on organizing, training and equipping forces and win in cyberspace. So i think that brings home the general point and i think its representative of the individuals who contributed their perspectives to this report. Lets stay on that. This is the heart of it, right . This is what headlines are going to be and this is what the debate should be about. You recommend the creation of a new military service for cyber space, a cyberforce, will if you will. At the start of this debate i came in skeptical, right . Because mark had alluded, we just created space force. We dont need more different uniforms. The risk is you create more bureaucracy and efficiency over time. Youve written something so powerful that its challenging my priors and i agree with what you said, that the status quo is unacceptable. So just status quo is not acceptable but talk us through what for those two are a little nervous about creating another thing, what would this look like and how would it be an efficiency over time . So let me jump in on that. Mark, im sure youll have some thoughts to add too after my comments. Its important to emphasize, the core proposition of this report was to articulate the problem with the status quo and provide justification for why we think a cyber force is the best and most appropriate solution to the problem. We do offer our ideas of what a cyberforce could and should look like but i do think that, and i think mark would agree with me here, that there should be a more complete, independent studdie of this question, right . We were relying on a significant number of interviews and our own expertise in backgrounds to make these recommendations, but an independent study that has the appropriate access to really deeply examine this issue and offer recommendation based on that i think would be essential. So with that said, and we talk about this more in a report, but our basic proposition is that you dont need a huge servi