A new report from the CSIS Commission on U.S. Cyber Force Generation outlines what a standalone U.S. Cyber Force could look like, estimating that the military service would require an initial budget of approximately $10 billion to $11 billion and a workforce of roughly 30,000 personnel if established.
The report, released after a 10-month effort involving defense, technology, and national security experts, was not designed to debate whether a Cyber Force should be created. Instead, commissioners were tasked with developing a roadmap for how such a service could be organized, staffed, funded, and integrated into the Department of Defense if policymakers ultimately decide to move forward with the concept.
According to the commission, the United States currently lacks a dedicated organization responsible for generating cyber forces, despite cyberspace being recognized as a warfighting domain for more than two decades. Today, cyber force-generation responsibilities are spread across the military services and U.S. Cyber Command (CYBERCOM), creating what the report describes as structural challenges in recruiting, training, equipping, and retaining cyber talent.
Under the commission’s proposal, a Cyber Force would function as an independent military service focused specifically on organizing, training, and equipping personnel for offensive and defensive cyberspace operations. Internal network security functions currently handled by the military services would remain with the Army, Navy, Air Force, Marine Corps, and Space Force. The new service would instead assume many of the force-generation responsibilities that currently reside within CYBERCOM.
The commission recommended a force structure consisting of approximately 20,000 active-duty commissioned and warrant officers, between 3,500 and 5,000 National Guard personnel, and roughly 5,000 to 6,000 civilian employees and contractors. Notably, the proposal does not include an enlisted force and instead mirrors workforce models used by organizations such as the U.S. Public Health Service. Commissioners also recommended against creating a traditional reserve component, favoring a National Guard structure that could support both federal missions and cyber incident response efforts at the state level.
Funding would support the Cyber Force’s core responsibilities, including recruitment, personnel management, training, readiness, infrastructure, intelligence support, and capability development. The report estimates that an initial budget of approximately $10 billion to $11 billion would be required to establish and sustain those activities.
The commission examined two possible organizational models. One option would place the Cyber Force within the Department of the Army, allowing it to leverage existing Pentagon structures and potentially speed implementation. The second would establish an entirely new Department of the Cyber Force, giving cyber issues greater prominence within the Pentagon but requiring significantly more time and resources to build the necessary bureaucracy.
If approved through presidential action or legislation, commissioners estimate the Cyber Force could reach initial operating capacity within 12 to 18 months. The proposed timeline includes a phased approach beginning with organizational planning and personnel selection, followed by the creation of initial operational units, workforce expansion, and long-term institutional development.
Beyond force structure and funding, the report places significant emphasis on workforce development. Commissioners called for multiple pathways to recruit technical talent, specialized cyber education programs, dedicated legal and intelligence support, and a Force Generation and Training Command responsible for certifying readiness and maintaining a highly skilled cyber workforce.
The report concludes that a dedicated Cyber Force could provide the Department of Defense with a single organization focused exclusively on developing cyber warfighting capabilities, while addressing longstanding challenges in force generation, talent management, and operational readiness in a domain that continues to grow in strategic importance.
