Key Takeaways
- Cyber Command’s current design sacrifices speed for control and intensity, making it ineffective in time‑sensitive crises.
- A usable cyber force must be able to deliver effects within 30 minutes or less – the real decision window of most emergencies.
- Success depends on three principles: prioritizing speed, building readiness from existing access, and integrating cyber as an enabler rather than a standalone striker.
- The force is bottlenecked by a tiny elite of operator‑developers; scaling their expertise through automation, modular tools, and agentic AI can broaden capability.
- Reversing the career progression (offense → tool development → defense) builds attacker‑mindset intuition and creates better tools and defenders.
- Delegating pre‑approved authority to operators closest to the fight removes latency while retaining necessary guardrails.
- Implementing these changes is achievable with existing technology and authority; it requires an institutional shift away from a legacy, months‑long mindset.
The Urgent Crisis that Exemplifies the Problem
The narrative opens with a Friday‑afternoon call from “CT Brian,” a counterterrorism analyst, reporting that an al‑Qaeda‑affiliated group has seized an American aid worker and will move her within the hour. Special‑operations forces stand ready, but they need a cyber pinpoint of the hostage’s location in 30 minutes or less. The scene captures the stark reality that, in cyber, 30 minutes can feel like 30 seconds – the window for action is razor‑thin, and any delay renders a technically brilliant effect irrelevant.
The Speed-Control-Intensity Tradeoff in Cyber Operations
Drawing on the work of analyst Lennart Maschmeyer, the article explains a fundamental tradeoff: a cyber force can optimize for any two of speed, control, or intensity, but not all three simultaneously. Pursuing speed risks imprecise effects; emphasizing control stretches timelines through exhaustive testing and approval chains; maximizing intensity demands both careful planning and rapid execution, which the current structure cannot deliver. This tradeoff is not a law of physics but a product of how Cyber Command was built.
Why the Existing Model Is Too Slow
Because the organization inherited the NSA’s intelligence culture—built for patience, months‑long campaigns, and meticulous precision—it consistently prioritizes control and intensity at the expense of speed. Consequently, operations that could contribute to a crisis in hours instead take weeks or months. Over time, senior leaders have come to view cyber as inherently slow, ceasing to request its support in time‑sensitive situations and reinforcing a self‑fulfilling expectation of delay.
Three Guiding Principles for a Redesigned Force
If the tradeoff stems from design rather than inevitability, a reformed force should reorganize around three principles. First, speed must become the standard, with a benchmark of 30 minutes or less to match the real decision window of crises. Second, readiness means starting from a position of strength—leveraging persistent engagement, pre‑positioned access, and the ability to combine cyber with other instruments of national power to compress timelines. Third, the force should value integration over independence, measuring success by how well cyber enables joint operations rather than by standalone strategic effects.
Principle One: Speed as the Standard
The article argues that the true metric for cyber effectiveness is the ability to act within the commander’s actual minutes‑long window, not the timeline that fits existing processes. A cyber effect that arrives after the hostage is moved, a weapon launched, or an adversary shifts position is irrelevant, regardless of technical brilliance. Therefore, the force must be structured to deliver actionable intelligence or effects within half an hour, making speed the non‑negotiable foundation of planning and training.
Principle Two: Readiness Through Persistent Engagement and Integration
Readiness is not about scrambling to build footholds when the phone rings; it is about maintaining continuous access to adversary networks, monitoring threat infrastructure in real time, and pre‑positioning capabilities before a crisis begins. When cyber operators can geolocate a target in real time, a special‑operations team that would have spent days searching a city can launch within the hour. Cyber functions best as an accelerant paired with other tools—intelligence, diplomacy, law enforcement, or partner nations—rather than as a solitary strike force.
Principle Three: Integration Over Independence
The cyber community’s instinct to prove that cyber can deliver standalone strategic effects—akin to a bomber wing—has shaped team organization, tool development, and success metrics around independent campaigns. However, the missions where cyber mattered most—providing targeting data to special forces, supplying financial intelligence to the Treasury, or generating evidence for indicts—were judged by mission success, not by whether cyber delivered the final blow. The force should therefore be organized and evaluated based on its role as an enabler of all instruments of national power.
Current Force Structure Limitations
The operational arm of U.S. Cyber Command, the Cyber Mission Force, comprises roughly 6,200 military and civilian personnel across 135 teams from the five services. Despite its size, the force is not built to deliver the three principles. Most personnel fall into two categories: operators who can only run pre‑built scripts and high‑performers who know specific tools and adversary networks deeply but cannot write new code or adapt exploits for unfamiliar systems. Both groups rely on a small cadre of developers and NSA engineers who have pre‑built capabilities; when those tools do not match a crisis target, the operation stalls.
The Elite Operator‑Developer Bottleneck
A third, minuscule group—elite operator‑developers—can create, modify, and adapt tools in real time, often surpassing the understanding of the original engineers. These individuals are the only ones who can consistently achieve speed, control, and intensity simultaneously. Yet they number only in the dozens across thousands of personnel, bearing the offensive cyber burden for the entire force. The existing tradeoff persists because the organization is structured around the majority rather than scaling the capabilities of this elite minority.
Rebuilding the Force: Scaling Expertise via Automation and AI
To overcome the bottleneck, the article proposes translating the tradecraft of elite operator‑developers into repeatable, modular systems that less‑experienced operators can execute with precision and speed. This includes tools for disabling enemy communications, isolating targets, or extracting intelligence from hardened systems. Agentic AI can further accelerate this shift: elite operators encode their techniques into AI agents that handle reconnaissance, access validation, and tool selection, freeing humans to focus on judgment and mission‑critical decisions. The private sector’s experience with platforms like NSO Group’s Pegasus demonstrates that powerful cyber capabilities become operationally useful at scale only when they are repeatable and usable by average operators.
Inverting the Career Model: Offense First, Then Development, Then Defense
Current career progression places defensive work at the entry level, followed by tool development, then offensive operations—a sequence that puts the least experienced personnel on the hardest mission (defense). The article recommends inverting this model: start every cyber professional in offense, move the best into tool development, and assign the most capable to defense. Beginning with offense cultivates an attacker’s mindset, hands‑on experience with joint special‑operations and intelligence missions, and the technical intuition that classroom training cannot replicate. Tool developers then build automation grounded in real‑world gaps, and defenders who have offensive experience anticipate threats sooner and impose real costs on adversaries.
Delegating Authority to the Edge
Even with the right people and tools, cyber operations remain slow if every significant act requires approval from senior officials far from the fight. The article points to the model used by special operations: a joint terminal attack controller embedded with ground forces who is authorized to call in airstrike within pre‑set rules. Cyber should adopt a similar approach—pre‑approved cyber authorities aligned with geographic combatant commanders’ plans, subject to the same guardrails that govern other time‑sensitive military operations. Delegating authority to operators closest to the fight eliminates latency while preserving necessary oversight.
Implications for Future Conflicts
The next crisis will not afford the luxury of weeks to develop new network access or re‑engineer tools; there will only be the clock, the mission, and the personnel on hand. Long‑term strategic operations—such as those that damaged Iranian centrifuges or disrupted Ukraine’s power grid—remain vital, but they cannot be the sole focus of a force that must also respond to hostage rescues, embassy threats, or imminent weapon launches measured in minutes. A force unable to answer in minutes will simply not be asked to contribute.
Conclusion: A Feasible Path Forward
The reforms outlined—scaling elite expertise through automation and agentic AI, inverting the career model to build offensive skill first, and pushing authority down to the operators—are not aspirational fantasies. They are achievable with existing technology and current legal authorities. What is required is an institutional willingness to break free from a legacy design built for a different era and a different mission. The next generation of cyber operators deserves a force structure that matches their skill with speed, their initiative with authority, and their commitment with tools worthy of the mission. The next phone call is already coming; the time to act is now.