Welcome to "Horns of A Dilemma," the podcast of the Texas National Security Review.

I'm Dr.

Ryan Vest, executive editor of TNSR, and I'm here with our editor in chief, Dr.

Sheena Chestnut Greitens.

We're pleased to have joining us today two distinguished national security scholars, Erica Lonergan and Jack Snyder, authors of "Cultural Change in Military

Organizations: Hackers and Warriors in the US Army," which is featured in Volume 8, Issue 3 of the journal.

Erica is an assistant professor in the School of International and Public Affairs and the Saltzman Institute of War and Peace Studies at Columbia University.

And Jack is the Robert and Renee Belfer Professor of International Relations in the Political Science Department and the Saltzman Institute of War and Peace Studies at Columbia University.

Erica, Jack, welcome to "Horns of a Dilemma." It's great to have you on the show.

Thanks so much.

Really glad to be here.

Well, let me start by just asking a little bit about the backstory that led the two of you to write this article in the first place.

What was it that made you decide to write about and made you think that the creation of the Army's cyber branch was something worth researching and telling the story that ultimately is in this article?

I approached Jack about working on this project together.

Jack's done so much work on strategic culture, really kind of introduced the concept to the political science literature.

And as I was thinking about sort of military cyber organization and doctrine and personnel policies and so on, I felt that culture was this totally overlooked variable and that, you know, there could be some interesting story to tell here.

And I was, you know, really excited to collaborate with Jack and get his perspective on how strategic culture and organizational culture might translate to the cyber domain.

From the perspective of the cyber branch itself is a particular kind of locus of our research.

A lot of it stemmed from the fact that right after I finished grad school, my first job out of grad school was at West Point.

And it was in 2014, which was the year that the Army created the cyber branch.

And so I was up there, and a lot of the kind of intellectual thought leadership on how the Army should organize itself for cyberspace was happening there.

And so it was just a matter of almost lucky timing on my part to be around these people who had been thinking about these questions.

And a lot of my faculty colleagues who were coming off of operational assignments in the Army, had gone to grad school, and then were coming back to West Point to teach, were bringing their thoughts and perspectives to this question.

And so it had been sort of ruminating in the back of my mind for quite some time and then, you know, I had this opportunity to work with Jack on this question.

Jack, what about you?

How did you come to this project?

My interest in strategic culture goes way back to the very beginning of my career when I was a graduate student spending my summers at the Rand Corporation studying Soviet strategy and nuclear strategy.

And back then I got concerned with the trend in American strategic nuclear thinking that had people planning for limited strategic nuclear wars that would follow American devised rules of self-restraint in the middle of a strategic nuclear war— ideas invented by economists and operations research people at the Rand Corporation where I was working.

And what I had studied about Soviet nuclear strategy in grad school with my professors, Marshall Shulman and Zbig Brzezinski, was that the background of Soviet strategic thinking was very different.

It wasn't like rational choice economists thinking of nuclear war as an exercise in bargaining, but rather was people that were descended from artillery service in World War II in the Soviet army that thought about using their artillery to flatten the army in front of them.

And I got concerned that there was a kind of mismatch of cultures between US strategic forces and thinking, and Soviet strategic forces that could be pretty disastrous if we actually got into a shooting war, where the expectations of, "well, what's going to happen next?" were divergent.

So, one of the features of strategic culture that I was working on assumed that there would be persistence in the habits and thinking and attitudes of military organizations when they planned for war— that yeah, of course they would be paying attention to the technological realities, the geography, the factual objective constraints, but that they would have their prior habits and assumptions that would change very slowly.

And that was kind of a feature of my approach to strategic culture.

And one of the really interesting things about the project with the Army cyber culture was that it was, rather than mainly a topic where we were studying persistence of culture, it was a topic where the thing to explain was change of culture.

And it was also different in that strategic culture is attitudes and habits about the use of force, whereas military culture— which is what we were mainly studying for the Army Cyber Project — is about identity, even more than it's about the use of force.

Organizational identity.

So I had a lot of rethinking and retraining to do of my own priors as we delved into the project.

In the article, you used a term I really liked.

You described the Army's decision to create a new cyber branch as an empirical puzzle.

Why was creating this new branch, such a big departure from the historical pattern, and what conditions or internal conditions made the Army more receptive to rethinking its approach to cyberspace?

I think, you know, some of the most interesting pieces of scholarship start with some empirical puzzle.

Like, why did this thing happen in the way we observe it to happen, perhaps different from how we expected?

And first, let me backtrack for a moment.

Why the branch?

The branch is so essential to the Army's organizational culture, going back to Jack's point about sort of identity, like constitutive identity.

The first branch was created in 1775.

Right?

So we're talking revolutionary era concepts.

And so branch identity is essential to the Army's culture.

There are only a limited number of basic branches in the Army, and the decision to create a branch for cyberspace was not this like preordained outcome.

It wasn't necessarily obvious that that would be the sort of the pathway that Army leadership would ultimately select.

So it's actually puzzling for a number of reasons.

One is, if you look at what some of the other services decided to do, like how they would organize their personnel for cyberspace, the Army stood out as being the only service that created sort of an entirely new, from scratch entity to organize its cyber personnel.

For the Navy, it actually took Congressional intervention years after the establishment of US Cyber Command and 10th Fleet.

Congress literally had to intervene and sort of force the Navy to create a career field for cyber.

The Air Force kind of did this, like, rebranding of an existing career field.

So the Army was the only service that created something from scratch, like something entirely new, getting back to this idea of change.

So that's one reason why it's puzzling.

It's also puzzling because the Army, as I mentioned, didn't necessarily have to create a branch.

It could have kept cyber within military intelligence and/or the Signal Corps, where most of the personnel who came to comprise the branch after it was created were coming from.

And there was actually a bit of like turf war between MI and Signal Corps over who would get to own cyber, and instead, neither of them did.

This new branch was created.

Or the Army could have created a functional area like strategists that you sort of accede to after you spend some time in your basic branch.

But instead the Army decided to create this entirely new branch, and the last time that happened was in the 1980s when the Army created aviation and special forces.

It's also puzzling because, from a historical perspective, the way the Army has tended to approach how it assimilates, or how it reacts to new technologies of warfare, is that it tends to assimilate them into existing branch structure.

And a great example of that is the Armor Branch, which when sort of tanks kind of debuted their role in the mid 20th century on the modern battlefield, the Army sort of rebranded cavalry as Armor in 1950.

And it kept the cavalry legacy as sort of part of the Armor Branch's identity.

So if you actually go to the Army historian's website, the Armor Branch, I think the date of creation is technically like 1775 or 1776, which makes no sense because tanks didn't exist at that time.

Right?

But it just shows the continuity of the cavalry legacy.

So there are all these reasons why the decision to make a branch is really puzzling.

And that's why I just, you know, we found it such an appealing research question.

And then in terms of what made the Army receptive to creating a branch— it was like kind of what we talk about in the paper.

It was this combination of realization on the part of a handful of key senior leaders about the importance of cyber for modern conflict.

Really the story is the role of these culture entrepreneurs who, from a grassroots kind of bottom up perspective helped drive ideas about how the army should organize itself for cyber.

And then the practical question of, well the Army needs to provide forces to cyber command and to the component command, for cyber missions and operations.

Who are those people?

How should they be organized?

So it's sort of a number of factors.

One of the things I really like about this piece is exactly what you just described, which is the way that you motivate the puzzle.

And, like I think many of the readers of TNSR, I'm used to thinking of exogenous shocks as one thing that triggers cultural or organizational cultural change.

And you talk about, you know, that there had been a couple of previous shocks that the Army had not responded to in kind of the same way.

Like there were these earlier cyber wake up calls, I think is the phrase in the piece.

And I thought that was, you know, really, really interesting because instead of this externally driven process, what you described is very much this bottom up process that was driven by what you call culture entrepreneurs.

So I guess I kind of have a two part question.

Maybe, Jack, first for you: what is organizational culture here?

What exists in the Army at the time?

And then, could you tell us a little bit more about the specific actors?

Maybe, Erica, if we could go to you to talk about a little bit about the specific actors who become these culture entrepreneurs that drive the creation of the branch.

Maybe, Jack, we can start with you on just talking a little bit more about this key concept of organizational culture and therefore cultural change that you explore.

So, picking up on your idea about the shocks that the organization needs to respond to, because it's creating a new problem for them, or the shock has caused some sort of a failure, and there needs to be some kind of adjustment response to the shock.

And, one way to think about this is that military organizations learn rationally about a new problem and they go analytically through the possible solutions and they do the right thing to have an effective countermeasure.

And you don't need culture for that, except you might need culture to talk about, well, what was it about the military organization that allowed them to successfully learn about the new circumstances?

So the German general staff was one of the great, you know, organizational innovations of all time in military affairs.

And it was basically an innovation where you had an organization who was responsible and good at learning about its environment and adapting strategically to it.

However, in a culture approach, you are probably going to expect that the reaction to a shock is not going to be that kind of analytical process.

Or if it is partly analytical, it may also be partly mixed in with culture.

So when you choose a response to the shock, you're not going to be able to choose any possible response in the whole worldwide list of possible responses.

You are going to do the things that you can do.

You're going to do the things that you have trained staff who know how to do.

You're going to do the things that you have the resources to do, and you're going to do what's within your comfort zone, even as you're innovating.

So there's, you come to the problem of the shock with a kind of menu from which you can choose.

And in the Army cyber case, people understood that they had an organization that had a warrior culture and that they needed expertise that came from the hacker culture.

And so they knew that they were going to have to pick something from column A and something from column B.

And even though, you know, hackers and warriors don't automatically fit together, they knew that they were going to have to come up with some organizational form and some doctrines and routines that would blend these two elements that were available to them off the menu.

And Erica can tell you all the great stories about how that worked, but also things about it that didn't work.

Yeah, so just building off of that, I think, you know, a part of what's interesting about this story of cultural change and the idea of an exogenous shock is that, you know, we do talk about these wake up calls in cyberspace, but there was nothing that rose to a level of like truly transformative, like order changing, system changing, exogenous shock that the literature on cultural change typically points to as a cause of change.

Right?

So, you know, the classic examples are Germany and Japan's total defeats in World War II prompted major revisions of each of their strategic cultures, right?

From militaristic cultures to pacifistic ones.

But despite, you know, a lot of hyperbole and, some might say fear mongering, about a "Cyber Pearl Harbor" or a "Cyber 9/11" or a "Cyber-geddon" happening, those things haven't materialized in cyberspace.

Instead, you see this kind of steady accumulation of incidents and revelations about vulnerabilities that prompt the DOD to kind of organize and reorganize itself to try to get its arms around the cyber threat.

But you don't have something that rises to the level of a true exogenous shock.

So in the nineties you have a bunch of different wake up calls.

There's eligible receiver, which was actually an NSA red team exercise that exposed the vulnerabilities of the DOD's IT systems.

The operators sort of gained access much faster and much more systematically than everyone expected.

The year after that there was another intrusion called Solar Sunrise into the DOD's unclassified systems.

And actually, the government initially thought that Solar Sunrise was a cyber attack, kind of like a cyber first strike being launched by the Iraqi government, but it ended up being some teenagers from, I think, California.

But it also kind of revealed these vulnerabilities.

And then, you also had Moonlight Maze, which was this extensive Russian cyber intrusion into a range of US networks, not just DOD networks.

And so those events led to the creation of new military organizations like Joint Taskforce Computer Network Defense to kind of help coordinate the DOD's defensive e fforts.

You had other important events like Russia's use of cyber attacks against Estonia in 2007, which actually led to the creation of the NATO Cyber Center of Excellence in Tallinn; so another kind of like organizational change in response to a demonstrated cyber threat.

And then Russia's invasion of Georgia in 2008, which had a significant cyber component too.

But you can't point to any one of these events and say, oh yes, like this is the big exogenous shock that happened.

They don't sort of rise to that threshold.

And so instead, that's kind of what prompted us to start exploring these bottom up mechanisms.

But there was still an event that prompted the Army to sort of ponder these questions about how it should organize itself in cyberspace.

This didn't kind of come from nowhere.

There were internal conversations within the defense department about military cyber organization that grew out of these various wake up calls.

And actually in 2010, the creation of Cyber Command, which brought together these disparate joint task forces that grew out of those original kind of wake up calls in the nineties, and kind of consolidated offensive and defensive organizations under one umbrella of this sub-unified combatant command— US Cyber Command under Strategic Command, and then the creation of these various service component commands, so Army Cyber Command, Fleet Cyber, and so on — it posed this practical question for the Army of, you know, the services are responsible for generating the forces that are presented to Cyber Command, and to the component command to be employed.

Right?

So now that you have this new combatant command, how should the Army be identifying the people who should be presented to that command?

How should it organize itself?

Who counts as a cyber person?

And what's really interesting in the number of the interviews that we did, the people who are making these decisions talked about the process and like how hard it was to figure out who counts as cyber and how those decisions should be made.

That was kind of the motivating question: this dilemma that kind of materialized when you had these organizational changes in response to the changing threat environment and this growing appreciation of the vulnerabilities that the DOD has.

These organizational changes forced this question for the Army leadership to grapple with, which was, how should we define and organize ourselves for cyberspace?

And that's what created the opportunity for these grassroots players to really have a voice in this process and offer their thought leadership on how substantively to actually do this.

So I have to admit as I'm listening to this, I actually spent most of my formative career working for the Navy.

And Erica, I thought your comments on how the Navy resisted were spot on.

They really were.

So I had a front row seat to watching some of this resistance and some of the reticence as the Navy tried to adopt a culture that was very, very different than the ship driving or aviation culture that was built into the system.

As you've gone through your research, I was curious what friction points you've seen that held back the Army, that the Army had to overcome, and how they overcame some of those friction points as the cyber culture collided with the traditional warrior ethos of the Army.

Well, I think to really, to answer that question, I think we have to talk a little bit substantively about what do we mean by army culture, and what do we mean by cyber culture, and kind of, what is the relationship between them?

Because, I have to say, I think I even started with, more of a kind of rudimentary, kind of binary idea about army culture being constituted one way and in sort of fundamental opposition to cyber culture, on the other hand.

But what our research revealed— and it's probably not surprising to people who study cultures, right— is that cultures are actually quite complex.

There're subcultures, there're tensions within dominant cultures, between subcultures, and then there can be surprising points of sort of congruence and overlap among what otherwise might seem like really distinct cultures.

And so, I think the tensions are sort of obvious and easy to observe and to point out, but there are also some kind of interesting overlaps between army culture and cyber culture.

So in terms of like areas where there were those points of tension and difficulty, I think that one really comes down to kind of the role of hierarchy and authority and command and control.

These are obviously central tenets for the Army and for most military organizations because having integrity of the chain of command is absolutely essential for enabling the organization to function in a war fighting environment.

Commanders have to know that soldiers will follow lawful orders and put themselves and their peers in harm's way in order to carry out those orders.

So having like the integrity of the chain of command, a rank structure and a hierarchy is just integral to how militaries organize themselves.

But then like where it gets interesting is in, you know, for the US Army, while you do have that hierarchy and rank structure and authority on the one hand, you also have a culture of initiative, right, and of mission command, right, and of delegated authority.

The Army's been successful in some ways because it delegates authority to lower levels in the chain of command.

Platoon leaders are taught to take initiative, right?

And that becomes important in a battlefield environment where units are dispersed, right, and can't coordinate with higher headquarters, and so on.

So you have these kind of more complex elements to it, but at the end of the day, the integrity of the chain of command is essential.

Whereas, when you compare that to cyber culture, hacker culture, right, they're antithetical to authority and like deeply skeptical of bureaucracy.

And that's why you see like in startup cultures, these kind of flat organizations where what matters is not like where you are in the chain of command, but your level of skill and demonstrated technical proficiency and so on.

So those are areas where when you start to figure out, well, like how do we create this new cyber culture within the Army, and on the one hand, foster the kind of innovation, initiative, self-starting aspect of cyber culture within an organization where you still need people to follow the rules?

But hacking is about finding ways to break rules.

Like that's what hacking is, right?

You're trying to make networks do things that they're not supposed to do.

So I think that's where you see this manifestation of real tension.

And we can talk about other areas too, where cultures and policies and so on are in tension, especially around the Army's generalist model of leadership where, especially for the officer corps, your specialty is leading, right?

And so there's a centralized promotions process.

Your career progression is determined by how you've served in key leadership positions, right?

Whereas, for cyber culture, what matters is demonstrated technical acumen, right?

And your like technical skillset, not necessarily by your leadership.

So you have these real points of tension and, that's where kind of the rubber meets the road in terms of how these culture entrepreneurs had to figure out how to create this new culture out of these two very disparate, cultural identities.

So I think this is a really interesting process that you're describing.

In particular, you know, these two pretty fundamentally distinct cultures that then, nonetheless, the entrepreneurs in this environment managed to find these points of cultural congruence and really leverage those to create what you call a distinct cyber warrior subculture and ethos within the Army that's pretty different from the traditional war fighter model.

I wondered if you could talk a little bit about, you know, what do you think defines that kind of hybrid or new identity or subculture that emerged out of this process of taking two cultures and looking for points of congruence and trying to create, build, or entrepreneurialize— if that's a word— something new out of that.

What defines this identity that emerges, and do you think it's been institutionalized?

Is it a stable identity or is this still something that's kind of in flux?

Thinking about how we usually think of culture, including in military organizations, there's a tendency to think of, I don't know, the Bushido code of the Samurai as a traditional, all-encompassing orthodoxy.

As like a thing that you're so caught up in that you can't really see outside of this cultural trap that you're in.

What we see going on in our army cyber situation is a different way of looking at culture.

Rather than a big traditional monolith, it's quite the opposite.

We use the term cultural toolkit, where there are lots of different ways that you can carry out a military mission, do a task, organize your troops— especially in combined arms where you have different expertises coming together— and we talk about a few different ways of doing that in the article.

They could have reached into the cool toolkit and plucked out the model of the Signals Corps, which actually was the traditional place where cyber type people would get stuck, or the traditional model of fitting in through just the intelligence branch.

So there were those cultural models available of how this would fit in with kinetic military operations.

But this is where the politics comes in as you're rummaging through the toolkit of how can we organize this, create a culture and, have the organizational pieces fit together.

You get to a point of political preference where, you say, wait a second, we don't want to be the Signals Corps, because we know what happens to them.

They're just a service branch.

They don't get the plum promotions because, you know, if you're in the Signals Corps, you don't get to command the brigade that then puts you on the path to real decision-making authority in the Army.

And so they wanted to avoid some of the approaches that were in the toolkit, but they reached in and picked, in some ways, the less likely tool out of the toolkit— namely the branch model— which they liked because it would give cyber warriors more authority, more opportunity for promotion, and the bigger role that they thought was commensurate with the future of warfare and their own ambitions.

So it's a cultural project where options are pulled out of a cultural toolkit, but where there's a political and self-interested process going on, which shouldn't surprise us because people have known for a long time that things like interservice rivalry politics has mattered in decisions about weapons systems, strategies, training.

But anyhow, handing it back to Erica, who can really answer your specific question.

Yes, the idea of, you know, this distinct kind of like cyber warrior ethos, and to Jack's point about this cultural project of building a cyber warrior and the idea of a cyber toolkit.

So what I think is really cool about this story is that, as Jack said, you know, some of the tools and the toolkit that were pulled are those traditional tools, and that's kind of the warrior part of the cyber warrior culture, right?

So the culture entrepreneurs wanted cyber to be like combat arms, right?

Like to be at the apex of the hierarchy, right?

The combat arms branches run the Army.

The vast majority of general officers come from combat arms roles.

So we're talking infantry, artillery, armor, and so on— the pointy tip of the spear.

And from the perspective of the culture entrepreneurs, cyber was actually the point at the tip of the pointiest tip.

It was this idea that cyber warriors were in the trenches every day engaging the enemy, right?

War is episodic.

Like major conventional land warfare is episodic, but cyber warfare is happening all the time, right?

So these people are actively defending networks, you know, and dealing with this onslaught of cyber threat activity by nation state adversaries and criminals and so on all the time.

Cyber is a form of maneuver, fires and effects, right?

And so on the one hand, the warrior part of cyber warrior culture was about making cyber things into army things, which is a quote from one of the people we interviewed that I just love.

How do you make a cavalryman in cyberspace?

How do you make cyber things, army things?

And that's kind of this idea of cyber warriors being the true warriors of the modern era.

And so the culture entrepreneurs took some of those central concepts, the language of maneuver, right, and applied it to cyber.

And even in crafting the branch insignia, which was, I just think one of the coolest things that we uncovered while doing this research.

The design of the branch insignia was made by a bunch of faculty at West Point at the time who were like, we should probably design a branch insignia in case the Army asks for one.

And they sketched it out on a whiteboard, and that became the branch insignia.

And it was a deliberate decision to make the insignia look like the branch insignia of the combat arms branches and not look like the branch insignia for MI and Signal Corps.

So if you actually kind of put them side by side, you can see the Cyber Branch is all gold just like infantry, armor, artillery.

It has cross lightning bolts, infantry is cross rifles, artillery has crossed cannons, right?

So it's the visual representation of what the branch is, is meant to kind of harken back to the dominant culture.

So that's the warrior part of making cyber warriors.

But then there's the cyber part of making cyber warriors, and those are all of the things where there is a great deal of tension between cyber culture and army culture.

It's like, how do you actually develop these people?

So things like the Army's upper out promotion process— the pyramid model— the culture entrepreneurs felt that this was just not something that made sense for cyberspace, where in order to cultivate people with deep technical mastery, you may prefer to stay in a technical role over the duration of your career rather than get the next command assignment to get promoted.

But that's just not possible with the pyramid structure.

The same goes for rotational assignments, right, where you have to go from one thing to another because the Army has this generalist model of leadership.

Again, like you can't develop deep technical expertise through taking that approach.

And then, you know, ideas about physical fitness requirements, which of course makes sense for the Army, where this whole concept of land warfare is about physically grappling with and engaging the enemy in decisive engagements at the tactical level.

Like that is the concept of warfare for the Army.

That's entirely irrelevant for cultivating cyber warriors.

Like who cares how many pushups they can do?

Who cares what color their hair is, right, or the grooming standards and all of those things.

So that's where the cyber piece of the cyber warrior cultural project met up with a lot of resistance.

And so that first part, when you asked about institutionalization, was institutionalized, right?

Cyber is technically considered to be, you know, maneuver, fire and effects.

And there are some aspects of personnel policy that do mirror combat arms, right?

So the decision was made for cyber to not be an accessions branch.

Instead you join as a lieutenant, right?

Like you have a full career in your branch if you want to.

But for most of those other aspects of kind of personnel policy and the things that you need to do to recruit, train, promote, retain, cyber warriors, just hasn't materialized.

When we talk about outcomes, in the article you described the result of this process as a split personality.

So the Army now has a cyber branch, but it still isn't fully integrated.

I was wondering if you could talk a little bit about what this means in practice and why this integration has been so elusive.

I think it's been elusive because, again, like getting back to this cultural tension, because there're these fundamental aspects of army culture and cyber culture that are diametrically opposed.

The culture entrepreneurs could only affect so much change, right?

So you have this kind of split personality where there are aspects of warrior culture that are kind of imbued within this new cyber warrior subculture, but other aspects where the culture entrepreneurs haven't been as successful.

What's interesting is that it all comes down to the people, right, to personnel policy.

I find that really interesting because it gets back to this fundamental element of both army culture and cyber culture.

So for the Army, distinct from the other services, right?

Like people are essential, right?

The Army fundamentally sees war as a human endeavor.

And the Army's all about people, right?

It's about mass of people, but people matter in different ways in the Army than they do in cyber.

I think that's kind of just an interesting, surprising congruence.

So in terms of outcomes, right?

Like the Cyber Branch is more than 10 years old, but the Army still faces real challenges in terms of recruiting, and then even more substantially, in terms of actually retaining personnel for the Cyber Branch.

There isn't the full kind of compliment of cadre across rank and grade.

And so while there may be a lot of second lieutenants who become cyber officers, there's some serious retention issues, especially at the field grade and above level.

And so what that means is that you have people acceding into the branch at more senior levels who weren't steeped in cyber culture, who don't understand the domain, don't have the technical mastery necessarily, which creates this kind of negative feedback loop, where then the junior people who are coming up through their cyber BOLC, and their kind of initial experiences in the branch are dealing with senior leaders who aren't coming from cyber.

And because the Army at the end of the day has this rank structure that values hierarchy, it just kind of further undermines morale and exacerbates these retention problems.

So you have this frustration among junior officers.

And if you look at surveys that the Army has done, I think there's this misnomer that the retention issues are all because people can just leave when their service obligations are up and go work at some big tech company, make lots of money, and that is an incentive for some people.

But most of the surveys point to leadership, mission, culture, as being the drivers of these retention problems rather than financial drivers.

And so, even though the branch has been around for more than 10 years now— the cyber schoolhouse exists, right, there are training and education programs — there are these kind of fundamental problems that haven't been resolved.

And I think that all points back to culture as a really important underlying cause of that, and these cultural tensions at the kind of start of the creation of the branch.

It's problematic, right, if you have this kind of disjointed, poorly integrated cyber culture, because cyber is an essential element of modern warfare.

And so, it's important for military organizations to figure out how to integrate cyber into conventional military operations.

And if you have those tensions, that could negatively affect, you know, military effectiveness.

And then of course, military effectiveness will also be undermined by these problems of recruitment, right?

And so there's been a lot of research done about the readiness levels of the US military writ large when it comes to cyber personnel.

And there are some serious recurring issues here.

So there are these practical impacts of what may seem like kind of esoteric, academic questions about culture that really matter for modern militaries.

So I'm really interested in what this tells us about, or what the lessons are that the current Army leadership or current DOD leadership, maybe future DOD leadership, should be drawing from this experience that the Army has had with the creation of a Cyber Branch.

One of the things you conclude with in the article is what I understand to be

kind of a provocative suggestion: that resolving these contradictions might actually require a separate cyber service, right, that's entirely outside the Army.

And so I wondered if you could talk a little bit about what the tradeoffs are in thinking about that as a process for resolving these organizational culture sort of contradictions that persist by keeping the branch within the Army.

What are your thoughts on that?

Yeah, so I'm glad you asked me that because the question of establishing a cyber service is like the policy question that is motivating my life right now.

So, and I've done a lot of writing about that particular topic.

I have a big piece coming out on if there is a cyber service, what it should look like, how it should be organized, who's in, who's out.

So keep your eyes, you know, I'll do my plug.

Keep your eyes peeled for that.

Yeah, so the question of a cyber service, listen, like obviously they're going to be trade offs between establishing an entirely new organization, like forget about a branch, right?

We're talking about a new service, right, within the armed forces.

I think the cultural tensions and these kind of irreconcilable cultural differences that we talk about in the article suggests that cyber may need its own organization within the military because there are these kind of fundamental points of tension that, despite the best efforts of the culture entrepreneurs in the Army— and the Army's just one service, right, cyber spans all of the services, right— they just found it to be an insurmountable barrier.

So the case for a cyber service really gets at this distinction between force generation and force employment.

And I don't wanna go on too much of a digression here, but this goes back to Goldwater-Nichols 1986, which reorganized the Defense Department and the different roles and responsibilities between the military services and the combatant command.

So the military services are largely responsible for organizing, training, and equipping forces, and the combatant commands have the authority to employ them, right?

And the challenge in cyber is that you have five services that are each separately responsible for generating forces in cyberspace.

Each of those services has their own distinct service culture.

So getting back to the Navy example, If the Army is a hierarchical culture, the Navy is especially hierarchical, right?

And there is a much clearer distinction between officer and enlisted, between field grade and below.

And so it's not surprising to me that the Navy, among all the services, really kind of dragged its feet with respect to cyber, because cyber does pose these fundamental cultural challenges to the Navy's service culture.

And so you have five different services.

They're all recruiting, doing initial training, and some equipping of personnel for, you know, cyber careers within their services.

And they do that in a way that's entirely inconsistent across them.

And so when those services are presented to Cyber Command to be employed, they all have completely different standards.

They may be getting different pay or doing different jobs at different rank equivalent levels.

None of the services is fostering a distinct cyber culture that enables this whole process to be effective.

And so I think this problem of culture is intrinsically tied to the case for a cyber service because creating this new organization would create an opportunity to instantiate a true cyber culture.

It does pose challenges too, and considerations that would have to be addressed, right, which is, how do you still make that cyber force a credible interlocutor within the joint force, right?

You don't want cyber to be seen as this like weird separate other thing where people with blue hair, who can't, you know, run a mile are part of this broader organization.

But I think those are all policy questions that could be addressed.

I think the case for making a cyber service and instantiating this distinct cyber culture outweighs some of those risks, but it definitely is a controversial proposition.

And we'll see how the debate plays out over the next year.

Well, let me ask maybe one closing question and then we'll turn it over to you for final thoughts.

What, broadly speaking, so beyond the question of the specific cyber service, what do you think that policymakers and senior leaders should take away from this experience if they're thinking about trying to use culture in these emerging domains like AI or quantum?

Is there anything broader that you think that we should learn about culture and the design of military organization or national security organization and organizational culture that leaders really should be able to use and apply when they're thinking about these emerging domains and challenges?

Yeah.

Well, I think, I have one thought on this, and this gets back to the idea of culture as a toolkit that Jack was talking about earlier and kind of, are you going to pick the traditional tools or the non-traditional tools?

I think what all these technologies that you mentioned share in common is that there is this tremendous cultural influence of the private sector and of cultures and organizations outside of the military.

And so when it comes to tanks, right?

Like, tanks are not really dual use technologies.

Most generally speaking, they're useful for high end conventional warfare and that's about it.

But cyber, yes, like the internet came out of a collaboration between the defense department and research institutes.

But cyberspace is this global, interconnected environment where private actors have preponderant influence and power, and they own and operate the infrastructure, and cultures have risen up around these organizations entirely outside of the military.

And yet the military's had to figure out, how do we reach into our toolkit and pull tools that are totally outside of our comfort zone?

And the same is very much true with AI.

The AI leaders are private sector actors, and they're extraordinarily powerful.

And there are cultures that are being developed around these organizations.

And so the military needs to figure out, how do we assimilate aspects of these cultures in a way that will foster our own innovation and competence in this really important area for war fighting, while grappling with the tensions that inevitably arise.

And you're seeing this now with the question about selling these advanced chips to China.

Tensions between economic interests and potentially national security interests, that's a bit, you know, far afield from this particular question, but I think that's what is at the heart of a lot of these challenges that the Army has to grapple with, with cyber.

Hacker culture exists outside of the Army, and in many ways is antithetical to it.

And yet there is an imperative to figure out how to incorporate elements of it in ways that make sense for your organization.

And the same is true for AI and quantum and space also, which has a different trajectory, because space was entirely a purview of great powers and is now, you have private sector actors who are critical to broader space architecture.

So I think navigating that is something that policymakers will have to think about.

So to pick up on this general issue, one of the things that I see as pervasive is the mismatch of cultures, whether we're talking about military cultures or strategic cultures.

And yes, there can be frictions of interests, there can be organizational routines that aren't in sync.

But in a way, a mismatch of culture is potentially even more problematic because cultures see through tunnel vision.

They don't even see that there's a problem a lot of the time because from their vantage point, what they're doing is just fine within their cultural norms.

So this mismatch of culture problem can come in integrating different cultures within units in the same army, integrating the warriors and the hackers.

We have an example in the article just at the tactical level of the input of the hacker to the kinetic person in the heat of battle and just not understanding the problems, limitations, opportunities of the other guy in the combined arms operation.

So it's that kind of mismatch, but there's also the mismatch with the adversary.

So my Soviet limited nuclear operations example that I started with 40 years ago was one where the mismatch of strategic cultures was that the US and the Soviet Union might be seeing the escalation ladder differently.

And, you know, the Rand Corporation might have been seeing like 87 different rungs on the ladder, whereas the strategic rocket forces might be just seeing like two or three rungs on the ladder.

And having a common subjectivity, if you're trying to control escalation, is like the whole game.

And so, there's mismatch with the adversary is of course also a big issue when it comes to cyber conflict.

The counterpart of offensive limited nuclear operations in cyber would be, say, the doctrine of defending forward with persistent engagement, which was a term of art and a concept of art that, you know, swept the cyber business for a certain period of time.

And part of that concept was that there would be tacit understandings of the limitations of escalation despite persistently jabbing and duking it out with the adversary and messing around inside his own systems, and that somehow there was the assumption that there are not going to be any cultural differences in the way a Russian cyber warrior would see that situation, as compared to a US one.

There might be more reluctance to assume that the other guy understands the limitations that you're imposing on yourself in a situation that might not really match the reality when you have this kind of mismatch of cultures.

Thank you.

Thanks for having us.