There is a land war doctrine. There is a sea war doctrine. Each one rests on a theory of how force in that domain produces a political result. Clausewitz gave the ground its grammar. Mahan and Corbett gave the ocean its logic. The doctrine came first, and the force was built to serve it. That order matters more than anyone wants to admit, because the cyber force was built the other way around. The structure came first. The doctrine arrived late, and when it arrived it described the structure rather than explaining it. We have a force in search of a theory, and a set of intelligence organizations grown in layers on top of one another, and a moment when someone with the standing to say so could put both problems on the table at once.

That moment is now. A new Director of National Intelligence is taking the chair at the same time Congress is finally willing to use the word redundancy out loud. The pieces of this argument exist in scattered form across think tank papers and committee testimony. Nobody has assembled them from the vantage point of someone who watched the machinery work from inside it. This essay does that. It gives credit where the public reformers have it right, and it says plainly where they have settled for trimming overhead when the real problem is structural and cultural.

The doctrine that describes a payroll

Joint Publication 3-12, the doctrine for joint cyberspace operations, reads like a competent description of an organization that already exists. It sorts cyber activity into offensive operations, defensive operations, and network operations. It names the command relationships. It defines persistent engagement and defending forward and hunt forward operations. What it does not do is the one thing land and sea doctrine do without strain. It cannot tell you what winning looks like, or how a cyber operation connects to a political objective a president could point to and call a success. Persistent engagement sounds like strategy. It is a tempo prescription. Do more, do it continuously, stay close to the adversary. That is a posture, not a theory of victory.

The force the doctrine serves is the Cyber Mission Force. The public record is clear on its shape and its origins. The Department of Defense began building the force in 2012, organized into teams meeting three mission sets, and the original count settled at 133 teams reaching full operational capability with more than 6,200 people by May 2018. The numbers are precise. Precision is what a person reaches for when buying time. Specific figures sound like the output of a plan even when the plan does not exist yet.

The origins of those numbers have been described, including by people who were in the room, in terms that should trouble anyone who treats the force structure as the product of doctrine. The account that has circulated is of a senior leader put on the spot by the Secretary of Defense and the Chairman of the Joint Chiefs, asked for a plan he thought he was bringing to a budget conversation, and committing to a force he sketched under pressure. Whether the meeting unfolded exactly that way is not the point a careful analyst should hang an argument on. The point is that the public testimony itself reads this way. In March 2013, General Keith Alexander, who ran both the National Security Agency and the new Cyber Command, told the House Armed Services Committee that the teams were analogous to battalions in the Army and Marine Corps, and that thirteen of them were offensive teams built for one mission alone. The force was announced before the doctrine that would govern it. The structure led. The theory followed.

This is the inversion that matters. Mahan did not describe the Navy as it sat in port and call the description a doctrine. He argued why sea power produces strategic outcomes and what kind of fleet you need to generate it. JP 3-12 has no equivalent argument because the force it describes was assembled first, under institutional pressure, by an organization whose self-image it inherited whole.

The intelligence DNA inside a warfighting costume

The force was built inside the National Security Agency, and it shows. Alexander said as much in his own testimony, framing the colocation as an advantage for training. The deeper inheritance was not training. It was worldview. NSA understands one thing better than any institution on earth, which is signals intelligence at scale. Mass collection, centralized processing, national level products, authorization chains that look like intelligence tasking. The Cyber Mission Force absorbed that genetic code. Operators trained to extraordinary technical standards, held at the national level, deployed against national level targets, with approval processes that resemble how you task a collection platform rather than how you employ a rifle squad or a destroyer.

Nobody in the founding asked the question that mattered. Was the thing being built a weapon, or an intelligence apparatus wearing combat branding? That question still has no clean answer, which is exactly why the tactical authority problem is so severe. You cannot push cyber effects to the tactical edge when the underlying capability was designed from the ground up to require senior intelligence community oversight at every step. The architecture reflects an agency’s self-image projected onto a warfighting mission it was never built to perform.

The irony writes itself. The adversaries who are genuinely effective in this domain do not operate this way. Russian military intelligence units and China’s regional technical reconnaissance bases are decentralized, tactically integrated, and comfortable with effects that are noisy and imprecise. The Cyber Mission Force was built to do the opposite. Quiet, precise, nationally controlled. That makes it excellent at a narrow band of intelligence adjacent tasks and poor at anything resembling warfighting at operational tempo. We built a six thousand person force optimized for peacetime competition, housed it inside a doctrine that calls it a warfighting capability, and never reconciled the two.

The dual-hat and the case for separation

The single point where the whole arrangement binds is the dual-hat. One four-star officer runs a national intelligence agency and a combatant command at the same time. Those missions answer to different masters, operate under different legal authorities, and carry conflicting priorities. The person holding both jobs has to choose, constantly and invisibly, which mission wins when they collide. That choice gets made inside one head with no institutional transparency, and the equities being traded are real. The collection apparatus wants to protect access. The combat command wants to produce effect. Protecting access and producing effect are frequently the same target viewed two ways, and the dual-hat resolves the tension in private.

The argument for separating the two jobs is not new, and the people who made it early deserve the credit. Reporting from 2018 laid out the split plainly. Under President Obama, Director of National Intelligence James Clapper and Secretary of Defense Ashton Carter advocated separating the roles and installing a civilian as NSA director. The reason they gave is the right one. NSA exists to spy, to gain and hold access to gather intelligence. Cyber Command exists to disrupt, to defeat an adversary’s warfighting capability. Those are different missions that point in different directions, and one person cannot serve both without subordinating one to the other.

The opposition deserves a fair hearing too, because it has been formidable. The same reporting names former NSA Director Keith Alexander, former Director of National Intelligence Mike McConnell, and former Defense Secretary Robert Gates among those who opposed splitting the arrangement. Their case rests on continuity. The colocation speeds the flow of intelligence into operations, shares scarce technical talent, and avoids the friction of standing up parallel structures. That case is real. It is also a case for convenience over clarity, and convenience is how institutional dysfunction survives.

The civilian Director argument goes beyond optics. NSA runs on its career civilians, who are there for decades while the uniformed leadership rotates through on tours. The institutional knowledge lives in that workforce. A civilian director with Senate confirmation creates real accountability to oversight in a way a rotating officer cannot. Admiral Mike Rogers ran the agency well, but he ran it well in part because he had people like Rob Joyce rooted in the institution beneath him. Rogers was the exception that the system depends on finding. Doctrine and structure that work only when you locate the right person are not doctrine. They are luck with extra steps.

The companion move is to stop pretending Cyber Command is a warfighting peer of the geographic combatant commands. A three-star commander in a clearly defined supporting role would make the relationship honest. Right now the four-star status implies a peer that the capability does not actually support, and the rank competition in the building distorts every resource conversation. Dropping the rank is not a demotion of the mission. It is an honest accounting of what the mission is.

The Defense Intelligence Agency and the Iraq precedent

If the dual-hat is the structural knot, the Defense Intelligence Agency is the redundant layer that should never have survived this long. It was stood up in 1961 under Robert McNamara to consolidate service intelligence and reduce duplication. It has spent more than sixty years failing at that mission while the service intelligence shops kept doing what they were always going to do. The Army, the Navy, and the Air Force never surrendered their analytic functions. DIA became another layer on top of layers that consolidated nothing.

Walk through the mission and it falls apart. Terrorism fusion belongs to the National Counterterrorism Center, which has statutory authority and resources DIA never had. Cyber threat integration sits with the Cyber Threat Intelligence Integration Center. Human intelligence is the CIA’s statutory lead, and DIA’s expansion of its own clandestine service in 2012 made the overlap worse rather than better, producing two organizations with human collection authority and overlapping portfolios that protect sources from each other. Order of battle and weapons analysis belong with the services that fight. What is left that is genuinely unique is a narrow set of defense attaché functions and some authorities that could be housed in a far smaller office.

The strongest argument against DIA is not redundancy. It is the Iraq precedent, which shows the structure is dangerous and not merely wasteful. When the Office of the Secretary of Defense wanted intelligence on Iraq that the established community would not produce to standard, the apparatus inside the Pentagon became the instrument of choice precisely because it reported up through the Secretary of Defense and could be pressured. Raw material rejected through normal analytic channels came out the other side looking like finished intelligence, carrying a defense intelligence imprimatur it had not earned. That was not an abuse that happened despite the structure. It happened because of it. An intelligence organization that reports to a Secretary of Defense will always be vulnerable to a Secretary of Defense who has already decided the answer. No amount of professional integrity in the analytic ranks survives a chain of command built to be leaned on.

The firewall that failed and the agencies that filled the gap

The domestic side of this carries its own version of the same disease. The defensive cyber mission and the foreign intelligence mission have different authorities, different legal frameworks, and different oversight regimes. They should not cohabit. Yet NSA’s operational presence inside the Cybersecurity and Infrastructure Security Agency blurs the line every day. CISA exists to defend critical infrastructure and to share threat information broadly with the people who own it. NSA exists to collect and to protect the methods of collection. When NSA’s equities shape what CISA can share, the defensive mission gets subordinated to the intelligence mission, and infrastructure owners end up with degraded information because someone decided, inside the building, that a collection method mattered more than a defender’s visibility. That tradeoff gets made without the defenders having any say in it, and it is the wrong default for a mission whose entire premise is transparency over secrecy.

The soft rolling of NSA’s intelligence function through a civilian agency also creates a domestic intelligence problem nobody wants to name. CISA has authorities to operate inside the United States that NSA does not. When foreign intelligence capability flows through a domestic agency without a hard legal firewall, you get domestically adjacent intelligence work under an umbrella that draws less scrutiny than NSA would face doing it directly. The architecture invites the very thing oversight is supposed to prevent.

There was supposed to be a firewall. Inside the Department of Homeland Security, the Office of Intelligence and Analysis holds the domestic intelligence coordination mission. Done right, it is the membrane between the foreign intelligence community and the domestic space, translating threat into action without dragging the collection apparatus across the line. It has almost never been done right. The office has been chronically understaffed, treated as second tier by the rest of the community, and churned through leadership fast enough that no institutional culture ever took root. The agency built to prevent intelligence community overreach into domestic functions became too weak to perform the function, and the community filled the vacuum directly. Institutional weakness manufacturing its own replacement is a pattern the community runs constantly.

The weakness is not abstract. A former head of that office reorganized it around mission centers, a model borrowed from the National Counterterrorism Center’s success after 2001, as though the structure rather than the resources and authorities had made that center work. The arithmetic is brutal. The mission center model needs mass to function. You need enough analysts to staff the centers, run the missions, carry the coordination load the model generates, and still have people left to produce. The total force of that office was smaller than a single shift on the watch floor at Army Cyber Command or Tenth Fleet. That is not a mission center problem. It is a rounding error that was handed an organization chart. What it produces in practice is coordination theater. Meetings happen, products get formatted to look finished, liaison relationships get maintained because liaison is cheap, and the actual synthesis of foreign intelligence into a domestic threat picture does not get done because there are not enough people to do it.

Which leads to the conclusion the office’s own defenders will resist. The mission itself is largely redundant. Every function except the authorization of domestic collection is already performed by operational components like Customs and Border Protection and Immigration and Customs Enforcement, or by coordination cells like the Cyber Threat Intelligence Integration Center and the counterterrorism coordination bodies. The one genuinely unique hook, the collection authorization authority, needs a handful of lawyers and cleared analysts, not a mission center superstructure. The honest move is to collapse the authorization function into a small office with community liaison, push component intelligence back to the components, and stop pretending the department needs an analytic production house competing with organizations that do it better and deeper.

There is a personnel root beneath the structural one. The domestic facing organizations are staffed, at the leadership level, by a pipeline of former intelligence community and clandestine service officers. Their professional formation runs exactly counter to the domestic mission. A career built on protecting sources, centralizing information, and treating partners as consumers of finished product is the right formation for foreign intelligence and the wrong one for infrastructure defense, which needs sharing over need to know and partnership over hierarchy. This is not malice. It is instinct laid down over a career, and it captures the culture of an organization regardless of what the statute says the mission is. You cannot staff a transparency mission with people whose entire identity was built on the opposite values and expect the culture to follow the law.

Where the current reform effort gets it right, and where it stops short

Credit where it is due. In June 2025 the Chairman of the Senate Select Committee on Intelligence introduced the Intelligence Community Efficiency and Effectiveness Act. The framing is correct and overdue. The committee described an Office of the Director of National Intelligence that was meant to be lean and became, in the chairman’s words, a bureaucracy where coordinators coordinate with other coordinators. The bill caps the office’s full-time staff at 650, eliminates a layer of deputy positions, terminates the National Counterintelligence and Security Center at the office and transfers its work to the FBI, redesigns the counterterrorism center and narrows the counterproliferation center, and creates temporary mission task forces that dissolve on a clock. The diagnosis names the disease. The community grows through every crisis and shrinks after none of them.

The bill is also a useful illustration of how contested this terrain is. It did not move cleanly through committee, and it drew public opposition from figures who argued it would weaken the office relative to the executive. That fight is worth watching, but it is a fight about the size and authority of the coordinating office. It is not a fight about the architecture beneath it.

And that is exactly where the current effort stops short. It trims the coordinating layer. It does not touch the dual-hat. It does not eliminate the Defense Intelligence Agency. It does not address NSA’s operational presence inside CISA or the failed firewall at the Office of Intelligence and Analysis. It treats the community as an administrative problem to be made tidier. The deeper problem is doctrinal and cultural. The cyber force has no theory of victory. The defense intelligence layer is structurally vulnerable to political pressure. The domestic firewall is undermanned to the point of fiction and culturally captured by the community it was meant to check. You cannot fix any of that by capping a staff number, however sensible the cap.

The intellectual precedent that comes closest is the recurring call to apply Goldwater-Nichols logic to the intelligence community, to force joint career development and break service parochialism the way the 1986 reform did for the military. That instinct is right about the disease and too gentle about the cure. Goldwater-Nichols for the community still assumes the community keeps its current shape. The harder and more honest question is whether the shape itself should survive.

What the moment actually calls for

A new Director taking the chair has a narrow window before the institution closes around the office and the agenda becomes management of the existing architecture. Every previous Director managed. The architecture now carries enough redundancy, conflicting authority, and cultural dysfunction that managing it is just presiding over its slow degradation. The alternative is to rationalize it, and that requires saying several things plainly.

Separate the Director of NSA from the commander of Cyber Command. Install a civilian Director of NSA, confirmed by the Senate, accountable to oversight, drawn from the technical depth the mission actually requires. Return Cyber Command to a three-star supporting command with an honest relationship to the geographic combatant commanders rather than a four-star peer pretending to authorities it cannot exercise at tactical tempo.

Eliminate the Defense Intelligence Agency. Return order of battle and weapons analysis to the service intelligence components that fight. Return human intelligence to the CIA, where the statutory authority lives, and dissolve the duplicative defense clandestine service. Reduce the defense attaché function to a small liaison office. The short-term cost is some loss of coverage. The coverage being defended is a product corrupted by political vulnerability and structural conflict, which is full price for a degraded good.

Get NSA out of CISA operationally, and build a genuine legal firewall between foreign intelligence collection and domestic infrastructure defense. CISA’s mission needs leaders formed in law enforcement, emergency management, and private sector defense, not in collection and covert action, because professional formation determines culture more reliably than any mission statement.

Resolve the Office of Intelligence and Analysis honestly. Either resource it to perform the firewall function it was given, or collapse it to a small collection authorization and liaison office and return component intelligence to the components. Stop funding coordination theater. The mission center model on a single-shift workforce is not a structure. It is a fiction with letterhead.

Pick one coordination node per mission area and eliminate the rest. Terrorism fusion to one center, cyber threat integration to one center, counterintelligence to one home. Redundancy in this community does not produce better intelligence through competition. It produces overhead, turf protection, and information hoarding between organizations that are nominally on the same side.

And rewrite JP 3-12 from a theory of effect rather than a force structure. State what strategic outcome cyber power produces and how it connects to political objectives. The honest answer may be that most of what the Cyber Mission Force does is persistent intelligence adjacent competition rather than warfighting. If so, write the doctrine that reflects that reality, and size and command the force accordingly, instead of dressing it in warfighting language to protect a budget line.

None of this is structurally complicated. All of it is politically hard, because the people who would have to approve it are either products of the community or dependent on it for the briefings that justify their committee assignments. The overseers and the overseen have co-evolved long enough that genuine separation takes a level of will the system has not produced since the Church Committee. A new Director will not get this done by memo. But a new Director is the only person positioned to put the real question to the country, which is not how to make the existing machine tidier. It is whether the machine, assembled in layers of crisis and never once made to give anything back, is the machine we would build if we were building it now. We would not. The work is admitting it while the chair is still warm.