Join War on the Rocks and gain access to content trusted by policymakers, military leaders, and strategic thinkers worldwide.
Cyber operations have become a defining feature of modern conflict, a front line that shapes the contours of global power competition. Yet despite daily headlines about Chinese hackers breaching defense contractors, Russian ransomware crippling pipelines, and Iranian cyber operatives probing our critical infrastructure, there remains a persistent and increasingly dangerous gap between America’s strategic cyber ambitions and the way these capabilities are integrated into warfighting. Without urgent action, the service could end up with a cyber force that looks formidable, but rests upon weak tactical foundations.
While U.S. Cyber Command has unmatched resources, the centralization of offensive cyber authorities has created a dangerous gap between strategic vision and operational reality. By sidelining forward-deployed units and commanders, the United States is limiting its ability to compete effectively against adversaries who already integrate cyber at every level of warfare.
The Department of Defense ought to delegate risk-informed cyber authorities to operational commanders, empower forward-deployed teams, and reform policy so that cyber effects can be employed with the same trust and discipline as other combat capabilities.
The Disconnect Between Strategy and Reality
On paper, the United States fields the most capable cyber force in the world. The reality is different. Military cyber operations remain highly centralized under U.S. Cyber Command. While strategic-level operations and access should remain under strict oversight, the near-total consolidation of offensive cyber authorities at the national level leaves forward-deployed units and combatant commanders without the tools they need to compete effectively in the contested battlespace. The United States is fighting a domain-centric war with one arm tied behind its back.
This misalignment between strategic guidance and operational flexibility is not just an inefficiency. It is a vulnerability.
Exploit Production: It’s Not Just Volume
A common critique of America’s cyber posture is that the military does not produce exploits and capabilities at the scale of adversaries like China. And it is true that the Chinese cyber apparatus — state-directed, university-supported, and bolstered by an extensive contractor network — generates cyber exploits at a dizzying rate.
But this is a false comparison. The United States has deliberately taken a different path — one grounded in operational precision, strategic necessity, and the minimization of escalation risks. America’s national cyber strategy does not demand quantity; it demands quality. Tailored, risk-informed, strategically aligned cyber operations are the hallmark of U.S. warfighting.
Yet even a strategy of precision requires capability at the edge. The Marine expeditionary force information groups, the U.S. Army’s multi-domain task forces, and similar service-retained units in battle positions all over the globe need the tools, authorities, and processes to employ cyber effects in real time. It is not about stockpiling exploits. It is about equipping those closest to the problem with what they need to create strategic impact through operational or tactical excellence.
Authorities: Balance Is Not Control
Today, offensive cyber authorities reside almost exclusively with U.S. Cyber Command and its subordinate command, the Cyber National Mission Force. This structure ensures strategic oversight, but at a cost: it disempowers operational units that understand the battlespace, the adversary’s tactics, and the needs of their commanders.
Marine expeditionary force information groups, multi-domain task forces, and similar formations are staffed with highly trained marines and soldiers who are embedded with forward-deployed forces, speak the language of their environment, and routinely work alongside our allies and partners. Yet they remain largely spectators when it comes to offensive cyberspace operations. Cyber National Mission Force units suffer from inconsistent training, short staffing, and conflicting demands from service cyber components — conditions that undercut readiness before the battle even starts. Cyber Command has assumed responsibilities for force generation without the policy, process, or culture to sustain those forces. As a result, marines and soldiers on the forward edge detect malicious activity, but have no mandate or authority to act until a much larger command structure steps in.
The Department of Defense and the Joint Staff should develop delegated authorities for cyber, akin to the fire support coordination measures used in physical combat. Commanders in the field are trusted with munitions that can kill and destroy — surely, with proper safeguards, they can be trusted with effects that disrupt and degrade.
This is not a call for unfettered autonomy. It is a call for balance: strategic control with operational flexibility. This shift should begin now.
Managing Risk with Discipline, Not Fear
The primary reason for cyber centralization is risk: the risk of escalation, of compromising intelligence sources and methods, and of unintended collateral effects. These risks are real, but they are not unique to cyber.
Every domain carries risk. The services trust commanders to employ artillery, air strikes, and special operations in fluid environments. They equip them with rules of engagement, legal advisors, and clear commanders’ intent. They accept risk because the absence of action is often the greater danger.
Why are cyber operations treated categorically different?
American military forces should mature their approach. Cyber operations require the same level of disciplined planning, legal scrutiny, and strategic alignment as kinetic ones — but they should not be paralyzed by unique burdens. Risk can be managed. What cannot be managed is a future where American forces are outpaced in cyberspace because they refused to decentralize when it mattered most.
The Enemies Who Already Get It
Adversaries do not wrestle with the same debates that tie down American cyber forces. China, Russia, and Iran already view cyber as a fully integrated component of military and national power. They do not ask whether cyber effects belong at the tactical level. They assume it.
China’s cyber operations have evolved far beyond espionage. Beijing now uses cyberspace to pre-position, shape, and prepare the battlefield, striking at logistics networks, critical infrastructure, and military systems. These efforts are not afterthoughts; they are baked into joint campaign planning and calibrated to impose costs well before the first missile is launched.
Russia offers another lesson. The timing of cyber operations often defines their effectiveness. Moscow understands this principle. Its campaigns against Ukraine frequently sought to shape the environment before and during combat, synchronizing disruption of networks with missile strikes and electronic warfare. These operations have not always delivered systemic effects, but the intent is clear: Russia sees cyber as a flexible, opportunistic tool of war.
Iran demonstrates the asymmetric power of cyberspace. Lacking the conventional capacity of China or Russia, Tehran employs cyber as a cost-effective tool to deter, harass, and undermine regional adversaries. From targeting Gulf state infrastructure to probing U.S. networks, Iran uses cyber in ways that impose real operational and political friction disproportionate to its size.
These examples highlight what U.S. forces have yet to fully embrace: Cyber is neither a niche capability nor an exotic add-on. It is a standard tool of statecraft and warfighting. While adversaries press forward with integrated cyber campaigns, U.S. Cyber Command and the services remain bogged down in centralized authorities, bureaucratic caution, and what one analyst called “seven years of failure” to generate credible combat outcomes at scale.
If the United States is to deter and defeat such adversaries, it must do more than match their strategic employment of cyber. It must surpass them operationally by empowering tactical cyber operators to act at the speed of battle. Otherwise, the nation risks maintaining a cyber force that is strategically impressive on paper but operationally impotent in practice.
The Value of Forward-Deployed Expertise
From direct experience conducting cyber operations with III Marine Expeditionary Force Information Group in the Indo-Pacific, I witnessed firsthand the value that small, agile, forward-deployed cyber teams bring to the fight. These marines possess regional knowledge, cultural understanding, and operational relationships that cannot be replicated from a command center thousands of miles away. They understand the pulse of the adversary. They know how to speak the operational language of maneuver commanders. They build trust with allies and partners who live in the shadow of adversarial cyber threats.
These teams are not a theoretical capability. They are an existing, underutilized asset. And until senior leadership unlocks their full potential, the military will continue leaving operational impact on the table.
The tenacity of marines to meet the enemy in the cyber trenches is unquestionable. What is in question is the system that shackles them. When marine cyber operators on the tactical edge detect, disrupt, or repel a malicious cyber attack against American key terrain, they cannot immediately pivot to a counter-offensive. Unlike artillery or aviation, where commanders have the authority to respond decisively in real time, cyber operators must first push their findings up the chain of command, across multiple headquarters, and ultimately to U.S. Cyber Command — the only force currently holding the authorities to launch offensive cyber operations. Several times, marines stood at the line of departure — geared up, prepared, and ready to fight the adversary in the cyber trenches — yet were ordered to hold because policy and authority restricted them from acting. The justification was framed as preserving “strategic unity of effort,” but to those on the ground, it felt more like being sidelined and told to wait for the varsity team to arrive.
U.S. Cyber Command likely believed it was acting in the best interest of mission success by waiting for more experienced cyber operators to assess and execute. Fleet commanders, often unfamiliar with the full scope of their cyber authorities and capabilities, complied when asked to hold. From a senior leadership perspective, the decision prioritized proven skill sets and established authorities to ensure mission effectiveness. However, service-retained cyber forces — though not under U.S. Cyber Command’s operational control — are equally trained and capable. Many of the marines had extensive experience at Fort Meade, supporting both offensive and defensive national-level missions. Despite this, tactical operators who had already detected and engaged threats often experienced frustration. The delay in action, driven by strategic caution, risked losing fleeting opportunities and appeared to undervalue their contributions.
This reflects a broader tension between strategic risk management and the urgency of seizing time-sensitive opportunities at the tactical edge.
By the time that reporting is complete, the adversary is often long gone. The fleeting opportunity to seize initiative, exploit vulnerabilities, and impose costs evaporates. What could have been a decisive tactical counterstrike instead becomes a sterile after action report.
This bottleneck is not a reflection of a lack of skill or will at the tactical level — it is the product of a risk-averse structure that centralizes authority at the expense of operational tempo. In the Indo-Pacific, where adversaries probe and strike in seconds, waiting hours or days for decisions from Washington is not just inefficient — it is strategically dangerous.
If the U.S. Marine Corps and U.S. Army are trusted to maneuver infantry squads under fire, call in close air support, or employ precision fires with strategic consequences, then forward-deployed marines and soldiers should also be trusted to employ flexible cyber responses within commander’s intent. Denying them this authority undermines the very reason they exist: to fight and win in the digital battlespace alongside American forces in the physical one.
Turning Doctrine into Reality
The military’s embrace of joint all-domain operations is one of the most important conceptual shifts in modern warfighting. It recognizes that to create dilemmas for adversaries, it should integrate capabilities across land, sea, air, space, and cyber.
The Marine Corps’ Force Design 2030 and the concept of joint all-domain operations strategy both emphasize cyber as a key enabler. But to move from vision to reality, the military should enable cyber effects to be employed at the operational and tactical level. Doctrinal rigidity can be an obstacle to effective tactical-level cyberspace planning and operations. Joint publications that force cyber planners into simplified paths or fixate on point targets often misalign with the multidimensional, networked realities of cyber war. Forward-deployed teams who understand local terrain and adversary behavior are among the few who can exploit complexity — if given autonomy.
Warfighters do not need new doctrine. They need implementation. They need policy reform. And they need leaders willing to accept the risk that comes with empowering the edge.
Empowering the Human Factor
Leadership in warfare is built on trust. Senior leaders trust their junior leaders and service members to make decisions under fire, to operate with incomplete information, and to act with judgment shaped by training, mentorship, and experience.
The same should hold true in cyber. Operators and planners at the tactical edge are often closest to the fight, most attuned to the environment, and best positioned to act quickly and decisively.
Empowerment does not mean recklessness. It means building the training pipelines, certification standards, and mission command structures to allow the best people to do what they are trained to do. From my mentors and my own journey, one enduring lesson remains: If you want excellence, you should create space for it. You should give your people the authority, trust, and support to act.
A Call for Immediate Action
The United States cannot afford to drift toward cyber irrelevance at the operational level. If American forces are to maintain cyber superiority in an increasingly contested global environment, they should act now. The margin for delay is gone.
The Office of the Secretary of Defense and the Joint Staff should develop delegated authorities by creating robust frameworks that delegate limited, risk-informed offensive cyber authorities to Combatant Commands and operational units under clear strategic oversight. Commanders should plan operations that integrate cyber at the edge that enable service-retained cyber teams to conduct operations that shape theater objectives, in concert with other kinetic and non-kinetic capabilities. Commanders should also treat cyber risk with the same discipline and operational logic they apply in other environments, and trust professional judgment. Leaders and organizations should train and certify tactical leaders who meet service-level and joint standards while building robust certification programs that ensure cyber operators can execute missions legally, ethically, and effectively. Lastly, senior leaders, commanders, and policymakers should be equipped to understand cyber not as a niche capability but as a domain of warfare that demands integration across warfighting functions such as fires and maneuver.
Conclusion
America’s cyber forces are unmatched in talent, innovation, and strategic capability. But talent and resources alone are not enough. Senior leaders and policymakers should trust, empower, and integrate these forces at every level of warfare.
This is not merely one marine’s opinion — it is a reflection born of time spent at the forward edge of operations, shoulder to shoulder with America’s allies and partners in the Indo-Pacific, Europe, and the Middle East. It is a perspective shaped by watching incredible marines and joint teammates produce brilliance, only to be constrained by policy and authority structures built for another era.
The time for reform is now. The United States should act with urgency, with courage, and with a bias for action. Empower your people. Trust their judgment. Let them do what warfighters were trained to do.
In doing so, the U.S. military will ensure that America remains not only a cyber superpower in name, but a force capable of shaping operational outcomes and strategic success in the 21st century and beyond.
Jeffrey Edwards is a Marine cyberspace warfare officer with 14 years of active-duty service, including at Cyber Command, Indo-Pacific Command, and Central Command. The views expressed in this article are those of the author and do not represent the Marine Corps, the Department of Defense, or any part of the U.S. government.
**Please note, as a matter of house style, War on the Rocks will not use a different name for the U.S. Department of Defense until and unless the name is changed by statute by the U.S. Congress.
Image: Midjourney
