Today, America’s federal cyber establishment faces a similar crisis of fragmentation. Born of disjointed legislation, overlapping executive orders, and competing congressional mandates, our cyber defense infrastructure has evolved into a convoluted maze where organizational boundaries matter more than mission success.

A fragmented cyber battlefield

The U.S. cyber domain’s evolution has occurred with little strategic coordination, creating unclear jurisdictions and mission overlap. The Department of Defense (DOD) and U.S. Cyber Command (USCYBERCOM) oversee military cyber operations, yet their efforts often compete with the National Security Agency’s (NSA) intelligence-driven priorities. The Cybersecurity and Infrastructure Security Agency (CISA) defends civilian networks but lacks sufficient authorities to compel action across the private sector. The Federal Bureau of Investigation (FBI) handles cybercrime investigations, while the Office of the National Cyber Director (ONCD) attempts to provide strategic oversight — all while adversaries exploit the strategic, operational, and jurisdictional seams between these various civilian and military organizations governed by different statutes.

This disjointed approach has led to catastrophic security failures. During the 2020 SolarWinds breach, Russian intelligence services infiltrated government and private networks while exploiting the gaps between our defensive organizations. The sophisticated cyber-espionage operation went undetected for months, with agencies like CISA, NSA, and FBI struggling to coordinate responses within their respective lanes. When the breach was finally discovered, our fragmented cyber ecosystem couldn’t assemble a complete picture of the attack, with each agency holding only pieces of the puzzle.

The 2021 Colonial Pipeline ransomware attack paralyzed fuel distribution across the East Coast, exposing critical weaknesses in public-private cyber collaboration. As federal agencies debated jurisdictional boundaries and response authorities, Americans faced gas shortages and price spikes. The FBI, CISA, Department of Energy, and multiple other agencies worked parallel tracks with limited coordination, demonstrating how our fractured response system fails during crises that cross public-private boundaries.

More recently, China’s SALT TYPHOON and VOLT TYPHOON campaigns methodically targeted our telecommunications infrastructure, maritime ports, and power grid systems. These persistent, sophisticated intrusions established footholds in critical infrastructure while our agencies struggled to share information effectively. Intelligence agencies detected the threats but faced bureaucratic hurdles in disseminating actionable information to defensive agencies and private sector targets.

In each case, multiple agencies responded with competing priorities: some focused on intelligence collection, others on attribution, and still others on defensive measures — often without real-time coordination or information sharing. Our adversaries deliberately target these organizational seams, knowing that our fragmented response system will delay effective countermeasures.

Geopolitical adversaries exploit our fragmentation

America’s cyber vulnerabilities are not hypothetical — they are actively and daily exploited by our adversaries. China’s persistent cyber-espionage campaigns target U.S. defense contractors and critical infrastructure through operations like VOLT TYPHOON. Russian state-backed hackers conduct disinformation and cyber disruption operations, seeking to undermine public trust. North Korean hackers fund their regime through cryptocurrency theft, while Iran grows increasingly aggressive in targeting American executives and government officials.

These nation-states deliberately exploit the seams between our agencies’ jurisdictions. When an attack crosses from intelligence gathering to destructive effects, from foreign to domestic networks, or from government to private infrastructure, our response fractures along organizational boundaries. Each agency follows its own playbook, often with limited visibility into parallel efforts.

Moreover, in the age of artificial intelligence, the scale and sophistication of cyber attacks will increase dramatically, with potential for unprecedented physical damage and even loss of life beyond purely digital impacts. Our adversaries have already unified their cyber operations under centralized command structures that blend military, intelligence, and criminal capabilities, while we remain divided.

The Cyber Council of Nicaea: A unifying solution

A Cyber Council of Nicaea would serve as a permanent, high-level forum backed by executive order and congressional authorization for resolving cyber policy disputes, coordinating national strategy, and setting enforceable standards. Unlike current ad-hoc coordination mechanisms that lack decisive authority, the Council would have the mandate to make and enforce binding decisions. Its core objectives would be:

Doctrinal unity — Establish a national cyber doctrine clearly defining roles, responsibilities, authorities, and response protocols.

Operational deconfliction — Synchronize military, intelligence, law enforcement, and civilian cyber operations.

Information sharing — Establish efficient and secure pathways for information sharing across agencies and with private sector partners.

Crisis response coordination — Develop binding frameworks for responding to attacks on critical infrastructure, including specific playbooks for common scenarios.

Public-private integration — Foster structured engagement with industry leaders through meaningful incentives and mutual benefit arrangements.

Readiness exercise planning — Develop and execute regular cross-sector cyber exercises modeled after nuclear response readiness drills.

Geopolitical cyber strategy — Align cyber operations with broader national security goals.

The Council’s structure would mirror successful national security decision-making bodies while avoiding excessive bureaucracy:

Chair: National Cyber Director with enhanced authorities via executive order, ensuring overarching strategic coherence and direct presidential reporting.

Core members: Leaders from DOD (to include National Guard), Coast Guard, NSA, CISA, FBI, USCYBERCOM, NSC, and the Office of the Director of National Intelligence (ODNI).

Advisory panel: Private sector cybersecurity executives and critical infrastructure representatives with defined incentives for participation, including enhanced threat intelligence access and priority incident response support.

Standing working groups: Composed of subject-matter experts from member agencies and private sector, focused on doctrine development, interagency coordination, and international cyber norms.

Unlike existing coordinating bodies, the Council would have the authority to make binding decisions about roles, responsibilities, authorities, and resources during both steady-state operations and crisis response. Reporting directly to both the Executive Branch and relevant congressional committees would ensure accountability and oversight. The Council would convene regularly for strategic planning and activate immediately during cyber emergencies, with clear lines of authority established in advance.

Learning from successful models

The Goldwater-Nichols Act of 1986 revolutionized the U.S. military by mandating joint operations and forcing inter-service cooperation after failures in Grenada and elsewhere demonstrated the costs of fragmentation. While imperfect, it fundamentally transformed military effectiveness by compelling unity across service boundaries. Nuclear response and readiness provides another successful model, with comprehensive exercises that coordinate military and government agencies, private sector partners, and even international allies.

A Cyber Council of Nicaea could achieve similar transformative effects for the cyber domain, compelling unity where fragmentation currently reigns, while avoiding the pitfalls of excessive centralization that could stifle innovation or create new bureaucratic obstacles.

Addressing the counterarguments

Skeptics may argue that adding another layer of coordination risks bureaucratic inefficiency. However, the status quo — where cyber responsibilities are split across multiple agencies without a unifying authority — has already proven inefficient and dangerous. The Council would not add bureaucracy but rather streamline existing processes by establishing clear decision paths and eliminating duplicative efforts. Recent examples like SolarWinds and Colonial Pipeline demonstrate how our current approach costs precious time during crises when every minute counts.

Concerns over interagency rivalry are valid but not insurmountable. By establishing clear lines of authority for specific scenarios in advance and building regular coordination exercises into agency operations, the Council would reduce friction during crises. The current nominated ONCD leadership may lack the gravitas of the original Council of Nicaea’s Emperor, but enhanced authority through executive order and congressional mandate would provide the necessary power to drive meaningful coordination.

Regarding private sector involvement, the Council would ensure that response measures balance national security with business continuity and civil liberties through meaningful industry participation. Rather than imposing one-way requirements, this approach would provide tangible benefits to participating companies through enhanced intelligence sharing, technical assistance, and coordinated incident response support.

The alternative — allowing China, Russia, and other adversaries to continue exploiting our divisions — is simply unacceptable.

A call to action

Cyberspace is unquestionably the battlefield of the 21st century, yet we continue to defend it with organizational structures designed for the industrial age. The National Security Council and Congress should immediately authorize and convene the first Cyber Council of Nicaea, bringing together key stakeholders to define America’s cyber future.

Implementation will require amendments to existing authorities and potentially new legislation, but the fundamental architecture already exists in the form of existing coordination bodies. What’s missing is decisive leadership with real authority and accountability — gaps the Council would fill.

The recent Executive Order shifting resilience responsibilities to states makes this Council even more critical, as it must establish the frameworks and standards that will guide state-level cyber defense efforts, preventing further fragmentation at the state and local levels.

Without decisive action, we risk continued fragmentation, persistent vulnerabilities, and a strategic disadvantage against adversaries who operate with singular focus. The Cyber Council of Nicaea isn’t just an administrative reform, it’s an urgent national security imperative that must be established before the next major attack forces reactive, chaotic policymaking in its aftermath.

The choice is clear: unify now or remain divided until disaster forces our hand.

Authors’ note: Brad Levine; John Dobrydney, DSc; Hala Nelson, Ph.D., and Ken Kurz were kind enough to lend their knowledge, expertise, and constructive feedback in the development of this Op-Ed.

Daniel Van Wagenen is a retired Army combat infantryman and defensive cyber operator. He is also the co-founder of the Association of the U.S. Cyber Forces (AUSCF), the first dedicated nonprofit to being a voice for the cyber warfighter, and co-founder and COO of Minerva Cyber Technologies, a full-spectrum cyber operations services and products firm.

Kim Irving is a senior cyber executive focused on supporting the warfighter and the national security mission. Co-founder and CEO of Minerva Cyber Technologies, she has 20+ years of experience serving on executive leadership teams and boards. Her experience includes full-spectrum cyber services and capability development for U.S. Cyber Command, Army Cyber Command, Air Force Cyber Command, Navy Fleet Cyber Command, and Marine Corps Forces Cyberspace Command.

The post The Cyber Council of Nicaea: Unifying America’s fragmented digital defense appeared first on DefenseScoop.

The rapid evolution of technology and the digital landscape has fundamentally altered the nature of warfare. Cyber has become the fifth domain along with land, sea, air and space. As cyber threats continue to grow in sophistication and frequency, the United States must adapt its defense posture to meet these challenges head-on. Our current distributed approach leaves gaps in capabilities, training, recruiting and innovation, leaving us vulnerable to digital attack. An independent U.S. Cyber Force is not just a strategic necessity but an inevitable progression in the evolution of military operations.

Cyber warfare has become a critical component of modern conflicts. Adversaries such as China, Russia, Iran, and North Korea have developed formidable cyber capabilities, launching attacks that target both governmental and civilian infrastructure. The 2020 SolarWinds cyberattack, which compromised multiple U.S. federal agencies, and the persistent ransomware attacks on critical infrastructure underscore the urgent need for a dedicated and specialized cyber force. According to a 2021 report by the Center for Strategic and International Studies (CSIS), the frequency and severity of cyberattacks have increased exponentially, with nation-states being the primary actors. The report highlights that traditional military structures are ill-equipped to deal with the unique challenges posed by cyber threats, necessitating a distinct and independent cyber force.

Key benefits of having an independent cyber service

Specialization and Focus: The creation of an independent U.S. Cyber Force would allow for the specialization and focused training required to tackle complex cyber threats. Unlike conventional military units, a cyber force would be dedicated exclusively to defending against and conducting cyber operations. This specialized focus is crucial for developing the expertise needed to stay ahead of adversaries in the fast-paced cyber domain.

Streamlined Command and Control: An independent cyber force would enhance command and control capabilities, ensuring a more agile and responsive structure. Currently, cyber operations are often spread across multiple branches of the military, leading to fragmented efforts and bureaucratic inefficiencies. A unified command structure within an independent cyber force would enable more coherent and effective responses to cyber incidents.

Enhanced Recruitment and Retention: Attracting and retaining top talent is a significant challenge in the cyber domain. An independent cyber force would have the flexibility to implement specialized recruitment and retention strategies tailored to the unique demands of cyber warfare. This includes offering competitive salaries, advanced training programs, and career development opportunities that are more aligned with the private sector sector, as well as allow the cyber operator to actually perform in the job they are assigned.

Innovation and Adaptability: The cyber domain is characterized by rapid technological advancements. An independent cyber force would be better positioned to innovate and adapt to emerging threats. By fostering a culture of continuous learning and technological experimentation, a cyber force can develop cutting-edge capabilities and stay ahead of adversaries.

Opponents of an independent U.S. Cyber Force often argue that it would create redundancy and overlap with existing military branches. However, this perspective fails to recognize the unique nature of cyber warfare. The U.S. Space Force, established in 2019, provides a precedent for the creation of a specialized military branch to address specific operational needs. Just as space operations require distinct capabilities and focus, so too does the cyber domain.

Another argument against an independent cyber force is the potential for bureaucratic growth and increased costs. While the initial establishment of a new military branch may incur costs, the long-term benefits of having a dedicated and efficient cyber force far outweigh these concerns. The current fragmented approach to cyber operations leads to inefficiencies and higher costs in the long run. Consolidating these efforts under a single command would streamline operations and ultimately reduce redundancies. Furthermore, aligning the U.S. Cyber Force under the Department of the Army as recommended in the FDD study released earlier this year, would alleviate these red tape and cost concerns.

As cyber warfare continues to shape the future of conflicts, an independent U.S. Cyber Force is required to safeguard national security and maintain technological superiority. Now is the time to take the necessary steps to ensure our cyber defenses are robust and resilient. By establishing an independent U.S. Cyber Force, we can better protect our nation, deter adversaries, and establish dominance in the fifth domain.

Daniel Van Wagenen is a retired Army combat infantryman and defensive cyber operator. He is also the co-founder of the Association of U.S. Cyber Forces (AUSCF), the first dedicated nonprofit to being a voice for the cyber warfighter, and co-founder and COO of Minerva Cyber Technologies, a full-spectrum cyber operations services and products firm. 

Kim Irving is a senior cyber executive focused on supporting the warfighter and the national security mission. Co-founder and CEO of Minerva Cyber Technologies, she has 20+ years of experience serving on executive leadership teams and boards. Her experience includes full-spectrum cyber services and capability development for U.S. Cyber Command, Army Cyber Command, Air Force Cyber Command, Navy Fleet Cyber Command, and Marine Corps Forces Cyberspace Command.

The post The case for an independent U.S. Cyber Force appeared first on DefenseScoop.