Options for a Dedicated Stability Operations Force Supporting Large Scale Combat Operations

Kevin Maguire is a graduate student in at Columbia University’s School of International and Public Affairs and a U.S. Army Reserve Civil Affairs Officer.  He can be found on LinkedIn or at kevinpatrickmaguirejr@gmail.com.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.

National Security Situation:  As the U.S. military prepares for future large-scale combat operations (LSCO), it risks failure without a post-LSCO stabilization capability. 

Date Originally Written:  April 12, 2021.

Date Originally Published:  April 26, 2021.

Author and / or Article Point of View:  The author believes that the U.S. (and allies) require specific formations to conduct post-LSSO stability operations (hereafter referred to as stability operations).

Background:  Though the U.S. Department of Defense continues to prepare for LSCO, it will fail in its mission without the ability to consolidate gains through stabilization. A telling example is post-Islamic State (IS) Iraq.  While ultimately successful in retaking territory from IS, the counter-IS campaign dealt a devastating blow to the Iraqi people. Cities like Mosul suffered thousands of dead, with billions in damages to infrastructure and the economy[1]. Despite nearly two decades of experience learning from the challenges of stability operations in Iraq and Afghanistan, the U.S. (particularly the U.S. military) once again failed to conduct effective stability operations. Iraq remains highly volatile and unstable, and there are indications that an IS-led insurgency is growing[2].

Significance:  LSCO will see Mosul-like destruction and chaos in its immediate aftermath. Populated areas where future LSCO takes place risk the same issues as Mosul. One option for the U.S. military to mitigate stability issues is to have formations trained and capable of transitioning to stability operations. Retaining formations trained in stability operations capability will not only be helpful, but are necessary to plan for situations like Mosul on a greater scale. This option paper proposes three possible formations that could undertake post LSCO stability operations.

Option #1:  The DoD reorients its light and advisory forces to undertake stability operations.

The U.S.’ light military forces and Security Force Assistance Brigades (SFABs) are already oriented towards stability tasks. Stability operations require presence patrols and other operations best suited to light forces’ dismounted capabilities. Advisory brigades already promote skills within their formations that complement stability tasks, such as the language and cultural awareness necessary to work with partner forces. Marine and other light Army brigades, augmented with military police, civil affairs, and other units with stability functions, are also suitable as the dedicated stability operations formations. Given the light and modular character of these forces, they can rapidly assume the stability role in post-LSCO environments. 

Risk:  Light forces still have an advantage in LSCO of operating in restricted terrain, and they may be employed in this manner prior to the cessation of hostilities. Training or emphasis on stability operations tasks will strain the light formation’s ability to train for actual combat missions. The culture of some combat-oriented organizations, such as the 82nd Airborne or Marine Expeditionary Units, might also not be receptive to stability tasks. Advisory forces for their part, are small, and could require additional personnel and support to oversee large areas requiring stabilization.

Gain:  Light forces are among the most adaptable formations in the U.S. arsenal. The Army’s light forces in particular have shifted their force structure several times since inception, to include the addition of a 3rd infantry battalion, the transformation of the special troops battalion to an engineer battalion, and the addition of new equipment and capabilities[3].   Marine formations are also, by nature, scalable based off theater needs. Given the flexible nature of light forces, they are more easily adapted to stability tasks.

Option #2:  The U.S. leads the formation of a multinational stability force. 

This option would leverage the stability-building capabilities of U.S. partner forces to allow U.S. forces to focus on LSCO. Partner forces possess experience in areas where U.S. forces do not typically engage, such as peacekeeping and monitoring missions. Partner forces often use this experience to leverage close ties with development agencies which will be necessary for stability operations. Some partner forces tasked with stability or policing functions fit the stability operations role, such as the Italian Carabinieri[4]. 

Risk:  Though many partner forces are capable, reorienting a nation’s military forces could face domestic pressure. In the United Kingdom for example, proposed cuts to some military capabilities as part of a defense review garnered significant criticism from opposition lawmakers[5]. Many partners will still require LSCO-capable formations due to geographical proximity to an adversary, such as European Union states that border Russia. Restrictions on partner forces reduce flexibility for entire nations, so much so that this option will require significant cooperation between the U.S. and LSCO partners.

Gain:  This option frees U.S. military forces to focus readiness efforts on strictly LSCO. It also ensures that U.S. partners and allies with restrictive defense budgets or rules can focus the bulk of their readiness efforts on post-LSCO stability scenarios. This arrangement also pushes towards greater interoperability between the U.S. and partner forces, strengthening U.S. alliances in the long term.  

Option #3:  The U.S. orients its national guard and reserve forces to conduct post-LSCO stability operations

This option would re-task reserve and national guard forces, namely those formations oriented for combat, as the primary stability operations formations in the U.S. military. National guard and reserve forces already conduct Defense Support for Civil Activities, supporting state governors in areas such as civil unrest, natural disaster response, and medical support. 

Risk:  There will be political pushback from state governors over re-tasking the national guard. In 2018, the Army’s attempt to swap National Guard AH-64 Apaches to active duty in exchange for UH-60 Blackhawks met significant opposition, despite the utility these helicopters provided for states[6]. Similar opposition should be expected with reorienting national guard and reserve formations to a stability role. As a part time force, the reserve and national guard will be challenged in ensuring stability operations readiness efforts meet the needs of active duty formations if required.  

Gain:  This option frees combat units to focus readiness efforts related to LSCO. It also allows the reserve and national guard to focus limited resources and time on very specific stability missions and tasks, rather than prepare for a multitude of other contingency operations. Many reserve formations are already suited to these tasks, especially the U.S. Army’s Civil Affairs and Psychological Operations Command and numerous medical, military police, engineer, and other “enablers.” As a part time force, reserve and national guard personnel also bring civilian occupation skillsets that active duty personnel are not well versed in, especially those that serve in public service positions.  

Other Comments:  None.

Recommendation:  None.


[1] Three years after ISIS, Mosul residents still waiting to rebuild. (2020, July 10). The National. https://www.thenationalnews.com/world/mena/three-years-after-isis-mosul-residents-still-waiting-to-rebuild-1.1047089

[2] Nada, G. (2020, January 17). The U.S. and the Aftermath of ISIS. The Wilson Center. https://www.wilsoncenter.org/article/us-and-aftermath-isis

[3] Vazquez, D. (2020, April 17). Is the Infantry Brigade Combat Team Becoming Obsolete? War on the Rocks. https://warontherocks.com/2020/04/is-the-infantry-brigade-combat-team-becoming-obsolete

[4] Carabinieri. (n.d.). NATO Stability Policing Centre of Excellence. Retrieved April 12, 2021, from https://www.nspcoe.org/about-us/sponsoring-nations/italian-republic/carabinieri

[5] Sabbagh, D. (2021, March 21). UK defence cuts show gulf between ambition and action, says Labour. The Guardian. https://www.theguardian.com/politics/2021/mar/22/uk-defence-cuts-gulf-ambition-action-labour-army-troops

[6] Sabbagh, D. (2021, March 21). UK defence cuts show gulf between ambition and action, says Labour. The Guardian. https://www.theguardian.com/politics/2021/mar/22/uk-defence-cuts-gulf-ambition-action-labour-army-troops

Allies & Partners Civilian Concerns Defense and Military Reform Kevin Maguire Major Regional Contingency Non-Full-Time Military Forces (Guard, Reserve, Territorial Forces, Militias, etc) Option Papers United States

Assessment of Militia Forces as a Model for Recruitment and Retention in Cyber Security Forces

Franklin Holcomb is a graduate student from the U.S. at the University of Tartu, Estonia and a former research analyst on Eastern European security issues in Washington, D.C. Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.

Title:  Assessment of Militia Forces as a Model for Recruitment and Retention in Cyber Security Forces

Date Originally Written:  September 25, 2019.

Date Originally Published:  November 18, 2019.

Author and / or Article Point of View:  The author is a graduate student from the U.S. at the University of Tartu, Estonia and a former research analyst on Eastern European security issues in Washington, D.C. He is a strong believer in the Euro-American relationship and the increasing relevance of innovation in security and governance.

Summary:  U.S. and Western Armed Forces are struggling with recruitment and retention in their cyber units, which leaves their countries vulnerable to hostile cyber actors. As society becomes increasingly digitalized in coming years, the severity of these vulnerabilities will increase. The militia model adopted by the Baltic states provides a format to attract civilian experts and decrease vulnerabilities.

Text:  The U.S. Armed Forces are facing difficulties recruiting and retaining cyber-security talent. To meet this challenge the U.S. Marine Corps announced in April 2019 that it would establish a volunteer cyber-auxiliary force (Cyber Aux) consisting of a “small cadre of highly-talented cyber experts who train, educate, advise, and mentor Marines to keep pace with constantly-evolving cyber challenges[1].” The Cyber Aux will face many of the issues that other branches, and countries, have in attracting and retaining cyber-security professionals. Cyber Aux takes notably important steps towards increasing the appeal of participation in the U.S. armed forces for cyber-security experts, such as relaxing grooming and fitness standards. But Cyber Aux will struggle to attract enough professionals due to factors such as its role as a mentorship organization, rather than one that conducts operations, and the wide military-civilian pay gap in the cyber-security field[2]. These factors will ensure U.S. and North Atlantic Treaty Organization (NATO) military forces will have suboptimal and likely understaffed cyber components; increasing their vulnerabilities on and off the battlefield.

Estonia, Latvia, and Lithuania have been on the geographic and virtual frontlines of many challenges faced by NATO. The severity of threats facing them has made security innovation a necessity rather than a goal. While not all innovations have succeeded, these countries have created a dynamic multi-layered defense ecosystem which combines the skillsets of civil society and their armed forces to multiply their defense capabilities and increase national resilience. There are numerous organizations that play a role in these innovations including civilian groups as well as the militias of each state[3]. The militias, non-professional military forces who gain legitimacy and legality from state authorization, play a key role in increasing the effective strength of forces in the region. The Estonian Defense League, the Latvian National Guard, and the Lithuanian Riflemen’s Association all draw on civilian talent to form militias. These organizations are integrated, to different extents, with military structures and play supporting roles in a time of crisis that would free regular forces to conduct operations or support their operations directly.

These militias have established cyber units which are models for integrating civilian cyber-security professionals into military structures. The Baltic cyber-militias engage directly in practical cyber-security concerns, rather than being restricted to academic pursuit or mentoring like Cyber Aux. In peacetime, these organizations conduct training for servicemen and civilians with the goal of raising awareness of the risks posed by hostile cyber actors, increasing civilian-military collaboration in cyber-security, and improving cyber-security practices for critical systems and infrastructure[4]. In crisis, these units mobilize to supplement state capabilities. The Estonian Defense League and Latvian National Guard have both established cyber-defense units, and Lithuania intends to complete a framework through which its militia could play a role in supporting cyber-defense capabilities by January 2020[5]. 

The idea of a cyber-militia is not new, yet the role these organizations play in the Baltic states as a talent bridge between the armed forces and civil society provides a very useful policy framework for many Western states. Currently cyber-auxiliaries are used by many states such as Russia and China who rely on them to supplement offensive cyber capacities[6]. This situational, and often unofficial use of auxiliaries in cyber operations has advantages, prominently including deniability, but these should not overshadow the value of having official structures that are integrated into both civil society and national cyber-defense. By creating a reserve of motivated civilian professionals that can be called on to supplement military cyber units during a time of crisis, the Baltic states are also effectively increasing not only their resilience to a major cyber incident while it is underway, but raising the up-front cost of conducting such an attack in the first place.

As NATO and European policymakers consider the best courses available to improve their Armed Forces’ cyber capacities, the models being adopted in Estonia, Latvia, and Lithuania are likely of value. Estonia pioneered the concept in the region[7], but as the model spreads to other states Western states could learn from the effectiveness of the model. Cyber-militias, which play a supportive role in cyber operations, will strengthen the cyber forces of militaries in other NATO states which are undermined by low recruitment and retention.


[1] (2019, May 13). Marine Corps Establishes Volunteer Cyber Auxiliary to Increase Cyberspace Readiness. Marines.mil. Retrieved September 25, 2019. https://www.marines.mil/News/Press-Releases/Press-Release-Display/Article/1845538/marine-corps-establishes-volunteer-cyber-auxiliary-to-increase-cyberspace-readi

[2] Moore E., Kollars N. (2019, August 21). Every Marine a Blue-Haired Quasi-Rifleperson? War on the Rocks. Retrieved on September 25, 2019. https://warontherocks.com/2019/08/every-marine-a-blue-haired-quasi-rifleperson/; Cancian M., (2019, September 05) Marine Cyber Auxiliaries Aren’t Marines, and Cyber “Warriors” aren’t Warriors. War on the Rocks. Retrieved September 25, 2019. https://warontherocks.com/2019/09/marine-cyber-auxiliaries-arent-marines-and-cyber-warriors-arent-warriors/

[3] Thompson T. (2019, January 9) Countering Russian Disinformation the Baltic nations’ way. The Conversation. Retrieved September 25, 2019. http://theconversation.com/countering-russian-disinformation-the-baltic-nations-way-109366

[4] (2019, September 24). Estonian Defense League’s Cyber Unit. Estonian Defense League. Retrieved on September 25, 2019. http://www.kaitseliit.ee/en/cyber-unit; (2013). National Armed Forces Cyber Defense Unit (CDU) Concept. Latvian Ministry of Defense. Retrieved September 25, 2019. https://www.mod.gov.lv/sites/mod/files/document/cyberzs_April_2013_EN_final.pdf; (2015, January 15). National Guard opens cyber-defense center. Public Broadcasting of Latvia. Retrieved September 25, 2019. https://eng.lsm.lv/article/society/society/national-guard-opens-cyber-defense-center.a113832/; Kaska K, Osula A., Stinnissen J. (2013) The Cyber Defence Unit of the Estonian Defense League NATO Cooperative Cyber Defense Centre of Excellence. Tallinn, Estonia. Retrieved September 25, 2019. https://ccdcoe.org/uploads/2018/10/CDU_Analysis.pdf; Pernik P. (2018, December). Preparing for Cyber Conflict: Case Studies of Cyber Command. International Centre for Defense and Security. Retrieved on September 25, 2019. https://icds.ee/wp-content/uploads/2018/12/ICDS_Report_Preparing_for_Cyber_Conflict_Piret_Pernik_December_2018-1.pdf

[5] (2019, July 03) The Government of the Republic of Lithuania: Ruling on the Approval of the Interinstitutional Action Plan for the Implementation of National Cybernet Security Strategy. Lithuanian Parliament. Retrieved September 25, 2019. https://e-seimas.lrs.lt/portal/legalAct/lt/TAD/faeb5eb4a6c811e9aab6d8dd69c6da66?jfwid=dg8d31595

[6] Applegate S. (2011, September/October) Cybermilitias and Political Hackers- Use of Irregular Forces in Cyberwarfare. IEEE Security and Privacy. Retrieved on September 25, 2019. https://www.researchgate.net/publication/220497000_Cybermilitias_and_Political_Hackers_Use_of_Irregular_Forces_in_Cyberwarfare

[7] Ruiz M. (2018.January 9) Is Estonia’s Approach to Cyber Defense Feasible in the United States? War on the Rocks. Accessed: September 25, 2019. https://warontherocks.com/2018/01/estonias-approach-cyber-defense-feasible-united-states/; Drozdiak N. (2019, February 11) One of Russia’s Neighbors Has Security Lessons for the Rest of Us. Bloomberg. Retrieved on September 25, 2019. https://www.bloomberg.com/news/articles/2019-02-11/a-russian-neighbor-has-cybersecurity-lessons-for-the-rest-of-us

Assessment Papers Baltics Cyberspace Estonia Franklin Holcomb Latvia Lithuania Non-Full-Time Military Forces (Guard, Reserve, Territorial Forces, Militias, etc)

Options for U.S. National Guard Defense of Cyberspace

Jeffrey Alston is a member of the United States Army National Guard and a graduate of the United States Army War College.  He can be found on Twitter @jeffreymalston.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.

National Security Situation:  The United States has not organized its battlespace to defend against cyberattacks.  Cyberattacks are growing in scale and scope and threaten surprise and loss of initiative at the strategic, operational and tactical levels.  Shortfalls in the nation’s cybersecurity workforce and lack of division of labor amongst defenders exacerbates these shortfalls.

Date Originally Written:  July 23, 2017.

Date Originally Published:  September 4, 2017.

Author and / or Article Point of View:  This paper is written from a perspective of a U.S. Army field grade officer with maneuver battalion command experience who is a senior service college graduate.  The officer has also been a practitioner of delivery of Information Technology (IT) services and cybersecurity for his organization for over 15 years and in the IT industry for nearly 20 years.

Background:  At the height of the Cold War, the United States, and the North American (NA) continent, organized for defense against nuclear attack.  A series of radar early warning lines and control stations were erected and arrayed across the northern reaches of the continent to warn of nuclear attack.  This system of electronic sentries were controlled and monitored through a series of air defense centers.  The actual air defense fell to a number of key air bases across the U.S. ready to intercept and defeat bombers from the Union of Soviet Socialist Republics entering the NA airspace.  The system was comprehensive, arrayed in-depth, and redundant[1].  Today, with threats posed by sophisticated cyber actors who directly challenge numerous United States interests, no equivalent warning structure exists.  Only high level, broad outlines of responsibility exist[2].  Existing national capabilities, while not trivial, are not enough to provide assurances to U.S. states as these national capabilities may require a cyber event of national significance to occur before they are committed to address a state’s cyber defense needs.  Worse, national entities may notify a state after a breach has occurred or a network is believed to be compromised.  The situation is not sustainable.

Significance:  Today, the vast Cold War NA airspace has its analog in undefended space and gray area networks where the cyber threats propagate, unfettered from active security measures[3].  While the capabilities of the myriad of companies and firms that make up the critical infrastructure and key resource sectors have considerable cybersecurity resources and skill, there are just as many that have next to nothing.  Many companies and firms cannot afford cyber capability or worse are simply unaware of the threats they face.  Between all of these entities the common terrain consists of the numerous networks, private and public, that interconnect or expose all of these actors.  With its Title 32 authorities in U.S. law, the National Guard is well positioned to take a key role in the unique spot interface between private industry – especially critical infrastructure – in that it can play a key role in this gray space.

There is a unique role for the National Guard cyber forces in gray space of the internet.  The National Guard could provide a key defensive capability in two different ways.

Option #1:  The National Guard’s Defensive Cyberspace Operations-Element (DCO-E), not part of the Department of Defense Cyber Mission Force, fulfills an active role providing depth in their states’ networks, both public and private.  These elements, structured as full-time assets, can cooperatively work to negotiate the placement of sensors and honeypots in key locations in the network and representative sectors in their states.  Data from these sensors and honey pots, optimized to only detect high-threat or active indicators of compromise, would be aggregated in security operations centers manned primarily by the DCO-Es but with state government and Critical Infrastructure and Key Resources (CIKR) participation.  These security operations centers provide valuable intelligence, analytics, cyber threat intelligence to all and act to provide depth in cybersecurity.  These units watch for only the most sophisticated threats and allow for the CIKR private industry entities to concentrate their resources on internal operations.  Surveilling gray space networks provides another layer of protection and builds a shared understanding of adversary threats, traffic, exploitation attempts returning initiative to CIKR and preventing surprise in cyberspace.

Risk:  The National Guard cannot be expected to intercept every threat that is potentially targeted at a state entity.  Negative perceptions of “mini-National Security Agencies (NSAs)” within each state could raise suspicions and privacy concerns jeopardizing the potential of these assets.  Duplicate efforts by all stakeholders threaten to spoil an available capability rather than integrating it into a whole of government approach.

Gain:  Externally, this option builds the network of cyber threat intelligence and unifies efforts within the particular DCO-E’s state.  Depth is created for all stakeholders.  Internally, allowing National Guard DCO-Es to focus in the manner in this option provides specific direction, equipping options, and training for their teams.

Option #2:  The National Guard’s DCO-Es offer general support functions within their respective states for their Adjutants General, Governors, Department of Homeland Security Advisors, etc.  These elements are tasked on an as-needed basis to perform cybersecurity vulnerability assessments of critical infrastructure when requested or when directed by state leadership.  Assessments and follow-on recommendations are delivered to the supported entity for the purpose of increasing their cybersecurity posture.  The DCO-Es fulfill a valuable role especially for those entities that lack a dedicated cybersecurity capability or remain unaware of the threats they face.  In this way, the DCO-Es may prevent a breach of a lessor defended entity as the entry point for larger scale attacks or much larger chain-reaction or cascading disruptions of a particular industry.

Risk:  Given the hundreds and potentially thousands of private industry CIKR entities within any particular state, this option risks futility in that there is no guarantee the assessments are performed on the entities at the greatest risk.  These assessments are a cybersecurity improvement for the state overall, however, given the vast numbers of industry actors this option is equivalent to trying to boil the ocean.

Gain:  These efforts help fill in the considerable gap that exists in the cybersecurity of CIKR entities in the state.  The value of the assessments may be multiplied through communication of the results of these assessments and vulnerabilities at state and national level industry specific associations and conferences etc.  DCO-Es can gradually collect information on trends in these industries and attempt to use that information for the benefit of all such as through developing knowledge bases and publishing state specific trends.

Other Comments:  None.

Recommendation:  None.



[2]  Federal Government Resources. (n.d.). Retrieved July 22, 2017, from https://www.americanbar.org/content/dam/aba/marketing/Cybersecurity/2013march21_cyberroleschart.authcheckdam.pdf

[3]  Brenner, J. (2014, October 24). Nations everywhere are exploiting the lack of cybersecurity. Retrieved July 21, 2017, from https://www.washingtonpost.com/opinions/joel-brenner-nations-everywhere-are-exploiting-the-lack-of-cybersecurity




Cyberspace Jeffrey Alston Non-Full-Time Military Forces (Guard, Reserve, Territorial Forces, Militias, etc) Option Papers United States