There is a good deal of energy and a fair amount of chaos in the Army’s approach to developing the resources needed for seizing the high ground in cyber warfare. That’s a good thing. What the military needs to succeed in this effort is even more energy and more chaos. That’s because it is currently operating within a very large void.In 2013, The Heritage Foundation, a think tank in Washington, D.C., began a unique research project: developing an independent, objective measure of U.S. military power that would enable analysts to assess the strength of the armed forces relative to threats and mission. The first edition of the Index of U.S. Military Strength comes out this year. Subsequent editions, published annually, will track year-to-year changes in strength, threats and mission, allowing us to mark whether the relative power of the armed forces rises or falls.Unlike episodic assessments of military capabilities such as the Quadrennial Defense Review and National Defense Panels, the index uses consistent metrics to evaluate forces, threats and the operational environment. Further, in contrast to indices such as the International Institute for Strategic Studies’ The Military Balance, The Heritage Foundation’s index includes both standardized quantitative and qualitative assessments that incorporate more than just the numbers of planes, ships and people. It provides context for determining the force structure’s relevance to military requirements.One striking feature of the index is that there is no measure of U.S. military power in cyberspace. That’s not to say the capacity to fire and maneuver in cyberspace is not a crucial feature of modern military power, but right now there simply is no credible means of objectively and consistently evaluating competitive cyber power over time. If and when one does emerge, it will be folded into the index, providing an even more comprehensive insight into how well the armed forces safeguard national interests.But in the meantime, the situation is problematic for national security. The difficulty of measuring cyber power creates serious challenges for armed forces reliant on assessments of missions, threats and the operating environment to determine the capabilities and capacity they must deploy.A Cloudy Way ForwardConflict in cyberspace is no different from any other form of human competition. The goal is first to survive and second to gain an overwhelming, competitive advantage over a potential adversary. But finding and seizing the high ground in cyberspace, where there is no physical space, would be a stupendous feat.There has never been a cyber superpower. There is no blueprint—let alone metrics—for measuring progress. All the Army knows is: It needs more.The Army has been as responsive as any of the services in jumping into the cyberspace race. Just listing all the cyber initiatives is a bit overwhelming. In 2010, the Army formally stood up its operational cyber command. In 2015, a dozen or so West Pointers will be the Academy’s first graduates to be directly commissioned into U.S. Army Cyber Command. They will be stepping into an uncertain career path, much like those first graduates to join the fledgling U.S. Army Air Service. This year will also mark the first joint U.S.-U.K. cyber war games, an innovation that could turn out to be as groundbreaking as the [American and British Conversations] that preceded America’s entry into World War II.Recently, Lt. Gen. Robert B. Brown, commander of the U.S. Army Combined Arms Center and Fort Leavenworth, Kan., declared, “We need to give serious consideration to how the U.S. Army could combine the technical expertise of the ‘Google’ generation with its more traditional military skills.” He mused about nontraditional acquisition and training of personnel to build up the military’s cyber expertise.Such initiatives swarm around a mountain of military documents, a paper blitzkrieg of “guidance.” After reading it all, one is tempted to ask: “What’s the point?” Consider the July 2011 Department of Defense Strategy for Operating in Cyberspace. The 13-page document was more of a shopping list than a coherent strategy. It lacked, for example, any serious discussion of the offensive component of cyber operations.With commanders’ intent as clear as a cloud, not surprisingly, within the Army there are tussles carving out responsibilities, capabilities and requirements, hence the spastic attempt to broker a marriage between the Signal Corps and military intelligence in scoping the needs for offensive and defensive capabilities. The result is as disappointing as it is predictable: a tower of new requirements with no crystal-clear way forward.Given the cloudy, competitive environment in which the Army is operating, there is every reason for the service not to overly straitjacket the approach of land forces to cyber action. A loose, organic structure that leaves room for trial and error, experimentation and innovation makes sense, as does traveling down several paths to see which one leads further.It is no more reasonable for the Army to harden into a one-size-fits-all concept for cyber now than it would have been for seizing on a hard-and-fast plan for naval aviation in 1911 or a definitive operational scheme for armor in 1917.What would serve the Army best are some core objectives and a commitment to keep open the left and right limits of how to get there. Here are three practical guidelines.Fight AnonymityThere is a myth that attribution in cyberspace is too hard. It’s not. Just ask North Korea. Not only can it be done, but also it must be done if we are to get the balance of defensive and offensive operations right. When it comes to warfare in the physical space, everyone can quote Sun Tzu: “If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” The same perspective applies to human conflicts waged in cyberspace.Don’t Be Bound by DomainThe impulse in cyber action is to think of it as a competition between our electrons and their electrons. That makes about as much sense as carving physical war into physical domains. Arguing about the value of landpower as opposed to seapower is so 19th-century. Thinking about warfare as occurring in distinct domains is not helpful. In conflict, humans compete with humans, not dirt, clouds, the stratosphere or bodies of water.The essence of competition doesn’t change in the electromagnetic spectrum. It’s integral to the whole operational environment. Further, the tools used to influence the domain aren’t always symmetrical. Sometimes, the best way to deal with an electronic jammer is to blow it up. Sometimes, the best way to deal with hackers is to blow them up.A colleague of mine, Paul Rosenzweig, once postulated thinking of cyber as akin to how the Army conceptualizes insurgencies—complex problems that require complex responses. For example, sometimes traditional intelligence collection may reveal more about a cyber actor’s intent and actions than trying to decipher lines of code or tracing malware across IP [Internet Protocol] addresses.Fuse Linear and Nonlinear ActionLinear activities are sequential, hierarchical, and routinized with predictable outcomes and clear, identifiable linkages between the causes and effects of subsystems. Nonlinear activities are messy. Many cyber systems—digital social networks, for example—have attributes more akin to nonlinear systems. Many traditional military activities are characteristic of linear activities. War often has a dash of both. Integrating cyber and other military activities requires leaders with the skills, knowledge and attributes to bridge these two worlds. That requires professional development, training and retention to provide enough of left-right brains with green helmets and black hats in large numbers at the right time and place.There is a healthy debate to be had on the size and scope of Army cyber. Have at it. At this point, the service would do well to ensure all its programs keep these three imperatives in mind, while opening the aperture wide in looking at how to ensure America can seize and hold the cyber high ground for years to come.