Interesting concept, I guess from your comment about going to your blog you aren't interested in comments here, but I'll take a swing. I'm not very well versed in this cyber stuff, but you know what the heck.

First, I guess I'd ask the question of who this combatant command is going to fight? As a military force what are the targets it will engage? If from Krzygistan, Georgia, and Estonia we can ascertain the non-state actors were in fact non-uniformed adversaries, are you going to use a military force to attack these non-state actors? Under what purview of just-war or law-of-war will this occur? I'm just curious after all it is likely nothing but an academic excercise.

Second, if what General Lord (Cyber command provisional) said about 70 percent of all attacks being generated from inside the United States (backed up by CSI/FBI stats) will this combatant command be attacking United States companies and citizens? What effect will that have on posse commitatus or should we simply dispense with that as trivial in these trying times? I wonder where you are going to find a force that can act as an international military, a state militia, a federal crime buster, a disaster response agent, and can be found in all territories and states?

Third, this CYBERCOM combatant command will use what tools as a method of waging war? I don't want to bring up mutually assured destruction, but there it is.... My gosh I wonder what nation in a battle of the bits and bytes has the most to lose in a cyber engagement? In fact if you think about small wars, insurgencies and guerilla actions (there is really great website that looks at all that stuff) you might find the concept of an adversary using their opponents tools against them. Some guy named Nagl talked about eating soup with a knife of something like that.

Fourth, since cyber space I guess defined, as ill and mistaken as only the department of defense can butcher a well understood concept, made up by a science fiction writer (in 1984), who unfortunately is still living to laugh about it, exists. I guess since cyber space exists and is part of that woefully misunderstood information world we might think about those hundred year old treaties that talk about neutrality of the telephone system. The long standing tradition of spying but not using the telephone system of friendly neighbors to wage war. The various telecommunication acts and laws that are currently on the books protecting citizens and friendly allies should just be tossed out as well. I mean, all is fair in love and war, right?

Fifth, when you dig down past the world wide web, and burrow into the Internet heading towards the gold, you end up looking at the world bottom up. There floating below the Internet you have the kinetic aspects of military action available to your digital fingers (redundant?) and wallowing in the morass of the data stream all telemetry is accessible. Think about that wonderful global information grid "GIG" (beer barrel) model the whimsical military throws up on power point slides from times to time. As an aside does the military have some perverse relationship with power point? I like that GIG concept. All the people, procedures, transmissions, telemetry, command and control floating around in more than a bit/byte internet protocol world.

What could I do with all those command and control circuits in air bag controller systems you find in cars programmed in foreign countries? What might I do with the phase controller circuits on generators and power transmission equipment attached to a variety of networks? How could I operationalize kinetic stored power thousands of times more powerful than a nuclear weapon stored behind a major dam that is remotely controlled by the lowest bid contractor? What legal resources do you have to fight attacks against targets with minimal evidence of attribution when we can't even find paperwork for foreclosed houses?

When you operate at the C2 layer and no longer see the Internet as some be all/end all those pesky effects based outcomes (oops some general will be angry using that little phrase) become easier to operationalize. I know what we should do! Let's have a 60 day cyber investigation because 30+ years of research, literature, and recommendations just isn't enough to make a relevant decision. We need 60 days more.

I'm not sure creating a strictly hierarchical organization (likely top heavy with officers because that is the Air Force way), so an entrenched bureaucracy can slow response time, and erode effectiveness as only large organization can do, is going to be a good idea. Of course, you could make it really really really big as a large highly hierarchical organization is exactly how you should fight an insurgency that is likely following a swarm networked model of attack by intention rather than direction. It is always highly effective to have a strict chain of control in those situations where flexibility is incredibly important.

If that isn't your cup-of-tea let the National Security Administration do it along with the rest of the intelligence community. They will refuse to tell us what they are doing but they will spend buckets of money doing it. I'm not sure how the intelligence community would interact with the corporate world except to refuse to talk to them. The corporate world being the largest target of opportunity.

I'm a bit of contrarian.