The U.S. military has long laid claim to having the best-equipped, best-trained fighting force in the world, and to spending more on defense than the next eight top-spending nations combined. But when the battleground is cyberspace, does that claim hold up?
The democratization of technology and the spread of online activity into nearly every aspect of daily life have changed the game. Potential adversaries don’t need quite the resources to contend in cyberspace as they would, say, on the seas. And domestically, the Department of Defense (DoD) faces a lot of competition for top-tier manpower. In generations past, DoD didn’t have to worry about General Electric or Pep Boys having better soldiers–maybe former soldiers, sure, but soldiering wasn’t their business. Today, however, the best practitioners in cyberspace are often operating in the private sector. And, considering that DoD recognizes cyber defense and cyber capabilities as essential to national security, trying to recruit and retain some of that talent has become an ongoing, and at times frustrating endeavor.
The Pentagon has made progress in building a cyber force. The U.S. Cyber Command expects all of its 133 Cyber Mission Teams–comprising about 6,200 personnel–to be fully operational later this year. All of its teams achieved initial operating capability in 2016, and a good many of them including all of the Army’s and Navy’s teams were at full capability last fall. But DoD also needs cyber personnel throughout the services, and has been trying a number of ways to get them on board.
The Air Force, for instance, is moving forward with its Cyber Squadron Initiative to turn existing personnel into cyber warriors with IT workers at seven bases scheduled to make the transformation this year. The Army last year invited people to attempt an online hacking test, with the best performers being offered a chance to undergo direct commissioning as mid-grade officers in the Army Cyber Command. About 800,000 took part, with 1 percent of them passing the test.
The military also is trying to lure some talent from the private sector, which traditionally has had an advantage in pay and job flexibility. Congress also boosted recruitment efforts last year, authorizing a pilot program for direct commissioning of experienced cyber practitioners after a minimum of military training a six week Direct Commissioning Course and a 12 week Cyber Basic Officer Leader Course. While that approach is showing promise, it still might not be enough, Army Cyber Command Chief Lt. Gen. Paul Nakasone, who the Senate is set to confirm as the next commander of the U.S. Cyber Command and National Security Agency, told Congress this month.
At a confirmation hearing before the Armed Services Committee, during which he lamented that Russia, China, and other countries don’t expect much retaliation for cyberattacks, Nakasone said the Army might need to up the ante a bit, by offering ranks and pay grades more in line with what prospective cyber warriors have accomplished in the private sector.
“What we have seen in the Army is we need greater constructive credit,” Nakasone said in his testimony. “So if you are a high-end big data or forensics malware analyst, being able to get more credit for that service to bring you at a higher rank will allow us to probably bring in a higher level of talent.” The Army’s direct commissioning program, which started in December, commissions new cyber arrivals as lieutenants.
Nakasone acknowledged that it’s a new program, and has said previously that the Army only plans to rely on direct commissioning for a fairly small percentage of its cyber officers. But the situation also shows what the Pentagon’s cyber efforts are up against in trying to recruit the best and brightest. Your country needs you–but can it pay?