Government
,
Industry Specific
,
Professional Certifications & Continuous Training
Officials Aim to Head Off Calls for New Cyber Force Using Existing CyberCom Powers
For the private sector, the cyber talent gap is an HR issue – at most a security problem. But for the U.S. military, it’s a looming strategic crisis, the Pentagon’s top cyber official said this week.
See Also: Skills Gap: A Major Cyber Risk Not to Be Ignored
“We cannot rely on our legacy model for building [cyber] talent,” Assistant Secretary of War for Cyber Policy Katherine Sutton told the AFCEA Cyber Workforce Summit. “It’s too slow, too fragmented, and hinders our ability to adapt at speed and scale.”
“We cannot afford to continue this way,” she concluded.
The Pentagon currently treats cyberspace much like a geographical area. Just as U.S. Central Command marshals and forces from all of the military services to wage U.S. wars in the Middle East, U.S. Cyber Command, or CyberCom, has trained and equipped personnel, organized into military units, by the Army, Air Force, Navy and Marine Corps, to conduct cyber operations.
But, as Sutton acknowledged, there’s been growing dissatisfaction at the Pentagon with that way of recruiting, training and equipping cyber troops – what the military calls “force generation.”
“Our current force generation approach, while effective for conventional forces, has been inadequate for the unique requirements of building the deep, specialized technical skills we need in cyberspace,” she said.
The absence of dedicated cyber career paths “has led to the bleeding of talent, where we lose our most skilled people right when they become most valuable,” Sutton said.
Critics have highlighted the services’ failure to train cyber forces for specialized roles including defending or attacking operational technology; the way the rotational deployment model makes it hard for cyber specialists to use and hone their skills consistently over time; and the way promotion all too often means taking hands off the keyboard and relinquishing a spot on the cyber battlefield front lines for a paper-pushing role.
Some critics have gone so far as to demand the creation of a sixth military service – a U.S. Cyber Force – similar to how the creation of the Space Force in 2019 focused the attention of America’s leaders on the vital role of space for military operations.
These demands culminated last year, when, in response to a Congressional request, the National Academies of Sciences, Engineering and Medicine set up a special committee to conduct an “evaluation of alternative organizational models for the cyber forces of the Armed Forces,” which was effectively a blue ribbon commission to decide whether or not it was necessary to create a sixth military service.
Last November, in what many saw as an effort to head off those demands for a separate Cyber Force, the Pentagon announced a full-scale overhaul of the force generation for Cyber Command in an initiative dubbed CyberCom 2.0.
Sutton said CyberCom 2.0 was not piecemeal reform, but an end-to-end overhaul. “It’s a fundamental reimagining, not of one piece of the talent management chain, but [of] how we identify, recruit, develop and then retain the top talent we need for this fight,” she said.
CyberCom 2.0 was based on three pillars, Sutton explained:
- Domain mastery. “We’re creating career tracks that allow our best operators to continue to hone their craft for years, becoming true masters of the domain without having to hang up their keyboards to get promoted. True mastery comes from enduring operational experience, and we will now cultivate and reward the people that choose to do that,” she said.
- Specialization of skills. “We need operators who are rock stars in cloud architectures, wizards with industrial control systems and pioneers in AI. This new approach will create pathways for our people to become those deep experts, matching unique talents with critical skills that are mission specific.”
- Additional agility. “We can’t train on a pipeline that was set five years ago and expect to be successful. We need more flexible career paths that will allow us to move talent at the pace of technology.”
She also provided AFCEA Cyber Workforce Summit attendees with new details on several of the seven policy initiatives CyberCom 2.0 was based on.
On talent management, she pledged “career pathways and a tailored assignment management process that lets our experts stay in the fight.”
She promised cyber operators would be able to spend “multiple tours defending our nation’s most critical infrastructure, becoming an unrivaled expert, rather than being forced to move on after one short rotation.” And she sketched out, “an optimized unit-phasing model to prevent burnout and sustain readiness to keep up with the operational tempo that we’re seeing in the domain.”
That tempo also demands “tailored and agile training,” Sutton said.
On recruitment, she said Cyber Command would be moving to a model based on skills, not certificates, “creating a cyber assessment battery to find those natural problem solvers and digital natives who think like war fighters, to ensure that we’re recruiting the right people with the right skills for the right roles.”
On retention, she acknowledged, “We’re competing with industry and in particularly Silicon Valley to get and keep the best.” CyberCom 2.0 would implement “incentive pay and retention bonuses that reward mastery and specialization to build that deep talent into our force.” Top tier operators will be treated as the rock stars they are, she said.
In modern warfare, Sutton said, the cyber domain was “the connective tissue for all domain warfare.” Victory in any domain, on land, in the air, in space or out at sea “now fundamentally depends on our ability to secure and dominate the cyber domain,” she said.
“Our cyber workforce is the first line of defense in executing that mission, safeguarding the critical infrastructure and services that are foundational to our society and the nation’s ability to project combat power,” she said.