Since the U.S. Cyber Command was developed two years ago, it has become effective at creating joint cyber training, but continues to be a work in progress.
When the U.S. Cyber Command was established, one of the primary concerns of cyber officials was retaining a qualified cyber workforce that wasn’t tempted by higher salaries in the private sector. Yet now cyber commanders say this isn’t an issue.
“We’ve exceeded my expectations, to be honest,” said Vice Adm. Michael Rogers, the commander of the Navy’s Fleet Cyber Command in a Congressional subcommittee. “I think the thing that’s surprised and heartened me the most is that increasingly these men and women view themselves as warriors. While our civilian counterparts offer a lot of opportunities, one thing they don’t offer is the ability to be a warrior. The workforce really seems to crystalize around that idea.”
To help with retention, military services have calibrated their cyber recruiting and training strategies to emphasize benefits like training opportunities and operational experiences they can’t find elsewhere in the industry. Plus, the Defense Department is looking to implement a career progression where cyber officers can move up the ranks in the military as another incentive.
Some changes in oversight and governance from the Pentagon have also helped with the workforce effort, said Alan Paller, research director at the SANS Institute. After focusing on the wrong evaluation criteria for recruiting and maintaining the cyber workforce, defense agencies are focusing on mission-critical skill sets. “When you take the best military training right now, you get really technical, hands-on, hard-nosed skills,” Paller told Federal News Radio. “The headquarters people have discovered after a lot of feedback from the field that they had been doing it wrong. They’re now looking at measuring proficiency instead of book learning, and I’m very impressed.”
Plus, a cybersecurity workforce development and certification program is being developed through the Defense Information Systems Agency, the National Defense University and other cyber partners. While each military service has their own specific training responsibilities and missions for cyber warriors, Cybercome believes joint training will help cross-agency cyber missions.
“As we move the Department of Defense into a joint information environment, that whole environment needs to be able to be supported by consistent, repeatable behaviors,” said Henry Sienkiewicz, DISA’s vice chief information assurance executive.
Yet while retention challenges have been less than initially suspected, the DoD is still struggling to recruit and retain the high volumes of cyber warriors it needs. The U.S. has only about 800 high-level cyber threat “hunters” and “tool builders”, while China has about 40,000 of them, Paller said.
“At present, we are critically short of the skills and the skilled people we as a command and a nation require to manage our networks and protect U.S. interests in cyberspace,” said General Keith Alexander, commander of Cybercom, at a Senate Armed Services Committee in March.