Panel: More Investment Needed to Retain Cyber Warriors (UPDATED)
SAN DIEGO — The military must make greater investments in the training and retention of cyber professionals, a panel of military officials said Feb. 17.
“We’ve got to have the right workforce,” said Brig. Gen. Dennis Crall, director of command, control, communications and computers and chief information officer for the Marine Corps during a panel discussion at the annual AFCEA/U.S. Naval Institute WEST 2016 conference in San Diego.
While it is important to increase capability and ensure that cybersecurity software is baked into weapon systems from the start, there is nothing more important than having the right personnel, he said. Over the past six to eight months, the Marine Corps has focused on what it means to build a cyber warrior not only today but in the future, he said.
“For those in uniform, what’s the training pipeline? What [skill sets] do they come out with … and how do they adapt and continue on given the changing nature of this business?” he said.
The Marine Corps is still looking for ways to better entice skilled cyber professionals to stay in the military, he said. Government officials have long lamented the fact that much of its workforce will eventually leave public service for more lucrative industry jobs.
“It’s not clear to me, in looking at our own enterprise that we are investing in the right people and the right places at the right time,” Crall said. “We have to be very careful to make sure that it’s not always about squeezing down dollars … but ensuring that our investment strategy matches the direction that we … [have] as operational warfighters. And it’s lacking in some of those areas.”
Retention plans have to be tailored around individuals, he said. “There’s a delta out there of certain skill sets and I think this becomes more of the Hunger Games for us,” he said. “Cyber Command, NSA, combatant commands, the services are really going after a very similar pool of people.”
Vice Adm. Ted Branch, deputy chief of naval operations for information warfare, said the military still has not reached a point where cybersecurity is taken as seriously as it should be.
It took the military a long time before it made large investments in nuclear propulsion and strategic deterrence, he said. “It was recognized from the get-go that … while the chances of something bad happening were low, the consequences of something bad happening were unacceptable. We haven’t quite gotten there yet in cyber even though there has been so much attention.”
There is also an issue with return on investments in the cyber world. “It is hugely difficult to measure objectively what you get for your next cybersecurity dollar. So until we can get our arms around that in some fashion or some kind of objective metrics about how do we mitigate risk … it’s going to be hard to justify all the expenses that we really need.”
Vice Adm. Jan Tighe, commander of U.S. Fleet Cyber Command, said she doubted that within her lifetime cybersecurity professionals would be trained to the same extent as those in the nuclear force.
Traditionally, leaders have thought that keeping its workforce on mission is the best training they can provide them, she said.
“As our defenses improve, perhaps our force needs more of a persistent training environment that allows new and different kinds of threats that may not be getting into our networks today,” she said. “Eventually some of these kinds of threats will get in … so are we really ready to deal with the high-end threats?”
Correction: The name of the conference has been corrected.