Competition Keen for Next Generation of Cyberwarriors
The Air Force is beginning to stock the new command with specialists who will be charged with defending the service’s computers.
Gen. C. Robert Kehler, commander of Air Force Space Command, conceded at the Space Foundation’s Cyber 1.0 conference in Colorado Springs, Colo., that the Air Force is not yet prepared to defend its networks.
“We are ready to be ready,” was his best assessment of the Air Force’s plans to stand up the new 24th Air Force at Lackland Air Force Base, Texas. He used terms such as “stop the bleeding” and “performing triage” when it comes to the incessant attacks on the service’s networks.
One of the reasons for the lack of preparedness, he said, is “the bulk of the expertise and the bulk of the activity in cyberspace is not in the Air Force or even in the Department of Defense, but it is elsewhere.”
The 24th Air Force is expected to reach full operational capability this fall, he said. After that, defending the service’s networks, which are located at the other numbered Air Forces, will be its responsibility.
But with the private sector and other parts of government competing for the same pool of experts, the Air Force will have to recruit and develop its own corps of talented youth, or find the necessary skills outside, Kehler said.
The service is at the beginning stages of institutionalizing the expertise in the field of network operations. In June, the Air Force was expected to graduate its first class of “cyberoperations” specialists. The new designation will be for officers and enlisted personnel. In April, the Air Force approved the first “cyberspace badge” for officers working in the domain.
“The badge symbolizes the new operational mindset and the Air Force’s commitment to operationalize the cyberspace domain,” Lt. Gen. William T. Lord, the chief of warfighting integration and chief information officer at the office of the secretary of the Air Force, said in a Space Command statement.
However, badges, medals and tabs that recognize technical expertise were until recently nonexistent, wrote two Army officers last year. This lack of uniform accoutrements points to larger, more systemic problems that will face the services as they try to recruit and retain cyberexperts, said Army Lt. Col. Gregory Conti, a West Point professor of computer science, and Col. John “Buck” Surdu, chief of staff of the Army’s Research, Development and Engineering Command. They warned in an article last year that the Air Force, Army and Navy’s efforts to set up cyberwarfare components clash with the military’s “inhospitable cultures where technical expertise is not recognized, cultivated, or completely understood.”
The services are adept at molding infantrymen, pilots and sailors “but they do little to develop technical expertise.” As a result, what little talent there is leaves the military for greener pastures.
“The core skills each institution values are intrinsically different from those skills required to engage in cyberwarfare,” they wrote last year in the Information Assurance Technology Newsletter, published by the Defense Department’s Information Assurance Technology Analysis Center.
Physical fitness, bravery and the ability to lead troops in battle are treasured in the military. But these skills are irrelevant when engaging in cyberwarfare, they asserted. That requires a deep understanding of software, hardware and an understanding of networks “both at the operating and policy level.” It’s rare for leaders to have this knowledge, they added.
Some officers spend a year or two at the National Security Agency, which specializes in a range of technical disciplines, most of them classified, and is the host for the Defense Department’s proposed sub-unified cybercommand. But after serving there, they are transferred to unrelated fields and their skills quickly atrophy.
Some personnel “go to great lengths to mask their technical expertise and assignments from promotion boards by making their personnel evaluations appear as mainstream as possible,” the authors wrote.
The only way to recruit, train, and groom the capabilities needed for the nation to come out on top in a full-scale cyberwar is to create a fifth service that is devoted to the domain, argued Conti and Surdu. Just as the invention of the airplane eventually led to the creation of the Air Force, the rise of the Internet should lead to a new cyberoperations service, they added.
Meanwhile, online adversaries, some of them suspected of being behind the constant attacks on U.S. military networks, are creating their own cyberarmies.
Gary Warner, director of research in computer forensics at the University of Alabama-Birmingham, said at a homeland security conference earlier this year that China has more than 400,000 members of a rigorous military-style community of hackers “where you mentor each other in ways to attack the enemies of the state.”
The U.S. military does not have anything close to these numbers of trained cyberwarriors, he said.
In the short term, Kehler said, the Air Force will try to recruit “hard science kind of people” for its enlisted ranks, officers and civilian work force. Meanwhile, it will also rely on the reservists and Air National Guard personnel to bolster its numbers.
Maj. Gen. Emil Lassen, Air National Guard assistant to Kehler at Air Force Space Command, said even though there is “intense competition” between the service and the private sector for qualified personnel, there is already an informal partnership between the National Guard and industry to retain these specialists. Instead of competing for personnel, industry and the military can share, he suggested.
He cited a Guard unit in the Tacoma/Seattle area as one example. Its members work in several Fortune 500 companies that are based in the area. Microsoft, Boeing, Amazon.com, Siemens, Nintendo and Cisco Systems were only a few of the companies that had employees in the unit. Kehler endorsed the idea of setting up “centers of excellence” strategically placed in areas known for its high-tech industries such as Washington State, where it can leverage the expertise inherently found in these local Guard bases.
Lassen said this means reservists and guardsmen would not have to deploy for six-month periods. They could put in four- to eight-hour shifts once a week, before or after work, and receive further cybersecurity training during their one weekend per month commitment.
“This forms a triad — an informal partnership between industry, Air Force Space Command and the individual that is mutually beneficial and critical to solving the cyberchallenges faced by all of us,” Lassen said.
The cyberwarriors in the Guard have “natural aptitudes that are pre-screened by the military,” in addition to extensive and rigorous training, Lassen said.
What the Air Force wants and what industry is looking for in their workers is much the same, he contended: technical and nontechnical abilities with a combination of science, engineering, systems analysis, programming, some languages, planning skills, and “tech-savvy problem solvers who have intellectual curiosity.”
For the industries that are sharing their personnel with the Guard or reserves, they get employees who are disciplined, have strong leadership skills, maturity, security clearances, and the ability to deal with stress.
This is the sort of “dream employee that human resources departments want to recruit and retain.” As a bonus, the Guard training comes at no cost to employers, Lassen said.
“I don’t distinguish between DoD networks and (industry) networks as we’re both under attack and being exploited every day,” he added.
Kehler also wants to instill network defense skills in every recruit entering the Air Force. It will be a part of the service’s basic training. Just as every marine is a rifleman first, every airman will be a cyberwingman, he said.
“Right from the get go, they will understand that when you sit down at your computer, you are entering contested space, and from that point forward, you need to behave accordingly,” Kehler said.