U.S. Government Undermanned When it Comes to Cybersecurity, Army War College Academic Says
So says William Waddell, director of the Command, Control and Cyberspace Operations Group at the Army War College in Carlisle, Pa.
“The [Obama] administration is not leaning forward,” he said, noting that the views he expressed were his own. “It does not appear that this has continued to be a front burner item.”
But there is a “lot on the administration’s plate right now,” he conceded.
President Obama with much fanfare at the beginning of his administration announced several Internet security initiatives, including the creation of a “cyberczar.” But that position “has no power,” Waddell noted.
Interagency roles are still being defined. The military has the .mil domain, the Department of Homeland Security oversees .gov and the FBI has responsibility for “everyone else.”
“What’s going to happen if we have a cyber Pearl Harbor?” he asked at the GovSec conference.
Everyone is going to look to the Defense Department for leadership even though it does not have authority over the Internet. The National Security Agency lines up under the Defense Department, so it is only natural that it would be considered the go-to department, he said.
“They are going to have to be making decisions without policy,” Waddell said of senior military leaders, many of whom are digital migrants and for the most part, uneducated about the realm.
Government-wide, there is a paucity of trained Internet security professionals.
“We don’t have the personnel now to do all the missions that are out there,” he said, noting that DHS set a goal of hiring 1,000 cyber-experts a year ago, and was only able to bring on “less than 300.”
The government is competing with the private sector for the same expertise.
The military services have the same problem. They are considering extending the normal three-year rotations to keep network security specialists at their posts longer.
“The personnel folks are really looking at that,” he said.