Army Pursues Development of Soldiers’ Cybersecurity Skills

Cyber-initiatives often conjure up images of network infrastructure or lines of computer code. But to win a war in cyberspace, the human element is even more important than hardware and software, a panel of military and industry experts said.

Not only is the Army on the hunt for talented “cyberwarriors” to carry out offensive and defensive operations, officials want normalize network security across the entire service.

“People are the key to gain and maintain a competitive advantage, and building a cyberforce is critical,” Lt. Gen. Edward Cardon, commanding general of the Army’s Cyberspace Command, said Oct. 23 at the Association of the U.S. Army annual conference. “Cyberspace is too big. No one entity has all the answers. No one knows all hardware. No one knows all code. No one has a monopoly on good ideas, so our team has to include the best minds in industry, government and academia.”  

Finding and grooming the right personnel will be key, agreed Jim Young, Google’s Army account executive.

"When it comes to software coding, one superstar is as good as 1,000 general purpose coders. In cyber, the ratio is actually higher. They simply see things that others do not,” he said.

The Army’s 780th Military Intelligence Brigade is the Army’s premier cyberoperations unit and is at the center of the service’s recruitment, training and operations, said its commander, Col. Jennifer Buckner.

The unit strives to have a Google-like culture of innovation, she said. Some of the unit’s most competent cyberwarriors started the job with no formal intelligence training or technical education.

“Rank and position mean very, very little, but the skill sets that you bring to a mission will be rewarded, and you will be rewarded accordingly,” she said. “We have specialists that are performing missions today of national and strategic significance because they’re very good at what they do.” 

Though the Army is ramping up activities in cyberspace, it is still sometimes frustrating that some parts of the force do not understand how to employ its capabilities, said Brig. Gen. George Franz III, director of current operations for the Cyber National Mission Forces.

Cybersecurity operations are “not enabling operations, they're not network operations, they are not just security, and they are just not intel. It is a full spectrum,” he said.

The battlespace cannot be thought of as a separate domain that operates apart from the rest of the force, agreed Lt. Gen. Dave Perkins, commanding general of the Command Arms Center. The Army eventually will incorporate cyber-events as a part of training exercises.

U.S. Training and Doctrine Command must decide what cyber skill sets need to be taught across the entire Army and “not just the people that know what control +alt + F8 does,” Perkins said. “And I have no idea what that does, so don't go home and do it," he continued, laughing.

This doesn’t mean that there will be cybersecurity experts at every level. Perkins compared possible use of such personnel to the Army’s air assets. There are no F-16 pilots organic to an infantry platoon, but soldiers can easily call up air support, he said.

Unlike with kinetic or electronic warfare, a commander in the cyberdomain may not be able to respond to an attack without receiving permission, Cardon said. That will change over time, as trust is established between cyber-officials and the rest of the Army.

“The problem in cyber is once you use [a weapon]... you can't get it back. It's out there, and often it gets reversed engineer right away. Before you know it, it can be used on you within a couple days,” he said.

Not only does the Army need to hire cybersecurity experts and train its existing force, the service must protect its infrastructure from malicious entities already inside its networks. Concerns about insider threats to the military reached a fever pitch after Edward Snowden, a former defense contractor with Booz Allen Hamilton, disclosed classified information on National Security Administration initiatives.

One way the service is tackling this problem is the development of “Army Network 2020, “ which will incorporate behavior-based analytics that can help identify possible anomalies, said Maj. Gen. Alan R. Lynn, vice director of the Defense Information Systems Agency.

“It will follow your pattern and how you operate. If you go to X number of website, it logs it. If you put out so many emails, it logs it. If you now change your behavior and so something completely different, you go to a separate site or an inside site and you start downloading a whole lot of information,” the network will send a red flag to security personnel, he said.

Not only may the system be able to identify when an individual is acting out of the norm, it could help determine when a computer has been taken over by a malevolent entity, he added.

Individuals are most likely to disclose government or company information shortly after they are hired or before they leave that organization. It’s impossible to monitor all the data streaming through a network, but the Army and defense contractors could increase monitoring of new and outgoing employees, said Charles Croom, Lockheed Martin's vice president of cybersecurity solutions.

Insider threats may also be less of a problem as the military trains its own personnel. The Army is decreasing its dependence on cybersecurity contractors, Buckner said. Civilian hires are still needed, but mostly for niche capabilities.

Topics: Cyber, Cybersecurity