Cybersecurity & The Military

Promotion

There is a lot in the news today about privacy, cyber, AI, and ChatGPT. Everyone is concerned about our networks, our technical advantage or disadvantage; who is watching us and who is protecting us? That question is front and center for the military as they look to find and “keep” the best and the brightest when it comes to the new frontiers of space, AI and cyber.

After all, our cyber defenders protect everything from land to sea to space. They are the first line of defense. The question is: how does the military attract and retain critical cyber talent? A recent U.S. Government Accountability Office (GAO) report sheds some light on the problem.

The Importance Of “Cyberwarriors”

Our increasingly digitized and virtual world relies on a skilled and vigilant cyberforce to protect the very networks that allow our marines, sailors, airman, and soldiers to operate in a modern military. Without cyber defenders as our first line of defense against hackers, rogue actors, and other potential malevolent security threats, everything that runs on the systems that keep us safe is at risk. This is a primary concern for the military, who is charged with protecting the troops and the nation at the highest levels and for the highest stakes.

The question is, once you find and train the cyber talent who maintains these systems, how do you keep them?

It seems that same question was front and center in a U.S. Senate report that accompanied the fiscal year 2022 National Defense Authorization Act. In that report, released in December, Congress asked the GAO to look into “recruiting and retention challenges” as well as minimum terms of military service for active-duty military cyber personnel.

One finding from the GAO report said that the lack of mandatory service commitments for military cyber personnel is allowing the Department of Defense (DoD) to lose talent to the private sector, since these trained individuals do not have an obligation to remain in the military after they have received their training. While the Department of Defense “must recruit and train a knowledgeable and skilled cyber workforce,” they face sometimes stiff competition from the private sector who are also keen to recruit and retain top talent.

It is also important to note the depth and intensity of the training that these highly skilled employees receive. According to one cyber officer, quoted in Military.com, "Those skill sets are extremely hard to come by." The cyber officer continued, "These trainings do have a fairly substantial washout rate, and so the reality is not only do you have a lengthy amount of time you put into these people, you also have a finite number of people, frankly, that have the skill set to complete the training."

Problems With Retention

One primary focus of the GAO report detailed what the U.S. Army Intelligence and Security Command refers to as Interactive On-Net Operator (ION) training. This highly valuable and very particular skill set relates to “network reconnaissance” and the use of analysis to identify cyber vulnerabilities. The U.S. Cyber Command identified this skill as critical to its plan to expand the cyber workforce substantially over the next five years. One concern highlighted in the report was that although the ION training may take three years and “cost the department hundreds of thousands of dollars - trained professionals may not remain in the military to use those skills for a significant time.” The money invested in training might not translate into long-term utilization of those learned skills and personnel retention for active-duty forces.

The retention issues persist across all military services, which, GAO noted, have “spent at least $160 million on cyber retention bonuses annually in fiscal years 2017 through 2021.”

According to the Army, however, these retention bonuses are cost-effective. Army Cyber Command officials told the GAO that money spent on retention bonuses is offset by the costs of recruitment and training to replace cyber personnel. The replacement cost for a service member in the 17C career field, or cyber operations specialist, who is certified to fill the interactive on-net operator role is about $400,000, while the retention bonus offered to a person with that training is $92,000 spread over six years, the report notes.

Retention of the right people remains critical. According to Army General Paul M. Nakasone, commander of U.S. Cyber Command (CYBERCOM) and the director of the National Security Agency, "It all starts with people, the men and women of U.S. Cyber Command working with NSA and partners here and abroad," he said. "We win with people." Defending the Department of Defense’s information systems and strengthening the nation’s ability to withstand and react to a cyber attack are some of the main focuses of United States Cyber Command.

These issues have become problematic just as CYBERCOM seeks to add more teams. Nakasone, who serves as both the commander of CYBERCOM and the director of the National Security Agency, said in testimony before the House Armed Services Committee in 2022 that he may not have enough teams. “We originally built the force in the department — 133 teams — that were dedicated to our Cyber Mission Force. The previous secretary of defense has approved a 14-team growth in the future years defense plan. We're going to grow five more teams this year.”

The general told lawmakers that may not be enough. He said there's an on-going study within the department to look at how many teams will really be needed. Also, he said, operations involving Ukraine are teaching CYBERCOM a lot about how it conducts operations, and that this will inform decisions going forward about how many teams the cyber mission force will need.

Research conducted by RAND found that retention of the cyber workforce in the military is a particular problem since the more skills and experience these cyber warriors gain, the more marketable they are and the less likely they are to stay within the force.

Because of the education and training military cyber professionals receive on globally recognized standards, they can easily translate their military service experience to civilian careers. Unlike infantry soldiers, for example, the skills acquired on active duty by cyber soldiers are skills that directly correspond to civilian work roles, enabling soldiers to transition from military service into high-paying, competitive careers more easily than their infantry peers. The problem for DoD is how to incentivize its cyber workforce to stay on active duty and how it can compete with the broader US government and private sector to retain talent. In that 2022 congressional hearing, General Nakasone indicated that retention was one of his top priorities.

Overall, according to an internal and not publicly released survey of US Army Cyber Command’s cyber workforce in 2019, the top three factors that would encourage Army cyber personnel to stay in the military were the opportunity to focus on their mission (which they really enjoyed) without administrative distractions, greater time to build their tradecraft and receive additional training, and improved compensation and recognition for their work.

To be fair to the DoD and other sectors of the government, it is important to note that not all private sector cyber professionals – regardless of military experience - are happy and satisfied with their work or employers. In fact, they have concerns that are strikingly like their military counterparts: cyber professionals in the private sector cited career advancement, competitive compensation, and leadership’s commitment to cybersecurity as the top three factors affecting job satisfaction and their decisions to leave their organizations.

Change Is Coming

Realizing the issues, the DoD has embarked on a strategy to add thousands of cyber workers through recruitment, training and retaining the necessary talent to execute its cyber missions.

Last November, the DoD dropped the education requirements to open the market for candidates who have chosen through training, industry certifications, on-the-job training, or apprenticeship programs to attain qualified status. Several federal agencies have opened a new personnel system to augment their ability to recruit, develop and retain entry and expert-level cybersecurity professionals.

More recently, in March, it officially announced its DoD Cyber Workforce Strategy designed to provide a framework for how the agency will recruit and retain talent amid a global shortage that reaches hundreds of thousands of open jobs.

In a briefing with reporters, Mark Gorak, DoD chief information office’s principal director for resources and analysis, said DoD has “chosen to be bold” with the new strategy. The strategy outlines four “human capital pillars,” or broad goals: identifying workforce requirements, recruiting talent, developing talent to meet mission requirements, and retaining talent.

Next Steps For The Department Of Defense

The DoD has an ambitious agenda, it must work to attract talent, retain that hard-to-find talent and work with other government agencies and the private sector in a cooperative fashion to find and harness the human capital needed to enact this ambitious program. The difference is that now, thanks to the recent GAO report, there are some true metrices that it can use to see if the program is working. The GAO report noted that The Navy and Air Force were able to staff their cyber career fields at more than 80%; the Army “improved,” rising above 80% in 2021; and the Marine Corps “generally did not exceed” 80%.

In Daniel Pink’s book, Drive, he suggests that employees are much more likely to stay with their employers if their jobs provide them with three things: autonomy, mastery, and purpose. This seems especially true with highly talented employees that work in cognitively challenging roles.

See What CYRIN Can Do

 CYRIN knows that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. The people who run our most sophisticated systems, the military, have continued to entrust us with training some of these specialized cyber warriors. For the military, for educators, for the private sector, we continue to evolve and develop solutions with “hands-on” training.

The most effective training that is crucial to attracting and keeping the critically needed people who defend our systems. Our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required.

These tools and our virtual environment are perfect for a mobile, remote workforce. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN


Take a test drive and see for yourself!


You Might Also Read: 

Cybersecurity & The New Space Race:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« Artificial Intelligence To Replace 55,000 Telecom Jobs
AI Generated Images Shake The Stock Market »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

TSARKA

TSARKA

TSARKA (formerly the Center for Analysis & Investigation of Cyber Attacks - CAICA) is a leader in cybersecurity in Central Asia, playing a key role in protecting government and private IT assets.

Advisera 27001Academy

Advisera 27001Academy

Advisera is a market leader in providing documentation and online support for the implementation of business standards including ISO 27001, ISO 22301 and EU GDPR.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

Meterian

Meterian

The Meterian Platform is a fuss-free solution to protect you against vulnerabilities in your app’s software supply chain.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.

360 Advanced

360 Advanced

360 Advanced is a relationship-focused cybersecurity and compliance firm offering integrated compliance solutions customized to meet your business’ needs.