WASHINGTON: The US Army is rushing to stand up cyber forces but its progress shows both how far we’ve come, and how far we have to go.
“From an initial start of six officers in 2014… today we have 397 officers, 141 warrant officers, and 560 non-commissioned officers and soldiers” in the Army’s recently created cyber branch, the four-star Vice Chief of Staff, Gen. Daniel Allyn, told an Association of the US Army conference last week. That’s just over 1,000 specialists of all ranks. (Another 962 soldiers are in the related field of electronic warfare).
West Point and ROTC graduated 30 new cyber lieutenants this year and will ramp up to 45. Many more cadets want to join, but the newborn branch’s training pipeline can’t yet absorb them all.
“It is not your typical (Army) classroom environment,” said Col. Kenneth Rector, commandant of the Army Cyber School at Fort Gordon, Ga. “They are small classes.”
Like most Army cyber troops, Rector started out in another specialty — in his case Military Intelligence — before transferring to the new cyber branch. That diversity brings varied perspectives, but it further complicates training. Both the diverse student body and the complex subject matter militate against a lecture-hall, mass-production approach to education.
That said, production is ramping up. This year, Fort Gordon graduated its first Basic Office Leaders’ Course (BOLC) class of 21 officers. Next year, there’ll be multiple BOLC classes plus an Advanced Individual Training (AIT) course for enlisted personnel. In 2016, Rector said, Fort Gordon graduated 131 cyber operators; in 2017, the plan calls for 561.
What sparked this growth? Back in 2014 — just two and a half years ago — then-Secretary of Defense Chuck Hagel ordered the military to add 6,000 cyber specialists by 2016. Today, Army soldiers make up about a third of this Cyber National Mission Force. (The rest are Air Force and Navy/Marines). All of the 41 teams the Army was tasked to form are now operational, Army Cyber Command says. Some 11 are still building up to full strength — they’re at what’s called Initial Operational Capability — while 30 are fully manned and operational.
“Our no. 1 priority right now is to aggressively to defend our data, our networks, and our information systems,” said Lt. Gen. Paul Nakasone, who commanded the National Mission Force until last month, when he took the helm at Army Cyber Command.
What does Nakasone mean by “defense”? All the organizations we’ve mentioned report to Cyber Command, whose primary role is to defend the military’s own systems (collectively called) the Department of Defense Information Network (DODIN). It’s civilian agencies like the FBI that protect civilian networks and critical infrastructure day to day. But CYBERCOM is always on call for backup if the civilians get overwhelmed.
CYBERCOM would also lead any retaliatory cyber strike on Russia or other overseas adversaries beyond the reach of US law enforcement. Army Cyber is leading Task Force Ares, the all-service effort to hack the Islamic State, which uses the Internet for everything from propaganda to recruiting to command-and-control.
Besides these strategic missions, the Army is also experimenting with tactical cyber teams, which would protect units’ wireless networks on the battlefield and attack their enemies’. 18 months of wargames have already convinced the service to add two cyber defense specialists to each combat brigade — over 100 soldiers Army-wide — and it’s studying 15-soldier teams for higher echelons.
The Army’s also looking at its weapons systems, from tanks to helicopters to digital radios, to see which ones are vulnerable to hacking and might need urgent patches. With human error the pathway for most cyber attacks — clicking on a misleading link, opening a booby-trapped attachment, downloading a bad app — “the most important thing that we’re focused on right now is training our soldiers to be as vigilant operating their equipment as they are when they get into the combat patrol,” Gen. Allyn said.
In short, there’s tremendous demand for cyber expertise just to defend the Army’s own digits, let alone the nation. And the Army has to compete for talent not just with the other armed services and civilian agencies, but with the private sector as well, which pays vastly better and doesn’t send you to be shot at.
The military, however, can offer incentives that aren’t just financial. Besides the call to service, there’s also the fun factor of doing something you can’t do in civilian life. “The good news is, for our cyber professionals, they can do things in defense of our nation that would get arrested for in the outside world,” said Allyn. “That is very attractive.”