WASHINGTON — Lawmakers and a congressionally mandated commission agree that the Pentagon’s cyber operations force will likely need to grow to meet burgeoning threats. But one senator is concerned that if the Defense Department can’t attract and retain the necessary talent, then creating more cyber teams will be an exercise in futility.
“If you don’t have the access to military targets, adding more cyber units [isn’t] going to accomplish much,” Sen. Joe Manchin, D-W.Va., said during an Aug. 4 hearing with members of the Cyberspace Solarium Commission at the Senate Armed Services Subcommittee on Cybersecurity.
The commission is a bipartisan organization created by Congress in the 2019 to develop a multipronged U.S. cyber strategy. Manchin asked the witnesses if they have examined whether U.S. Cyber Command has difficulties recruiting, training and retaining its forces.
“Our sense of United States Cyber Command is they’ve done a great job within the authorities that they have of recruiting, training and developing for careers the people necessary to do the work that they do,” responded Chris Inglis, a commission member and a former deputy director of the National Security Agency.
Gen. Paul Nakasone, the head of Cyber Command, said during a discussion at an Association of the U.S. Army event in mid-July that the real issue isn’t necessarily training personnel, but “being able to retain our best, not everyone, but our best.”
There are a few initiatives in place to accomplish this, the commander added.
“First of all, it begins with the mission. If you like to work hard problems, if you like to be in the middle of ensuring the defense of our nation, if you like to work with incredible people and superb technology, being in a place like Cyber Command and NSA is critical,” he said. “But we’ve also been the beneficiaries of a number of different initiatives both by Congress and by our services to make sure that we have a significant amount of enumeration for those forces.”
The Senate has backed this approach in its defense policy bill, which sought to give Cyber Command the same hiring authority for technical talent as the Defense Advanced Research Projects Agency, the Strategic Capabilities Office and the Joint Artificial Intelligence Center. This would allow Cyber Command to offer more competitive pay.
Nakasone also outlined a hiring boom on the civilian side.
“Last year we hired over 2,000 people at the National Security Agency,” he explained. “What was interesting: There were a number of different programs upon which we were able to balance that. Whether or not it was developmental programs, whether or not it was outreach to colleges, we were able to fill all of those 2,000 spaces.”
Rightsizing the force
There is broad support for a fresh assessment of Cyber Command’s cyber mission force, which makes up the offensive, defensive, and intelligence/support personnel that perform cyber operations.
Designed in late 2012, key members of government are concerned it was designed prior to modern cyberthreats and a rapidly evolving landscape.
The Cyberspace Solarium Commission recommended an assessment of this force, which made it into the defense policy bill that must still be reconciled with both houses of Congress.
“I am a believer that that force needs to grow, and that’s one of the things that we’re involved in right now, is we take a look at the budget and one of the things I’ll be advocating for with the secretary. That’s a work in progress,” Nakasone said last month. “I will certainly be an advocate for looking at broader growth, obviously within the context of what our nation and what our department can afford.”
Other commissioners of the solarium project said this assessment will strengthen the nation in cyberspace.
“I think over time we will realize that the force structure assessment of the cyber mission force will end up having perhaps the biggest impact on DoD over the next decade if we come back with a finding that suggests that we do not have enough personnel,” Rep. Mike Gallagher, R-Wis., the commission’s co-chair, said before the House Armed Services Committee last week.
Former Rep. Patrick Murphy, a commissioner and formerly the undersecretary of the Army, also told the committee last week that the assessment “is the first step to make sure that we get it right to ensure that the [cyber mission force] has appropriately sized forces and is sufficiently capable to achieve its objectives.”
Inglis, before the Senate Armed Services Committee on Thursday, also agreed with the need for the assessment, but acknowledged that “we need to also at the same time make sure that we’ve done everything necessary to create a bigger pie from which we can recruit, and once we recruit to focus hard on how do you retain those people.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.