Senators have long been worried about the future of the Air Force’s cyber workforce.
“Out of the 127 Air Force cyber officers that completed their first tour on the cyber mission force, none went back to a cyber-related job,” Sen. John McCain, R-Ariz., said during a May 2017 hearing.
“That is unacceptable and suggests a troubling lack of focus. It should be obvious that the development of steady pipeline of talent and retention of the ones we’ve trained already is essential of the success of the cyber mission force.”
“Something along the order of a third should stay with [CYBERCOM], the rest we should look [at] how do we put them elsewhere within the cyber enterprise to build the cyber level of expertise across the entire department,” Adm. Michael Rogers, then commander of U.S. Cyber Command, told the committee.
He also clarified that these officers weren’t cycling out of the cyber mission force into non-cyber-related jobs.
“The experience we’re seeing is they’re taking officers that are rolling out of the cyber mission force … and employing them in other areas in cyber in the department,” Rogers added.
“That’s why I say one of the challenges, if you’re a service, is you have a wide spectrum of cyber requirements beyond what Cyber Command is responsible for.”
The cyber mission force
The cyber mission force comprises the 133 teams that each service is proportionally providing to CYBERCOM — while some teams will be retained by each service’s cyber component — that will address high-level cyber problem sets.
The Air Force is responsible for providing CYBERCOM with 39 of the 133 cyber mission force teams, including offensive and defensive.
On the active-duty side, the Air Force has roughly 2,500 cyber officers, according to Maj. Gen. Patrick Higby, director of Air Force cyber strategy, who spoke to Fifth Domain in a 2017 interview. Those 2,500 cyber officers must fill the requirement of the cyber mission force, as well as exclusive Air Force cybersecurity requirements.
Officials have said 24th Air Force’s cyber mission force personnel on the 39 teams will equal roughly 1,700 individuals.
“Air Force cyber operations officers have been undermanned in terms of the number of billets that we have to fill across the Air Force versus how many officers we have in the inventory,” Higby said.
In 2014, the Air Force made a deliberate decision to provide back-to-back assignments for those officers in any 24th Air Force, or Air Force Cyber, unit, according to Higby.
When it comes to retention rates in the Air Force for cyber, Higby said, the cyber mission force is manned at 100 percent, meaning the 39 Air Force teams will get 100 percent of their staffing from an Air Force perspective. The service has to take risks in other areas across the force to reach those levels.
While the Air Force is retaining about 75 percent of cyber workers, the problem for the field is that the service — and the cyber field across the nation — is “chronically undermanned,” and the Air Force must retain officers at 90 percent to keep all manpower lines looking healthy. This means the service must “do some exceptional things to retaining at a higher-than-average rate,” Higby said.
Cyber SWAT teams
The Air Force is trying to leverage cyber training to get the best return on investment, because it’s rigorous and takes time for a lieutenant fresh out of college to be mission-effective, according to Higby.
The feeling for these officers is mutual. They came to the Air Force to be cyber warriors and “they’re jazzed about that,” Higby said, adding that officers don’t want to cycle out to the cyber workforce either.
The other services are also trying to retain their cyberwarriors for the duration of their career as to not lose personnel in which they have already invested time and money.
There are other cyber jobs within the Air Force, aside from the CMF, that require some degree of skill and training to get at organic problem sets, specifically the five core Air Force missions.
One such mission is aimed at something called the cyber squadron initiative, which seeks to ensure the individual squadron level can fight through cyber incidents — whether from adversaries or insiders — to make sure the wing commander can complete their mission, even if it’s in a degraded state.
This effort is separate from the CMF and is being manned with mission defense teams, or MDTs. On the surface, Higby likened MDTs to cyber protection teams.
He envisions MDTs as “beat cops,” meaning cyber protection teams are the SWAT teams, an analogy that has been made by other commanders.
The beat cop patrols the network on a regular basis, knows what normal might be, and can deal with certain threats. However, if the problem is too big to handle, the cop will call in the cyber SWAT team (or CPT), which is essentially a quick-reaction force.
If an MDT at a location is seeing some adversarial activity that causes concern, Higby said he would expect that activity would ultimately get elevated up to CYBERCOM, and the head of CYBERCOM would have to decide what, if anything, needed to be done.
Higby added that the services oversee organizing, training and equipping war fighters, so they are always looking at that can be done to figure out whether there’s a better way to organize the Air Force around the cyber mission.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.