From left, Navy Petty Officer 1st Class Joel Melendez, Naval Network Warfare Command information systems analysis; Air Force Staff Sgt. Rogerick Montgomery, U.S. Cyber Command network analysis; and Army Staff Sgt. Jacob Harding, 780th Military Intelligence Brigade cyber systems analysis, at an exercise during Cyber Flag 13-1 at Nellis Air Force Base, Nev. (SA Matthew Lancaster / Air Force)
- Filed Under
HOW TO STEP UP
Think you've got what it takes to be a cyberwarrior? If you want to find out more, contact the Signal Center of Excellence or Army Cyber Command through Army Knowledge Online.
Army Cyber Command is looking for computer-savvy troops to turn into crack cyberwarriors.
Rapid, substantial growth inside and outside of the command is coming as demand for cyberwarfare skills — both offensive and defensive — become a greater focus of the nation's security strategy. For soldiers, that means opportunity.
One projection has 3,000 uniform and civilian positions dedicated to Army cyber over the next four to five years, according to an Army official close to the effort. Precise numbers are unavailable, in part because the size of some of the organizations is classified.
“In this game of cat and mouse, we are definitely looking to create a cat with many skills,” said Chief Warrant Officer 5 Todd Boudreau, of the Signal Regiment at Fort Gordon, Ga.
Like beat cops, soldiers will patrol inside military networks for intrusions and malicious code and gather intelligence on threats beyond those networks as part of three new military occupational specialties. In the event of an intrusion, they may have to act fast to reconfigure their network to either counter, misdirect or spoof an adversary.
The Army has created the 255S (information protection) signals MOS for warrant officers, and trained soldiers are entering the Army's inventory at the joint and national levels. A new enlisted specialty, the 25D cyber network defender, is in the works and will start at staff sergeant.
On the military intelligence side, the Army has also created the 35Q cryptologic network warfare specialist. The Army has 500 to 600 slots for 35Qs, an evolving career track open to soldiers at E-3 to E-7 rank with high aptitude test scores. The Army began its first accessions class in October.
“We're focused on providing a professional team of elite, trusted, precise, disciplined cyberwarriors who defend our networks, provide dominant effects in and through cyberspace, enable mission command and ensure a decisive global advantage,” Lt. Gen. Rhett Hernandez, head of Army Cyber Command, said during congressional testimony last summer.
ARCYBER is nearly three years old and consists of 11,000 people. Under its operational control are the 1st Information Operations Command (Land), Network Enterprise Technology Command/9th Signal Command and the 780th Military Intelligence Brigade, which has 600 people and plans to grow to 1,000 by year's end, according to an official there.
To build this force, the Army must concentrate on identifying troops who not only have computer skills but adaptive thinkers who can master those skills, said Javier Madrigal, military assistant to the director of plans and policy/J-5, U.S. Cyber Command.
“For our boss, [U.S. Cyber Command chief] Gen. [Keith] Alexander, a trained and ready force is probably one of his top two priorities,” Madrigal said. “You can have all the technology, but if you don't have the people, it means nothing. Obviously it's a work in progress, and we're not there, but it's getting addressed at the highest levels.”
What cyber soldiers will do
Cryptologic network warfare specialists fill a range of work roles, some too sensitive for Army officials to discuss publicly. The 780th Military Intelligence Brigade, which will absorb most of the 35Qs, operates outside of the Army's firewalls, finding and defining cyber threats, including rogue-state- and nonstate-affiliated hackers and shadowy criminal enterprises — all in defense of military networks.
Assigned to Intelligence and Security Command, the 780th is under the operational control of ARCYBER, which is subordinate to U.S. Cyber Command. The brigade consists of the 781st Military Intelligence Battalion, the 780th's operational battalion at Fort Meade, Md. The 782nd Battalion at Fort Gordon works with the 706th MI Group.
For the new signals MOSs, the Signal Regiment must meet a requirement for 250 or more soldiers to become 255Ss and two to three times as many soldiers for the coming enlisted MOS, according to Boudreau, the regimental chief warrant officer of Signal Regiment.
New 255S soldiers are so far joining key organizations: national and joint commands, some theater signal commands and theater network operations centers. Eventually, Army brigades, corps and divisions would each be home to a network assurance cell made up of 25Ds and headed by a 255S.
Soldiers who want to protect the network will have to understand it first. Signals soldiers in computer network defense are required to have a minimum of four years of experience in information technology. The 25D specialty will allow promotable sergeants to be accessed, and they will be trained to perform a broad range of joint network service provider roles.
The first 25D courses are officially expected to start in 2016. Pilot courses may begin as early as this year.
While the Army's focus is to create troops with the skills to work at any level, Boudreau said, a 255S in an Army organization would only have the authority to act within his own network. To counterattack would require him to coordinate through division, corps and national levels.
Cyber soldiers from the signals and military intelligence sides will be working together, said Col. Chris Haigh, of the Army Cyberspace Proponent Office.
“If the 35Qs are working, developing assessments and determining threats, they have to work seamlessly with the 255Ss and 25Ds to make sure we are defending against those threats,” he said. “We are still working at the integration between the intel folks, the signal folks and the commanders we support.”
Attracting adaptive thinkers
How the Army will find personnel with the right skills is an open question. The Army also has yet to define the standards for a trained and ready force, though U.S. Cyber Command is expected to draft joint standards for accreditation and certification based on the jobs it needs to fill.
“The kind of people we want are people who are intuitive, who adapt; and this environment with changing technology, changing adversaries and changing cultures will never grow boring,” Boudreau said.
Col. Christopher Ballard, the director of Cyber Operations Integration Center, said the Army will have to look beyond existing military intelligence and signals experts to access and identify whom among its ranks has the aptitude to be trained to perform cyber operations.
The Army has found soldiers in surprising places with the potential to become cyberwarriors. Some maintainers have done much better than signals specialists in aptitude testing and have since been brought into cyber programs, Ballard said.
ARCYBER is reviewing accessions models from throughout the Army, including the in-service special-forces model, and it will likely merge several, Haigh said. ARCYBER might one day solicit recommendations from supervisors and commanders, have soldiers nominate themselves and rely on direct accessions of new soldiers.
While some in Washington have voiced concern that growth in cyber operations is imperiled by future budget cuts, experts say if any corner of defense spending is likely to be spared, it is U.S. Cyber Command. Although manning could be a challenge as the Army reduces its active-duty force, the money for cyber should continue to flow, said Trey Herr, a fellow at George Washington University's Cybersecurity Policy Research Institute.
“Cyber is hot right now,” he said. “This is as much a function of military requirements as congressional intention, but it is probably the safest bet in the defense budget to grow or at least remain static.”
Cyber threats are here to stay and defensive capabilities must continue to be developed, said Paul Rosenzweig, founder of Red Branch Consulting, who advises The Chertoff Group, a security and risk-management company founded by former Homeland Security Secretary Michael Chertoff.
“I don't think anybody will ever go to war again without cyberwarriors,” he said. “Going to war without cyberwarriors would be like going to war without artillery backup or close-air support. You can do it, but you wouldn't want to.”
There are some financial incentives to combat the lure of six-figure salaries in the private sector.
Selective re-enlistment bonuses of $2,500 to $10,400 apply to the 35Q MOS, which is open to troops from the rank of private through sergeant.
No bonuses exist for 255S so far, and it is unclear what may be offered to 25D candidates, but officials say they are counting on other motivations.
“As much of a challenge as offering them financial incentives is offering them a challenging workplace where they can contribute,” Ballard said. “We have great soldiers that might not be the Army poster person, but they want to deploy. They want to go downrange because they want to serve.”
The Army is providing roughly two years of training for 35Qs, including the six-month Joint Cyber Analysis Course in Pensacola, Fla. High-performing soldiers advance to the six-month Remote Interactive On-Net Training course and work in some of the most difficult roles, which will require additional training both on and off the job.
Since the 255S MOS was created in 2009, 60 of these warrant officer “cyber guardians” have graduated from the first six-month cyber courses and gone on to enter the active and reserve force. The cyber defense training and development course at Fort Gordon has become the foundation for other unit-specific courses in the works for a variety of work roles, according to Boudreau.
There is a standard service requirement of three years for every one year of training and, Boudreau said, a yet-to-be-determined commitment of two or three years for becoming a 25D.
The Army has pushed hard to quickly grow the ranks of cyber soldiers — to a point.
The idea in the Signal Regiment, after some troops failed the 255S course, is to focus on quality and not just quantity, Boudreau said.
“If you want it bad, you may get it bad, but we can't afford to do that to our country,” Boudreau said. “We're trying to do a better screening, so we may produce them slower, but you can count on every single one of them.”
The Army is discussing a possible cyber career field that would cover both the signals and military intelligence roles to allow the Army to track and guide skilled troops. However, Haigh said, troops in these jobs already should rest assured.
“There's been a lot of hard work by the signal and MI centers that ensure 35Qs and 255Ss have room to grow,” Haigh said. “They can move up and have a full career in the Army in the MOSs.”
Draft “land-cyber” doctrine is making the rounds at the highest levels of the Army, and ARCYBER is working “aggressively” to see that leaders understand cyberspace by pushing for more cyber education. Already, tactical brigade commanders are receiving a block of cyber training in their pre-command course, and ARCYBER wants to expand the training to battalion commanders and the mission command training program at Fort Leavenworth, Kan.
The Army needs to take cyber education from “making strides to a full sprint,” Haigh said. That means injecting it into pre-accession training, general officer capstone training and pre-command courses, including basic and advanced officer and noncommissioned officer courses.
One of the key obstacles for the integration of cyber soldiers into formations is that leaders, particularly older ones, do not always understand what cyber is and what cyber soldiers do.
“They really need to look at their network as a weapons platform, defend it as key terrain. They make sure they have the freedom to maneuver in land and cyber,” Haigh said of commanders.
Staff reporters James K. Sanborn and Jim Tice contributed to this report.