4 May 2017

America, not the services, needs cyber forces [Commentary]


By: Jim Perkins

The U.S. Army’s effort to create a cyber force is an inspiring example of how to affect rapid change within a bureaucracy. They have made tremendous progress in just a few years and lead the other services. The bad news is that the Army continues to struggle in the war for talent in cyberspace. 

The good news is that this is a fight that the Army does not need to win, or even participate in. The Army and its sister services simply have no reason to have specific cyber forces — and it may be best for the American military if they were to realize it.

Even before cyber was emphasized, each of the services already had teams working on network defense operations, but that’s not a good reason to double-down on poor design. Unfortunately, a widespread lack of understanding and interservice rivalry has clouded judgment on setting up our cyber defenses, and thanks to availability bias, senior leaders see the emergence of cyber through the lens of Special Operations Command in 1987, not the creation of the U.S. Air Force in 1947. We need a professional cyber service — self-policing technical experts — but the current solution is fundamentally flawed.

Cyberspace is not a “network of networks” — it’s just a network. Giving each service a slice is only going to add more bureaucracy and provide less interoperability across the Department of Defense Information Network. Unlike special operations, it is not practical to delineate boundaries in the cyber domain. There is no need for a ground component and an air component in cyber. Like the air or the oceans, there is just cyberspace and operations in that domain.

To better understand this rationale, some naive questions are very helpful. What exactly is “the cyber?” What constitutes cyber operations?

If you ask a “knuckle-dragging infantryman,” it’s potentially anything more sophisticated than assaulting a hill with an M4 carbine or the Microsoft Office suite that he used to plan the mission. 

Encrypting line-of-sight radio communications? Cyber.

Blocking local cellphone reception? Cyber.

Denying enemy drone attacks? Cyber.

Countering violent extremism on social media? Cyber.

In reality, to members of the cyber workforce, it’s a very narrowly tailored array of offensive, defensive and exploitative operations directed against a computer network. Electronic warfare is not cyber. Social media is not cyber. Creating an app or wearable technology aren’t “cyber” either.

In addition, forcing cyber experts to fit into the existing service regimes is hurting the Pentagon’s ability to attract and train the best of the best. 

Passionate debate continues today as senior leaders weigh the merits of adjusting recruiting standards to attract top talent. How can and should we adapt our talent management systems for this new paradigm?

What physical fitness standard applies to an exploitation analyst working in a sensitive compartmented information facility in Maryland? What rank is commensurate with the ability to disable a national power grid but lacking a college degree? What is the right point in a career to stop doing technical work and become a drill instructor?

These questions aren’t hard; they’re absurd.

The cyber workforce will always be separate but equal members in the Army and other services. Sadly, senior leaders already know this, but continue to push forward with outdated regimes because that is how it has always been done. After creating the cyber branch in 2014, the Army recently established a unique promotion category almost exclusively for cyber forces. This designation will prevent them from competing against their infantry and field artillery peers for promotion and leadership positions. 

Senior leaders recognize that keyboard warriors will never be equally valued compared to their muddy-boots peers and have established a bureaucratic exception rather than admit the hard truth. And yet, leaders within the Army are clinging to a myth: Cyber warriors must be members of our uniformed military because they direct effects on the enemy.

For military professionals who have spent decades in uniform, this ethical imperative feels good, but reality is starkly different. There are already hundreds of civilians in active cyber roles — many of them are the most qualified experts because GS-13 pay is a lot better than E-4. Moreover, the Army (and other service cyber teams) already work shoulder to shoulder with the National Security Agency in cyberspace. And let’s not forget that the CIA conducts lethal drone strikes against combatants overseas.

Yes, shutting off power to a city has casualties; but economic sanctions have casualties, too. There is a fundamental difference between delivering violence and causing suffering. 

The Army has made incredible progress to create an exceptional cyber force, and there is much to be proud of. But the best thing that the Army can do now is stop, share our lessons with the other services and create opportunities for our cyber workforce to transfer. Fewer redundancies in the enterprise will at least offer some modicum of cost savings to the taxpayer and one less layer of bureaucracy. The new service already has a home waiting at the Cyber Center of Excellence.

U.S. Army Capt. Jim Perkins is the executive director of the Defense Entrepreneurs Forum. He holds a Master of Business Administration from Georgetown University and a Bachelor of Science from the U.S. Military Academy. He has a passion for talent management and innovation in national security. He lives in Washington, D.C., with his wife and son and tweets at @jim_perkins1. The views expressed here are the authors own and do not necessarily represent the U.S. Army or the Department of Defense.

No comments: