Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mobile Device Management
- The Modern Federal Threat Landscape
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- Satellite Communications: Acquiring SATCOM in Tight Times
- Transformative Technology: Desktop Virtualization in Government
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
DoD's plans to boost cyber workforce could hit hiring, training snags
Tuesday - 1/29/2013, 7:20pm EST
The staff-up involves three tiers of cyber pros: Those to protect critical infrastructure, protection forces designed to safeguard DoD's own networks and "combat mission forces," which will provide offensive cyber capabilities.
But DoD's plan is daunting in more ways than one. The job qualifications and skills needed for the kinds of positions the Pentagon wants are rare and often require years of training and hands-on experience. And even if DoD looks outside the confines of the Pentagon to fill these roles, it's not entirely clear where the new cyber pros would come from.
People and skills
"This isn't a discussion about lots of new money," said Alan Paller, director of research for the SANS Institute in an interview on the Federal Drive with Tom Temin and Emily Kopp. "It's a discussion about people and skills."
When Cybercom was first stood up three years ago, the command hoped to staff up with some 3,000 cyber professionals from each of the military services, Paller said. But the services "literally laughed," he said. They couldn't even provide 300 personnel members.
One of the reasons why cyber personnel can be elusive is because of the highly technical nature of the job, Paller said. Cyber pros need to be capable of protecting DoD networks, have a deep understanding of cyber threats, the ability to write code, and be proficient at analyzing network traffic for possible intrusions and software for possible flaws and vulnerabilities.
'Huge shift' in training?
Paller said DoD's announcement signals a "huge shift" in training expectations and how DoD defines a cybersecurity expert.
"You can't just take anybody and make them into a cyber person," Paller said. "There's a certain way the brain works that allows you to look at systems from the flaw perspective rather than from the functional perspective. So the real key is ... to have a talent search among all the existing workers to find the people who have these skills."
Paller said it appears DoD is ramping up its training to essentially grow its own cyber professionals as opposed to looking outside the organization.
"They're not able to hire them; the contractors can't find them either," Paller said. "So they can build this talent within. And it's a huge effort. And I don't mean hugely expensive. It may be that as well. But sometimes there are just things that are hard to do. And this is really hard to do."
If the Pentagon did decide to hire from outside the government, that would bring with it its own set of problems, according to Ron Marks, senior fellow for George Washington University's Homeland Security Policy Institute.
"The kind of guys you might want to recruit for this are not necessarily the ones you're going to get through the clearance process so easily, which under the best of circumstances takes six months to a year," Marks said in an interview on In Depth with Francis Rose.
"You have a pot of people out there who are perfectly capable of hacking and engaging in that kind of activity," he added. But they may not easily pass the security-clearance process at the top-secret level.
Those factors mean it will probably be difficult for the Pentagon to build up its cyber force quickly, Marks said.
"It's going to be hard a hard slog," Marks said, even if Cyber Command plans to implement its personnel goals over a number of years.
The latest cyber build-up at DoD follows a number of recent moves by agencies seeking to staff up their cyber-operations shops.
Earlier this month, the Air Force announced it would hire an additional 1,000 cyber professionals to keep up with potential cyber rivals, such as Iran.
In November, an internal Homeland Security Department advisory committee recommended the department hire 600 cyber experts.