• Soldiers with the U.S. Army Cyber Command take part in network defense training. The Army has reclassified its military occupational specialty as 17C for cyber operations specialists, but more remains to be done to build an effective cyber corps for the service.
     Soldiers with the U.S. Army Cyber Command take part in network defense training. The Army has reclassified its military occupational specialty as 17C for cyber operations specialists, but more remains to be done to build an effective cyber corps for the service.

Army Braces for A Culture Clash

The Cyber Edge
January 1, 2016
By Command Sgt. Maj. Rodney D. Harris, USA

The service must work to entice and keep the type of people who excel at cyber operations.

The U.S. Army and its Cyber Command are building momentum to create the institutional and operational structure required to conduct and support missions in the cyber domain. Now is the time to seriously address the challenges of attracting and retaining soldiers with the talent needed to take on the enemy. As Lt. Gen. Edward C. Cardon, USA, commanding general of Army Cyber Command, often states: Technology, as significant as it is in the rapidly changing face of warfare, will not be the deciding factor in who will dominate in this domain. It’s the people.

And today’s Army faces tremendous challenges in organizing, training and equipping them to operate in this dynamic new warfighting domain. The Army must re-evaluate how it recruits and keeps its cyber talent if it is to become the service of choice in the highly competitive cybersecurity community. How it employs its gifted cyberspace operators is critical, and equally important is how the Army helps future cyber leaders develop the required credibility.

Addressing these issues is difficult because the nascent domain has changed the traditional understanding of war and the way it is carried out. War no longer is adequately defined as forceful battles pursued by armed combatants at the behest of governments to gain and hold critical geographic terrain. Instead, war is a battle between many actors, waged to a significant degree in the cyber domain. A consensus exists that the global efforts of diverse actors, including nation-states and cyber terrorists, now have operationalized cyber warfare.

These efforts are becoming increasingly sophisticated. Gen. Mark A. Milley, USA, the 39th chief of staff of the Army, notes in a recent Association of the U.S. Army Green Book article: “The technologies that have historically enabled our overmatch are becoming increasingly available to our adversaries.”

Such significant warfare changes require new attitudes, strategies and doctrine development to let the Army successfully operate both on land and in cyberspace. In particular, the service must address four immediate personnel challenges to ensure the success of its cyber work force. It needs to understand the typical characteristics of its cyber talent; organize its operational structures to effectively employ this talent; create an environment that fosters innovation; and learn to lead these forces.
As the Army continues to generate its component of the Defense Department’s Cyber Mission Force—the effort to establish 133 cyber defense teams by 2018—it struggles to recruit and retain the skilled professionals necessary to build its teams. One frequently discussed issue is whether the Army must establish new standards or lower the current standards that are limiting the service’s ability to grow its population of cyber operators.

The Army should not lower its standards for such an important component of the force. Instead, the service should better define the most critical skills needed and spell out its specific plans to keep qualified soldiers, especially advanced tool developers and on-net operators. While other cyber team members are important, training soldiers for these two work roles requires added focus.

Harvard University’s chief technology officer, Jim Waldo, describes individuals with these skills as the top 2 percent of software and security specialists. He believes they are 10 to 100 times more effective in understanding and operating in cyberspace than average technologists. If the Army is going to be successful in the cyber domain, then these individuals represent the talent the service must recruit and train. And it must learn to lead these warriors if it expects to retain them.

One obstacle to retaining soldiers with these skill sets is that their personalities tend to defy conventional military cultural norms. They are seen as rule breakers driven by curiosity and seek to penetrate barriers rather than conform to any standard. They often despise meetings and argue against any concept that opposes their original ideas. Traditional Army leaders often fail to understand these nonconformists.

The Army also has failed to create an organizational culture that will retain its cyber talent. Parochial arguments and institutional policies can be a turnoff to these individuals. For example, the Army actually held up cyber operators’ selective re-enlistment bonuses for almost four months to debate who could be labeled a cyber operator. The service lost at least seven of its trained on-net operators during that delay.

Career stagnation can be a problem as well. The Army’s Qualitative Service Program (QSP) consists of a series of centralized board processes designed to select and retain the highest quality noncommissioned officers (NCOs) who display the greatest potential for continued service. Yet the Army lost one of its most highly qualified cyber analysts to this program because she had not been promoted or moved from her position in four years. Understanding her work role easily explains the requirement for extended stationing policy, and the limited number of senior positions in this career field accounts for a latent advancement cycle. Still, the service needs to find a way to satisfy anyone’s desire for professional growth.

Comprehending cyber’s work roles is not just an Army issue, but a shared challenge across the services as the Defense Department struggles to learn this new domain. The Army chose to create the 17-series branch and career field to address such institutional challenges, which also include how to organize the service’s cyberspace operators. Organizational structure and design in cyberspace operations, to a large degree, have been prescribed at the strategic level by U.S. Cyber Command and are similar across all the services. Because the preponderance of effort to establish the force is derived from the intelligence community, the employment of the force primarily is at the strategic level and therefore almost nonexistent as a deterrent to adversaries. Additionally, the design of teams, infrastructure, tools and command and control has been created and developed in a way that, by its nature, stifles innovation and allows little room for initiative. In short, the government has tried to structure an inherently unstructured and free-flowing domain.

Rigid organizational structures do not restrict potential adversaries. A quick study of the operations Russia conducted in Ukraine highlights some of the most visible flaws in U.S. cyber operating concepts. Russia artfully converged information operations, electronic warfare and network warfare in both digital and physical operations to win in Ukraine—with almost no visible presence. Conversely, the United States debates which actions are Title 50 of the U.S. Code versus Title 10 versus Title 40 and struggles to build a force around the traditional concepts of offense, defense and exploitation.

Additionally, how the Army defines defensive and offensive operations impacts the service’s employment of its cyberspace operational forces. Delineating between defensive and offensive operations has been described by Tim Willis, a security manager on the Google Chrome Security Team, as a fundamental flaw in the digital environment’s philosophy of operations. In a recent lecture, Willis presented an analogy describing what happened when an international agreement failed to take this flaw into account.

He cites as an example the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, established in 1996. The arrangement promoted transparency among the 41 participating states, including many former Warsaw Pact countries and the United States, in the transfers of conventional arms and dual-use goods and technologies. Problems arose in 2013 when the group added intrusive software to the list without considering the second- and third-order effects the addition would have on the Internet security community. The community argued that restrictions cannot be placed on offense without affecting defense because the tools and software, in terms of tactics, techniques and procedures, are basically the same.

The inextricable links between cyber offense and cyber defense create confusion, leading to upheavals for cyber organizations as they restructure. Today, they are designed to employ certain teams for offense, different teams for defense and still other teams for analysis and exploitation. The arrangement makes perfect sense if their only task was to expand on the mission of the National Security Agency and the intelligence community. It’s not, and the Army’s cyber organizational structure creates a culture of haves versus have-nots, with leaders giving little thought to the intelligence, equipment and tools needed to conduct deliberate defense in the pursuit, containment and defeat of advanced persistent threats.

To facilitate information sharing and synchronize cyberspace operations, the Army cyber force should mirror the structure of maneuver forces to conduct a full spectrum of combat actions. Commanders can then task-organize within their formations.

The Army also must re-emphasize innovation. Today’s cyber operator employment model not only limits the innovation and capabilities cyber operators can bring to the fight, but it also prevents any deterrence that could be gained by more aggressive responses to attacks and the show of force the United States could bring to this domain. The leading barrier to allowing more aggressive actions is the intelligence gain-loss ratio, or deconfliction of friendly battlespaces. The Army should organize to employ teams that support tactical operations at corps and below echelons while reducing the standard for gain-loss decisions. Investing in this capability and demonstrating it will foster buy-in from maneuver forces and deter actions by adversaries.

Fostering innovation even during training is critical. While the Army might not have lawful authority to conduct kinetic attacks against an adversary until the United States declares war, that should not prevent the service from training for them. By the same notion, failing to let soldiers develop the tools, access and infrastructure needed to achieve results at the tactical level, even while in training, restricts innovation and eventually will contribute to the loss of the most talented operators.

Ultimately, understanding and effectively employing cyberspace operators depends on leadership. Without a base knowledge of the technical aspects of cyber work force skills, traditional leaders cannot have meaningful conversations with these highly skilled operators. Many times, attempts to communicate result in a dialogue of technical jargon—possibly purposefully designed to minimize the attention span of, and time wasted by, an unskilled technocrat posing as a leader of technologists.

Only if the Army understands its top-tier cyber operators will it be able to support the initiatives and policies to lead them. Currently, Army leaders are constrained by their own experiences, and until a new generation replaces them, the service will continue to struggle with leading cyberspace operators.

Command Sgt. Maj. Rodney D. Harris, USA, is assigned to the U.S. Army Cyber Command and 2nd Army. The views expressed here are his alone and do not represent the views and opinions of the Defense Department or U.S. Army.


Share Your Thoughts:

The solution to all of this is easy and someone discovered it during a meeting the incoming leader assuming this persons role. They say "Work two up and one down." in the Army, and when someone met the new leadership of Cybercom they were shocked to hear that Soldiers operating at someone's organizational level were discussing things such as the CNCI, ITU Treaty, and how they impact the future of every level of cyberspace in some form or another. "You're talking something that our bosses' bosses talk and we need you thinking down here at this level." Hackers and technologist thrive in their communities because they surround themselves with others who respect them and treat them with equality, in addition to integrating them as stakeholders in what they do. "A profession of arms!" they cry, then when younger Soldiers at the graduate and post-graduate levels, and/or have decades of self devoted time in the field attempt to "surface" in the ranks, they are met with the same leadership challenges and shortcomings as the commercial non-IT sector; being stifled. It's not about money, or fame, or power, these men and women already serving and holding such skills in the Army chose to raise their hand never thinking that something they are good at in cyberspace would ever be needed to accomplish the mission. The Army is failing to see the value in these already developed mid career Soldiers with ambitions in security on the side and when they ETS, that will be one less chance to have a COL/CSM who is an expert at both the mission and the men to get it done. The 5% are there, they are online anywhere they go, immersed in "the community" even on leave at conferences and lectures, these Soldiers are hungry; they eat, we win in cyberspace. No one else will defend our freedom in the fifth domain better than our own and no one knows the real potential outcomes of a loss of freedom in cyberspace than that of a veteran who knows how to serve and took the initiative to become an expert at a something the Army did not even see coming in order to prepare. Find this 5% in our units (including cyber) today and challenge their courage to come forward and give an extra 100% at something they love to do even without orders. Enable them, they will will enable their leaders, and ultimately our nation. However, the first step is courage and humility of leaders today to say that they don't know the answers and need help from someone able to go well outside "their lane" regardless of pay grade and position. So again, save your money, keep your reassignments of choice, even hold onto those cool Title 50 jobs that the 95% want (we could actually do some help with Title 18 to build forensic skills and combat like terror or something - and how about humanitarian operations in CND or something to help enable our smaller allies to build better platforms for future global cyber strategies in war *cough* BGP *cough*), it's that 5% that really knows the way and has the skills to take us to the top of the hill today, tomorrow, and the days to come after; cyberspace will span the duration of humanity. P.S. Establish more programs such as "Troops to Teachers" with a focus on computer science and infosec/cybersec pumping some of these soldiers, 5 and 95, back into the public education system, cyber education is the only real "Nuclear Power" that will pull the U.S. out the hole anyways, with charity as a catalyst ;), and dumping the budget to develop operators to secure only federal networks will be a big rock, make a big splash, but unfortunately cyberspace is an ocean. Get off the capture the flag and public "cool guy" cyber stuff, the already developed cyber warriors across the ranks are turned off by that, it is like trying to recruit a Special Forces Operator for the Ranger Regiment by showing them videos of exercises at Benning with the TRADOC side. Lastly, provide some form of system where there is 100% transparent communication and ONLY one channel to submit ideas and recommendations for capabilities. Many of these 5% literally write a white paper in their head on the newest cyber capability while conducting a company run. If these Soldiers already are well developed in the industry, they are connected to far more capabilities than the entire working 95% of ARCYBER and they MIGHT actually know a way to get the mission accomplished easier from partnerships with the civilian sector, which is an initiative from the President, but hell that's way above my pay grade. (Also, their unique multiplying factor of combat power in cyberspace with the sociological twist create force work for our enemies). Now, let someone get back to doing 350-1 courses which even non-cyber Soldiers know how to bypass with some form of cyber skill involving web browser manipulation which they either were the 95% to be shown so they could go home on a Friday at a decent time, or they are that awesome little 5% who figured out how to get the cert without the slides, not to be selfish and have no integrity, but because they didn't want the men and women beside them suffering if they knew that they could use a unique set of skills they have to get them home to their families as safe and soon as possible with printed certs in hand for the CO on the way to the car and still before the flag went off :) - Infantry can't do their real job on the weekends, but cyber warriors can train every minute and every day til they truly are "Second to None". *This post may or may not contain some context which was generated pseudo-randomly with programming scripts and these views do not reflect any government organization, official, or representative(s). All thoughts, experiences, and named entities are subjective to opinions of the contributors and the entirety of this message may be false or without any empirical proof :) #SocialValor


As a recently RCP'd 25B, I can tell you, you hit the nail on the head. I am grateful that at least SOMEONE up top has a clue. Thank you for being an intelligent voice in this debate.


Sorry if this is a double post- This article was spot on!

The Army has several problems ensuing a qualified cyber force and some of the challenges were listed in this article. One major one is properly identifying and recruiting potential cyber soldiers. The current ASVAB test doesn't have anything that equates to evaluating this skill. An effective cyber operator has a knack or intuition that can only be tested by immersing the individual in a cyber related scenario and watching them reason through it. They don't have to solve the problem or totally understand it, but should be able to navigate through much of the scenario and formulate potential solutions to the remaining unknowns.

Recruiting needs to happen early. The Army's decision to select 25Ds from NCOs was not smart. The select a soldier, train them, only so they don't not use those skills as they are performing jobs as squad leaders, and platoon sergeants. There are some supper smart 25Ds, but they are the exception rather than the norm. Selection should happen as privates using hands-on scenario testing. Current solders in AIT can be evaluated by cadre so as to select those gifted ones that have potential and send them to through the 25D track.

The Army also has to realize that a Security+ or CISSP certification does not make a cyber soldier. These are good to weight basic knowledge or management level security concepts, but aren't even close to what is a cyber operator. The GIAC exams are quite expensive for the training and certification but are pretty good about validating the skillset of the cyber operator.

In order to effectively train cyber operators, knowledgeable and qualified instructors must be utilized. You aren't going to get these instructors for less than $100,000 per year unless you want to teach Security+ and CISSP.

Until these issues are resolved, the Army's cyber effort will flop.

The thing people fail to realize is 25D is not a leadership MOS but a technical. The easiest way to think of it is this MOS is like a Warrant Officer but the individual is Enlisted. There are only two of these MOS's in the Army, 25D and 51C, that are technical MOS's that have no leadership positions or duties. Even a SGM has a job role that they have to be certified to accomplish and are expected to do. They don't do traditional SGM things like hold a CSM position or run around planning ceremony's.

If there are 25D's performing roles like platoon sergeant then they failed to inform their chain of command and notify OCOS because they will lose valuable technical skills and will commit career suicide.

I think the actual prep for ASVAB and other test should also prepare us for cyber attacks and responses.. i.e utilize the internet! Why don't we use more online help like https://www.studypug.com/asvab-test-prep and get our soldiers using online and modern 21st century resources early on. We are adding them to the most technologically advanced armed force that world has ever seen, but our entrance system is still back in the 19th century.

Share Your Thoughts: