More Cyber Professionals At The Pentagon Doesn’t Guarantee Better Security

Community
The entrance to the Department of Defense Cyber Crime Center, in Linthicum, Maryland, Sept. 10, 2014.
AP photo by Manuel Balce Ceneta

It is not yet known if the recent U.S.–China agreement to limit cyber espionage is a meaningful step toward a more secure cyberspace. Without broader reaching, enforceable, and verifiable agreements coupled with a history of compliance, the Internet remains a near lawless and ungoverned battleground. Militaries around the world continue to stockpile cyber weapons and conduct reconnaissance on potential targets. The U.S. is no different and cyber is one of the highest priorities for the Defense Department: even in the age of austerity, U.S. Cyber Command’s budget will double and personnel count will increase to 6,200. While some may laud the expansion of CYBERCOM and other U.S. government entities involved with cybersecurity, before we spend all of this money, we should pause and ask: Will all of these people and funding actually make us better at prosecuting cyber war and defending against cyber attacks?


Unfortunately, the fanciest security system in the world is useless if you don’t lock your front door. All of the investment and talented personnel in the world won’t be of much help if the U.S. government can’t do the basic blocking and tackling such as data encryption and network authentication that is required for cyber defense. The seemingly numerous cyber security breaches, from the 23 million background investigation records exfiltrated during the Office of Personnel Management breach to reports that Russian hackers penetrated Joint Staff email systems, clearly indicates a systemic U.S. government failure to protect its information.

As long as individuals are susceptible to basic social engineering tactics, such as credential theft through “phishing,” and federal agencies with sensitive information such as the IRS can’t answer the simple question of how many servers are on their network, no amount of people or technology will make our networks safer. Adopting better cyber safety practices and making employees internalize them so they become second nature ensures we’re crawling properly before attempting to walk in cyberspace. One thing is for certain, something must change and the current government standard of a yearly archaic half-hour “information awareness” training is just not enough to get people to truly practice safe cyber behavior.

Going beyond the basics, attracting talented programmers, developers, and cybersecurity professionals to work for the U.S. government, particularly the Defense Department, in any capacity has been a noted challenge. Even when new government professionals are brought into the system, the lure of moving to the private sector for double the salary and tech sector perks means that the proposed recruiting bump by the Defense Department is only a temporary band-aid on attrition.

But is this a story purely about incentives? Will paying government hackers and programmers handsomely stem the flow of boots out the door? The simple truth is that it will not. DoD and other agencies should focus less on trying to throw more people at the problem and instead focus more on ensuring that it utilizes and motivates its forces as efficiently as possible. For example, current thinking is mired in the antiquated concept that money is the be-all-end-all motivator; it is better to instead focus on the psychologically intrinsic aspects of motivation rather than the financial ones. Think of intrinsic motivation as three elements, autonomy, mastery, and purpose, according to Daniel Pink’s summation of 40 years of psychological research. Putting purpose up front, service in defense of the nation, and giving these employees and service members the chance to grow under top-quality supervision is the best way to ensure that we have the best cyber corps going forward. This is something that private-sector jobs focused on financial gain simply do not address. How can building the next version of Farmville even compare? Naturally, there are limits to how far intrinsic motivation can go, so salaries should be at least seem “fair” after taking the patriotism discount. But if agency managers think that focusing on compensation will solve all of their problems, they are missing the motivational forest for the trees.

Another critical component that needs attention is making the military, federal and state governments smarter, faster, and more flexible in setting up personnel policies to make it easier for talent to get into needed positions of service, move laterally within government, and grow professionally. This is imperative as internet technology is pervasive and found across all aspects of government and unless cybersecurity talent is distributed across all agencies and organizations. The most comprehensive programs for recruitment and retention are concentrated at CYBERCOM and the NSA, which perpetuate “islands of cyber excellence”  that could “leave non-security departments and agencies potentially vulnerable if they are unable to hire scarce talent,” according to Peter Liebert, co-director of the Truman National Security Project cyber expert group and former DoD senior cyber policy analyst.

The U.S. government is moving forward; however, much more can be done. For example, the military is only now enticing college students to sign up for cyber-specific ROTC initiatives, targeting a group that is increasingly graduating with enormous debt loads. New private sector outreach efforts like the new Silicon Valley office Defense Initiative Unit-Experimental are being extended to cities high in talented human capital and burgeoning tech sectors such as Austin, Pittsburgh, Baltimore, and Philadelphia. This gives DoD the ability to reach college grads with technical abilities who might otherwise have never considered military or government service.

Beefing up the Reserve and National Guard role in cyber defense is another promising plan that should be expanded to allow the military to tap into a technical base that represents the best of both worlds: private-sector opportunities and training while performing a mission vital to the nation’s defense.

Finally, it isn’t enough to focus on the tactical pursuit of line-level personnel, cyber is a strategic challenge as well. The utilization of cyber capabilities as a strategic tool is just as important as writing the latest hacking program. As P.W. Singer and Allan Friedman point out, existing cyber doctrine that emphasizes the superiority of offensive is inadequate because offensives can be both counterproductive and unpredictable and defense is not as weak as assumed. Thinking more clearly about the strategic and tactical use of cyber requires getting past the mantra of “offense rules” and also requires aligning recruitment goals. Right now recruitment is focused somewhat on quality but mostly on quantity. Unfortunately, a great hacker with technological creativity can outperform a thousand mediocre ones, because the mediocre ones will likely all arrive at similar conclusions while the standout ones will come up with novel solutions. The criticality of the internet to both daily life and defense operations mandates that we at least try to get the best people on board and have an employment strategy to match these talents.

(U.S. Army/Staff Sgt. Andrew Smith)

Three U.S. service members received non-life-threatening injuries after being fired on Monday by an Afghan police officer, a U.S. official confirmed.

The troops were part of a convoy in Kandahar province that came under attack by a member of the Afghan Civil Order Police, a spokesperson for Operation Resolute Support said on Monday.

Read More Show Less

Marine Maj. Jose J. Anzaldua Jr. spent more than three years during the height of the Vietnam War. Now, more than 45 years after his release, Sig Sauer is paying tribute to his service with a special gift.

Sig Sauer on Friday unveiled a unique 1911 pistol engraved with Anzaldua's name, the details of his imprisonment in Vietnam, and the phrase "You Are Not Forgotten" accompanied by the POW-MIA flag on the grip to commemorate POW-MIA Recognition Day.

The gunmaker also released a short documentary entitled "Once A Marine, Always A Marine" — a fitting title given Anzaldua's courageous actions in the line of duty

Marine Maj. Jose Anzaldua's commemorative 1911 pistol

(Sig Sauer)

Born in Texas in 1950, Anzaldua enlisted in the Marine Corps in 1968 and deployed to Vietnam as an intelligence scout assigned to the 2nd Battalion, 5th Marine Regiment, 1st Marine Division.

On Jan. 23, 1970, he was captured during a foot patrol and spent 1,160 days in captivity in various locations across North Vietnam — including he infamous Hỏa Lò Prison known among American POWs as the "Hanoi Hilton" — before he was freed during Operation Homecoming on March 27, 1973.

Anzaldua may have been a prisoner, but he never stopped fighting. After his release, he received two Bronze Stars with combat "V" valor devices and a Prisoner of War Medal for displaying "extraordinary leadership and devotion to his companions" during his time in captivity. From one of his Bronze Star citations:

Using his knowledge of the Vietnamese language, he was diligent, resourceful, and invaluable as a collector of intelligence information for the senior officer interned in the prison camp.

In addition, while performing as interpreter for other United States prisoners making known their needs to their captors, [Anzaldua] regularly, at the grave risk of sever retaliation to himself, delivered and received messages for the senior officer.

On one occasion, when detected, he refused to implicate any of his fellow prisoners, even though severe punitive action was expected.

Anzaldua also received a Navy and Marine Corps Medal for his heroism in December 1969, when he entered the flaming wreckage of a U.S. helicopter that crashed nearr his battalion command post in the country's Quang Nam Province and rescued the crew chief and a Vietnamese civilian "although painfully burned himself," according to his citation.

After a brief stay at Camp Pendleton following his 1973 release, Anzaldua attended Officer Candidate School at MCB Quantico, Virginia, earning his commission in 1974. He retired from the Corps in 1992 after 24 years of service.

Sig Sauer presented the commemorative 1911 pistol to Anzaldua in a private ceremony at the gunmaker's headquarters in Newington, New Hampshire. The pistol's unique features include:

  • 1911 Pistol: the 1911 pistol was carried by U.S. forces throughout the Vietnam War, and by Major Anzaldua throughout his service. The commemorative 1911 POW pistol features a high-polish DLC finish on both the frame and slide, and is chambered in.45 AUTO with an SAO trigger. All pistol engravings are done in 24k gold;
  • Right Slide Engraving: the Prisoner of War ribbon inset, with USMC Eagle Globe and Anchor and "Major Jose Anzaldua" engravings;
  • Top Slide Engraving: engraved oak leaf insignia representing the Major's rank at the time of retirement and a pair of dog tags inscribed with the date, latitude and longitude of the location where Major Anzaldua was taken as a prisoner, and the phrase "You Are Not Forgotten" taken from the POW-MIA flag;
  • Left Side Engraving: the Vietnam War service ribbon inset, with USMC Eagle Globe and Anchor engraving;
  • Pistol Grips: anodized aluminum grips with POW-MIA flag.

The top leaders of a Japan-based Marine Corps F/A-18D Hornet squadron were fired after an investigation into a deadly mid-air collision last December found that poor training and an "unprofessional command climate" contributed to the crash that left six Marines dead, officials announced on Monday.

Five Marines aboard a KC-130J Super Hercules and one Marine onboard an F/A-18D Hornet were killed in the Dec. 6, 2018 collision that took place about 200 miles off the Japanese coast. Another Marine aviator who was in the Hornet survived.

Read More Show Less

A former Army soldier was sentenced to 18 months in prison on Thursday for stealing weapons from Fort Bliss, along with other charges.

Read More Show Less
(U.S. Air Force photo illustration/Airman 1st Class Corey Hook)

Editor's Note: This article by Richard Sisk originally appeared on Military.com, a leading source of news for the military and veteran community.

The Department of Veterans Affairs released an alarming report Friday showing that at least 60,000 veterans died by suicide between 2008 and 2017, with little sign that the crisis is abating despite suicide prevention being the VA's top priority.

Although the total population of veterans declined by 18% during that span of years, more than 6,000 veterans died by suicide annually, according to the VA's 2019 National Veteran Suicide Prevention Annual Report.

Read More Show Less