The military competes with the private sector to recruit and retain a workforce with critical cyber skills – a decade-long competition where pay, purpose and personnel management have driven the flow of talent, and services appear to be losing, according to a government monitoring report.
Troops receiving extensive cybersecurity training, lured by the lucrative private sector, are moving out of the military faster than some branches can offset the cost of that training.
The Pentagon’s efforts have been crippled by unclear service obligations and flawed staffing data in some branches, according to a report by the Congressional Government Accountability Office released Wednesday.
Read more : Delivering babies, clearing snow: Hundreds of guards deploy as New York is buried in historic storm
The GAO focused on what the Army calls Interactive On-Net Operator, or ION, training, a valuable skill set that revolves around “network reconnaissance” and analysis to identify hotspots. adversary strengths and vulnerabilities, according to the US Army Intelligence and Security Command.
It’s one of three skills that U.S. Cyber Command has identified as critical to its mission as the military this year announced plans to increase its cyber workforce at over the next half-decade.
The military – which is looking to double its cyberforce – and the Marine Corps have failed to invest in this skill and are not recouping what they have invested in training troops to fill these roles. And outside of the Navy, all branches had little visibility into how they tracked those tickets.
“Personnel who complete training to fill the ION job role — which can take a year or more and cost the department hundreds of thousands of dollars — may not stay in the military to use those skills for a significant duration after training,” the report said.
The GAO report, which was ordered by Congress in the National Defense Authorization Act for fiscal year 2022 to review the Army’s cyber recruitment and retention efforts, underscored an obligation of service too short – or in the case of the Marine Corps, completely absent – that would offset the time and cost it takes to train a service member.
The watchdog said it could take one to three years to train a service member as an ION operator at a cost of up to half a million dollars per troop, but potentially as low as 220,000 dollars.
“Cyber training in general is very complex simply because of the technicality of the issues,” a military cyber officer told Military.com on Tuesday, adding that regardless of the branch, this complexity will equate to more training time. long. The officer, who requested anonymity due to fears of retaliation for speaking without permission, said ION training is particularly intensive because it involves an uncompromising mission.
“The risk surrounding this skill set is enormous,” the officer said. “They’re operating inside target environments, they’re operating inside adversarial networks, and so they can’t afford to make a single mistake.”
The Navy and Air Force have taken steps to ensure a return on their investment in cyber training by implementing an additional three-year service requirement for those who complete the courses.
For the Army, which had no clear obligation, the GAO estimated that officers could owe as little as 1.88 years and enlisted personnel almost two and a half years.
The report found that almost all branches had limited visibility into their cyber staff. Traditional troop tracking systems used by the services for nearly every other military career clashed with Cyber Command definitions, leading to bottom-up data collection and unseen shortages.
The navy was the exception to this problem; the Maritime Service tracked its cyber personnel using enlistment codes that “mimic” those of Cyber Command, allowing better visibility into personnel shortages.
However, staffing gaps exist between the number of positions authorized and the number of positions actually filled, particularly for warrant officers. The Navy and Air Force were able to staff their cyber career fields at over 80%; the army “has improved”, passing above 80% in 2021; and the Marine Corps “generally did not exceed” 80%.
It’s unclear why the services would treat cyberdomain and domain-focused jobs so differently.
“These skills are extremely hard to come by,” the cyber officer said. “These trainings have a pretty high failure rate, and so the reality is not only that you’re spending a lot of time with these people, you also have a finite number of people, frankly, who have the skills to complete the training.”
The GAO report made six recommendations, namely that the Army and Marine Corps “clearly define active duty obligations for ION training” and that all branches align their personnel tracking with Cyber job roles. Command.
The Department of Defense agreed with all of GAO’s recommendations, but both entities refrained from recommending an increase in service obligation to offset the time-cost of training.
The report acknowledged the underlying wage competition between the military and the private sector, noting that the Pentagon has paid “at least” $160 million in retention bonuses to cyber troops over the past five years.
Combined with dismal recruiting numbers, lack of return on investment and a competitive private market, current money – even coupled with an exciting goal – might not be enough.
— Drew F. Lawrence can be contacted at email@example.com. Follow him on Twitter @df_lawrence.
Related: National Guard Chiefs Warn More Cybersecurity Spending Needed to Help Protect Elections
Show full article
© Copyright 2022 Military.com. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.