In a recent MWI article, Butch Bracknell rightly acknowledged the many “gallons of ink spilled” over the subject of how to bring skilled cyber specialists does into the military. He concludes that challenges associated with recruiting such specialists to serve in uniform can be sidestepped by simply not having most of them serve in uniform at all. And while he accurately addresses three main reasons why certain military tasks are assigned to uniformed members of the armed services (mainly to distinguish their roles in combat zones), his view that cyberspace operations need not be among such tasks is undermined by the convergence between cyber, electronic warfare, intelligence, and signal disciplines. And the example he uses as a model for how cyber expertise might be “hired”—the Marine Band—is too fundamentally different from the military’s cyber needs to be deeply useful.
In short, while strategic cyberspace operations will continue to provide support to combatant commanders, many cyber warriors of the future will need to be deployed forward, and will even be within range of enemy artillery and possibly direct fire.
How close do you need to be to a target to gain access? This battlefield geography changes depending on whether or not the target in question is networked, and what the network topography looks like. A closed network with fiber optic links requires a different level of physical proximity than a closed network using mesh radios as a data link solution, which requires a different level yet than an open network using a commercial ISP backbone. This problem of access inevitably creates some situations in which we will require cyber soldiers who can perform the basic tasks of camouflaging themselves and their equipment, conducting verbal communications over a radio, and engaging targets with an individual or crew-served weapon system as part of a break contact drill. It is possible to make this same argument for a Sailor on a ship, or an Airman working as part of an aircrew in support of a joint force conducting combat operations.
Bracknell and I don’t disagree fundamentally, but rather as a matter of degree. He stops short of saying that no cyber warriors at all will need to be in uniform. Likewise, I don’t suggest that all will need to have these basic military skills. There will always be a need for strategic support from geographic locations inside the United States that can be filled by someone not in uniform much of the time. Even if it is deemed preferable to have certain of these jobs done by uniformed service members, the civilians we are actively recruiting as direct commission officers for the US Army cyber branch can partially fill the very real needs of these US-based units currently supporting the joint force.
But the cyberspace operations needs of military commanders across all forces extends well beyond strategic support to the joint community. Logisticians require cyberspace expertise to identify supply chain attacks on hardware, including replacement parts and commercial, off-the-shelf IT equipment. Maintainers require cyber expertise to evaluate firmware updates to sensors, communications equipment, and weapons systems. Communicators and signalers require cyber expertise to design and build tactical networks which are robust and segregated by functions to mitigate the effects of a security breech.
Bracknell uses the US Marine Corps Band—which “hires” musicians at the paygrade of E-6, waiving requirements to attend basic training and serve in more junior ranks—as a model for how cyber expertise could be brought into the military. But as a model, the Marine Band is problematic for two reasons.
First, while many members of the Marine Band serve for twenty years or even longer, the rest of the Marine Corps has a high turnover rate, with 82 percent of first term Marines declining to continue their service in 2010. This is also true of the Marines’ IT personnel, which the Corps has struggled to retain.
This problem with Marine Corps IT workers is much more representative of the challenges associated with building the cyber warrior workforce than the Marine Band. As Brig. Gen. Dennis Crall, the USMC chief information officer, describes it:
It’s been a lot easier for individuals to just migrate from one job to another without really changing their roles and responsibilities, and if I don’t have the right label on what specific task they’re performing, I can’t look at their career progression, I can’t set a pay scale. What I end up with, compounding over a number of years, is a workforce that looks one way on paper and quite different when I look at what those individuals are doing. Getting a handle on knowing what people do, making sure they’re trained and compensated properly for what they’re doing is what we’re after.
Second, the musical instruments played by the Marine Band, and any other military band, represent a highly mature technology (in fact, the saxophone, invented in 1846, ranks as one of the newest instruments a military band member might play, unless you count the Sousaphone as a new instrument rather than as an evolution of the concert tuba in 1893). When you hire a trumpet player, there are very good standards by which you can judge the quality of musicianship of the individual. When you hire a “cyber warrior” this is very different: exploits that worked a decade ago have been patched, but new zero-day exploits are just waiting to be found. This means even knowing what expertise needs to be “hired” is an immense challenge.
This problem of changing technology leading to changing work roles leading to changing personnel needs is very real, right now for the Marine Corps IT workforce. It is a problem that the Marine Band does not have to deal with as part of its talent management activities. The reason that Army Cyber has built its forces on “operational TDAs” is that a TDA (table of distribution and allowances) is a much easier document to modify than an MTOE (modified table of organization and equipment), and cyber operations require more flexibility to address the changing terrain in cyberspace. An artillery unit can fire a 155-millimeter round made decades ago, and a sapper company can utilize explosives manufactured decades ago, but a cyber operation cannot rely on decades-old code or equipment and be successful in implementing combat power through cyberspace. In ten years the Marine Band will look like it does today, but I doubt anyone is willing to make the same prediction for cyber mission force structures.
Even if the Marine Band’s members were expected to handle a much broader range of skills and constantly learn new technologies (e.g., trumpet today, trombone tomorrow), we don’t expect them to be aware of the impacts of their actions under multiple legal authorities. But we do expect our cyber warriors to be very cognizant of the murky definitions between operational authorities; the uniformed services operate under Title 10 of the US Code, while the intelligence community operates under Title 50, and both will continue to be key players in cyber operations.
Where I do agree with Mr. Bracknell is that if we do need to attract cyber talent, bringing them in along a separate training and utilization track is a perfectly fine answer. The Army’s aviation branch has had “High School to Flight School” and the Army Medical Department has used direct commissioning to fill in key skillsets to deliver military medicine. It is highly likely that we will keep a specialized recruitment and training pathway as an option for cyber warriors destined for strategic and operational units that don’t deploy as a part of the “right mix” of options to meet the needs of the force. However that answer alone doesn’t get us to the fully integrated cyber capability we will increasingly need down to the tactical edge. So we will continue to require standardized military training to teach the skills necessary to support high-intensity conflict. Some of our cyber warriors will inevitably need to be warriors.
Capt. James Armstrong is an electronic warfare officer assigned to Fort Gordon, Georgia. The views expressed in this article are those of the author and do not reflect the official policy or position of the Department of the Army, Department of Defense, or the US government.
Image credit: J.M. Eddins Jr., US Air Force