Analysis: In cyber era, militaries scramble for new skills

LONDON Thu Feb 9, 2012 5:09pm EST

A map is displayed on one of the screens at the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colorado July 20, 2010.       REUTERS/Rick Wilking

A map is displayed on one of the screens at the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colorado July 20, 2010.

Credit: Reuters/Rick Wilking

Related Topics

LONDON (Reuters) - With growing worries about the threat of "cyber warfare," militaries around the world are racing to recruit the computer specialists they believe may be central to the conflicts of the 21st century.

But whilst money is plentiful for new forces of "cyber warriors," attracting often individualistic technical specialists and hackers into military hierarchies is another matter.

Finding the people to command them is also tough. After a decade of messy and relatively low-tech ground wars in Iraq and Afghanistan, some senior western officers are if anything less confident with technology such as smartphones and tablet computers than their civilian contemporaries.

But with the Pentagon saying its computers are being attacked millions of times every day, time is short.

"We are busy and we are getting busier every day," Lt Gen Rhett Hernandez, a former artillery officer who now heads U.S. Cyber Command, told a cyber security conference in London last month organized by British firm Defence IQ.

"Cyberspace requires a world-class cyber warrior ... we must develop, recruit and retain in a different way to today."

Even in an era of shrinking western military budgets, funding for cyber security is ratcheting up fast. The Pentagon's 2012 budget allocated $2.5 million to improve cyber capabilities.

In December, the U.S. Army announced its first "cyber brigade" was operational, whilst the U.S. Navy and Air Force have their own cyber "fleets" and "wings."

Not only are they tasked with protecting key U.S. military systems and networks, but they are also working to build offensive skills that U.S. commanders hope will give them an edge in any future conflict.

These, insiders say, include developing the ability to hack and destroy industrial and military systems such as traffic and electricity controls.

"For better or worse, it is American military thought that is leading American societal thought (in) how to think about things cyber," former CIA director and Air Force Gen Michael Hayden told a security conference in Munich this month.

European, Latin American, Asian and Middle Eastern and other nations are seen following suit. Militaries had barely considered the Internet only a few years ago are building new centers and training hundreds or even thousands of uniformed personnel.

Russia and China are believed to put even greater emphasis on a field in which they hope to counter the conventional military dominance of the U.S.

But some worry much investment may be wasted.

"My theory is that huge defense agencies - having little clue of what cyber warfare is all about - follow traditional approaches and try to train as many hacking skills as possible," says Ralph Langner, the civilian German cyber security expert who first identified the Stuxnet computer worm in 2010.

"(The) idea could be to demonstrate hypothetical cyber power by sheer numbers, i.e. headcount."

SPY AGENCIES BETTER?

Many experts say the key to successful operations in cyberspace - such as the Stuxnet attack believed to have targeted Iran's nuclear program by reprogramming centrifuges to destroy themselves - is quality rather than quantity of technical specialists.

"Only a very small number of people are the top notch that you would want to employ for a high-profile operation like Stuxnet," says Langner, saying that there might be as few as 10 world-class cyber specialists. "These people will probably not be covered with a military environment."

Commanders say they are trying to change that, relaxing rules on issues such as hair length or fitness. But there are limits on how far such loosening can go.

While the U.S. Air Force and Navy have significantly eased entry requirements for cyber specialists and removed some of the more arduous elements from basic training, the U.S. Army still requires its "cyber warriors" to endure regular basic training.

Speaking on condition of anonymity, one senior European officer with responsibility for cyber complained of struggling to find suitable recruits in part because of competition from the private sector.

Agencies such as the U.S. National Security Agency and Britain's GCHQ say they lose some of their best talent to Microsoft and Google. But such agencies also pride themselves on their ability to find and retain the kind of eccentric expertise that would struggle to find their place in armies, navies, air forces or regular government departments.

"Higher end capability isn't principally about spending large amounts of money and having large numbers of people," says John Bassett, a former senior GCHQ official and now senior fellow at London's Royal United Services Institute.

"It's about having a small but sustainable number of very good people with imagination and will as well a technical know-how and we may be more likely to find them in an organization like GCHQ than in the military."

JUST ANOTHER FORM OF WARFARE?

Many experts say offensive cyber warfare capability - particularly anything potentially lethal such as the ability to paralyze essential networks - should be kept in the hands of the directly accountable military, not shadowy spy agencies.

But most suspect the NSA, GCHQ and similar organizations will retain a considerable lead in technology and sophistication over their military counterparts.

The U.S. NSA and military Cyber Command are both located at Fort Meade outside Washington DC, and intelligence experts say working closely together is already the norm - with the former providing much support and expertise to the latter.

Some other countries now appear keen to avoid plowing too much money into uniformed military cyber specialists at all. Britain's Royal Corps of Signals and Royal Air Force in particular have been keen to get their hands on a share of the U.K.'s newly expanded 650 million-pound cyber budget, but much of it is seen going straight to GCHQ.

What militaries in general and top commanders in particular need to focus on most, specialists argue, is learning to integrate the new tools and threats into their broader conflict-related understanding and training.

At the U.S. Naval War College in Rhode Island, mid-career military officers conducting "wargaming" exercises are now regularly confronted with the new cyber dimension. Systems malfunction, supply chains are attacked, and information corrupted or deleted.

Israel's raid on a suspected Syrian nuclear weapons site in 2007, when a cyber attack was believed used to disable Syria's air defense radar, is seen a guide of how cyber can work alongside more conventional military operations.

"It's a new form of warfare and it has to be appreciated, just as in the past you had new developments - siege warfare, trench warfare and air warfare" says Dick Crowell, associate professor of military operations at the college.

Understanding of cyber warfare in military circles is roughly analogous to the understanding of air power in the 1930s, he said, clearly important in any future conflict, but with the shape of its role still largely unclear.

In new conflicts, those in charge may need to learn on their feet.

"What's really important is that you have senior commanders - three and four-star (general) level - who have a good enough understanding of it is to be able to integrate cyber into wider military campaigns," says former GCHQ official Bassett.

"Cyber fits into the wider picture of warfare now, and they have to understand that."

(Additional reporting by William Maclean in Munich; editing by Andrew Roche)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (5)
rbcarleton wrote:
Peter,

First of all I’d like to thank you for writing this article. I don’t think the military effort in improving their cyber readiness gets as much attention as it should. I also thought I’d offer some comments on a particular part of your article where you said:

‘In December, the U.S. Army announced its first “cyber brigade” was operational, whilst the U.S. Navy and Air Force have their own cyber “fleets” and “wings.”‘

The US Army did indeed create a cyber brigade in December, the 780th Military Intelligence Brigade. Your sentence then goes on list the brigade with the “fleets” and “wings” of the other services.

The Navy only has one cyber Fleet, led by a Vice Admiral. The US Air Force cyber “wings” report to the 24th Air Force in particular. the 780th Military Intelligence Brigade will fall under Army Cyber Command.

It’s a fine point, but comparing a Navy Fleet (a Three star Admiral) to a brigade and air wings (typically led by Colonels) will catch the eye of military members. It might be more factual to compare an Army (2nd Army), a Fleet (10th Fleet) and a Numbered Air Force (24th Air Force). Those commands all report to US Cyber command and are peers when it comes to reporting.

Feb 09, 2012 10:11pm EST  --  Report as abuse
markcwells wrote:
They hire contractors for a number of tasks, even security forces like Blackstone. Why in the world would they not contract this out? There are plenty of ex-military in the field, but I can’t imagine anyone with the requisite skills would want to go back. Good pay, freedom, and casual dress are all huge incentives for many IT folks. The military simply can’t compete with corporations in this area.

Feb 10, 2012 10:46am EST  --  Report as abuse
txgadfly wrote:
Military operations are top down affairs where the commanders must have a solid grasp of the capabilities of the forces they command. You will not, repeat, not find that situation in the military.

To find a model of organization that actually has a track record of success, look at DARPA of the 80′s and 90′s. Overall, that agency was an outstanding success. But it was only marginally “military” in structure.

Feb 10, 2012 11:58am EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.