One of the U.S. Senate’s most vocal members on cybersecurity is concerned that Army Cyber Command does not have the personnel it needs to conduct offensive cyber operations.
In a Sept. 26 joint Senate Armed Services Cybersecurity and Personnel Subcommittee hearing, Sen. Mike Rounds, R-South Dakota, said the Army needs more tool developers.
“The Army faces significant manning gaps in the roles of tool developers and interactive on-net operators, or I think as we call them IONs,” Sen. Mike Rounds, R-South Dakota, said. “While the Army needs about 15 operators … it has about half of its requirements.”
Part of the problem, Rounds said, is the Army has about 14 spots in the NSA’s Remote Interactive Operator Training, or RIOT. About half of those 14 operators will fail the training, meaning there will likely be just seven graduates to move onto the Cyber Mission Force, the cadre of cyber warriors that conduct operations on behalf of U.S. Cyber Command.
Lt. Gen. Stephen Fogarty, the head of Army Cyber Command, explained the service’s two-pronged approach to alleviate these staffing issues.
First, Fogarty said the Army has come to believe that not all of the ION operators have to pass the course or be RIOT qualified.
Since the course is run by the National Security Agency, it focuses on operations conducted on intelligence, or Title 50, systems. U.S. Cyber Command – and by extension, Army Cyber Command – is working to be more independent from its parent organization, NSA, and wants operate training on its own military, or Title 10, infrastructure.
Fogarty said the Army has a course that allows operators to work on the Army’s Title 10 cyber infrastructure. This allows the Army to observe these staffers as they start to conduct missions and get repetitions to better identify the “star athletes” they need to send to the NSA’s RIOT course.
“What we’re hoping is that we can identify someone who has better aptitude, better likelihood of actually graduating and that would essentially double our numbers if we can get that straight per year,” Fogarty told the Senate panel.
By putting these trainees through the Title 10 operators’ course, the Army can then assign them to missions much sooner than if they send them directly to RIOT first, Fogarty said.
Fogarty also explained that Army Cyber Command has asked Gen. Paul Nakasone, head of Cyber Command and the NSA, to expand the RIOT course to add more slots for military members.
Army leaders hope success will ultimately arrive via a combination of the approaches Fogarty outlined; the number of RIOT trained operators and the larger pool of Title 10 operators.
Moreover, by taking the approach of sending personnel through the Title 10 operator’s course and on mission on Title 10 infrastructure, Fogarty said it helps get the Army toward the mission of eventually weaning themselves from the NSA platform for good.
Fogarty also outlined other measures the Army is working on to bolster its cyber workforce.
One example is the use of direct commissioning authorities given by Congress, which were recently expanded. Under a pilot effort, the military could only direct commission personnel as 1st lieutenants, which many experts said did not pay enough for a comparable position in the private sector.
Fogarty told the committee in written testimony that with the expanded constructive service credit, which goes up to the colonel level, the Army intends to attract candidates from a wider pool of applicants in the coming months.
Additionally, Fogarty wrote that the Army has partnered with the Pentagon’s Defense Digital Service to help resolve its toughest talent management and technical problems by bringing tech-talented soldiers together with interns and top private sector civilian talent to rapidly develop immediate-need cyber capabilities.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.