Army cyber chief outlines key challenges, goals

The U.S. military has been steadily expanding its cyber operations workforce, but still faces a lot of challenges in the increasingly contested cyber realm, the Army’s cyber commander said recently.

High-profile attacks such as those against Target, Sony pictures—allegedly by North Korea—and the hack of CentralCommand’s Twitter page have underscored the risks posed by sophisticated, often state-backed hacker groups. Chairman of the Joint Chiefs Gen. Martin Dempsey, if fact, has said that the U.S. military’s superiority does not carry over to the cyber realm.

Lt. Gen. Edward Cardon, commander of the Army Cyber Command, addressed these concerns and several others in a recent podcast hosted by New America.

The armed forces as a whole have tripled the amount of personnel for cyber operations, Cardon said, with 6,000 to be allocated by 2016, 2,000 of whom are Army personnel. Cardona also pointed out the significance of creating an entire new branch—the U.S. Cyber Command and its component commands in each of the military services—to address cyber operations, comparing it to Special Operations Command.  “The last branch that was formed was 1987, Special Operations, and look at it today,” Cardon said.

One of the key threats within the last five years in the cyber domain hackers’ knowledge of vulnerabilities, Cardon said. Hackers are able to record vulnerabilities, such as the shellshock bug, and reverse engineer them for malicious attacks. That creates a need for the government to improve its acquisition and information sharing proceses.

While the military is used to operating in fast-paced, competitive environments, its acquisition systems are not typically set up for the speed that cyber operates at. While Cardon did express his confidence that the military will adapt, as it did to improvised explosive devices in Iraq, for instance, greater information sharing between the government and private sector could also ameliorate such concerns. Hackers are constantly sharing information with each other, but information sharing does not translate to defenders, he said. Coordination among government agencies has never been better, he said, but there is a need for greater public-private partnerships.

The Army Reserve has already entered into a public-private partnership with universities and business that focuses on the recruitment, training and retention of cyber professionals. Cardon mentioned that the military will never be able to compete with the private sector but it can offer three distinct opportunities to entice talented individuals to work with them: 1) the military offers an exciting mission; 2) the military offers opportunities to work with cutting-edge technologies; and 3) the services offer opportunities to work on a team in defense of the nation. Despite a clear competition with the private sector, Cardon believes the Army is better positioned to gain “untapped talent” because it has the assessment tools based on a better understanding from methodologies in training, recruitment and retention in the past.

The cyber commander also said that the future of the military’s cyber force should have members with credible backgrounds with degrees in cyber related fields. “It’s just not about being a great computer expert or hacker, this is about your ability to organize these capabilities in time and space against a very specific mission set that is actually in support of the armed forces of the United States and the conduct of their larger mission,” he said.