The Department of Defense’s Cyber Command reportedly wants to quintuple its workforce, but its leader, Gen. Keith B. Alexander, told a House Armed Services subcommittee last week that the threat of furloughs is going to hamstring his ability to recruit people to defend U.S. computer networks.
The Department of Homeland Security is also trying to bulk up the staff of what DHS Deputy Secretary Jane Holl Lute calls “cyber ninjas,” but it can’t do so without Congress’ help, she told the House Homeland Security Committee last week.
On Capitol Hill, debates about cybersecurity have largely focused on how much to regulate industry and how to share threat information between businesses and the federal government. Yet Congress has a less glamorous, increasingly visible problem to address: There is a vast need for trained cyber-warriors at Defense and Homeland Security, but recruiting and training them is difficult.
The need is driven by the danger. Last week, Director of National Intelligence James R. Clapper Jr. led his annual threat assessment presented to the Senate Intelligence Committee with cyberattacks, placing that issue at the top of the agenda for the first time.
One cyber-expert, Alan Paller, said there’s a saying going around the Pentagon that “in the next war, the tanks will be people” — the kind of personnel who can dismantle a piece of malicious code but are in short supply.
“If it’s true that in the next war tanks will be people, our inability to build out is dangerous,” said Paller, director of research for the SANS Institute, a company that specializes in Internet security training.
The ability to hire talent is complicated by the sequester, as Alexander told the House Armed Services Subcommittee on Intelligence, Emerging Threats and Capabilities. It also figures to be a part of Congress’ 2013 stab at cybersecurity legislation, with one panel having already passed a bill that partially tackles the cybersecurity workforce issue.
Trying to Bulk Up
Within the federal government, among the agencies that work on cybersecurity, the vast majority of the top-level expertise is at the National Security Agency and Cyber Command — both housed within the Department of Defense — said House Intelligence Chairman Mike Rogers, R-Mich., adding, “Second place is a long way down.”
Cyber Command is considering an increase in personnel from 900 to 4,900 over the next several years, according to The Washington Post. Separately, a DHS task force concluded last year that the department needs to hire 600 new, extremely high-skilled cybersecurity personnel.