The U.S. Army wants to be a leader in cybersecurity and the “service of choice” for the U.S. Cyber Command. But that will take talent and major changes in culture and acquisition — changes for which the Army might not be ready.
“How do we make the Army the cyber-force of choice?” asked Lt. Gen. Edward Cardon, the commanding general of the U.S. Army Cyberspace Command. The Army has what Cardon characterized as a “pretty good plan” for recruiting and developing cyber-talent out to 2017. But beyond that, it’s anybody’s guess.
“It changes so fast, it is probably not possible to predict what the size of the force needs to be several years out,” Cardon said, speaking this week at the annual Association of the United States Army conference in Washington, D.C. “We need everyone who has talent. If you’re talented, there’s room for you.”
“We found that it’s as much art as it is science,” said Col. Jennifer Buckner, commander of the Army’s 780th Military Intelligence Brigade. “It really does come down to good people,” said Buckner, likening the Army’s efforts to that of building a small, high-tech company within the Army. She called it “building a Google-like atmosphere within the Army,” but acknowledged those are often clashing visions.
The approach to culture is a deliberate choice, Buckner said. “Our deliberate investments over the past decade have positioned the Army to be CyberCom’s service of choice for the cyber-mission forces,” she said.
This notion of positioning itself as something of a market leader within the joint services command responsible for defending the nation against devastating cyber-attacks and conducting offensive operations in support of U.S. military campaigns, seemed to clash with the overall joint service structure that forms the basis of Cyber Command. In addition, the Army’s apparent desire to adopt private sector strategies for fostering innovation and attracting the best cyber-talent may come at a price the service is not ready to accept.
For example, superstar coders and cybersecurity analysts are extremely rare, but they are worth every effort to find and recruit, said Jim Young, the Army account executive for Google Enterprise Transformation. “But some of the best cyber-superstars in the world have ponytails, tattoos and have hair colors of their choice,” Young said to laughter during a panel session on the future of the Army’s cyber-force.
“Now, if we can only recruit 8 percent to 9 percent of the U.S. population to begin with, you’re narrowing down your field. You may have to make certain exceptions,” Young told an audience of senior Army brass.
But even if the Army managed to loosen up enough to recruit the best and brightest hackers, creating the right culture for the cyber-force of the future may still be a monumental challenge for a large, lumbering military organization with a top-down leadership structure.
“We get paid to take giant risks at Google,” Young said. “We look for 10x change factors. And we’re handsomely rewarded when we come up with that. And you do not get demoted at Google if you take a risk and it doesn’t work out. As long as you write a convincing lessons learned so nobody repeats the same mistake, you can actually get promoted by making a mistake.”
Some in the audience, including Lt. Gen. Dave Perkins, the commanding general of the Army’s Combined Arms Center at Fort Leavenworth, Kan., took exception to the notion the Army does not encourage taking risks in the pursuit of innovation.
“We want agile, adaptive leaders who use innovation and initiative,” Perkins said. “There is a perception that innovation is not tolerated. But I’ve never run into a situation where we have a soldier who is way too innovative, they’re coming up with too many great ideas … and we have to get rid of them. I really just have not seen that as a problem.”