Staffing of Cyber Operations

General Alexander, the head of the U.S. Cyber Command, reported that DOD computers receive some six million threatening probes each day.[1]  These attacks are directed at 2,904 separately funded IT projects, each with multiple vulnerable programs.[2]   There are also over 15,000 separate networks in place, which offer a conduit for cyber attacks. The total number of DoD daily transactions can be measured in billions, each potentially a carrier of malware.

There is no question that DoD offers huge vulnerabilities that must be countered with defenses that cannot afford making errors. Can that be accomplished by adding more manpower?

According to the Conference Board, there were 15,900 open jobs in cyber security posted in May 2012. According to the SysAdmin, Audit, Networking, and Security Institute (SANS) the highly skilled cyber security staffers can be paid as much as $175,000/year. Booz Allen Hamilton is now trying to hire 1,000 cyber security experts as contractors.

DoD has 90,000 personnel involved with cyber security, with 35,000 to 45,000 in military positions. [3]  DoD is now calling for an additional twenty to thirty thousand cyber security professionals, but has difficulties in finding them as well as funding them. The increased sophistication and complexity of highly targeted cyber attacks have therefore increased acceptable qualifications for defensive cyber positions. DoD may not have in place qualified 90,000 cyber warriors.

Meanwhile, qualified cyber personnel are getting drained off to satisfy urgent needs to support a variety of new cyber positions under the nine geographic combatant commanders. The Secretary of Defense has ordered all unified commands to set up immediately Joint Cyber Centers (JCC) to serve as a link between combatant commanders and U.S. Cyber Command (CYBERCOM). That may require at least a few hundred openings for personnel with very high levels of security and skills to engage in the launching of cyber attacks.

SUMMARY
Even if we assume that all of the cyber security personnel are highly qualified, with high levels of security as well as efficiently deployed, that leaves us with only three to four persons pre IT project that are available per shift to guard each DoD program. However, such personnel cannot be deployed according to geographic commands because systems are organized by service or agency. Much of the personnel will have to be concentrated in DISA performing security assurance as an infrastructure service provided that the interoperability with a long list of aging systems can be established.

About half of all dollar spending is for a common infrastructure, which require highly automated monitoring to identify which one of the six million potentially hostile probes per day are an anomaly.  Cyber security staffs also must be organized for interception of incoming traffic according to the ways networks are structured. This would require making major investments in at least a dozen of well-staffed and well-funded network control centers that would be needed to amortize large investments in intellectual capital for cyber defense.

The scope of cyber operations calls for concentration of defenses. It calls for the adoption of rapidly evolving automated threat detection methods. Keeping cyber defense personnel and interception methods dispersed, as is currently that case, is neither effective nor affordable. At this point DoD needs to reconsider how to deploy its cyber defense talents for a greater concentration of efforts.



  [1] http://www.defense.gov/news/newsarticle.aspx?id=67713
  [2] http://www.itdashboard.gov/data_feeds
  [3] http://csis.org/print/21094