Jesus' Coming Back

A Cyber Force Is Not the Only Solution

Recent calls to create a Cyber Force are only the latest response to the U.S. military’s years-long struggle to train and retain talented cyber personnel. In 2019, for example, an instructor at the Cyber Center of Excellence noted the difficulty of rotating soldiers through assignments executing offensive or defensive cyber operations given the need for specialization within those fields. In 2021, then-Maj. Gen. Paul Stanton, commanding general of the Cyber Center of Excellence, observed that graduates of the Cyber School weren’t ready to execute those missions due to a lack of job-specific training. A 2022 article for the Modern War Institute highlighted a number of issues: the Army’s culture of generalization, a lack of opportunities to build mastery, and insufficient compensation.

A future Cyber Force is the best long-term solution to addressing these problems. But it would not solve them soon. In the meantime, a few changes could help the Army significantly improve its efficacy in the cyber domain. Specialization would ease the pain of rotating between unrelated missions. Job-specific training would prepare soldiers to execute cyber operations. Redesigned career maps and a revamped Cyber Assignment Incentive Pay program would improve retention. In the short term, the Army should implement these changes to improve its ability to generate, employ, and retain talented cyber personnel today, and to position the Army well for the creation of a Cyber Force soon.

Encourage Specialization

A good first step to improving the Army’s ability to generate, employ, and retain cyber personnel would be to formalize the de facto specialization between offensive cyber operations, defensive cyber operations, and electronic warfare. Under the current system, a 17A cyber operations officer might spend their lieutenant years supervising offensive cyber operations, plan and execute defensive cyber operations as a captain, and then find themselves integrating electronic warfare into tactical missions as a major. A 17B electronic warfare officer might work through this same series of disjointed assignments except in reverse. Although their enlisted counterparts — 17C cyber operations specialists and 17E electronic warfare specialists — are less likely to move between these specialties, I have seen it happen to them, too.

While this does build “well-rounded” soldiers, the dubious assumption that generality is superior to mastery only hurts the force. Erica Lonergan and Mark Montgomery made this clear in United States Cyber Force: A Defense Imperative: “Potential cyber leaders cannot look to their superiors for mentorship or wisdom gained from experience within the domain. Facing disincentives to the further development of their skills, talented cyber officers choose other paths or exit the military altogether, depriving the next generation of cyber-experienced leadership.” The problem is even worse when that captain might have come from the infantry, or that major from another maneuver branch. What practical guidance will those officers give their soldiers? What experience will ground their advice to their commanders? In many cases, little and none — certainly not due to a lack of intelligence or desire, but simply due to a lack of relevant experience.

The flawed idea that offensive and defensive cyber operations are two sides of the same coin, and that electronic warfare is “close enough” that soldiers ought to be able to move between all three, has unfortunately persisted for years. The Army’s recent push to merge the cyber and electronic warfare specialties — which Congress thankfully blocked — is a symptom of its continued insistence on generality over specialization. Everything from foundational institutional education to job-specific training, weapons systems, concepts of employment, and staff processes differ across offensive cyber operations, defensive cyber operations, and electronic warfare, though. The Army should recognize this by expanding its current military occupational specialty codes beyond 17A and 17B.

Within distinct offensive cyber, defensive cyber, and electronic warfare specialties, sub-specialization could then be encouraged based on existing work roles. Under expanded specialty codes on the defensive side, for example, a 17I incident handler could oversee defensive operations, and 17H host analysts and 17N network analysts could make up the mission elements. A 17P data scientist and 17U data engineer could complement them. A formal designation in each of these roles, rather than the extant non-binding system based on informal work role designations, would give these personnel longevity within their field. This stability is necessary to achieve mastery without being cycled through other, unrelated jobs. A similar approach could be taken within the nuanced offensive cyber and electronic warfare specialties, too. This is not a new idea, but rather the predictable evolution of a maturing field: “Twenty years ago, all you needed was somebody who was a computer expert. Ten years ago, all you needed was somebody who was a computer security expect. Five years ago, you did have to specialize in a various domain of security, but then you could still keep it to a few broad divisions. … Today, you have to really dig down deep to get to the various specializations.”

Real separation between the functions would also allow the Army to more effectively allocate its forces to the appropriate echelons. Cyber officers, for example, could be assigned away from tactical units where they lack the authorities, equipment, training, and mission to function in favor of billets at the strategic level where they do. Electronic warfare officers, on the other hand, could eschew strategic-level assignments where they lack the equipment and opportunity to conduct any sort of electronic warfare in favor of tactical units where they would make a difference on the battlefield. In abstracting away the nuances of work roles and mission sets under “cyber,” we have introduced inconsistency in some units who see their cyber personnel filling an offensive role, others that envision employing them in a defensive capacity, and still others who see them in an intelligence role supporting targeting. Formal specialization could serve as a guardrail against the improper employment of cyber personnel for aspirational mission sets in units that ought to use them in other ways and give the cyber branch a formal mechanism to keep highly trained, narrowly specialized individuals from atrophying outside of the roles for which the Army invested heavily to train them.

Specialization is the snowball that would start the avalanche and motivate other changes necessary to improve the Army’s ability to operate in the cyber domain. With specialization comes job-specific training, distinct career maps, and tailored retention strategies. Fortunately, there has been some progress on this front. In April of 2024, Army Human Resources Command published Military Personnel message 24-134: Implementation of Personnel Development Skills Identifiers (PDSI) for personnel certified in Cyber Work roles. Personnel Development Skills Identifier codes provide a formal mechanism with which to categorize personnel with cyber work roles. Unfortunately, these codes do not carry the same weight as unique military occupational specialty codes. They can be ignored, and do not necessitate unique job-specific training, distinct career maps, and tailored retention strategies. The Army’s Cyber Certification Program, another similar initiative, goes further but still falls short — support for it is mixed, and its future is uncertain. The actual implementation of this critical step, then, is unlikely to happen without external intervention. Lawmakers recently forced the Navy to create cyber-specific designations — a similar intervention would likely be necessary to address this problem in the Army.

Develop Job-Specific Training

Because of the Army’s lack of specialization within the cyber branch, its personnel currently endure long generalist training pipelines that do little to prepare them for the operational force. Stanton highlighted this issue in 2021: “When you graduate from the schoolhouse, in my personal opinion, you should be ready to execute your job.” That was not the case when I graduated in 2018, nor when he said that in 2021, and it is not the case today either. Particularly on the defensive side, the Army expects its soldiers to gain the knowledge and experience necessary to function at a high level elsewhere, outside of its institutions and often in their own time.

Due to insufficient initial entry training, operational units pick up where institutions have failed them by resourcing job-specific training themselves. This job-specific training could entail weeks of additional military-run courses, days of online classes, and difficult certifications from private sector organizations totaling months of additional learning after graduation, unique to each job, just to get to work. A soldier preparing for offensive cyber operations, for example, must go through lengthy courses primarily sponsored by government agencies before they can do their job — conversely, a soldier preparing for defensive cyber operations must take almost exclusively trainings from the private sector before doing theirs. Thanks to the Army’s continued insistence on a generalist educational model, the operational force bears the brunt of this burden. A normal three-year tour therefore typically entails much less than three years’ worth of work as a result. Formalizing distinct offensive cyber, defensive cyber, and electronic warfare specialties would simultaneously enable Training and Doctrine Command to develop and sponsor useful training narrowly scoped to soldiers’ actual duties, offload that training requirement from operational units, and lead to greater consistency across the force.

Recognition of distinct offensive cyber, defensive cyber, and electronic warfare specialties could also open the door to institutionalizing industry training and certifications much like the Signal Corps has. The Signal Corps expects its personnel to earn industry certifications as they progress in their career. Fantastic initiatives like the Pacific Signal University provide access to basic courses like CompTIA’s Security+, for example, as well as advanced training like the Cisco Certified Network Associate in a splendid example of the Army Learning Concept in practice. Today, though, the opportunities available to cyber soldiers in traditional Army units versus those available to soldiers in units specifically focused on cyber operations are vastly different.

As a young lieutenant, for example, my first unit — a cyber unit — invested tens of thousands of dollars into sending me to trainings from vendors across the private sector. In fact, in the five years since I left the Cyber School, the Army has spent over $100,000 on training and certifications for me alone. Almost none of those opportunities exist in traditional Army units that do not recognize the need for expensive, highly specialized training in lieu of canned Army courses. Unfortunately, this approach will only perpetuate the status quo of descending tiers of competency as soldiers stray further from cyber units out into the traditional Army — something that ought to engender concern, not pride. Specialization within the cyber branch could fix this by enabling the Army’s Training and Doctrine Command to adequately address the unique training needs of distinct offensive cyber, defensive cyber, and electronic warfare specialties.

Redesign Career Maps for Specialization

A novel approach to personnel management, with distinct offensive cyber, defensive cyber, and electronic warfare specialties and further sub-specialization within each of those fields, would also require redesigned career roadmaps. DA PAM 600-3: Officer Talent Management and DA PAM 600-25: U.S. Army Noncommissioned Officer Professional Development Guide provide career guidance to officers and non-commissioned officers, respectively. As a cyber operations officer, for example, I should have spent my lieutenant years as a platoon leader and company executive officer before becoming a company commander as a captain. In effect, these guides provide a roadmap to success in this organization. Not one technical work role has ever appeared in these career roadmaps. The unique needs of the Army’s cyber and electronic warfare operators are not recognized by the Army.

Fortunately for the soldiers’ career prospects, although unfortunately for the branch’s efficacy in cyber operations, the difficulty of developing deep technical expertise has negligible impact on promotion. Neither the officer nor the non-commissioned officer career map lists a single offensive cyber, defensive cyber, or electronic warfare work role — not even the work roles most in demand. Technical jobs are not required and are therefore seldom encouraged. The Army’s one-size-fits-all command versus leadership model has not served it well as of late, though, especially in the cyber branch where many desire alternative career paths. Indeed, survey data about the Army’s retention issues suggest that redesigning career maps would not only enable specialization, but also improve retention as well.

Fortunately, some of the work for specialized career maps has already been done. The operational force has invested heavily in analyst-specific training. The Cyber Protection Brigade, for example, has created host analyst and network analyst training. My own unit built a similar curriculum. The Air Force is in the process of creating a comprehensive data science course. These programs could help inform career roadmaps redesigned for specialization. Army Cyber Command could also bring back its recently discontinued job qualification records, which both define the knowledge, skills, and abilities that cyber and electronic warfare personnel must satisfy to become qualified in technical work roles and also outline five-year career paths within each. Together, these training plans and career paths could serve as the basis for redesigned career maps for specialization based on the existing cyber and electronic warfare work roles.

Revamp the Cyber Assignment Incentive Pay Program

Under a future system with distinct offensive cyber, defensive cyber, and electronic warfare specialties, further sub-specialization within each of those fields, job-specific training, and career maps that encourage rather than hinder specialization, the last and final change the Army should make would be to revamp the Cyber Assignment Incentive Pay program.

This program is a well-meaning but inherently broken initiative. Each year, the Army identifies gaps in technical work roles, then incentivizes soldiers to obtain those skills through small, monthly bonus payments. By design, this addresses cyber skills gaps only after they have manifested. By monetarily incentivizing personnel to develop in-demand skill sets and then removing that monetary incentive once a sufficient population has attained them, the program also implicitly incentivizes the atrophy of those skills in favor of ever-changing operational needs.

The Cyber Assignment Incentive Pay program is also too little, too late. While monthly bonuses range from $200 to $1,500 based on job and experience level, few ever make it to the upper end of that spectrum. Most receive just a few hundred dollars per month. It’s no wonder they leave: I watched a junior soldier, an E4 specialist making less than $50,000 per year in Augusta, Georgia, leave the Army for a job using the same exact software for over $150,000 per year fully remote. I have friends in other units who have watched their personnel, also junior soldiers paid similarly, get replaced by contractors making over $200,000 per year. RAND wrote an entire study on this in 2017, almost a decade ago. I have heard many senior leaders appeal to duty and patriotism in response, but these arguments fall flat when these soldiers can do the same job, supporting the same mission, with more personal freedom and higher quality of life outside the Army than within it. The Army is unlikely to ever match private sector pay, but it could at least get close enough that the difference does not drive its most competent soldiers from its ranks.

The Army has several far better models upon which to base such an incentive program. The Medical Corps, for example, must compete with extremely lucrative opportunities in the private sector and manages to do so in part due to its far more robust incentive pay and retention bonus program. The Critical Skills Retention Bonus could target highly trained cyber personnel with critical skills, to retain them. The Army could use annual bonuses to at least bring military compensation into the same ballpark as comparable civilian opportunities. As Mark Gorak of the Office of the Chief Information Officer recently explained, “Pay for performance. Pay for what your actual expertise is. That’s the system we have to get.” To retain highly trained cyber and electronic warfare personnel, significantly more resources should go to a program like this, not fewer. Distinct specialties with unique, tailored training pipelines and concrete career roadmaps would provide the rigor necessary to support this level of investment.

Conclusion

As we rucked long before the sun rose, and later laid in the woods waiting for our trainers to stumble into our ambush, my lieutenant friends and I used to joke that those field exercises would make us better cyber officers. Even in 2018, when I commissioned into the Army’s Cyber Corps, the patent absurdity of those situations made us laugh. These are the memories I think of when I read calls to create a Cyber Force. The U.S. military has struggled to train and retain talented cyber personnel for years and it’s no mystery why. A Cyber Force is certainly the best long-term solution to the myriad challenges facing the military’s cyber personnel, but it would not solve them soon. In the short term, the Army could make several changes to improve its ability to train, employ, and retain talented cyber personnel now while also preparing for the eventual creation of the Cyber Force. Specialization would ease the pain of rotating between unrelated missions. Job-specific training would prepare graduates of the Cyber School to execute cyber operations. Redesigned career maps and a revamped Cyber Assignment Incentive Pay program would improve retention.

Implementing these changes will be hard, but they are not impossible. Lawmakers have demonstrated a willingness to force change within the military when necessary. Such external pressure could be the catalyst necessary for specialization within the offensive cyber, defensive cyber, and electronic warfare fields, at which point the Army’s bureaucracy would be forced to develop job-specific training and to redesign career maps to account for that specialization. Congress could also force a redesign of the Cyber Assignment Incentive Pay program to effectively incentivize and retain highly skilled cyber personnel in the military. Whether the Cyber Force activates in one year or 10, these changes will markedly improve the nation’s efficacy in the cyber domain today.

The new cyber lieutenants my unit receives today have gone through much of the same training I did six years ago. The specifics have changed, but they still go to the field, they still ruck, and they still get told that these things will make them better cyber officers. Survivorship bias is strong. A Cyber Force is the best chance to address the many challenges inhibiting the military’s cyber forces, cultural challenges chief among them — but in the meantime, the Army has other options. A Cyber Force is not the only solution.

Capt. Zachary Szewczyk commissioned into the Cyber Corps in 2018 after graduating from Youngstown State University with an undergraduate degree in computer science and information systems. He has supported or led defensive cyberspace operations from the tactical to the strategic level, including several high‐level incident responses. He currently serves in the 3rd Multi‐Domain Task Force.

The views expressed in this work are those of the author and do not reflect the official policy or position of the Department of the Army or the Department of Defense.

Thanks to N.A.P for providing feedback during the writing of this article. Their input was considered, but this article is not necessarily an accurate reflection of their opinions.

Image: Maj. Zachary Leuthardt

War on the Rocks

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More