How the US Military Can Better Keep Hackers

Interesting commentary:

The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues.

It is possible the military needs a cyber corps in the future, but by accelerating promotions, offering graduate school to newly commissioned officers, easing limited lateral entry for exceptional private-sector talent, and shortening the private/public pay gap, the military can better accommodate its most technical members now.

The model the author uses is military doctors.

Posted on August 3, 2018 at 6:21 AM • 30 Comments

Comments

wiredogAugust 3, 2018 7:08 AM

IIRC, doctors are still required to pass the PT test. They don't have to qualify with weapons, but that's because international law forbids medical personnel from being armed. I don't think that would apply to cyber officers.

Fighter pilot might be a better fit. Highly technical with well paying civilian opportunities after service.

OOAugust 3, 2018 7:20 AM

clearly the author missed the fact that the Army is piloting a Direct Commissioning program for Officers to bring them into Cyber

FORT BENNING, Ga - 1st Lt. James J. Gusman and 1st Lt Timothy J. Hennessy took the oath of office as the U.S. Army Cyber Branch's first direct commissioned officers during a ceremony on Taylor Field, May 9.

Brig. Gen. Neil S. Hersey, the Commandant of the U. S. Army Cyber School at Fort Gordon administered the oath and welcomed the new officers into the youngest branch in the U.S. Army.

"I am proud of what these two officers have accomplished to be here today," said Hersey. "Though they still have more training ahead of them, they have proven to be the most competent and to possess the greatest potential during a very competitive selection process."

To be considered for direct commissioning, applicants must hold at least a bachelor's degree and demonstrate a professional level of competence in a cyber related field.

Both Gusman and Hennessy have extensive backgrounds in multiple areas such as information technology, information assurance, cyber security or cryptology. Both have prior Army service, and were the only two among almost 80 applicants, to receive direct commissions.

The U.S. Army authorized the Cyber Branch to grant five direct commissions per year in efforts to recruit talent possessing industry experience, relevant education, and the potential to fulfill duties required by the Army.

SteveAugust 3, 2018 7:30 AM

They need to end drug testing.
They need to help creative "hackers" keep their own hours most of the time.

Interviewed for a position at a DoD contractor. The technical team there wasn't qualified to do the interview. They appeared clueless. Perhaps that was just to see what I knew?
Anyway, after that was over, the manager came in - an old military guy - and started to explain all the ways I could be fired. The first on is list? Not being at my desk by 7:30am or taking more than 30 minutes for lunch. This wasn't a 24hr manned position. I sent a thank you for the interview email to the team a day later.

I decided to accept a position elsewhere even though the pay was close enough and location was better with the DoD contractor.

The manager called me about 2 weeks later asking when I could start. I thanked him for following up.

Tip to managers - don't tell people 20 ways how they can be fired during the interview. But I suspect I would have been fired pretty quickly ... for walking out of work.

Bauke Jan DoumaAugust 3, 2018 9:14 AM

In Dutch, the 'Army' is 'Leger'.
A word that has a second meaning: 'More Empty'.

It is a happy moment, to learn that the US Army is implementing exactly that.
Hackers should be whistleblowers, not stand to attention when someone whistles.

David KowisAugust 3, 2018 9:52 AM

As a programmer in the US Air Force in the past, all of this is correct. You don't get to remain technical. You're forced into management as you progress. Wasn't what I wanted to do, so I didn't remain in (and for other reasons.)

SluaghadhanAugust 3, 2018 10:18 AM

The Army does make use of warrant officers for their cyber and other networking based enlisted positions. The pay isn't as nice as officer or private sector, but you just focus on your technical work and typically aren't as susceptible to the annoyances of typical military life.

echoAugust 3, 2018 10:46 AM

I find too many UK doctors have archaic attitudes and there are very definitely issues with medical practice. In part I believe this isn't just due to class or sexism but because so many doctors have taken the Queens schilling as a way of funding the easy life during their education. They end up indoctrinated with hierarchical them and us attitudes and tribalism. The IT industry has after many years shaken off similar god complex attitudes. You will have to excuse me if I am circumspect about whether frontloading the IT profession with (almost certainly likely largely men) with militarised brainwashing especially during formative years is a good idea.

Still, on the plus side... If IT was still run like the medical profession we'd be stuck with the Zilog Z80, punched tape and timeshare computing, and wouldn't be eyeball deep in Spectre.

PhaeteAugust 3, 2018 10:51 AM

Sensible stuff, and don't forget to hire the well skilled female supervisor to keep nerds in line.
The article on foreignpolicy.com tickled my irritation glands though.
63 times they use the word cyber on that page, the word internet is used ZERO times, the word network is used ZERO times.
The word cyber is used both as a noun and an adjective.

And if you wonder why i care, it's because i know i will be reading similar articles where this happens to the word crypto (-graphy, -currency, -logy etc)

vas pupAugust 3, 2018 10:58 AM

@all
Q: I guess those folks required high level of creativity for positions mentioned and this requirement just contradict super structured environment of military life. E.g. Google let their employees be in environment comfortable to them to the degree they could allocate their brain power for actual IT tasks not small illogical things. Unfortunately, in government environment (IT in particular) Logic is not the queen, but Policy which usually created by personal having close to zero knowledge in the field (psychology in particular) they try to regulate with mentality 'one size fit all'.

PhaeteAugust 3, 2018 11:05 AM

@Bauke Jan Douma
"Hackers should be whistleblowers, not stand to attention when someone whistles."

Nowadays we love to tell other people what they should do, and they usually choose 2 extremes with no middle ground.

Now what they really should do is be human, get a job, a wife, a house, 2 kids and a dog or cat and regular fight with the family at christmas.
And what else they do is totally their decision, not yours to imply.

echoAugust 3, 2018 11:32 AM

@Phaete

I do agree there is a tendency today to rapidly escalate and lurch to one side or the other. I'm not hugely up on academic papers explaining why but do know this is a thing in the UK state sector and historically discriminated communities. (Or perhaps any hirarchial and compartmentalised organisation which has lost its organisational memory and is juggling budgets to keep up the appearance of staying afloat).

@vas pup

Yes, the psychological side of state sector medical practice in the UK is very shovel through to fit a flowchart and stick patients in boxes.

LauriferAugust 3, 2018 11:47 AM

@Bauke Jan Douma "Hackers should be whistleblowers, not stand to attention when someone whistles."

Nowadays we love to tell other people what they should do, and they usually choose 2 extremes with no middle ground.

Now what they really should do is be human, get a job, a wife, a house, 2 kids and a dog or cat and regular fight with the family at christmas.
And what else they do is totally their decision, not yours to imply.

Self-awareness a little weak here.

Employers, or this particular government employer, dictating personal lives and trying to impose military discipline on 'hackers' and the like is having very predictable results and the talent goes elsewhere.

PhaeteAugust 3, 2018 12:01 PM

@Laurifer

Could you explain what you mean? your tone seems to disagree where your words agree, i don't really know what you mean.

Yes, IT specialists should have their own job 'environment', just like hundreds of other jobs where the environment is modeled for a specific type of person.
And yes, they are human first and specialist secondary, so no need for others to dictate their actions (motivate works far better for this type of personality)

DocAugust 3, 2018 1:01 PM

The whole operating philosophy of the military is based upon chain of command and following direction from superiors. So all of this nonsense about "I dont want to show up at 7" or eliminate drug testing is simply not viable, like applying for a construction worker job when you dont want to do any physical exertion or work outside. Prospective applicants should be expected to embrace the corporate lifestyle, not protest it while demanding a job. In general, a strong body begats a stronger mind. Drugs simply arent a part of either.

We should be able to recruit and retain the best and brightest if we change the military pay scales to something reasonable. Enlisted pay up to about E5 is barely above poverty level. Officers dont make pay commensurate with their private enterprise peers ever (until they retire and go to work for private industry!). Ask someone like James Matis (Sec Def) what he made as a 4star, and compare that to what CEO of Boeing or Booze Allen makes. There are several zeroes difference.

bobAugust 3, 2018 5:23 PM

@Phaete

Yeah, im not sure what laurifer wanted to say, but ill give you my interpretation. Dictating personal lives and trying to impose military discipline on 'hackers' is "to tell other people what they should do", thats what employers employ other people to, and this particular government employer goes further as to dictate personal lives.

I'll add my opinion. When you say what they really should do is be human, you define being human. And defining being human is the same as telling other people what they should do because they are human. What if other people define being human not as getting a job, a wife, a house, 2 kids and a dog, but as being ethical, being a whistleblower, not standing to attention when someone whistles?

DannyAugust 3, 2018 5:54 PM

@Doc
You got it wrong. Cyber is brain activity first so don't impose your physical laws on me from your outdated military chain if you want the cream to stay there. Construction is physical activity first so if you want to do a nice allegory with construction then you might rephrase it something along the lines "..like applying for a construction worker job where you don't want to deal with thinking...".
And nobody is protesting, they simply don't take the job and that's why military have the problem. They impose something and the brain goes somewhere else, offer and demand, nothing else.

WoAugust 3, 2018 10:27 PM

Not as much focus on cultural issues, huh? Like using lexicon for hacking that was invented and fetishized by people who barely touched computers throughout their life?

I know there's a morale issue at the NSA with the continued tech-communinity vilification and fear of the NSA. I wonder if there's any splash blowback to military hacking talent as well considering the significant overlap between surveillance and hacking organizations in the military.

PhaeteAugust 4, 2018 8:16 AM

@bob

Sounds logical, but i don't define being human, we all do with our own behavior, and then we just take an average of the 7 bil people behavior and call that "being human" (some countries just look nationwide instead of worldwide, but that's another discussion)

If someone does not want the norm, that's totally fine, but he/she should at least have the option and consciously decide not to.

PeaceHeadAugust 4, 2018 9:32 AM

quote:


"Furthermore, there is a whole body of law on the issue of civilians directly participating in hostilities. Where they “directly” participate in hostilities, they can be targeted, kinetically or otherwise, just like uniformed personnel, but there is no requirement to be uniformed. Being a civilian does not exempt them from being targeted, though performing most core tasks at Fort Meade or in Hawaii makes the likelihood small."

endquote.


The above statements by the author is negligent of and/or evasive of the facts that the USA already has several compound multipurpose intelligence fusion centers where there is aleady somewhat of a defacto military and cybermilitary presence. People participating in, within, and around drone warfare know this. And that is certainly NOT (yet) LIMITED to Fort Meade nor Hawaii. So that last comment of the author is kind of reckless and doesn't serve to protect anybody in the world from anything.

We have WAY TOO MUCH SECURITY THEATRE.

Meanwhile, the article does support the premise that we are in the midst of several civil wars happening on American soil, information wars included.

So if the US Military is partiALLY struggling with it's digital/electronics/communications/programming/security/internetworking/firewalling technical support of both defensive and offensive, that implies to me that yet again, the claims that the confidence levels about malevolent hacking couldn't possibly be 100% and that some of those who might have decent informed and educated opinions and expertise based upon knowledge and experience might not have even been included in the intelligence reports.

And of coure any so-called intelligence report claiming 100% unanimity is 100% not-believable.
On any topic so complex with so many people involved, accomplishing 100% unanimousness is pretty much impossible unless everyone is brainwashed and networked to a single syndicated source.

Propaganda doesn't make reliable defense nor offense, and hypocrisy doesn't make good foreign policy.

This approach is NOT SUSTAINABLE and even if some of the adverse effects come 5-25 years later, those will be astoundingly INSIDIOUS and CAUSTIC. And there will be multilateral vengefulness because large amounts of people will be extremely upset domestically as well as nondomestically.

Facts have valor. Please don't betray them too.

Of course, some of the civil wars are literally against machines already.
Hyperdependence upon automated info-gathering and automated decision-making has already put the USA into datatrap because of both the malware, and white-collar criminal elements, and the data corruption and the AI disobediences, and the disgruntled sometimes-rebellious workers (of which there are millions, not thousands).

And now some corporations without checks and balances upon them are often bigger actors than governments and militaries combined.

DAVID VS. GOLIATH is worth remembering.

Thank goodness for freedom of thought and the flow of fact-corroborative informations to the contrary of misinformation campaigns supersaturating the zeitgeist with misdirection.

The primary trouble with falsehood, is that it can lead to REAL DANGERS, such as accidental NON-NEEDED WARFARE, or warfare INSTIGATED BY PROVOCATEURS.

TatütataAugust 4, 2018 9:33 AM

I began writing something about the importance of gubmint functions in general, their neglect the world over, the cravenness of politicks, etc., but was overcome with a sense of déja-vu.

Why should "security" functions be privileged over every other one anyway? Because the perennity of the state depends on it?

Happens that I opined something of the sort back in January 2018, where the topic that time was NSA morale (not NSA morals).

CallMeLateForSupperAugust 4, 2018 4:16 PM

Lifer: "I said, get your ass back to your desk!"
Cyber noob: "Dude.... chill."

Yeah, that will be a match made in heaven. Not.


"How the US Military Can Better Keep Hackers"
Like squid, they keep best in an ice chest.

PeaceHeadAugust 4, 2018 5:37 PM

@callmelateforsupper:

Squid can already breathe deepsea oxygenated frigid waters and mitigate the intense pressures without the aid of machines or exoskeletons or breathing apparatus or biological engineering. People, on the other hand, can't.

Although the encounter you described comically wouldn't be without some friction, it might actually b e exactly what is needed:

...a direct challenge to mindless authoritarianism which demands total submission and mental surrender in service of corporate warfare benefitting only the uber-rich while destroying the most commonly required natural resources permanently with toxins measured in halflives of hundreds of years (but only when declassified after a generation or two is already sickened or deadened).

So yeah, "chilling out" is not such a bad thing whatsoever. It's the wrong lingo, though. Really, it's "warming up".

Hippies and ordinary people such as nuns and freethinkers helped to get us out of Viet Nam as well as aspects of the 1980s Cold War. It can be validated by documented histories and by some still extant participants.

Stereotypes notwithstanding, there's absolutely nothing wrong with stopping irrational behavior in it's tracks regardless of traditional protocols which cater to ancient feudalism.

Plenty of talented people don't fall neatly into the "blue hair" category either.
In my opinion, the thing that puts America at most risk of extinction is the stubborn persistence of Blind-Faith Traditionalism Without Thoughtful Self-Review.

It's along the same lines as "Just Following Orders" or "Because I Said So" or "History Is Written By The Winners"; those are all sloppy and imprecise ways of thinking that don't reflect the complexities of what actually happens. And yet our wonderful yet tragic culture tends to default to those bad habits even to it's massive detriment as a foundation for otherwise would-be-sophisticated innovations and decisions and cultural phenomenon.

I see these types of logical fallacies as directly related to our prominent security issues which are currently all just "digging out". :-)

Peace be with ya. Thanks for reading.
"I ain't no tourist!"

bobAugust 4, 2018 5:44 PM

@Phaete

"If someone does not want the norm, that's totally fine, but he/she should at least have the option and consciously decide not to."

Thats very libertarian of you... and i have a warm place in my heart for libertarianism, but it has its cons. The military knows it better than any other institution, probably. But even outside the military, everywhere, we limit our options not to follow the norm based on what we believe is moral. Cliché example, it is normal not to kill. Whats happening at the military is that an important group believes that what is normal in this scenario should change, because it is not moral. Because it ends up in killing, for example, and people should not have the option to follow the norm as it is.

My point is we love to tell other people what they should do, not nowadays, we've done it since the beginning of time. Even if and when we say we should not tell other people what they should do, we are doing it! We should embrace it, judging is inescapable and closer to what being human is than getting a job or a wife. And telling others what they should do is not only a necessary part of the social order, in one way or another its a necessary part of social interaction.

justinacolmenaAugust 5, 2018 2:31 PM

The military is an impossible place for hackers thanks to antiquated career management

They relaxed physical fitness standards. You are working undercover. How long does it take you to gather your personal computer gear and get off the property before you are "fired" -- yes, with a gun -- by the local mob associate gunning for that one kill in order to "make it" as a "made man" in the Mafia?

The model the author uses is military doctors.

That analogy limps. It went out on disability and it has to shut up so it doesn't end up in a wheelchair or die of some obscure medical condition.

PeteAugust 5, 2018 2:59 PM

"non-technical mid- and senior-level management"

In my experience, this is rampant in the civilian world as well.

However, we have better pay and minimal chance of getting shot at

Ross SniderAugust 6, 2018 1:00 PM

Hackers knew early in the development of the industry and technology that what they were building was radical and powerful. The early ethic was to democratize that power. Google once had the motto "Don't be Evil."

Bruce Schneier had some nice analysis where he extrapolated that, in the near term, new technology benefits distributed individual first. This is because of the cost of adaptation of large organizations versus the speed of change: individuals can adopt new power and technology faster. Over time, well-funded organizations are able to wield new technology and power much more effectively than individuals.

I believe we are past this turning point. From threat score surveillance to the surveillance economy, and from DARPA programs to mass propagandize social media to intelligence missions to overturn entire nations with fake social media (CIA's attack on Cuba with Zunzuneo, for instance), the individual is now outmaneuvered by large organizational forces.

A number of the old hackers still have a desire to bring power back to individuals. The military is likely to win over hackers who never knew that technology could be wielded more effectively by individuals, and struggle to hire hackers with the old cyberpunk democratic ethic.

justinacolmenaAugust 9, 2018 7:02 PM

@Doc

The whole operating philosophy of the military is based upon chain of command and following direction from superiors.

That's too superior, doc. You're getting a little too much rank there, because those lawful orders sure enough ain't coming out of the doctor's office. That's a bit too high and mighty even for the military.

In general, a strong body begats a stronger mind. Drugs simply arent a part of either.

Sounds like that Viagra you prescribed was not approved by insurance. That's the "begetting" part, isn't it? And you've got nothing better to offer. And those pretty female nurses under your orders? Yes, we are slowly putting the pieces of this puzzle together, doc, and it is not looking good for you.

https://www.fbi.gov/investigate/white-collar-crime/health-care-fraud/health-care-fraud-news

... and that's just the civvie cops.

WhiskersInMenloAugust 16, 2018 7:05 PM

Cyber Corp (USCC) sure. Heck it makes sense to me.

Space Force (USSF) Meh.
Some offshore uniform err. clothing manufacturing company could explain it
better than what I am hearing.

USCC uniform could save zillions with T-shirts and sandals -;)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.