U.S. Cyber Command overall is ahead of expectations in terms of bringing on personnel for its Cyber Mission Forces but even concerns about the potential of a government shutdown is off-putting to the workforce, Adm. Mike Rogers, commander of Cyber Command, said on Wednesday.
“Even if we don’t shut down the government, just the fact that we’re even getting this close, the workforce is very open with us about ‘I’m not so sure I want to be part of an organization where there’s this lack of control and I can’t count on stability.’ That really concerns me because I can’t overcome that,” Rogers told the House Armed Services Committee.
Rogers said, “the single greatest perturbation I’ve experienced with my workforce in 18 months has been that even the hint of a shutdown, in the last week I’ve had more agitation out of the workforce arguing this would be the second time in two years that we’re even having this discussion.”
The Defense Department is in the process of building up 133 cyber teams to carry out various missions. The department is “on track” to have these teams by 2018 as planned and “we’re doing well in our recruitment but as Admiral Rogers says any hints of shutdown or sequestration that will really set us back,” Deputy Defense Secretary Robert Work told the committee. That will be the “minimum necessary” force “to do our missions,” he said.
Rogers and Work both thanked Congress for legislation in making it easier for DoD to directly hire and better compete with the private sector for talent in cyber security and other areas by avoiding some of the usual hiring rules that the department has to contend with.
“As long as we can get them in fast and offer them the right wage, which the new authority gives us, I think we can continue in the right” direction, Work said. “They want to work the mission.”
So far, Cyber Command is having success in meeting its workforce needs, Rogers said.
“To date I would argue that at the mission force level the execution piece for us, we have been able to exceed our expectations both in terms of the ability to bring in quality people as well as retaining them,” Rogers said. He also said that while there is often a focus on technology, “at its heart” cyber security “is an enterprise powered by men and women and they are an advantage and that’s where we need to make sure we are getting really good talent.”
Some of the more high profile cyber breaches in the past year have been attributed to nation state actors. Nearly a year ago the U.S.-based entertainment division of Japan’s Sony Corp. was infiltrated by North Korean hackers and this spring the Office of Personnel Management was breached by a branch of China’s military.
Work said “human error” more often than not has been the issue in why these attacks are successful.
“Although our adversaries have very sophisticated capabilities in this regard, almost every one of these intrusions that have occurred have occurred because of simple operator error,” Work said. “They click on a spear-phishing attempt so we are going after that. That is the biggest problem we have right now is getting cyber hygiene better.”