Brig. Gen. Dennis Crall, the Pentagon’s senior cyber policy adviser said Wednesday that the Department of Defense is planning to roll out the final authorities of the Cyber Excepted Service program over the next few months to address persistent problems in retaining cyber personnel.

Lawmakers from the cybersecurity and personnel subcommittees of the Senate Armed Services Committee pressed Pentagon cyber officials on the need to correct the issue in order to best implement new national strategies calling for a more aggressive approach in the domain.Aerial view of the Pentagon, Arlington, VA

“I am concerned that the current recruitment, pay, retention and career pathway structures in place are not equipped to manage this problem,” Sen. Mike Rounds (R-S.D.), chairman of the cybersecurity subcommittee, said. “And an ongoing concern of the subcommittee, which I’m sure the department shares is that we preempt a hollow cyber force and that we have a cyber force that is adequately staffed and equipped and has the necessary tools, targeting capability and development capability to respond to operational needs.”

Crall said half of the Cyber Excepted Service authorities that Congress first gave DoD in fiscal year 2016 have been implemented and the department plans to roll out the remaining priorities over the next 30 days.

Cyber Excepted Service was instituted to give the Pentagon greater flexibility in recruiting skilled cyber personnel outside of the USAJobs platform and retain the workforce with higher pay.

The new authorities DoD will implement include building in an increased payscale and greater retention bonuses, as well as addressing security clearance issues to speed up the hiring process, according to Crall.

The next phase of Cyber Excepted Service will look to create 8,300 cyber personnel roles across the Pentagon, an increase from the first phase’s goal of 363 jobs.

The White House and DoD both released strategies last week easing rules on offensive cyber operations (Defense Daily, September 20).

Rounds said a concerted DoD effort to address problems with retaining personnel will be required to maintain a level of operational readiness for Cyber Command needed to implement the new strategies’ approach.

“I am hopeful this new policy will enable the Department of Defense to act more nimbly and effectively to counter and deter our adversaries ongoing cyber attacks on the United States, attacks conducted with virtual impunity,” Rounds said.