You probably don't watch the House Committee on Science and Technology's Subcommittee on Research and Education, but IT nerds like me do. Every once in awhile something pops up that is worth noting, and potentially worth serious consideration. On Wednesday the subcommittee held a hearing on Cyber Security R&D, and in her opening statement Dr. Anita D’Amico, Director, Secure Decisions Division, Applied Visions, Inc. highlighted an article by Lt. Col. Gregory Conti and Col. John "Buck" Surdu in the Spring 2009 IA Newsletter titled Army, Navy, Air Force, and Cyber—Is it Time for a Cyberwarfare Branch of Military?
That is a very thought provoking article.
In her testimony, Dr. Anita D'Amico echos the point of the article.
The DoD faces other educational challenges that are somewhat unique to their organizational model. In fact, there are two characteristics of the DoD model that work together to make things quite difficult: incoming technical staff are more often chosen by aptitude than by experience, so that training must start at the most rudimentary level. And, the military tends to rotate people through posts on a regular basis, so that once they achieve some level of competency in cyber security they are likely to be transferred to some other discipline. This is further exacerbated by the fact that technical positions - such as Computer Network Defense - are not known to be a path to advancement (as opposed to traditional combat roles), and hence suffer high turnover.The testimony was thought provoking for me, as if 100 anecdotal stories that I have seen in my own career in cyber security was confirmed and expressed in front of Congress, and when I read the article I think there is a powerful idea being promoted there too.
Conti and Surdu cite these challenges, among others, in their rationale for creating a fourth branch of the service - a peer to Army, Air Force, and Navy - to take on Cyberspace. This has cultural significance. They propose that top-notch cyber talent will clamor to join a service where cyber excellence is viewed as a path to advancement, and where just being a member of that service is a point of pride (as the Marines have achieved with their image as "The Few, The Proud..."). They observe that many young technically-talented individuals make critical decisions in their formative years that influence the direction of their lives. Perhaps the most important decision made by these rising cyber stats is whether or not to engage in illegal activity, like hacking. Creating an elite cyber organization, complete with positive role models, will give these people a chance to make the right choices in their lives.
Dr. D'Amico's testimony is here (PDF), and the IA Newsletter article can be found here (PDF). It is more probable that turf wars in the military services today will block the creation of this much needed military service, and basically everyone in 2009+ will act like the Army before 1947 when Congress created the Air Force, but this is a very necessary evolution.
I do wonder if it will take a major cyber security event, one resulting in multiple deaths or defeat on the battlefield before the DoD pushes for this. We already know this is where our competition is moving.
Posts
