Pentagon to add thousands of new cybersecurity jobs
If a move to deal with growing cyberthreats is to reach it goals, the Defense Department must seek innovative ways to find talent, expert says
Computerworld - The Pentagon is planning to expand its cybersecurity force nearly fivefold over the next several years in a bid to bolster its defensive and offensive computer capabilities.
The plan is to add about 4,000 more military and civilian employees to the existing 900 staffers in the Defense Department's Cyber Command, the Washington Post reported today, citing several unnamed sources.
The planned expansion is in response to growing threats against critical U.S. assets in cyberspace, a defense official told Computerworld on Monday.
"As Secretary Panetta stated in his cyber speech last October, we are faced with an increasing threat of a cyber attack that could be as destructive as the terrorist attack on 9/11," the official said. "The department recognizes this growing danger and is working with a sense of urgency to put the right policies and structures in place to enable us to carry out our role."
The official said the Department of Defense will work closely with U.S. Cyber Command and the Combatant Commands to develop an "optimum force structure" for dealing with emerging cyberthreats.
The goal is to create three separate types of cyberforces each tasked with specific roles and responsibilities. The cyberforce structure will include Cyber National Mission Forces, Cyber Combat Mission Forces and Cyber Protection Forces, the official noted.
The national mission and cyber protection forces will focus on addressing threats to critical infrastructure targets and DoD networks, respectively. Meanwhile, the combat mission force will be responsible for planning and executing offensive operations and attacks in cyberspace.
"While the basic cyberforce structure model is clear, the implementation plan to achieve it is still being developed and is predecisional at this time," the official said.
The planned expansion comes amid heightening concerns about U.S. vulnerabilities in cyberspace. Many believe that the U.S. is already in the midst of an undeclared and mostly unseen cyberwar directed against it by unfriendly nation states and well-funded and highly organized criminal gangs and hactivist groups.
Countries like China and Russia are well ahead of the U.S. in terms of having cyberforces of the kind that the Pentagon is trying to build up, said Alan Paller, director of research at the SANS Institute. The challenge for the DoD will be to find enough qualified cybersecurity professionals to meet its ambitious expansion plans, he said.
"The key to putting the 4,000 in perspective is that every other critical part of the economy also needs the same people -- banks, power companies, telecom, defense contractors, civilian and state government and hospitals," said Paller.
But while the hunger for cybersecurity professionals with advanced skills is very real, the supply line is near empty, he added. If the DoD wants to meet its expansion goals, it will have to find innovative ways to find talent, Paller said.
He pointed to a program recently launched by New Jersey Gov. Chris Christie as an example of the kind of approach the DoD needs to take to find talent. Under the new Cyber Corps Challenge program, the New Jersey state government invited veterans of the U.S armed services and others to compete for spots in a community-college-based cybersecurity training program and six-month residencies at banks, the FBI and other organizations.
"China has been running competitions and training programs that work well in every... district since at least 2003," Paller said. "Russia set up its first advanced school in 1994. We are way behind in quantity and quality."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is email@example.com.
See more by Jaikumar Vijayan on Computerworld.com.
- Cyberattacks could paralyze U.S., former defense chief warns
- Syrian Electronic Army shanghais Microsoft's Twitter account, blog
- Is French outrage against U.S. spying misplaced?
- Lawmakers seek answers on Obamacare Data Hub security
- China-based hacking group behind hundreds of attacks on U.S. companies
- How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
- New York Times site outage caused by attack on domain registrar, company says
- Cyber drills like Quantum Dawn 2 vital to security in financial sector
- Quantum Dawn 2 will test Wall Street's cyber readiness
- Pentagon accuses China of cyberattacks on U.S military, business targets
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts