Slashdot Mirror
US Military To Recruit Civilian Cybersecurity Experts
An anonymous reader writes The U.S. Army is to create a new cybersecurity division, Cyber Branch 17, and is also considering launching a cyber career track for civilians, according to an announcement made this week by Lt. Gen. Edward C. Cardon. Cardon, who currently heads the U.S. Army's cyber command, ARCYBER, spoke to the Senate Armed Services subcommittee on Tuesday about the growing threats and capabilities used in cyber warfare. He argued that creating a cyber career management field for civilians would result in an easier recruitment process, as opposed to recruiting internally and trying to retain the talent, he said. Cardon maintains that recruiting and retaining talent in the field is often challenging, given internal employment constraints surrounding compensation and slow hiring processes.
"Cardon maintains that recruiting and retaining talent in the field is often challenging, given internal employment constraints surrounding compensation and slow hiring processes."
Ah, internal employment constraints?
This is the same organization that will deploy a SEAL team with a suitcase of cash if the mission calls for it, and treat it like any other expendable item, and yet they can't seem to pull enough cash together to keep up with civilian pay rates.
Talk about your bullshit excuses out of the payroll department...I can't even count how many billions were "lost" in accounting. Ironically, neither can the US GAO.
I am often asked why I don't turn my skills to hacking, dig into systems, expose their flaws and leverage this to gain access to remote/local systems. Given my current skillset, its not like that would be very hard. In fact, I could produce tools that are much more powerful than any current reversing tools available on the web today.
So, what is it?
Firstly, let's be honest, it is money. I can make 3-4 times as much designing business systems than I ever could being a hacker for the government. This is why hacking is such an elite art, it is unprofitable for 99.9% of developers.
Secondly, most hacking is automated to various degrees. Entry level systems use botnets that download modules, whereas the big players use automated systems that write their own exploit code by probing and analysing source code. The latter is an approach used by the US government, so what these 'cyber warriors' are doing other than wasting tax payer money is a very important point to consider. A high-end AI would outclass millions of humans and a cyber-warfare unit would be no match against such a system. It should be obvious that these guys are not hackers. So, this is either political pork, their role will mainly focus on online propaganda. The latter seems to be the real purpose of these cyber warriors.
Finally, cyber warfare in any conflict is the least of anyone's concern. Anything critical would be unplugged from the web during the build-up to any serious escalation that could threaten the nation. That's only common sense. So, what's left? PR and propaganda.
So, expect a lot trolls driving online conservations and voting systems in line with US agendas and a loss of a democratic voice online.
Just look at how well hiring external contractors worked for the NSA!
Look, the military only works if it's staffed by the brainwashed, because its primary goals are not beneficial to humanity.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Is this actually news when it's so vague it doesn't really say anything at all? They may be considering something?
Why not just keep hiring short-term temp consultants like they're doing now?
By definition, a special forces team is doing something that cannot be done any other way. So of course they have access to whatever they need... otherwise people die.
Civilian employees (and this is not outside contractors), in contrast, are basically tied to the same government hiring processes as the IRS or the Fish and Game department.
I counted 7 'cyber's
Stop Microsoft operating systems from connecting to the internet.
This is my opinion based on what little I know and understand of the rumors and lies Thanks, Randal
This is a system that will work for a very big difference in how hiring just any ol tom dick or harry cybersecurity guy. You find those disillusioned ex-mil folks who are classically trained in cyber warfare (through either previous experience in that field) AND who have been in a military service component of some type. They will be easier to 'bring into the fold' of daily business while still exceeding the technical requirements and demands of such a mission. They won't care what the mission is, but they understand that the mission is what is is, and must be accomplished. Marry that with a strong technical background, and you have someone that wild deliver the capabilities you require, even if they don't care why. If they don't actively hold any of the mission objectives as opposing viewpoints you are golden.
OMG facts!
In other words, pay rates will ensure that the government will get what's left after the best and brightest have been hired by the free market.
Ok, so in other words, business as usual.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So, enemy combatants then.
The Seals are part of the Navy. And due to Sequestration, the Army will lose about 70,000 shortly.
The problem with accounting is indeed a problem. One doesn't not wave a magic wand and declare there to be accounting. DoD is vast, and they've never had a real audit. Their first real audit is coming due shortly, it took them years to prepare for it because new accounting systems had to be built to handle it.
And when it comes to money wasted, the biggest problem is Congress. DoD figures it has about 25% more physical plant than it needs, but it cannot cut it because it requires closing bases in congressional districts and Congress won't let them do that. They do go though a BRAC process about every 5 years and whack what they can, but Congress won't let them whack enough.
That said, the Air Force is easily the most stuck in the past. Their whizzy new planes are more or less overkill for Daesh. The A-10 is perfect for that, but the Air Force is tasked with countering China and Russia which have been putting money into advanced airplanes. Both have been putting new money into just about everything. This bodes trouble for the U.S. and the Biden Doctrine of bending over first, thinking if they see our a-holes, they'll realize we mean then no harm. So we get the Ukraine problem and China building a new island and new airstrip in the S. China Sea 1000 miles from any Chinese territory. The U.S. does nothing because the Biden Doctrine declares that if we smile a lot, the rest of the world will like U.S....unfortunately for the U.S., its allies that rely on it won't. So they too are starting to spend more on defense. The end result will be a lot of powder kegs splattered across the world that could go off for stupid reasons because men do stupid things. And that will force the U.S. defense budget higher in the long run, presuming the U.S. doesn't take one in the neck because it ignored an existential threat (N. Korea nuking LA, Iran nuking Washington (they are able to put satellites in space which you need to send one to Washington, etc.).
All Cybersecurity guys I know will not tolerate testosterone fueled chain of command bullshit that is the backbone of the US military.
Exactly how do they think they will control and indoctrinate these people? Most are smart enough to know that most of the problems are CAUSED by the United States, and when ordered to do something unethical, they will say "go to hell"
So I am guessing threats of imprisonment is their motivator?
Do not look at laser with remaining good eye.
Until you guys stop complaining about government and make it cool to join and help, yea.
...try doing "cybersecurity" for the Army. It is truly suicide inducing. Source: been there, done that.
Asshole Officers are the issue. You can't pay me enough to work there. Well, perhaps you could $300K - yes?
My conscience is another issue. I've read the US Constitution, including the bill of rights. I've also read the bible and quran and have studied Buddhists traditions. I feel that spying is wrong. If we are at war - fine. Until war is formally declared, infiltrating any other organization - inside or outside the USA is wrong.
I come from a military family. Dad was a pilot and I saw him being an asshole to lots of subordinates. After he retired, it took about a year before he became a nice man again.
Getting fucked over and not being able to support a family? Badass!!
presuming the U.S. doesn't take one in the neck because it ignored an existential threat (N. Korea nuking LA, Iran nuking Washington (they are able to put satellites in space which you need to send one to Washington, etc.).
Those aren't existential threats, in fact, if you timed the hit on DC right, you'd probably get rid of the worst problem America has in one fell swoop. Or you'd just piss off America and get it riled up and ready to smash face, like taking a swing at Rocky. Sure, it might seem like you've done harm to the champ, but then you realize there's a freight train of hurt coming your way and there's no charge for delivery.
Do I need to remind the government about TARGET, CHASE AND ANTHEM? I'm sure they were being protected from civilian cyber-security experts.
I'll start asking what I can do for my country instead of what it can do for me when government and industry lead as examples. I'm not your fucking Boxer.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Its worse then what he describes. Currently the NSA / USCYBERCOM will try to hire graduates from college at at GS-9. That is 45k to 55K a year. For all but the Air Force, the new hires are being stationed at NSA Washington, meaning they will be trying to make due, and start their families at this salary, paying off student debt (NSA does not participate in the federal student loan forgiveness program), and save up for a house. In this area a cheap one bedroom apartment can run you around $1500 a month.
That same person can leave and go work for a federal contractor or commercial company in the same area demanding the same skills for over $100k. So I ask you -- Do you need to work for USCYBERCOM as much as USCYBERCOM needs you?
Government employees are typically better paid then their private sector counter parts.
The exception is high demand labor of any kind. Someone able to run a company as CEO is going to get more money in the private sector than in the government's employ. However if you're a paper pushing cubical monkey then you will get better pay and job security in the government.
The issue is whenever people say the government should play some employee more they tend to mean ALL of them. And that's neither reasonable nor sustainable. The result is that you over pay for low to middle skilled people and then under pay the top talent.
yes yes... no big pay discrepancies are politically incorrect these days. It doesn't matter. The guy I'm talking about can turn your job down and go to the private sector and make more money. The cubical monkeys working for the government can't do that. They'll be paid worse in the private sector because the government is typically over paying them. There is a reason that the area around Washington DC is the highest income growth sector in the country, has the strongest realestate market, and is generally the healthiest economy. All those office workers are being paid better in DC than anywhere else in the country.
And here some bright spark will say "well then why don't we do that everywhere!"... the answer being that it isn't especially sustainable only doing it at the level it is already done at... expanding it beyond this point is a little like saying "that shot of heroine was good, lets double it!"... what could possibly go wrong?
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Having been in the military, and then as a contractor on TS level projects, I can confirm your first few points. The Military is often made out to be the problem child by the left, but in reality the Military WANTS to cut spending in areas where there is massive waste. Congress won't let them. So they have to cut spending on stupid shit like office supplies and people. Weapon's programs and facilities rarely get cut due to Congressional pressure to keep jobs/money in their districts/states. That is why when the Berlin wall fell it was so damn easy for us to massively scale back our presence in Europe, but stateside it has been very very difficult. When Robert Gates asked to end F-22 orders because we didn't need them, Congress told him "No, your going to buy those damn planes and you're gonna like it!" Instead, we cut military personnel and anything that doesn't involve lucrative contracts.
If you don't get the employees you need for other parts of the organization to work properly, then people die (because the military missions fail). You don't get the employees you need if you don't pay enough.
The exception is high demand labor of any kind. Someone able to run a company as CEO is going to get more money in the private sector than in the government's employ.
I don't think we're talking about overpaid suits here, we're talking about engineers and other technical people. The government is not known to pay them well either.
All those office workers are being paid better in DC than anywhere else in the country.
So basically a bunch of incompetent paper-pushers are being given largesse by the rest of the nation, and the economies in the rest of the nation would be better off if they seceded from the federal government, since they wouldn't have to spend so much funding all that waste?
Most "cybersecurity experts" probably want nothing to do with the military. Look at the average set of comments from any Snowden leak and you'll find that anyone you would want doing this kind of work has a real problem with authority. In the military, authority is what you get. No matter how high up the food chain you are, there's always someone telling you what to do. Combine this with mandatory combat training, mandatory physical fitness testing/standards and tons of bureaucracy, and you have a job that people don't want to do.
This is in addition to the fact that government/military pay scales are incredibly rigid. Government can't compete with the highly paid "elite cybersecurity firm" jobs that involve flying around the country giving PowerPoints to executives and collecting six-figure fees. To join government service or the military, you need to have a sense of service, and the willingness to stick it out until the end to get the actual benefits (a real pension, job security, etc.) Without trying to offend, volunteer military service looks to be a good way out for someone who has very few other opportunities. But with the civilian option, the Army might be able to attract people who can't live with the other restrictions that a military career comes with.
The only thing I can see going wrong is that this will just be an excuse to hire idiots from Accenture, CSC, IBM and the usual suspects. Lots of government contracts end up getting messed up by inserting an expensive consulting firm in the middle.
It doesn't fucking matter
Jesus Autistic Christ. >__
The point was "high demand labor"... which includes anyone that has special skills that are not easily trained to acquired in the market.
I gave an example a CEO because that is the most extreme example. But that same example also works for medical professionals, computer professionals, engineering professionals, scientific professionals... and anyone else that has skills that are rare in the general population.
The problem is that the government has pay grades. Fixed tiers of compensation. Those tiers work fine for most people. They're fucking useless for anyone exceptional that must be paid significantly more.
In regards to you absurd strawman that I'm suggesting we secede from the government because there is some waste and incompetence in the government... is that really the only option you're capable of accepting? So in your mind, I either have to accept anything the government might do... and amount of incompetence... or I have to secede? Really?
Please quote the bit where I said we should secede from the federal government. Quote me, bitch. I said that no where. What is up with the fucking straw men today? Seriously? Can none of you fucks make a coherent argument without misrepresenting your opposition?
I'll tell you what. I'll defend seceding from the federal government if you defend your rampant pedophilia. Tell me why you keep supporting bestiality and necrophilia.
No where in your post did you say anything about that. But apparently that isn't required for me to pretend that you did... by your own fucking example.
You owe me apologies asshole. You won't offer them... which will just mean you're a degenerate... to which I'll just say eat all the dicks. Every last one.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Soldiers have the up or out rules that limit there you don't want to lose a good tech guy who does not want to go management or be forced out of the unit due to there rank being to high.
It needs to be civilians based. Also some tech people may have a hard time with boot camp and I not just talking about the PT part of it. Also people with disabilities who can do a desk job but can't do boot camp as well.
This supports my theory that for any group of special talents within an organization that involves digital, there are WAY more people outside that organization than within it and that statistics demands that the odds are that that outside population has a whole lot more smart people.
There are WAY more people who are not military. Among those extant, there WILL be some people who are more talented than the military. Those people either have jobs or are making money as black hats.
The military recognizes that, but they are making a huge mistake. People outside the military are not as gung-ho on the patriot bullshit and are liable to do what's in their best interests or just for lulz.
It little behooves the best of us to comment on the rest of us.
So of course they have access to whatever they need... otherwise people die.
Their job is to make people die. Never forget that.
The A-10 was designed from the ground up to do only 1 thing well: suicide into soviet tank fleets at the onset of WW3. That's why it has the cannon - there wasn't going be enough time to re-arm during the critical first few days. But several things happened while it was on the drawing board: tank armor got thick enough to render the gun worthless, smart bombs passed their trial by fire in Vietnam with flying colors, and anti-air weaponry became terrifyingly potent (as the Israelis learned in the Yom Kippur war). It basically made the A-10 obsolete as soon as it rolled off the assembly line.
It can *kind of* be pressed into service as a close air support (CAS) platform, but its slow, the cannon is massive overkill against infantry or unarmored vehicles, and its so vunerable to anti-air they had to be kept behind the lines in the later stages of the *Gulf War* (let alone a more modern conflict) to avoid being shot down. Its one advantage is loiter time, which really isn't worth spending ungodly sums keeping it running in an era of drones.
The reason Congress wants the A-10 is the same reason the Navy wanted battleships in WW2: They're idiots unwilling to acknowledge what's "awesome" and what's actually effective are two different things. But considering you're seriously suggesting aggressive military attacks on nuclear-armed states(Russia, China), I think you're one of those "Looks matter more than effectiveness" idiots.
The Government, and the Military as a whole, has several problems when it comes to hiring and retaining talented network/IT/etc security people. Much of that is endemic to it being the government and military, as others have noted, and I won't belabor those (valid) points.
What this seems to be largely about though is restructuring their internal codes. Pretty much every job in the military or government, civilian or otherwise, has a particular job code and career field, from park ranger to law enforcement to, yes, Special Forces (which is 18 series for the Army). When they talk about "Cyber Branch 17" that's what they mean, it's the designation for that series of military occupational specialties (MOS), just like 11 is infantry, 12 is combat engineer, etc.
Now, on the civilian side, one of the problems the government in general has had is that they don't/didn't have a career field for "Cyber." Everyone that I met was being shoehorned in either as an Intelligence billet or as a general IT billet, neither of which apply quite correctly, as IT Security has focuses and training that would not apply to the majority of the jobs previously classified as those fields, at least in the sense that the Government does. Someone might have 10+ years of experience as either, but know absolutely nothing about advanced IT security.
That's the reason I got out. If they still had this I *might* have stayed in longer. They gave me a direct order to go to the NCO academy because I'd refused previously 'offered' slots and I was the senior E-4 in my brigade. So, I attend, kick the shit out of the course (which is not difficult for your average slashdotter if they're in decent shape) coming in 2nd out of 110 losing out to a US Army Ranger with an electrical engineering degree (yes, he was enlisted, no, he didn't give a fuck about being an officer... he just wanted to be a commando for a few years; I guess it was on his bucket list). The one thing they couldn't order me to do was to 'volunteer' for the promotion board, which pissed them off. To add insult to injury, my unit somehow managed to ensure that my reenlistment NCO got to see me monthly for the last year of my hitch (I had signed a six year contract to get a very nice MOS and a TS clearance).
I agree with your sentiment on civilians, but as another poster put it, many CS/engineering security types have a problem with authority. I worked for not only NCOs but commissioned officers who were functionally illiterate (and no, I'm not saying this because I didn't like the army). Come off a college football scholarship and you're not going to get picked up to go pro? What do you do? Oh yeah, there's OCS (if they hadn't been in ROTC already). I strongly dislike working for stupid people, and the military is chock full of them. Don't even get me started on the affirmative action promotion folks I'd worked with.
The bottom line is, if you're going to enlist at some point you *will* be in charge of people and not playing with security in a lab, conducting pen testing, auditing, or remediating. If this is *not* your bag then you might want to think it over.
The problem is that the government has pay grades. Fixed tiers of compensation. Those tiers work fine for most people. They're fucking useless for anyone exceptional that must be paid significantly more.
Why? Regular large corporations do pretty much the same thing with their engineers, and it works fine. They have "Engineer I", "Engineer II", "Engineer III", "Senior Engineer I", "Principal Engineer", etc. When someone gets promoted to a higher level, that puts them in a higher pay grade. Yeah, the corporations have pay ranges for those positions rather than fixed, exact dollar amounts, but the principle is the same. The government could do exactly the same thing.
No, this won't work for positions which are entirely up to negotiation. Most technical positions do not need to be like this. They just need to have pay grades and actually pay competitively with private industry.
Quote me, bitch. ... Can none of you fucks
Yeah, that's a great way to converse with people. Do you talk this way at work?
It's a cute reference to the fact that the 'hacker culture' is full of dope smokers, transvestites, leftists, etc; and the security clearance process itself (if they would even be allowed through it) turns them off so much that the best people either don't apply or are easily hired away to commercial companies (ie: san francisco startups). And in all honesty, having an employer that doesn't give the slightest shit about your personal life makes you far less bribe-able than one that has a lifestyle gauntlet to get in and makes examples of people who get into small troubles after they are through.
The military comes up with lame names.
"Nationalism is an infantile sickness. It is the measles of the human race." -Albert Einstein
Soldiers have the up or out rules that limit there you don't want to lose a good tech guy who does not want to go management or be forced out of the unit due to there rank being too high
Probably the best solution if they insisted upon the new "cyber warrriors" being a member of the service would be direct appointment as warrant officers. There is less focus on up or out and the rank is specifically designated as a technical position so there is no risk of being forced into management like with the higher enlisted and officer ranks.
Of all tyrannies, a tyranny sincerely exercised for the (supposed) good of its victims may be the most oppressive
The tiers in corporations are more guidelines. In the government they're pretty inflexible. Which is what the DoD is saying.
If it were really the same then the private sector would enjoy no competitive advantage over the government for competing for top tier labor.
They do. The tier system works quite well for the majority of labor... if anything it over pays most people dramatically. But for top tier labor it underpays them and so they don't accept the job.
As to you eating every last dick, you are attempting strawmen and neither owning up to it or apologizing. So better get whatever your favorite dick eating sauce is because you have a lot of work to do.
You said this:
""So basically a bunch of incompetent paper-pushers are being given largesse by the rest of the nation, and the economies in the rest of the nation would be better off if they seceded from the federal government, since they wouldn't have to spend so much funding all that waste?""
Quote where I said we should secede from the US government over this issue.
Or apologize for attempting a STUPID straw man.
Or enjoy your bottomless buffet of dicks for being a degenerate.
I even explained why your strawman was unacceptable. You totally missed it all. Could I suddenly in the middle of a conversation start to demand you explain your rampant pedophilia? Not legitimately. But if anyone is allowed to just make up fucking anything even if the other side said nothing about it then that would be as valid as anything.
Repent. You fucked up. Admit it. I will accept your apology and we can move forward. Being proud with me here is not making you look strong, it is making you look dishonest. You fucked up. Own it. Or you've earned your bottomless bucket of dicks.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
That's a load of crap, front to back.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
So are gays allowed? Am I even allowed to ask that?
You have to be kinda gay to join the Army, so yes!
By definition, a special forces team is doing something that cannot be done any other way. So of course they have access to whatever they need... otherwise people die.
Civilian employees (and this is not outside contractors), in contrast, are basically tied to the same government hiring processes as the IRS or the Fish and Game department.
By definition, you're a complete idiot. There are other was of getting things done that doesn't involve special forces. They might not be preferred, as easy, or as simple but the same task is resolved. The concept of special forces is came about in the 20th century primarily after WWII.
Firefighters don't get whatever they need...otherwise people die.
Quit with the special this, for special people bullshit.
The British Army has had a civilian cybersecurity unit for years: Land Information Assurance Group (LIAG)
http://www.army.mod.uk/signals/25564.aspx
By definition, a special forces team is doing something that cannot be done any other way. So of course they have access to whatever they need... otherwise people die.
Civilian employees (and this is not outside contractors), in contrast, are basically tied to the same government hiring processes as the IRS or the Fish and Game department.
And as long as they treat an elite hacker the same as a fucking fish and game warden, they'll end up with the same lack of talent they have today. And they'll be here again next year, trying to recruit, just as they were a decade ago at Black Hat.
Ironically, they don't consider a good hacker as a tool that can get things done that cannot be done any other way...
"And here some bright spark will say "well then why don't we do that everywhere!""
Keep on setting up and knocking down those strawmen. You'll be right eventually.
I think the biggest question here, is that if something awful happens to you, will your /. username then be ironic?
You being so inflammatory for seeming no reason "Jesus Autistic Christ. >__" really speaks volumes about your worth to a given community or even as a human in general.
The purpose is to recruit humans to be improvised explosive devices for exploitation by USA Joint Chiefs of Staff Generals.
As one Joint Chief of Staff General said in the urinal, "blowing up a dog in a market and achieving 500 dead is child's play".
Put my post on pastbin because /. was rejecting the post for no reason.
http://pastebin.com/EazdNjdG
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.