As cyber attacks on corporations and other institutions increase, the US Army is looking to increase its force of “cyber warriors” to guard against these threats.
In her House Appropriations defense subcommittee testimony, Army Secretary Christine Wormuth asserted that the service must work to close its “vulnerability gap,” explaining that the army has learned valuable lessons from the Russian invasion of Ukraine.
She stated that “the information domain is incredibly important, and the force that can dominate in the information space I think will have the advantage in future conflict.”
The source of greatest strategic concern is the potential for “major cyberattacks on infrastructure.” She cautioned, however, “I think that is something that we can expect in the future.”
She made the remarks at a hearing concerning the US Army’s 2023 budget request.
“We’re looking a lot at how can we shore up vulnerabilities, whether it’s with our suppliers or in our own networks, to make sure that we’re not vulnerable to attacks,” Wormuth said.
Recruiting More ‘Cyber Warriors’
Wormuth expressed that the service has been at the forefront of developing its cyber capabilities and is committed to further expansion. However, she said that the military faces “stiff competition” from the more lucrative private sector.
One possible solution she proposed is exploring the “excepted service provision” allowing the government to hire highly-skilled people while circumventing “the lengthy competitive hiring process.”
The service is already actively searching for soldiers currently in the army whose cyber and coding experience have not been identified previously.
US Army Chief of Staff Gen. James McConville relayed how this alternative recruitment identified a combat medic who had “exceptional coding skills.”
“He codes at the Ph.D. level, and we want to be able to credential that capability, no formal training, because of his skill set,” he said, emphasizing that more such initiatives and incentives should be developed to keep such highly-skilled personnel in the US Army.
Military Cyber Defense Exercise
The US Army testimony took place following a recent cyber defense exercise conducted by the US Air National Guard.
Personnel from the 275th Cyber Operations Squadron trained in “internal cyber defense using a non-classified internet protocol router network (NIPRNet) designed to avoid usual scripted training scenarios” at Wayfield Air National Guard Base in Maryland.
Air National Guard personnel “collected and analyzed more than 1.7 terabytes of data across 161 NIPRNet client and networking systems within 96 hours. They were tasked with searching for anomalous activity and determining if there was a misconfiguration or a genuine threat to remove.”
Training participants uncovered “121 unique installed applications, 526 unique hashes from 51 entry locations, and 4,640 unique file paths.”
The team regarded the exercise as very valuable in developing “a more prepared cyber unit,” enhancing its interoperability with federal, state, and local law enforcement, crisis management agencies, and other branches of the military.