Lawmakers have approved some sweet pay packages in hopes of enticing hackers to join the ranks of the U.S. military. But congressional researchers say human resources staff are unaware of the new incentives.
Now, the Senate Armed Services Committee is considering additional legislation to mandate that HR employees staffing the 6,200-person force be instructed on how to make a deal.
In November, Obama signed a 2016 defense authorization bill providing, among other things, "additional compensation, incentives and allowances" to fill Cyber Command job openings related to cyber operations and spots elsewhere in the military that support the entity. In addition to permitting pay flexibility, the law fast-tracks hiring.
The “Cyber Command Employment Personnel Training Act,” introduced earlier this month by Sen. Mike Rounds, R-S.D., aims to ensure employees involved in hiring cyber talent know the enticements they can extend to compete with companies dangling six-figure salaries in front of young candidates, an aide for the senator told Nextgov in an interview.
For a year, Pentagon officials have said the CYBERCOM workforce is half full. The command had aimed to operate 133 "Cyber Mission Force Teams" at initial operating capacity across the branches by this year. The goal has been to reach full operational capacity by 2018.
One set of teams assaults adversary networks. Most of the others protect U.S. military data systems and others, when directed by the president, will quash cyberattacks headed for the states.
Rounds crafted the legislation after learning of cyber workforce issues from staff at the Congressional Research Service, a legislative branch agency sometimes called Congress' brain.
The laws on CYBERCOM recruitment and retention "do not include provisions to require human resources staff to receive training on the availability, structure and operation of cybersecurity hiring and pay flexibilities," research agency analysts Kathryn A. Francis and Wendy Ginsberg said in a Jan. 8 report. "Training might allow staff to better understand when and how to use the flexibilities."
The measure to require cyber HR education, introduced Feb. 2, is expected to be inserted into the Senate Armed Services Committee version of the 2017 defense bill, said the aide for Rounds, whose constituents include students at the National Security Agency-accredited Dakota State University center of academic excellence.
The cyber personnel inducements were modeled after those long extended to Pentagon intelligence staff and are similar to perks Congress offered in 2014 to Department of Homeland Security cyber pros, according to an explanatory report accompanying the existing legislation.
Enhanced compensation packages in the military currently include, for example, cash bonuses based on performance and relocation incentives.
It is unclear what kinds of incentives HR personnel currently are offering information security specialists or if the CYBERCOM workforce has surpassed the midway point.
When contacted by Nextgov, a Defense spokeswoman declined to answer specific questions but pointed to remarks made by Defense Secretary Ash Carter at the Harvard Institute of Politics, where he said one allure of military service he would like to promote is the flexibility of the entire career trajectory.
I want people who can come in and out," said Carter, a former Harvard Kennedy School professor. "Likewise, for our people who are in, I want them to have the opportunity to go out and get an education, or to serve in a company for a time, to see what the rest of the world is like. Because the government is important, but it can be isolating. And so, you want to get out and see how the rest of the world is doing things. That'll refresh our organization, that'll enliven our organization."
The Pentagon’s fiscal 2016 budget sought $500 million for CYBERCOM military personnel. Next year's CYBERCOM-specific funding proposal has not been released publicly yet. The top line figure for 2017 Pentagon cybersecurity spending is $7 billion.
An internal watchdog has suggested resource constraints are hampering the buildup of hacker troops.
DOD's Office of the Inspector General has published multiple classified audits on the Cyber Mission Force Teams. The title of one of the audits dated Nov. 24 is "Cyber Mission Force Teams Need Resources to Perform Missions."
Prior to that, the office published a title dated April 30, "U.S. Cyber Command and Military Services Need to Reassess Processes for fielding Cyber Mission Force Teams."
On Tuesday, The New York Times revealed the Obama administration scuttled a plan to use the cyberstrike force in Iran. CYBERCOM would have executed an attack to help disable parts of Iran's power grid, air defenses and communications systems, had a multilateral nuclear deal not been reached last summer, according to the Times.