The recently released 2016 Defence White Paper prescribed a re-balancing of 1200 Australian Public Service positions to be generated to support growth in intelligence, space and cyber security across Defence. The Army, RAN and RAAF continue to grow their respective service cyber capabilities under the umbrella of the VCDF Group’s guiding strategy.
The APS and Services will naturally compete with each other for the skills of an already constrained pool of specialist cyber operators, managers, planners and executives in Australian society. Further, Defence competes with other government departments employing cyber security specialists. Importantly, the Government is presented with the challenge of making itself attractive to the best of the available pool against the private sector.
Noting these challenges, how do the Services get the best and brightest cyber experts to wear a uniform as opposed to a suit?
Defining the Defence Cyber Operator
The answer lies in describing what a cyber expert would do in a uniform. Defence needs to explain the breadth of tasks required of each level of expert in the cyber hierarchy. In turn, those tasks (and rewards) which are unique to a uniformed member need to be highlighted and promoted. Lastly, discussion on the cyber specialist skillset and job description requires a rethink; the veil of secrecy needs to be lifted, even if ever so slightly.
The Services have undergone significant change in recent years regarding cyber workforce structures. These reflect the requirement each Service sees of the personnel aspect of their cyber capability. Personnel profiles for management, planning and executive roles are somewhat self-explanatory. However, defining the breadth of tasks for a gifted cyber operator “at keys” is the crucial component. One would expect a range of required defensive and offensive skills targeting both standalone terminals and the interconnected devices comprising computer networks. How does this differ from an APS Defence recruit who doesn’t need to wear a uniform? How does a cyber skill set translate into the Profession of Arms?
At the moment, internet-connected devices (computers, routers, servers, access points, etc) are targets of both the uniformed and the suited; tactical battlefield networks are primarily the playground of the uniformed. Due to their military nature many of these networks are not required to be internet-connected. Whether physical infiltration to plant a rubber ducky, or use of high-powered antennae to target an adversary’s WiFi-based LAN, uniformed cyber operators are a combat multiplier in conventional and special operations. Operations in the battlespace which protect our closed networks and target the adversary’s closed networks will become increasingly crucial as digitisation and automation engulfs the modern battlespace. Consequently, we can expect less internet-connectedness in military and intelligence networks and a greater reliance on uniformed operators.
Targeting an adversary’s closed network will require niche offensive cyber capabilities and operators skilled in their use. In order to get cyber operators to wear a uniform, Defence needs to be more realistic about the offensive cyber tasks each of the Services would expect them to carry out. After years of assumed offensive state-sponsored cyber operations being carried out by China’s PLA Unit 61398, admission was given in 2015 that these actions occur. In August this year the Director of US Cyber Command proposed the development of “loud” cyber weapons to blatantly alert an adversary that the United States is owning their system. There is merit in advertising the strength in one’s offensive cyber ability. It is time for Defence, and the Services, to open the door a little further on the offensive cyber tasks that their uniformed personnel carry out.
The Cyber Pond: Small and Competitive
Cyber personnel live in a small pond and are few in number. Highlighting those tasks which make uniformed cyber operations unique in the wider cyber community will make the camouflage lure shine the brightest. The Australian Centre for Cyber Security has committed to improving uniformed cyber operations through provision of short courses for both ADF personnel and civilians. It will continue to be an essential hub for academia, industry and the ADF to interact, educate and promote cyber operations and capability growth. Military careers can be presented as an attractive option to civilian undergraduate and graduate students in this environment. Therefore, further investment in the ADFs relationship with the ACCS will be critical for cyberwarrior recruitment and brightening the camouflage lure.
Do you want to know more? Like video as a medium?
This ABC ‘Four Corners’ episode features the Australian Centre for Cyber Security.
You can also see Major General Day discuss the Australian Centre for Cyber Security on YouTube here.
About the author
Luke Blackmore is an officer in the Royal Australian Corps of Signals. He completed a Master of Applied Science (Information Security) in 2006 and maintains an interest in progressing ADF’s cyber capability. Currently Luke is undertaking a Masters of Cyber Security, Strategy and Diplomacy at the University of New South Wales.
Grounded Curiosity is a platform to spark debate, focused on junior commanders. The views expressed do not reflect any official position or that of any of the author’s employers – see more here.