The Cyber Operations Center on Fort Gordon, Ga., is home to signal and military intelligence non-commissioned officers, who watch for and respond to network attacks from adversaries as varied as nation-states, terrorists and "hacktivists." Credit: Michael L. Lewis Throughout history, warriors of all cultures have trained their bodies to endure physical hardship and combat, whether they wielded swords and shields or carried guns and ammunition. In the 21st century, countries such as China and Estonia have recruited a new breed of warriors who fight as part of cyber militias rather than as official military personnel in uniform. Such cyber warriors often represent civilians with high-tech jobs who spend their days tapping away at keyboards rather than practicing how to accurately shoot an assault rifle or pass fitness tests. A number of U.S. military officers and national security experts say that the United States also needs to begin recruiting tech-savvy civilians without requiring them to become traditional soldiers. The U.S. military has trained a growing number of uniformed cyber warriors. But it faces a special challenge in recruiting a certain caliber of computer professionals who would rather work at high-paying jobs in Silicon Valley than enlist for military service. That issue came up during a session of the "Future of War" conference hosted by the New America Foundation on Feb. 25, when an audience member asked a panel of experts if the U.S. should "militarize" the country's technological talent and resources in Silicon Valley. "Somebody who is high on Coke, skittles and slinging code is not a good candidate for basic training," said Brad Allenby, professor of engineering and ethics at Arizona State University, in response.
Giving Up Guns for Computers
U.S. military generals have previously echoed Allenby's sentiment in less colorful terms. Lt Gen Robert Brown, commander of the U.S. Army Combined Arms Centre at Fort Leavenworth, spoke about the challenge of recruiting individuals with cyber skills who were "not natural candidates for a military career" during a previous New America Foundation event in December, according to The Telegraph. The general talked about possibly lowering or removing the physical and combat training standards for cyber warriors. "They grew up on Google and wear ponytails," Lt Gen Brown said. "We need to look at ways to bring them into the Army without necessarily going through the same training procedures as our combat troops." One possible approach was voiced by Lt Gen Edward Cardon, commanding general for United States Army Cyber Command. Lt Gen Cardon talked about the long-term goal of recruiting 30 percent of the U.S. Army Cyber Command's talent from civilians through a two-year career field. He spoke during another New America Foundation conference called "Cybersecurity for a New America" on Feb. 23 The U.S. is not alone in trying to ease military training standards for cyber warrior recruits. The U.K.'s Ministry of Defense plans to waive physical fitness requirements on a case by case basis for a new cyber reservist unit made up of 500 computer professionals, according to The Telegraph. Such reservists will also be exempt from carrying weapons or being deployed abroad. That U.K. approach may prove more appealing for computer experts than serving as a traditional military reservist. But Peter Singer, a strategist and senior fellow at the New America Foundation, suggested that U.S. should consider a civilian militia approach that exists outside the traditional military. During the Future of War conference, Singer pointed to the Estonian Cyber Defense League as a leading example. "The Estonia model is more like a militia model or a civil air patrol model where you’re pulling in experts but not dropping them into a formal military organization," Singer said.
You're in the Cyber Militia Now
Estonia formed the Estonian Cyber Defense League after suffering from cyber attacks during a 2007 incident involving tensions with Russia. The hackers behind the 20o7 cyber assault launched Distributed denial of service (DDoS) attacks that targeted Estonia's reliance upon Internet service for a fully-functional government and economy. The cyber attacks disrupted credit card and automatic teller transactions for several days, took down the government's parliamentary email server and crippled the IT capabilities of government ministries. As a paramilitary organization, the Estonian Cyber Defense League includes some of the country's best information technology and security professionals from both the public and private sectors, according to LTC Scott Applegate, author of a 2012 paper titled "Leveraging Cyber Militias as a Force Multiplier in CyberOperations." Such a cyber militia provides motivated civilians with a way to serve in times of crisis without having to formally join the military. Still, Singer observed that the U.S. Department of Defense and defense contractors might hesitate at the idea of a cyber militia intruding on their turf. He also pointed out that Silicon Valley remains largely distrustful of the U.S. national security establishment, especially after Edward Snowden's leaks of National Security Agency files revealed widespread surveillance of the Internet and cellular networks. That culture gap means many computer professionals many not be so eager to heed Uncle Sam's call to become cyber warriors. The U.S. has already fallen behind the times in recruiting either a cyber reservist force or cyber militia. China has organized a civilian cyber militia to support its military since 2005; even earlier than the Estonian Cyber Defense League. The Chinese cyber militia consists of "workers with high-tech day jobs" who "focus on various aspects of military communications, electronic warfare, and computer network operations," according to the annual report by the U.S.-China Economic and Security Review Commission released in 2012.