Kirsten Gillibrand Criticizes Pentagon For Cyber Confusion
Pentagon officials have acknowledged they must recruit more cyber experts to stop hackers from breaching their networks and stealing classified military data.
But they still don't know exactly how many experts they need because they have not created a clear definition of a cyber expert, assigning the title differently across the department, according to Sen. Kirsten Gillibrand (D-N.Y.).
In a strongly worded letter sent Thursday to Defense Secretary Leon Panetta, Gillibrand, a member of the Senate Armed Services Committee, said this confusion is preventing the military from recruiting enough troops for a potential cyber war.
"I continue to be concerned that the lack of cross-cutting, clear definitions of cyber personnel throughout the Defense Department is a significant hindrance to your ability to carry out this significant mission," Gillibrand wrote in the letter to Panetta, which was obtained by The Huffington Post.
The Pentagon has said it has about 90,000 people working on cyber issues, but that number includes IT employees who do maintenance on the department's 7 million computer devices. The exact number of military cyber experts is unclear, partly because the Pentagon uses the term "cyber" for some employees who are not engaged in fighting hackers, according to some experts.
"There are some people classified as 'cyber' who are just IT guys fixing hard drives," one Democratic Hill staffer said. "That's not what cybersecurity is about."
This uncertainty over what "cyber" means is "pervasive" across the Pentagon -- causing confusion not just with staffing, but also with equipment and funding -- and "gravely hampers your ability to build a strong and resilient cyber system," Gillibrand told Panetta in the letter.
She is not the only one to criticize the Pentagon for confusion over its cyber operations. A July report from the Government Accountability Office found "a lack of operational clarity significantly slowed down" the department's response to a 2008 data breach in which an infected flash drive was inserted into a laptop at a military base in the Middle East.
The GAO report also found that the Pentagon has not conducted a comprehensive assessment of cybersecurity gaps and that the meaning of a "cyber force" is not uniformly defined across the agency.
As the Pentagon has worked to increase the ranks of cyber experts, foreign hackers have targeted military computer networks with increased frequency, most notably stealing more than 24,000 files containing classified information this spring from the Defense Department.
Over the past few years, the Pentagon has reorganized itself to better address growing threats from foreign hackers, in particular launching the U.S. Cyber Command to take the lead role on cyber operations.
But concerns remain about a shortage of cyber experts. The National Security Agency, which plays a large role in the Pentagon's cyber efforts, has said it planned to hire about 1,500 people last year and another 1,500 this year. In August, officials from the Pentagon, among other federal officials, attended the DefCon hacker conference in Las Vegas in search of new recruits.
In June, Gillibrand proposed legislation that would direct the Pentagon to review its need for more cyber experts and to consider creating a "Cyber ROTC" to address the shortage.
"Given that our fundamental 'weapon' in the cyber arena is a talented, patriotic and well trained cyber expert, our ability to recruit, train and maintain cyber personnel is critical to this mission," Gillibrand wrote in the letter.