The Pentagon is prepared to draft thousands of private sector and National Guard cyber pros in the event of a network emergency affecting American lives, a top U.S. military official said Tuesday.
The “surge forces” will be trained by the Defense Department and help defend the energy sector, telecommunications and other so-called critical infrastructure, Defense Principal Cyber Adviser Eric Rosenbach said in remarks prepared for a Senate Armed Forces subcommittee hearing.
“Up to 2,000 Reserve and National Guard personnel will also support the Cyber Mission Force,” which is part of the department’s offensive and defensive Cyber Command, he added.
The Pentagon is bringing in security reinforcements, as it contends with a cyber workforce shortage and growing Internet threat.
Each military service “has developed reserve component integration strategies” that harness active duty cyber know-how “and leverage the Reserve and National Guard strengths from the private sector,” Rosenbach said in his written testimony for Tuesday’s hearing.
Military and civilian agencies currently are competing with the private sector for scarce cyber talent. Lawmakers and advisory councils have long recommended the federal government institute a civilian cyber militia to aid agencies during crises.
The federal workforce advocacy group urged the government to establish a civilian Cyber Reserve Training Corps, modeled on the military’s ROTC program, to provide education and workforce development.
More than 100 foreign intelligence agencies “continually attempt” to infiltrate U.S. military networks “some incursions — by both state and nonstate entities — have succeeded,” Rosenbach said.
Defense also is finalizing a new defensewide cyber strategy that builds upon the first-ever strategy released in 2011, he said.
DOD, as a whole, is looking to hire 3,000 cyber whizzes by Dec. 31. Cyber Command is slated to be at full capacity in fiscal 2018, with 6,200 military and civilian personnel. The force is currently about half-staffed.
The department is talking to industry members about incentives and career pathways to bring more cyber expertise into the military, Rosenbach testified.
He singled out North Korea’s alleged attack on Sony Pictures Entertainment as an example of how threat actors are targeting American companies.
Calling the incident, “the most destructive cyberattack against the United States to date,” he accused North Korea of destroying systems and exposing sensitive data. Rosenbach also asserted the country “threatened physical violence in retaliation for releasing a film of which the regime disapproves.”