SAN DIEGO, Calif. — The Navy is likely to have between 200 and 300 new positions dedicated solely to cyber operations, according to a top official.
A provision in the fiscal 2023 National Defense Authorization Act, which was passed into law late last year, mandates the Navy create specific military occupational specialties — or in Navy parlance, designators — for cyber.
The Navy is currently the only service that does not have a dedicated military role for cyber. Its cyber personnel are primarily resourced from its cryptologic warfare community — which is also responsible for signals intelligence, electronic warfare and information operations, among several mission sets — with additional roles resourced from information specialists and cyber warfare engineers. Cyber warfare engineers are not operators, but specialize in highly technical skills and development of tools.
Critics have said this risks neglecting cyber and having a lack of institutional expertise both in the operations community and at top echelons of leadership. However, others in the community believe a cyber-specific work role is too limiting, leading to a lack of expertise across the entirety of the information warfare discipline.
Congressional defense committees grew weary that the Navy was falling behind in cyber relative to the other services. Each service is responsible to provide a set amount of personnel to U.S. Cyber Command for the cyber mission force. However, an additional NDAA provision raises the specter that the Navy should entirely get out of cyber operations for Cybercom. It calls for a study, which, among other aspects, could help determine whether the Navy should no longer be responsible for developing and presenting forces for the cyber mission force.
The Navy, when building its cyber mission force at the outset, relied heavily on its signals intelligence personnel that worked for the National Security Agency, given similarities in the mission. Since that time, the Navy has, for the most part, kept the same structure in place.
Service officials have acknowledged that they’ve fallen behind in recent years, however.
“Up to this date, the Navy has struggled in fully manning their requirements to the mission force,” Chris Cleary, principal cyber advisor for the Navy, told reporters at the annual WEST conference in San Diego this week. “We’ve taken it in the teeth a little bit, but we now are moving very diligently to ensure that our requirements, particularly of the joint force, are being met.”
Vice Adm. Kelly Aeschbach, commander of Naval Information Forces, noted that the Navy had been on a path prior to congressional involvement, acknowledging the service made “some poor decisions relative to the cyber mission force and that we had not put in place the processes to effectively train the individuals who serve on the cyber mission force.”
There has been a spirited debate back and forth between the Navy and lawmakers, with one congressional aide telling DefenseScoop that Congress wouldn’t have gotten involved in this issue if there was confidence that the Navy would tackle this on its own.
“There’s a reason that multiple NDAAs contained pointed requests about Navy workforce and career management issues, and it’s not because of the service’s exemplary performance,” the aide said.
The Navy had put their attention toward the issue and believed a specialization was the right way ahead, but Congress disagreed.
“We were looking at a specialization track before we got the congressional language. We have a model for that in intelligence where we do that for one of the intel skill sets, where we allow you to re-tour over the course of a career. We were looking at that within the existing cryptologic designator and the information professional designator because we have multiple officers who serve on the cyber mission force — that if they could specialize and get the right training that we thought that would be sufficient to really raise our game,” Aeschbach told reporters at the WEST conference Wednesday.
“Congress — and I talked to them a lot over the last year — had a little bit different view. They really like that the other services have established a dedicated designator or officer capability. I explained to them that the work we were doing on specialization, essentially provides the foundation for what you need for an officer designator. In the back and forth with them, when it became apparent that they really wanted us to do the designator, we really just transitioned the work we were doing on specialization to how we’re going to establish a designator.”
Aeschbach explained that she expects to get the first proposal on the initial billet base this week. It will have somewhere between 200 and 300 billets.
The goal is by the end of the year, but hopefully earlier, to do a first call to officers currently in service to apply for the cyber designator.
On the enlisted side, Aeschbach noted that the service already had a rate, or work role, for cyber called cryptologic technician network (CTN), which is part of the cryptologic series.
The Navy is in the process of talking to that community to rename that role and a cyber rating will be created. There will now be a family of cyber designators and ratings similar to intelligence specialties.
While officials have to balance how many personnel from the cryptology field transition to cyber, given they have limited personnel, Aeschbach said overall, this will allow both communities to up their game.
The cryptology field has signals intelligence, electronic warfare and information operations. Now, they will be able to more intently focus on these disciplines while the cyber professionals can focus on cyber.
The Navy owes a report back to Congress in March to give lawmakers an update on what the plan is.
“I think Congress was a little frustrated when I first came in that the Navy in their minds was not being as responsive or performing at the level of the other services. I really think we’ve made a lot of progress with the committees on demonstrating Navy’s commitments and really showing them that we have a really thoughtful plan for how we’re going to get after it,” Aeschbach said.
All in all, this new system will allow cyber operators to be in their jobs for a longer period of time instead of cycling out after a short stint.
Aeschbach also acknowledged issues with training the Navy’s cyber mission force members. Up until recently, they weren’t getting adequate training prior to going to their duty assignment, instead getting on-the-job training.
“We are lifting and shifting all training to the left so that our cyber operators and everyone who fills the 15 different work roles across the cyber mission force teams actually shows up fully trained, because we actually weren’t doing that,” she said. “We didn’t do a very good job of putting the foundational training infrastructure in place to ensure over time that as the work roles matured and the demands increased in terms of a level of proficiency you have to have, that we had a really good training path for every work role.”