Wednesday, May 16, 2018

An ongoing debate within the Army cyber branch is whether officers should focus on being technical experts or being the operational leaders who manage them. Those who advocate the latter believe the primary role of cyber officers is “to lead operations … and to manage resources in support of those efforts,” as argued by Lt. Col. Justin Considine and Capt. Blake Rhoades in the January 2017 issue of ARMY (“How to Grow a Capable Cyber Officer”). They criticize branch training for focusing too much on “technical adeptness for officers” and “individual skill training” at the expense of preparation as “supported commanders or operational leaders.”

This thinking is flawed because it presupposes technical expertise and operational leadership to be competing interests.

To the contrary, effective leadership in the cyber domain is built on technical expertise, not at its expense. Requiring cyber officers to be technical experts is no different from what is expected of other maneuver officers. Army doctrine makes clear that all cyber officers, regardless of rank, must have a high level of technical expertise to achieve mission success.

Army Doctrine Reference Publication (ADRP) 6-22: Army Leadership describes the “Army’s view of leadership ... and describes the attributes and core leader competencies across all levels.” For junior officers, the publication states: “Subordinates expect their first-line leaders to be experts in the applicable technical skills. ... Leaders need to know what value the equipment has … and how to employ the item.”

Understand Tools of the Trade

The Army expects that maneuver officers understand the tools of their trade, even if their main role is to plan and not operate the tools. Even if they never pull the trigger, an infantry officer must understand how to effectively emplace an M240B machine gun, as well as its maximum and effective ranges, rate of fire and how often the barrel must be changed, among myriad other details. Direct leadership in the cyber domain is no different.

For instance, a common task for a cyber network defense manager is to ingest large amounts of log data. If he is not a technical expert, he might insist his team roll a custom script, or reach back to an overtasked support element, or just hand-jam the data.

This is no different from a light infantry platoon leader who, for no doctrinal reason, tells his troops to use something other than a patrol base to secure the perimeter, or requests armor support for his patrol base, or forbids the use of crew-served weapons. All these would attest to that infantry platoon leader’s lack of technical expertise in the tactics, techniques and procedures of his warfighting domain; likewise for the inept cyber network defense manager. For junior cyber officers, technical expertise is a sine qua non for mission success.

For senior cyber officers, the need for technical expertise can be composited from several parts of ADRP 6-22: Pages 5–4, 6–2 and 6–3, which describe their work role: “At higher levels, the technical knowledge requirement shifts from understanding how to operate single items to employing entire systems. Higher-level leaders have a responsibility to understand capabilities and organizational impact [and] new system development.”

An Implied Task

Successful officers throughout Army history have understood that gaining expertise in the components of a system is an implied task in understanding the overall system. For instance, in their efforts to “rewrite the doctrine for employing armor and to redesign the tanks that would execute it,” then-Cols. Dwight D. Eisenhower and George S. Patton “entirely disassembled a tank, including the engine, and put it back together again,” as documented by Eric Larrabee in his book Commander in Chief: Franklin Delano Roosevelt, His Lieutenants and Their War. Similarly, Timothy T. Tutka notes in the Spring/Summer 2014 issue of Saber and Scroll that when then-Capt. James M. Gavin wrote one of the Army’s first airborne operations manuals, he did so not as a manager but as a fully qualified paratrooper with technical expertise in his domain. No less should be expected of senior cyber officers.

The senior cyber officer managing a piece of the DoD Information Network will better understand his organization and why his soldiers spend so much time writing Bro intrusion detection system rules, for example, if he himself knows how to perform that task. Developers should not need to beg for procurement support; their senior officer should know from personal development experience that their cyber troops need licenses and infrastructure just as infantrymen need beans and bullets. The senior cyber officer harnessing machine learning must see beyond buzzwords and have a firm grasp of different types of models. In other words, managing systems requires expertise beyond just knowing the names of black boxes; technical details matter.


U.S. Army

Further, senior cyber officers must be technical because their primary weapons are the doctrinal means of influence—persuasion, apprising and resistance, described on ADRP 6-22 Pages 6–2 and 6–3. As they explain, to correctly employ these weapons and support their troops, senior officers must “provide evidence, logical arguments ... provide invaluable experience [and] correct false beliefs,” all impossible tasks without technical expertise. Technical ineptitude is even more problematic at higher echelons and joint settings because the senior cyber officer will “be recognized as an expert in the specialty area in which the influence occurs.” If they are undeserving of the recognition, not only will their shortcomings affect operations in the cyber domain, but those in other warfighting domains will also be affected.

Regardless of rank, cyber officers must be technical experts because, as the doctrine notes, “It does not take long for followers to become suspicious of a leader who acts confident but does not have the competence to back it up.” At least in the kinetic branches, competence can be displayed via easily seen markers: specialty tabs, skill badges and displays of physical prowess. There are no analogues for cyber. Whether the private believes their cyber colonel is competent can be determined by as little as a single sentence showing technical expertise or ignorance.

Morale Affected

Speaking from personal experience, there is nothing as demoralizing for a cyber soldier as hearing a senior member of their branch make a face-palm-worthy statement demonstrating lack of technical expertise. Stoicism is pushed to its limit by statements that make no technical sense such as: “If the enemy is running unpatched Microsoft SQL, we can conduct an SQL injection or disconnect their clusters to damage their nodes,” made to this author by a senior cyber officer. If cyber branch leadership subscribes to the dictum of ADRP 6-22 that “morale is the Army’s most important intangible human element,” it must mandate that senior cyber officers uphold morale by possessing enough technical expertise to put together coherent sentences.

Finally, while exact force composition cannot be discussed, open-source news suggests that existing training pipelines are insufficient to meet the technical demands of the operational force. For example, the Dec. 6, 2017, edition of Army Times reported that U.S. Army Cyber Command instituted direct commissioning of cyber first lieutenants “intended to fill a number of capability gaps … such as building tools and devices, writing algorithms, ciphers and programs.” Similarly, Army News Service reported on Aug. 18, 2017, that Army Cyber Command stood up Task Force Echo in order to draw “from a wide palette of civilian sector skillsets [to] provide critical support for U.S. Cyber Command.”

In other words, while the branch is riven by philosophical debates over the role of officers, operational needs are barely being met. In a do-or-die moment, would we tell an infantry officer that they can’t fill a gap in their line because of their rank? Then why would we do so for cyber?