recommended reading

These Perks Could Entice Hackers to Work for CYBERCOM. But does HR Know About Them?


Lawmakers have approved some sweet pay packages in hopes of enticing hackers to join the ranks of the U.S. military. But congressional researchers say human resources staff are unaware of the new incentives.

Now, the Senate Armed Services Committee is considering additional legislation to mandate that HR employees staffing the 6,200-person force be instructed on how to make a deal.

In November, Obama signed a 2016 defense authorization bill providing, among other things, "additional compensation, incentives and allowances" to fill Cyber Command job openings related to cyber operations and spots elsewhere in the military that support the entity. In addition to permitting pay flexibility, the law fast-tracks hiring.

The “Cyber Command Employment Personnel Training Act,” introduced earlier this month by Sen. Mike Rounds, R-S.D., aims to ensure employees involved in hiring cyber talent know the enticements they can extend to compete with companies dangling six-figure salaries in front of young candidates, an aide for the senator told Nextgov in an interview.  

For a year, Pentagon officials have said the CYBERCOM workforce is half full. The command had aimed to operate 133 "Cyber Mission Force Teams" at initial operating capacity across the branches by this year. The goal has been to reach full operational capacity by 2018.

One set of teams assaults adversary networks. Most of the others protect U.S. military data systems and others, when directed by the president, will quash cyberattacks headed for the states.

Rounds crafted the legislation after learning of cyber workforce issues from staff at the Congressional Research Service, a legislative branch agency sometimes called Congress' brain.

The laws on CYBERCOM recruitment and retention "do not include provisions to require human resources staff to receive training on the availability, structure and operation of cybersecurity hiring and pay flexibilities," research agency analysts Kathryn A. Francis and Wendy Ginsberg said in a Jan. 8 report. "Training might allow staff to better understand when and how to use the flexibilities."

The measure to require cyber HR education, introduced Feb. 2, is expected to be inserted into the Senate Armed Services Committee version of the 2017 defense bill, said the aide for Rounds, whose constituents include students at the National Security Agency-accredited Dakota State University center of academic excellence.

The cyber personnel inducements were modeled after those long extended to Pentagon intelligence staff and are similar to perks Congress offered in 2014 to Department of Homeland Security cyber pros, according to an explanatory report accompanying the existing legislation.

Enhanced compensation packages in the military currently include, for example, cash bonuses based on performance and relocation incentives.

It is unclear what kinds of incentives HR personnel currently are offering information security specialists or if the CYBERCOM workforce has surpassed the midway point.

When contacted by Nextgov, a Defense spokeswoman declined to answer specific questions but pointed to remarks made by Defense Secretary Ash Carter at the Harvard Institute of Politics, where he said one allure of military service he would like to promote is the flexibility of the entire career trajectory.

"I want people who can come in and out," said Carter, a former Harvard Kennedy School professor. "Likewise, for our people who are in, I want them to have the opportunity to go out and get an education, or to serve in a company for a time, to see what the rest of the world is like. Because the government is important, but it can be isolating. And so, you want to get out and see how the rest of the world is doing things. That'll refresh our organization, that'll enliven our organization."

The Pentagon’s fiscal 2016 budget sought $500 million for CYBERCOM military personnel. Next year's CYBERCOM-specific funding proposal has not been released publicly yet. The top line figure for 2017 Pentagon cybersecurity spending is $7 billion.

An internal watchdog has suggested resource constraints are hampering the buildup of hacker troops.

DOD's Office of the Inspector General has published multiple classified audits on the Cyber Mission Force Teams. The title of one of the audits dated Nov. 24 is "Cyber Mission Force Teams Need Resources to Perform Missions."

Prior to that, the office published a title dated April 30, "U.S. Cyber Command and Military Services Need to Reassess Processes for fielding Cyber Mission Force Teams."

On Tuesday, The New York Times revealed the Obama administration scuttled a plan to use the cyberstrike force in Iran. CYBERCOM would have executed an attack to help disable parts of Iran's power grid, air defenses and communications systems, had a multilateral nuclear deal not been reached last summer, according to the Times.

(Image via /

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.