The U.S. Air Force cyber community is failing for a single fundamental reason: the community does not exist. In 2010, the communications community began to be
identified as the cyber community. An operational cyberspace badge was created, and those who previously had been
communications professionals now were seen as cyber-warriors. This change did not effectively take
into account that cyber and communications
are two distinct fields and should be entirely
When attempting to identify cyber operators, it is impossible to look at the cyber Air
Force specialty codes (AFSCs) as an indicator. In the officer
ranks, only a small fraction ever takes part in on-keyboard or
operational missions where the effects of cyber are leveraged
for exploitation, attack or defense. Yet, all of the personnel
wear the badge and identify themselves, some cynically so, as
part of the cybercommunity.
This faux community creates problems when trying to
identify the personnel needed for a mission. It is a distinct
way of thinking and set of skills that enables an operator to
target adversary networks or take an active role in defense.
As an example, many people consider themselves computer
network defense operators and are consulted as such. Yet,
often they participate in more of a communications or maintenance role. They establish, maintain and oversee networks.
This is a very important role—maybe even more important
than a defense operator’s role when done correctly—but it
is different. Applying vendor-issued software patches is not
defense; it is maintenance.
Cyberdefense uses a variety of different sources and methodologies to mitigate active threats using fields such as incident response, malware analysis, digital forensics or even
intelligence-driven defense. Instead of having clear separation between communications and cyber roles, the term
cyber is applied to anything that can be remotely justified.
The field is plagued with those who want to use the term and
community to try to advance their own causes and careers. It
is important to remember that even with the best intentions,
members who have not participated in cyber operations will
have a limited perspective of what is required. Some of the
best leaders are not those who take command and usher in
new change but instead those who stand out of the way.
Instead of having well-trained analysts who can be identified
by their AFSC, the Air Force now has a number of personnel
who are called cyber operators but are not. Most do not under-
stand the domain or how to operate within it. By quickly creat-
ing this blended community and renaming everything cyber,
the Air Force appears to be taking action to defend national
security. However, the actual result is difficulty in supplying
core training and education useful to the field; finding the peo-
ple actually wanted as operators; and assigning operators to the
right missions. The combination of these three aspects is the
most common denominator among cyber operators who are
leaving the Air Force. These operators want to have mission
satisfaction while being challenged and developed, but because
of the lack of a cybercommunity they are more likely to find
what they are looking for in civilian jobs.
One of the most important aspects for mission success is
properly training and educating the force. When the communications community was directed to transform into
the cybercommunity, the mission of the communications
field remained. In addition, the majority of communication
professionals would never take part in cyber operations or
have an on-keyboard mission. So, the education and training
developed for the new “cybercommunity” had too much on
which to focus. Another byproduct is that this training could
not be so technical that communications professionals could
not complete it.
A perfect example of this blended communications and
cybertraining can be found in the Undergraduate Cyberspace Training (UCT) schoolhouse that all incoming 17D
cyberspace officers must complete. The six-month UCT
course spends part of its time introducing 17Ds to tactical
communications, communications ethos and legality, and
other traditional communications training. The rest of the
time is spent trying to educate the students on cyber operations and the different skillsets. The instructors who were
directed to stand up the course did an amazing job with what
they had, but they were asked to complete an impossible
task. Out of each class of about 15 students, only two will be
selected for an operational cybermission. With only about 15
percent of the students going on to be cyber operators, the
material had to be passable and understandable by everyone
so the majority of students who go on to communications
missions could succeed.
This is not a feasible strategy for providing core technical
training to an operational cyberforce. If two distinct communities existed, the communications personnel could take
material that is most relevant to their profession. This would
allow the cyberpersonnel to spend their entire training time
focusing on skills the nation needs. Additionally, cybertraining could be extended to cover more core skills that give
hands-on experience to more technically challenging and
advanced skillsets. Instead, cyber operators that come out of
training are expected to do extensive on-the-job training to
gain skills they should have been taught. Proper discussions
on what type of education and training is needed after the
core training cannot be held, because the core training does
not provide the skills it should. From this flaw all other training programs for cyber operators are affected.
After training, cyberspace officers are given operational
cyberspace badges. These badges, or cyberwings, can be
earned through the six-month course or a transition course.
The Failing of Air Force Cyber
Organizational missteps have left the service ill-suited for the digital realm.
B Y 1S T LT.