With the growing risks of cyber attacks on critical infrastructure, increasing leaks, data compromise, ransomware attacks, etc., we constantly hear from government officials about scarcity of cybersecurity professionals. From one point, there is a lack of specialists who have the necessary skills, knowledge and experience to protect public and critical infrastructure resources, and on the other hand there is a lack of professionals who can give an asymmetric response to acts of aggression in cyberspace – cyber soldiers.
The problem of effective cyber forces (cyber army) creation inextricably linked with relevant legal framework. It is necessary to develop legal framework, which is absent today, to be able to execute the special cyber operations. And the main task of the working group at the National Security and Defense Council is to design appropriate amendments to the legislation.
But, in our opinion, the issue of qualified workforce is more relevant now. Let’s look at existing models and experience of related staffing.
Cyber Reserve
UK
For example, the government of the United Kingdom in 2013 decided to create a Cyber Unit Reserve with the main purpose to increase the number of reservists employed in information and cyber security. Recruitment was divided into three types of personnel: personnel from the armed forces leaving the military and other service, current and former reservists who have the necessary skills, as well as persons who do not have military background, but have technical knowledge and skills, experience and ability to work in a field. The main idea was to periodically recruit relevant reservists and enforce their cooperation with regular forces and services to protect critical digital networks and other components of the state information system.
Georgia
The model “service-reserve-service” or “reserve-service-reserve” was implemented. Georgia began implementing a similar model in 2016. Employees in the reserve were called from the civil sector – parliament, banks, public services, large corporations, etc. Particular attention in the selection was addressed not to the physical parameters, but to the intellectual capabilities. Anyone with relevant knowledge in the field of information technology can serve in the reserve. Selected applicants undergo special training. They are trained to protect networks from unauthorized access, deter attacks and respond to incidents. Participation in the cyber reserve is equal to the army. So, if the reservists are required during a crisis situation with the relevant service or institution, such as the Georgian Cybersecurity Bureau, for example, it applies to the reserve and recruits the service specialists implementing the “reserve-service-reserve” or “selection-training-reserve-service” model”.
But since 2013, the field of cybersecurity has been growing extremely. This is important to understand that it is already difficult to find cybersecurity professionals with the necessary experience and knowledge even in the private sector. And it is more difficult to find these professionals in the government and the state sector. How to solve this problem in the most efficient way? Or is it possible for private sector cybersecurity professionals to serve their country online and on-the-job?
Cyber Guard
USA
Some time ago in the United States an idea of a “National Cyber Guard” was proposed. The “National Cyber Guard” would be similar to the existing National Guard. These reserve forces should not be specially trained, or military served in the past. Instead, these reserve forces will be called upon to protect the state resources from cyber threats and strengthen national security during crises. Like the existing reserves of the National Guard, these cybersecurity professionals would be committed to serving their country by voluntarily using their skills, knowledge and experience to protect the country against malicious cyber actions or, conversely, to conduct offensive action against threat actors. They should receive the same benefits as any member of the existing National Guard, including additional remuneration, tuition compensation and other financial benefits. However, it seems that the main reward for most of these people will be the opportunity to serve their country. Potential participants could share personal and professional time.
Spain
Spain is trying to implement a similar model. The cyber reserve is seen as a structure made up of volunteers who will be involved to protect from attacks that threaten critical infrastructure or strategic companies. Volunteers will work with the state cybersecurity units including the National Intelligence Center, the Armed Forces, the police and the Civil Guard. The main idea is that the cyber reserve will include professionals who want to help their country in emergencies. They will be not only hackers, but also specialists in close and related topics: experts in social networks, telecommunications engineers and others. It is expected that the structure of the cyber reserve will be horizontal, with the separation of volunteers according to their experience and skills. Reservists will serve for two years. And if their help is requested, they will receive a reward that will depend on the complexity of the tasks performed and the level of critical information access. Interestingly, the Spanish authorities do not wait for the volunteers to come to them. During one of the experiments on the selection of talented young people in universities with the help of CTF competitions, the National Guard discovered a real computer genius at the Autonomous University of Madrid.
Ukrainian perspectives and accomplishments
Ukraine has gained unique experience in volunteer activities, starting from the Cossacks of the Zaporizhzhya Sich to the contemporary Ukrainian Volunteer Army and volunteer movement in the course of ongoing Russian-Ukrainian war in the East of Ukraine. At one time, the Ukrainian Cyber Alliance, the Ukrainian Cyber Army, and other volunteer associations were founded, but they received neither support, nor recognition. But the implementation of the new Cybersecurity Strategy of Ukraine, the creation of a cyber army and cyber reserve is a good opportunity to attract a cohort of experienced professionals to the army and related services, and to provide them an opportunity and honor to officially serve the state and nation. In his inaugural in 1961, President John F. Kennedy said a historic phrase: «Ask not what your country can do for you – ask what you can do for your country», and now Ukrainian cohort of experts already know the answer to this question. It remains to give them an opportunity.
