Stories‎ > ‎

Military Cyber Career Fields

posted Jun 12, 2016, 1:11 PM by Michael Lenart   [ updated Jun 12, 2016, 6:26 PM ]
Michael Senft

Joint Publication 3-12 Cyberspace Operations defines the three missions of Cyberspace Operations for the Department of Defense (DoD) as DoD Information Network (DoDIN) Operations, Defensive Cyberspace Operations (DCO), and Offensive Cyberspace Operations (OCO), which are illustrated in Figure 1 below.  While each Service executes these same three missions, they do so using profoundly different workforce classification structures reflective of how Cyberspace Operations have evolved within each Service. Although workforce classification structures do not generate the same level of excitement as the latest zero-day exploit, they are nevertheless extremely important as they are the basis of the doctrine, organization, and training used to conduct Cyberspace Operations.

Figure 1: The Three Cyberspace Lines of Operation: DoDIN Operations, DCO and OCO [1]


This article analyzes the workforce classification structure that the Army uses to execute DoDIN Operations, DCO, and OCO to provide insight into the Army’s Cyberspace Operations workforce using a framework applicable to all the Services. The framework used for this analysis is the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) National Cybersecurity Workforce Framework. The Workforce Framework organizes cybersecurity work into 32 Specialty Areas from Exploitation Analysis to System Administration. [2] The 32 Specialty Areas are grouped together into seven Categories: Operate and Maintain, Protect & Defend, Oversee and Govern, Securely Provision, Collect and Operate, and Analyze. While the NIST NICE Cybersecurity Workforce Framework does not perfectly align with all functions required to conduct DoD Cyberspace Operations, it does provide a common language to describe cybersecurity work across organizational structures. [3] The genesis of this work was to encourage dialogue to define roles and responsibilities for each work specialty by Career Management Field (CMF) within the Army, but it quickly became evident that this work could have broader application across DoD to improve understanding of the Services' task organization for conducting Cyberspace Operations.


This article is the product of extensive discussions with leaders across the Army's Signal Corps and Cyber Branch to outline which Army CMFs or Functional Areas (FA) have primary and supporting roles for specific work specialty areas. In the Army, a CMF is a grouping of related Military Occupational Specialties (MOSs). CMF 25 (Signal Corps), for example, contains one Officer MOS, four Warrant Officer MOSs and seventeen MOSs responsible for the mission of DoDIN Operations. Unique among the services, the Army also has Functional Areas, which are a grouping of “officers other than a branch, who possess tasks and skills that require significant education, training and experience.” [4] The closest equivalent to a Functional Area outside the Army would be the Limited Duty Officers (LDOs) of the Navy and Marine Corps, with the key difference being LDOs are former enlisted personnel. In the Army, officers transfer into a Functional Area between 4-10 years of commissioned service.  The Army has thirteen Functional Areas ranging from Space Operations to Public Affairs. Two Functional Areas, FA24 – Telecommunications System Engineer and FA53 – Information Systems Management are managed by the Signal Corps. (Note: FA24 and FA53 will combine into a new FA26, Information Network Engineering, on 1 October 2016.)


For this analysis, Functional Areas and Warrant Officer MOSs for the Signal Corps are broken out separately due to their distinct roles within cyberspace operations and the author’s familiarity with each. FA24 and FA53 were combined with their respective Warrant Officer counterparts, 255N and 255A respectively, because of their complementary functions. Other MOSs include the entire CMF for sake of brevity. A brief description of each cyber-relevant CMF, Functional Area, and Warrant Officer MOS is detailed in Table 1.


Exploring the Army’s Cyberspace Workforce using the taxonomy provided by the NIST NICE Cybersecurity Workforce Framework highlights the challenges of unified action in the conduct of Cyberspace Operations. The Army is a master practitioner of Combined Arms operations because the roles and responsibilities of the Infantry Branch, Infantry units, and Infantry Soldiers are clearly defined along with their relationships with their respective Armor and Field Artillery counterparts. As outlined in Table 2 below, the roles and responsibilities of Signal, Cyber, and Military Intelligence overlap in multiple specialty areas without clear areas of responsibility delineated among them. While the ambiguity regarding Cyberspace Workforce roles and responsibilities within just the Army is concerning enough, what is more, the lack of clear delineation across the Services greatly complicates operational planning in a Joint environment.

 

I encourage Military Cyber Professionals at all levels to conduct a similar analysis for the specialty codes, occupational specialties, and rating designators for their respective Services. The NIST NICE Cybersecurity Workforce Framework provides a common language to promote shared understanding of the profoundly different Cyberspace Operations workforces found in each Service. Shared understanding is the foundation of military operations, and it starts with each of us.


DESCRIPTIONS OF CAREER FIELDS - Table 1

 MOSDESCRIPTIONMISSION
 13CMF 13 - Field ArtilleryConducts coordination, synchronization and integration of joint fires and Army fires; The Field Artillery ensures synchronized, integrated, and effective fires that enable maneuver commanders to seize, retain, and exploit the initiative. 
 17CMF 17 - Cyber CorpsConducts defensive and offensive cyberspace operations (DCO and OCO) through the employment of effects to degrade, disrupt, destroy or manipulate the enemy while allowing all commanders the freedom of maneuver in and through the cyberspace domain.
 25CMF25 - Signal CorpsProvides, operates, and defends the Army’s portion of the cyberspace domain (the LandWarNet) consisting of telecommunications and computer networks, information services (to include visual information), and the electromagnetic spectrum (EMS) at all levels, from sustaining military bases to global strategic communication facilities to forward deployed fighting forces in support of unified land operations.
 29CMF 29 - Electronic Warfare Denies or degrades (offensive electronic attach) enemy operations while ensuring the protection and survivability of friendly systems and units operating within the electromagnetic environment. EW is a technical capability that resides within the mission command warfighting function and must effectively coordinate across all of the other warfighting to successfully support unified land operations. *Note* - CMF 29 falls under the Cyber branch for personnel management, proponency and training. 
FA24/
255N
Telecommunications Systems Engineering Officer / Network Management TechnicianHighly skilled network engineering and defense professionals, who plan, engineer, test, integrate, and validate the installation, operation, maintenance and protection of Army cyberspace network infrastructure systems and networks using existing and future military and commercial information technologies. 
FA53/255AInformation Systems Management Officer / Information Systems Technician Highly skilled computer and information systems management professionals, who They plan and manage the integration of diverse forms of enterprise services such as directory services, database management, configuration management, email, Web-based applications, and portals into seamless information environments that enable knowledge management and decision superiority for commanders and leaders.
255SArmy Information Protection Technician Highly skilled cybersecurity experts, who performs information assurance/computer network defense (IA/CND) measures to include the protection, detection, and reaction functions at all levels in support of combat information superiority.
35CMF35 - Military Intelligence CorpsSupports commanders and staffs in gaining situational understanding of threats, terrain and weather, and civil considerations. Intelligence is the product resulting from the collection, processing, integration, evaluation, analysis, and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations.
51CMF51 - Acquisition CorpsDevelops, acquires, fields, tests and evaluates, sustains and safely disposes of materiel by leveraging domestic, organic, commercial and foreign technologies, and capabilities to meet the Army’s current and future mission requirements. Acquisition Career Field FA51R – Information Technology.
FA59 Army StrategistProvides Army organizations, combatant commands, the Joint Staff, and the interagency community the capability for strategic analysis in support of the development and implementation of plans and policies at the national, strategic and theater strategic levels.
CIDU.S. Army Criminal Investigation CommandConducts and controls all Army investigations of serious crimes, as defined in AR 195-2, and less serious crimes upon request or as needed to enforce Army law or regulations. 
JAGJudge Advocate General's CorpsProvides proactive legal support on all issues affecting the Army and the Joint Force, and deliver quality legal services to Soldiers, retirees, and their Families. This legal support encompasses the six core legal disciplines: administrative and civil law, military justice, international and operational law, contract and fiscal law, legal assistance and claims.


PRIMARY AND SUPPORT CAREER FIELDS BY NIST NICE SPECIALTY AREA - Table 2

Operate and Maintain – Specialty Areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.
PRIMARY
SUPPORT
Data Administration - Develops, maintains, and administers databases and/or data management systems that allow for the secure storage, query, and utilization of data. Conducts data integration, data modeling, analytics modeling, and data mining.
FA53/255A
25
Customer Service and Technical Support - Provides end users tiered-level customer support by coordinating software, hardware, network, and security issue resolution. May install, configure, troubleshoot, and provide maintenance and training.
25

FA53/ 255A, FA24/

255N
Network Services - Installs, configures, tests, operates, maintains, and manages network devices including hardware, software, and operating systems that permit information sharing across the full spectrum of transmission using all media. Supports the security of information and information systems. 
FA24/255N
25, FA53/
255A
System Administration - Installs, configures, troubleshoots, and maintains server and systems configurations (hardware and software) to ensure their confidentiality, integrity, and availability. Administers server-based systems, security devices, distributed applications, network storage, messaging, and performs systems monitoring. Consults on network, application, and customer service issues to support computer systems’ security and sustainability.
FA53/255A
25
Systems Security Analysis - Conducts and documents the systems integration, testing, operations, maintenance, and security of an information environment. Coordinates threat and mitigation strategies across the enterprise.
FA53/255A
FA24/ 255N, 25, 255S, 17
  
Protect and Defend - Specialty Areas responsible for identifying, analyzing, and mitigating threats to internal information technology (IT) systems or networks.
PRIMARY
SUPPORT
Enterprise Network Defense (END) Analysis - Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the enterprise network in order to protect information, information systems, and networks from threats.
17, 255S
FA24/ 255N, 25, FA53/
255A
Incident Response - Responds to disruptions within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Investigates and analyzes relevant response activities and evaluates the effectiveness of and improvements to existing practices
FA53/255A
(Tactical),
17
(Strategic)
25,
255S, 35
Enterprise Network Defense (END) Infrastructure Support - Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware, software, and documentation that are required to effectively manage network defense resources. Monitors the network to actively remediate unauthorized activities.
FA24/255N,
255S
FA53/ 255A, 25,
17
Vulnerability Assessment and Management - Conducts threat and vulnerability assessments and determines deviations from acceptable configurations or policies. Assesses the level of risk and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
 17, 25,
255S, FA24/255N, FA53/255A
 N/A
   
Investigate - Specialty Areas responsible for investigating cyber events or crimes related to information technology (IT) systems, networks, and digital evidence.
PRIMARY
SUPPORT
Digital Forensics - Collects, processes, preserves, analyzes, and presents digital-related evidence to support network vulnerability mitigation and/or civil, workplace, counterintelligence, or law enforcement (e.g., criminal, fraud) investigations.
17, 35, CID
255S, FA53/
255A, 25, FA24/
255N
Cyber Investigation – Applies tactics, techniques, and procedures to a full range of tools and processes related to administrative, criminal, and counter intelligence gathering (e.g., in-depth case analyses, continuous monitoring, malware analysis, clear documentation).
35, CID
17
  
Oversee and Govern - Specialty Areas responsible for providing leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
 PRIMARY
SUPPORT
Legal Advice and Advocacy - Provides legal advice and recommendations to leadership and staff on relevant topics within the pertinent subject domain. Advocates legal and policy changes, and makes a case on behalf of the client via written and oral work products, including legal briefs and proceedings.
JAG
17, 25, 35
Strategic Planning and Policy Development - Applies technical and organizational knowledge to define an entity’s strategic direction, determine resource allocations, establish priorities, and identify programs or infrastructure required to achieve desired goals. Develops policy or advocates for policy change that will support new initiatives or required changes and enhancements.
17, 25, 29, FA59
FA24/ 255N, FA53/
255A, 255S
Training, Education, and Awareness (TEA) - Develops, plans, coordinates, delivers, and/or evaluates instructional cybersecurity content using various formats, techniques, and venues.
25
FA24/ 255N, FA53/
255A, 255S, 17
Information Systems Security Operations - Oversees and ensures that the appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained for an information system or program. Advises the Authorizing Official (AO), an information system owner, or the Chief Information Security Officer (CISO) on the security of an information system or program.
FA53/255A, 255S, 25
17, FA24/
255N
Security Program Management - Oversees and manages information security program implementation within the organization or other area of responsibility. Manages strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources.
25, FA24/255N, FA53/255A, 255S, 35
17 
Risk Management - Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organization’s information assurance (IA) and security requirements. Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives.
17, 25, 35, FA24/255N, FA53/255A, 255S
N/A
Knowledge Management - Manages and administers integrated methods, enabling the organization to identify, capture, catalog, classify, retrieve, and share intellectual capital and information content. The methods may include utilizing processes and tools (e.g., databases, documents, policies, procedures) and expertise pertaining to the organization.
25,
FA53/255A
N/A
   
Securely Provision - Specialty Areas responsible for conceptualizing, designing, and building secure information technology (IT) systems, with responsibility for some aspect of the systems' development.
PRIMARY
SUPPORT 
Secure Acquisition – Manages and supports the acquisition life cycle, including planning, determining specifications, selecting, and procuring information and communications technology (ICT) and cybersecurity products used in the organization’s design, development, and maintenance of its infrastructure to minimize potential risks and vulnerabilities.
FA51R
17, 35
Secure Software Engineering – Develops, modifies, enhances, and sustains new or existing computer applications, software, or utility programs following software assurance best practices throughout the software lifecycle.
17, FA24/255N, FA53/255A, 255S
25, 35
Systems Security Architecture - Designs and develops system concepts and works on the capabilities phases of the systems development lifecycle. Translates technology and environmental conditions (e.g., laws, regulations, best practices) into system and security designs and processes.
17, 25, FA24/255N, FA53/255A, 255S 
35
Technology Research and Development - Conducts technology and/or feasibility assessments. Provides, builds, and supports a prototype capability and/or evaluates its security and utility. Facilitates innovation.
17, 25, 29, FA24/ 255N, FA53/255A, 255S
N/A
Systems Requirements Planning - Consults with stakeholders to guide, gather, and evaluate functional and security requirements. Translates these requirements into guidance to stakeholders about the applicability of information systems to meet their needs.
17, 25, FA24/255N, FA53/255A, 255S 
35
Test and Evaluation - Develops and conducts processes and procedures (e.g., testing) to evaluate compliance with security requirements. 
17, 25, FA24/255N, FA53/255A, 255S
35
Systems Development - Develops technical security solutions to meet the defined requirements.
17, 25, FA24/255N, FA53/255A, 255S
35
   
Collect and Operate - Specialty Areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
PRIMARY
SUPPORT
Collection Operations - Executes collection using appropriate strategies within the priorities established through the collection management process.
35
17
Cyber Operations - Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.
17
35 
Cyber Operations Planning - Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed operational plans and orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations.
17
FA29, 35,
13
  
Analyze - Specialty Areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
PRIMARY
SUPPORT
All Source Intelligence - Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context draws insights about the possible implications.
35
17
Exploitation Analysis - Analyzes collected information to identify vulnerabilities and potential for exploitation.
17
35
Targets - Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.
 35
(Strategic and Operational);
29, 35
(Tactical)
17, 13 
Threat Analysis - Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities. Produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
35
17 



Major Michael Senft is a Functional Area 24 (FA24) officer currently assigned to the Office of the Chief of Signal as the FA24 Career Program Manager. Michael has completed multiple deployments as a Network Engineer supporting Joint and Special Operations units. He holds a Master's Degree in Computer Science from the Naval Postgraduate School, a Master's Degree in Engineering Management from Washington State University, and a Bachelor's Degree in Mining Engineering from Virginia Tech.


Endnotes

[1] Army Chief Information Officer/G6, (2015). Army Network Campaign Plan 2020 & Beyond. Retrieved from http://ciog6.army.mil/Portals/1/ANCP/ANCP%20PRINT%206%20FEB%2015.pdf, 1 February 2016

 

[2] National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE),  (2015). Draft National Cybersecurity Workforce Framework. Retrieved from http://niccs.us-cert.gov/sites/default/files/documents/files/DraftNationalCybersecurityWorkforceFrameworkV2.xlsx, 1 February 2016

 

[3] NIST NICE, (2015). Cybersecurity Workforce Component. Retrieved from http://csrc.nist.gov/nice/workforce.html, 1 February 2016

 

[4] U.S. Army, (2014). Commissioned Officer Professional Development and Career Management. Retrieved from http://www.apd.army.mil/pdffiles/r600_3.pdf, 16 February 2016