Why do governments have trouble retaining cyber warriors?

It is becoming painfully obvious that the U.S. government and the governments of European countries are having trouble recruiting enough capable “cyber warriors” in order to keep their systems secure.

The retention of skilled experts is particularly challenging – some burn out, some go over to the “dark side”. Time and time again, government department or agency heads bemoan the loss of perfect candidates – and employees – to the private sector.

Computer security professionals and attackers – two sides of the same coin, really – are mostly highly intelligent individuals who thrive on challenges and might sometimes chafe under the leadership of people who they believe know less about cybersecurity problems than themselves. And it is the somewhat eccentric personality of many of these individuals what makes them difficult to manage.

Cyber warfare demands much more that simple analytic skills so prized by intelligence agencies. A “cyber warrior” must also have a deep knowledge of the technology used and the capability of reacting fast to short-lived opportunities. Flair and imagination are also necessary traits, said John Bassett, a former senior official at Britain’s Government Communications Headquarters, for Reuters.

So why do Russia and China have seemingly greater success in attracting hackers to work for the government?

It is impossible to know whether the cyber attacks that are thought to be initiated at the behest of those governments have been performed by hackers employed by them or simply executed by independent “patriotic hackers” with the silent approval and possibly a slight nudge in the right direction from government officials.

Personally, I believe that when it comes to cyber conflicts most hackers can see the appeal of being the attacker.

The fact that these hackers seem not to be officially affiliated with these countries’ armies or commanded by them may be an asset now, but could also be a liability if they decide to turn their capabilities against the government.

Given the shortage of qualified cyber security experts in the U.S., it has been suggested that in the event of a major conflict with one of those emerging powers would require the U.S. government to recruit criminal hackers to “fight”.

Bassett says that given their nature, managing hackers should be a lot like herding cats. “You might be able to give them some money or tools which they would find interesting and keep them pointing in a certain direction for a certain period of time,” he said. “But whether that would then give them any residual loyalty is a very open question.”