The Defense Department is advancing new training and work roles for control systems cybersecurity, as agencies and industry grapple with a dearth of talent for securing so-called “operational technology.”
Early this year, the Air Force introduced a new cybersecurity training specifically focused on how to protect systems such as gas pipelines, power grids and traffic signals. The course is the first to meet the standards for the “control systems security specialist” role under DoD’s cyber workforce framework.
The Air Force’s work to advance the control systems security specialist field is being led by the service’s new Cyber Resiliency Office of Control Systems, or CROCS. Daryl Haegley, technical director of Air Force control systems cyber resiliency and CROCS, said his office will be working with the DoD chief information officer on the work role.
“We worked with industry and government to identify what the core competencies were, and so we are going to be handing this off to the CIO and to [the National Institute of Standards and Technology] and the other services to validate that, and hopefully that becomes a permanent work role that people can align to,” Haegley said during a June 18 “Defend the Airport” event hosted by the Technology Advancement Center in Columbia, Maryland.
Air Force cyber leaders are also working with the Air Force Institute of Technology and the Defense Acquisition University to introduce more control systems training, according to Wanda Jones-Heath, principal cyber advisor at the Air Force.
“We don’t just need people who understand this world,” Jones-Heath said. “We need cybersecurity professionals that are able to operate in this world as well.”
The Air Force’s work on OT cybersecurity comes as intelligence agencies warn nation-state hackers are actively targeting U.S. critical infrastructure, including systems relied upon by the military. The intelligence community’s 2025 annual threat assessment points to campaigns like the China-linked Volt Typhoon.
“If Beijing believed that a major conflict with Washington was imminent, it could consider aggressive cyber operations against U.S. critical infrastructure and military assets,” the assessment warns.
And it’s not just advanced nation state hackers. The Cybersecurity and Infrastructure Security Agency, in a May alert, said unsophisticated cyber actors were taking advantage of poor cyber hygiene to hack operational technology systems in the energy and transportation sectors.
“We are increasingly reliant on OT systems and interconnected systems, and the security of those systems, especially for OT, has not reached where it needs to be,” said Brian Scott, deputy assistant national cyber director for cyber policy and programs, during the “Defend the Airport” conference.
However, challenges in OT cybersecurity are often far more complex than corporate IT issues. Guidance sponsored by CISA points to the imperative to prioritize safety in operational technology environments, as well as the need for cyber personnel in those environments to at least have a working knowledge of how the physical systems work.
CISA has also been working to integrate OT systems into its governmentwide Continuous Diagnostics and Mitigation program, which provides agencies with cyber monitoring dashboards and tools.
Yet, many organizations lack personnel with the skills and training needed to secure control systems and other OT. Ollie Gagnon, chief homeland security advisor at the Idaho National Laboratory’s Resilience Optimization Center, said INL spent the past four years evaluating the cybersecurity workforce in the aviation sector.
“Most airports we’ve done for the last four years, the cyber maturity of the workforce — both technical and management — is still basically security, education, training and awareness, SETA training,” Gagnon said at the Defend the Airport conference. “They’re low maturity.”
Having a trained and ready OT cyber workforce is an “industry wide problem,” according to Anthony DiPietro, technical director for defense critical infrastructure at the National Security Agency’s Cybersecurity Directorate.
DiPietro said the NSA has had success by providing cybersecurity training to individuals in traditional trades, such as electricians and rail workers.
“You take a traditional electrician, you provide some cyber training, now you’ve got a person that really knows that system,” DiPietro said. “And if it breaks, they know how to fix it. They know what it means when a cyber exploitation touches a control system.”
Meanwhile, the Air Force plans to begin incorporating operational technology into its basic cyber training courses, Haegley said. Jones-Heath said the Air Force’s work to flesh out the control systems security specialist work role influence governmentwide approaches to OT cybersecurity.
“Perhaps our good friends at the [Office of Management and Budget and Office of Personnel Management] will be able to take what we have and use it for the rest of the federal government,” Jones-Heath said.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
