Gaps have emerged in the Department of Defense’s (DOD’s) efforts to create and maintain a cyber operation, according to the Government Accountability Office (GAO), which has released a series of recommendations on the topic.
The DOD Cyber Mission Force (CMF) is dedicated to defending U.S. information networks and capitalizing on their offensive capabilities. The force was established in 2013, but GAO says that transitioning to maintenance of the force has raised some coordination issues, as well as operational issues, such as lack of trained personnel.
As of November 2018, GAO noted, many of the 133 CMF teams can no longer claim operational readiness or capability. As the Army and Air Force take over the services from the DOD, their service plans have failed to take into account all CMF training requirements and there is no requirement for independent assessors to ensure training. Given that GAO and DOD have determined a skilled cyber workforce to be imperative for both defensive and offensive operations, it opens a troubling situation.
As a result, GAO made eight recommendations. Foremost among them were that the Army and Air Force both give time frames for validating foundational CMF courses. Others call for the respective Army, Navy, Air Force and marine Corps Cyber Commands coordinate with CYBERCOM to create and assess plans for CMF training and staffing requirements. CYBERCOM itself was asked to develop and document a plan for independent assessors that would evaluate individual commands’ training efforts. Lastly, GAO requested CYBERCOM create training task lists that would cover foundational training courses for the individual services.
In all cases, the DOD has thus far agreed with GAO’s recommendations on the matter.