Defense Civil Support:
DOD Needs to Address Cyber Incident Training Requirements
GAO-18-47: Published: Nov 30, 2017. Publicly Released: Nov 30, 2017.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Version:
Contact:
(202) 512-9971
kirschbaumj@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
What GAO Found
The Department of Defense (DOD) did not develop a comprehensive plan for U.S. Cyber Command (CYBERCOM); instead, the department submitted a report consisting of a collection of documents that fully addressed two of the six statutorily required elements; partially addressed three elements; and did not address the sixth element on DOD training activities.
Table: Extent to Which the Department of Defense's (DOD) Section 1648 Report Addressed Required Elements
Required element |
GAO assessment |
Descriptions of the roles, responsibilities, and expectations of federal, state, and local authorities as the Secretary understands them. |
● |
A description of such legislative and administrative action as may be necessary to carry out the plan. |
● |
Descriptions of the roles, responsibilities, and expectations of the active and reserve components of the armed forces. |
◐ |
Plans for coordination with heads of other federal agencies and state and local governments pursuant to the exercises required in the previous clause. a |
◐ |
A list of any other exercises previously conducted that are used in the formulation of the plan. |
◐ |
A plan for internal DOD collective training activities that are integrated with exercises conducted with other agencies and state and local governments. |
○ |
Legend:
● Addressed: Submission includes all aspects of the required element.
◐ Partially addressed: Submission includes some but not all aspects of the required element.
○ Did not address: Submission does not include required element.
Source: GAO analysis of DOD's Section 1648 report. | GAO-18-47
aThe “previous clause” refers to the plan for internal DOD collective training activities that are integrated with exercises conducted with other agencies and state and local governments. Since we listed the requirements in order of the extent to which DOD's Section 1648 report addresses the legislative requirement, we listed the “internal DOD collective training” requirement last.
GAO also found that, in addition to not addressing the training element in the report, DOD had not ensured that staff are trained as required by the Presidential Policy Directive on United States Cyber Incident Coordination or DOD's Significant Cyber Incident Coordination Procedures, which were included DOD's Section 1648 report. Taking action to improve these areas should help DOD sustain progress it has already made. With the President's decision to elevate CYBERCOM to a unified combatant command, such actions will also help as DOD continues to plan to support civil authorities in response to a cyber incident and where CYBERCOM has a significant role.
Why GAO Did This Study
The Presidential Policy Directive on United States Cyber Incident Coordination states that significant cyber incidents are occurring with increasing frequency impacting public and private infrastructure in the United States. Section 1648 of the National Defense Authorization Act for Fiscal Year 2016 included a provision that DOD develop a comprehensive plan for CYBERCOM to support civil authorities in responding to cyberattacks by foreign powers against the United States. Section 1648 also included a provision that GAO review DOD's plan.
This review assesses the extent to which DOD's Section 1648 report addressed the statutorily required submission elements. To conduct this work, GAO assessed DOD's Section 1648 report against the elements outlined in the statute. GAO also discussed the Section 1648 report with DOD policy, Joint Chiefs of Staff, combatant commands, and military service officials.
What GAO Recommends
GAO has previously recommended that DOD take actions on elements of the Section 1648 report that were partially addressed. GAO is making two new recommendations that DOD update cyber incident coordination training and maintain a list of officials trained in the National Incident Management System. DOD concurred with maintaining a list of trained officials and partially concurred on updating cyber training. GAO continues to believe the updating recommendation is warranted.
For more information, contact at or kirschbaumj@gao.gov.
Recommendations for Executive Action
Status: Open
Comments: DOD partially concurred with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: The Assistant Secretary of Defense for Homeland Defense and Global Security, in coordination with the Chairman of the Joint Chiefs of Staff and other appropriate DOD components, should update the department's cyber incident coordination training to incorporate the tenets of PPD-41.
Agency Affected: Department of Defense
Status: Open
Comments: DOD concurred with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: The Chairman of the Joint Chiefs of Staff should maintain a list of senior DOD officials from organizations that could represent DOD during a Cyber Unified Coordination Group and that are trained in the National Incident Management System.
Agency Affected: Department of Defense
Explore the full database of GAO's Open Recommendations
»
Jan 21, 2021
-
Close Air Support:
Actions Needed to Enhance Friendly Force Tracking Capabilities and Fully Evaluate TrainingGAO-21-99: Published: Jan 21, 2021. Publicly Released: Jan 21, 2021.
Jan 19, 2021
-
GPS Modernization:
DOD Continuing to Develop New Jam-Resistant Capability, But Widespread Use Remains Years AwayGAO-21-145: Published: Jan 19, 2021. Publicly Released: Jan 19, 2021.
Jan 14, 2021
-
Columbia Class Submarine:
Delivery Hinges on Timely and Quality Materials from an Atrophied Supplier BaseGAO-21-257: Published: Jan 14, 2021. Publicly Released: Jan 14, 2021. -
Department of Defense:
Actions Needed to Improve Accounting of Intradepartmental TransactionsGAO-21-84: Published: Jan 14, 2021. Publicly Released: Jan 14, 2021.
Jan 12, 2021
-
DOD Critical Technologies:
Plans for Communicating, Assessing, and Overseeing Protection Efforts Should Be CompletedGAO-21-158: Published: Jan 12, 2021. Publicly Released: Jan 12, 2021.
Dec 10, 2020
-
Climate Resilience:
DOD Coordinates with Communities, but Needs to Assess the Performance of Related Grant ProgramsGAO-21-46: Published: Dec 10, 2020. Publicly Released: Dec 10, 2020. -
Electromagnetic Spectrum Operations:
DOD Needs to Address Governance and Oversight Issues to Help Ensure SuperiorityGAO-21-64: Published: Dec 10, 2020. Publicly Released: Dec 10, 2020.
Dec 2, 2020
-
Navy and Marine Corps:
Services Continue Efforts to Rebuild Readiness, but Recovery Will Take Years and Sustained Management AttentionGAO-21-225T: Published: Dec 2, 2020. Publicly Released: Dec 2, 2020.
Nov 20, 2020
-
GAO Audits Involving DOD:
Status of Efforts to Schedule and Hold Timely Entrance ConferencesGAO-21-185R: Published: Nov 20, 2020. Publicly Released: Nov 20, 2020.
Nov 19, 2020
-
Defense Acquisitions:
Joint Cyber Warfighting Architecture Would Benefit from Defined Goals and GovernanceGAO-21-68: Published: Nov 19, 2020. Publicly Released: Nov 19, 2020.
Looking for more? Browse all our products here