DOD Training:

U.S. Cyber Command and Services Should Take Actions to Maintain a Trained Cyber Mission Force

GAO-19-362: Published: Mar 6, 2019. Publicly Released: Mar 6, 2019.

Additional Materials:

Contact:

Joe Kirschbaum
(202) 512-9971
kirschbaumj@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Defense Department began developing a Cyber Mission Force (CMF) in 2013 to defend its information networks and bring cyber skills to the battlefield.

DOD's Cyber Command established training standards for CMF teams, which include people from across the military services. Now, DOD has begun to shift its focus from building to maintaining the CMF, and plans to transfer CMF training responsibilities to the services.

We found gaps in the plans for this transition. We made 8 recommendations to help ensure coordination between the services and DOD’s Cyber Command.

A member of the National Guard participates in a cyber training exercise in 2018.

A soldier in uniform in front of a computer screen.

A soldier in uniform in front of a computer screen.

Additional Materials:

Contact:

Joe Kirschbaum
(202) 512-9971
kirschbaumj@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

U.S. Cyber Command (CYBERCOM) has taken a number of steps—such as establishing consistent training standards—to develop its Cyber Mission Force (CMF) teams (see figure). To train CMF teams rapidly, CYBERCOM used existing resources where possible, such as the Navy's Joint Cyber Analysis Course and the National Security Agency's National Cryptologic School. As of November 2018, many of the 133 CMF teams that initially reported achieving full operational capability no longer had the full complement of trained personnel, and therefore did not meet CYBERCOM's readiness standards. This was caused by a number of factors, but CYBERCOM has since implemented new readiness procedures that emphasize readiness rather than achieving interim milestones, such as full operational capability.

Figure: Cyber Mission Force (CMF) Training Model Phases

Figure: Cyber Mission Force (CMF) Training Model Phases

DOD has begun to shift focus from building to maintaining a trained CMF. The department developed a transition plan for the CMF that transfers foundational (phase two) training responsibility to the services. However, the Army and Air Force do not have time frames for required validation of foundational courses to CYBERCOM standards. Further, services' plans do not include all CMF training requirements, such as the numbers of personnel that need to be trained. Also, CYBERCOM does not have a plan to establish required independent assessors to ensure the consistency of collective (phase three) CMF training.

Between 2013 and 2018, CMF personnel made approximately 700 requests for exemptions from training based on their experience, and about 85 percent of those applicants had at least one course exemption approved. However, GAO found that CYBERCOM has not established training task lists for foundational training courses. The services need these task lists to prepare appropriate course equivalency standards.

Why GAO Did This Study

Developing a skilled cyber workforce is imperative to DOD achieving its offensive and defensive missions, and in 2013 it began developing CMF teams to fulfill these missions. CYBERCOM announced that the first wave of 133 such teams achieved full operational capability in May 2018. House Report 115-200 includes a provision for GAO to assess DOD's current and planned state of cyber training.

GAO's report examines the extent to which DOD has (1) developed a trained CMF, (2) made plans to maintain a trained CMF, and (3) leveraged other cyber experience to meet training requirements for CMF personnel. To address these objectives, GAO reviewed DOD's cyber training standards, planning documents, and reports on CMF training; and interviewed DOD officials. This is an unclassified version of a For Official Use Only report that GAO previously issued.

What GAO Recommends

GAO is making eight recommendations, including that the Army and Air Force identify time frames for validating foundational CMF courses; the military services develop CMF training plans with specific personnel requirements; CYBERCOM develop and document a plan establishing independent assessors to evaluate training; and CYBERCOM establish the training tasks covered by foundational training courses and convey them to the services. DOD concurred with the recommendations.

For more information, contact Joe Kirschbaum at (202) 512-9971 or kirschbaumj@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: DOD agreed with the recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Defense should ensure that the Army, in coordination with CYBERCOM and the National Cryptologic School, where appropriate, establish a time frame to validate all of the phase two foundational training courses for which it is responsible. (Recommendation 1)

    Agency Affected: Department of Defense

  2. Status: Open

    Comments: DOD agreed with the recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Defense should ensure that the Air Force, in coordination with CYBERCOM and the National Cryptologic School, where appropriate, establish a time frame to validate all of the phase two foundational training courses for which it is responsible. (Recommendation 2)

    Agency Affected: Department of Defense

  3. Status: Open

    Priority recommendation

    Comments: DOD agreed with the recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of the Army should ensure that Army Cyber Command coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Army's CMF teams. (Recommendation 3)

    Agency Affected: Department of Defense

  4. Status: Open

    Priority recommendation

    Comments: DOD agreed with the recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of the Navy should ensure that Fleet Cyber Command coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases three (collective) and four (sustainment) in order to maintain the appropriate sizing and deployment of personnel across the Navy's CMF teams. (Recommendation 4)

    Agency Affected: Department of Defense

  5. Status: Open

    Priority recommendation

    Comments: DOD agreed with the recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of the Air Force should ensure that Air Forces Cyber coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Air Force's CMF teams. (Recommendation 5)

    Agency Affected: Department of Defense

  6. Status: Open

    Priority recommendation

    Comments: DOD agreed with the recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Commandant of the Marine Corps should ensure that Marine Corps Forces Cyberspace coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Marine Corps' CMF teams. (Recommendation 6)

    Agency Affected: Department of Defense

  7. Status: Open

    Comments: DOD agreed with the recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Defense should ensure that the commander of CYBERCOM develops and documents a plan for establishing independent assessors to evaluate CMF phase three collective training certification events. (Recommendation 7)

    Agency Affected: Department of Defense

  8. Status: Open

    Comments: DOD agreed with the recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Secretary of Defense should ensure that the commander of CYBERCOM establishes and disseminates the master training task lists covered by each phase two foundational training course and convey them to the military services, in accordance with the CMF Training Transition Plan. (Recommendation 8)

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

Sep 16, 2019

Sep 5, 2019

Sep 3, 2019

Aug 22, 2019

Aug 20, 2019

Aug 15, 2019

Jul 31, 2019

Jul 26, 2019

Jul 11, 2019

Looking for more? Browse all our products here