DOD Training:

U.S. Cyber Command and Services Should Take Actions to Maintain a Trained Cyber Mission Force

GAO-19-362: Published: Mar 6, 2019. Publicly Released: Mar 6, 2019.

Additional Materials:

Contact:

Joe Kirschbaum
(202) 512-9971
kirschbaumj@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Defense Department began developing a Cyber Mission Force (CMF) in 2013 to defend its information networks and bring cyber skills to the battlefield.

DOD's Cyber Command established training standards for CMF teams, which include people from across the military services. Now, DOD has begun to shift its focus from building to maintaining the CMF, and plans to transfer CMF training responsibilities to the services.

We found gaps in the plans for this transition. We made 8 recommendations to help ensure coordination between the services and DOD’s Cyber Command.

A member of the National Guard participates in a cyber training exercise in 2018.

A soldier in uniform in front of a computer screen.

A soldier in uniform in front of a computer screen.

Additional Materials:

Contact:

Joe Kirschbaum
(202) 512-9971
kirschbaumj@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

U.S. Cyber Command (CYBERCOM) has taken a number of steps—such as establishing consistent training standards—to develop its Cyber Mission Force (CMF) teams (see figure). To train CMF teams rapidly, CYBERCOM used existing resources where possible, such as the Navy's Joint Cyber Analysis Course and the National Security Agency's National Cryptologic School. As of November 2018, many of the 133 CMF teams that initially reported achieving full operational capability no longer had the full complement of trained personnel, and therefore did not meet CYBERCOM's readiness standards. This was caused by a number of factors, but CYBERCOM has since implemented new readiness procedures that emphasize readiness rather than achieving interim milestones, such as full operational capability.

Figure: Cyber Mission Force (CMF) Training Model Phases

Figure: Cyber Mission Force (CMF) Training Model Phases

DOD has begun to shift focus from building to maintaining a trained CMF. The department developed a transition plan for the CMF that transfers foundational (phase two) training responsibility to the services. However, the Army and Air Force do not have time frames for required validation of foundational courses to CYBERCOM standards. Further, services' plans do not include all CMF training requirements, such as the numbers of personnel that need to be trained. Also, CYBERCOM does not have a plan to establish required independent assessors to ensure the consistency of collective (phase three) CMF training.

Between 2013 and 2018, CMF personnel made approximately 700 requests for exemptions from training based on their experience, and about 85 percent of those applicants had at least one course exemption approved. However, GAO found that CYBERCOM has not established training task lists for foundational training courses. The services need these task lists to prepare appropriate course equivalency standards.

Why GAO Did This Study

Developing a skilled cyber workforce is imperative to DOD achieving its offensive and defensive missions, and in 2013 it began developing CMF teams to fulfill these missions. CYBERCOM announced that the first wave of 133 such teams achieved full operational capability in May 2018. House Report 115-200 includes a provision for GAO to assess DOD's current and planned state of cyber training.

GAO's report examines the extent to which DOD has (1) developed a trained CMF, (2) made plans to maintain a trained CMF, and (3) leveraged other cyber experience to meet training requirements for CMF personnel. To address these objectives, GAO reviewed DOD's cyber training standards, planning documents, and reports on CMF training; and interviewed DOD officials. This is an unclassified version of a For Official Use Only report that GAO previously issued.

What GAO Recommends

GAO is making eight recommendations, including that the Army and Air Force identify time frames for validating foundational CMF courses; the military services develop CMF training plans with specific personnel requirements; CYBERCOM develop and document a plan establishing independent assessors to evaluate training; and CYBERCOM establish the training tasks covered by foundational training courses and convey them to the services. DOD concurred with the recommendations.

For more information, contact Joe Kirschbaum at (202) 512-9971 or kirschbaumj@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: DOD agreed with the recommendation. According to a DOD status report on implementing the recommendations for GAO-19-362 that was provided to us in February 2020, the Army is performing a validation pilot for its Cyberspace Operations Planners Course. After that validation pilot is complete, the Army will establish a time frame for validating its other courses.

    Recommendation: The Secretary of Defense should ensure that the Army, in coordination with CYBERCOM and the National Cryptologic School, where appropriate, establish a time frame to validate all of the phase two foundational training courses for which it is responsible. (Recommendation 1)

    Agency Affected: Department of Defense

  2. Status: Open

    Comments: DOD agreed with the recommendation. According to a DOD status report on implementing the recommendations for GAO-19-362 that was provided to us in February 2020, the Air Force is coordinating with U.S. Cyber Command to obtain a final determination on the validated knowledge, skills, and abilities; proficiency standards, and skills for the various work roles supported by this training. The Air Force is responsible for developing curriculum for seven of the Cyber Mission Force workroles. DOD estimates that it will take 2 to 4 years to complete validation for all of the courses supporting these workroles.

    Recommendation: The Secretary of Defense should ensure that the Air Force, in coordination with CYBERCOM and the National Cryptologic School, where appropriate, establish a time frame to validate all of the phase two foundational training courses for which it is responsible. (Recommendation 2)

    Agency Affected: Department of Defense

  3. Status: Open

    Priority recommendation

    Comments: 3. DOD agreed with the recommendation. According to a DOD status report on implementing the recommendations for GAO-19-362 that was provided to us in February 2020, the Army's implementation of this recommendation is dependent upon U.S. Cyber Command establishing master training task lists for phases 2 and 3 of the training. The Army estimates it will complete all required actions to validate phase 2 of its Cyber Mission Force training requirements by June 2020, phase 3 by October 2020, and phase 4 by January 2021.

    Recommendation: The Secretary of the Army should ensure that Army Cyber Command coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Army's CMF teams. (Recommendation 3)

    Agency Affected: Department of Defense

  4. Status: Open

    Priority recommendation

    Comments: DOD agreed with the recommendation. According to a DOD status report on implementing the recommendations for GAO-19-362 that was provided to us in February 2020, the Navy plans to identify the specific training requirements for phase 3 Cyber Mission Force training by October 31, 2020. Additionally, the Navy reported that it published a policy memorandum establishing a 24-month continuous training and certification cycle for its Cyber Mission Force Teams to address its phase 4 training requirements.

    Recommendation: The Secretary of the Navy should ensure that Fleet Cyber Command coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases three (collective) and four (sustainment) in order to maintain the appropriate sizing and deployment of personnel across the Navy's CMF teams. (Recommendation 4)

    Agency Affected: Department of Defense

  5. Status: Open

    Priority recommendation

    Comments: DOD agreed with our recommendation. According to a DOD status report on implementing the recommendations for GAO-19-362 that was provided to us in February 2020, the Air Force's phase 2 training plan is contingent upon the completion of U.S. Cyber Command validating the tasks, knowledge, skills, abilities, and proficiency levels that establish the training baseline. Those products are still in coordination and are not finalized. The Air Force did not provide timeframes by which it would be able to develop training plans for its phase 2, 3, and 4 training requirements.

    Recommendation: The Secretary of the Air Force should ensure that Air Forces Cyber coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Air Force's CMF teams. (Recommendation 5)

    Agency Affected: Department of Defense

  6. Status: Open

    Priority recommendation

    Comments: DOD agreed with our recommendation. According to a DOD status report on implementing the recommendations for GAO-19-362 that was provided to us in February 2020, the Marine Corps is still developing its response to comprehensively assess and identify Cyber Mission Force training requirements for phases two , three, and four.

    Recommendation: The Commandant of the Marine Corps should ensure that Marine Corps Forces Cyberspace coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Marine Corps' CMF teams. (Recommendation 6)

    Agency Affected: Department of Defense

  7. Status: Open

    Comments: DOD agreed with our recommendation. According to a DOD status report on implementing the recommendations for GAO-19-362 that was provided to us in February 2020, U.S. Cyber Command established procedures for assessing teams participating in Joint Exercise Program collective training events. These procedures include the use of highly skilled and independent assessors from deployable training teams and other units to conduct standard assessments using U.S. Cyber Command criteria. DOD reports that the command has captured lessons learned from these procedures and will promulgate a command-wide instruction to further standardize assessments across the force and guide the development of automated assessments conducted with the Persistent Cyber Training Environment. DOD further reports that the procedures described above were first used in the CYBERFLAG 19-1 exercise in June 2019. We are in the process of obtaining documentation from that exercise to verify these procedures.

    Recommendation: The Secretary of Defense should ensure that the commander of CYBERCOM develops and documents a plan for establishing independent assessors to evaluate CMF phase three collective training certification events. (Recommendation 7)

    Agency Affected: Department of Defense

  8. Status: Open

    Comments: DOD agreed with our recommendation. According to a DOD status report on implementing the recommendations for GAO-19-362 that was provided to us in February 2020, U.S. Cyber Command will complete this task in September 2020. DOD reports that U.S. Cyber Command has established and made individual training standards available through the Joint Cyber Training and Certification Standards to all services prior to the training transition in October 2018. In October 2019, DOD approved a new organizational structure and new Mission Essential Tasks for Cyber Protection Teams. The training standards were updated and provided to the services, who are using them to validate and develop Joint Curriculum. DOD is currently reviewing a U.S. Cyber Command proposal for the organization and mission essential tasks for Cyber Mission Teams and Cyber Support Teams. Pending DOD approval, U.S. Cyber Command will update and publish revisions to the individual training standards.

    Recommendation: The Secretary of Defense should ensure that the commander of CYBERCOM establishes and disseminates the master training task lists covered by each phase two foundational training course and convey them to the military services, in accordance with the CMF Training Transition Plan. (Recommendation 8)

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

Oct 7, 2020

Oct 1, 2020

Sep 23, 2020

Aug 20, 2020

Aug 14, 2020

Aug 6, 2020

Jul 30, 2020

Jul 27, 2020

Jul 23, 2020

Looking for more? Browse all our products here