U.S. Cyber Command (CYBERCOM) needs to develop more metrics for the organization to better assess its warfighting capabilities as cyber threats increase, the Government Accountability Office (GAO) said in a new report.
The Department of Defense (DoD) introduced the Joint Cyber Warfighting Architecture (JCWA) in 2019 for help with synchronizing existing systems and integrating new ones, GAO explained. And while DoD has implemented prior recommendations from GAO through improvements to its governance structure, it doesn’t have all the necessary metrics in place to assess new cyber capabilities.
“The command has been slow to determine metrics, in part because of inexperience conducting Value Assessments and the challenge of accounting for other factors – like new cyber operations tactics – on mission outcomes,” wrote GAO in the new report. “If Cyber Command does not develop outcome-based metrics to inform future Value Assessments, it risks not being able to understand whether and how new capabilities benefit the cyber warfighting mission.”
DoD policy requires outcome-based evaluations – or Value Assessments – for programs within one year of fielding capabilities to determine if they result in mission outcomes worth investment. CYBERCOM initiated JWCA program Value Assessments, and the assessments began March 2022.
GAO recommends that CYBERCOM develop an outcome-based metrics to inform future Value Assessments. DoD concurred with the recommendation, and identified the steps it is taking to meet that goal.
