GAO Report Finds Cyber Mission Force Training Gaps

Soldiers with U.S. Army Cyber Command's 780th Military Intelligence Brigade take part in network defense training. (Photo: Tina Miles, Army.mil)

The Government Accountability Office recommended that the Department of Defense address training gaps at U.S. Cyber Command to main a properly trained Cyber Mission Force (CMF) in a report released today.

The report noted that U.S. Cyber Command (CYBERCOM) has developed and trained its 133 CMF teams, many of which come from the military, since DoD started creating them in 2013. DoD has now begun to shift its focus from building to maintaining these teams, and developed four training phases to ready them: basic individual, individual foundation, collective, and finally sustainment training.

GAO, however, found that the Army and Air Force have not provided time frames to validate that their CMF teams have completed the foundation courses of CYBERCOM’s standards and that the military’s plans do not include all CMF’s training requirements. GAO also highlighted that CYBERCOM does not have a plan to establish independent individuals to assess and ensure the consistency of CMF’s collective training.

“The Army, Navy, and Air Force developed training transition implementation plans to address training requirements and execution to some degree, but the plans do not identify the number of personnel or teams and the specific training activities needed across all phases of training to maintain the CMF,” the report states.

Therefore, GAO recommended that the Army and Airforce both work with CYBERCOM and the National Cryptologic School to establish respective time frames to validate all the foundation training courses they are responsible for.

GAO also suggested that the Army and Air Force secretaries ensure their respective Cyber Commands coordinate with CYBERCOM to plan, assess, and identify specific CMF training requirements for the last three phases of the four-step training plan. GAO recommended this step for the Marine Corps and the Navy as well, except the Navy should only work on the final collective and sustainment requirements.

To create accountability, GAO wrote that CYBERCOM should both establish independent assessors to evaluate the third phase of CMF training and disseminate to the military services the master training task lists of the foundation training course.

Recent