GAO: Cyber Mission Force teams need more training

The Government Accountability Office found that, despite ongoing efforts, Cyber Mission Force teams need more training and Cyber Command needs to improve plans to supply it.

Air Force cyber warriors at Port San Antonio (Air Force)
 

U.S. Cyber Command is lagging behind on its training plan for cyber mission, according to a new Government Accountability Office report.

The unified combatant command’s four-phase transition plan, intended to move from building a 133-team cyber mission force to sustaining it, lacks alignment with the services for the second phase, individual foundation training.

“The Army and Air Force do not have time frames for required validation of foundational courses to CYBERCOM standards,” GAO found, adding that services’ plans are missing some of the CMF training requirements, including the number of personnel who need training.

Beyond that, CYBERCOM is also missing "a plan to establish required independent assessors to ensure the consistency of collective (phase three) CMF training," the report states.

GAO, which observed training practices from August 2017 to November 2018, also found that many of the CMF teams that had achieved full operational capability still needed more training. That’s in part because the services shifted personnel among teams, which affected readiness for teams that lost personnel. The lengthy clearance process has also hampered training.

Additionally, some of the changes Cyber Command has made to correct training issues have been disruptive, negatively affected training time frames at the National Guard and Reserve levels.

“Because National Guard and Reserve teams are scheduled to achieve full operational capability after the active duty teams, they are more likely to be subject to the newer training progressions, which in some cases require a few additional days of courses,” GAO wrote.

That leads to longer training times, which is harder to schedule for guardsmen and reservists who are on duty only part time.

Solidifying a proper foundational training plan is essential, the report notes. While there are no known plans to expand, U.S. Cyber Commander Gen. Paul Nakasone indicated in recent testimony to Congress that more personnel would be needed to keep up with the current threat pace.

Cyber Command has taken steps to address training challenges and gaps, the report noted throughout. But GAO recommended DOD ensure the Army and Air Force coordinate with CYBERCOM and the National Cryptologic School develop time frames to hit all phase two foundational training courses.

The GAO also suggested the service heads coordinate with their cyber components -- Army Cyber Command, Air Forces Cyber, Fleet Cyber Command, and Marine Corps Forces Cyberspace -- and develop a comprehensive plan to assess and identify CMF training requirements.