The Defense Department is actively addressing cyber security threats and organizing to integrate its cyber operations such as the recent establishment of United States Cyber Command but there is insufficient joint doctrine dealing with cyber space operations and DoD hasn’t completed a comprehensive assessment for closing its cyber vulnerabilities, the Government Accountability Office (GAO) says in a new report.
Among the proactive measures DoD is taking improve its ability to deal with cyber security threats are the creation of Cyber Command, restructuring the Office of the Secretary of Defense for Policy to be a lead focal point for cyber policy, and establishing new organizations with the armed services to support Cyber Command, all of which is important to centralize what is currently decentralized efforts for policy and direction, says the report, Defense Department Cyber Efforts: DoD Faces Challenges in its Cyber Activities (GAO-11-75).
But to achieve cyber superiority, command and control must be clear, GAO says.
“DoD has assigned authorities and responsibilities for implementing cyber operations among combatant commands and military services,” the report says. “However, the supporting relationships necessary to achieve command and control of cyber operations remain unclear.”
The report also points out that DoD has identified capability gaps in cyber space, “but has not completed a comprehensive, department-wide assessment of needed resources, capability gaps, and an implementation plan for addressing gaps.”
GAO also cites U.S. Strategic Command and combatant commands as saying DoD’s cyber workforce “is insufficient to meet its current needs,” which are expected to continue to grow. The comment about a lack of trained cyber professionals mirrors concerns elsewhere in the federal government.