A new Government Accountability Office report calls on the service cyber components, specifically the Army and Air Force, to improve training processes for their cyber forces to avoid further gaps in readiness.

The report, released Wednesday, recommends developing a plan to identify new training requirements with U.S. Cyber Command as the services transition from building to maintaining their Cyber Mission Force teams, noting that current efforts lack a set timeline to validate personnel.

U.S. Army Cyber Command Soldiers conduct operations in the ARCYBER headquarters at Fort Belvoir, Va. (Photo by Robert Bills)

“DoD has begun to shift focus from building to maintaining a trained CMF. The department developed a transition plan for the CMF that transfers foundational (phase two) training responsibility to the services. However, the Army and Air Force do not have time frames for required validation of foundational courses to CYBERCOM standards,” officials wrote in the report.

CMF teams work within their service cyber components to deliver offensive effects, conduct defensive operations and protect the DoD information network.

All 133 teams reached full operational capability last May, four months ahead of schedule (Defense Daily, May 2018).

GAO officials wrote this push to reach FOC may have led to lower levels of operational readiness by overlooking training standards.

“We found that many of the CMF teams for which DoD has reported achieving full operational capability actually require further training, for varying reasons,” officials wrote.

The report specifically cites a lack of processes for training once the CMFs shift from Cyber Command to the service cyber components.

“The Army’s and Air Force’s lack of time frames, like those established by the Navy in its implementation plan, for validating phase two foundational training could contribute to training inefficiency and unnecessarily long time frames for training personnel,” officials wrote.

GAO’s recommendations include having the Army and Air Force identify time frames for validating CMF training courses, ensuring the services develop finalized CMF training plans with specific personnel requirements and push CYBERCOM to develop a plan for independent assessors to evaluate training standards.

Officials wrote that the DoD has agreed to the requirements included in the report.

Gen. Paul Nakasone, head of CYBERCOM, told the Senate Armed Services Committee at a Feb. 14 hearing his command may need to grow to address adversaries’ growing cyber threats (Defense Daily, Feb. 14).