Cyber leaders at the Department of Defense in 2014 were struggling with staff shortages, blurry lines of authority and a lack of resources, according to a Pentagon report obtained by Fifth Domain.
The 54-page document, written by the Inspector General’s office in Dec. 2014, was obtained through a Freedom of Information Act request that took four years to complete. It is so heavily redacted that even the full title of the document is redacted.
But the few sections of the report which are available and untouched give an insight into the early struggles of America’s cyber excursion.
In 2014, the Pentagon was two years into a reorganization of its cyber operations. The report said that more resources were needed to plan and integrate cyberspace operations in the military’s different combatant command structures, which include Central Command, Pacific Command and Special Operations Command.
The report also said that officials from the commands did not communicate fully with each other when it came to cyberactivity. “Not regularly sharing information or providing timely guidance and decisions decreased the combatant commanders ability to effectively plan and prioritize cyberspace operations,” the Inspector General’s report read.
The document also found that the commands artificially boosted their cyber personnel numbers by using dual-hatted responsibilities, a sign that there were not enough trained digital operators at the time.
In May 2012, Secretary of Defense Leon Panetta ordered the standardization of cyberspace operations for combatant commanders. One section of the report implies the effort struggled to take off. It is titled “limited reliance on cyberspace operations,” however all but one sentence is redacted, meaning it is not clear what the section entails.
Rules for sharing information with allies and exactly who had the authority to do what in cyberspace were not clear, according to the report. It suggested that commanders should conduct mission-impact analysis that affect their ability to effectively run cyber operations.
It is not certain how many of the suggestions in the Inspector General’s report were followed. Only two of the commands responded to the report with management comments.
Current and former American officials have told Fifth Domain that the early years of the American military’s cyber operations were fraught with challenges. It took years for the cyber forces to be properly trained. Authority was not clear. A “deconfliction” process often meant that multiple agencies needed to sign off for an offensive operation to take place.
However, the officials say that by mid-2016, the military had made progress on these issues because of more training, resources and experience.