When U.S. Cyber Command decided to create the roughly 6,200-member cyber mission force — the cyberwarrior cadre collectively staffed from each service to perform Cyber Command’s overreaching missions — it sought to get teams in place quickly. Too quickly, according to the Government Accountability Office, which pointed to issues with training team members in a newly unclassified version of a report initially released in November.

“To train CMF teams rapidly, CYBERCOM used existing resources where possible … As of November 2018, many of the 133 CMF teams that initially reported achieving full operational capability no longer had the full complement of trained personnel, and therefore did not meet CYBERCOM’s readiness standards,” GAO’s March 6 report stated.

Cyber Command — including its new commander, Gen. Paul Nakasone — has acknowledged the need to not only change the structure and employment of the teams, but also the training.

Lt. Gen. Stephen Fogarty, commander of Army Cyber Command, told Fifth Domain in 2018 that during the build phase, former Cyber Command Commander Adm. Michael Rogers wanted to lock in a model as to not alter or change the goal posts while the teams were being built.

“The perception could be, 'Hey you’re changing the rules, you’re not playing straight.’ That was his strategic decision ... we’ll lock it down and as we work a mission we’ll tailor and we’ll task organize in order to best meet that mission,” Fogarty, who was previously chief of staff at Cyber Command, said.

The offensive, defensive and support cyber mission force teams all reached full operational capability in May 2018, a full four months before the deadline set by Rogers. Experts, however, have always been sure to caution that the FOC milestone was just a metric that the teams were fully manned and matched the correct career billets.

With the teams fully manned and at FOC, though, Cyber Command has maintained that it is shifting from building the teams to maintaining readiness based on operational lessons learned. That doesn’t mean it’s easy.

Complicating the training and readiness problem of the force is that personnel cycle out every few years for many of the services, an issue that is being recognized. The Army, for instance, created a cyber branch ensuring that personnel can make a career out of being a cyberwarrior.

And, GAO noted, exactly what constitutes readiness is constantly evolving. Since 2013, Cyber Command has updated the CMF training manual 13 times. In December 2017, the command published standard operating procedures for readiness reporting that CMF teams use to assess if they have the resources and capability to perform their missions and define CMF readiness reporting guidelines related to personnel, equipment and training.

The dynamic nature of cyberspace in some respects poses challenges to having an established training standard in an ongoing basis. Given that cyberspace is so dynamic — not static like artillery, for example — the environment is always changing. The Army, for example, has changed from task-based training to outcomes-based training — essentially saying they’re not concerned how cyber operators solve a problem, just as long as it is solved.

GAO also noted that DoD has had difficulty ensuring teams maintain levels of readiness.

“DoD has taken steps to shift its focus from building a trained CMF to maintaining this force, but it has not taken key actions to ensure that the department is poised to maintain CMF training following this transition,” GAO stated. “Specifically, the military services have not developed plans that include time frames for validating all phase two foundational training courses, or that comprehensively assess their training requirements. Further, as of June 2018, CYBERCOM had not provided a plan for establishing independent assessors to evaluate and certify the completion of phase three collective training for CMF teams.”

Importantly, in writing to GAO, the deputy assistant secretary of defense for force education and training concurred with all eight of GAO’s recommendations for executive action.

They include:

1) The Secretary of Defense should ensure that the Army, in coordination with CYBERCOM and the National Cryptologic School, where appropriate, establish a time frame to validate all of the phase two foundational training courses for which it is responsible.

2) The Secretary of Defense should ensure that the Air Force, in coordination with CYBERCOM and the National Cryptologic School, where appropriate, establish a time frame to validate all of the phase two foundational training courses for which it is responsible.

3) The Secretary of the Army should ensure that Army Cyber Command coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Army’s CMF teams.

4) The Secretary of the Navy should ensure that Fleet Cyber Command coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases three (collective) and four (sustainment) in order to maintain the appropriate sizing and deployment of personnel across the Navy’s CMF teams.

5) The Secretary of the Air Force should ensure that Air Forces Cyber coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Air Force’s CMF teams.

6) The Commandant of the Marine Corps should ensure that Marine Corps Forces Cyberspace coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Marine Corps’ CMF teams.

7) The Secretary of Defense should ensure that the commander of CYBERCOM develops and documents a plan for establishing independent assessors to evaluate CMF phase three collective training certification events.

8) The Secretary of Defense should ensure that the commander of CYBERCOM establishes and disseminates the master training task lists covered by each phase two foundational training course and convey them to the military services, in accordance with the CMF Training Transition Plan.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

Share:
More In IT and Networks