Advertisement

GAO: DoD Cyber Strategy Needs Guidance

The Government Accountability Office said the Department of Defense and the U.S. Cyber Command need more detailed guidance in roles and responsibilities for defending military networks against cyber threats.

From the report:

GAO’s analysis of U.S. Cyber Command’s November 2010 Concept of Operations showed that it generally meets joint guidance and maps out U.S. Cyber Command’s organizational and operational relationships in general terms.

However, greater specificity is needed as to the categories of personnel that can conduct various types of cyberspace operations in order for the military services to organize, train, and equip cyber forces.

The services may use military, civilian government, and contractor personnel to conduct cyberspace operations, and U.S. Cyber Command’s Concept of Operations describes general roles and responsibilities for cyberspace operations performed by U.S. Cyber Command’s directorates, the military services, and the respective service components.

However, service officials indicated that DOD guidance was insufficient to determine precisely what civilian activities are permissible for certain cyber activities, that DOD is still reviewing the appropriate roles for government civilians in this domain, and that the military services may be constrained by limits on their total number of uniformed personnel, among other things.

To fix the concerns, the GAO proposed the following changes.

Advertisement
  • To assist the military services in fulfilling their responsibilities to organize, train, and equip cyber forces, the Secretary of Defense should set a timeline and direct the Under Secretary of Defense for Policy and the Under Secretary of Defense for Personnel and Readiness, in consultation with the DOD Office of General Counsel, to develop and publish detailed policies and guidance pertaining to categories of personnel that can conduct the various forms of cyberspace operations.
  • To assist the military services in fulfilling their responsibilities to organize, train, and equip cyber forces, the Secretary of Defense should set a timeline and direct the Chairman of the Joint Chiefs of Staff to develop and publish authoritative and specific guidance regarding the supporting and supported command and control relationships between U.S. Cyber Command and the geographic combatant commands for cyberspace operations.
  • To assist the military services in fulfilling their responsibilities to organize, train, and equip cyber forces, the Secretary of Defense should set a timeline and direct the Chairman of the Joint Chiefs of Staff to develop and publish authoritative and specific guidance regarding the supporting and supported command and control relationships between U.S. Cyber Command and the geographic combatant commands for cyberspace operations.
  • To assist the military services in fulfilling their responsibilities to organize, train, and equip cyber forces, the Secretary of Defense should set a timeline and direct the Commander, U.S. Strategic Command, in conjunction with U.S. Cyber Command, to develop and publish authoritative and specific guidance regarding the mission requirements and capabilities, including skill sets, that the services should meet to provide long-term operational support to U.S. Cyber Command.

Report

GAO: DEFENSE DEPARTMENT CYBER EFFORTS More Detailed Guidance Needed to Ensure Military Services Develop App…

Latest Podcasts