GAO: Cyber Mission Force teams need more training

Air Force cyber warriors at Port San Antonio (Air Force)  

U.S. Cyber Command is lagging behind on its training plan for cyber mission, according to a new Government Accountability Office report.

The unified combatant command’s four-phase transition plan, intended to move from building a 133-team cyber mission force to sustaining it, lacks alignment with the services for the second phase, individual foundation training.

“The Army and Air Force do not have time frames for required validation of foundational courses to CYBERCOM standards,” GAO found, adding that services’ plans are missing some of the CMF training requirements, including the number of personnel who need training.

Beyond that, CYBERCOM is also missing "a plan to establish required independent assessors to ensure the consistency of collective (phase three) CMF training," the report states.

GAO, which observed training practices from August 2017 to November 2018, also found that many of the CMF teams that had achieved full operational capability still needed more training. That’s in part because the services shifted personnel among teams, which affected readiness for teams that lost personnel. The lengthy clearance process has also hampered training.

Additionally, some of the changes Cyber Command has made to correct training issues have been disruptive, negatively affected training time frames at the National Guard and Reserve levels.

“Because National Guard and Reserve teams are scheduled to achieve full operational capability after the active duty teams, they are more likely to be subject to the newer training progressions, which in some cases require a few additional days of courses,” GAO wrote.

That leads to longer training times, which is harder to schedule for guardsmen and reservists who are on duty only part time.

Solidifying a proper foundational training plan is essential, the report notes. While there are no known plans to expand, U.S. Cyber Commander Gen. Paul Nakasone indicated in recent testimony to Congress that more personnel would be needed to keep up with the current threat pace.

Cyber Command has taken steps to address training challenges and gaps, the report noted throughout. But GAO recommended DOD ensure the Army and Air Force coordinate with CYBERCOM and the National Cryptologic School develop time frames to hit all phase two foundational training courses.

The GAO also suggested the service heads coordinate with their cyber components -- Army Cyber Command, Air Forces Cyber, Fleet Cyber Command, and Marine Corps Forces Cyberspace -- and develop a comprehensive plan to assess and identify CMF training requirements.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

  • Workforce
    online collaboration (elenabsl/

    Federal employee job satisfaction climbed during pandemic

    The survey documents the rapid change to teleworking postures in government under the COVID-19 pandemic.

Stay Connected