When U.S. Cyber Command decided to create the roughly 6,200-member cyber mission force — the cyberwarrior cadre collectively staffed from each service to perform Cyber Command’s overreaching missions — it sought to get teams in place quickly. Too quickly, according to the Government Accountability Office, which pointed to issues with training team members in a newly unclassified version of a report initially released in November.
“To train CMF teams rapidly, CYBERCOM used existing resources where possible … As of November 2018, many of the 133 CMF teams that initially reported achieving full operational capability no longer had the full complement of trained personnel, and therefore did not meet CYBERCOM’s readiness standards,” GAO’s March 6 report stated.
Cyber Command — including its new commander, Gen. Paul Nakasone — has acknowledged the need to not only change the structure and employment of the teams, but also the training.
Lt. Gen. Stephen Fogarty, commander of Army Cyber Command, told Fifth Domain in 2018 that during the build phase, former Cyber Command Commander Adm. Michael Rogers wanted to lock in a model as to not alter or change the goal posts while the teams were being built.
“The perception could be, 'Hey you’re changing the rules, you’re not playing straight.’ That was his strategic decision ... we’ll lock it down and as we work a mission we’ll tailor and we’ll task organize in order to best meet that mission,” Fogarty, who was previously chief of staff at Cyber Command, said.
The offensive, defensive and support cyber mission force teams all reached full operational capability in May 2018, a full four months before the deadline set by Rogers. Experts, however, have always been sure to caution that the FOC milestone was just a metric that the teams were fully manned and matched the correct career billets.
With the teams fully manned and at FOC, though, Cyber Command has maintained that it is shifting from building the teams to maintaining readiness based on operational lessons learned. That doesn’t mean it’s easy.
The dynamic nature of cyberspace in some respects poses challenges to having an established training standard in an ongoing basis. Given that cyberspace is so dynamic — not static like artillery, for example — the environment is always changing. The Army, for example, has changed from task-based training to outcomes-based training — essentially saying they’re not concerned how cyber operators solve a problem, just as long as it is solved.
GAO also noted that DoD has had difficulty ensuring teams maintain levels of readiness.
6) The Commandant of the Marine Corps should ensure that Marine Corps Forces Cyberspace coordinate with CYBERCOM to develop a plan that comprehensively assesses and identifies specific CMF training requirements for phases two (foundational), three (collective), and four (sustainment), in order to maintain the appropriate sizing and deployment of personnel across the Marine Corps’ CMF teams.
7) The Secretary of Defense should ensure that the commander of CYBERCOM develops and documents a plan for establishing independent assessors to evaluate CMF phase three collective training certification events.
8) The Secretary of Defense should ensure that the commander of CYBERCOM establishes and disseminates the master training task lists covered by each phase two foundational training course and convey them to the military services, in accordance with the CMF Training Transition Plan.