WASHINGTON — U.S. Cyber Command’s imaginative and prescient for growing its core cyber platforms and capabilities lacks clear objectives and steering, in response to an audit by the Authorities Accountability Workplace.
The audit was directed by Congress — which has also expressed concern — and launched Nov. 19. The federal government watchdog examined Cyber Command’s Joint Cyber Warfighting Structure, which was created by the command to information its capabilities.
JCWA was damaged up into 5 parts: widespread firing platforms for a complete suite of cyber instruments; Unified Platform that can combine and analyze knowledge from offensive and defensive operations with companions; joint command-and-control mechanisms for situational consciousness and battle administration; sensors that help protection of the community and drive operational choices; and the Persistent Cyber Coaching Setting, which can present particular person and collective coaching in addition to mission rehearsal.
Cyber Command was granted limited acquisition authority however nonetheless depends on the armed providers to behave as govt brokers for main packages, that means many major acquisition efforts for systems within the JCWA unfold throughout providers to offer for the joint cyber mission power.
Cyber Command has been closely reliant on the instruments, personnel and infrastructure of the Nationwide Safety Company, and the 2 organizations are co-located. However the command is constructing out its personal standalone army cyber methods separate from the intelligence platforms utilized by the NSA for intelligence-gathering functions, which is distinct from army objectives.
The GAO famous that the Division of Protection created this structure to harmonize cyber capabilities, although command officers defined to GAO auditors that JCWA is merely a free structure to offer an thought to convey acquisitions collectively and steer necessities and funding choices.
GAO’s audit relied on interviews with officers and unclassified supplies, and it happened from October 2019 to November 2020.
Key amongst its findings was the truth that Cyber Command has not outlined objectives for the JCWA that may describe how present and future methods would interoperate.
“The absence of objectives is opposite to main practices we recognized in our prior work, which name for program objectives to obviously outline desired program outcomes,” GAO stated. “Clearly outlined objectives clarify the needs of a program and the outcomes a company intends to attain. Targets additionally present the premise for growing efficiency measures that assist organizations exhibit progress. By defining JCWA objectives, DOD can describe general system goals, relationships, and dependencies of its JCWA packages after which develop efficiency measures to trace progress of the JCWA methods as entire.”
The absence of interoperability objectives, the audit concluded, might result in a scarcity of constant practices and requirements, resembling data-tagging requirements, throughout a number of packages.
Interoperability for the cyber packages throughout the Command’s joint cyber groups is crucial. As C4ISRNET previously reported, Unified Platform is taken into account the centerpiece of the JCWA through which knowledge is ingested and disseminated. That knowledge is used to make choices for planning and operations and feeds into different mission platforms and sensors.
One of many risks concerned in not having objectives or widespread knowledge requirements throughout the disparate packages, GAO stated, is Unified Platform is likely to be unable to completely function utilizing different methods’ knowledge, resulting in cyber forces probably missing anticipated capabilities to conduct operations. Unified Platform depends on many methods, resembling the varied Large Knowledge Platforms that acquire info in numerous codecs.
GAO famous that program officers stated they talk about requirements informally in a “coalition of the keen.” Whereas program officers from numerous packages to incorporate Unified Platform, Joint Cyber Command and Management, and the Persistent Cyber Coaching Setting share suggestions and person knowledge frequently, these efforts between them is “largely advert hoc and doesn’t systematically tackle broader knowledge sharing or interoperability questions,” the watchdog discovered.
Command officers informed GAO that objective improvement was delayed by operational challenges and strategic modifications. Since its inception, Cyber Command has been constructing its power and capabilities whereas concurrently using them in a extremely dynamic setting. That dynamic setting requires forces and packages to be versatile, in contrast to conventional war-fighting domains or methods resembling planes or tanks which might be used a long time after they’re designed and constructed.
GAO additionally discovered that Cyber Command had not outlined roles and tasks to handle the JCWA. C4ISRNET previously reported the Command created a JCWA integration workplace, which GAO stated was established to deal with challenges related to defining and implementing the ideas throughout the structure. The workplace will assist develop steering to combine packages in a extra holistic and interoperable assemble, officers informed GAO.
Moreover, officers stated a brand new JCWA capabilities administration workplace will work with the combination workplace to establish and align necessities throughout methods primarily based on wants.
Cyber Command officers additionally informed GAO in November that they’re making progress towards defining roles and tasks.
The DoD and Cyber Command have held particulars about its packages near their vest. GAO outlined 4 particular packages related to JCWA that Cyber Command and the providers as govt brokers are procuring for cyberwarriors.
The primary is Unified Platform, which is the info administration and integration centerpiece. The Air Power is serving as the chief agent for this system.
Joint Cyber Command and Control is taken into account the decision-making platform. The Air Power can be the chief agent for this program. It goals to offer joint commanders enhanced situational consciousness and battle administration for cyber forces and missions. The GAO famous this system has not but formally entered into the acquisition life cycle but. Program officers informed GAO that the hassle has sustained and delivered a number of methods, however that almost all of the system improvement efforts will start in fiscal 2021. It has relied on different packages resembling Project IKE, a prototype underneath improvement by the Air Power and the Strategic Capabilities Workplace that can enable forces to plan and visualize that cyber setting.
The Persistent Cyber Training Environment gives crucial area for forces to coach as carry out mission rehearsals. The Military is operating this system for the DoD. The Military delivered a second iteration of the platform to Cyber Command in October. The DoD has stated it started to integrate with Unified Platform and elements of Joint Cyber Command and Control.
The Joint Common Access Platform gives “mission enablement,” in response to GAO. The Military can be the lead for this program. The platform will enable cyber operators to hook up with their goal and to ship the impact past pleasant firewalls.
GAO additionally offered transient particulars on the cyber instruments and sensors utilized in operations and for situational consciousness. The watchdog reported that the providers and Cyber Command are liable for procuring these to fulfill mission wants.
Suggestions and reactions
GAO had two suggestions for the DoD and Cyber Command:
- The protection secretary ought to direct the top of Cyber Command to outline and doc JCWA objectives for interoperability to assist synchronize acquisition efforts;
- And additional develop the JCWA governance construction by defining and documenting roles and tasks of the combination and administration workplace.
Accordingly, the Pentagon concurred with GAO’s first advice regarding objectives, however partially concurred with the second. The division famous that Cyber Command plans to additional develop the JCWA governance with stakeholders after which guarantee JCWA materials resolution integration and structure objectives are addressed.