GAO Asks: Exactly How Does CYBERCOM Help After Cyberattacks?

The Defense Department hasn’t told Congress how it’s training forces to help civil authorities if there’s a major cyberattack against the United States, an auditor said Thursday.

Congress ordered the Pentagon to give it an overview of that training in the 2016 version of an annual defense policy bill, along with several other cyber readiness measurements.

When the report came in, however, the Pentagon only provided a classified list of general cyber training exercises that “according to officials, have training value for cyber incident response,” the report from the Government Accountability Office said.

The report comes as the military’s cyber wing, U.S. Cyber Command, is preparing to be elevated to a full combatant command. Some lawmakers and cyber watchers are also eager to split CYBERCOM from its current dual-hat relationship with the National Security Agency, though military leaders warn that split would be premature.

The Defense Department does offer training for responding to civilian cyberattacks, the auditor said, including a U.S. Northern Command course that’s available to officials from Defense and civilian agencies. The Pentagon simply failed to describe those courses, the auditor said.

“By not including this information in this one-time report, DOD missed an opportunity to provide Congress more complete information about training that the department is conducting to prepare itself and commands to support civil authorities for a cyber incident within the United States,” the report states.