The Government Accountability Office found that the lack of required service time commitments within some of the military branches is making it difficult to retain personnel who have completed expensive and advanced cyber courses.
The Defense Department spends hundreds of thousands of dollars training military personnel to complete advanced cyber courses, but not all of the armed forces have related requirements for how long those personnel must remain in service to ensure that DOD is receiving an adequate return on its investments, according to a report the Government Accountability Office released on Wednesday.
Congress requested that GAO conduct a review of “recruiting and retention challenges as well as ‘service obligations’—minimum terms of military service—for active-duty military cyber personnel” in a Senate report that accompanied the fiscal year 2022 National Defense Authorization Act.
GAO found that, while the Navy and Air Force “have guidance requiring a three-year active-duty service obligation for military personnel who receive lengthy and expensive advanced cyber training,” the Army’s guidance “does not clearly define active duty service obligations” and the Marine Corps does not have any related guidance.
The report said that the lack of mandatory service commitments for military cyber personnel is allowing DOD to lose talent to the private sector, since these trained individuals do not have an obligation to remain in the military after they have received their training.
“To accomplish its national security mission and defend a wide range of critical infrastructure, DOD must recruit, train and retain a knowledgeable and skilled cyber workforce,” the report said. “However, DOD faces increasing competition from the private sector looking to recruit top cyber talent to protect systems and data from a barrage of foreign attacks.”
The report noted that workforce gaps have existed “in some active-duty cyber career fields from fiscal years 2017 through 2021,” but added that “the Army, Air Force and Marine Corps do not track staffing data by work role.”
“As a result, military service officials cannot determine if specific work roles are experiencing staffing gaps,” GAO said. “Tracking staffing data at the work role level would enable the military services to identify and address staffing challenges in providing the right personnel to carry out key missions at [U.S. Cyber Command]. This information is also essential for increasing personnel assigned to USCYBERCOM as planned by the Department of Defense.”
The report added that cyber workforce retention challenges continue to exist across the armed forces, despite the fact that the Army, Navy, Air Force and Marine Corps “have all offered retention bonuses for certain cyber career fields.”
“The military services spent at least $160 million on cyber retention bonuses annually in fiscal years 2017 through 2021,” GAO noted. “However, officials have acknowledged that while the military services offer retention bonuses and special pays, they continue to experience challenges retaining qualified cyber personnel.”
GAO previously recommended in a 2017 report that DOD “review whether special and incentive pay programs had incorporated key principles of effective human capital management, and prioritize and complete the establishment of measures for the efficient use of resources.”
While DOD partially concurred with the recommendation at the time, it did not take any steps to implement it. GAO said in its most recent report that implementing this previous recommendation “would help DOD determine the effectiveness of special and incentive pays in recruiting and retaining a highly skilled workforce.”
Wednesday’s GAO report offered six new recommendations, including that “the Army and Marine Corps clearly define active-duty service obligations for advanced cyber training in guidance, and that the Army, Air Force and Marine Corps track cyber personnel data by work role.” DOD concurred with all six of the report’s recommendations.