Cybersecurity skills

DOD Must Invest More in Cybersecurity Skills Rather Than Technology, Official Says

The Department of Defense is not training its cybersecurity workforce to a degree that is commensurate with the sophistication of its cyber technologies, a top weapons testing official said in an annual report.

“There is no cyber defense without cyber defenders,” the Office of the Director, Operational Test and Evaluation said. The department should account for human defenders early on in its cybersecurity engineering and programmatic efforts, DOT&E said.

The DOD has also not invested enough in the dedicated program offices needed to ensure that its cyber technology operators are trained to the same level as soldiers involved in kinetic warfare.

DOT&E said that the majority of the DOD’s cybersecurity issues—such as insecure system designs, inadequate cyber training and insufficient test planning—can be attributed to the department’s lack of funding for cyber program offices.

According to DOT&E, the Pentagon is also not providing its cyber operators enough training in contested cyber environments.

While the DOD’s operators participate in red team exercises, such as the ones sponsored by DOT&E, the Pentagon rarely allows its personnel to “experience representative cyber effects because of the risk of degrading other training objectives.”

The lack of training in a more realistic environment puts both the cyber operators and DOD leadership at risk of having a false sense of confidence, DOT&E warned.

The office said it is already working with the Joint Staff to add realistic cyber scenarios with a “fight-through objective” in major training exercises moving forward.