When the Defense Department’s new Cyber Command was launched last summer, it was dogged by all manner of questions.
There was a broad understanding of the command’s basic goals: to defend the department’s global network of computer systems from attack and to conduct offensive operations as needed.
But what exactly was the command supposed to be empowered to do in the shadowy world of cyberspace? What capabilities should it have? And to what extent would civilian employees at the Pentagon be involved in offensive military actions like, say, the dismantling of a Web site?
Turns out, not all of those questions have been completely answered.
In a report issued Monday, the Government Accountability Office concludes that the Cyber Command “has not fully defined long-term mission requirements and desired capabilities to guide the services’ efforts to recruit, train and provide forces with appropriate skill sets.”
The GAO acknowledges that establishing a new command “constitutes a large undertaking” — and gives officials credit for making progress — but it urges the Pentagon to offer “greater specificity” as to who can do what in cyberspace. As an example, the watchdog agency notes that a July 2010 memo from the Air Force’s Judge Advocate General raised concerns about the insufficiency of policies to determine “precisely what DOD civilian activities or duties were permissible in relation to computer attack operations.”
In a response to the GAO, the Pentagon says it still has work to do and is seeking to resolve the issues.
Full report is here.