The U.S. military is apparently “unsure” how to execute cyber operations, as a strategy that could help clarify standard operating procedure (SOP) is still months away from completion.
“Conflicting statements have led to confusion among the combatant commands about command and control over cyber operations,” the Government Accountability Office confirmed in a statement obtained by The Hill.
Indeed, a 2008 DoD plan tasks the newly formed U.S. Cyber Command with overseeing military network operations and defending against hostile entities in cyberspace.
“But it also states that geographic combatant commanders are to exercise authority over all commands and forces within their areas of responsibility,” said the GAO.
“[In addition], there is not a consensus across [the DoD] as to what [actually] constitutes a cyber force.”
According to the GAO, DoD officials haven’t yet managed to assign “authorities and responsibilities for cyber operations, [meaning], the supporting relationships necessary for effective command and control remain unclear.”
Nevertheless, GAO analysts, Davi D’Agostino and Nelsie Alcoser say that a cybersecurity strategy document currently being formulated by the Joint Staff could help alleviate some of the confusion – if it is completed in a timely manner.
“This document has been under development since September 2009, but was still in draft as of May 2011,” explained D’Agostino and Alcoser.
“[Unfortunately], officials with the Joint Staff and the Office of the Secretary of Defense Policy [say] this publication … may not be finalized and approved for some time.”
