U.S. Cyber Command has laid out a clear vision for the warfighting tools it needs, but it hasn’t set any goals for the interoperability and information sharing among those systems, according to a report from the Government Accountability Office (GAO).
The watchdog agency assessed a diagram of the Joint Cyber Warfighting Architecture (JCWA) that was available in August. That version included four acquisition programs and the supporting cyber tools, the GAO said, but lacked information about how Cyber Command would measure success for integrating them.
“According to Cyber Command and acquisition program officials, without clearly defined interoperability requirements, JCWA programs may face challenges in providing needed capabilities to Cyberspace Operations Forces,” the report reads.
Additionally, Cyber Command has established two offices for prioritizing JCWA acquisition, but hasn’t assigned roles or responsibilities for either, GAO said.
The command helps to defend military networks and support conventional forces, and it also conducts offensive cyber-operations intended to disrupt the digital activities of U.S. adversaries. The tools in the JCWA include a Unified Platform for data management, a Persistent Cyber Training Environment for mission rehearsal, a Joint Common Access Platform to provide a common cyber firing platform and a Joint Cyber Command and Control to integrate situational awareness for decision making.
The GAO noted that it couldn’t fully assess some parts of the JCWA because the Joint Common Access Platform and Joint Cyber Command and Control have not yet entered the acquisition lifecycle.
Ultimately, the JCWA is supposed to develop interoperability among the programs for a comprehensive cyberspace ecosystem. The assumption is that no single contractor or company could provide everything Cyber Command needs.
Though it is referred to as an architecture, Cyber Command officials told the GAO auditors that JCWA is “only loosely an architecture—an idea to bring acquisitions together.” This is in contrast to the Department of Defense’s rigid definition of the term.
The report describes a largely ad-hoc system of information sharing and user feedback between program officials. Because each program is working independently to become interoperable, there aren’t consistent standards even for simple practices like data tagging.
For example, Unified Platform, the data management and integration system, may be unable to fully interoperate with other systems’ data because there aren’t any tagging standards to make disparate data available for search and analysis.
GAO provided two recommendations to Cyber Command: define the goals for interoperability requirements and define the roles of the JCWA Integration Office and JCWA Capabilities Management Office. The Department of Defense concurred with the first recommendation and partially concurred with the second, noting that Cyber Command plans to develop the governance structure with DOD stakeholders.
“Cyber Command has begun to grapple with these challenges by taking initial steps at identifying governance roles and responsibilities within and elsewhere in DOD,” the report reads. “Until Cyber Command establishes goals for interoperability requirements as well as addresses governance shortfalls, the JCWA portfolio of programs remains at risk of failing to provide needed joint cyber warfighting capability.”
The report was provided for in the most recent National Defense Authorization Act and was published on Nov. 19.