U.S. Cyber Command's concept of operations lacks detail and clarity around roles and responsibilities that enable CYBERCOM's support for Defense Department cyberspace operations, say military officials.

Officials from the four military services requested greater specificity around command and control relationships for cyberspace operations, being led by CYBERCOM, and geographic combatant commands, says the Government Accountability Office.

"According to its Concept of Operations, when a cyberspace operation is confined to the area of responsibility of one geographic combatant command, U.S. Cyber Command will act as a supporting commander to the geographic combatant commander. When the cyberspace operations impact global functions or create effects across the borders of more than one geographic combatant command's area of responsibility, the geographic combatant commanders may support U.S. Cyber Command, as directed," states a GAO report (.pdf) released publically June 20 but dated May 2011.

However, there are several different models for such support relationships and the operations document does not identify a specific model for CYBERCOM and the geographic combatant commands to follow.

The Joint Chiefs of Staff has been working since September 2009 on a document to accompany the concept of operations, but it's still a draft, according to report authors. In addition to creating a more "comprehensive doctrine," DoD should also establish common definitions for cyberspace operations, advises GAO.

Officials at military services also told GAO auditors they have not received guidance from CYBERCOM regarding longterm personnel requirements and capabilities. As such, each branch is developing internal protocol, "moving forward using disparate, service-specific approaches to operationalizing cyberspace," says the report. DoD is also reviewing the appropriate roles for government civilians and military personnel in the cyber domain as current policy guidance is insufficient, the report says.

In a written response to GAO, DoD agreed with the analysis and recommendations, saying it is taking action to address these issues internally and achieving them is "highly desirable."

For more:
- see the report GAO-11-421 (.pdf)

Related Articles:
Mahnken: Cyber warfare favors the strong 
Schmidle: Cyber ops might require new combatant command structure 
McKeon seeks to clarify DoD cyber war authority 
Cyber war threat inflated, says paper