For those of you who are, work with or have military cyber personnel on your team, quick LOG Blog post to let you know about a new Government Accountability Office (GAO) report issued earlier this week entitled “GAO-23-105423 Military Cyber Personnel: Opportunities Exist to Improve Service Obligation Guidance and Data Tracking”.

According to the GAO auditors, “military personnel who complete advanced cyber training—which may take a year or more and costs DOD hundreds of thousands of dollars—may not remain in the military for a significant time after training. We found that 2 of the 4 military services are not positioned to ensure adequate return on their investment in advanced cyber training. While the Navy and Air Force require 3 years of active duty, the Marine Corps has no guidance for this area and Army guidance does not clearly define active-duty service obligations. We recommended clarifying these service obligations and more. Ensuring the nation's cybersecurity is a topic on our High Risk List.”

On a cybersecurity note, the DoD Inspector General is also undertaking an unrelated audit of DoD’s Implementation of the Cybersecurity Information Sharing Act of 2015 (Project No. D2023-D000CU-0030.000).