Coast Guard: Workforce Planning Actions Needed to Address Growing Cyberspace Mission Demands
Fast Facts
Coast Guard relies on its cyberspace workforce to maintain and protect its IT systems and data from threats. In 2020, the marine transportation system, which moves people and goods through U.S. waterways, suffered over 500 cyberattacks.
Coast Guard has a process to assess workforce levels and skills needed for its missions. But it hasn't used this process for a large portion of its cyberspace workforce, including 3 headquarters units that collectively represent 55% of its cyberspace positions.
Our recommendations could help Coast Guard determine its necessary cyberspace workforce levels and better recruit and retain this critical workforce.
Highlights
What GAO Found
The Coast Guard is increasingly dependent upon its cyberspace workforce to maintain and protect its information systems and data from threats. As of September 2021, the Coast Guard determined it had 4,507 authorized cyberspace workforce positions (i.e., funded positions that could be vacant or filled), consisting of military and civilian personnel.
Authorized Coast Guard Cyberspace Positions, Filled and Vacant, as of September 2021
Coast Guard guidance calls for the service to use its Manpower Requirements Determination process to assess and determine necessary staffing levels and skills to meet mission needs. However, GAO found that the service had not used this process for a large portion of its cyberspace workforce. For example, as of February 2022, the Coast Guard had not used this process for three headquarters units that collectively represent 55 percent of its cyberspace workforce positions. Until such analysis is completed, the Coast Guard will not fully understand the resources it requires, including those to protect its information systems and data from threats.
Of 12 selected recruitment, retention, and training leading practices, the Coast Guard fully implemented seven, partially implemented three, and did not implement two. By fully implementing these leading practices, the Coast Guard could better manage its cyberspace workforce. For example, it has not developed a strategic workforce plan for its cyberspace workforce. According to leading recruitment practices, such a plan should include three elements: (1) strategic direction, (2) supply, demand, and gap analyses, and (3) solution implementation, along with monitoring the plan's progress to address all cyberspace competency and staffing needs. Without having such a plan, the Coast Guard will likely miss opportunities to recruit for difficult to fill cyberspace positions.
Why GAO Did This Study
The Coast Guard, a multi-mission, maritime military service within the Department of Homeland Security (DHS), is responsible for ensuring the safety and security of the nation's maritime transportation system and maritime borders. It established cyberspace as an operational domain in 2015 to help protect the marine transportation system from threats. Such threats could be delivered through the internet, telecommunications networks, and computer systems.
The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 includes a provision for GAO to review issues related to the Coast Guard's cyberspace workforce. This report addresses the extent the Coast Guard has (1) identified its cyberspace workforce and determined its associated mission needs and (2) implemented selected leading practices in its cyberspace workforce recruitment, retention, and training. We selected the leading practices by reviewing those identified in relevant GAO reports and federal guidance. GAO analyzed Coast Guard documentation and data and interviewed cognizant Coast Guard officials.
Recommendations
GAO is making six recommendations to the Coast Guard including to determine the cyberspace staff needed to meet its mission demands and fully implement five recruitment and retention leading practices, such as establishing a strategic workforce plan for its cyberspace workforce. DHS concurred with these recommendations.
Recommendations for Executive Action
| Agency Affected Sort descending | Recommendation | Status |
|---|---|---|
| United States Coast Guard | The Commandant of the Coast Guard should assess and determine the staffing levels needed to meet its cyberspace mission demands. (Recommendation 1) |
DHS concurred with this recommendation. In October 2023, the Coast Guard provided us with its Manpower Requirements Analysis for CGCYBER Command. In addition, the Coast Guard reported it was identifying stakeholders and resources to assess options for additional analysis of the remaining cyberspace workforce. In January 2024, Coast Guard told us that its Manpower Requirements Determination for CGCYBER Command was in progress. CGCYBER Command represents some, but not all of the units containing Coast Guard's cyberspace workforce. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should establish a strategic workforce plan for its cyberspace workforce, to include strategies and implementing activities to address all competency and staffing needs. (Recommendation 2) |
DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was developing a workforce management plan and a cyberspace training and qualification instruction. The Coast Guard also reported publishing the Cyberspace Officer Career Guide in October 2022. In January 2024, the Coast Guard provided us with its Cyberspace Workforce Management Plan. As of April 2024, we are awaiting Coast Guard responses to determine how the Coast Guard identified its cyberspace workforce management gaps and assessed its competency needs. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should incorporate data from the Cyber Mission Specialist rating to inform its strategic workforce planning for the enlisted cyberspace workforce. (Recommendation 3) |
DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it had begun implementing the Cyber Mission Specialist rating in fiscal year 2023 and was working to finalize the rating implementation. In April 2024, the Coast Guard told us that it has continued working to finalize this implementation and plans to reprogram enlisted billets by April 2026. Once fully implemented, the Coast Guard plans to gather and analyze the workforce data to inform planning for the enlisted cyberspace workforce. Coast Guard's estimated completion date for this effort is September 30, 2026. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should develop metrics for recruitment of enlisted and all civilian cyberspace personnel, and use these metrics to assess the effectiveness of its recruitment and hiring efforts. (Recommendation 4) |
DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was working to finalize the Cyber Mission Specialist rating. In April 2024, the Coast Guard told us that it has continued working to finalize this effort. Once fully implemented, the Coast Guard plans to measure workforce health and adjust the service's recruiting goals based on the service's workforce needs once the rating is fully implemented. Coast Guard's estimated completion date for this effort is September 30, 2026. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should set and quantify retention goals and objectives for its cyberspace workforce. (Recommendation 5) |
DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was working to finalize the Cyber Mission Specialist rating. In April 2024, the Coast Guard reported that it has continued working to finalize this effort. Once implemented, the Coast Guard plans to gather and analyze workforce data and consider retention incentives. Coast Guard's estimated completion date for this effort is September 30, 2026. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should establish and track metrics of success for improving cyberspace personnel morale and report its progress to Coast Guard leadership. (Recommendation 6) |
DHS concurred with this recommendation. In July 2023, the Coast Guard reported that it had added eight questions to its biennial Organizational Assessment Survey to better track metrics of success for improving cyberspace personnel morale and reporting progress to Coast Guard leadership. After obtaining the results of this survey, the Coast Guard plans to document how these survey questions will be measured to track progress on improving cyberspace personnel and how Coast Guard leadership was informed of the progress in meeting the metrics. Coast Guard's estimated completion date for this effort is April 30, 2024. We will continue to monitor Coast Guard efforts to implement this recommendation.
|