Coast Guard: Workforce Planning Actions Needed to Address Growing Cyberspace Mission Demands
Fast Facts
Coast Guard relies on its cyberspace workforce to maintain and protect its IT systems and data from threats. In 2020, the marine transportation system, which moves people and goods through U.S. waterways, suffered over 500 cyberattacks.
Coast Guard has a process to assess workforce levels and skills needed for its missions. But it hasn't used this process for a large portion of its cyberspace workforce, including 3 headquarters units that collectively represent 55% of its cyberspace positions.
Our recommendations could help Coast Guard determine its necessary cyberspace workforce levels and better recruit and retain this critical workforce.
Highlights
What GAO Found
The Coast Guard is increasingly dependent upon its cyberspace workforce to maintain and protect its information systems and data from threats. As of September 2021, the Coast Guard determined it had 4,507 authorized cyberspace workforce positions (i.e., funded positions that could be vacant or filled), consisting of military and civilian personnel.
Authorized Coast Guard Cyberspace Positions, Filled and Vacant, as of September 2021
Coast Guard guidance calls for the service to use its Manpower Requirements Determination process to assess and determine necessary staffing levels and skills to meet mission needs. However, GAO found that the service had not used this process for a large portion of its cyberspace workforce. For example, as of February 2022, the Coast Guard had not used this process for three headquarters units that collectively represent 55 percent of its cyberspace workforce positions. Until such analysis is completed, the Coast Guard will not fully understand the resources it requires, including those to protect its information systems and data from threats.
Of 12 selected recruitment, retention, and training leading practices, the Coast Guard fully implemented seven, partially implemented three, and did not implement two. By fully implementing these leading practices, the Coast Guard could better manage its cyberspace workforce. For example, it has not developed a strategic workforce plan for its cyberspace workforce. According to leading recruitment practices, such a plan should include three elements: (1) strategic direction, (2) supply, demand, and gap analyses, and (3) solution implementation, along with monitoring the plan's progress to address all cyberspace competency and staffing needs. Without having such a plan, the Coast Guard will likely miss opportunities to recruit for difficult to fill cyberspace positions.
Why GAO Did This Study
The Coast Guard, a multi-mission, maritime military service within the Department of Homeland Security (DHS), is responsible for ensuring the safety and security of the nation's maritime transportation system and maritime borders. It established cyberspace as an operational domain in 2015 to help protect the marine transportation system from threats. Such threats could be delivered through the internet, telecommunications networks, and computer systems.
The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 includes a provision for GAO to review issues related to the Coast Guard's cyberspace workforce. This report addresses the extent the Coast Guard has (1) identified its cyberspace workforce and determined its associated mission needs and (2) implemented selected leading practices in its cyberspace workforce recruitment, retention, and training. We selected the leading practices by reviewing those identified in relevant GAO reports and federal guidance. GAO analyzed Coast Guard documentation and data and interviewed cognizant Coast Guard officials.
Recommendations
GAO is making six recommendations to the Coast Guard including to determine the cyberspace staff needed to meet its mission demands and fully implement five recruitment and retention leading practices, such as establishing a strategic workforce plan for its cyberspace workforce. DHS concurred with these recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| United States Coast Guard | The Commandant of the Coast Guard should assess and determine the staffing levels needed to meet its cyberspace mission demands. (Recommendation 1) |
DHS concurred with this recommendation. In October 2023, the Coast Guard provided us with its Manpower Requirements Analysis for Coast Guard Cyber Command. In addition, the Coast Guard reported it was identifying stakeholders and resources to assess options for additional analysis of the remaining cyberspace workforce. In January 2024, Coast Guard told us that its Manpower Requirements Determination (MRD) for Coast Guard Cyber Command was in progress. In September 2024, the Coast Guard provided us with the MRD for Coast Guard Cyber Command. The MRD determined that the unit needed 813 positions, including 105 officer and 229 enlisted positions. As of January 2025, Coast Guard Cyber Command had 689 authorized positions. Coast Guard Cyber Command represents some, but not all of the units containing Coast Guard's cyberspace workforce. In January 2025, the Coast Guard told us that it planned to conduct a study for Base C5I departments in fiscal year 2026 and had not yet determined when it would conduct future studies. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should establish a strategic workforce plan for its cyberspace workforce, to include strategies and implementing activities to address all competency and staffing needs. (Recommendation 2) |
DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was developing a workforce management plan and a cyberspace training and qualification instruction. The Coast Guard also reported publishing the Cyberspace Officer Career Guide in October 2022. In January 2024, the Coast Guard provided us with its Cyberspace Workforce Management Plan. In February 2025, the Coast Guard told us that it received input from the Cyber Policy Working Group and the Cyberspace Workforce Integrated Planning Team on cyberspace workforce management gaps. The Coast Guard is planning to implement best practices to align the Coast Guard's cyberspace workforce with DoD Cyberspace Workforce Framework (DCWF) requirements. The Coast Guard plans to close the identified workforce management gaps by fully implementing DCWF requirements in the Coast Guard. The Coast Guard also told us that the Manpower Requirements Determination (now known as a Workforce Requirements Determination) for Coast Guard Cyber Command contained a competency and gap analysis. However, the Coast Guard Cyber Command represents some, but not all of the units containing Coast Guard's cyberspace workforce. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should incorporate data from the Cyber Mission Specialist rating to inform its strategic workforce planning for the enlisted cyberspace workforce. (Recommendation 3) |
DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it had begun implementing the Cyber Mission Specialist rating in fiscal year 2023 and was working to finalize the rating implementation. In April 2024, the Coast Guard told us that it has continued working to finalize this implementation and plans to reprogram enlisted billets by April 2026. In February 2025, the Coast Guard told us that it has fully implemented the Cyber Mission Specialist rating and the Cyber Mission Manager Chief Warrant Officer specialty, resulting in 270 Cyber Mission Specialist positions and 28 Cyber Mission Manager positions. While the rating is officially established, the Coast Guard is working toward aligning all cyber positions with the DoD 8140 series (Cyberspace Workforce Qualification and Management Program) directives to fully implement the DoD Cyber Workforce Framework. Coast Guard's estimated completion date for this effort is February 2027. The Coast Guard will also need to ensure that it incorporates data from the Cyber Mission Specialist rating to inform its strategic workforce planning for the enlisted cyberspace workforce. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should develop metrics for recruitment of enlisted and all civilian cyberspace personnel, and use these metrics to assess the effectiveness of its recruitment and hiring efforts. (Recommendation 4) |
DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was working to finalize the Cyber Mission Specialist rating. In April 2024, the Coast Guard told us that it has continued working to finalize this effort. Once fully implemented, the Coast Guard plans to measure workforce health and adjust the service's recruiting goals based on the service's workforce needs once the rating is fully implemented. In February 2025, the Coast Guard told us that it is leveraging the DHS Intelligence and Cybersecurity Diversity Fellowship Program to recruit talented and high performing civilian college students as Coast Guard interns. If the intern performs well, they are offered a full-time position following their college graduation. The Coast Guard's estimated completion date is February 2027. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should set and quantify retention goals and objectives for its cyberspace workforce. (Recommendation 5) |
DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was working to finalize the Cyber Mission Specialist rating. In April 2024, the Coast Guard reported that it has continued working to finalize this effort. In February 2025, the Coast Guard told us that it has fully implemented the Cyber Mission Specialist rating and the Cyber Mission Manager Chief Warrant Officer specialty. The Coast Guard also told us that it is leveraging congressionally appropriated funds to offer monetary bonuses to the active-duty military workforce to retain members who hold highly desirable and difficult to achieve certifications in critical positions. In addition, the Coast Guard was targeting Coast Guard civilians serving in key cybersecurity roles with a retention incentive to retain skills marketable outside of the Coast Guard. As of February 2025, the Coast Guard is executing its fiscal year 2025 bonus program and the Coast Guard has begun planning to identify the best use of monetary intervention for fiscal year 2026 based on service needs. The Coast Guard is also working toward aligning all cyber positions with the DoD 8140 series (Cyberspace Workforce Qualification and Management Program) directives to fully implement the DoD Cyber Workforce Framework (DCWF). As the DCWF is fully implemented in the workforce, DCWF work roles and skills will be used to target the cyber workforce for monetary and non-monetary intervention with additional precision. The Coast Guard's estimated completion date is February 2027. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
|
| United States Coast Guard | The Commandant of the Coast Guard should establish and track metrics of success for improving cyberspace personnel morale and report its progress to Coast Guard leadership. (Recommendation 6) |
DHS concurred with this recommendation. In July 2023, the Coast Guard reported that it had added eight questions to its biennial Organizational Assessment Survey to better track metrics of success for improving cyberspace personnel morale and reporting progress to Coast Guard leadership. After obtaining the results of this survey, the Coast Guard plans to document how these survey questions will be measured to track progress on improving cyberspace personnel morale and how Coast Guard leadership was informed of the progress in meeting the metrics. In September 2024, the Coast Guard provided us with the results of the survey for cyberspace personnel. In October 2024, the Coast Guard reported that it will document how the Coast Guard plans to use these questions to track progress on improving cyberspace personnel morale and inform leadership by June 30, 2025. We will continue to monitor Coast Guard efforts to implement this recommendation.
|