The GAO has issued a report that finds the Coast Guard is not doing all GAO thinks Coast Guard should be doing, to manage its cyber work force. You can see the one page summary here, it has a nice bar graph. I have reproduced most of the summary below. You can see the entire 40 page report here.
The most striking thing for me, was to see how many Coast Guard people are now employed in cyber. 4507 positions are authorized and 4095 are filled. That is a big chunk of the Coast Guard’s total manpower. It is totally justified considering they are protecting not just the Coast Guard, but the entire maritime transportation system.
A recent US Naval Institute Proceedings article, “Cyber Warfare Is a Navy Mission” discusses why cyber has become so important and also suggests that the Navy needs to take larger role in maritime economic cyber. Apparently the Navy has not been paying much attention to this, but the potential is there, that they may.
What GAO Found
The Coast Guard is increasingly dependent upon its cyberspace workforce to
maintain and protect its information systems and data from threats. As of
September 2021, the Coast Guard determined it had 4,507 authorized
cyberspace workforce positions (i.e., funded positions that could be vacant or
filled), consisting of military and civilian personnel.
Coast Guard guidance calls for the service to use its Manpower Requirements
Determination process to assess and determine necessary staffing levels and
skills to meet mission needs. However, GAO found that the service had not used
this process for a large portion of its cyberspace workforce. For example, as of
February 2022, the Coast Guard had not used this process for three
headquarters units that collectively represent 55 percent of its cyberspace
workforce positions. Until such analysis is completed, the Coast Guard will not
fully understand the resources it requires, including those to protect its
information systems and data from threats.
Of 12 selected recruitment, retention, and training leading practices, the Coast
Guard fully implemented seven, partially implemented three, and did not
implement two. By fully implementing these leading practices, the Coast Guard
could better manage its cyberspace workforce. For example, it has not
developed a strategic workforce plan for its cyberspace workforce. According to
leading recruitment practices, such a plan should include three elements: (1)
strategic direction, (2) supply, demand, and gap analyses, and (3) solution
implementation, along with monitoring the plan’s progress to address all
cyberspace competency and staffing needs. Without having such a plan, the
Coast Guard will likely miss opportunities to recruit for difficult to fill cyberspace