Pentagon Reduces Cybersecurity Training Amid Workforce Cuts
TL;DR
- The Pentagon's recent decision to cut mandatory cybersecurity training aims to enhance military focus on warfighting. However, analysts warn that reducing training may increase vulnerability to cyber threats, emphasizing the importance of maintaining robust cyber awareness for all personnel.
Pentagon Cuts Back Cybersecurity Training
Defense Secretary Pete Hegseth has ordered a reduction in mandatory cybersecurity training across the Department of Defense (DOD). This initiative aims to restore what he termed “mission focus” for military personnel. In a Sept. 30 memo, Hegseth directed military departments to streamline or eliminate training not directly tied to warfighting, allowing service members to concentrate more on combat readiness.
The memo specifies that the DOD’s chief information officer should relax the mandatory frequency for cybersecurity training. Hegseth stated, “The Department of War is committed to enabling our warfighters to focus on their core mission of fighting and winning our Nation’s wars without distraction.” Changes include narrowing the scope of records management training based on service member roles and allowing more flexibility in training delivery. The memo encourages the use of automated information management systems, indicating a potential future reliance on AI and automation.
Additional directives include relaxing the frequency of training on controlled unclassified information, removing Privacy Act training from the Common Military Training list, and eliminating recurring “Combating Trafficking in Persons” refresher training once related legislation is enacted. Hegseth emphasized the importance of these changes to strengthen the lethality of the armed forces.
The adjustments come at a time of increasing cyberattacks targeting U.S. military and infrastructure systems. Recently, the U.S. Air Force reported a data breach affecting personal and healthcare information of service members.
DOD to Cut Back on Mandatory Cybersecurity Training
The changes in cybersecurity training are to be “implemented expeditiously,” according to Hegseth’s directive. The defense secretary's memo directs military departments to relax the mandatory frequency for cybersecurity training and tailor records management training to specific roles. Hegseth stated, “Mandatory Department training will be directly linked to warfighting or otherwise be consolidated, reduced in frequency, or eliminated.”
The relaxing of cybersecurity training mandates has raised concerns among analysts. Peter W. Singer, a strategist and senior fellow at New America, suggested that rather than relaxing training, it would be beneficial to update it to better defend against new cyber and cognitive warfare threats. Lauryn Williams, deputy director at the Center for Strategic and International Studies, expressed that relaxing training could weaken the Pentagon’s cyber posture, emphasizing the necessity of annual cyber awareness training to inform personnel of risks and adversary tactics.
Retired Rear Adm. Mark Montgomery noted that the reduction in cybersecurity training may not significantly save time but could increase vulnerability. Senior defense officials have highlighted the importance of good cyber hygiene and threat awareness, underscoring that everyone in the military interacts with cyber systems daily.
Charleen Laughlin from the Space Force pointed out that understanding the mission impact of cyber hygiene is vital. “Every patch, every click that you make, matters,” she stated. Brig. Gen. Joy Kaczor emphasized that all airmen must be aware of digital threats and understand their mission requirements.
DoD Braces for Cyber Workforce Cuts Amid Reductions, Hiring Freeze
!Pentagon Military Defense DoD Image courtesy of MeriTalk
The Department of Defense (DoD) is preparing for potential cuts to its cybersecurity workforce due to ongoing reductions in the civilian workforce and a sustained hiring freeze. Patrick Johnson, director of the Workforce Innovation Directorate under the DoD Office of the Chief Information Officer (OCIO), stated that the office aims to limit the adverse impacts by targeting strategic reductions and investing in upskilling for existing staff.
The proposed cuts are part of a broader initiative by the Trump administration aimed at reducing the Federal civilian workforce by five to eight percent, potentially affecting up to 70,000 positions. Approximately 21,000 civilians have already left under the Deferred Resignation Program, with more expected to depart.
The hiring freeze, which has been in effect since March, has significantly reduced cyber-related hiring from about 1,500 hires per month to fewer than 200 per month. Johnson emphasized the importance of strategic personnel decisions to mitigate the impact on the cyber workforce.
“We’re going to see a reduction in the size of our force,” Johnson remarked. The DoD’s cyber workforce comprises about 225,000 personnel, including civilians, military personnel, and contractors, with roles spanning cybersecurity, AI, software engineering, and IT work.
Johnson indicated that the department is aligning its strategy with broader personnel reductions while aiming to minimize effects on the cyber workforce through selective cuts and upskilling efforts. The department is also engaging academic institutions to explore new pathways for training and development of DoD cyber personnel.
