Coast Guard: Workforce Planning Actions Needed to Address Growing Cyberspace Mission Demands

Fast Facts

Coast Guard relies on its cyberspace workforce to maintain and protect its IT systems and data from threats. In 2020, the marine transportation system, which moves people and goods through U.S. waterways, suffered over 500 cyberattacks.

Coast Guard has a process to assess workforce levels and skills needed for its missions. But it hasn't used this process for a large portion of its cyberspace workforce, including 3 headquarters units that collectively represent 55% of its cyberspace positions.

Our recommendations could help Coast Guard determine its necessary cyberspace workforce levels and better recruit and retain this critical workforce.

A person sitting in front of a computer screen that is displaying coding.

Highlights

What GAO Found

The Coast Guard is increasingly dependent upon its cyberspace workforce to maintain and protect its information systems and data from threats. As of September 2021, the Coast Guard determined it had 4,507 authorized cyberspace workforce positions (i.e., funded positions that could be vacant or filled), consisting of military and civilian personnel.

Authorized Coast Guard Cyberspace Positions, Filled and Vacant, as of September 2021

Coast Guard guidance calls for the service to use its Manpower Requirements Determination process to assess and determine necessary staffing levels and skills to meet mission needs. However, GAO found that the service had not used this process for a large portion of its cyberspace workforce. For example, as of February 2022, the Coast Guard had not used this process for three headquarters units that collectively represent 55 percent of its cyberspace workforce positions. Until such analysis is completed, the Coast Guard will not fully understand the resources it requires, including those to protect its information systems and data from threats.

Of 12 selected recruitment, retention, and training leading practices, the Coast Guard fully implemented seven, partially implemented three, and did not implement two. By fully implementing these leading practices, the Coast Guard could better manage its cyberspace workforce. For example, it has not developed a strategic workforce plan for its cyberspace workforce. According to leading recruitment practices, such a plan should include three elements: (1) strategic direction, (2) supply, demand, and gap analyses, and (3) solution implementation, along with monitoring the plan's progress to address all cyberspace competency and staffing needs. Without having such a plan, the Coast Guard will likely miss opportunities to recruit for difficult to fill cyberspace positions.

Why GAO Did This Study

The Coast Guard, a multi-mission, maritime military service within the Department of Homeland Security (DHS), is responsible for ensuring the safety and security of the nation's maritime transportation system and maritime borders. It established cyberspace as an operational domain in 2015 to help protect the marine transportation system from threats. Such threats could be delivered through the internet, telecommunications networks, and computer systems.

The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 includes a provision for GAO to review issues related to the Coast Guard's cyberspace workforce. This report addresses the extent the Coast Guard has (1) identified its cyberspace workforce and determined its associated mission needs and (2) implemented selected leading practices in its cyberspace workforce recruitment, retention, and training. We selected the leading practices by reviewing those identified in relevant GAO reports and federal guidance. GAO analyzed Coast Guard documentation and data and interviewed cognizant Coast Guard officials.

Recommendations

GAO is making six recommendations to the Coast Guard including to determine the cyberspace staff needed to meet its mission demands and fully implement five recruitment and retention leading practices, such as establishing a strategic workforce plan for its cyberspace workforce. DHS concurred with these recommendations.

Recommendations for Executive Action

Agency Affected	Recommendation	Status
United States Coast Guard	The Commandant of the Coast Guard should assess and determine the staffing levels needed to meet its cyberspace mission demands. (Recommendation 1)	Open DHS concurred with this recommendation. In March 2023, the Coast Guard reported it was in the process of conducting a Manpower Requirements Analysis for CGCYBER Command. In addition, the Coast Guard reported it was identifying stakeholders and resources to assess options for additional analysis of the remaining cyberspace workforce. Coast Guard's estimated completion date for this effort is October 31, 2023. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
United States Coast Guard	The Commandant of the Coast Guard should establish a strategic workforce plan for its cyberspace workforce, to include strategies and implementing activities to address all competency and staffing needs. (Recommendation 2)	Open DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was developing a workforce management plan and a cyberspace training and qualification instruction. The Coast Guard also reported publishing the Cyberspace Officer Career Guide in October 2022. Coast Guard's estimated completion date for this effort is September 29, 2023. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
United States Coast Guard	The Commandant of the Coast Guard should incorporate data from the Cyber Mission Specialist rating to inform its strategic workforce planning for the enlisted cyberspace workforce. (Recommendation 3)	Open DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it had begun implementing the Cyber Mission Specialist rating in fiscal year 2023 and was working to finalize the rating implementation. Once fully implemented, the Coast Guard plans to gather and analyze the workforce data to inform planning for the enlisted cyberspace workforce. Coast Guard's estimated completion date for this effort is September 30, 2026. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
United States Coast Guard	The Commandant of the Coast Guard should develop metrics for recruitment of enlisted and all civilian cyberspace personnel, and use these metrics to assess the effectiveness of its recruitment and hiring efforts. (Recommendation 4)	Open DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was working to finalize the Cyber Mission Specialist rating. Once fully implemented, the Coast Guard plans to measure workforce health and adjust the service's recruiting goals based on the service's workforce needs once the rating is fully implemented. Coast Guard's estimated completion date for this effort is September 30, 2026. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
United States Coast Guard	The Commandant of the Coast Guard should set and quantify retention goals and objectives for its cyberspace workforce. (Recommendation 5)	Open DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it was working to finalize the Cyber Mission Specialist rating. Once implemented, the Coast Guard plans to gather and analyze workforce data and consider retention incentives. Coast Guard's estimated completion date for this effort is September 30, 2026. We will continue to monitor the Coast Guard's efforts to implement this recommendation.
United States Coast Guard	The Commandant of the Coast Guard should establish and track metrics of success for improving cyberspace personnel morale and report its progress to Coast Guard leadership. (Recommendation 6)	Open DHS concurred with this recommendation. In March 2023, the Coast Guard reported that it uses the Defense Organizational Climate Survey (Defense Climate Survey) to provide commanders with specific information on various personnel topics. The Coast Guard reported that the Defense Climate Survey is the appropriate organizational tool for tracking cyberspace personnel morale, because it gives Coast Guard leadership the ability to establish and track metrics of success for improving cyberspace personnel morale, and reporting progress. However, as we reported, Defense Climate Surveys are not an appropriate tool, because they provide point-in-time data that are not designed to assess unit morale over time. To track progress made on improving morale, it is important to be able to track data over several years, rather than one point in time. The Coast Guard reported that it would work to determine how to assess cyberspace workforce morale to meet the intent of this recommendation. Coast Guard's estimated completion date for this effort is May 31, 2023. We will continue to monitor Coast Guard efforts to implement this recommendation.

See All 6 Recommendations

Full Report

Highlights Page (1 page)

Full Report (40 pages)

GAO Contacts

Heather Macleod

Director

macleodh@gao.gov

(206) 654-5574

David (Dave) Hinchman

Director

HinchmanD@gao.gov

(214) 777-5719

Office of Public Affairs

Chuck Young

Managing Director

youngc1@gao.gov

(202) 512-4800

Topics

Human Capital

Civilian employeesCybersecurityCyberspaceFederal hiringHuman capital managementInformation systemsLabor forceRetention incentivesStaffing levelsWorkforce planning