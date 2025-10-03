Department of Defense memo outlines a reduction on cybersecurity training frequency

This is despite cyberattacks increasingly hitting military and infrastructure targets

May signal increase in AI or automated system usage in the future

A newly circulated memo from the US Government's Department of War (otherwise known as the Department of Defense) has actioned the relaxing of cybersecurity training, despite cracking down on shaving waivers and physical appearance.

"The Department of War is committed to enabling our warfighters to focus on their core mission of fighting and winning our Nation's wars without distraction," the memo confirms. "Mandatory Department training will be directly linked to warfighting or otherwise be consolidated, reduced in frequency, or eliminated."

The memo also calls for military departments to ‘automate information management systems to eliminate training requirements,’ as well as reducing the frequency of Controlled Unclassified Information (CUI) training.

Training reduction

The US Secretary of War Pete Hegseth argued when personnel are not training on the mission, the military is less prepared for preventing war in future - a possibly short-sighted view considering the US Air Force is currently investigating a data breach thought to have been carried out by Chinese threat actors.

Alongside the relaxation of training requirements, the Privacy Act Training is set to be removed from the Common Military Training list - which is perhaps not surprising given Hegseth’s rather colorful record with privacy rules.

The move is also a change in direction from just a few weeks prior, when the DoD issued a strict new set of cybersecurity rules for potential contractors. These new regulations introduced three different compliance levels dependent on the sensitivity of the data they handle, and firms vying for contracts must be compliant in order to be selected.

Cyberattacks and intrusions are perhaps more prolific than ever, with more and more of our daily lives becoming digital.

Critical infrastructure sustained 13 attacks per second in 2023, and that number is only rising - and with human error still the primary intrusion point in the vast majority of cases, reducing cybersecurity training for anyone with links to national security is an incredibly risky move by the Defense Secretary.

