But more than a month after the service\u2019s directive, the Pentagon is moving to require troops to conduct cybersecurity training once every three years, according to a recent memo reviewed by the publication and a senior defense official, which would effectively overrule the Army\u2019s move.<\/p>\n
\u201cOur warfighters need to focus on the mission, not administrative overhead,\u201d Aaron Bishop, chief information security officer for the Pentagon, told DefenseScoop in a statement. \u201cThe shift to a three-year training cycle perfectly balances the Department\u2019s security imperatives with our commitment to restoring warfighter readiness.\u201d<\/p>\n
It was unclear why the Army and Defense Department are signaling different frequencies for the training and at what stage the Pentagon\u2019s implementation of the three-year training cycle is in.\u00a0<\/p>\n
When asked, neither Bishop nor an Army spokesperson directly answered questions about whether the two entities coordinated the cybersecurity training reduction given the conflicting cycles. Neither directly confirmed if the Army would adopt the three-year cycle, despite the shift from the higher office of the Pentagon.<\/p>\n
\u201cThe [Department of War Chief Information Officer] sets the standard for cyber training frequency, but the Military Departments own the execution,\u201d Bishop said in response to the coordination question. \u201cWhile we establish the baseline to restore mission focus, the Army manages its own coordination and implementation timeline.\u201d<\/p>\n
He referred DefenseScoop to the Army when asked if the service will adjust to a three-year cycle.<\/p>\n
\u201cThe Army\u2019s approach to cybersecurity and privacy training frequency is governed by current policy and remains responsive to higher-level guidance,\u201d said Maj. Sean Minton, a spokesperson for the Army, in response to questions from the publication.<\/p>\n
He pointed to a line in the February memorandum announcing the Army\u2019s five-year requirement that said the service will \u201cadjust the training frequency as needed based on updates\u201d from the Defense Department or revisions to its policy.<\/p>\n
\u201cAccordingly, the Army will align its training requirements with updated [Office of the Secretary of War] guidance as those policies are finalized and issued,\u201d Minton added. He referred back to the statement when asked again whether the service will adopt the three-year cycle.<\/p>\n
At the center of these changes is the Cyber Awareness Challenge, a mandatory course service members have been taking annually for years, often to jokes over its check-the-box nature and iconic virtual avatars that tested troops on topics such as phishing scams and ID protection.<\/p>\n
Intended to teach troops basic online hygiene and track the military\u2019s compliance with cybersecurity, officials have questioned the efficacy of the course in the face of rapidly changing cyber threats. Some analysts said reducing the frequency of such training at a time when those threats are at a crescendo and placing the responsibility on busy commanders to prepare their formations against them is risky.<\/p>\n
The Pentagon memo reviewed by DefenseScoop said civilian personnel and contractors will continue to complete cybersecurity training annually.<\/p>\n
![\"Drew](\"https:\/\/www.europesays.com\/people\/wp-content\/uploads\/2026\/05\/Drew-Lawrence-headshot.png\")
<\/p>\n