An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Sept. 19, 2023

DOT&E Director Nickolas Guertin, and Mark Herrera, IDA Technical Advisor to OSD/DOT&E, discuss cyber in the operational test and evaluation community in U.S. Naval Institute’s Proceedings Magazine.

DOT&E Director Nickolas Guertin, and Mark Herrera, IDA Technical Advisor to OSD/DOT&E, discuss cyber in the operational test and evaluation (OT&E) community. They encourage the OT&E community to think more holistically about how our weapons systems will operate and fight together – to include in a cyber-contested environment.

BZ to Lieutenant Commander Meadors. Framing cyber as an operational domain and using time metrics to assess the battlespace has the potential to give commanders insight into their ability to operate in a cyber-contested environment. Temporal measures can also guide capability providers and testers as they work to field systems that can detect, contain, and mitigate cyberattacks on operationally relevant timescales.
The operational test and evaluation (OT&E) community is responsible for providing objective assessments of systems in realistic combat environments. Cyber is an indelible part of that environment, and, as Director, Operational Test and Evaluation (DOT&E), at the Office of the Secretary of Defense (OSD), I expect my team to make sure testing is operationally representative.
Current DOT&E cyber guidance requires the necessary data collection for many of the measures Lieutenant Commander Meadors describes. Operational testers collect timelines for attack detection and response under cyber threat stimuli. OT&E frames cyberattacks in the context of their effects on the mission, rather than a checklist against compliance requirements. Whether through direct measurement or estimation, OT&E aims to link the effects of a cyber compromise to a unit’s ability to conduct its mission (e.g., air defense).
The usefulness of any metric, including the described time metrics, depends on the context in which it is measured. Operational metrics and their data need to reflect real-world conditions. The DOT&E’s “2022 Strategy Update” aims to ensure the T&E environment is as representative as possible, and that T&E improves warfighting capability. A key pillar is “test the way we fight,” which is accomplished using systems employed at the individual platform level operating as part of a system of systems. DOT&E has already had success during underway fleet and joint exercises, in which we can assess the cyber survivability of that system of systems. We encourage the T&E community to think more holistically about how our weapon systems will operate and fight together, including in a cyber-contested environment.
Finally, to accurately analyze cyber engagements on large scales, testers and warfighters will need to deploy automation to log, organize, and fuse data across disparate sources. Armed with data collected under operational conditions, the T&E community can provide operational and acquisition decision-makers with useful and actionable time-based measures of systems’ cyber resiliency.
To be effective on the battlefield, warfighters must be able to operate in a cyber-contested environment—with systems designed to be responsive to the timelines of effects and needed responses such as those that Lieutenant Commander Meadors describes. The first salvo in the next conflict will likely not be kinetic, and the cyber fight will be omnipresent thereafter.

—Hon. Nickolas Guertin, Director, OT&E, OSD, and Dr. Mark Herrera, Institute for Defense Analyses

Link to Guertin/Herrera comments published in U.S. Naval Institute's Proceedings Magazine.

Link to the original USNI article by Commander Tyson Meadors.