US Cyber Command still lacks dedicated operational test and evaluation for its weapons platform, Pentagon asserts

The Pentagon’s chief weapons tester assessed U.S. Cyber Command’s capability portfolio concept does not have a dedicated operational test and evaluation planned or resourced, potentially limiting future capability integration.

“The Joint Cyber Warfighting Architecture (JCWA) concept continues to mature; however, no dedicated JCWA-level operational test and evaluation (OT&E) is currently planned or resourced, despite aggressive efforts to field critical components of the architecture. This will limit the Department’s ability to understand the impact of current and future capability integration on JCWA’s operational effectiveness, suitability, or survivability,” the fiscal 2022 annual report from the Office of the Director, Operational Test and Evaluation states.

Created in 2019 by Cybercom Commander Gen. Paul Nakasone, this architecture was designed to get a better handle on the capabilities, platforms and programs the command is designing and set priorities for DOD and the industry partners who are building them.

As initially laid out, it included four main programs: the Persistent Cyber Training Environment for conducting training and mission rehearsal; Unified Platform — considered the centerpiece where data is ingested, analyzed and shared; Joint Cyber Command and Control to command cyber forces and the larger cyber environment; and the Joint Common Access Platform for executing offensive operations. It also included a category for tools and sensors. Officials have noted that this is meant to be an agile framework that will evolve over time, likening it to a military cyber warfighting platform through which cyber warriors conduct their missions and analysis, similar to how soldiers leverage tanks and pilots rely on airplanes to carry out their missions.

Despite acquisition authorities, the services, on behalf of Cybercom — which sets the requirements and standards — procure these systems as executive agents.

Last year’s report noted that a lack of governance has led to an ad-hoc alignment of T&E efforts for the JCWA systems that could result in fielding capabilities without demonstrating or understanding their contribution to JCWA operational effectiveness, suitability or survivability.

“USCYBERCOM has not designated an Operational Test Agency to define and develop metrics needed to conduct integrated JCWA‑level OT&E. T&E strategies and processes are maturing, but not fast enough to support initial delivery of capability and features,” last year’s report stated, in line with other similar government watchdog reports asserting that Cybercom has not developed an outcome-based metric to support assessments of programs and staffing issues for acquisitions.

A Cybercom spokesperson explained to DefenseScoop that the command is taking steps to address items DOT&E identified.

Cybercom had previously created two offices within JCWA for better oversight on requirements and integration: the JCWA integration office – which focused on lower-level tactical aspects, such as how the individual service program offices worked together – and the JCWA capability management office – which worked for the deputy commander, drove system requirements and looked at the strategic vision and concepts needed for integration and what the big picture architecture must look like holistically.

In fiscal 2022, the command consolidated those offices in keeping with its focus on enhancing speed, agility and unity of effort across the enterprise as well as optimizing staff, the spokesperson said, adding the merger of efforts has streamlined and optimized the staff driving JCWA integration.

“The resulting entity from the merge continues to lack the authority and resources to effectively manage critical JCWA-level activities. Each program has its own release and deployment schedules, and there are no validated JCWA level mission thread requirements or plans for an integrated JCWA level operational test,” DOT&E’s report stated.

Cybercom, for its part, said it will be receiving additional funding to put toward an integration office for interoperability and testing.

“Currently, CYBERCOM JCWA programs are conducting specific program-focused testing. The command is starting to receive specific funding dedicated to resourcing the combined JCWA Integration Office. As a result of the additional funding, CYBERCOM can enable the Joint Interoperability Test Command to serve as the JCWA Operational Test Authority,” the spokesperson said. “Once JITC is on board, CYBERCOM will continue to work with DOT&E, Service Cyber Components, JCWA program management offices, and other stakeholders to determine when a JCWA-level OT&E event can appropriately be scheduled.”

Moreover, the command stated that enhanced budget controls and procurement authorities have better positioned it to improve coordination, resource management and acquisition requirements. It is further aligning efforts to inform better processes linked and integrated with JCWA requirements.

DOT&E listed four recommendations Cybercom should take. They include immediately resourcing and empowering the Joint Interoperability Test Command to plan, conduct and assess integrated, JCWA-level OT&E; requiring OT&E to inform the JCWA value assessments; establishing a cadence of testing for dedicated OT&E in fiscal 23 to understand how the capability afforded by JCWA is evolving over time and to ensure it is an effective, suitable, and survivable enabler of cyber operations; and, defining and resourcing the test infrastructure required to successfully support JCWA integration, as well as T&E.