Halvorsen: JRSS tests reveal solid backbone
Acting DOD CIO Terry Halvorsen said initial tests of the Joint Regional Security Stacks revealed sound plans for the program's architecture, but that some fine-tuning and better education of those operating JRSS will be needed.
Acting Defense Department CIO Terry Halvorsen
Defense Department testing of a communications backbone for an ambitious DOD-wide single enterprise IT platform has revealed a sound architecture, acting CIO Terry Halvorsen told reporters Dec. 5, but also a greater need for education of the operating force.
That backbone is the Joint Regional Security Stacks, a collection of servers, switches and software tools intended to give DOD network operators better visibility into the vast traffic on those networks. By capturing that traffic and funneling it to the cloud for analysis, the stacks can help network operators rapidly set policy responses – opening certain ports or blocking a given IP address. The stacks will also come with improved sensors to speed response time when a threat is spotted, Halvorsen said.
The JRSS will not mean fewer cyber threats to DOD networks but, ideally, better responses to those threats.
When up and running, the JRSS will reduce the "access points to our network," Halvorsen said on a conference call. "It gives us a more limited number of control points, which immediately limits your physical footprint, which is a good thing."
The acting DOD CIO called the JRSS the "cornerstone" of a broader and more abstract project: the Joint Information Environment, which aims for a single enterprise IT platform for the entire Defense Department. JIE is a project that Halvorsen said may never really end, whereas the JRSS has milestones for progress.
Halvorsen said that no live network traffic has passed through the JRSS, which is still in the testing phase. He said the stacks will start going live in early fiscal 2016 and by the end of that fiscal year will be delivering much of their expected capabilities on DOD networks globally.
One of the testing areas for the JRSS has been Joint Base San Antonio, a sprawling complex that includes two Air Force installations and an Army medical center. Testing there "revealed that we had the capacity size right [but] we needed to do some fine tuning of the software sets and tools," Halvorsen said. The plan for connecting the JRSS architecture is "sound," though "we probably have to do a little more education to the operating force," he said, declining to elaborate on what that education would entail.
In a separate interview with FCW, Richard Breakiron, who was program director for the JRSS at the Defense Information Systems Agency from January through May, said tests at Joint Base San Antonio showed big improvements in usable bandwidth and better response times to threats.
Teams trained by the National Security Agency have also tested the JRSS infrastructure for resiliency by attacking it, and the stacks proved effective in defense, said Breakiron, who is now senior director of cyber solutions at Vion, an IT infrastructure firm.
The ability of the stacks to turn DOD networks into digestible forensics will be one of the biggest payoffs of the JRSS, he said.
"Forensics not only gives you the chance to look at the long-term attacks and potential vectors from an enemy, but it also allows you to start understanding your insider threat better as well," Breakiron said.
The former DISA official said the JRSS were gaining momentum with Halvorsen at the helm because the acting CIO understands that the road to the JIE runs through the JRSS. Halvorsen and his deputy, David DeVries, track the stacks' progress on a weekly basis, Breakiron added.