Halvorsen 'concerned' by status of JRSS software

Defense Department Chief Information Officer Terry Halvorsen says he is “concerned” with the software component of the Joint Regional Security Stacks, adding that an answer to the problem might lie in Silicon Valley.

While the Pentagon’s top IT official is satisfied with the hardware and command and control aspects of the JRSS, “the piece I’m most concerned with is the software piece,” said Halvorsen, who was speaking June 16 at an AFCEA conference in Baltimore.

The JRSS are a collection of servers, switches and software tools meant to give DOD network operators a clearer view of network traffic. Halvorsen has called the project a “cornerstone” of a larger department-wide initiative known as the Joint Information Environment, which seeks to standardize and consolidate IT networks for better security.

“Software really is the key piece that starts driving the success of JRSS,” in that it allows for visibility in the stacks and for predictive analytics to gauge cyber threats, Halvorsen said. The DOD CIO did not elaborate during his remarks on what exactly concerns him about the JRSS software, and he could not be reached afterward for comment. But he did say that he would continue to focus on the issue, and that his trip to Silicon Valley in April may have provided some inspiration for doing so.

In Silicon Valley, Halvorsen said, he saw some “interesting security capabilities” displayed by vendors that “I think could make us rethink a little bit what we think we can deliver in the first phases of the JRSS software.” Whether or not those capabilities could be replicated on the scale required by the Pentagon is an open question, he added.

The DOD CIO’s speech to technology vendors and military personnel also included an appeal to deploy software patches more quickly. He suggested that the Pentagon could open up its “cyber range” to test patches in a bid to deploy them faster. The problem is acute, according to David Stickley, a services executive at the Defense Information Systems Agency, who has said software vendors that provide security patches and the defense programs in need of them are often on different timelines, creating a dangerous waiting game.

Halvorsen also declared war on passwords. “We have to kill passwords,” he said to scattered applause, adding that biometric data might be one substitute for traditional passwords. “I don’t know what the answer is, but passwords isn’t the answer.”