After some initial resistance from the Navy, a top Defense Information Systems Agency official said the service is scheduled to begin migration to the Joint Regional Security Stacks in the fall.
Col. Brian Lyttle, DISA's cyber program executive officer, said during an AFCEA NOVA panel discussion April 21 that there are a few capabilities to prototype for the Navy before they being migrating to the protections afforded by JRSS.
The Navy has always maintained that they were committed to the DoD wide JRSS effort to consolidate and shrink endpoints, which increases network security and provides unprecedented situational awareness of the network, but on their own terms.
"The challenges really amount to what JRSS is really intended to do versus what the Navy already has in place," Capt. Michael Abreu, program manager for the Next Generation Enterprise Network, or NGEN said Jan. 25 during a media round table.
Over the last few years, the Navy has had technical issues with JRSS, mostly around the fact that they have consolidated their network and have a security stack that works for them, Victor Gavin, then-Navy
program executive officer for enterprise information systems, told an audience of mostly defense contractors in Charleston, South Carolina, in December
. The other service do not possess this, he said, noting that in their defense they clearly had a need for some capability.
"At its current state, the capability is somewhat less than what we have today," Gavin said of the current DoD and DISA effort to move to JRSS and shrink endpoints. He mirrored what Abreu said more recently, noting that the Navy is on board with the effort as a whole – but when the technical aspect is equal or greater than the capabilities the Navy has today, which is projected for 2018.
Gavin said the Navy sees the advantages of joint-level security, but it’s a matter of when they can have an environment that serves all the customers at the same rate and higher level of security.
JRSS "is still my number one initiative…because it’s going to give, provide visibility in the network all the way down to base, camp and station. We don’t have that today," DISA’s cyber lead John Hickey said in March. Cyber Command can’t get that and that’s why it’s key, he added.
He called JRSS migration a phased approach. With this phased approach, the Army first began migrating and nowhas 23 regional JRSS locations; 291 base, post camp and station installations; and 45 Army organizations moved to JRSS, with nine stacks passing traffic.
The Air Force is also starting the move, according to Lyttle, but as outlined by Col. Robert Cole, the director of Air Forces Cyber Forward, they are awaiting installation and certification of overseas stacks for migration.
With the migration will have to come training on the new systems. "We’ve got a lot of people that are coming on board from the Air Force as well as the Army, the Navy and the Marine Corps in the next fiscal year," Hickey said. "So the focus is how can we train that force on the multiple capabilities within there and how can we do it in more of a scenario based example – that’s where Cyber Command is pushing us in that area."
While DISA sustains and maintains the stacks for the services, the services manage their portions of the stacks, Lyttle told C4ISRNET. "Moving out and controlling and protecting the individual enclaves at the base, posts, camps and stations…the services are responsible."
He also said that the cyber protection teams retained by the services within their service cyber components have a role to play in protecting and managing JRSS stacks, but this is defined by the Joint Force Headquarters-DoD Information Networks, the operational defensive arm of Cyber Command with its own set of cyber protection teams charged with global protection of military networks.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.
