The Pentagon is slowing down the rollout of its its Joint Regional Security Stacks (JRSS) network protection capability as underlying issues with the ‘large, complex’ system continue to cause problems with operational applications, according to Army and Defense Information System Agency officials.
Vice Adm. Nancy Norton, director of DISA, told reporters at a Wednesday AFCEA conference that the JRSS program is undergoing a “rescheduling and re-phasing” until officials can fix configurations with legacy architecture that is causing latency concerns.
“We’re recognizing that, in some cases, the networks themselves have configurations or architectural designs that just are not optimized to work behind the robust security stack capability for JRSS,” Norton said. “We are focusing our efforts to make sure that all those critical aspects of those networks can be resolved and not have any operational impact as we move forward with migrating and continuing to go down that path.”
JRSS was developed by DISA and the services as an improved method for deploying physical security stacks to operational locations that would provide increased firewall security from cyber attacks against the network.
A January report from DoD’s office of the Director, Operational Test and Evaluation (DOT&E) warned that the JRSS program was lagging and persistent flaws remained in deployed capabilities ability to defend against cyber attacks (Defense Daily, Jan. 26).
Maj. Gen. John Morrison, commanding general of the Army’s Cyber Center of Excellence which has lead the JRSS effort, confirmed that the service provided by JRSS is not up to par and ongoing challenges remain.
“There are concerns, that as we add users behind the architecture, about the quality of service,” Morrison said during a keynote address at the AFCEA Defensive Cyber Operations Symposium in Baltimore. “Whether we take that formal strategic pause or not, I am not sure yet.”
Deploying JRSS faced difficulties once DISA officials realized that an original approach to use JRSS on any existing architecture left systems running slow.
“We’re not losing data. It’s not that it’s not working. It’s just latency. It’s really a function of it’s not performing as quickly as applications need it to or users are expecting it to be based on what their performance was before moving to JRSS,” David Bennett, DISA director operations, told reporters.
Norton said the program will continue to be re-examined so all service networks can work with the system without causing any negative operational impact.
“We’ve been on a path for implementing, installing and migrating JRSS that has been definitely aggressive. What we found in operation is that a ‘come-as-you-are’ approach isn’t working in all cases equally well,” Norton said.
Col. Greg Griffin, DISA’s JRSS portfolio manager, said service architectures will have to be “tuned” so applications are more flexible for support on JRSS.
“There are certain applications that we found that are much more susceptible to that increased latency,” Griffin said.
Norton said moving forward DISA will prioritize governance issues with JRSS and fixing training to ensure warfighters are able best operate the "large, complex" JRSS without issue.
“JRSS is critical to our ability to defend the DoDIN in a much more robust and consistent way across the department,” Norton said.