Vanessa Hallihan and David Cotton say the Joint Regional Security Stacks will give Defense Department leaders a global view of DOD’s networks.

Apr 24 2015

DOD Moves Forward on Joint Regional Security Stacks

As the Joint Information Environment comes together, Joint Regional Security Stacks emerge as a crucial part of the program’s structure.

The Defense Department’s Joint Information Environment is under way, an ambitious multiyear project that, when complete, will dramatically reshape the military’s IT infrastructure.

Each service will no longer run separate networks; instead, each will operate under a unified IT structure. The JIE also calls for DOD to modernize its network and security stacks as well as leverage analytics to determine how applications are faring in the field and make better correlations between cyberattacks and potential operational threats.

“There are many times when an operational attack by an enemy will be preceded by a cyberactivity,” says Gary Blohm, director of the Army’s Architecture Integration Center.

The goal for DOD is to better connect such events to more effectively determine what enemies will do next.

“We’re looking for better situational awareness across the globe,” says David Cotton, deputy CIO for information enterprise in the Defense Department’s CIO Office. “Our modernization effort will give us the visibility so U.S. Cyber Command can have a global view into how the network will be adjusted and tuned.”

Put simply, “We’ll have better tools to catch the cyber bad guys,” says Vanessa Hallihan, the former principal director and deputy CIO for cybersecurity in the DOD CIO’s Office, who retired from federal service in March.

To obtain the single network view and situational awareness the DOD requires, officials are leveraging security capability known as the Joint Regional Security Stacks, which effectively shrinks an attack surface and reduces network vulnerabilities. The tool is a crucial part of the JIE’s development.

Cotton has been charged with coordinating JRSS between the Army, Air Force and the Defense Information Systems Agency.

Stacks Will Improve Security 

Cotton says the stacks will reduce the Defense Department’s worldwide cyber entry points from 900 to about 50. DISA will maintain the 50 JRSS sites, adhering to a standard architecture that includes equipment, software and baseline configurations and security rules, Cotton adds.


The number of 10Gbps Ethernet switches installed at nine Army installations in 2014 to upgrade the Defense Information Systems Network

SOURCE: U.S. Army, Chief Information Office/G-6, “Army, Air Force move data over same network for first time at Joint Base San Antonio,” September 2014

The cyberspace defense and network operations teams across DOD will operate virtual communities of interest on those stacks, tailoring the security rules and configurations to meet their own mission requirements. That will further help cyberops teams raise their security postures as much as possible given specific mission requirements, constraints and priorities.

Lt. Col. Paul Williams, DISA’s chief architect for the Joint Regional Security Stacks and lead for the Air Force JRSS, says the standardized platform will allow easier sharing of new policies and configurations between the JRSS partners. The team will also build in processes to determine best practices and fold them into a shared baseline.

“That combination of technology, mission-oriented innovation and shared operational processes will raise the bar in terms of network defense and mission system performance monitoring and management,” Williams says. “We will also reap the efficiencies of bulk buying power as well as having a single partner perform work such as maintenance and sustainment.”

The Timeline for the JRSS Rollout

The Air Force and Army have worked together with DISA on JRSS since mid-2013.

In September 2014, Joint Base San Antonio became the first of 25 geographic locations to host JRSS equipment for DOD’s unclassified network. That transition included the migration of operational traffic from one Air Force and one Army installation with JBSA to JRSS, establishing an initial operational capability.

Following JBSA’s successful launch, department officials plan to activate new unclassified JRSS sites in Montgomery, Ala., and Oklahoma City. The plan calls for four sites to be activated in fiscal 2015: two in the continental United States and one each in Europe and Southwest Asia. Another 25 JRSS sites will be implemented into the same locations to support the DOD’s classified network. Fifty JRSS sites will be completed through fiscal 2016 — both classified and unclassified sites — with the Combatant Commands, DOD agencies and the Navy and Marine Corps coming by fiscal 2018.

Williams says JBSA represented the Defense Department’s first opportunity to realize partnerships between the Air Force, Army and DISA.

The three organizations collaborated on a number of operational aspects of the project, such as refining the military’s tactics, techniques and procedures (TTPs), as well as more technical challenges.

Lt. Col. Paul Williams
Photo: Drake Sorey

Air Force Lt. Col. Paul Williams says that the Joint Regional Security Stacks will bring unprecedented visibility into defense networks.

JRSS Uses Tested Technology

“In some ways, JRSS isn’t entirely new. There are other organizations out there providing multiclient security, so we’re working with our vendor partners to understand how to operate that way,” Williams says.

Still, as Williams also points out, in other ways JRSS represents a brand-new concept. For example, the DOD will move forward with a multitenant operator workforce based on a single system. The military plans to work out how best to use the role-based access controls in its management systems to keep the Air Force and Army operators from impacting each other, and develop appropriate TTPs that can be used when role-based access controls aren’t available.

“We’re working out the details of some technical migration activities such as converting rules from legacy capabilities to the equipment in the new JRSS stacks,” Williams says. “In some cases, that’s a nontrivial exercise, but the hardest one to do is the first, so we’re armed with templates that will ease future migrations of similar types of JRSS gear.”

DISA's Network Overhaul Is in the Works

For the Army, Air Force and DISA to improve the military’s security stacks, DOD also must improve its network capability. DOD intends to modernize the Defense Information Systems Network as part of the overall project.

Blohm says DISN’s backbone has used Multiprotocol Label Switching capabilities for years, but officials would like to extend the network benefits down to the base, camp, post and station levels. To accomplish that, MPLS will enhance the DOD network through multiservice network consolidation and traffic engineering.

Once the MPLS routers and optical backbone are upgraded, Blohm says the network will run 100 gigabits per second over the backbone, 10Gbps to the post and 1Gbps between the individual buildings.

“We still have some challenges ahead with the tactical last mile, but this will upgrade and solve any networking issues on the back end,” he says.

With upgraded security stacks and networking capabilities, Blohm says the military also will be in a stronger position to deter cyberattacks.

“The cyberspace domain does not have the traditional geographic boundaries that we have in the typical military operational world,” he says. “Our old security architecture had multiple security stacks using different capabilities and configurations — often on the same post — which didn’t allow us to see our own network. JRSS, as part of a single security architecture, breaks that paradigm.”

Cameron Davidson

aaa 1