What began a year ago as an Army-Air Force partnership to consolidate those two services’ Internet connections into a shared cybersecurity infrastructure will become a DoD-wide project within a few years.
In what could become one of the first concrete deliverables in DoD’s Joint Information Environment, everyone’s on board now — at least in principle — with the idea of Joint Regional Security Stacks. The Navy and Marine Corps have agreed to migrate their security infrastructure into JRSS, and all the services have agreed on the basic technical and policy questions.
But the maritime services said there are still some serious issues to be resolved about the business aspects of the brave new experiment in joint IT, including who pays for what, and when.
Navy and Marine Corps officials said they’re as enthusiastic about the benefits of JRSS as anyone else — including the ability of U.S. Cyber Command to keep watch over a single network infrastructure rather than trying to monitor thousands of one-off network enclaves, and the reduction of DoD’s overall attack surface from hundreds of access points down to just 11 in the continental U.S.
“But the business model aspect of this is still a big question,” Victor Gavin, the Navy’s program executive officer for enterprise information systems, said in an interview. “And it begins with where each of the services’ networks are. With NMCI, the Navy made a significant investment over the last decade to consolidate and secure its networks. That’s what the Army and the Air Force are doing today. JRSS is a very good thing, but I think there’s some real concern on the Navy’s part about how we gain these joint capabilities while also maintaining some level of independence in how we conduct the business. I think that is the ultimate debate that is going on today.”
The Navy and Marine Corps have committed to moving to JRSS by 2017, but the other services would like them to move faster and to start putting money into the system sooner. The sea services are somewhat resistant to that, arguing that they’ve already made major investments into a security infrastructure that’s substantially equivalent to the one the Army and Air Force are still building.
“We did an analysis with DoD folks and my folks on our security stacks, comparing them to what a JRSS stack provides. Ours are cheaper — a lot cheaper,” Brig. Gen. Kevin Nally, the Marine Corps’ CIO told me at an AFCEA conference Friday. “We don’t necessarily have the 20 GB capacity of JRSS, but we have nine stacks deployed on [unclassified networks] and nine on [secret networks]. And we know they work every day, because we use them every day.”
Nally said he’s received assurances from DoD CIO Terry Halvorsen that the Marine Corps won’t be on the hook for any JRSS funding until 2017. By then, DoD officials plan to have deployed a 2.0 version of JRSS. The Navy and Marine Corps plan to skip the 1.5 version that’s in planning right now.
“We will go to version 2.0 in 2017 if it meets our capabilities and capacities, and the biggest piece is the security aspect of this,” Nally said. “I’m not going to take the locks off the doors.”
This post is part of Jared Serbu’s Inside the DoD Reporter’s Notebook feature. Read more from this edition of Jared’s Notebook.