The Army and Air Force have taken a major step toward building a shared cybersecurity architecture for their military bases. The first installation is up and running under the joint security construct. Several more installations are expected to follow suit over the next few months.
The new security plan, centered on a new system of Joint Regional Security Stacks (JRSS), reached initial operating capability Sunday at Joint Base San Antonio (formerly known as Fort Sam Houston and Lackland Air Force Base).
Those neighboring Army and Air Force installations are now managed administratively as one joint base. But until recently, there wasn’t much jointness in the way the two services operated their IT networks.
Similar to all of the other services’ installations, the Army and Air Force have been operating their own cybersecurity architectures at a local level — in this case, two of them. Under the JRSS construct, the Army, the Air Force and, eventually, the Navy will hand off most of their base-level cybersecurity functions to 11 regional, jointly-operated facilities.
Along with the security change, the two services are upgrading their network infrastructure at San Antonio this week with new technologies, including multiprotocol label switching routers (MPLS). It has more than doubled the base’s network capacity.
“It’s a pretty big milestone,” Mike Krieger, the Army’s deputy chief information officer told an AFCEA audience in Arlington, Virginia, on Monday. “And I think what you’ll see now is a rapid deployment of the capacity increases and the regional security stacks because we’ve got a whole bunch of installations lined up and ready to map over to the security stacks. In the next couple months, a massive part of the bases in the southwest will double their capacity and go onto joint security stacks. This is a good thing.”
More bandwidth needed
DoD officials have said they plan to finish the rollout of JRSS in the southwestern U.S. by the end of 2014. The Defense Information Systems Agency, which will have the lead role in running the new security centers, says it has conducted some preliminary work to begin building the remainder of the 11 JRSS sites around the world, using experiences from San Antonio to inform the process going forward.
But managing security from a more centralized perspective also requires bigger data pipes between the new security centers and the military bases they’ll eventually serve.
“We’ve set up other JRSS locations around the globe. They’re prepositioned and ready to go. We just need to get the bandwidth upgrades in place so we can activate the next one,” said Maj. Gen. Alan Lynn, DISA’s vice director. “In 2015, we’re looking at southwest Asia and [the rest of the continental United States.]”
A center in Germany also is expected to come online by the end of 2015.
While DISA will take on the lead management role at the JRSS sites, the military services are funding the security stacks. The Army has used some of its overseas contingency operations funding to pay for the JRSS facility in southwest Asia. It already has money on contract to build about half of the centers it wants to build next year in the continental United States.
Doug Wiltsie, the Army’s program executive officer for enterprise information systems, said the rest of the near-term rollout plan for JRSS depends mostly on how much IT funding the Army and Air Force have available during the next fiscal year.
“And as money frees up, we’ll follow into Europe,” Wiltsie said. “Korea will follow probably within a year to 18 months. The thing that’s going to dictate the speed of this is money, more than anything. We’re going to continue our business strategy for this, using bulk buys, and we’ve got enough to pay for 2 1/2 of the five regions in the [continental United States] right now.”
Joint approach saves time, money
While DISA prepositions the centralized JRSS centers, the Army and Air Force also have begun the necessary legwork to prepare the networks on their military bases for an eventual transition away from locally-managed security and toward the joint construct via a system of joint management teams, said Brig. Gen. John Morrison, the commander of the Army’s Network Enterprise Technology Command.
Many of the Army’s bases already were long overdue for upgrades to their local networks, but the joint management approach that’s surrounded the move to JRSS and MPLS has saved both time and money, Morrison said.
“It’s changed the way we’ve been procuring technologies for the installation. Now they’re bulk buys, and we’re using our own manpower to do the engineering and labor. It’s allowing us to move much faster than we ever have before.” he said. “For example, at Fort Bragg, we’ve been trying to modernize that infrastructure for the better part of 10 years. At San Antonio, what was scheduled to take a couple years got done in a few months. We’ve completed Fort Bliss. We’re almost done with Fort Sill and Fort Stewart. So we will be able to rapidly turn those installations on and put them behind the JRSS in short order over the next several months. We’re also doing it at reduced cost. About 5,000 contractor man hours were saved in San Antonio because we’re using our own organic manpower.”
The move to JRSS and more network capacity started as an effort by the Army and Air Force to cut costs and improve their security, but it’s since earned the Pentagon’s blessing and been incorporated into the larger effort to move all of the military’s networks into an eventual Joint Information Environment.
And because of that, the Navy now is involved too. The Army and DISA designed version 1.0 of the JRSS to accommodate the Army’s transition to a centrally- managed security architecture.
“But when we brought the Air Force into the partnership, we discovered — what a shock — that they do security at different levels of the architecture than the Army does,” Krieger said. “So we ended up coming with JRSS 1.5, which is going to apply to everything we do after San Antonio, and we’ll have to catch San Antonio up. In a couple weeks, we’re going to work on JRSS 2.0, which will work on capturing the differences that the Navy and Marine Corps do that the Army and Air Force don’t do, and that will represent when the Navy will actually join. We expect that to happen in about 2017. When we hit 2.0, that really is the DoD version of JRSS.”