Despite hitches, DISA continues JIE rollout
A key assessment has been delayed until the end of the year, as the agency measures JRSS's ability to counter threat vectors.
Despite delays, the Defense Information Systems Agency is moving forward on implementation of the Joint Information Environment, a secure and interoperable cloud environment housing secret and unclassified information for all of the military services, other DOD components and coalition partners. JIE has been described by DISA as the “largest restructuring of information technology (IT) management in the history of the DOD.”
But such a large transition has not gone without hiccups. Recently, the annual report to Congress by the Defense Department’s office of Operational Test & Evaluation (OT&E), disclosed that a lab-based computer network defense exercise for JRSS Phase 2 that was initially scheduled for mid-October of 2015 was delayed, instead being moved to November and December of 2016.
The JRSS, which will shrink the attack surface of DOD networks by reducing the number of access points, will allow information crossing DOD networks to be continuously monitored. The JRSS is not just “a couple of boxes that we centrally located. Instead, we’ll be deploying some 25 suites for each network,” Tony Montemarano, executive deputy director of the Defense Information Systems Agency explained at a January breakfast hosted by AFCEA. “Those 25 suites of infrastructures will be centrally controlled and situated, and remotely protect the parameters of the various base camps and stations. That is absolutely huge. If you’re in the cyber business, that is an absolutely huge undertaking we had in the Department of Defense.”
At the same breakfast, Alfred Rivera, director of DISA’s development and business center, described efforts focused on, among other things, “defining and refining what JRSS 1.5 and 2.0 are going to look like.”
DISA said the delayed exercise was to determine the effectiveness of JRSS to detect and/or protect against simulated threat vectors, as well as to identify gaps in defensive cyber operation for mitigation.
The DOT&E report indicated that it is working with DISA and the Joint Interoperability Test Command to plan an operational assessment of the JIE in late fiscal 2016. DISA said this assessment will focus on the interoperability and utilization of JRSS by an established Enterprise Operations Center.
The first EOC was set up in 2013 in Germany. “The JIE EOC serves as the single entry point and primary executor for DOD Information Network (DODIN) operations, as well as defensive cyber operations, in designated areas of support,” DISA said. “End-state services provided by the EOCs will include providing support to core data centers and assuming operational missions from other EOCs in a failover capacity. Eventually, EOCs will provide computer network defense capabilities for DOD enterprise entities regardless of service affiliation.”
The EOC will provide combatant commanders with situational awareness of DODIN global operations as well as defensive cyber operations within their area of responsibility.
Additionally, the National Security Agency is poised to conduct a deep-dive assessment in fiscal 2016 into the JIE, although spokespeople within the NSA and the Office of the Secretary of Defense declined to add context. “The DOD regularly examines the cybersecurity of its information environment,” a spokesperson from OSD told Defense Systems. “Details regarding the Fiscal 2016 National Security Agency deep-dive cybersecurity assessment of JIE are classified.”