The push by the Pentagon to move to the Joint Information Environment (JIE) continues, with the early-stage emphasis on implementing Joint Regional Security Stacks (JRSS) to handle cybersecurity for all military network traffic, including both classified and unclassified information.
David Cotton, the Defense Department’s (DoD) Deputy CIO for Information Enterprise, told an industry gathering last month that live traffic is being cut over to the JRSS network as it’s being fielded, and there is a very deliberate plan in place to move all the network traffic of bases, posts, camps, and stations through JRSS by the end of the fourth quarter of fiscal year 2019 (i.e., before October 2018). Army installations are moving over now, with Air Force sites scheduled next, followed by the Navy and Marine Corps, then the Coast Guard.
As JRSS is implemented, DoD states it will reduce the number of attack surfaces – that is, points of vulnerability – from about a thousand to just 50 or so, Cotton said.
But another aspect of improving cybersecurity is implementing cybersecurity discipline, he said. There is now a “cybersecurity scorecard, a common way to grade” network hygiene and user behavior. Cotton said that DoD users should consider falling for phishing schemes comparable to “inappropriate, or negligent, discharge of your weapon.” It’s as much about the military culture as it is about the technology, he said.
The JIE end state will likely include a mix of public, private, and community cloud services, with different features, assurance levels, and costs. This will provide DoD organizations with options to meet their particular mission needs, delivered as enterprise services, Cotton said. DoD is evaluating different cloud adoption models – off-premise commercial clouds, public/private partnerships such as on-premise commercial clouds, and DoD-provided cloud services, for example. “It’s not going to be one or the other,” he said. And why should it be? “The Fortune 50 is just as varied in their approach to cloud.”
But implementing JIE is a harder goal than implementing JRSS, he cautioned. “We’re still having discussions with military departments whether an organization could provide an enterprise data center of its own that also provides service to others,” he said. “It’s probably acceptable as long as they’re providing the same level of reliability, redundancy and security required of a JIE core data center.”
Another aspect of the JIE will be developing the “Mission Partner Environment” (MPE), for working with allies around the world. The intent is to have an MPE information system, with a gateway in the Joint Information Environment so that DoD and its mission partners can share information. MPE information sharing capabilities could also be used to support humanitarian and disaster relief operations globally and domestically.
Cotton said the MPE will have such functions as chat, voice, Email with attachments, geo-situation awareness, video, file sharing, access control, and office automation, among others. The Pentagon is working with NATO partners on federated mission networking, looking at the parallels and overlaps in architecture between their IT networks and functions.
No new funding is expected for JIE in the near to intermediate term, fiscal years 2017-2021, he said. Instead, as IT services are realigned, money allocated for tech refresh will be used in line with the JIE architecture.
Want to learn more about how manage data to meet the requirements of the JIE? Click here.