DoD watchdog wants to pause JRSS because of cyber risk
Dave Mihelcic, former CTO of the Defense Information Systems Agency and consultant at DMMI, details issues with the Joint Regional Security Stacks Program and ways to fix them.
The Pentagon’s Joint Regional Security Stacks program suffers from several problems. According to the Office of Operational Test and Evaluation at the Defense Department, the stacks are vulnerable to cyberattacks, and DoD should stop deploying them until the issues can be resolved. Dave Mihelcic, former CTO of the Defense Information Systems Agency and consultant at DMMI, says that some of the problems with JRSS can be chalked up to the platform’s age.
“Sadly, JRSS has a long history. It started in 2012 with the Army. The Army chose to take a design that had been implemented in the Pentagon that was even older,” Mihelcic told Government Matters. “The architecture itself is somewhat dated and it is a collection of products from multiple vendors that are loosely integrated. Those two factors… are really what brings us these problems today.”
The watchdog found more problems as well. There’s a lack of consistent personnel training for JRSS, and trouble managing data within the stacks. Mihelcic says that the best way to deal with these issues is to have people dedicated to fixing them, and create a new foundation to build the program on.
“In the short term, you’re going to have to put more people against the problem. In the longer term, revisiting that architecture, and picking the architecture and products that are not as manpower intensive,” Mihelcic said. “One of the problems that JRSS has is that it’s a collection of 30 plus components from 30 different vendors. It is like an F-35, a part made in every state. Because of that, there’s difficulty in managing the stacks and the cyber-digesters getting the information out of those disparate tools. They need to focus on integrated solutions that share data with open standards.”