USAFE networks migrate to Joint Regional Security Stacks

Members of the 26th Network Operations Squadron perform maintenance on an Air Force gateway server Nov. 2, 2017, at Maxwell Air Force Base-Gunter Annex, Alabama. While the migration to the Joint Regional Security Stacks will transition ownership of security architecture from the Air Force to Defense Information Systems Agency, the 26th NOS will retain operational control of traffic flow for Air Force networks. (U.S. Courtesy photo)

Members of the 26th Network Operations Squadron perform maintenance on an Air Force gateway server Nov. 2, 2017, at Maxwell Air Force Base-Gunter Annex, Alabama. While the migration to the Joint Regional Security Stacks will transition ownership of security architecture from the Air Force to Defense Information Systems Agency, the 26th NOS will retain operational control of traffic flow for Air Force networks. (U.S. Courtesy photo)

JOINT BASE SAN ANTONIO-LACKLAND, Texas --

If you’re on a USAFE base today logging on to your government computer, a major change is currently taking place inside your network.

Another milestone was reached on the path to the Joint Information Environment Oct. 10, 2017, as all bases within the U.S. Air Forces in Europe Command began their migration from the Air Force gateways to Joint Regional Security Stacks.

This migration, which will eventually encompass all military installations within USAFE, marks a rough midway point for the complete Air Force transition to JRSS.

The average network user will notice no changes during the migration, a process which will take approximately six weeks.

The JRSS is, according to the Defense Information Services Agency website, a suite of equipment that performs network security functions, such as firewalls, intrusion detection and prevention, virtual routing, and others. The purpose of the JRSS is to provide a secure, reliable system for controlling incoming network traffic across all military services.

Think of it like this: if you’re reading this from a military installation, more than likely you had to pass through a securely gated entrance for access to the base. This is where a defender stopped you and checked your credentials before letting you pass. The Air Force network has gates too, through which all traffic entering the AFNET must pass and be cleared. These gateways comprise the Air Force Intranet Control (AFINC) cyber weapon system, manned and operated by the Sentinels of the 26th Network Operations Squadron.

So why switch from gateways to the JRSS?

There are two primary reasons, explains Colonel Gregory Griffin, JRSS program management office chief at DISA. First, the JRSS will perform a similar function to the AFINC, but with a much richer tool set than currently exists on the AFNET. The second reason is that as the AFNET gateways are approaching their end of life, the funds for tech refresh have been allocated to the transition to the Joint Information Environment instead.

And transition to the JIE the Defense Department must. According to the 2015 DOD Cyber Strategy, building an architecture that transcends individual branches “will enable a robust network defense and shift the focus from protecting service-specific networks and systems to securing the DoD enterprise in a unified manner”.

The JIE will also create unparalleled situational awareness in the cyber domain for defensive cyber operations. “This is the first time you have this many capabilities in one place, to give analysts a much richer understanding of what is going on in the network,” Griffin said. The increased data available will enable cyber operators to find more difficult indicators and warnings, and get after more sophisticated adversaries.

Another benefit is hardware reliability. The JRSS introduces fail-safes that drastically reduce, if not eliminate a potential catastrophic system failure. Under the gateway structure if a system failed it would automatically transition to a backup, and if that also failed the connection would be lost. According to Griffin, with the JRSS “there would need to be six hardware failures in a row for traffic to truly stop.”

More reliability, more secure transmissions, and greater situational awareness translates to mission assurance for the warfighter.

Once complete, the JRSS will be vast in scope. Forty-five Regional Security Stacks will be employed globally to enclose all NIPR and SIPR networks across the Department of Defense. The bulk of the migration is scheduled to be complete by the end of fiscal year 2019.

Other DoD services are also migrating towards the single security architecture, as well as many defensive agencies. The Navy began its first migration to the JRSS in October 2017.

DISA assures this change will not impact the Air Force’s ability to conduct defensive cyber. “DISA only owns the operating level of the stacks,” said Griffin. “We do not control the virtual instances of the stacks, which affects the Air Force traffic.” The job of controlling what traffic enters the AFNET will remain wholly with the 26th NOS.

­Air Force Cyber: Securing and Defending

To the Sentinels of the 26th NOS, the impact of this change is not an invisible adjustment; it’s a radical shift in how they operate.

“AFINC will remain a weapons system, programmatically and operationally,” says Lt. Col. Justin Mokrovich, 26th NOS Commander. “But we will have to make the mental shift to operating in the environment instead of owning it.”

In addition to operating the AFNET boundary, the 26th NOS is also responsible for conducting defensive cyber operations via the AFINC cyber weapon system. They track and address network boundary issues 24/7, 365 days a year to deliver a secure and available cyber environment to the warfighter.

Securing the network is not only an Air Force but a DoD priority. Almost every Air Force operation relies on cyber technology at some point in its execution, which if not secured can create a vulnerability that can be exploited by malicious cyber actors. Securing the network means ensuring communications tools are operative, reliable, and confidential. A compromise can mean providing the enemy with intelligence or introducing doubt as to the validity of information, while a malware leak could shut down systems.

Prior to 2010, the Air Force had more than 100 entry points onto its networks, and each ingress point constituted a potential vulnerability that had to be monitored. When the AFINC weapons system went live in 2013, it consolidated the entry points to 31 gateways while greatly simplifying the command and control for boundaries.

Even with the move to the joint information environment, the Sentinels will still be gainfully employed ensuring cyber security.

 “This is our first foray into relying on a non-Air Force entity to own and maintain our network equipment,” said Maj. Abraham Redoble, 26th NOS Director of Operations. “This is the new normal, and it will bring new capabilities but also new challenges.”

According to Mokrovich, regardless of what platform the Sentinels operate they remain mission-focused, committed to generating cyber effects for the warfighter and, as their motto states: Always On, Always Ready.