The Department of Defense’s (DOD) office of the director of operational test and evaluation office and the Defense Information Systems Agency (DISA) carried out a cyber event in Feb. 2020 to assess the cybersecurity posture of the Secret Internet Protocol Router Network (SIPRNET) Joint Regional Security Stack (JRSS) and two other SIPRNET joint systems and reported poor cybersecurity findings after conducting the event.
The DOD testing office recommended that the department’s components and chief information officer “continue developing more effective cybersecurity alternatives to JRSS, such as the ongoing pilot work by the Services on implementing Zero Trust architectures and increased focus on developing and maintaining a skilled and trained defensive cyber work force,” the fiscal 2020 report reads.
Other recommendations are forgoing S-JRSS operations if the zero trust architecture proves feasible; prioritizing system usability, training and operator proficiency over meeting migration schedule deadlines; and producing an operational requirements document to improve NIPRNET-JRSS defense against nation state actors.
DISA and DOD components should verify JRSS operator competency and training to use and configure JRSS prior to new user migrations, according to the report.
