美参议院对国防信息系统局网络安全系统提出质疑(英文)

2020-06-30 智邦网

编译 致远

据c4isrnet2020年6月29日报道,6月23日,美参议院军委会在《2021财年国防授权法》法案中禁止国防部在秘密网络上投资部署有争议的网络安全计划。阻止国防部动用2021财政资金开发“联合区域安全协议”(JRSS)计划,用于“秘密互联协议路由网”。

 JRSS由国防信息系统局运营,为国防部许多部门提供网络安全服务,包括入侵检测和预防、企业管理和虚拟路由。

但 JRSS计划的有效性一直备受质疑,2018年,国防部主要武器试验机构建议关闭该程序。相关试验也发现几个操作与技术问题。

目前,参众两院军委会均打算控制该计划。

参议院法案授权削减 JRSS1160万美元预算,众议院法案削减幅度更大。

The Senate has questions about DISA’s network security system

A Senate committee’s version of the annual defense policy bill would ban the Department of Defense from spending money to deploy a controversial cybersecurity program on its secret network.

The Senate Armed Services Committee’s version of the National Defense Authorization Act for fiscal year 2021, released June 23, would preclude the department from spending fiscal 2021 funds on the Joint Regional Security Stacks (JRSS) program for use on its Secret Internet Protocol Router Network. JRSS, run by the Defense Information Systems Agency provides cybersecurity services for many DoD components through intrusion detection and prevention, enterprise management, and virtual routing. DISA is tasked with operating and maintaining DoD networks,

But the JRSS program has a checkered history for being effective. In 2018, the Defense Department’s chief weapons tester suggested that the program be shut down. Other tests have also found several operational and technical troubles. Now defense committees in both legislative chambers are trying to rein in the program.

The Senate bill authorizes cuts of about $11.6 million from the JRSS, including $11.1 million in JRSS procurement funds for SIPRNet and about $500,000 in research, development, testing and evaluation. The House bill authorizes deeper cuts, slashing procurement dollars from $88 million to $8 million and research and development funds to zero from $9 million.

Because of the continued challenges plaguing the program “the committee believes that the deployment of JRSS on the Secret Internet Protocol Router Network is thus inappropriate, given JRSS’ limited cybersecurity capability and the existence of alternative capabilities to execute its network functions,” the Senate committee wrote in a report accompanying the bill.

As Congress questions the efficacy of the program, it also wants answers. Under the legislation, the Secretary of Defense would have to answers the following questions by Dec. 1, 2021.

  1. Is the Department of Defense Information Network properly designed to achieve JRSS’ intended network middle tier security and network functions?
  2. Is the JRSS hardware and software stack technologically obsolete?
  3. If JRSS were to be properly manned with proficiently trained personnel, can it perform the security functions it was intended to provide within affordable manning and training resources?
  4. What are the required security functions that can be measured and subjected to operational testing?
  5. Is the collection of cybersecurity related data and metadata enabled at JRSS nodes being consumed by other cybersecurity systems — for example, the Big Data Platform and Security Information and Event Management capabilities?
  6. Is JRSS performing its network management functions well, and should the security functions of JRSS be terminated in favor of other solutions and investments?

If the DoD finds that JRSS should move forward, it must develop a plan to transition it to a program of record by October 2021.

The fiscal 2019 report from the Pentagon’s Office of the Director of Operational Test and Evaluation recommended that the DoD chief information officer refrain from migrating more users to JRSS until “the system demonstrates that it is capable of helping network defenders to detect and respond to operationally realistic cyber‑attacks.”


相关信息

五角大楼任命新的首席数据官(英文)

英国防部启动“天网”卫星通信系统下一阶段研制(英文)

美网络司令部建立“联合特遣部队战区”反恐网络战平台(英文)

美陆军开始向部队交付地面情报电子战网络作战系统(英文)

雷神公司获价值3700万美元DARPA“黑杰克”传感器研制合同(英文)

美驻欧洲陆军部队接收新型电子战装备(英文)

DARPA启动“适应跨域杀伤网络” 计划 提供战场系统解决方案(英文)

美国VITA技术公司Ray Alderman:无人战机(UCAV)与作战网络(英文)