Military aims to collapse networks, maintain security

The military is increasingly seeking ways to maintain the separation between information classification levels and need-to-know communities of interest without maintaining physically separate networks.

The military’s secret, top-secret and nonclassified networks have long been physically separated from one another, meaning that each network’s traffic travels on separate wires to prevent data from leaking from one layer to the next. The physical separation is not absolute — even traffic on the top-secret Joint Worldwide Intelligence Communications System (JWICS) travels via wide-area links and satellite connections operated by the Defense Information Systems Agency. But at that level, hardware-based encryption devices certified by the National Security Agency separate the traffic.

The classified networks operate on separate local-area networks at each location where they are deployed, and other physically separate networks at each classification level often support functions that need to be segregated. That approach means military personnel must keep several computers on their desks, one for each network they need to access.

During coalition operations, different countries often set up their own networks in addition to sharing a network established to support the mission. Similar situations arise when military units participate in disaster response scenarios that involve civilian public safety and humanitarian organizations.

The biggest problem with that approach is its rigidity, even when participants agree on the need to lower some of the barriers. But that mindset is starting to change as the military moves toward achieving its vision for the Global Information Grid, a shared network that is protected by advanced encryption.

Another initiative that seeks to reduce the number of existing networks is the Navy’s Consolidated Afloat Networks and Enterprise Services program. It aims to allow administrative functions and warfighting operations to coexist on the same network to help reduce the cost of network support and administration. Major systems integrators are submitting bids and proposed solutions for the program.

Long-range goal

The physical separation of JWICS, the Secret IP Router Network and the Unclassified but Sensitive IP Router Network will probably continue for some time, but DISA is exploring a variety of techniques for segmenting communities of interest within a classification level by using encryption and virtual or logical, rather than physical separation. The goal is to go beyond standard virtual private network technology and devise something more dynamic and flexible.

James Reilly, DISA’s chief of systems engineering, architecture and plans, said the ultimate goal is for everything to flow through a common network while still keeping data as secure as it needs to be to prevent unauthorized access. “That is a goal, but it’s difficult to achieve,” he said.

To that end, DISA is seeking a way to combine multiple secret networks, such as the command networks of several countries participating in a coalition mission, in a common physical infrastructure. In March 2007, the Defense Department announced that it wants to enhance the Combined Enterprise Regional Information Exchange System architecture. DOD's objective is known as the CENTRIXS Cross Enclave Requirement (CCER).

According to the information-sharing implementation plan DOD published in July 2008, CCER “is currently identified as the first step in converging the physically separated mission partner networks” and will lay the foundation for further layers of secure information sharing.

DISA is working with the Joint Forces Command on the initiative, using a series of Coalition Warrior Interoperability Demonstrations to test proposed technologies.

In last year’s CWID exercise, Unisys was one of several companies recognized as having promising solutions to the CCER challenge — specifically, its Stealth Solution for Network product. In June, Unisys added a complementary Stealth Solution for Storage-Area Networks in an attempt to cover encryption for data at rest and data in motion.

The company’s Stealth approach scrambles messages that travel across the network or stored documents using an encryption key linked to a particular community of interest. Users who log on to the network will be assigned one or more encryption keys according to the communities they are authorized to access. Network administrators can add and remove members.

On one network, there could be separate communities of interest for the Army, Navy, Air Force and Homeland Security Department, but they could all participate in a community formed to respond to a terrorist attack or natural disaster.

Tech tools

The Unisys solution incorporates Security First’s SecureParser technology, which performs byte-level encryption of data and scrambles it in such a way that only a user possessing the right combination of keys can reassemble it.

“We generate unique sets of encryption keys that only exist for the length of time the user is logged on and only for one purpose, which makes it that much harder for someone to deal with the data if they decide to steal it,” said David Gardiner, vice president of product development and technology at Unisys’ Systems and Technology business unit.

Stealth was originally developed for use on local-area networks in response to demands from special operations units, but it could also be used to transmit data across wide-area networks or an otherwise insecure network, such as the Internet, Gardiner said. Military planners have even discussed some scenarios “where, in certain conditions, they may have to use the enemy’s network to do what they need to do,” he said.

The Stealth solution is mostly software-based, although it does include an appliance that stores and issues encryption keys. Gardiner said most of the competing solutions also require encryption hardware to be installed on the client PC.

Yet some of those competing solutions are arguably broader. For example, the General Dynamics entry for CCER — the Hybrid Multi-level Environment — incorporates the company’s High Assurance Platform desktop operating system. In the absence of such a tool, even if data is encrypted while traveling across the network, it could be shared inappropriately once it reaches the desktop environment.

Gardiner said Unisys is exploring partnerships with other vendors, such as Trusted Computer Solutions, to address that concern. The company also is evaluating other hardware and software solutions that can securely isolate applications on a PC from one another. “We’re probably a few years away from seeing that problem solved in a way that makes it easy to deploy,” he added.

Still, he believes that sort of technology could eventually make it possible to eliminate the physical separation between nonclassified and secret — although maybe not top-secret — networks. In the near term, the military will probably limit its explorations to collapsing networks within a classification level, Gardiner said.

Grant Schneider, the Defense Intelligence Agency’s chief information officer, said he believes combining networks at different classification levels is possible but only as a long-term goal.

“If what you mean is that you and I both get a network drop, and when you log on, the network knows you have secret clearance, and when someone else logs on, they get a different clearance — I think we’re a ways from that,” Schneider said.