Crossing Domains in Cyberspace
Written by Karen E. Thuermer
MIT 2011 Volume: 15 Issue: 6 (July)
When the full story of the May 2011 U.S. action against Osama bin Laden is written, an important element in the successful outcome will clearly be the timely sharing of information, no doubt at times between networks at different levels of security classification.
Since the outset of the global struggle against terrorism and particularly at the recent critical juncture, these environments are no longer just an interconnection bridge between two large networks, but dynamic threads of high throughput and low latency information flows among diverse and changing communities of interest.
Helping to connect these flows are cross domain solutions (CDS), the secure “dot connector” technology that provides the ability to manually or automatically access or transfer between two or more differing security domains.
To oversee the specific CDS needs in the Department of Defense and intelligence community, the Unified Cross Domain Management Office (UCDMO) has, since 2006, provided centralized coordination and oversight of all cross domain initiatives across DoD and the IC. Today, all defense and intelligence cross domain efforts fall under the jurisdiction of the UCDMO.
The mission has not been easy. Some of the biggest issues and challenges facing the UCDMO and cross domain solutions in general surround how to evolve solutions designed in the 1990s for information sharing between stovepipes to 21st century enterprise and mission information sharing environments.
The theme of UCDMO’s annual conference, being held in Chicago in August, offers a good overview of the challenges facing the field in the cyberspace era: “Keeping Pace with Cyber—A Cross Domain Perspective.”
“It is no longer feasible for information system architectures to include a different solution for every protocol or every type of content,” remarked Shawn Campbell, director of government solutions at SafeNet, a CDS provider. “Cross domain solutions must have the technical capabilities to support information sharing needs regardless of protocol or content type, yet maintain the high degree of assurance that are the foundation for these solutions.”
In addition, enterprise and mission stakeholders now must actively manage many diverse and changing information flows.
“Users must view the health and status of the end-to-end flows, as well as the ability to reach out through command and control mechanisms to adjust policies and flows to meet rapidly changing mission needs across broad spectrums of cross domain solutions,” Campbell added. “As stakeholders become more aware of how new CDS technologies and capabilities can be an integral part of their cyber-enterprise, new challenges will have to be addressed by both stakeholders and the cross domain community.”
To guide the integration of cross domain transfer and access technology toward the use of common resources, aligned with the Global Information Grid and emerging Enterprise Service architectures, UCDMO has come up with 15 accredited and certified cross domain solutions in what it calls its “Baseline List of Solutions Available for Re-Use.”
This UCDMO baseline is a validated products list of cross domain technologies and solutions that are available to agencies in DoD and the IC.
The Defense Information Systems Agency (DISA) is also active in the cross domain arena. The agency recently awarded Solers a cross domain solutions planning, program management, and development and integration support contract, to assist DISA with all aspects of implementing enterprise cross domain solutions that will be used across DoD.
The contract contains two major components: cross domain program management/customer support and cross domain development/integration. The first component is responsible for assisting new customers with cross domain information sharing needs to navigate the challenging process of assembling, deploying and accrediting new cross domain information flows. The development/ integration component is responsible for designing and developing next-generation cross domain solutions that reduce the time from concept development to a fully accredited and deployed solution.
The CDS contract should generate approximately $27 million in revenue for Solers over five years. Solers’ teammates include Concurrent Technologies Corp. and Tresys Technology.
Baseline List
Developers and providers of CDS are consulting the UCDMO’s baseline list to incorporate approved solutions to meet the needs of their customers. Cubic Cyber Solutions, for example, has designed form-fit-function replacements for sunset solutions at customers’ request and is designing enterprise solutions that are currently under review for listing.
“All are focused on high speed solutions and everyday needs such as email, printing and database replication,” commented Keith Filzen, chief technology officer for Cubic Cyber Solutions. “We have developed highly sophisticated cross domain solutions that are simple to manage and meet general purpose to very advanced requirements such as enterprise one-way printing or Sharepoint replication.”
According to Filzen, what sets his company’s product apart from other CDS offerings is its simplicity, speed and small form factor (1U and 2U).
The company frequently updates its product. “Security related updates are offered in near real-time. General maintenance releases are offered on a quarterly basis,” Filzen revealed.
Cubic Cyber maintains its system with a 24/7 support team and has locations around the world. Rockwell Collins, meanwhile, consults the baseline list to incorporate approved solutions when they meet the needs of its customers.
“We are also working with our government customers to sponsor our CDS, Turnstile and MicroTurnstile onto the UCDMO baseline,” stated Nancy Schroeder, principal program manager, Rockwell Collins.
Turnstile provides a one-box solution to provide automated mediation between Top Secret and Unclassified networks. Through the Tactical Army Cross Domain Information Security program, Rockwell Collins is leading the way to develop a soldier-wearable cross domain solution, MicroTurnstile.
“Today, a squad leader has to remain in visual contact with his squad members to be assured of their exact location,” she explained. “With MicroTurnstile, the squad leader will know the exact location of his squad members with just a glance at his classified computer display.”
What makes Rockwell Collins’ CDS product unique, Schroeder said, is the company’s in-depth understanding of customer needs. “This allows us to innovate solutions to address the CDS needs of size, weight and power-constrained environments,” she said.
“Turnstile has been evaluated to the highest assurance levels. It’s ideal for customers who need the highest assurance that their data will be handled correctly,” she continued, adding that MicroTurnstile is the smallest bi-directional CDS.
The result of its extensive customer relationships, Rockwell Collins is continually evaluating the customer needs in the development of its CDS product roadmap.
Information Flows
Meanwhile, SafeNet has expanded its data and information protection product lines to include a cross domain transfer system called the Multi-Domain eXchange (MDeX) System.
Within the UCDMO baseline categories, the MDeX System is a cross domain transfer system with three components: MDeX Transfer System (MTS), which is the security core of the MDeX System as it adjudicates all information flows through the application of XACML-based security policies and the application of content filtering obligations; Security Domain Intermediary, which is the edge interface between the MTS and the information sharing environments; and the Remote Management Station, the element manager for all MTS instances.
“SafeNet’s overall product portfolio also includes multi-domain tokens that can store multiple personalities from a number of security domains,” Campbell added.
MDeX is “an accredited solution that is under review by the UCDMO for inclusion as the first Java Message Service and File exchange baseline solution,” Campbell said. What sets MDeX apart, he continued, is that it addresses three primary challenges for customers of CDS: dynamic information flow changes, enterprise awareness of information flows, and certification and accreditation timelines.
An important aspect of the MDeX System also addresses a key gap in existing cross domain solutions by including an element manager for all MDeX System instantiations. “This provides enterprise and mission management services views of all their cross domain information flows,” he said.
SafeNet has an advantage over other CDS providers, Campbell maintained, since it is not bound to 1990s technologies and capabilities. “The company has created a highly adaptable yet controlled modernized information flow engine that plugs in to existing information sharing environments and allows for the plugging- in of various content filter engines to address the multitudes of diverse content types,” he explained.
To keep up to date, SafeNet targets three or four minor and one major software releases per year. “We have a team of experienced post sales support engineers and a toll-free support number with 24/7 response,” Campbell added.
As one of the few commercially developed CDS, SafeNet provides support directly to customers, not through an organization program management office.
“We train our customers’ existing service providers to enable them to provide tier one through three support to MDeX System instantiations in their enterprise,” Campbell said. “MDeX System operators are not required to be cross domain or trusted operating system subject matter experts, but generally only need experience with data flows and associated configuration information.”
Raytheon Trusted Computer Solutions (RTCS) markets five products that fit the CDS category. RTCS has one product in the UCDMO Access category, Trusted Thin Client (TTC). TTC gives a user who requires access to multiple classified networks at different classification levels the ability to do their job from one thin client device, monitor, mouse and keyboard at the desktop.
“There is one wire to a backend server on which the TTC software resides and provides network separation between every network to which the user has access,” described RTCS Chief Operating Officer Ed Hammersla. “This eliminates redundant hardware, extraneous cabling, reduces power and cooling, streamlines administration, consolidates workspace, and provides greater user productivity and substantial cost savings.”
RTCS also has four transfer, or guard, solutions. Its Trusted Gateway System is a multi-directional guard that is typically used for moving data between secure networks at different classification levels.
“Virus scan, content inspection, dirty-word search, and two-person reliable human review all enable secure and audited transfers,” he said. “RTCS’ High Speed Guard is also multi-directional, but is typically used in cases where large quantities of data are being transferred or streamed in the case of video. It has proven the fastest transfer rates in the industry today.”
RTCS’ WebShield is another transfer mechanism that enables secure browse-down from a high side network to a lower network. Its SimShield is a fixed-format data guard that is primarily used in the training and simulation market. Hammersla added that RTCS is the only commercial CDS vendor that solely focuses on the development and marketing of this technology.
“The company has been building, delivering and implementing cross domain solutions to DoD and intelligence community customers for the past 16 years,” he said. “Other vendors who offer CDS do so as part of their overall product and services strategy. It is all that RTCS does and it is why we are the market leader.”
Trusted Environment
General Dynamics C4 Systems has built, integrated and/or deployed nine of the CDS technologies on the current UCDMO approved baseline. This includes two products developed by General Dynamics: Trusted Virtual Environment (TVE) v1.0.2, which allows users to simultaneously view and access multiple security levels, operating systems and domains from a single computer, thereby eliminating the need for multiple computers; and Trusted Network Environment (TNE) v10, which offers a suite of software applications.
TVE provides cost savings associated with IT equipment, network infrastructure, labor, space, weight and power improvement, and operational and environmental efficiencies.
“TVE is unique because of the way ‘trusted computing,’ combined with commercial virtualization capability from VMWare, was designed into its operation as a multi-domain access solution,” reported Chris Daly, director of business development for cybersecurity, General Dynamics C4 Systems.
“Specifically, General Dynamics incorporated a hardware root of trust, along with implementing standard trusted networking and instrumentation protocols from the Trusted Computing Group, to enable trusted multi-domain access with network access control. This powerful combination provides a great degree of precision and awareness about whom and what is accessing your systems and what is their current ‘trust’ state,” Daly said.
TNE also has many unique properties, since it is a proven capability with many installations over an increasing customer base.
“It is also constantly evolving through the addition of new functions and data types while also maintaining a modern multilevel operating system foundation for support,” Daly added. “Key features to TNE’s tools are that they are flexible and scalable enough to allow rapid inclusion of new communities on the fly without compromising the security or integrity of the data.”
TNE’s enterprise security manager can also broker information exchange between users in different security domains. It provides access to a multilevel environment via thick or thin clients or straight from a web browser on an ordinary PC to fit information distribution requirements. TNE offers a range of options to accommodate size, weight and power requirements.
For the TVE product, General Dynamics plans one major feature-rich release each year. The first line of support for TVE customers is the General Dynamics 24/7 help desk. That help desk team is supported by tiers of resources to which issues can be escalated when needed. In addition, close relationships with key suppliers enable General Dynamics to call upon companies like VMWare, Dell and HP to assist in any issue that may be related to one of their software or hardware components within the TVE solution set.
For the TNE product, General Dynamics plans one major feature-rich release each year. Additionally, minor changes and service packs can be released as necessary during the year.
Also on the UCDMO Baseline List is Owl Computing Technologies’ Owl 4.0 low-to-high file transfer product, which responds to the UCDMO strategy of a product that is reusable for many requirements.
“Owl has a wide variety of solutions that all utilize the key components of the Owl 4.0 on the UCDMO CD baseline list that can satisfy virtually all cross domain operational and security requirements,” said Ron Mraz, Owl Computing president and chief technology officer. “These products include smaller form factors and ruggedized units to support forward deployed missions.”
What sets Owl’s product apart from other offerings, Mraz said, is the fact that the company designs, builds and ships CDS products—not open-ended projects—adhering to client use and administration requirements. “Owl provides the full life cycle support sought by most customers for these rather complex security deployments,” he said.
For its cross domain solutions, Owl integrates its own Dual- Diode technology with COTS products to deliver a solution faster than others.
“Owl acts as a single point of contact for the CDS throughout its life cycle and incorporates features that satisfy all CDS data confidentially, integrity and availability elements,” Mraz added. “Owl provides all the documentation and certification testing guidance required for CDS accreditation and operational deployment.”
Cybersecurity Focus
CDS technology continues to face numerous challenges, particularly in the lead time required for certification and accreditation. But General Dynamics’ experience with multiple system evaluators, certification and accreditation authorities, and approval bodies has been that they increase efficiencies and decrease the cost, Daly reported.
“Another challenge is meeting customer needs for different form factors and applications such as the tactical environment, cloud computing and streaming data, and improved user interface and management capabilities of CDS,” Daly added.
From Mraz’s perspective, the major limitations afflicting most cross domain solutions today are the high cost to deploy, operate and maintain a system, as well as the slow rates of data transfer, inflexibility to permit the transfer of new data types, limits on the files sizes, and significant latency for streaming data transfer.
“The Owl CDS, utilizing its proprietary Dual- Diode Technology and integration of highly reliable and approved COTS third party products, resolves all these issues and more,” Mraz maintained.
The two biggest issues Rockwell Collins customers face today are access to cross domain capabilities to support the warfighter in all environments, including tactical and enterprise, and the access to CDS that can bridge Top Secret and Unclassified networks, Schroeder said.
“Rockwell Collins has focused our efforts to address these needs and is leading the industry in both areas,” she said. Cubic Cyber’s Filzen points to speed as the most important issue for CDS.
“As sensors and network technologies advance, cross domain solutions typically cannot scale and become the bottleneck,” he said. “That’s where we have excelled. We are focusing on overcoming many of the policy and technological hurdles as well.” One growing issue concerns how CDS is responding to internal and external cyber-attacks and the new government emphasis on cybersecurity.
“Where there was previously somewhat limited accessibility to cross domain solution interfaces from each network, most cross domain solutions’ interfaces are now more exposed as the number of communities sharing those networks are increasing each day, week and month,” Campbell said. “For information flows where those communities’ consumers and producers require direct access to CDS, there is a greater need to protect the exposed interfaces.”
Campbell contends that the cross domain solution market space must come up with new ideas as to how to better integrate with the communities in order to control those exposed interfaces. “At SafeNet we have been working to constrain the exposure of CDS by providing interfaces that directly bind with consumer and producer technologies, thus minimizing overall exposure to network threats,” he said.
Daly sees the need to quickly detect and react to cyber-events and the ability to quickly share threat and incident information as two critical, cyber-related operational capabilities that are driving changes to CDS.
“As the traditional defensive perimeter dissolves, all access endpoints must be instrumented to detect and react to cyber-attacks—including cross domain or multi-domain access solutions,” Daly said. “Rapid yet controlled collaboration among multiple cross domain entities is also essential to enable quick and decisive reaction to threats and incidents.”
General Dynamics is developing and offering cross domain solutions that address these cybersecurity needs, he said. TVE, for example, enables quick detection and reaction capability as part of its “trusted instrumentation” approach.
“This approach allows customers to operate endpoints in multidomains with high confidence that their endpoints are protected at all times,” he said.
Rockwell Collins has found that customers are experiencing a renewed emphasis on the level of trust in CDS.
“In order to accredit a CDS in a system, designated approval authorities are turning a more critical eye to how securely the CDS operates,” Schroeder remarked. “We also are seeing greater interest from non-DoD federal agencies in using CDS to protect their data.”
Virtual Appliances
As for where CDS technology may be heading in the next five years or so, Daly sees three major architectural directions. First, multi-domain access solutions will migrate to new form factors such as smartphones, tablets and thin clients. “This change will also be accompanied by the migration of trusted computing technology to these platforms,” he said.
Second, transfer solutions will become much more specialized and will be delivered in the form of virtual appliances. “This change will be enabled by improved performance of the APIs of virtualization approaches (hypervisors), the introduction of mandatory access controls in the hypervisors, and improvements in the ability to remotely provision and manage these virtual transfer appliances,” he reported.
Third, multilevel solutions will become important for cross-domain sharing in cloud environments. “This will be enabled by increased use of data tagging, ontologies, cryptographic services and use of semantic classification tools,” Daly concluded.
Going forward, Campbell believes that the next generation of cross domain solutions will need to reside within virtualized computing environments, and thus will need to be hosted by trusted hypervisors.
“Currently, assurance confidence requires binding between trusted operating systems and network device drivers,” he said. “When virtual machines, networks and IP multiplexing mature to higher degrees of assurance, we will begin to see a transition to those configurations by cross domain solutions.”
Over the next five years, executives at Rockwell Collins see a transition from federated CDS to CDS architectures composed of modular components.
“This modular approach will enable CDS to be deployed on various form factors to address a wide range of environments, including tactical, ground benign and airborne,” Schroeder said.
Among future trends, Mraz of Owl Computing sees enterprise CDS services providing CDS functionality to a disparate community of subscribers and system miniaturization and ruggedizing pushing CDS function to the military tactical edge. In addition, if the much talked about shift from network-centric to data-centric security occurs, the content management/ data integrity element of CDSs will expand to include privileged user accessibility as well today’s data filtering techniques.
“The biggest influence will be the information assurance community’s acknowledgement that realistic risk assessment of a CDS in deployment is what planners must strive for, rather than ‘pristine’ security,” Mraz concluded. “In particular, this applies to the secure transfer of streaming data types.” ♦
