Marines man a combat operations center during an exercise at Camp Lejeune, N.C. The need to quickly share data over networks while keeping the information secure is a growing challenge for the military. ()
As the U.S. military increasingly relies on data moving through networks, the need for security tools and protocols that are fast, effective and flexible enough to withstand emerging threats grows ever greater. In response, the military and private sector are stepping up their efforts to create and refine technologies and practices that will secure data moving anywhere, all the way out to the tactical edge.
“What continues to be a data-in-motion challenge for the DoD is securely delivering decision support data to the warfighter on the ground, sea and air,” said Peter Tran, senior director of the Advanced Cyber Defense (ACD) practice at RSA, the security division of EMC. “This concept is known as ‘netcentricity’ or ‘netcentric warfare,’ where decision support data can be comprised of ground movement intelligence, weapons system telemetry, and/or command-and-control communications across multiple battle theaters.”
To make such data both more secure and shareable between the military services, industry partners and other government agencies, the military is transitioning to the Joint Information Environment (JIE), an integrated structure that combines multiple existing networks.
“Upon its completion, JIE will enable every user to get onto an approved device, anywhere — at home, at work or on the move —and get the information they need in a secure, reliable fashion,” Tran said.
The JIE features an integrated cyber defense system incorporating a single security architecture (SSA) at its core. Planners envision that once the transition to the JIE is complete — a date that hinges on the availability of increasingly scarce funds — it will improve commanders’ and warfighters’ command-and-control capabilities.
A key benefit of the JIE will be the ability to connect military networks out to the tactical edge, something the Defense Department currently cannot do, Tran said.
HAIPE network security
To secure devices that will be used in situations where classified data has to be transmitted over insecure networks, such as the Internet, military users can turn to a high assurance Internet protocol encryptor, or HAIPE. HAIPE units create a security gateway that uses preplaced keys or Firefly vectors (a National Security Agency key management system based on public key cryptography) between networks that need to send data to each other securely.
HAIPE is compliant with the High Assurance Internet Protocol Interoperability Specification (HAIPIS), a set of standards and requirements created by the NSA to ensure that no matter which vendor’s HAIPE device is protecting a network, it will be able to operate to encrypt and decrypt data correctly with another HAIPE device.
A HAIPE device is placed in a network whose data is to be secured at the point where the network has a connection to an unprotected network, said Jerry Goodwin, vice president of network systems for ViaSat.
“The military sticks by these Type 1 products [devices certified by the NSA for cryptographic security], and they run them across whatever infrastructure they have,” he said. “Pretty much any network that’s IP-based can be secured with these devices.”
HIAPE’s most significant drawback is its size. ViaSat, for example, offers several HAIPE-compliant IP encryptors that weigh about 6.5 pounds.
“It’s pretty good for fixed infrastructure or for a heavy mobile infrastructure where you can afford to host a little bit of equipment to protect your movable operations,” Goodwin said. “It also works for military applications, except for the really light guys that are moving fast and maybe don’t even have vehicles.”
HIAPE devices are becoming smaller, however. ViaSat now offers a pocket-sized encryptor that weighs under 3 pounds.
With DoD increasingly turning to commercial off-the-shelf mobile devices, there’s a need to secure commercial data networks as strongly as their military counterparts.
For COTS mobile devices, data-in-motion security is primarily the responsibility of the wireless carrier.
For example, AT&T, like most major commercial carriers, offers a worldwide service that’s designed to meet the stringent security standards set by DoD. AT&T’s service complies with the Federal Information Security Management Act, FIPS140-2 (a U.S. government computer security standard for accrediting cryptographic modules), and the HSPD-12 identification standard for federal employees and contractors. ■