Communications Security R&D

Abstract

The Information Systems Security Program (ISSP) Research Development Test & Evaluation (RDTE) program provides Information Assurance (IA) solutions for the Navy forward deployed, highly mobile information subscriber. FORCEnet relies upon an assured information infrastructure, and the ISSP RDT&E program architects, engineers, and provides the level of robustness consistent with risks faced. The ISSP addresses engineering design, development, modeling, test, and evaluation for the unique IA challenges associated with the highly mobile, dispersed, bandwidth limited, and forward-tactical connected US Navy communications systems. ISSP RDT&E works closely with the Navy's Information Operations - Exploit (signals intelligence) and Information Operations - Attack (information warfare) communities. ISSP RDT&E developed systems dynamically change the Navy's current information assurance posture, based upon operational indications and warnings. To ensure interoperability, ISSP RDT&E integrates fully with the FORCEnet and maritime cryptologic architectures. ISSP RDT&E developed systems can provide the trigger for offensive warfare activities. This project includes a rapidly evolving design and application engineering effort to modernize national security-grade (Type-1) cryptographic equipment and ancillaries with state-of-the-art replacements in order to counter evolving and increasingly sophisticated threats. Communication Security (COMSEC) and Transmission Security evolution is from stand-alone dedicated devices to embedded modules incorporating National Security Agency approved cryptographic engines, loaded with the certified algorithms and key, and interconnected via industry-defined interfaces. This includes the DoD Global Information Grid capability requirements document for the development of Content Based Encryption continuing through FY2011. In addition to protecting National Security information, ISSP RDT&E must provide enterprise-wide assurance for statutorily protected information under the Privacy Act of 1974, Computer Matching and Privacy Protection Act of 1988, Medical Records Confidentiality Act of 1995, Model State Public Health Privacy Act, 45 Code of Federal Regulation (CFR) subtitle A sub-chapter C, parts 160- 164, 1999, and the Federal Education Records Privacy Act. ISSP RDT&E efforts must also provide assurance to the broad spectrum of Sensitive-but-Unclassified (SBU) information such as financial, personnel, contractor proprietary, and procurement sensitive. The ISSP today includes more than legacy COMSEC and network security technology. IA or defensive information operations exist to counter a wide variety of threats. ISSP activities cover all telecommunications systems, and RDT&E projects must provide protection, detection, and reaction capabilities to the operational commander. ISSP RDT&E provides dynamic risk managed IA solutions to the Navy information infrastructure, not just security devices placed within a network. Few technology areas change as fast as telecommunications and computers, and IA must keep pace. This results in the continuing need to evaluate, develop, and/or test IA products and approaches. Technology-based efforts include developing or applying: (1) new secure voice prototypes; (2) technology for a new family of programmable COMSEC and transmission security modules; (3) security appliances and software for switched and routed networks; (4) technology to interconnect networks of dissimilar classification, known as cross domain solutions; (5) techniques for assuring code and data residing in and transiting the Navy's computing base and information store; and (6) Public Key Infrastructure (PKI) and associated access control technologies (such as smart cards and similar security tokens). The resulting expertise applies to a wide variety of Navy development programs that integrate IA technology. Unlike traditional single-product development programs, the ISSP RDT&E holds a unique Navy-enterprise responsibility. The ISSP Research Development Test & Evaluation (RDTE) efforts conclude with certified and accredited systems. This requires (1) assured separation of information levels and user communities, including coalition partners; (2) assurance of the telecommunications infrastructure; (3) assurance of joint user enclaves; (4) assurance of the computing base and information store; and, (5) supporting assurance technologies, including PKI and directories. To ensure interoperability and commercial standards compliance, these efforts often encompass the research, selective evaluation, integration, and test of commercial-off-the-shelf/non-developmental item IA security products. For example, evaluation may include defensible network boundary capabilities such as firewalls, secure routers and switches, guards, virtual private networks, and network intrusion prevention systems. The current operating environment has virtually eliminated the traditional distinction between telecommunications and information systems. Because IA is a cradle-to-grave enterprise-wide discipline, this program applies the technology and methodology to systems in development, production and operation, and develops the infrastructure needed to support and evaluate the security of deployed systems. The following describes several major ISSP technology areas: The Navy Secure Voice program assesses technology to provide high grade, secure tactical and strategic voice connectivity. The Cryptographic Modernization Program provides high assurance and other cryptographic technologies protecting information and telecommunication systems. The Security Management Infrastructure program develops, evaluates, and applies new emerging technology and enhanced capabilities to the Electronic Key Management System/Key Management Infrastructure and other Navy information systems. Additional efforts will focus on the architecture, design, and development of systems to manage the security parameters (i.e., cryptographic keys) necessary to the operation of the systems developed by the secure data and secure voice portions of the ISSP. This includes the application of PKI and Certificate Management Infrastructure technology, and the development of improved techniques for key and certificate management to support emerging, embedded cryptographic technology. The Secure Data program focus on architectures, designing, acquiring, demonstrating and integrating the IA technologies into FORCEnet and the Navy Marine Corps Intranet (NMCI). This portion of the ISSP supports delivery of network security engineering expertise needed to support the NMCI, overseas networks, and the Integrated Shipboard Network Systems, along with constituent systems such as Automated Digital Network System, Global Command and Control System - Maritime. These efforts continue to transition to an open architecture in support of the Consolidated Afloat Networks and Enterprise Services Common Computing Environment (CCE) and Afloat Core Services (ACS). It includes activities to: * Ensure that Navy telecommunications and networks follow a consistent architecture and are protected against denial of service. * Ensure that all data within Navy Enterprise is protected in accordance with its classification and mission criticality, as required by law. * Provide the ability to protect from, react to, and restore operations after an intrusion or other catastrophic event. * Support the Navy Computer Network Defense (CND) Service Provider Enabler by providing IA response to information operation conditions. * Defend against the unauthorized modification or disclosure of data sent outside enclave boundaries. * Provide a risk-managed means of selectively allowing essential information to flow across the enclave boundary. * Provide strong authentication of users sending or receiving information from outside their enclave. * Defend against the unauthorized use of a host or application, particularly operating systems. * Maintain configuration management of all hosts to track all patches and system configuration changes. * Ensure adequate defenses against subversive acts of trusted people and systems, both internal and external. * Transition to CCE. * Transition to ACS. * Provide a cryptographic (Crypto) infrastructure that supports key, privilege and certificate management; and that enables positive identification of individuals utilizing network services. * Provide an intrusion detection, reporting, analysis, assessment, and response infrastructure that enables rapid detection and reaction to intrusions and other anomalous events, and that enables operational situation awareness. FY 11 Highlights for ISSP and Computer Network Defense: CND - Continue to develop and integrate CND capabilities in support of CCE and ACS. Continue the development of User Defined Operational Pictures to enhance Security Information Manager tools with adaptive reactive-defense capabilities, improve incident correlation and situation awareness reporting. Crypto and Crypto Modernization (CM) - Continue development for the Link 22 Modernized Link Level COMSEC, Link 16 CM, Integrated Broadcast Service Multi-Mission Advanced Tactical Terminal, and Cooperative Engagement Capability. Continue Secure Voice (SV) RDTE&E efforts such as Small Business Innovative Research (SBIR) oversight, and research into SV emerging technologies and related technical products, and support to Air Force, lead for VINSON/Advanced Narrowband Digital Voice Terminal Cryptographic Modernization program. Key Management Infrastructure (KMI) - Provide technical support to National Security Agency for operational assessment, Initial Operational Testing and Evaluation and Full Rate Production decision for KMI. PKI - Research and develop tools to support Device Certificates. Design and develop PKI expansion to support Global Information Grid identity management and protection requirements onto the Secret Internet Protocol Router Network (SIPRNet). IA Services (formerly IA Architecture) - Continue to provide security systems engineering support for the development of DoD and Navy IA architectures and the transition of new technologies to address Navy IA challenges. Provide IA risk analysis and recommended risk mitigation strategies for Navy networks and C4I systems.

Document Details

Document Type

Project

Publication Date

Oct 01, 2011

Source ID

0734_0303140N_7_1319_PB_2011

Tags

Related Documents

• Root: Information Sys Security Program
• Child Accomplishment: Computer Network Defense (CND)
• Child Accomplishment: Crypto/Crypto Modernization
• Child Accomplishment: Secure Voice
• Child Accomplishment: Key Management Infrastructure (KMI/EKMS/PKI)
• Child Accomplishment: Key Management Infrastructure (KMI)
• Child Accomplishment: Public Key Infrastructure (PKI)
• Child Accomplishment: Electronic Key Management System (EKMS)
• Child Accomplishment: Information Assurance (IA) Services (formerly IA Architecture)
• Child Accomplishment: Software and Systems Research
• Child Accomplishment: Acquisition Workforce Fund
• Child Cost Item: 23164832169b774951cc26693c0ae81a
• Child Cost Item: a45d905a04965c75d37ed659433ae8ae
• Child Cost Item: 0cffb27f7a0751a6dd35c274cdedd3d7
• Child Cost Item: b2f9988de3c726e298b68563d434a1da
• Child Cost Item: ce0fad682f2d6acec28afee96a1d4df9
• Child Cost Item: 33188a4274ba2e8c6b3cfaa3d0de563b
• Child Cost Item: bac8859284e5aa9e401ccde56ccd4163
• Child Cost Item: a1868238b8252230d17db8b87f56e28b
• Child Cost Item: a9a5daf67ae5572156e996d591bf539a
• Child Cost Item: 456eb57d92e210c9b56200ad4bdb8250
• Child Cost Item: 501366dbd5dd0fecafece92a36f3b057
• Child Cost Item: fdd29b96b936c5b273ca4e374685ca41
• Child Cost Item: 78aeea94ed8cdf9424278fa34e2ecea7
• Child Cost Item: bdf3a344211fccbf552e54ead371059f
• Child Cost Item: e8fec89f97f85662c5d86f804c6e5a30
• Child Cost Item: 6303607333b10454237fbc87e03302a6
• Child Cost Item: 4cf1530be8d8b3658b73804ba5611ddf
• Child Cost Item: dcc952021ba248bfb1bf91d26c837627
• Child Cost Item: 250d087b27b884bca5e6d5378347e75f
• Child Cost Item: b122068395f1b24f07487b8bbcb024b7