Communications Security R&D

Abstract

The Information Systems Security Program (ISSP) Research Development Test & Evaluation (RDTE) program provides Information Assurance (IA) solutions for the Navy forward deployed, highly mobile information subscriber. FORCEnet relies upon an assured information infrastructure, and the ISSP RDT&E program architects, engineers, and provides the level of robustness consistent with risks faced. The ISSP addresses engineering design, development, modeling, test, and evaluation for the unique IA challenges associated with the highly mobile, dispersed, bandwidth limited, and forward-tactical connected US Navy communications systems. ISSP RDT&E works closely with the Navy's Information Operations - Exploit (signals intelligence) and Information Operations - Attack (information warfare) communities. ISSP RDT&E developed systems dynamically change the Navy's current information assurance posture, based upon operational indications and warnings. To ensure interoperability, ISSP RDT&E integrates fully with the FORCEnet and maritime cryptologic architectures. ISSP RDT&E developed systems can provide the trigger for offensive warfare activities. This project includes a rapidly evolving design and application engineering effort to modernize national security-grade (Type-1) cryptographic equipment and ancillaries with state-of-the-art replacements in order to counter evolving and increasingly sophisticated threats. Communication Security (COMSEC) and Transmission Security (TRANSEC) evolution is from stand-alone dedicated devices to embedded modules incorporating NSA approved cryptographic engines, loaded with the certified algorithms and key, and interconnected via industry-defined interfaces. This includes the DoD Global Information Grid (GIG) capability requirements document for the development of Content Based Encryption continuing through FY2011. In addition to protecting national security information, ISSP RDT&E must provide enterprise-wide assurance for statutorily protected information under the Privacy Act of 1974, Computer Matching and Privacy Protection Act of 1988, Medical Records Confidentiality Act of 1995, Model State Public Health Privacy Act, 45 Code of Federal Regulation subtitle A sub-chapter C, parts 160- 164, 1999, and the Federal Education Records Privacy Act. ISSP RDT&E efforts must also provide assurance to the broad spectrum of Sensitive-but-Unclassified information such as financial, personnel, contractor proprietary, and procurement sensitive. The ISSP today includes more than legacy COMSEC and network security technology. IA or defensive information operations exist to counter a wide variety of threats. ISSP activities cover all telecommunications systems, and RDT&E projects must provide protection, detection, and reaction capabilities to the operational commander. ISSP RDT&E provides dynamic risk managed IA solutions to the Navy information infrastructure, not just security devices placed within a network. Few technology areas change as fast as telecommunications and computers, and IA must keep pace. This results in the continuing need to evaluate, develop, and/or test IA products and approaches. Technology-based efforts include developing or applying: (1) new secure voice prototypes; (2) technology for a new family of programmable COMSEC and TRANSEC modules; (3) security appliances and software for switched and routed networks; (4) technology to interconnect networks of dissimilar classification, known as Cross Domain Solutions; (5) techniques for assuring code and data residing in and transiting the Navy's computing base and information store; and (6) Public Key Infrastructure (PKI) and associated access control technologies (such as SmartCards and similar security tokens); (7) Electronic Key Management System devices (Simple Key Loaders, COMSEC Material Work Stations (CMWS)) and Key Management Infrastructure equipment (Client Management (MGC)/Advanced Key Processor (AKP) MGC/AKPs, High Assurance Protocol Equipment) and Next Generation devices. The resulting expertise applies to a wide variety of Navy development programs that integrate IA technology. Unlike traditional single-product development programs, the ISSP RDT&E holds a unique Navy-enterprise responsibility. The RDT&E efforts conclude with certified and accredited systems. This requires (1) assured separation of information levels and user communities, including coalition partners; (2) assurance of the telecommunications infrastructure; (3) assurance of joint user enclaves; (4) assurance of the computing base and information store; and, (5) supporting assurance technologies, including PKI and directories. To ensure interoperability and commercial standards compliance, these efforts often encompass the research, selective evaluation, integration, and test of commercial-off-the-shelf/non-developmental item IA security products. For example, evaluation may include defensible network boundary capabilities such as firewalls, secure routers and switches, guards, virtual private networks, and network intrusion prevention systems. The current operating environment has virtually eliminated the traditional distinction between telecommunications and information systems. Because IA is a cradle-to-grave enterprise-wide discipline, this program applies the technology and methodology to systems in development, production and operation, and develops the infrastructure needed to support and evaluate the security of deployed systems. The following describes several major ISSP technology areas: The Navy Secure Voice program assesses technology to provide high grade, secure tactical and strategic voice connectivity. The Cryptographic Modernization program provides high assurance and other cryptographic technologies protecting information and telecommunication systems. The Security Management Infrastructure (SMI) program develops, evaluates, and applies new emerging technology and enhanced capabilities to the Electronic Key Management System/Key Management Infrastructure and other Navy information systems. Additional efforts will focus on the architecture, design, and development of systems to manage the security parameters (i.e., cryptographic keys) necessary to the operation of the systems developed by the secure data and secure voice portions of the ISSP. This includes the application of PKI and Certificate Management Infrastructure technology, and the development of improved techniques for key and certificate management to support emerging, embedded cryptographic technology. The Secure Data program focus on architectures, designing, acquiring, demonstrating and integrating the IA technologies into FORCEnet and the Navy Marine Corps Intranet (NMCI). This portion of the ISSP supports delivery of network security engineering expertise needed to support the NMCI, overseas networks, and the Integrated Shipboard Network Systems, along with constituent systems such as Automated Digital Network System, Global Command and Control System - Maritime. These efforts continue to transition to an open architecture in support of the Consolidated Afloat Networks and Enterprise Services Common Computing Environment (CCE) and Afloat Core Services (ACS). It includes activities to: * Ensure that Navy telecommunications and networks follow a consistent architecture and are protected against denial of service. * Ensure that all data within Navy Enterprise is protected in accordance with its classification and mission criticality, as required by law. * Provide the ability to protect from, react to, and restore operations after an intrusion or other catastrophic event. * Support the Navy CND service provider enabler by providing IA response to information operation conditions. * Defend against the unauthorized modification or disclosure of data sent outside enclave boundaries. * Provide a risk-managed means of selectively allowing essential information to flow across the enclave boundary. * Provide strong authentication of users sending or receiving information from outside their enclave. * Defend against the unauthorized use of a host or application, particularly operating systems. * Maintain configuration management of all hosts to track all patches and system configuration changes. * Ensure adequate defenses against subversive acts of trusted people and systems, both internal and external. * Transition to CCE. * Transition to ACS. * Provide a cryptographic (Crypto) infrastructure that supports key, privilege and certificate management; and that enables positive identification of individuals utilizing network services. * Provide an intrusion detection, reporting, analysis, assessment, and response infrastructure that enables rapid detection and reaction to intrusions and other anomalous events, and that enables operational situation awareness. Maritime Operations Center (MOC) networks will operate and share information with multiple partners and in varying circumstances. The MOCs will receive incremental tools toward maintaining a proactive automated autonomous information environment NETOPS Common Operational Picture (COP) set of tools to support Command and Control (C2) of the Communications Systems (CS) through the ability to analyze and determine optimal method of dominating C2 cyberspace operations. This includes CYBER Surveillance, bandwidth monitoring, INTEL situational awareness tool and network health monitoring. NETOPS COP will provide a proactive view and enhanced security tool for use of CYBER network managers. NETOPS COP enhances execution of Open Public Local Access Network during all phases by ensuring validity of the COP, network health, information operations, and battlespace awareness. A combination of software tools, interoperable enabling hardware and processes to monitor and visualize network traffic to provide a locally generated, fused situational awareness picture for battle watch decision-making will be provided. NETOPS COP provides the Commander with near immediate risk assessment, actionable intelligence and immediate mitigation courses of action and attribution of on-going CS Protection events in order to enable the apportionment of forces with exacting control in response to national objectives. FY 12 Highlights for ISSP, Computer Network Defense and Maritime Operations Center (MOC): Computer Network Defense (CND) - Continue to develop and integrate CND capabilities in support of CCE and ACS. Continue the development of User Defined Operational Pictures (UDOP) to enhance Security Information Manager (SIM) tools with adaptive reactive-defense capabilities, improve incident correlation and situation awareness reporting. Begin development of computer-network evaluation capabilities to perform real-time analysis of events. Develop enhancements that advance CND analysis and response capabilities to network threats. Begin development of CND Increment 2 technology insertion cycles. Cryptographic (Crypto)/Crypto Modernization (CM) - Continue the Link-22 Modernized Link Level Communications Security (COMSEC) (MLLC), Very High Frequency (VHF)/Ultra High Frequency (UHF) Wideband Tactical Secure Voice Cryptologic Equipment (VINSON)/Advanced Narrowband Digital Voice Terminal (ANDVT) Cryptographic Modernization (VACM), and Link-16 CM development efforts, and start the Suite B Navy Implementation, Portable Radio Program (PRP), Key Management Infrastructure (KMI) Awareness, Demand Assigned Multiple Access (DAMA) , Secure Voice Over Internet Protocol (SVoIP), Navy Future Crypto Requirements, Navy Crypto Mod Acceleration with joint services. Coordinate a Crypto Modernization Plan for Transmission Security (TRANSEC) with NSA and other services. Electronic Key Management System (EKMS) - Finalize any EKMS to KMI transition issues. Migrate COMSEC Material Work Station/Data Management Device (CMWS/DMD) and other Tier 3 devices to the KMI environment. Explore transition planning for CMWS/DMD to operate in the KMI environment. Key Management Infrastructure (KMI) - Continue transition strategy and define requirements for incorporation of other KMI roles into Navy architecture (i.e. Controlling Authority, Command Authority. Provide support to KMI CI-3 kickoff and program implementation. Providing engineering services to the CRYPTO MOD programs to ensure crypto devices are being designed with KMI capabilities specifically Over the Network Keying and are Network enabled. Begin requirements definition efforts for the Next Generation Fill Device. PKI - Research and develop tools to support device (non-human) certificates. Design and develop PKI expansion to support GIG identity management and protection requirements onto the Secret Internet Protocol Router Network (SIPRNet). IA Services (formerly IA Architecture) - Continue to provide security systems engineering support for the development of DoD and Navy IA architectures and the transition of new technologies to address Navy IA challenges. Provide IA risk analysis and recommended risk mitigation strategies for Navy networks and C4I systems. Maritime Operations Center (MOC) - Respond to new technologies and advanced hardware and software tools to support the development and deployment towards automated autonomous Computer Network Operations (CNO) NETOPS.

Open PDF

Document Details

Document Type: Project
Publication Date: Oct 01, 2012
Source ID: 0734_0303140N_7_1319_PB_2012

Communications Security R&D

Abstract

Document Details

Tags

Fields of Study

Readers

Technology Areas

Related Documents