Communications Security R&D

Abstract

The Information Systems Security Program (ISSP) Research Development Test & Evaluation (RDT&E) program provides Information Assurance (IA) solutions for the Navy forward deployed, highly mobile information subscriber. FORCEnet relies upon an assured information infrastructure, and the ISSP RDT&E program architects, engineers, and provides the level of robustness consistent with risks faced. The ISSP addresses engineering design, development, modeling, test, and evaluation for the unique Information Assurance (IA) challenges associated with the highly mobile, dispersed, bandwidth limited, and forward-tactical connected US Navy communications systems. ISSP RDT&E works closely with the Navy's Information Operations - Exploit (signals intelligence) and Information Operations - Attack (information warfare) communities. ISSP RDT&E developed systems dynamically change the Navy's current information assurance posture, based upon operational indications and warnings. To ensure interoperability, ISSP RDT&E integrates fully with the FORCEnet and maritime cryptologic architectures. ISSP RDT&E developed systems can provide the trigger for offensive warfare activities. This project includes a rapidly evolving design and application engineering effort to modernize national security-grade (Type-1) cryptographic equipment and ancillaries with state-of-the-art replacements in order to counter evolving and increasingly sophisticated threats, in accordance with The Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 6510 requirements. Communication Security (COMSEC) and Transmission Security (TRANSEC) evolution are from stand-alone dedicated devices to embedded modules incorporating National Security Agency (NSA) approved cryptographic engines, loaded with the certified algorithms and key, and interconnected via industry-defined interfaces. This includes the Department of Defense (DoD) Global Information Grid (GIG) capability requirements document for the development of Content Based Encryption (CBE) continuing through FY2013. In addition to protecting national security information, ISSP RDT&E must provide enterprise-wide assurance for statutorily protected information under the Privacy Act of 1974, Computer Matching and Privacy Protection Act of 1988, Medical Records Confidentiality Act of 1995, Model State Public Health Privacy Act, 45 Code of Federal Regulation subtitle A sub-chapter C, parts 160-164, 1999, and the Federal Education Records Privacy Act. ISSP RDT&E efforts must also provide assurance to the broad spectrum of Sensitive-but-Unclassified information such as financial, personnel, contractor proprietary, and procurement sensitive. The ISSP today includes more than legacy COMSEC and network security technology. IA or defensive information operations exist to counter a wide variety of threats. ISSP activities cover all telecommunications systems, and RDT&E projects must provide protection, detection, and reaction capabilities to the operational commander. ISSP RDT&E provides dynamic risk managed IA solutions to the Navy information infrastructure, not just security devices placed within a network. Few technology areas change as fast as telecommunications and computers, and IA must keep pace. This results in the continuing need to evaluate, develop, and/or test IA products and approaches. Technology-based efforts include developing or applying: (1) new secure voice prototypes; (2) technology for a new family of programmable COMSEC and TRANSEC modules; (3) security appliances and software for switched and routed networks; (4) technology to interconnect networks of dissimilar classification, known as Cross Domain Solutions; (5) techniques for assuring code and data residing in and transiting the Navy's computing base and information store; and (6) Public Key Infrastructure (PKI) and associated access control technologies such as SmartCards and similar security tokens; (7) Electronic Key Management System (EKMS) devices (Simple Key Loaders (SKL), COMSEC Material Work Stations (CMWS)) and Key Management Infrastructure (KMI) equipment (Client Management (MGC)/Advanced Key Processor (AKP) MGC/AKPs, High Assurance Protocol Equipment) and Next Generation devices. The resulting expertise applies to a wide variety of Navy development programs that integrate IA technology. Unlike traditional single-product development programs, the ISSP RDT&E holds a unique Navy-enterprise responsibility. ISSP efforts conclude with continuously monitored, certified and accredited systems supported within Navy cyber operational environment. Achieving and maintaining this milestone requires: * Evolving techniques for defense of National Security Systems and Information against advanced persistent threats, including process, control, and sensor layers; * Approved techniques for the assured separation of information levels and user communities, including allied, coalition, non-Governmental, Defense Industrial Base, and other public partners; * Rapid deployment of technologies supporting the Navy's Computer Network Defense Service Providers (CNDSP) operations; * Hardware and software to assure end-to-end resilience of the Navy's telecommunications infrastructure and availability of the critical wireless spectrum resource; * High robustness interfaces with joint user and platform cyberspace domains, using a defense-in-depth architecture; * Communications Security (COMSEC) and process isolation techniques for securing the critical computing base and information store. The cyberspace domain has virtually eliminated the traditional distinction between telecommunications and information systems. Because cyber security is a cradle-to-grave enterprise-wide discipline, this program applies the set of best practices embodied within the Committee on National Security Systems Instruction (CNSSI) 1253. Of special note is the Navy's cyber security role in the joint Cryptographic Modernization Program, required by Chairman of the Joint Chiefs of Staff Instructions (CJCSI) 6510.02D, providing high assurance and other cryptographic technologies protecting cyber systems. The parallel Security Management Infrastructure (SMI) program develops, evaluates, and applies new emerging technologies and enhanced capabilities to the Electronic Key Management System (EKMS)/Key Management Infrastructure (KMI). Additional efforts will focus on the architecture, design, and development of systems to manage the security parameters (e.g., cryptographic keys) necessary to the operation of the systems developed by the secure data and secure voice portions of the ISSP. This includes the application of PKI and Certificate Management Infrastructure technology, and the development of improved techniques for key and certificate management to support emerging, embedded cryptographic technology. ISSP RDT&E management will direct a program that: * Ensures the Navy's cyber domain implements a consistent joint and Federal Enterprise cyber security architecture; * Rapidly develops, deploys, and versions cyber security measures across all seven layers of the ISO Open Systems Interconnection Reference Model and for all CNSSI 1253 Information Assurance (IA) controls (best practices); * Ensures that all data within Navy Enterprise is protected in accordance with its classification and mission criticality, as required by law; * Provides 10th Fleet and Fleet Cyber Command (FLTCYBERCOM) with integrated tools and techniques to protect, detect, restore, and respond to cyber events and incidents; * Supports the Navy Computer Network Defense (CND) provider by enabling cyber situational awareness; * Defends against and detects the unauthorized modification or disclosure of data outside Navy cyber domain, such as in the WikiLeaks incident; * Provides a risk-managed means of selectively allowing information to flow across the enclave boundary while ensuring proper marking and provenance; * Provides strong authentication of users accessing services from Navy cyberspace; * Defends against the unauthorized use of a host or application, particularly operating systems, control and process systems, and supervisory control and data acquisition systems; * Maintains cyber security configuration management of all hosts to track patches and system configuration changes; * Ensures adequate defenses against subversive acts of trusted people and systems, both internal and external; * Provides a Communications Security (COMSEC) infrastructure that supports key, privilege, and certificate management; and that enables positive identification of individuals utilizing network services; and, * Provides a continuous monitoring, analysis, assessment, situational awareness, and response infrastructure. Maritime Operations Center (MOC) networks will operate and share information with multiple partners and in varying circumstances. The MOCs will receive integrated tools to maintain a Network Operations (NetOps) Common Operational Picture (COP) and support Command and Control (C2) of the Communications Systems (CS) through the ability to analyze and develop Courses of Action (COA's) to manage C2 cyberspace operations. This includes CYBER Surveillance, bandwidth monitoring, INTEL situational awareness tools, and network health monitoring. NetOps COP will provide a proactive view and enhanced security tool for use by CYBER network managers. NetOps COP ensures validity of the COP, network health, and provides operator synchronization with Information Operations (IO), and situational awareness of the cyber battle space. A combination of software tools, interoperable enabling hardware and processes to monitor and visualize network traffic to provide a locally generated, fused situational awareness picture for battle watch decision-making will be provided. NetOps COP provides the Commander with near immediate risk assessment, actionable intelligence and immediate mitigation courses of action and attribution of on-going CS Protection events in order to enable the apportionment of forces with exacting control in response to national objectives. FY 13 Highlights for Information Systems Security Program (ISSP), Computer Network Defense (CND) - Continue to implement Department of Defense (DoD)/Enterprise-wide IA and CND Solutions Steering Group (ESSG) tools into Outside the Continental US Navy Enterprise Network (ONE-Net), Information Technology for the 21st Century (IT-21), and other networks (e.g., CARS) as requried. Support the DoD/ESSG development and integration of CND capabilities into the Navy's architecture and support the addition of these capabilities into the new Commander Tenth Fleet (C10F) Maritime Operations Center (MOC). Continue to integrate CND capabilities to perform near real-time analysis of events and Advanced Persistent Threat (APT). Update the CND IA suites with adaptive defense, incident reporting, correlation, and situational awareness capabilities. Achieve cost and performance efficiencies by consolidating IA services in the ONE-Net environment and by furthering efforts to virtualize CND capabilities. Continue to develop, integrate, and test defense-in-depth and situational awareness technologies for knowledge-empowered CND operations for afloat and ashore platforms. Promote Course of Action (COA)s development analysis and execution to improve interoperability with the Global NetOps Information Sharing Environment. Develop enhancements and continue evaluation of needs derived from the CND Capabilities Steering Group to advance analysis and response to network threats. C10F Maritime Operations Center (MOC) - Leverage the Ozone Widget framework and the US Cyber Command Cyber Pilot architecture to deliver visualization and analysis tools in support of a NetOps COP at the C10F MOC. Cryptographic (Crypto)/Crypto Modernization (CM) - Continue systems and security engineering support Link-22 Modernized Link Level Communications Security (COMSEC) (MLLC) full development effort., Very High Frequency (VHF)/ Ultra High Frequency (UHF) Wideband Tactical Secure Voice Cryptologic Equipment (VINSON)/Advanced Narrowband Digital Voice Terminal (ANDVT) Cryptographic Modernization (VACM), and Link-16 CM development efforts. Key Management Infrastructure (KMI) Awareness, Navy Future Crypto Requirements, Navy Crypto Mod Acceleration with joint services. Continue coordination of a Crypto Modernization Plan for Transmission Security (TRANSEC) with National Security Agency (NSA) and other services. Key Management Infrastructure (KMI) - Continue transition strategy and define requirements for incorporation of other KMI roles into Navy architecture (e.g., Controlling Authority, Command Authority). Provide capability, engineering development and verification testing support to KMI Capability Increment (CI)-2. Provide engineering services to the CRYPTO MOD programs (iApp) to ensure crypto devices are being designed with Key Management Infrastructure (KMI) capabilities specifically Over the Network Keying and are Network enabled. Begin requirements definition efforts for the next generation fill device and KMI CI-3. Investigate alternative KMI architecture implementations for submarine and other communities within the Navy. Provide engineering and analysis to a centralized configuration management and crypto unit inventory tracking tool which will improve Electronic Key Management System (EKMS) and Crypto product management. Provide engineering and analysis to the intermediary Application (iApp) which will enhance KMI secure communications. Public Key Infrastructure (PKI) - Continue to develop Secret Internet Protocol Router Network (SIPRNet) PKI solutions, including the SIPRNet Validation Authority and Hardware Token. Research and test Defense Information Systems Agency (DISA) Online Certificate Status Protocol (OCSP) enhancements for certificate authentication in the Navy afloat and ashore environments. Ensure compatibility and interoperability of PKI with Computer Network Defense (CND) systems architecture. Ensure Navy compliance with new PKI related cryptographic algorithms and new certificates on the Common Access Card (CAC). Research and develop tools to support certificates for Non-Person Entity (NPE) devices. IA Services - Continue to provide security systems engineering support for the development of DoD and Navy IA architectures and the transition of new technologies to address Navy IA challenges. Provide IA risk analysis and recommended risk mitigation strategies for Navy networks and C4I systems.

Open PDF

Document Details

Document Type: Project
Publication Date: Oct 01, 2013
Source ID: 0734_0303140N_7_1319_PB_2013

Communications Security R&D

Abstract

Document Details

Tags

Fields of Study

Readers

Technology Areas

Related Documents