Communications Security R&D

Abstract

The Information Systems Security Program (ISSP) Research Development Test & Evaluation (RDT&E) program provides Information Assurance (IA) solutions for the Navy forward deployed, highly mobile information subscriber. FORCEnet relies upon an assured information infrastructure, and the ISSP RDT&E program architects, engineers, and provides the level of robustness consistent with risks faced. The ISSP addresses engineering design, development, modeling, test, and evaluation for the unique IA challenges associated with the highly mobile, dispersed, bandwidth limited, and forward-tactical connected United States (US) Navy communications systems. ISSP RDT&E personnel work closely with the Navy's Information Operations (IO) - Exploit (Signals Intelligence (SI)) and IO - Attack (Information Warfare (IW)) communities. ISSP RDT&E-developed systems dynamically change the Navy's current information assurance posture, based upon operational indications and warnings. To ensure interoperability, ISSP RDT&E products integrate fully with the FORCEnet and maritime cryptologic architectures. ISSP RDT&E-developed systems can provide the trigger for offensive warfare activities. This project includes a rapidly evolving design and application engineering effort to modernize national security-grade (Type-1) cryptographic equipment and ancillaries with state-of-the-art replacements to counter evolving and increasingly sophisticated threats, in accordance with The Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 6510 requirements. Communication Security (COMSEC) and Transmission Security (TRANSEC) evolution are from stand-alone dedicated devices to embedded modules incorporating National Security Agency (NSA) approved cryptographic engines, loaded with the certified algorithms and key, and interconnected via industry-defined interfaces. This includes the Department of Defense (DoD) Global Information Grid (GIG) capability requirements document for the development of Content Based Encryption (CBE). North Atlantic Treaty Organization (NATO) Improved Link Eleven (NILE) is a cooperative development project for Link 22 involving 7 nations: United States, Germany, France, United Kingdom, Canada, Italy and Spain. The US is responsible for all coordination of Information Security (INFOSEC) activities under the NILE project. In addition, the US controls the release of the crypto capability to the nations and all potential 3rd parties. The current Link 22 crypto (Link Level Crypto (LLC)) is obsolete and needs to be modernized per NSA and CJCS Crypto Modernization mandates. In addition to protecting national security information, ISSP RDT&E efforts must provide enterprise-wide assurance for statutorily protected information under the Privacy Act of 1974, Computer Matching and Privacy Protection Act of 1988, Medical Records Confidentiality Act of 1995, Model State Public Health Privacy Act, 45 Code of Federal Regulation subtitle A sub-chapter C, parts 160-164, 1999, and the Federal Education Records Privacy Act. ISSP RDT&E efforts must also provide assurance to the broad spectrum of sensitive but-unclassified information such as financial, personnel, contractor proprietary, and procurement sensitive. ISSP RDT&E must also provide solutions to the most advanced state-sponsored and criminal-intent advanced persistent threats, including those to platform Information Technology (IT), weapons systems, Industrial Control (ICS), and Supervisory Control and Data Acquisition (SCADA). The Information Systems Security Program (ISSP) today includes more than legacy Communication Security (COMSEC) and network security technology. Information Assurance (IA) or defensive Information Operations (IO) exist to counter a wide variety of threats. ISSP activities cover all telecommunications systems, and RDT&E projects must provide protection, detection, and reaction capabilities to the operational commander. ISSP Research Development Test & Evaluation (RDT&E) efforts provide dynamic risk-managed IA solutions to the Navy information infrastructure, not just security devices placed within a network. Extensive effort will be placed on rapidly providing solutions required for the new DODI 8500.02, CNSSI 1253, and NIST SP 800-53 IA control set, focused primarily on espionage and sabotage capable, state-sponsored advanced persistent threats. Additional efforts will include the implementation of data object security labeling and provenance metadata, also required by DODI 8500.02, which is a major enabler for cross domain data sharing. Few technology areas change as fast as telecommunications and computers, and IA must keep pace. This results in the continuing need to evaluate, develop, and/or test IA products and approaches. Technology-based efforts include developing or applying: (1) new secure voice prototypes; (2) technology for a new family of programmable COMSEC and Transmission Security (TRANSEC) modules; (3) security appliances and software for switched and routed networks; (4) technology to interconnect networks of dissimilar classification, known as Cross Domain Solutions; (5) techniques for assuring code and data residing in and transiting the Navy's computing base and information store; and (6) Public Key Infrastructure (PKI) and associated access control technologies such as SmartCards and similar security tokens; (7) Electronic Key Management System (EKMS) devices such as Simple Key Loaders (SKL), COMSEC Material Work Stations (CMWS), and Key Management Infrastructure (KMI) equipment (Client Management (MGC)/Advanced Key Processor (AKP) MGC/AKPs, High Assurance Protocol Equipment, Delivery Only Client (DOC) and Next Generation devices. ISSP efforts conclude with continuously monitored, certified, and accredited systems supported within Navy cyber operational environments. Achieving and maintaining this milestone requires: * Evolving techniques for defense of National Security Systems (NSS) and Information against advanced persistent threats, including process, control, and sensor layers; * Approved techniques for the assured separation of information levels and user communities, including allied, coalition, non-Governmental, Defense Industrial Base, and other public partners; * Rapid deployment of technologies supporting the Navy's Computer Network Defense Service Providers (CNDSP) operations; * Hardware and software to assure end-to-end resilience of the Navy's telecommunications infrastructure and availability of the critical wireless spectrum resource; * High robustness interfaces with joint user and platform cyberspace domains, using a defense-in-depth architecture; * COMSEC and process isolation techniques for securing the critical computing base and information store. The cyberspace domain has virtually eliminated the traditional distinction between telecommunications and information systems. Because cyber security is a cradle-to-grave enterprise-wide discipline, this program applies the set of best practices embodied within the Committee on National Security Systems Instruction (CNSSI) 1253. Of special note is the Navy's cyber security role in the joint Cryptographic Modernization Program, required by Chairman of the Joint Chiefs of Staff Instructions (CJCSI) 6510.02D, providing high assurance and other cryptographic technologies protecting cyber systems. The parallel Security Management Infrastructure (SMI) program develops, evaluates, and applies new emerging technologies and enhanced capabilities to the EKMS/KMI. Additional efforts will focus on the architecture, design, and development of systems to manage the security parameters (e.g., cryptographic keys) necessary to the operation of the systems developed by the secure data and secure voice portions of the ISSP. This includes the application of EKMS/KMI Infrastructure technology, and the development of improved techniques for key and certificate management. Information Systems Security Program (ISSP) Research Development Test & Evaluation (RDT&E) management will direct a program that: * Ensures the Navy's cyber domain implements consistent joint and enterprise cyber security architecture; * Rapidly develops and deploys the latest versions of cyber security measures across all seven layers of the Information Organization of Standardization (ISO) Open Systems Interconnection Reference Model and for all Committee on National Security Systems Instruction (CNSSI) 1253 Information Assurance (IA) controls (best practices); * Ensures that all data within the Navy Enterprise is protected in accordance with its classification and mission criticality, as required by law; * Provides Fleet Cyber Command and Commander U.S. Tenth Fleet (C10F) with integrated tools and techniques to protect, detect, restore, and respond to cyber events and incidents; * Supports the Navy Computer Network Defense (CND) provider by enabling cyber situational awareness; * Defends against and detects the unauthorized modification or disclosure of data outside the Navy cyber domain, such as in the WikiLeaks incident; * Provides a risk-managed means of selectively allowing information to flow across the enclave boundary while ensuring proper marking and provenance; * Provides strong authentication of users accessing services from Navy cyberspace; * Defends against the unauthorized use of a host or application, particularly operating systems, control and process systems, and supervisory control and data acquisition systems; * Maintains cyber security configuration management of all hosts to track patches and system configuration changes; * Ensures adequate defenses against subversive acts of trusted people and systems, both internal and external; * Provides a Communications Security (COMSEC) infrastructure that supports key, privilege, and certificate management; and that enables positive identification of individuals utilizing network services; and, * Provides a continuous monitoring, analysis, assessment, situational awareness, and response infrastructure. Maritime Operations Center (MOC) networks will operate and share information with multiple partners in varying circumstances. The MOCs will receive integrated tools to maintain a Network Operations (NetOps) Common Operational Picture (COP) and support Command and Control (C2) of the Communications Systems (CS) through the ability to analyze and develop Courses of Action (COA) to manage C2 cyberspace operations. This includes CYBER Surveillance, bandwidth monitoring, INTEL situational awareness tools, and network health monitoring. NetOps COP will provide a proactive view and enhanced security tool for use by CYBER network managers. NetOps COP ensures validity of the COP, network health, and provides operator synchronization with Information Operations (IO), and situational awareness of the cyber battle space. A combination of software tools, interoperable enabling hardware and processes will be provided to monitor and visualize network traffic and to provide a locally-generated, fused situational awareness picture for battle watch decision making. NetOps COP provides the Commander with near immediate risk assessment, actionable intelligence and immediate mitigation courses of action and attribution of on-going CS Protection events in order to enable the apportionment of forces with exacting control in response to national objectives. FY 14 Highlights for Information Systems Security Programs (ISSP): Computer Network Defense (CND) - Continue to implement Department of Defense (DoD)/Information Assurance (IA)/CND Enterprise Solutions Steering Group (ESSG) tools into Outside the Continental United States (US) Navy Enterprise Network (ONE-Net), Information Technology for the 21st Century (IT-21), and other networks such as Cyber Asset Reduction & Security (CARS) as required. Support the DoD/ESSG development and integration of CND capabilities into the Navy's architecture and support the addition of these capabilities into the Commander U.S. Tenth Fleet (C10F) Maritime Operations Center (MOC). Continue to integrate CND capabilities to perform near real-time analysis of events and Advanced Persistent Threats (APT). Update the Computer Network Defense (CND) Information Assurance (IA) suites with adaptive defense, security sensors, incident reporting, correlation, packet capture and processing, and situational awareness capabilities. Achieve cost and performance efficiencies by consolidating IA services in the Outside the Continental United States (US) Navy Enterprise Network (ONE-Net) environment and by furthering efforts to virtualize CND capabilities. Continue to develop, integrate, and test defense-in-depth and situational awareness technologies for knowledge-empowered CND operations for afloat and ashore platforms. Promote Course of Action (COA) development analysis and execution to improve interoperability with the Global NetOps Information Sharing Environment. Develop enhancements and continue evaluation of needs derived from the CND Capabilities Steering Group to advance analysis and response to network threats. CND will continue to deploy integrated tools at the C10F MOC in order to maintain Cyber Situational Awareness (CSA) to support Command and Control (C2) of the Communications Systems (CS). CSA provides near immediate risk assessments, actionable intelligence and immediate mitigation COAs and attribution of on-going CS protection events in order to enable the apportionment of forces with exacting control in response to national objectives. Develop and further Joint Capability Technology Demonstration (JCTD) delivered capability to adaptively manage risks to operational networks throughout an Area of Responsibility to provide defense-in-depth by functionally segmenting networks through the deployment of Virtual Secure Enclaves (VSE) and utilization of black core transport services to protect key cyber terrain. Cryptographic (Crypto)/Crypto Modernization (CM) - Initiate development of a Transmission Security (TRANSEC) replacement product for legacy devices. Initiate Intermediary Application (iApp) development efforts and incorporate functionality into specific Navy crypto devices, fill devices support products, or Personal Digital Assistants (PDA). Complete Full Development effort for the Link-22 Modernized Link Level Communications Security (COMSEC) (MLLC) and begin planning transition to production. Conduct Navy system test on VINSON/Advanced Narrowband Digital Voice Terminal (ANDVT) Cryptographic Modernization (VACM) Low Rate Initial Production (LRIP) units. Complete Navy VACM training material development, and all required pre-installation documentation, materials and acquisition support. Continue providing security engineering support for modernization of space crypto systems, embeddable crypto strategies, Unmanned Vehicle/low power crypto, Next Generation crypto initiatives, disposable crypto for tactical apps, Layer 2 encryption, and Tactical Secure Voice (TSV) cross-banding. Continue National Security Agency (NSA) certification authority and acquisition authority for all CM products. Key Management Infrastructure (KMI) - Continue capability, verification testing support to KMI Capability Increment (CI) CI-2 Spiral 2 software. Continue transition strategy and define requirements for incorporation of other KMI roles into Navy architecture (e.g., Controlling Authority, Command Authority). Continue defining capability requirements for KMI CI-3. Continue supporting KMI transition working group meetings, developing white papers and supporting documentation for KMI CI-3. Continue requirements definition support to the development of the next generation fill device. Continue migrating COMSEC Material Work Station/Data Management Device and other next generation fill devices to the KMI environment. Continue engineering the Navy Enterprise system to a centralized configuration management and crypto unit inventory tracking tool, which will improve Electronic Key Management System (EKMS) Tier 3 Simple Key Loaders (SKL), Tactical Key Loaders (TKL), KMI and Crypto product management. Continue development engineering and testing to the Intermediary Application (iApp) which will enhance KMI secure communications. Begin shipboard bandwidth study in support of KMI Delivery Only Client (DOC) architecture in the afloat operational environment. Public Key Infrastructure (PKI) - Develop Secret Internet Protocol Router Network (SIPRNet) PKI solutions, including the SIPRNet Validation Authority and Cryptographic Logon (CLO) capability to non-Microsoft systems and Microsoft non-Domain services. Research and test Defense Information Systems Agency (DISA) Online Certificate Status Protocol (OCSP) enchancements for certificate authentication in the Navy afloat and ashore environments. Ensure compatibility and interoperability of PKI with CND systems architecture. Ensure Navy compliance with new PKI related cryptographic algorithms and certificate changes on the Common Access Card (CAC), Alternate Logon Token (ALT), and SIPRNet hardware token. Research and develop tools to support certificates for Non-Person Entity (NPE) devices and tactical/austere environments. Research Identity and Access Management (IdAM) technologies to increase information security on the Global Information Grid (GIG). Investigate virtualization of Navy Certificate Validation Infrastructure (NCVI) servers with Hardware Security Modules. Information Assurance (IA) Services - Continue to provide security systems engineering support for the development of Department of Defense (DoD) and Navy IA architectures and the transition of new technologies to address Navy IA challenges. Provide IA risk analysis and recommended risk mitigation strategies for Navy networks and C4I systems. This includes the expanded requirements to provide complete Identity and Access Management (IdAM) solutions, expanded spectrum monitoring, and data object security and provenance labeling as required in current DODI 8500.2 and the new DODI 8500.02 IA controls.

Open PDF

Document Details

Document Type: Project
Publication Date: Oct 01, 2014
Source ID: 0734_0303140N_7_1319_PB_2014

Communications Security R&D

Abstract

Document Details

Tags

Fields of Study

Readers

Technology Areas

Related Documents