Communications Security R&D

Abstract

The Information Systems Security Program (ISSP) Research Development Test & Evaluation (RDT&E) efforts provide Information Assurance (IA) and Defensive Cyberspace Operations (DCO) solutions to protect the forward deployed, bandwidth-limited, highly mobile Naval information subscriber and the associated command, control, and communications required to achieve the integrated military advantage from Net-Centric operations. ISSP addresses engineering design, development, modeling, simulation, test, and evaluation for the unique IA challenges associated with dispersed, bandwidth limited, and forward-tactical connected US Navy communications systems. This project includes a rapidly evolving design and application engineering effort to modernize cryptographic equipment and ancillaries with state-of-the-art replacements to counter evolving and increasingly sophisticated threats, in accordance with the Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 6510 requirements. Communication Security (COMSEC) and Transmission Security (TRANSEC) evolution are from stand-alone dedicated devices to embedded modules incorporating National Security Agency (NSA) approved cryptographic engines, loaded with the certified algorithms and key, and interconnected via industry-defined interfaces. This includes the Department of Defense (DoD) Global Information Grid (GIG) capability requirements document for the development of Content Based Encryption (CBE) and in the implementation of the Committee for National Security Systems (CNSS) Policy 15 on the "Use of Public Standards for the Sharing of Information among National Security Systems." In addition to protecting national security information, ISSP RDT&E efforts provide enterprise-wide assurance for statutorily protected information, such as the 107 protected data types described in the federal task force on Controlled Unclassified Information (CUI) and in DoD Manual 5200.01 Volume 4. ISSP RDT&E efforts must also provide solutions to the most advanced state-sponsored and criminal-intent Advanced Persistent Threats (APT), including those to Platform Information Technology (PIT), weapons systems, Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA). ISSP RDT&E efforts provide dynamic risk-managed IA solutions to the Navy information infrastructure, not just security devices placed within a network. Extensive effort will be placed on rapidly providing solutions required for the new DoD Instruction (DoDI) 8500.01, (CNSS) Instruction No. 1253, and National Institute of Science and Technology (NIST) Special Publication (SP) 800-53 IA control set, focused primarily on espionage and sabotage capable, state-sponsored APTs. Additional efforts include the implementation of data object security labeling and provenance metadata, also required by DoDI 8500.01, which is a major enabler for cross-domain data sharing. Few technology areas change as fast as telecommunications and computers; resulting in the need for continuous evaluation, development, and testing of IA products and cyber defense strategies. ISSP efforts in support of this environment include developing or applying: (1) new secure voice and secure data prototypes and protocols; (2) technology for a new Suite B capable programmable COMSEC and TRANSEC devices and software; (3) security appliances and software for switched and routed networks; (4) technology to interconnect networks of dissimilar classification and need-to-know, known respectively as Cross Domain Solutions (CDS) and virtually secure environments (VSE); (5) techniques for assuring code and data residing in and transiting the Navy's computing base and information store; (6) Public Key Infrastructure (PKI) and associated access control technologies such as smartcards and similar security tokens; (7) Key Management (KM) devices such as Simple Key Loaders (SKL), COMSEC Material Work Stations (CMWS), and Key Management Infrastructure (KMI) equipment (Client Management (MGC)/Advanced Key Processor (AKP) MGC/AKPs, High Assurance Protocol Equipment, Delivery Only Client (DOC) and Next Generation devices; (8) technologies that provide assured and persistent Identity and Access Management (IdAM) for persons, virtual instances, and connected devices; (9) technologies for assuring cloud and mobile operating environments and devices; (10) defensive cyber security technologies required to support strategic and tactical cyber operations in an Anti-Access, Area-Denial (A2AD) hostile environment; and (11) Cyber Remediation capabilities that will accelerate the Navy's ability to prevent, constrain and mitigate cyber-attacks and critical vulnerabilities as well as provide greater resiliency, awareness, data analytics, redundancy and diversity into the Navy's Defense-in-Depth (DiD) strategy. FY 15 Highlights for Information Systems Security Programs (ISSP): Computer Network Defense (CND): Continue to develop, integrate, and test CND Builds, DiD and SA technologies for knowledge-empowered CND operations for shore sites and afloat platforms. Continue to develop new capabilities for the Navy's C2 architecture and provide technical guidance to ensure CND requirements are met by CANES. Continue to implement DOD and USCC IA/cyber security tools and mandates into ONE-Net, IT-21 and excepted networks. Continue evaluation of needs derived from the stakeholders and CCSG, as well as develop, update, and integrate the CND/IA suites with adaptive defense, security sensors, incident reporting, correlation, packet capture processing, and situational awareness capabilities to provide increased DiD, perform near real-time analysis of events, and counter APT. Provide Vulnerability Remediation Asset Manager (VRAM) tool to include Online Compliance Reporting System (OCRS) and Continuous Monitoring Risk Scoring (CMRS) capabilities. Begin impact analysis of DODI 8500.01 IA controls implementation in CND. Initiate integration and testing of Secure Socket Layer (SSL) intercept to achieve compliance with Defense Information Security Agency (DISA)firewall security guidance. Continue to further efforts to virtualize CND capabilities and consolidating IA Services in the ONE-Net environment. Begin development and implementation of an optimal technical and governance solution for interception of outbound encrypted traffic. Start analysis to replace and assume acquisition management of Navy Cyber Defense Operations Command's (NCDOC) tactical sensor infrastructure. Continue to support C10F NCSA efforts, deploying integrated tools at the C10F MOC to support C2 of the CS; NCSA will provide near real-time risk assessments, actionable intelligence, and immediate mitigation courses of action for knowledge-empowered CND operations throughout the Navy. Continue to develop JCTD delivered VSE to segment networks and adaptively manage operational risks. Provide Cyber Remediation initiatives within the Navy's CND/IA program in order to achieve improved network defense and security wholeness. Navy Cryptography (Crypto): Continue development of TRANSEC replacement product for legacy devices. Complete iApp development efforts and initiate iApp crypto integration into specific devices. Complete Link-22 MLLC full development and provide support for transition to production efforts. Continue providing security engineering support for modernization of space crypto systems, embeddable crypto modernization strategies, and Next Generation Crypto initiatives. Continue providing support for NSA certification authority, acquisition authority, and data testing for all CM efforts. Continue to coordinate internally with other programs to address future crypto modernization efforts to include DMR, CDLS/TCDL. Continue to investigate impacts of upcoming NSA security enhancements for crypto mod products to include Enhanced FireFly (EFF), hardware and software. Continue to research and study the Secure Telephone Equipment (STE) follow-on. Continue to provide VACM technical engineering support on behalf of DoN. Achieve VACM's Full Rate Production (FRP) decision and complete VACM Initial Operational Test & Evaluation (IOT&E). Key Management (KM): Perform capability, verification testing that includes DT and OT in support of KMI CI-2 Spiral 2/Spin 2 software Full Rate Fielding Decision (FRFD). Achieve IOC on KMI CI-2 Spiral 2/Spin 1. Continue transition strategy, Alteration Installation Team (AIT) transition packages and define requirements for incorporation of other KMI roles into Navy architecture. Continue defining capability requirements for KMI CI-3. Continue supporting KMI transition working group meetings, developing white papers and supporting documentation for KMI CI-3. Conduct Next Generation Fill Device verification testing of Navy COMSEC requirements. Continue migrating CMWS/DMD and other Next Generation Fill Devices, the follow on to Simple Key Loader (SKL) into the KMI environment. Continue development, engineering and testing to the iApp which will enhance KMI secure communications and the Navy's implementation of the KMI DOC configuration, on the afloat and subsurface networks with the NSA KMI Spiral 2 software baseline. Continue engineering support to KMI PMO and vendors to develop capabilities required for the Navy, Army, and Air Force. Achieve Tactical Key Loader (TKL) Full Operational Capability (FOC). Public Key Infrastructure (PKI): Continue research, develop, and test Identity and Access Management (IdAM) technologies to support afloat and OCONUS networks. Continue development and testing of tools to support Non-Person Entity (NPE) certificates in tactical/austere environments. Begin research and evaluate PKI authentication capabilities to support mobile devices for afloat and OCONUS networks. Continue to research and develop the next version of Navy Certificate Validation Infrastructure (NCVI) to support Online Certificate Status Protocol (OCSP) on afloat and OCONUS networks. Begin providing PKI support in the software development efforts for afloat networks, to include Common Access Card (CAC), Cryptographic Log-On (CLO), SIPRNet Token, and NPE. Begin test and evaluation support for technologies coming from the DoD Program Management Office (PMO) for future integration into Navy networks. Continue to ensure Navy compliance with new PKI related cryptographic algorithms and certificate changes on the CAC, Alternate Logon Token (ALT), and SIPRNet hardware token. PKI Inc 2 will reach Full Operational Capability (FOC). Information Assurance (IA) Services: Continue to provide security systems engineering support for the development of DoD and Navy IA architectures and the transition of new technologies to address Navy IA challenges. Provide IA risk analysis and recommended risk mitigation strategies for Navy networks and Command, Control, Communications, Computers and Intelligence (C4I) systems. This includes the expanded requirements to provide complete IdAM.

Document Details

Document Type

Project

Publication Date

Oct 01, 2015

Source ID

0734_0303140N_7_1319_PB_2015

Tags

Related Documents

• Root: Information Sys Security Program
• Child Accomplishment: Computer Network Defense (CND)
• Child Accomplishment: Navy Cryptography (Crypto)
• Child Accomplishment: Key Management (KM)
• Child Accomplishment: Public Key Infrastructure (PKI)
• Child Accomplishment: Information Assurance (IA) Services