White Paper

White Paper: Cloud-Scalable Cross-Domain Solutions for an Evolving Battlefield

Issue link: https://read.uberflip.com/i/1400095

Contents of this Issue

Navigation

Page 1 of 5

WHITE PAPER Cross-domain solutions for an evolving battlefield mrcy.com 2 mrcy.com 2 Cross-domain solutions (CDS) are mechanisms for implementing appropriate transfers based on a defined security policy. For example, information with various security levels is commonly found within high-security systems; a CDS controls transfers to lower-security level systems, so that only approved information flows to the lower levels and restricted information is withheld. Most current CDS use specialized software, and sometimes custom hardware, to enforce security-based transfer restrictions. They are often located in the middle of a network architecture, controlling information flows between systems. Reliance on software makes these CDS vulnerable to cyberattack, while the centralized model limits their usefulness with high-bandwidth, many-sensor data streams. For tunately, new CDS design concepts are emerging that will enable distributed, multi-domain architectures. The next generation of CDS will look ver y different, delivering more security, higher per formance, and greater flexibility. CONNECTING SYSTEMS WITH DIFFERENT SECURITY DESIGNATIONS Defense and intelligence systems deal with all types of data, ranging from publicly available statistics to highly sensitive information. Access to sensitive information is controlled by security designations. These designations begin with levels of increasingly rigorous security classification, such as Confidential, Secret and Top Secret, but they also extend to different types of information within the same classification. For example, some information at a given level may be allowable to intelligence groups while other information at the same level is allowable to electronic warfare (EW) analysts. When these designation limitations are implemented in computing systems, those systems become security domains, defined by the types of information they can acquire, store and manipulate. While a domain may deal with various types of information, often encompassing a range of designations, the security status of the domain is defined by the most restricted information type it is allowed. If information security was the only issue, then every security domain would be treated as an information silo, without network connections to other domains. Effective response to real-world situations obviously demands something different. Systems within different security domains must be able to share information, either one-way or bi-directionally, so the users of those systems can do their jobs at the pace required by modern warfare. The key is to transfer only appropriate information between domains. Airborne embedded electronics provides a clear example. A plane's EW system collects a great deal of information. Some of that information needs to be made available to the aircrew 's cockpit display in real time; other information should not be passed to the aircrew, so sources and methods used by the EW system remain protected. Another example is sharing imagery on a complex 'federated battlefield.' It may be very useful for a field commander to share images from a UAV with laptops used by allied insurgent forces, but critical to withhold image capture meta data such as day, time and UAV elevation. Commercial applications also face situations where some information in a data record should be shared, while other information remains private. The COVID-19 vaccine rollout raises potential situations, such as individuals being able to electronically prove vaccination status without making other medical data open to inspection. Or epidemiologists being able to analyze vaccine effectiveness in relation to large public events by combining information from vaccination, new COVID-19 case, and cell phone databases, but without enabling access to individual identifications. On today's battlefield, rapid information transfer between defense systems is essential to their effective response. However, the need to transfer information is overlaid with the need to restrict information transfer based on security classifications. Information approved for a given security domain should only be transferred to systems authorized for that domain.

Articles in this issue

Links on this page

view archives of White Paper - White Paper: Cloud-Scalable Cross-Domain Solutions for an Evolving Battlefield