White Paper

White Paper: Cloud-Scalable Cross-Domain Solutions for an Evolving Battlefield

Issue link: https://read.uberflip.com/i/1400095

Contents of this Issue


Page 2 of 5

WHITE PAPER Cross-domain solutions for an evolving battlefield mrcy.com 3 making the appropriate decisions, significant processing power is required. Relatively recent centralized model systems use racks of processors. In many implementations, these system capabilities are replicated, with one rack each for low-, medium- and high-security domains. While it does meet the basic need, there have always been multiple downsides to the centralized model. ▪ The software implementing the CDS communications control is, like all software, vulnerable to cyberattack. ▪ The centralized model offers a single target to an adversary attempting to disrupt or compromise a CDS. ▪ Large, multi-rack solutions can only be deployed on the largest platforms, ruling out fighter aircraft and ground vehicles. ▪ It is expensive to implement. ▪ It is difficult to update. EVOLVING TECHNOLOGY CREATES EVEN GREATER CHALLENGES In addition to these drawbacks, a range of current trends in defense technology are making the software-based, centralized model CDS increasingly inadequate. First, intelligence controlling an array of sensor types is moving out to system edge, deployed in everything from security cameras to micro-UAVs. This intelligence is capable of directing its sensor data streams to potential users via complex, dynamically changing network connections. In the commercial world, this phenomenon is recognized as the Internet of Things (IoT). LIMITATIONS TO CURRENT CDS DESIGNS The role of a CDS is to enable information transfers between systems in different domains without introducing the security threats of normal network connectivity. A CDS enforces domain separation, using a defined security policy to filter information so that any domain only receives information appropriate to its security designation. This protects against both inadvertent and intentional transfer of unauthorized information. The simplest functional model for a CDS is a security diode, allowing data flow from lower-level domains to higher-security domains, but blocking all traffic in the other direction. While straightforward to implement, a security diode does nothing to support the missions of lower-security domains. A high-security domain with valuable information at lower classification levels cannot share it, limiting effectiveness at all lower levels. A more common CDS implementation is the centralized model. A dedicated system sits in the middle of inter-network communications, acting as a security designation traffic cop for communications between all connected nodes. Security level understanding is built into a centralized model's system software and the content-sharing decisions are also made in the software. Given the complexity of recognizing information security levels from many nodes and then mrcy.com 3 A Centralized Model CDS Diode = Filtered Data Domain A Domain B Domain C A Security Diode Domain A Domain B Security Diode Low High High 2U 3x MOTHERBOARDS DOMAIN C DOMAIN B DOMAIN A Bi-directional CDS capabilities

Articles in this issue

Links on this page

view archives of White Paper - White Paper: Cloud-Scalable Cross-Domain Solutions for an Evolving Battlefield