While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Front-line soldiers and those who support them are often deployed to far-flung areas without easy access to stable and secure network connections. The Defense Department and the Defense Information Systems Agency (DISA), the Pentagon’s IT and communications services unit, want to make it easier to quickly access classified networks via wireless technologies when they are in the field.
The effort is part of a larger push by the DOD and DISA to focus on mobility solutions, and doing so in a secure way. The shift reflects the growing importance of mobile technology not just to the DOD but to the wider federal IT environment.
The move to mobile and the need to ensure that such networks are secure also highlights the value of the National Security Agency’s Commercial Solutions for Classified (CSfC) program, which certifies commercial products that agencies can use to create encrypted networks.
One element of the secure mobile push is PacStar’s partnership with Aruba, a Hewlett Packard Enterprise company, which allows soldiers to securely transmit classified information over Wi-Fi and LTE networks that they use in the field.
The PacStar 451 with Aruba VMC-TACT is a small tactical server installed with Aruba’s virtualized virtual private network and firewall capabilities, which gives DOD the ability to create wired and wireless tactical networks that can be used to transmit classified information using commercial technologies.
Further, the companies say, the solution allows warfighters to interoperate on missions with coalition partners without having to provide classified equipment to those partners. They can transmit classified mission information to end-user devices such as wireless-enabled laptops and cell phones without adding classified hardware to the devices.
“We are enabling command posts to be set up very, very quickly and enabling what you would normally expect as a regular consumer,” PacStar CTO Charlie Kawasaki recently told Federal News Radio. The mobile system is small enough to fit on a commercial plane, according to the report, and it essentially serves as a data center in a box.
The NSA’s CSfC program was key to allowing the PacStar/Aruba project to move forward. The program, set up in 2016, allows commercial products to be used in layered solutions protecting classified National Security Systems data. NSA argues that agencies that use equipment certified through the program will be able to “securely communicate based on commercial standards in a solution that can be fielded in months, not years.”
“It requires a tremendous suite of enterprise-class cybersecurity technology in order to make it work, and to just give you an example of what we are talking about, is two nested layers of [virtual private network] technology, one inside the other, which provides you with a double layer of protection that you would normally in an enterprise environment, but twice that strength,” Kawasaki told Federal News Radio.
According to Kawasaki, earlier remote communications and command post systems involved hundreds of pounds of wiring. “It’s not just internet access we are talking about here,” he said. “Sometimes it’s mission-critical, warfighting information services that need to up and running in order for the command post to be able to function and defend itself and have situational awareness to make sure the command post is safe.”
Using classified Wi-Fi and LTE networks helps speed up that process. Federal News Radio also reports that the secure technology could “open doors for classified biometric apps” for troops, such as “sensors that monitor their positions, heart rates, blood pressures and any other bodily functions.”
DISA is squarely focused on mobility, and biometrics could even become a part of network security. “We are really hitting hard on mobility. Everything we are doing, every development activity has to show a mobile side to it,” Tony Montemarano, DISA’s executive deputy director, said during a June 13 speech at an Armed Forces Communications and Electronics Association (AFCEA) event in Baltimore, according to a separate Federal News Radio report.
DISA Director Lt. Gen. Alan Lynn said at the same event that DISA is “reimagining the workplace,” and that “in the future we see the systems you carry on you carrying information for you,” according to an American Security Today report.
A soldier or DOD employee may use a smartphone to gain access to a facility, and he or she might access a virtualized network “through a combination of biometrics (e.g., facial recognition, voice recognition, gait, retina/iris scanning) and behavioral authentication (e.g. device handling, keystroke cadences, speech patterns),” American Security Today reports.
“Together, these will create an ‘identity score,’” Lynn said. “Your identity score will determine how much access you have to the network.”
DISA announced late last month that it will work with defense contractor Leidos and AT&T to take steps to enable software-defined networking for the Department of Defense Information Network (DoDIN).
Lynn said at the AFCEA event that the Pentagon will save money by not buying as much hardware and using virtualized machines, but will also enhance cybersecurity.
“The future that we’re looking for is a virtualized network that we can hop across,” he said. “Imagine a world where when a network is being attacked, you drop all the people on that network onto a duplicate network that’s virtualized.”