Crossing Domains
TECHNOLOGY HELPS SOLVE THE CHALLENGES OF SHARING GEOSPATIAL AND OTHER INFORMATION ACROSS DISPERSED GOVERNMENT NETWORK DOMAINS.
One of the axioms of the global war against terrorism is that in order to succeed, warfighters and first responders must have access to actionable, real-time intelligence at all times. Organized terrorism is a much faster adversary than the nation-state opponents of our past, and countering this threat today demands swift coordination between critical agencies.
The National Geospatial-Intelligence Agency (NGA) plays a crucial part in today’s information-sharing requirements, which are especially vital because of their key role in providing the geospatial information that is critical for so many analytical and operational needs. Today, however, new strategies are needed by NGA and most government organizations, because traditional cross-domain solutions are being overwhelmed by the mounting volume and variety of geospatial information that needs to be shared across dispersed government network domains.
Effective geospatial information sharing calls for a scalable transfer system that can support Protection Level 5 intelligence community security policies and send data to its destination in real-time. The good news is that advancements in technology, primarily with hardware-enforced geospatial intelligence transfer, are providing innovative ways to meet this need. As a result, intelligence, defense and homeland security are increasingly capable of sharing sensitive information and working together to keep our nation safe.
Collaboration, interoperability, information sharing and crossdomain communication are all buzzwords commonly used to describe the need for standard, unified ways for government agencies to share information while protecting classified materials. With regard to GIS information, this has been a major challenge for the intelligence community, and a concern recently expressed by NGA Director Vice Admiral Robert B. Murrett.
As the primary keeper of geospatial intelligence, NGA is constantly pressed to establish and deploy secure cross-domain systems to share its wealth of GIS information with other intelligence organizations, defense and homeland security agencies, and ultimately the warfighters in the field. In a post-9/11 world, NGA has to share GIS information across a wider community, and it needs to do so in real-time, while enforcing Top Secret protection levels and embracing inflated file sizes and future advancements in GIS information.
FUTURE GIS TRANSFER
NGA’s demand for secure GIS information transfer systems has stirred a strong response support from the industry, and new offthe- shelf solutions seem to be offered daily. Today, there are a limited number of technologies available that can actually support all the elements required to logistically—and efficiently—share mountains of GIS information across the many discrete domains within the intelligence, defense and homeland security communities.
Among these requirements, a proper cross-domain solution needs to:
• Enforce different security policies
• Have immunity from conventional hacking
• Transfer large volumes of GIS information in real-time
• Support future advancements in GIS information technology.
Where is the future of GIS transfer heading? NGA is now exploring advancements in proprietary hardware-enforced transfer technologies through its GeoScout program, particularly transfer systems that can interoperate in big picture scenarios, enforce Top Secret security policies, and sustain massive GIS file transfers at real-time speeds. The common denominator for these new hardware- based transfer systems is that they communicate and share GIS information in one direction only, through dedicated, one-way transfer paths.
The nature of one-way transfer technology gives it an important advantage in answering a majority of NGA’s existing security and information-sharing requirements, uniquely positioning one-way communication for use in collaborative scenarios, where the intelligence community needs to connect its communities of interest with actionable GIS information. The big difference is that today, one-way transfer can be not only reliable, but also fast.
The interest in one-way transfer is not new. Having already attained “approved to operate” (ATO) status for critical intelligence and defense operations, one-way transfer is the most prevalent information sharing method used by the intelligence community and Department of Defense. In fact, the majority of our nation’s existing legacy cross-domain systems operate on strict send-only and receive-only policies.
The proverbial “sneakernet” is a perfect example of a one-way legacy system, where data is physically walked from one organization to another, with the information carried by a trusted courier who follows appropriate security protocols. The challenge of this solution is that it is time-consuming, with the transfer of data often taking days, depending on the locations of the sender and receiver. Because of its pervasiveness, however, transfer systems that enforce one-way information sharing are still best equipped to satisfy the policy needs of a GIS information-sharing network.
In addition to naturally enforcing one-way information-sharing policies, one-way transfer systems are inherently secure. Today, for example, there are one-way transfer systems certified for Top Secret and Below Information sharing that meet Protection Level 5 information security requirements. Their trusted security status is testament to the hack-proof quality of one-way transfer.
ONE-WAY BENEFITS
In its simplest terms, conventional hacking depends on two-way communication, operating much like a send and receive request. With a one-way system, it is physically impossible for information sent to return using the same path—this condition is absolutely enforced at the hardware level, hence the term hardware-enforced transfer. As a result, one-way information flow is immune to conventional data extraction tactics used with cyber spying. This factor is absolutely critical for securing GIS information sharing.
The benefits of one-way transfer include the fact that it is:
• The most prevalent and trusted solution today. One-way transfer is the approved cross-domain method within the intelligence community and DoD. The majority of legacy cross-domain systems function on strict send-only, receive-only policies, which need to be enforced at the hardware level.
• The most secure, since hardware oneway transfer safeguards geospatial data from being hacked in any conventional sense.
• Able to keep discrete domains private. One transfer method—Owl Computing Technology’s DualDiode solution— uses data diodes to separate networks and enforce one-way transfer policies at both endpoints.
• Scalable. Built on a standalone hardware one-way interface, this type of system can connect to the many unique network domains involved in sharing geospatial intelligence.
On the road to universally trusted cross-domain solutions, one-way transfer offers the most straightforward path, in terms of meeting policy and security requirements. Policy enforcement by itself, however, is not enough. Specialized hardware-enforced transfer needs to pick up where one-way policy leaves off. Growing GIS file sizes, faster video streams, and enhanced picture and video resolutions are flooding the majority of legacy transfer systems in-place today, causing data loss and corruption, which can have a severe impact on operational awareness and intelligence quality.
In the past, first-generation one-way transfer systems had issues with reliably transferring information across a one-way path. Instinctively, communication requires two-way interaction, which called for counterintuitive thought when designing the first one-way systems.
Today, providers have perfected approaches for automating one-way transfer, and are providing NGA with secure, reliable and fast GIS transfer in support of its most critical national security objectives. Building on the value of one-way policy, there are solutions today that take the benefits of one-way transfer and add a key ingredient—rapid electronic transfer.
For example, one approach from Owl Computing Technologies uses data diodes engineered to support the fastest possible transfer of any GIS data type, and integrates them with dedicated GIS information transfer applications. This solution provides a robust, one-way communication path through DualDiode technology, which can transport any file size or data type quickly and securely across dispersed network environments.
DOUBLE-BLIND INTERACTION
By automating and enforcing strict send-only and receive-only policies, this type of one-way transfer allows for a condition of double-blind interaction between communicating networks. Double- blind interaction allows organizations to collaborate while protecting sensitive information outside the mission scope; a receiving network only gets the information you intend to send, and there are no IP addresses or packets to characterize a send domain. In situations where satellite information is gathered, analyzed, interpreted and sent forward as actionable intelligence, it can be beneficial for a double- blind system to be in place in order to protect the integrity of this multi-layered network.
Beyond safety from cyber spying, NGA needs to protect the confidentiality of its private networks when sharing GIS information with other organizations of different security classifications. In a national terrorist disaster scenario, GIS intelligence needs to be gathered, analyzed, interpreted and distributed to key response forces. The multi-layered information-sharing architecture needed to move this information must take into account many different security classifications.
This security and the ability to transfer information upguard—from unclassified to secret to top secret—and downguard— from top secret to secret to unclassified— is built into some of today’s most innovative uses of data diode one-way transfer solutions, such as the DualDiode technology.
In fact, data diode transfer systems are already being used today for constructing upguard and downguard geospatial information sharing architectures. Based on hardware-enforced, one-way systems, these GIS architectures are helping analysts and decision-makers support the warfighter by providing secure, reliable and fast GIS information across an everincreasing community of interest.
The robustness and scalability of hardware-enforced one-way transfer interfaces offer a real-time environment that can provide a dramatic shift in how analysis networks process received information, and how operations networks act upon the analyzed data, thus helping our nation’s protectors get to actionable intelligence faster. ♦
