CDIX: The Devils in the Details

Les Owens – Horizontal Fusion Management Team

NDIA Conference – Denver

24 March 2004

Page 2

“The secret of success is constancy to purpose.”

Benjamin Disraeli, 1804 - 1881British Prime Minister and novelist

Page 3

Outline

• Introduction to Cross-Domain – the Challenge

• Statement of Need – Warfighter example

• Some of the Challenges – the Devils in the Details

• Key CDIX Security Requirements

• Tactical Scenario – Data to and from the Warfighter

• The Horizontal Fusion CDIX Strategy

• Vision for Cross-Domain Information Exchange

• Discussion

Page 4

Cross-Domain Information Exchange

JWICS

SIPRNET

Coalition

Unclassified

CDIXCDIXCDIXCDIX

CDIXCDIX

Page 5

Statement of Need – Warfighter Example

Self-configuring, dynamic, mobile ad hoc network (MANET) connecting soldiers and sensors

Tactical nodes are commercial IEEE 802.11g radios with ad hoc networking software operating to allow dynamic configuration

All connections protected using embedded cryptography

Note: 802.11 is commercial “WiFi.”

Satellite link provides TACLANE link encryption to tactical unit

Page 6

Some of the Challenges – the Devils in the Details

• Understanding the security policies that dictate requirements for CDIX

• Understanding technical security countermeasures that must be deployed in an environment

• Understanding how new and evolving standards and technologies can address the problem

• Determining how potential existing and emerging solutions for automated CDIX can be used

• Developing an architectural solution and CONOPS in a particular environment

• Placement of security functions and performance

• Time required for security testing and C&A

• Breaking away from “the way its been done”

Page 7

Key CDIX Security Requirements

• Malicious Code Detection must be performed To prevent and detect viruses, logic bombs, worms, etc.

• Metadata tagging with security labels

• Digital signature application and verification Provision of Cryptographic integrity Provision of Cryptographic authentication

• Preventing and detection unauthorized activity

• Mobile Code Verification must be performed

Page 8

Tactical Scenario – to and from the Warfighter

Collateral Space

SIPRNET

Sensors

NGIS

IFIS

P3

HFPFI

ArmyCSN TG

LFN

LFN

Sensors

PL

PL

troops

Unclassified Environment

Classified Environment

Page 9

Taxonomy for Cross-Domain Taxonomy for Cross-Domain Information Exchange in the Information Exchange in the

Tactical EnvironmentTactical Environment

Manual Approach

Platoon leader gets information on MANET

PDA and posts information to Collateral Space with

web-services terminal and application

Unclassified SIPRNet Unclassified SIPRNet

Platoon leader gets information from Collateral Space with web-services terminal and application and delivers to MANET

PDAs

Fusion Node Gateway delivers to Collateral Space

using web-services application

Unclassified SIPRNet Unclassified SIPRNet

Web-services terminal and application and delivers to

MANET PDAs

Automatic Approach

CDIX for Tactical Environment

Page 10

Path 1

Path 2

Path 1 will leverage web-services and existing, known CDS solutions to provide partial solution for near-term (QL-2)

Near-term/QL-2

QL-2 and Beyond

“Tiger Team”

CDIX Evolution

“Design Team”

HF CDIX Strategy – Two-Pronged Approach

Develop an achievable CDIX solution for part of cross-domain problem• Unclassified to SIPRNET• Coalition to SIPRNET• Limited, high priority data types• Automated [Note: will create value for the warfighter in the near-term]

Path 2 will aggressively explore Content Staging CDIX solution and emerging CDS solutions to provide partial solution for beyond QL-2 – leveraging other DoD CDIX efforts and NCES

5 months

8-10 months

Fast Action – Bottoms-Fast Action – Bottoms-up Approachup Approach

Fast Action – Top-down Fast Action – Top-down ApproachApproach

Page 11

Key Points About Strategy

• Provides a two-pronged approach for near-term and longer term

• Provides a path that is limited in scope and therefore achievable for this year – does not try to “boil the ocean”

• Will show significant value for the warfighter

• Is evolutionary in nature – towards the CDIX vision

• Will capitalize on our learning process

• Will capitalize on the maturation process of technology and policy

Page 122002

2003

2004

2005

2006

2007

CDIX Evolution

Air-gap

CDIX Solution for part of problemCDIX Solution for part of problem

CDIX Solution for more of problem

Full CDIX Vision

Page 13

SIPRNETDomain 2

Single NetSingle Net

Enhanced Enhanced security and security and

intelligent intelligent boundary boundary devicesdevices

Domain 1

Vision for Cross-Domain Information Exchange

Full complement Full complement of SOAP/XML of SOAP/XML services and services and

security featuressecurity features

DoDPKI

Robust, Robust, interoperable PKI interoperable PKI and ubiquitous and ubiquitous

certificatescertificates

Tagged Tagged DataData

Page 14

“Some men see things as they are and say why. I dream things that

never were and say why not.”Robert Kennedy, 1925 - 1968

Senator and Presidential Candidate

Page 15

Presenter Information

Leslie D. Owens (Les)Horizontal Fusion Management Team / Booz Allen Hamilton, Wireless Security

Lead 703/902-7091 (office)703/980-3877 (cellular)Owens_les@ bah.com (email)

Discussion