Upload
miles-copeland
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
CDIX: The Devils in the Details
Les Owens – Horizontal Fusion Management Team
NDIA Conference – Denver
24 March 2004
Page 2
“The secret of success is constancy to purpose.”
Benjamin Disraeli, 1804 - 1881British Prime Minister and novelist
Page 3
Outline
• Introduction to Cross-Domain – the Challenge
• Statement of Need – Warfighter example
• Some of the Challenges – the Devils in the Details
• Key CDIX Security Requirements
• Tactical Scenario – Data to and from the Warfighter
• The Horizontal Fusion CDIX Strategy
• Vision for Cross-Domain Information Exchange
• Discussion
Page 4
Cross-Domain Information Exchange
JWICS
SIPRNET
Coalition
Unclassified
CDIXCDIXCDIXCDIX
CDIXCDIX
Page 5
Statement of Need – Warfighter Example
Self-configuring, dynamic, mobile ad hoc network (MANET) connecting soldiers and sensors
Tactical nodes are commercial IEEE 802.11g radios with ad hoc networking software operating to allow dynamic configuration
All connections protected using embedded cryptography
Note: 802.11 is commercial “WiFi.”
Satellite link provides TACLANE link encryption to tactical unit
Page 6
Some of the Challenges – the Devils in the Details
• Understanding the security policies that dictate requirements for CDIX
• Understanding technical security countermeasures that must be deployed in an environment
• Understanding how new and evolving standards and technologies can address the problem
• Determining how potential existing and emerging solutions for automated CDIX can be used
• Developing an architectural solution and CONOPS in a particular environment
• Placement of security functions and performance
• Time required for security testing and C&A
• Breaking away from “the way its been done”
Page 7
Key CDIX Security Requirements
• Malicious Code Detection must be performed To prevent and detect viruses, logic bombs, worms, etc.
• Metadata tagging with security labels
• Digital signature application and verification Provision of Cryptographic integrity Provision of Cryptographic authentication
• Preventing and detection unauthorized activity
• Mobile Code Verification must be performed
Page 8
Tactical Scenario – to and from the Warfighter
Collateral Space
SIPRNET
Sensors
NGIS
IFIS
P3
HFPFI
ArmyCSN TG
LFN
LFN
Sensors
PL
PL
troops
Unclassified Environment
Classified Environment
Page 9
Taxonomy for Cross-Domain Taxonomy for Cross-Domain Information Exchange in the Information Exchange in the
Tactical EnvironmentTactical Environment
Manual Approach
Platoon leader gets information on MANET
PDA and posts information to Collateral Space with
web-services terminal and application
Unclassified SIPRNet Unclassified SIPRNet
Platoon leader gets information from Collateral Space with web-services terminal and application and delivers to MANET
PDAs
Fusion Node Gateway delivers to Collateral Space
using web-services application
Unclassified SIPRNet Unclassified SIPRNet
Web-services terminal and application and delivers to
MANET PDAs
Automatic Approach
CDIX for Tactical Environment
Page 10
Path 1
Path 2
Path 1 will leverage web-services and existing, known CDS solutions to provide partial solution for near-term (QL-2)
Near-term/QL-2
QL-2 and Beyond
“Tiger Team”
CDIX Evolution
“Design Team”
HF CDIX Strategy – Two-Pronged Approach
Develop an achievable CDIX solution for part of cross-domain problem• Unclassified to SIPRNET• Coalition to SIPRNET• Limited, high priority data types• Automated [Note: will create value for the warfighter in the near-term]
Path 2 will aggressively explore Content Staging CDIX solution and emerging CDS solutions to provide partial solution for beyond QL-2 – leveraging other DoD CDIX efforts and NCES
5 months
8-10 months
Fast Action – Bottoms-Fast Action – Bottoms-up Approachup Approach
Fast Action – Top-down Fast Action – Top-down ApproachApproach
Page 11
Key Points About Strategy
• Provides a two-pronged approach for near-term and longer term
• Provides a path that is limited in scope and therefore achievable for this year – does not try to “boil the ocean”
• Will show significant value for the warfighter
• Is evolutionary in nature – towards the CDIX vision
• Will capitalize on our learning process
• Will capitalize on the maturation process of technology and policy
Page 122002
2003
2004
2005
2006
2007
CDIX Evolution
Air-gap
CDIX Solution for part of problemCDIX Solution for part of problem
CDIX Solution for more of problem
Full CDIX Vision
Page 13
SIPRNETDomain 2
Single NetSingle Net
Enhanced Enhanced security and security and
intelligent intelligent boundary boundary devicesdevices
Domain 1
Vision for Cross-Domain Information Exchange
Full complement Full complement of SOAP/XML of SOAP/XML services and services and
security featuressecurity features
DoDPKI
Robust, Robust, interoperable PKI interoperable PKI and ubiquitous and ubiquitous
certificatescertificates
Tagged Tagged DataData
Page 14
“Some men see things as they are and say why. I dream things that
never were and say why not.”Robert Kennedy, 1925 - 1968
Senator and Presidential Candidate
Page 15
Presenter Information
Leslie D. Owens (Les)Horizontal Fusion Management Team / Booz Allen Hamilton, Wireless Security
Lead 703/902-7091 (office)703/980-3877 (cellular)Owens_les@ bah.com (email)
Discussion