Bolstering Information Sharing Through The Cross-Domain
Data analysis continues to prove difficult in multilevel security realm.
Accredited, tested solutions could allow military decision makers and intelligence analysts to access information and make decisions simultaneously using information that resides in multiple security classifications. However, although the U.S. Defense Department is moving forward to address information-sharing challenges, it has encountered difficulties in proving and certifying these technologies in a testbed environment.
In military command posts today, decision makers and analysts frequently are required to leave their command centers and walk to a different workstation or facility to see all of the data pertinent to their mission. As the amount of relevant, time-sensitive data increases, so too does the need for streamlined data analysis.
The need for on-demand analysis has existed ever since computing technology became a predominant feature in war rooms. In
The resulting delays in getting the information needed to conduct analysis or provide warnings created compromising situations. For instance, a critical information shortfall occurred even before NATO forces went into
Another factor adding to the information analysis conundrum is the continued reduction of
To address the dynamic information analysis today’s war environment demands, the Department of Defense Intelligence Information System (DoDIIS) community has been tasked with advancing capabilities. Multilevel thin-client enterprise and cross-domain solutions, currently being deployed throughout the Defense Intelligence Agency (DIA) and the nine unified commands, are streamlining intelligence applications to reduce redundancies throughout military operations worldwide. Additional advancements with cross-domain solutions are being tested at the DIA, the JTC-I and the U.S. Pacific Command to create a multilevel secure environment to improve information analysis and dissemination.
One major effort the DoDIIS community has undertaken is the aggregation of the information technology operational centers located in
On the cross-domain side, the challenge is more difficult. Information transfers between classified and unclassified networks are still done through some sort of physical method: either using one-way optical connections or “sneakernet.” This was the problem encountered in
Michael Pflueger is the chief information officer of the DIA and DoDIIS and has been responsible for streamlining and strengthening the military intelligence information technology enterprise. He says that the major barrier to true cross-domain connectivity is that the Internet is one of the primary information sources. “That’s the biggest barrier. I can build trusted systems. I can accredit them for everything except those things that touch the unclassified world. The threat of the Internet is just so large that we need to figure out how to address it,” he states.
Without a doubt, the next five years will see a dramatic transformation of the
But there are chinks in the armor when it comes to viewing critical data and numerous cross-domain levels of security. “I don’t believe that we’ll ever get to a multilevel secure system where you can sit down at a workstation and it doesn’t matter what [security] classification you are,” Pflueger says.
The DoDIIS community continues to work toward achieving cross-domain connectivity with its five regional service centers. “I think we can build an architecture—such as the DoDIIS Trusted Workstation [DTW] and more heuristic guards—and make it feel like it’s multilevel secure,” Pflueger adds. “That’s one of our approaches. You log onto a DTW now, and you have five Microsoft Windows up, but you can’t really tell what security domain you are in except for the color of the screen. That’s appealing.”
The DTW (SIGNAL, October 2004, page 21) met a longstanding need within the DoDIIS community for analysts to work simultaneously in multiclassification environments and to move information easily between domains, enhancing information exchange. Although there are now between 6,000 and 8,000 DTWs worldwide, the need to integrate unclassified Internet information into the DTW remains the big challenge for cross-domain integration, and that is where the defense community has focused its attention.
“The global terrorist threat has a large data set that is available on the Internet and can be exploited,” Pflueger says. “I would like to do it from my analyst workstation rather than having to log onto another workstation. We are looking at technologies like IBM’s Webfountain, which sucks up everything on the Web, but we are still forced to do things in one-way transfers from the unclassified world to the all-source analytical world. Right now, they are done through some sort of medium—either using one-way optical connections, dumping the tape to some sort of media or hand sneakernet, and that’s just ugly.”
DoDIIS has contracted the U.S. Air Force Laboratory,
Currently, two processes govern accreditation. The first is Secret and Below Interoperability (SABI), which falls under Defense Information Systems Agency oversight. SABI is integrated with the Defense Information System Network Security and Accreditation Working Group, the body that accredits multilevel security programs, and follows the Department of Defense Information Technology Security Certification and Accreditation Process. The second process involves Top Secret and Below Interoperability (TSABI), which the DIA oversees. The SABI and TSABI processes are similar except that the latter occurs through the Defense Intelligence Community Accreditation Support Team. The technical requirements for these certifications differ and pose some additional technical issues when used to try to satisfy both worlds.
Small, innovative “tailgater” cross-domain solution companies have an arduous and costly process to overcome when introducing innovations. They must be able to prove themselves to a maze of information assurance and security organizations—far more stringent than Microsoft—so that the cross-domain solution will not compromise critical classified information.
The JTC-I is postured to assess and test joint intelligence solutions for warfighters. Led by Capt. Susan M. Chiaravalle, USN, commander, JTC-I, and Bonnie Cyr, chief information officer, JTC-I, the command’s cradle-to-grave approach of gathering lessons learned, developing or assessing prototypes and testing the solutions then developing training curriculum ensures that joint task forces have relevant doctrine, information technology solutions and communications.
Cmdr. Larios is the JTC-I lead for cross-domain solution evaluation and is plowing new ground in rapidly assessing interfaces between information domains. “The DIA is evaluating several potential solutions to integrate unclassified domains into the DoDIIS trusted workstation today,” Cmdr. Larios says. “There have been several small companies that have focused significant resources toward solving this problem, including Trusted Computer Solutions, Maxim and others. JTC-I is coordinating within JFCOM to evaluate the potential applicability of the technologies to the rest of the Defense Department/joint community. The DIA’s approach also puts the already TSABI-accredited DTW system through National Security Agency testing for SABI accreditation. The DIA will then combine the DTW with one or more of the other SABI accredited technologies, like the Tenix data diode/keyboard switches, and put the resultant SCI-unclassified, multiclassification domain system through the National Security Agency testing for SABI accreditation.”
The good news is that cross-domain innovations that make it through the
Success with cross-domain technology will be realized when decision makers can receive a rich mixture of multilevel, all-source classified and unclassified information that can be translated into actionable knowledge and rapid, effective operation time after time. This will be the discriminator, the competitive advantage. In the end, it might well be the difference between rapid victory and an agonizingly protracted engagement.
Adm. Leighton W. Smith Jr., USN (Ret.), is a senior fellow at the Center for Naval Analysis, president of Leighton Smith Associates and vice president of Global Perspectives Incorporated, both international consulting firms.