Secure View Presents What Is Needed
In national security, the concept of "for your eyes only" is very important. The right information must go only to those who are classified to see it.
Enter TITAN, the Trusted Information Transfer and Access Nexus developed by the Air Force Research Laboratory (AFRL), for users across the U.S. Department of Defense (DoD).
The TITAN suite of tools enables information sharing for cross-domain applications—handling information across different classification domains—from unclassified to top secret. The suite includes several tools, starting with an access tool called Secure View, explained David DeProspero, laboratory manager of the AFRL’s cross-domain facility. DeProspero oversees the technical aspects across the Secure View program and is chief engineer for the integration of all the cross-domain solutions at the lab.
“Cross domain, in general, is hard,” he explained. “It's probably one of the hardest things that you can do in DoD computing. Not only does it have to meet very specific technical requirements for the end user, but it has to do so in a way that is repeatedly and reliably secure.”
The first capabilities for Secure View were created several years ago, and the AFRL has continually developed the tools, obtaining additional authorities to operate, or ATOs, along the way in compliance with the National Security Agency (NSA), the chief engineer noted.
“Secure View follows a push-pull development cycle, with some of the requirements pushed to us by the NSA under their ‘Raise the Bar' program,” he said. “As those requirements come out, we have to develop and release a new version of Secure View. And for the pull development cycle, we pull requirements directly from sites.”
For this, organizations contact the lab seeking improvements. Sometimes the parties are either new to the cross-domain environment, are expanding their requirements or have found that their existing solutions do not meet their cross-domain needs.
Secure View works with any level of classification. “We can support any of them,” DeProspero said. “The flavors make no difference to us, as long as they fall in the realm of unclassified up to [secure].”
The product uses two different ways to facilitate the networking or the interconnection of those systems.
“One is that if you have a computer with multiple network interface cards or ports, you can literally plug all of those different colored network wires into the back of the box running Secure View, and Secure View will securely isolate those network channels and route them to the appropriate virtual machines,” he explained. “The second way is by using VPN [virtual private network] technology.”
When the COVID pandemic advanced the need for telework, the AFRL created what became the most popular use case for Secure View: classified telework. For that, they relied on the NSA’s Commercial Solutions for Classified, or CSfC, structure.
“What we're able to do is tunnel networks of higher classifications over a network of lower classification,” DeProspero explained. “CSfC allows us to simply plumb one network cable into a Secure View computer, and within that, one network cable runs the isolated and encrypted traffic of all of those other networks riding over it.”
CSfC endpoints within Secure View decrypt the tunneled networks, and Secure View routes them to the appropriate virtual machines. The product can also route networks of a lower classification over a higher classification network. That is the so-called non-CSfC use case, the chief engineer clarified, adding that this case does not require nearly as much hardware, though it does fundamentally the same thing by encapsulating multiple networks riding over a single network.
“Let's say you're in a facility that historically only has access to one network, and now your mission changes, and you need access to all of these different networks, but you do not have the physical capability to run different cables for those new networks using Secure View,” he offered. “You don't need to worry about that because we could tunnel all of those other networks over one carrier network. We run into this frequently, when a building is being constructed for a particular mission, and then that mission has changed.”
The chief engineer added that the user interface for Secure View is “incredibly simple,” with users up and running in about 30 seconds, even with multiple computer monitors and different networks such as Non-Classified Internet Protocol (IP) Router Network, known as NIPRNet, and the Secret IP Router Network, or SIPRNet.
“From a user experience perspective, it provides unparalleled flexibility in how you, the user, need to use your workspace,” he said. “In the old days, if you had NIPR and SIPR at your desk, you had a computer running SIPR on one monitor, and you had one computer running NIPR on another monitor. People were used to dedicating one computer monitor per virtual machine. Secure View, however, can accommodate up to 16 computer monitors per computer.”
To build further on the solution and tackle any "over the shoulder surfing" issues, the AFRL has found a way to offer the solution without the need for computer monitors.
Having augmented reality opens up more doors than what we initially expected.
“Secure View is a national security solution,” DeProspero stated. “And what that means is that it is being used at the highest levels of government, and the last thing that you thought that you would have to deal with were things like shoulder surfing. But as it turns out, it is a very real problem, and we were tasked with finding a way to be able to use Secure View without the computer monitor.”
And while this left the AFRL engineers “scratching our heads for a little while,” they found that augmented reality (AR) goggles would work just fine after first experimenting with virtual reality (VR) goggles. VR goggles immerse the viewer in a new digital reality, while AR overlaps new information onto the viewer’s real world around them.
“The problem is a lot of the users of Secure View were not brought up in the virtual reality era, myself included,” the chief engineer said. “The very first time I created a proof of concept of this in a VR headset, it made me nauseous and motion sick, and immediately we realized that just because the solution provided unparalleled security, does not mean that it provides a good user experience. So, we transitioned that to augmented reality.”
The lab worked with U.S. Special Operations Command (SOCOM) to find an AR headset. Forward-deployed soldiers from SOCOM already employ AR headsets in contentious areas. And using the goggles, the soldiers are able to see what they need while retaining immediate awareness in their real field of view.
“With an augmented reality headset, it's just a piece of glass that you can look through, but on that piece of glass a digital asset is projected,” DeProspero explained.
The headset they chose—Magic Leap 2—has a 5K resolution, which is incredibly bright and can even be used out in direct sunlight, he said. And the goggles are very light, with a form factor akin to a pair of glasses versus the weight of a traditional VR headset.
After they created the AR capability, conducted proof of concept testing and obtained user feedback from potential end users, “what we found is that people are more excited than we could have ever imagined about the prospect of being able to use these now,” DeProspero noted.
“Having augmented reality opens up more doors than what we initially expected, especially for the classified telework use cases or use cases where you need to access even higher classified networks in spaces that were natively constructed to host lower levels,” he added. “And what we found out in talking with a lot of security people is that the removal of the physical monitor is step one in being allowed to access networks of very high classifications, outside of SCIFs [sensitive compartmented information facilities] or outside environments that those networks were designed to operate within.”
