One Box, Many Networks Close to Fielding

The command, control, communications, computers, intelligence, surveillance and reconnaissance community's clamor for a reduction of under-the-desk hardware should soon be answered. Air Force Research Laboratory (AFRL) officials are working through the certification and accreditation process for a one-box solution to address the need for secure access to multiple networks, and an application to enable data sharing across those networks is close behind.

INTEGRITY Global Security and BlueSpace Software Corporation collaborated to make these offerings technically feasible. The former created a system that enables users to collapse three physical machines into one virtual instance of separation; the latter created an application to share data across them. The system, called Dell/INTEGRITY Secure Consolidated Client (DISCC), combines INTEGRITY's security kernel into Dell hardware and is applicable in situations where mission needs, such as graphical interfaces, prohibit thin-client usage. "When I saw this, not only was I impressed with the robustness of the security ... but with the simplicity," says Dr. Ryan Durante, program manager at the AFRL. He adds that the complexity of thin-client technology is one of the reasons that prevents its employment.

With the INTEGRITY solution, users plug in three networks they want to access and then "there is practically no administration to speak of," Durante explains. The prevailing thought process in the intelligence community is that unclassified and classified networks should never touch. However, Durante believes this box is sufficiently secure to prevent threats from crossing over and to keep information safe to protection level 5, though he explains that this will come later. The question of the one-box solution now is not a matter of if, but when. Durante expects wide deployment of the systems by late this year, and the U.S. Air Force, Coast Guard and Defense Logistics Agency have placed orders for the technology.

The military already has integrated the INTEGRITY separation kernel into the Joint Strike Fighter, radios and encryption devices. In 2008, the National Security Agency and the National Information Assurance Partnership did a Common Criteria Evaluation of the kernel and rated it an evaluation assurance level 6+, high robustness. At that point, Green Hills Software, the original developer, created its INTEGRITY subsidiary to take over the work. Jimmy Sorrells, senior vice president of INTEGRITY Global Security, says this current project to migrate the capabilities into the enterprise information technology space is moving forward the government's long-term investment in secure military products.

The BlueSpace application will be dropped into DISCCs sometime after fielding. It will enable users not only to access multiple networks from a single client but also to move data from one network to another, eliminating the cumbersome process currently necessary to transport data between networks. It also can reach into the e-mail systems of the different domains and pull them into one application, color coding them based on security level. Durante says, "The way [users are] able to collect and correlate the data across the disparate security domains is unprecedented."