Cross Domain Solutions and Weapons Systems

The next security domain in human protection

Often, the sharing of potentially sensitive information between two security domains with varying classifications or security levels needs to happen. A high-speed system known as a Cross Domain Solution (CDS), a highly secure integrated software-hardware system, provides a controlled and protected interface for controlling the sharing of information across critical boundaries. You can read more about the categories of CDSs (Access Solution, Transfer Solution, and Multi-Level Solution) and the DoD’s policy surrounding them in DoD Instruction 8540.01.

CDSs remain the ideal technology to secure weapons and command and control systems operating at different classification levels, however the application of their features in weapons systems is not limited to cross-domain use. The same features necessary to secure these systems in cross-domain scenarios provide significant value even when the two systems operate at the same level.

As weapon systems continue to become more interconnected and automated with more advanced sensor technologies, the need for greater standardized high-assurance filtering mechanisms increases.

For a realistic example, a U.S. warfighter sends an urgent command from an Android device to a U.S. weapons system halfway around the world to engage with a target. While both of those systems may be unclassified, the overall ability to cause kinetic damage, destruction of property, or harm to personnel, justifies implementing a highly secure filtering technology to prevent unauthorized or unintended affects, exactly what CDSs are designed to do.

According to 44 U.S.C, Section 3542, Weapons Systems remain broadly categorized as National Security Systems (NSS) and therefore, required to implement more stringent security controls found in CNSS 1253. However, the only place that a cross domain appears in that document is in reference to SC-17(14) that talks about interfaces that cross security domains.

Some precedent exists with implementing cross domain technologies in weapons systems; however, this often occurs on a case-by-case basis depending on the weapon system’s interface and classification level.

As weapon systems continue to become more interconnected and automated with more advanced sensor technologies, the need for greater standardized high-assurance filtering mechanisms increases.

This concept doesn’t just apply to weapons systems. Many other systems contain capabilities of causing harm and property damage. Particular concerns lie in the risks and threats surrounding critical infrastructure such as utilities systems (e.g. Gas, Electric, Water systems), dams, emergency services, transportation systems, etc. Often these systems rely on legacy Supervisory and Data Acquisition (SCADA) software for monitoring and management. The command and control of all of these systems are becoming increasingly interconnected and crossing geographic boundaries.

Cross domain solution technology evolves constantly to stay ahead of everchanging cyber threats. A breach in a CDS could have disastrous consequences on human life especially when bridging domains like the weapons system mentioned or an industrial environment using SCADA applications with computer-guided controls that operate a dam or an electrical grid powering a community or hospital. American power plants, water facilities and gas pipelines are also not immune to attacks as these SCADA applications are often connected to high threat networks such as the Internet.

The call for a separate security domain

While not officially “classified”, Weapons Systems and critical infrastructure systems should be considered a separate security domain and should be required to implement an interface guard such as a cross domain solution, when connecting to other domains, since a breach could result in widespread physical harm and even death. Formally categorizing weapons systems and critical infrastructure systems as a separate security domain, without a formal classification level, would allow policy makers to enforce security rules in a similar way to classified domains, while allowing more flexible technology stacks such as pluggable and interchangeable cross domain solutions.

American power plants, water facilities and gas pipelines are also not immune to attacks as these SCADA applications are often connected to high threat networks such as the Internet.

Pluggable technology already exists

The speed of critical information being filtered, validated, and getting into the right hands remains imperative. SealingTech specializes in building secure, Linux-based cross domain solutions using the best-of-breed technology for describing structured data, the Data Format Description Language (DFDL) leveraging the filtering capabilities made possible through its use that enables sensitive information to travel between incompatible domains safely and with ease.

Building well-defined communication strategies allows SealingTech to create flexible cross domain solutions for our customers. Our pluggable CDSs handle different data types quickly permitting the flow of sensitive information to reach government, military, and intelligence agencies in time to make lifesaving decisions.

Overcoming accreditation hurdles

Today, cross domain solutions remain extremely regulated. Getting one accredited and certified by the U.S. Government takes years. Regulatory burdens involve extensive policy reviews, a lab-based security assessment (LBSA) which involves testing every aspect of the CDS, and a National Security Agency (NSA) cross-domain technical advisory board review. The process also tends to be costly.

Building on a pluggable, modular framework using discrete filtering components and existing technology like the ones created by SealingTech can help reduce costs and the need for a lengthy approval process. In addition to lowering costs associated with accrediting solutions for national security system use, the extensibility of pluggable frameworks enables rapid adaptation of filtering capabilities to combat new operational threats while providing the flexibility necessary to address evolving data formats. Adaptable cross domain solutions would become more readily available to operate as a vital interconnective domain, allowing for quick decision making in real-time and enhancing the safety of human life.

Interested in learning more about SealingTech’s pluggable cross domain solutions? Contact our team.