State rolls on secret LANs
- By Wilson P. Dizard III
- Jul 19, 2002
State's Bruce Morrison says the LANs are pricey in part because an escort must accompany the gear to each overseas location.
Propelled by a twelvefold funding increase, the State Department is on track to install top-secret LANs at 250 overseas locations by December of next year.
Secretary of State Colin Powell orchestrated the increase that made $200 million available for the Classified Connectivity Program this year and next, State deputy CIO Bruce Morrison said.
State began the project in 1998 but had been installing about eight networks a year. 'Now, we are installing eight a month,' Morrison said.
The top-secret CCP networks use Microsoft Windows NT 4.0 and Exchange 5.0, and routers from Cisco Systems Inc. of San Jose, Calif.
Contractors Computer Sciences Corp., Electronic Data Systems Corp., Mantech International Corp. of Fairfax, Va., and STG Inc. of Fairfax, Va., are installing the LANs. The department uses bandwidth provided by the Diplomatic Telecommunications Service.
'This month we are piloting Windows 2000,' Morrison said. 'We expect next year to switch to Windows 2000.'
The CCP LANs let users send spreadsheets, Microsoft PowerPoint presentations and Microsoft Word documents around the world. They also connect to the Secret IP Router Network, the Defense Department's classified network. SIPRnet gives State users with the appropriate security clearances access to top-secret sites of the defense, intelligence and law enforcement communities.
The CCP networks are replacing secure LANs from Banyan Networks Pvt. Ltd. of India.
Only about a third of the diplomats at each post will have access to the CCP LANs, Morrison said. Use is based on the need for access to top-secret data.Costly chaperone
Outfitting a post with a CCP network costs about $1 million, twice as much as State is spending to simultaneously implement the OpenNet Plus system for sensitive but unclassified information at overseas sites.
Morrison said the CCP systems are expensive partly because a State or contract employee with a top-secret clearance must personally escort the CCP equipment during the entire journey to each overseas location. The escort is necessary because 'all you have to do is stick one little thing on the bottom of a PC to turn it into a radio station,' Morrison said.
Much of the CCP equipment also must comply with Tempest standards on emanation of electromagnetic signals, Morrison said. The National Security Agency, which sets Tempest standards, provides for several levels of protection, which State applies according to the technical sophistication of the host country and the proximity of the computers to potential eavesdropping, he said. Sophisticated eavesdroppers can use the emanations from computers to read keystrokes, computer screen content or other data. 'We check the equipment for emanations' after it is installed, Morrison said.
After technicians install the networks, security teams check every component, cable and connection '50 ways to Sunday' for security weaknesses, he said.
State deployed the CCP networks first in large embassies and in locations that are hot spots for diplomatic activity, such as the Middle East.
'This is my most popular program,' Morrison said. 'All of the ambassadors, political officers and economic officers want to send classified e-mail. ... People are fighting to get this.'
CCP lets diplomats visit their offices 'at midnight on Sunday, punch buttons and get all the telegrams from all the agencies'the Defense Department, the CIA, Treasury'all on their desktops,' Morrison said.