Air Force deploys wireless LANs for personnel access to classified, unclassified networks
Air Force Special Operations Command deploys secure wireless mesh networks to give personnel in the field access to classified and unclassified data
- By Rutrell Yasin
- Jan 08, 2010
The Air Force Special Operations Command has deployed secure wireless local-area networks to give personnel in the field access to classified and unclassified systems.
The wireless LANs from Aruba Networks comply with Federal Information Processing Standard 140-2 for encryption. The devices can be deployed in the field in various configurations based on mission length, force structure and communications requirements, said David Logan, Aruba’s general manager of federal solutions and chief technology officer.
The self-healing, wireless mesh network uses the company’s Adaptive Radio Management technology so radio signals can hop from one access point to the next without any data cabling, Logan said.
Last year, the Air Force approached systems integrator Telos Corp. with a set of requirements for deploying a secure, wireless networking environment in the field using hardened technology, he added.
“Basically, they needed to cast a wireless network across relatively small areas and to use the wireless network to intercommunicate locally as well as back to their headquarters facilities across whatever back-haul mechanism they have,” Logan said.
Telos developed a complete architecture that included technology from Aruba and high-level encryption products from Harris Corp. and L-3 Communications, said Rob Smith, director of technology and architecture at Telos’ Secure Networks division.
A key requirement was to secure network traffic between the Unclassified but Sensitive IP Router Network (NIPRnet) and the Secret IP Router Network (SIPRnet) for classified information, Smith said.
“Using the Aruba technology, we were able to isolate the two networks and keep them completely autonomous,” he added.
The network had to be easy to deploy and capable of withstanding extremes of hot and cold, Smith said. To that end, the system has two types of omnidirectional antennas that can be deployed in any type of scenario. The network automatically establishes its communications so the operators don’t have to be radio frequency engineers to make it work, Smith said.
Logan described how the various technologies would work together. If a service member in the field needs access to NIPRnet, the Aruba network is deployed and the access points are physically dispersed to provide Wi-Fi connectivity. The access points mesh together automatically so they can be deployed without operator intervention or tuning. Then, the service member uses his or her Defense Department-issued Common Access Card and personal identification number to securely log onto a laptop PC or other device.
If the user needs access to SIPRnet, he or she would use Harris’ SecNet 54 or L-3 Communications’ client access technologies.
The Aruba network will continue to carry all the traffic, but it will in effect provide double encryption for classified users, Logan said.
“The Air Force has created a single physical architecture that is capable of logically connecting multiple networks together simultaneously,” even though they are considered to be separate through the multiple encryption technology, Logan said.
“It looks like they are using known existing protocols. FIPS 140-2 has been out for eight years, and self-healing networks have been around for awhile,” said Shawn McCarthy, director of government vendor programs at IDC Government Insights. He added that he did not know all the specifics of the project, but at face value, it appears that the companies have put together an interesting set of technologies to make the network highly functional.
Vendors must adhere to DOD's technology compatibility standards, which can limit their flexibility in some cases. “But you can be creative within those standards to come up with good, flexible, reliable networks,” McCarthy said.
Aruba’s mesh network includes embedded user access control, centralized encryption, a policy enforcement firewall and wireless intrusion detection. The firewall classifies traffic on the basis of user identity, device type, location and time of day, and provides access for different classes of users, Logan said.
Access is tightly controlled, and each user’s application traffic is inspected and validated against security policies to ensure compartmentalization between user groups, he added.
In addition to the Air Force Special Operations Command, the Federal Deposit Insurance Corp., NASA, the Energy Department, DOD’s Military Health System and select Air Force bases worldwide have deployed Aruba’s FIPS 140-2-validated mesh networks.
Rutrell Yasin is is a freelance technology writer for GCN.