Approved tools to share secured information remain underutilized
Agencies need to embrace existing solutions for sharing information across secured domains
- By Ed Hammersla
- Apr 20, 2010
Ed Hammersla is chief operating officer of Trusted Computer Solutions.
Certified and accredited commercial-off-the-shelf cross domain solutions are available today so why are federal agencies still spending millions of dollars to build home grown systems to securely exchange information?
Today, everyone agrees that the ability to access information from different secure networks at various classification levels without compromise is essential. To ensure national security, agencies require access to highly sensitive information physically stored on different networks that may be unclassified, classified, secret or top secret.
Access to intelligence information between secure networks of varying classification levels is vital to developing a common operational picture, making the need for cross domain solutions more urgent than ever before. Yet, while the adoption of cross domain technology has grown significantly, measured against the barometer of what we should be doing, it is still too slow. There are a number of reasons for this. One is the limited amount of awareness and need for education hat continues to exist. There are still a surprising number of federal managers who aren’t aware that classified information can be accessed and transferred securely.
For years, the pervasive thinking has been that you can’t access or transfer data from two different networks of different classification levels from one desktop because that’s the way it was for so long. Authorized government employees who required access to data on multiple classified networks were required to have a physical connection from a single desktop system to each classified network. This resulted in decreased productivity, excess hardware, large power consumption, increased administration and operational costs.
Cross domain solutions were developed to specifically address this problem. Cross domain solutions eliminate multiple desktop systems and allow the authorized user access and transfer capabilities to any number of secure networks from a single desktop system which can be a workstation, laptop, or thin client device. Domain separation, which is what provides the security, is handled on the back end so the user can simply move from one network to another just as they would move from one window to another.
Of course, the challenge of getting systems that access classified data accredited and approved for use still isn’t easy. But it is manageable. We know it’s manageable because clearly it can be done — or we wouldn’t have the number of cross domain solutions out there in operation today. But knowing how to navigate the certification process efficiently and in a timely manner has been a real challenge for the vendor community and the government itself, although that’s improving today.
This issue is so important that the government, in July 2006, developed the Unified Cross Domain Management Office (UCDMO) out of the Office of the Director of National Intelligence. All Defense Department and intelligence community cross domain efforts fall under the jurisdiction of the UCDMO. The UCDMO has done a lot of work to review and consolidate the various cross domain solutions and mechanisms that are available in order to help government users make the best choice for their needs.
The end result is that users of cross domain solutions now have a smaller, fully vetted, list of solutions to choose from.
This list is referred to as the UCDMO Baseline ReUse list, or more commonly as the CD Baseline. The UCDMO Baseline is a list of cross domain technologies that are already in place within the Department of Defense or the Intelligence Community, have a government sponsor and at least a three year lifecycle support agreement.
The list not only identifies the cross domain solutions (including versions) that have been approved by the UCDMO but also which solutions will be put on a “sunset” list to be retired and when that will occur.
The UCDMO classifies cross domain solutions into several different categories based on functionality. By their definition, “Transfer” solutions interconnect networks that operate at different security domains and transfer information between them. “Access” solutions provide access to the data at an appropriate security level.
The UCDMO Baseline List of Solutions, available for Re-Use (as of Dec. 1, 2009) appears here for reference:
||Type of Solution |
|DSG Ver. 2.1
|DII DMS v3.1.1
||Access/ Transfer |
|HP NetTop ver. 1.3
|‡ ISSE 184.108.40.206, 220.127.116.11, 18.104.22.168
||Access/ Transfer |
|ML Chat 1.0
|‡ MLTC 3.0
|‡ Radiant Mercury 4.0.5 P3 and 4.5.2
|‡ SMART.neXt 3.1
|SOTTC ver. 1.3
|‡ TGS 2.1 P1
|TNE CORE v10
‡ - These items will be placed on the Cross Domain Inventory - Sunset List effective Oct. 1, 2010 with a final “out of the inventory” sunset date of Oct. 31, 2012. As of Oct. 1, 2010, there will be no further deployments of these CD Systems.
The UCDMO helps government organizations who need cross domain solutions move closer to the goal of seamless information sharing through a unified approach of engagement, education, socialization and motivation.
Cross domain solutions are ultimately about putting the right information in the hands of the right person at the right time to ensure national security. As we move into a new decade it is critical that cross domain solutions increase in exposure and implementations
Ed Hammersla is chief strategy officer for Forcepoint and president of Forcepoint Federal LLC.