Mr. Kurak is a retired naval officer with 25 years of submarine communications experience. He is presently working as part of the Virginia class ECS” design development team.
The January 2000 SUBMARINE REVIEW included an article that discussed a proposed Information Technology (IT) architecture for the Virginia class submarine. (See Submarine information Technology by LT T.R. Buchanan, p. 81, January 2000 issue.) While the need for a robust IT environment on USS VIRGINIA (SSN 774) submarines is unquestionable, the proposed implementation of separate networks, each carrying a different classification of information and providing limited physical access points, would only perpetuate our present stovepipe communications infrastructure. Instead, what is needed on VIRGINIA, as well as on existing submarines, is a single Multi-Level Security (MLS) network that fully supports the Information for the 21a Century (IT-21) vision. The warfighter must be able to access the needed information, in the desired format, from any location on the ship, in real-time.
IT-21 is a fleet-initiated C4ISR warfighting philosophy intended to transform military operations by developing a globally interoperable Navy network architecture that provides for the rapid transfer of tactical and tactical support data between all echelons of command. IT-21 is based on two main functional pillars:
- A robust network architecture based on a TCP/IP-based, client-server environment with multi-level security, emphasizing open industry standards and extensive use of commercial-off-the-shelf (COTS) networking equipment.
- Radio frequency (RF) communications channels that support high-speed ashore/afloat transfer of voice, video, and data information. The minimum data transfer rates required to achieve an IT-21 enabling capability are currently assessed as 128 kilobits-per-second (kbps).
Although both functions are equally important to achieving IT-21 functionality. this article addresses implementing a submarine-wide MLS network.
The VIRGINIA IT network architecture. and the Exterior Commnunications Subsystem (ECS) is designed to fully support the IT-21 concept. An IT architecture, similar to that which is being deployed on VIRGINIA is being developed by the Navy for back fit installation on other classes of submarines. There are also communications upgrades in development that will provide all submarines with IT-21 enabling capabilities.
Submarines in commission today have the Navy Tactical Command Support System (NTCSS) network. This fiber-optic network. which can be operated at up to the Secret-High* level provides mainly logistical support for the submarine. There are two near-term initiatives that provide submarines with IT-21 network functionality. The first connects Radio to the Combat Control system with a small. classified Local Area Network (LAN) consisting of a Windows NT Server and four laptop computers. The second initiative connects this tactical network with the existing NTCSS for greater network functionality. These improvements are being back fitted onto submarines concurrent with communications upgrades that allow the submarines to transfer data at higher speeds. The back fit network installation plan includes a separate unclassified LAN. The unclassified network will provide a means of providing sailor e-mail and other quality of life applications. The back fit plan does not, at present. provide a means of transferring higher than Secret data across the classified network.
The network architecture for VIRGINIA takes great steps towards. but falls short of. achieving the IT-21 vision of full MLS functionality. On VIRGINIA. a single Asynchronous Transfer Mode (ATM) OC-3 (155mbps) Secret-High system LAN will provide network access for tactical and non-tactical subsystems, and for individual users.
The VIRGINIA ECS will provide the RF gateway between the ship’s network and the Global Information Grid for all data and voice communications. All properly cleared users of the submarine LAN will potentially have access to Secret and below information at any terminal authorized for such access. However, Top Secret (TS) and Sensitive Compartmented Information (SCI) will require additional encryption in order to deliver that data to appropriate end-users over the Secret LAN. Only certain workstations will be authorized to process TS/SCI data.
In order to transfer TS/SCI data across the network, VIRGINIA plans to use In-Line Network Encryptors (INE) to provide the additional required security. Products available today include the Network Encryption System (NES), KG-75 (FASTLANE), and KG-175 (TACLANE). These lines will be collocated with the workstation that will process the information. It is anticipated that by the time VIRGINIA is ready to go to sea, the functional equivalents of these INEs may be reduced in size to the point where they can reside inside each individual workstation chassis. This would greatly simplify the transfer of both classified and unclassified data over the network between individual workstations, thus improving security.
In a fully implemented MLS network, all classifications of information, from unclassified to TS/SCI would share the same network backbone. Although data of varying classifications might be stored on separate servers, authorized users would be able to access desired information from any network terminal. Such a configuration is achievable today by employing a Defense in Depth architecture for the entire ship’s Information Technology Environment. It is important to note that this MLS strategy will only work if the architecture is applied to the entire enterprise, in this case, the entire submarine. An explanation of Network Defense in Depth follows.
“Defense in depth is provided by employing multiple security mechanisms at various locations (both physical and logical) in an information system. These mechanisms are applied in both a complementary and redundant manner to satisfy the information system’s security requirements. No single mechanism is relied upon to provide complete information security. To compromise the security of a DON information system, an adversary must defeat the security mechanisms, layer-by-layer. Defense in depth is extremely beneficial because most modem DON information systems are composed of Commercial Off-the-Shelf (COTS) Operating Systems (OS) and applications, and these are regularly discovered to have subtle security flaws. With proper defense-in-depth, the risk is minimized that a single security flaw in an OS or application will leave an information system vulnerable. ”
The foundation of this defense is the use of Trusted Operating Systems. Trusted Operating Systems control what specific information users can access and other functions that users can perform on the system. Trusted Operating Systems provide safeguards against internal and external threats. Enterprises can fine-tune security protections to their own specific requirements. Multiple workstations and servers can be configured together in a distributed system whereby users can share files, send mail, remotely log in and print all at multiple levels. Trusted Operating Systems use labeling of information according to classification, and Discretionary and Mandatory Access Controls (DAC/MAC) to control user access to network data. Information residing on the network is labeled according to classification and other parameters set by the network administrator. DAC/MAC creates sophisticated profiles of each user. User access to information on the network, as well as the use of network peripherals, such as printers and disk drives, is controlled by a comparison of information labels to the authorizations provided by user profiles. Other features in Trusted Operating Systems include the ability to ensure that no one user can override system protective features.
In addition to Trusted Operating Systems, Trusted Servers and other hardware also enforce access limitations and provide a means of creating enclaves of sensitive data. Positive identification of users can be enhanced through the employment of login passwords and/or biometric means of verifying identity. Fingerprint readers, for example, have become so inexpensive that some PC vendors include them as standard features. The Navy’s SMART CARD initiative includes Public Key Infrastructure (PKI) features that in addition to verifying a person’s identity when they log on to a network, also provide non-repudiation by assigning a unique digital signature” to any message generated by a user, ensuring that no one can deny having originated a message.
Administrative procedures and user training must also be part of the overall strategy to further ensure that security is maintained. Although individual platforms have unique Standard Operating Procedures for maintaining network security on system high networks, there is little Navy guidance that stipulates requirements or guidelines for designing or implementing an MLS network. Force standards have required that outline the necessary hardware, software, and administrative procedures to be used in implementing a submarine MLS network. Developing such a standard would greatly reduce the certification and accreditation challenges that currently exist.
A force-level strategy for training and retaining, billeted sysadmin personnel is essential to keep the submarine’s mission-critical networks operating at peak efficiency and security. The
Submarine Force, up to this point, has experienced great difficulty in identifying either the billets or the training methodology to ensure proper network administration and maintenance. Network sysadmin responsibilities have been assigned as collateral duties, vice identifying a dedicated billet for network administrators and support personnel. Training courses established at the Fleet Training Centers for IT training have only recently identified submarine ratings as eligible attendees. Moreover, although submarine training pipelines for FTs and ETs, now include IT training, they are not yet producing the numbers of qualified IT professionals that the Submarine Force needs serving at sea.
In addition to assigning personnel to submarines, specifically assigned as network support personnel, one solution to alleviate the lack of IT-trained personnel would be to provide all submarine ratings with basic computer and networking training as part of their initial training pipeline. Similar to the basic electrical & electronics training that most submarine ratings receive today, this training would provide a foundation that would be reinforced by fleet experience and could be built upon in subsequent pipeline training. Another method of easing acute training deficiencies specific required skills is to buy seats in specific short (one or two-day) classes taught at most community colleges. This method, which is currently used for training of federal employees, is an attractive, cost-effective option to sending personnel off the ship for long periods of training at Submarine schools or Fleet Training Centers. These techniques can be augmented through the use of commercially available interactive courseware products that a sailor can use while on the ship.
COTS technology exists and is available that can be used to construct a Defense in Depth environment that will support an MLS network that provides the required access to the appropriate user, commensurate with security clearance and need-to-know, without jeopardizing security. The controlled environment of a submarine and the nature of submarine operations make this platform the natural choice for implementing an MLS network. However, a platform-level architecture based on a Defense in Depth strategy, including Force Guidelines, and adequate personnel assignment and training is essential to successfully implementing this aspect of the IT-21 vision.
1. DON Chief Information Officer Information Technology Standards Guidance Version 98-1.1dated15 June 1998.