U.S. Department of Defense tactical networking and command post programs widely acknowledge the critical need to improve mobility. The current state-of-the-art for tent-based command posts requires hours of setup, which includes thousands of feet of copper wiring that delay network availability, resulting in a dangerous lack of situational awareness for commanders.
Currently, troops who jump from one location to another typically do so in phases. Tent infrastructure, generators, network servers and satellite links going up first followed by the running of cables to provide the local area network (LAN) command post support. This process translates to long delays in the availability of command-and-control (C2) information services, which can in turn lead to increased vulnerability of people and their systems.
Small form factor, rugged equipment required for mobility
Defensive postures of the past operated in a much more stationary battlefield environment and it was simply assumed that communications would be limited as war fighters moved from position to position. Today, technology advancements by adversaries demand that war fighters have the same secure communications experience while on the move as they do at-the-halt. Communications solutions must be delivered in a smaller form factor — whether to fit in a backpack of a dismounted soldier or integrated into Humvee.
And, the fight does not stop just because you are moving. Not only do dismounted soldiers need communications mobility, but so does the network infrastructure to support them. This is why defense forces require networking on-the-move (NOTM) capabilities. On-the-move means communications and network infrastructure packaged into a small form factor (SFF) ruggedized to adapt to mobility over any terrain and are reliable in the face of unanticipated adverse conditions.
Data-center style 19” rack mount equipment is becoming obsolete as new generations of equipment designed for tactical/expeditionary use become available with enterprise-grade networking and security technologies. Complete suites of virtualized cybersecurity, encryption, network access control, and key management are now available in small form factor for Wi-Fi and LTE access in the tactical environment.
Higher reliance on controlled unclassified information transport for tactical data
The majority of information systems war fighters use in theater provide access to controlled unclassified information (CUI) previously known as sensitive but unclassified (SBU). The problem is significant portions of critical tactical information is classified, causing access challenges for the majority of war fighters who are not cleared for access to secret information. The DoD is working on policies and procedures to downscope certain types (or portions) of classified information in an effort to expand access by policy.
Organizations will have better situational awareness when more tactical information is available to uncleared war fighters. It will enable entirely new modes of communication when paired with widespread wireless access technologies at the edge of the network. Maneuvers and tactics will improve.
Security for wireless: Beyond your local electronics superstore
A significant inhibitor of the widespread deployment of Wi-Fi and LTE in the tactical setting has been the complex and extensive security requirements associated with transmitting information over commercial radio types. Wireless tactical CUI networks are subject to complex DoD security regulations similar to those in the enterprise. The two primary regulations are DoDI 8420.01 (for CUI Wi-Fi) and the DISA Remote Teleworker/VPN guidelines and security technical implementation guides (STIGs).
DoDI 8420.01 specifically deals with the component selection, certification, and configuration requirements for Wi-Fi components. The DISA VPN STIGs cover the requirements for encryption and security over other untrusted networks including LTE, commercial ISPs, or non-government owned Wi-Fi (e.g., hotel and coffee shop Wi-Fi).
At a high level, transmitting CUI over these types of networks must use equipment and infrastructure that conform to these DoD requirements. A summary of key components required under these guidelines include:
- Use of Common Criteria and FIPS-certified equipment that is listed on the DoDIN APL
- Wi-Fi or IPsec (VPN) encryption using approved suites of AES encryption
- Public Key Infrastructure for authentication of devices using digital certificates
- Authentication server infrastructure enabling network access control
- Enclave firewalls and intrusion detection (IDS) systems
- Wireless intrusion detection (WIDS)
- DoD anti-virus and DoD vulnerability scanning
In the past, deploying the suite of technology above in a tactical setting was prohibitively large in size, weight, power and cost (SWaP-c), as well as overwhelming the limited supply of advanced IT operators in the field. However, new solutions available today have overcome these challenges through the use of small form factor equipment.
Network virtualized DoD-ready secure wireless on small form factor
A key innovation adopted from enterprise best practices is the incorporation of server virtualization. This technology initially enabled enterprises to run multiple server software packages on a single hardware server platform. It quickly inspired network and cybersecurity companies to make their technology available on virtualized appliances. The result is that entire suites of wireless and cybersecurity technologies such as the ones listed above may be installed and run on a single server.
Virtualization combined with increasingly powerful server systems available in small form factor rugged packages delivers entire new suites of virtualized DoD-ready wireless and cybersecurity solutions in systems as small as a paperback book weighing under 3 pounds.
The last piece of the puzzle: Manageability of WLAN and cyber at the edge
One complexity remains in the deployment of DoD-ready tactical Wi-Fi and LTE: manageability. The new suites of integrated technology above will be composed of heterogeneous technology in the form of software and virtualized network functions from multiple commercial vendors. The solution will be complex with many feature sets to meet interoperability and cybersecurity requirements for DoD systems. It will require a level of training and expertise for operation and maintenance that far exceeds available specialists.
To address this final issue, organizations should consider emerging software management technology that consolidates the management plane of these systems into a “single pane of glass” regardless of the type of underlying technology or vendor. The most advanced software solutions today can run in hybrid or remote modes to further address the lack of trained specialists in the field. The management system can provide full control at remote, higher-echelons that can be staffed with a limited number of advanced technical experts, providing assistance across large numbers of remote, fielded systems.
2019, the year of wireless CUI?
CUI is top of mind across DoD right now to shore up information security. In October 2018, then-Secretary of Defense Mattis issued a memorandum establishing the “Protecting Critical Technology Task Force.” The memo, undertaken in response to the loss of CUI, notably includes defense contractors, as it is these contractor-owned information systems used for classified and controlled unclassified information. The memo states that, “Working with our partners in the defense industry and research enterprise, we must ensure the integrity and security of our classified information, CUI, and key data.”
It is unsurprising that attention has turned to tactical settings where secure transmission of information over Wi-Fi and LTE is critical to supporting war-fighter mobility. The confluence of technology advances and use cases described above indicate the time is right to move to widespread adoption of wireless LAN technologies for DoD. There is a critical need to improve mobility, and the wireless, cybersecurity and server, and communications management technologies have advanced to the point of being ready to meet the need.
Charlie Kawasaki is a Certified Information Systems Security Professional and the chief technical officer of field communication and IT infrastructure developer PacStar.