BlueSpace

Cross Domain Access and MILS workstations are facilitating physical infrastructure consolidation on the desktop, but are having little impact on user interface consolidation to reduce duplication for warfighters and analysts. BlueSpace takes a different approach. BlueSpace multi-level secure (MLS) applications keep the data on the right network, but give users a unified user interface that spans the different networks. 

In Afghanistan today, there are tents with up to 10 different networks and PCs - Mission Secret, ISAF Secret, NATO Secret, US Secret, UK Secret, Two Eyes Secret, Four Eyes Secret, etc. Cost pressure is driving consolidation of these physical networks into logical networks running across a single infrastructure - giving each user a single PC device that can access these separate logical networks. There are several large defense programs deploying these, such as CANES, NGEN and ETCS in the US, as well as NGD in Australia. Accredited solutions include AFRL’s SABER, NSA’s HAP and other trusted thin clients - CENTCOM and SPAWAR are also working on OB1.

These trusted workstations can reduce desktop clutter, hardware duplication, power consumption and ultimately costs. But they behave like Keyboard Video Mouse (KVM) switches - users still have:

• Multiple instances of Microsoft Outlook (one running on each domain) that don’t know about each other - each having an inbox and calendar.
• Multiple Common Operating Pictures (one running on each domain).

This is frustrating to users. It can also be dangerous, causing decisions to be made on subsets of available data as opposed to true ‘all source’ analysis, as well as delaying decision making and increasing the risks of friendly fire accidents.

Data guards have been implemented tactically to address some of these issues, but they carry risks of virus infection and content leakage when rich content is transferred between networks. The over use of data guards has been repeatedly highlighted as a concern for cyber security.

BlueSpace takes a different approach. BlueSpace multi-level secure (MLS) applications keep the data on the right network, but give users a unified user interface that spans the different networks.

• Unity: One inbox for all your email, one calendar for all your meetings.
• Discover: One search for all your intelligence sources.
• GeoSpace: One geospatial view for C2 operations.

BlueSpace’s MLS applications maintain the security controls to limit access to the data, but allow appropriately authorized users to work seamlessly across the backend stovepipes in a single user interface. The US Government provided funding to BlueSpace to develop some of the components of the Discover application as part of the Comprehensive National Cybersecurity Initiative.

BlueSpace’s multi-level applications run on top of trusted workstations such as AFRL’s SABER (formerly named DTW). BlueSpace has a set of middleware that enables orchestration of a single user interface spanning multiple Windows instances, e.g. virtual machines or remote terminal sessions. It has several advantages:

• An organization can run separate backend systems (e.g. Google Search Appliances or Microsoft Exchange Servers).
• The middleware enables platform neutrality - the same MLS application can run on Solaris 10 TX, SE Linux and the emerging RTOS platforms.
• All cross-domain data flows are centralized through a core component (the Trusted Service Bus), enabling rigorous auditing while requiring minimal customization on existing COTS applications.

All the BlueSpace multi-level applications have a fused high view at the dominant domain of metadata (e.g. email headers to build an inbox), but clicking to open or interact with the content causes a window to open automatically at the appropriate (original) domain corresponding to that content item.

Infrastructure offices can embed BlueSpace’s middleware for free on trusted workstations (BlueSpace’s business model is based on charging for end user license seats). If an organization’s mission offices never turn on the apps, the organization doesn’t pay BlueSpace anything, but if mission offices do acquire and use BlueSpace MLS applications, the IT infrastructure office can avoid extensive re-accreditation of the whole system.

MLS infrastructure offices will never pay BlueSpace a dollar in license – that’s our commitment, and it’s the reason why we are in discussions today with all the major MLS desktop programs to embed our middleware in their baselines.