BlueSpace

Increasing information sharing in joint and coalition operations while preserving cyber security is a significant challenge. MLS applications allow users to work seamlessly across multiple domains while reducing the quantity and richness of data being transferred between network domains.

The Challenge

The pressure from the 9/11 Report together with the constant high tempo of coalition operations involving a varied set of partners has led to a significant increase in the number of data guards being deployed tactically to support duplicating data between domains. Sometimes the requirement to transfer the data is a robust one, but often guards are relied on to build fused views of data for users from multiple networks at a single level. The user had access to all the different source networks (e.g. SIPRNet, JWICS and NSANet), but no way to visualize it in a single view without moving it to a single network domain.

The information assurance challenge is that as more and more rich data is being moved between domains, protecting the boundaries becomes more and more difficult. Separate networks were created for a reason – it is unrealistic to secure commercial applications running on Microsoft Windows to enable rigorous access controls for content at different classification levels. However, as network boundaries become more porous, a security strategy based on ‘walled gardens’ is increasingly being undermined.

The cyber security risks involved in cross domain data transfers are evident:

• High-side Infection: Moving rich data up to the high-side risks infecting the high-side network with a virus or cross-site scripting attack. Users demand more interactivity, which typically leads to support for richer data such as more file types, and this increases the surface area for attack from the low-side.
• Low-side Spills: If two way interactivity is allowed (i.e. downgrading content back down to the low-side), the downgrade process typically relies on a dirty word scanner and/or human review. Dirty word scanners are fallible, as they do not understand semantic context. Human review is expensive and time consuming – in an age of ‘real-time intelligence’, intelligence products can often be out of date by the time they have been approved through a human review process.

The Solution

Multi-Level Security (MLS) allows users to work seamlessly across multiple security domains in a single user interface, e.g. an MLS email client such as BlueSpace Unity that provides a single inbox and calendar that spans multiple domains. The MLS application typically transfers up metadata (simple text) about the content objects (e.g. email headers in Unity) to build the MLS view, but when a user clicks to open an object (e.g. an email), the application orchestrates opening the object at the low-side network domain as opposed to pulling the whole object up to the high-side. This means that the data stays on the correct (originating) network – the smaller the quantity of data moved between domains, and the lower its complexity / richness, the higher the assurance of the network boundary in preventing cyber security exploitation.

A clear use case of this type of change from cross domain transfer to MLS for cyber security reasons can be found in BlueSpace’s S2 {search and share} project. The DIA community makes regular use of a cross-domain transfer search application named MDDS for searching across domains. In MDDS, entire content objects (e.g. internet pages) are transferred up to the high-side network domain, and once there, they cannot be easily modified and ‘saved down’ to update the original source.

The US Government funded BlueSpace’s S2 {search and share} project to develop a higher assurance alternative to MDDS – this solution has been made available in the BlueSpace Discover product. Discover enables the user to search across multiple domains, but opens content objects from search results on the correct (originating) network automatically as opposed transferring the content object to the high-side. Today, the US Government is actively briefing S2 as part of the Comprehensive National Cybersecurity Initiative (CNCI) program.