Source: BAE Systems.
Data often moves between areas with varying classification and security levels, prompting the need for a solution that can guard critical data, irrespective of where it is traveling, from unauthorized access.
In this blog, you’ll learn what a cross domain solution (CDS) is, how it works, and why it is critical to protecting sensitive and classified information traveling between different domains.
What is a cross domain solution (CDS)?
A cross domain solution (CDS), also known as a high-speed guard solution, is a controlled interface made up of an integrated hardware/software system that facilitates the exchange of sensitive and classified information across network domains with incompatible (different) security levels. Oftentimes, this is a trusted and untrusted domain.
The U.S. National Institute of Standards and Technology (NIST) defines a cross domain solution as:
“A form of controlled interface (a boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems) that provides the ability to manually and/or automatically access and/or transfer information between different security domains.”
Cross domain solutions were developed specifically to provide absolute network integrity assurance and data confidentiality to the networks of the U.S. Government, Intelligence Community (IC), and defense branches.
Now, they can also be found in critical infrastructure, commercial, international defense, and intelligence applications to securely transfer data between domains.
Why is a cross domain solution needed?
There are three primary reasons why a cross-domain solution is necessary:
First, virtually every organization must deal with sensitive and classified information traveling to and from network domains with differing security levels; in fact, the average organization has over 300 third-party or external direct connections to their network.
Second, data of varying classification levels is usually kept on separate hardware, dramatically increasing costs and depriving military, government, and intelligence personnel of critical data.
Finally, it is not enough for organizations in high-risk environments–such as the military, critical infrastructure, and intelligence operations–to have traditional security measures like firewalls or an intrusion detection system (IDS).
High-assurance security with advanced content filtering, such as a cross domain solution, solves these problems by securing the trusted domain as well as information sharing without the risk of data exposure, corruption, or leakage.
What are the types of cross domain solutions?
Cross domain solutions can be classified into two categories: access solutions and transfer solutions.
Access solutions allow users to go through information and resources scattered in multiple domains using a single workstation, whereas transfer solutions facilitate the movement of information across domains.
How does a cross domain solution work?
A cross domain solution enables information to flow to and from incompatible security domains.
A majority of cross domain solutions feature dedicated software applications running on trusted computing, which serve as a guard in the midst of two discrete security domains: classified and public data.
Only data that meets stipulated criteria is allowed to move between domains. The criteria for approval of legitimate information may be simple or complex.
Cross domain solutions embrace the NSA-certified cross domain collaboration solution based upon the DoD’s (Department of Defense) NCES (Net Centric Enterprise Services) standard.
In addition, the Cross Domain Collaborative Information Environment (CDCIE) enables information exchange in text and whiteboard format through a language translation feature and standards-based web services among DoD and other government/non-government agencies operating at various classification levels.
A cross-domain solution architecture is composed of three parts:
- A cross-domain XML Guard
- Collaboration Gateway (CG), which is an XMPP-enabled collaboration server
- A collaboration client, which can be users’ machine run software applications or CG-provided web-based client
The primary function of Collaboration Gateway is to carry out verification of data passing through the cross domain guard.
CG paves the way for secure and reliable cross domain information transfer by aligning itself with an XMPP-capable client. It sits at the heart of CDCIE, supplying mechanisms for triggering collaboration via any cross domain solution that can transfer XML traffic.
CG assesses the legitimacy of the user, his or her presence, and the nature of metadata to control the type of information approved for viewing by individual users.
In addition, CG extends support for the U.S. Intelligence Community’s metadata standard meant for chat messages’ classification labeling, and it has in place modular, plug-in architecture supportive of every XMPP collaboration tool with the cross-domain extensions required for creating security policies.
Here are some other functions performed by CG:
- Implementing a user security policy
- Authenticating and authorizing users
- Determining users’ authority to initiate cross-domain chats
- Controlling users’ access to different chat rooms
- Imposing a message security policy
- Forwarding or blocking messages by checking the message’s classification labels
- Checking a message’s integrity
- Verifying the digital signature to prevent message repudiation
- Identifying message transformation
- Scanning messages for potential viruses
- Logging, archiving, searching and retrieving information
- Logging and archiving the entire array of cross-domain messages to the local database
- Logging every administrative action to controlled log files
- Creating new log files every day
- Preventing access to log files by collaboration users
CG integrates the XML digital signature and XML encryption algorithms to implement these security policies along with using strong user identification, authentication, and authorization measures. This allows for enhanced confidentiality and data integrity.
Source: CSIAC. A majority of cross domain solutions feature dedicated software applications running on trusted computing, which serve as a guard in the midst of two discrete security domains: classified and public data.
How is information shared through a cross domain solution?
Cross domain solutions work across different networks to make requested information available to a user, but only after accessibility rights are determined.
Here’s how that’s done.
First, a cross domain solution distinguishes data types–text, voice, video, or other–and the related applications–telephone, instant messaging, video feeds, pictures, or teleconferencing–to ensure uninterrupted service over a common infrastructure.
In order to do this, varying bandwidths, speeds, and latency is taken into account, and cross domain solutions must exercise discretionary scheduling during peak periods to keep users updated about the latest events.
Second, cross domain solutions make information accessible only to domains that match the security criteria for data handling.
There are three ways that data can be transferred:
- From a lower classification domain to a higher classification domain
- From a higher classification domain to a lower classification domain
- Bidirectionally between a high classification domain and a low classification domain
In addition, there can also be times when data that is inside the main domain needs be accessed by domains with higher or lower classification levels.
However, this data needs be protected against hacker intrusion.
To ensure the data is secure, a combination of manual and automatic protections are put into place to make sure that the information is kept safe when stored or transmitted between domains.
This is where cross domain solutions come into play: each domain is connected to one–or more–secure, trusted cross domain solutions. Any information that flows through these domains must adhere to the policies and constraints intended to protect sensitive and classified information.
For example, cross domain solutions require that each piece of information is tagged with trusted security labels to ensure that information shared across multiple domains is kept safe.
How is a cross domain solution secured?
There are three primary categories of security for cross domain solutions: security-enforcing mechanisms, secure architecture and design, and system assurance and secure operation.
Let’s take a look at each:
Security-enforcing mechanisms are context-dependent. These measures include:
- Policy enforcement
- Known-good (aka whitelisting)
- Content filtering and quarantine
- Data transformation and normalization
- DLP (Data Loss Prevention)
- Data provenance
- Protocol break
- Flow control
Secure architecture and design
Cross domain solutions must be securely designed. Some examples include:
- Defense in-depth
System assurance and secure operation
Cross domain solutions must be secure not just in design, but while operating as well. Some examples include:
- Independent assessments and LBSA (lab-based security assessments)
- Trusted platforms and components
- Secure administration
- Secure failure
- Opaque operation
- Regular maintenance, training, and support
What are the benefits of cross domain solutions?
There are five main benefits of cross domain solutions: usefulness, security, cost savings, interoperability, and compatibility.
Let’s explore each in detail:
Cross domain solutions allow a user operating from any network to locate and interact with any relevant user who possesses the information and skills to successfully complete a project.
Information sharing is random, quick, and resilient, serving a number of users on a number of different networks. The information is shared with corresponding images and files.
In compliance with the federal government, DoD, and intelligence agencies, cross domain solutions encompass three main aspects of data security. They are:
- Data confidentiality: This is assurance that critical data will not be disclosed to unauthorized and malicious processors, users, and devices.
- Data integrity: This means that information is safeguarded against non-legitimate alteration or destruction.
- Data availability: This ensures that authorized users can reliably access data and information services in a timely manner.
Cross domain solutions can moderate user’s access rights to messages at each classification and dissemination control combination point, ensuring the easy and rapid identification of incorrectly marked messages.
The client chat tool is aware of security restrictions and provides classification labeling in the user interface, inserting them into the chat message.
Cross domain solutions also have in place strong, user-proof logging of each and every collaboration. This ensures that unauthorized disclosure of information is detected later on during review.
As mentioned previously, data of different classification levels that is needed by government and military organizations is often kept on separate servers, which increases costs.
Cross domain solutions reduce costs substantially by eliminating the need for data to be protected on each system and doing away with human review each time information from a higher classification level needs to be downgraded for access by a lower level.
A cross domain solution is a single piece of hardware that discloses specific information at specific classification levels to specific users who need it while restricting access for unauthorized users, streamlining the process of sharing data.
This data is shared without exposing all confidential data, protecting networks and users from hacker attacks and data corruption.
Cross domain solutions are interoperable with earlier transfer solutions, eliminating the need for costly and unnecessary duplication of existing capabilities.
Cross domain solutions are compatible with emerging Federal Collaboration Standards, reducing the time a user needs to adapt to a new system and, once again, preventing the need for duplication of tools.
Source: BAE Systems. There are five main benefits of cross domain solutions: usefulness, security, cost savings, interoperability, and compatibility.
How are cross domain solutions implemented?
The first step in implementing a cross domain solution is identifying users who need to collaborate and mapping out their needs.
Various situations–like synchronous collaboration combining text chat and white-boarding, general purpose use, or the need for real-time operational support for enhanced availability–and the need for language translation are then taken into consideration.
After this, there are three more steps that need to be taken:
Identifying the number and types of domains that need to be supported
Proper information assurance is provided by cross-connecting the right number of domains. Collaboration Gateway (CG) paves the way for this cross-connection.
Multiple domains at the national level can be connected through a demilitarized zone via CG, which allows each domain to put forward its own security policy. Higher-level classifications can be protected through a different accreditation method.
Identifying the requirements and infrastructure of existing cross domain solutions
Implementing a cross domain solution is much easier when a previous one already exists.
If one does not exist, then requirements must be evaluated in order to implement a solution that can securely transfer information.
Developing a installation, integration, and training plan
How a cross domain solution will be installed is based on criteria such as the need for a new cross domain solution, or if an already-existing solution needs to be extended.
All relevant users and administrators need to be given proper training in order to ensure that the transition to a new system is smooth.
Of course, how long it will take to install a cross domain solution is dependent upon the nature and complexity of the solution. This is on top of obtaining required administrative approvals, which takes a significant amount of time.
Once permission to hook the solution onto a live network is obtained, assistance needs to be provided to onsite personnel, and new solutions require close coordination with the providers.
What are some challenges posed by cross domain solutions, and how can they be solved?
There are two primary challenges that are posed by cross domain solutions:
- The ability to enhance the capabilities of defense systems at reduced development, acquisition, and operation costs. This would be done by creating multi-level, secure systems that can run numerous applications on a single processor.
- The ability to provide higher survivability, functionality, mobility, connectivity, security, and safety at lower purchase, implementation, and technical training costs.
The potential solutions are:
- Taking advantage of the increase in microprocessor capability through faster, multi-core processors that can run multiple applications at the same time on fewer processors or a single processor. However, these applications must not interfere with each other.
- A standardized, cost-effective review system that is divided into numerous applications while exercising strict control on mutual interactions. A large application must be split into smaller, secure parts and larger, non-secure parts. The overall security can be downgraded, but interactions between components can be closely guarded.
How are cross domain solutions certified?
Cross domain solutions are accredited and certified by the U.S. Government, by a unit of the NSA (National Security Agency) called the National Cross Domain Strategy Management Office (NCDSMO).
NCDSMO certification requires a thorough lab-based security assessment (LBSA) that involves thoroughly testing every aspect of the device. Once this assessment is passed, the device is eligible for the “Baseline List” of solutions that are certified for use by U.S. defense and intelligence agencies.
Since testing under NCDSMO is far more rigorous than other standards, it typically is superior to and given preference over other certifications.
What security measures makes cross domain solutions different from other types of solutions?
In contrast to other network security devices, cross domain solutions use a combination of security technologies to provide layers of security rather than a single checkpoint.
Let’s take a look at some of these technologies:
Filtering and transformation
Cross domain solutions have two types of data fillers: standard data filters that have been developed by government agencies and standard bodies, and custom filters that can be designed for specific applications.
These data filters fall into two categories: standard and unstructured.
Let’s take a closer look at each:
Standard content filtering
This means that uniform content or “fixed format” messages is filtered using a processes called linear pipeline. This process applies a series of filters and checks in order, each separated into isolated, independent tasks with handoffs from one to the next.
Unstructured content filtering
This means that complex content or unstructured data or imagery is broken down into basic elements and filtered using a process called recursive decomposition. This process decomposes data so that it can be inspected using standard content filters, and in some cases, custom filters may still be required.
This means that a system blocks any unexpected data, protocols, and ports, only allowing that which is known to be authorized, expected, or requested on the appropriate pathway.
Domain separation and protocol break
To separate domains, cross domain solutions incorporate a hardware-enforced network segmentation and protocol break via data diodes.
Data flows are sent between domains via one-way transfers, with a protocol termination on the send side and protocol resume on the receive side.
For bidirectional transfers, cross domain solutions can be configured to send acknowledgements and other data through a separate return path.
Secure architecture and design
As mentioned earlier, here are five ways cross domain solutions are securely constructed.
- Defense in-depth: This means layers of defense prevent data from being compromised even if a single layer fails, including the operating system (OS), hardware, applications, and data filters.
- Redundant: This means installation of the same device/component, so that failure of a single side does not impact security controls on the other side of the device.
- Always-invoked: With security always present, this eliminates the risk of threats sneaking through under the guise of a trusted file or data stream.
- Independent: This means that each function within the transfer and filtering must be created and implemented independently of each other. This reduces or eliminates a single point of failure resulting from a single component or programming code becoming compromised.
- Non-bypassable: This means that the data stream, device hardware, and physical environment must ensure that a threat cannot find, exploit, or circumvent security measures.
What are some use cases for cross-domain solutions?
Cross domain solutions are a relatively inexpensive method of security and information assurance that provide unprecedented levels of speed, security, and flexibility to a variety of use cases outside of cybersecurity. These include:
- Supply chain security: When a company collaborates with another company to ensure a steady flow of supplies, mission-critical information must be securely and strategically delivered. Cross domain solutions protect this data from internal and external threats.
- Defense and intelligence applications: Cross domain solutions enable timely and highly secure communication between coalition parties as well as military and government agencies that need to store, process, and save data critical to security and mission success.
- Cloud assurance: Cross domain solutions enable information to be shared in real-time with numerous user communities that each have their own unique set of security policies and checks. Information is protected from cyberattacks as it passes along the cloud without directly being controlled by an organization.
Source: Peraton. Cross domain solutions are a relatively inexpensive method of security and information assurance that provide unprecedented levels of speed, security, and flexibility to a variety of use cases.
Cross domain solutions and Trenton Systems
At Trenton, our high-performance computing solutions are able to operate as cross domain solutions, ensuring data is securely stored, transferred, and shared between networks of varying security levels, all done on the same piece of hardware.
This helps to reduce costs, increase efficiency, and enhance security across the modern, multi-domain battlespace.
Additionally, we equip our systems with advanced, multi-layer cybersecurity technologies, protecting data-at rest, in-transit, and in-use across the hardware, firmware, software, and network stack.
In partnership with tech giants like Intel® and NVIDIA®, our solutions support the latest processing and networking technologies, enhancing data transfer rates, AI/ML/DL workloads, and connectivity at the edge.
Since data often needs to be shared between domains of different security levels, it is vital that information being transferred to and from domains is kept fully secured from unauthorized access.
Even the smallest data breach can result in life-threatening consequences, especially within a military environment where data needs to be accessed, moved, and stored within a matter of seconds.
In addition, data of different classification levels on different pieces of hardware poses problems by increasing costs and depriving government, military, and intelligence personnel with the key insights needed to make quick decisions in real-time.
Cross domain solutions help to address all of these problems by providing secure, rapid, and flexible bidirectional data transfer on a single piece of hardware.
Operating within a variety of use cases to maximize performance and data protection, cross domain solutions are a vital component of the increasingly advanced, virtualized, and interconnected technological ecosystem.