Breadcrumb
- Home
- Capabilities
- Technologies
- Security
- Data-in-Motion Encryption
Protect Data-in-Motion from Unauthorized Access
Data-in-motion, also called data-in-transit, refers to digital information when transferring between network system nodes. Once the data is stored on a hard drive or network attached storage (NAS), it is considered data-at-rest. Equipping military systems with capable technology and protecting sensitive data from external threats is a top priority for system integrators and operators. Data can be exposed to risks both while in motion and at rest and requires protection in both states. To this end, encryption is key to maintaining the data’s integrity throughout its intended course. Multiple standards-compliant systems that ensure the security of sensitive and classified data are available in layered encryption of hardware, software, or a mix of both for system integrators to choose from.
Protect Wired Data-in-Motion
As a solution technology integrator (STI) for Cisco Systems, Curtiss-Wright integrates Cisco’s ESS-3300 embedded switch and ESR-6300 embedded router cards into rugged systems for military use cases. These Cisco technologies have undergone rigorous testing and obtained certifications, including FIPS 140-2, Common Criteria, and approval as CSfC components. These Cisco technologies are based on enterprise-grade Cisco IOS-XE software, which provides network security features that ensure highly secure voice, video, and data communication. In addition, IOS-XE has been validated on many other Cisco products for both Common Criteria and CSfC.
Switching solutions featuring CSfC-approved Cisco ESS-3300
For Layer 2 (LAN) Ethernet switch traffic data-in-motion security using MACSec, Curtiss-Wright’s Parvus® DuraNET® 3300, the PacStar 444 Small GigE Switch, and the PacStar 446 Large GigE Switch package Cisco’s ESS-3300 technology in small form factor (SFF) chassis that combines mechanical ruggedness with Cisco’s high-performance IP networking capabilities. Both the Parvus and PacStar solutions use the same Cisco technology; they are packaged in different ways with different connector types, different levels of ruggedness, etc. With Cisco Network Essentials or Network Advantage IOS-XE software licenses options, the units can support managed Layer 2 switching and Layer 3 dynamic routing with a comprehensive set of secure network services.
Routing Solution featuring CSfC-Approved Cisco ESR-6300
To secure data-in-motion for Layer 3 Wide Area Network (WAN) data, Curtiss-Wright’s Parvus DuraMAR® 6300 and the PacStar 447 Small Router Module with Cisco ESR 6300 integrate Cisco’s ESR-6300 router card and IOS-XE software into rugged systems suited for size, weight, and power (SWaP)-constrained military and civil vehicle/aircraft installations. Packaged in different ways with different connector types and levels of ruggedness, these SFF secure network routers are ideal for red-black architectures, leveraging Commercial National Security Algorithm (CNSA) suite cryptography for IPsec (aka NSA Suite B).
Protect Wireless Data-in-Motion
The NSA allows classified information to be transmitted on wireless connections, even over public and partner networks, using two sets of encryption technologies (such as Cisco and Aruba VPNs), one layered inside the other. The NSA has also approved combinations of solutions that include a layer of VPN combined with encryption provided by Wi-Fi, TLS, or MACsec, following specific guidelines.
Curtiss-Wright offers turnkey solutions based on its PacStar® 400-Series modules that can be used in a CSfC solution. These solutions are available directly from Curtiss-Wright and through other large DoD-focused systems integrators/prime contractors.
Curtiss-Wright collaborates closely with industry-leading, enterprise-class makers of networking, encryption, and cybersecurity technologies – integrating, testing, and certifying their technologies into PacStar modular systems. We provide the solutions in a pre-integrated and configured state and customize the solutions to meet program requirements.
Our PacStar CSfC Solutions are managed by IQ-Core® Software Crypto Manager (CM) to simplify maintenance, unify management, reduce complexity, decrease downtime, and shorten training for system administrators. IQ-Core CM significantly reduces equipment costs over Type 1 encryption hardware and enables U.S. coalition partner interoperability without using controlled cryptographic items (CCI).
Encryption Methods
IPsec Encryption
Internet Protocol Security (IPsec) is a suite of secure network protocols that authenticates and encrypts packets between two communication points over a Layer 3 IP wide area network (WAN). Network routers and security systems that support commercial VPN capabilities are traditionally built around IPSec and similar well-known cryptographic standards.
MACsec Encryption
When a Local Area Network (LAN) needs to protect Layer 2 Ethernet traffic, MACSec (802.1AE) encryption can authenticate and safeguard data. The MACsec standard enhances local area network (LAN) traffic security by identifying unauthorized LAN connections and excluding them from communication within the network. In addition, the protocol authenticates nodes through a secure exchange of randomly generated keys, ensuring data can only be transmitted and received by MACsec-configured nodes.
NSA Type 1 and CSfC Solutions
Traditionally, the U.S. government has used National Security Agency (NSA) Type 1 equipment built around classified algorithms to secure network traffic. However, this technology was generally only available to the government and its contractors, and its use comes with many burdensome restrictions and custodial requirements. In recent years, protecting a military platform’s classified data-in-motion as it’s routed over an IP network has become more accessible, more affordable, and faster to deploy, with the NSA’s approval of the use of commercial encryption technologies.
The Commercial Solutions for Classified (CSfC) program is an NSA initiative that allows commercial off-the-shelf (COTS) solutions that have been verified and approved to meet national security standards to be used for layered solutions protecting national security system (NSS) data that is classified up to Top Secret. This approach makes it far less burdensome to secure embedded network communications on-board an aircraft, vessel, ground vehicle, carried to the tactical edge, or even used in a home or field office. That’s because integrators can use a layered commercial solution based on public cryptography and secure protocol standards.
CSfC requires the use of two encryption layers, both of which can be either hardware, software, or a mix of the two. In addition, system integrators can select approved commercial components from the NSA Central Security Service (CSS) components list, which shows system designers what cybersecurity solutions are approved to speed their system development.
Secure Wireless Solutions for Tactical, Expeditionary, and Deployable Communications
CSfC-Approved Solutions
Parvus DuraNET 3300
A MIL-rugged 26-port Cisco IOS-managed L2/L3 embedded Ethernet switch. Integrating Cisco Systems ESS-3300 Hellcat switch modules in a robust system design.
Parvus DuraNET 3300
A MIL-rugged 26-port Cisco IOS-managed L2/L3 embedded Ethernet switch. Integrating Cisco Systems ESS-3300 Hellcat switch modules in a robust system design.
PacStar 444
Based on Cisco Embedded Services Switch (ESS) 3300, the PacStar 444 provides high-density network access at Gigabit speeds for critical voice, data, and video connectivity in a compact, rugged form-factor.
PacStar 444
Based on Cisco Embedded Services Switch (ESS) 3300, the PacStar 444 provides high-density network access at Gigabit speeds for critical voice, data, and video connectivity in a compact, rugged form-factor.
PacStar 446
Based on Cisco Embedded Services Switch (ESS) 3300, the PacStar 446 provides high-density network access at Gigabit speeds for critical voice, data, and video connectivity in a compact, rugged form-factor
PacStar 446
Based on Cisco Embedded Services Switch (ESS) 3300, the PacStar 446 provides high-density network access at Gigabit speeds for critical voice, data, and video connectivity in a compact, rugged form-factor
Parvus DuraMAR 6300
A rugged commercial off the shelf (COTS) secure mobile network router integrating Cisco’s ESR-6300 embedded services router (ESR) card and Cisco IOS-XE software.
Parvus DuraMAR 6300
A rugged commercial off the shelf (COTS) secure mobile network router integrating Cisco’s ESR-6300 embedded services router (ESR) card and Cisco IOS-XE software.
Parvus DuraMAR 63-33
The Parvus DuraMAR 63-33 is a rugged commercial off-the-shelf (COTS) Cisco IOS-XE network router and switch combo system.
Parvus DuraMAR 63-33
The Parvus DuraMAR 63-33 is a rugged commercial off-the-shelf (COTS) Cisco IOS-XE network router and switch combo system.
PacStar Tactical Cybersecurity Solutions with Cisco Technology
Providing a one-stop-shop for commercial tactical encryption solutions utilizing Cisco components for tactical networks
PacStar Tactical Cybersecurity Solutions with Cisco Technology
Providing a one-stop-shop for commercial tactical encryption solutions utilizing Cisco components for tactical networks
PacStar 447
PacStar 447 provides high-performance routing, switching, and advanced network services for critical voice, data, and video connectivity in a compact, quick setup, rugged form factor.
PacStar 447
PacStar 447 provides high-performance routing, switching, and advanced network services for critical voice, data, and video connectivity in a compact, quick setup, rugged form factor.
PacStar 211
PacStar® 211 provides high-performance routing, switching and advanced network access for critical voice, data, and video connectivity in a compact, quick-setup, rugged form factor.
PacStar 211
PacStar® 211 provides high-performance routing, switching and advanced network access for critical voice, data, and video connectivity in a compact, quick-setup, rugged form factor.
PacStar 442
The PacStar 442 provides high-density network access ports for critical voice, data, and video connectivity in a compact, quick setup, ultra-compact form- factor. The PacStar 442 uses advanced Cisco® switching technology and provides up to 10 ports of LAN access.
PacStar 442
The PacStar 442 provides high-density network access ports for critical voice, data, and video connectivity in a compact, quick setup, ultra-compact form- factor. The PacStar 442 uses advanced Cisco® switching technology and provides up to 10 ports of LAN access.
PacStar 443
The PacStar 443 provides high-density network access ports for critical voice, data, and video connectivity in a compact, quick setup, rugged form- factor. The PacStar 443 uses advanced Cisco® switching technology and provides up to 24 ports of LAN access.
PacStar 443
The PacStar 443 provides high-density network access ports for critical voice, data, and video connectivity in a compact, quick setup, rugged form- factor. The PacStar 443 uses advanced Cisco® switching technology and provides up to 24 ports of LAN access.
Security of Data-in-Motion
Secure Wireless Solutions for Tactical, Expeditionary, and Deployable Communications
This whitepaper compares various CSfC network architectures, and proposes several approaches for CSfC solutions optimized for mobility use cases.
Secure Wireless Solutions for Tactical, Expeditionary, and Deployable Communications
This whitepaper compares various CSfC network architectures, and proposes several approaches for CSfC solutions optimized for mobility use cases.
Security of Data-in-Motion
Data-in-motion, also called data-in-transit, is the digital information transferred between locations within or between network computer systems.
Security of Data-in-Motion
Data-in-motion, also called data-in-transit, is the digital information transferred between locations within or between network computer systems.
Secure Wireless Communication Supporting Vehicle-to-Vehicle and Vehicle-to-EUD for Mounted and Dismounted Connectivity
The goal of Secure Wireless Communications is to provide controlled access to classified or controlled unclassified information (CUI) over any RF transport in the field - between vehicles and end-users alike.
Secure Wireless Communication Supporting Vehicle-to-Vehicle and Vehicle-to-EUD for Mounted and Dismounted Connectivity
The goal of Secure Wireless Communications is to provide controlled access to classified or controlled unclassified information (CUI) over any RF transport in the field - between vehicles and end-users alike.
DAR Series Part 2: Commercial Solutions for Classified (CSfC)
Learn about the innovative NSA CSfC program leveraging commercial encryption technologies in a layered approach for agile and cost-effective classified data protection.
DAR Series Part 2: Commercial Solutions for Classified (CSfC)
Learn about the innovative NSA CSfC program leveraging commercial encryption technologies in a layered approach for agile and cost-effective classified data protection.
DAR Series Part 3: NSA High Assurance Type 1 Encryption
Gain valuable insights into NSA High Assurance Type 1 encryption including device consideration factors, encryption algorithms, and certification processes.
DAR Series Part 3: NSA High Assurance Type 1 Encryption
Gain valuable insights into NSA High Assurance Type 1 encryption including device consideration factors, encryption algorithms, and certification processes.
Power over Ethernet in Military Environments
Using the same cable for both power and data means that power can be delivered to devices without having to wire new circuits or requiring a separate transformer that converts AC power to DC.
Power over Ethernet in Military Environments
Using the same cable for both power and data means that power can be delivered to devices without having to wire new circuits or requiring a separate transformer that converts AC power to DC.
Data Protection Domains
Curtiss-Wright offers proven and certified COTS storage solutions that match data security requirements,
Our TrustedCOTS products provide confidence in the security and un-compromised protections.
We go the extra mile to protect our supply chain and manufacturing processes.