Leveraging Secure Commercial Routing Technology to Protect Data-in-Motion

August 04, 2020

Leveraging Secure Commercial Routing Technology to Protect Data-in-Motion

Published in Military Embedded Systems

Specifically, the NSA’s Information Assurance Directorate (IAD)’s Commercial Solutions for Classified (CSfC) program enables cost-effective commercial products to be used in layered solutions to protect National Security System (NSS) data classified as secret. This approach makes it far less burdensome to secure embedded network communications onboard an aircraft, vessel, or ground vehicle, since integrators can use a layered commercial solution based on public cryptography and secure protocol standards (as opposed to considering NSA Type 1 devices only).

In the last few years, the NSA replaced the Suite B algorithms – in use since 2005 for protecting classified and unclassified NSS – with new algorithms included in the Commercial National Security Algorithm Suite (CNSA Suite) as part of its plans for transitioning users to quantum-resistant algorithms.

CSfC requires the use of two encryption layers, which can be both hardware, both software, or a mix of the two. System integrators can select approved commercial components from the NSA Central Security Service (CSS) Components List, which shows approved cybersecurity solutions, enabling system designers to speed their system development.

Originally, CSfC’s Manufacturer Diversity Requirements insisted system integrators select each of the two encryption layers from two separate vendors. That rule has been updated and now permits “single-manufacturer implementations of both layers,” under specified conditions when manufacturers can prove sufficient independence in the codebase and cryptographic implementations of the products used to implement each layer.

To date, Cisco is the only supplier with data-in-motion products on the CSfC-approved components list that can be used to implement both the first and second layer of encryption to satisfy CSfC requirements. Pairing a secure Cisco router and Cisco firewall, each leveraging diverse code bases, can satisfy the requirement for two layers of security.

Read the full article.

Cisco Technology

When it comes to computer networking, Cisco technology is considered the industry standard. Cisco is credited for defining many of today’s networking standards and protocols used by modern Ethernet switches and routers. Cisco has also developed a range of embedded routing and switching products that Curtiss-Wright, as a Cisco Solution Technology Integrator (STI) partner, integrates into rugged subsystems to add robust networking, communications, and security capabilities.

Security of Data-in-Motion

Military mission system data can be vulnerable to attack if not properly secured. As data travels through an Ethernet network, it can potentially fall into the wrong hands. This is as true for network data at a forward operating base as it is for local networks on board vehicles and aircraft, both manned and unmanned.