Overcoming Challenges Related to Managing PKI and VPN-Based Systems with IQ-Core® Crypto Manager
September 10, 2021
With armed forces required to operate in increasingly complex and contested battlespaces, the ability to maintain secure communications networks has never been more critical to the mission effectiveness of a force.
Examples include ongoing coalition operations in Eastern Europe where NATO and its partner forces routinely have tactical and strategic communications networks disrupted or even denied by enemy electronic warfare units.
In order to overcome such restrictions, armed forces are able to exploit next-generation commercial-off-the-shelf (COTS) technologies capable of securing communications, particularly over highly vulnerable networks.
As Charlie Kawasaki, Chief Technical Officer at Curtiss-Wright’s PacStar business unit, explains: “The military is aggressively modernizing its communications networks and Concept of Operations to achieve and maintain overmatch, while maximizing mobility and operational flexibility.
“As a result, tactical networking programs face intense pressure to utilize COTS technologies, including technologies to secure communications over untrusted networks. This is particularly true for certificate-based, Public Key Infrastructure (PKI)-enabled Virtual Private Network (VPN) solutions which can be complex and where small misconfigurations can create significant security issues.”
Curtiss-Wright Defense Solutions’ PacStar® IQ-Core Crypto Manager (CM) enables armed forces operating in contested environments to field information assurance or Security Technical Implementation Guide (STIG) compliant PKI and VPN systems for Sensitive but Unclassified (or CUI) networks transmitting information over wireless networks.
“This is transformational for NSA Commercial Solutions for Classified (CSfC) or other dual-tunnel networks which have twice the complexity because they require two sets of layered, independent PKI and VPN systems. IQ-Core CM enables organizations to overcome this complexity for wireless Local (LAN) and Wide Area Networks (WAN) as well as Mobile Ad Hoc Networks (MANETs) and classified systems by managing the most popular, NSA-certified COTS components, including IPsec gateways, firewalls, certificate authorities and more,” Kawasaki explains.
IQ-Core CM overcomes the added complexity and training burden imposed by the two layers of (PKI and VPN) encryption by simplifying the setup, configuration, and management of the underlying equipment used in CSfC solutions.
Network complexity is overcome through the reduction of the configuration errors typically witnessed in VPN setups - in addition to more simplified creation and management of digital certificates. IQ-Core CM also provides real-time monitoring of system status, as well as events and alerts.
IQ-Core CM provides additional benefits including a wizard-enabled intuitive user interface which makes CSfC set-up and operation quick and easy. The software also reduces configuration errors and assists in compliance with CSfC requirements.
“For example, using the ‘Add VPN’ wizard in IQ-Core CM tasks can be completed by simply filling out a few screens. The default values can be set in advance, making the process as easy as clicking a few ‘next’ buttons,” Kawasaki describes.
“This particular wizard, ‘Add VPN’, creates a public/private key pair on the VPN device, creates a certificate signing request, automates certificate signing, and loads and configures the VPN tunnel. This is completed in just a few seconds, without the hair-pulling and extensive manual configuration typically associated with these types of tasks.”
IQ-Core CM also simplifies troubleshooting with a series of integrated tools designed for both entry-level and advanced network administrators.
IQ-Core CM provides armed forces with increased levels in Cyber Situational Awareness (SA) through the consolidation of alert information at the tactical edge. Working alongside Security Information and Event Management (SIEM) software, IQ-Core CM provides enhanced CSfC SA at both the core and edge of the network, with extensive real-time status of crypto tunnels, certificate expiration alerts, and connection auditing.
Additionally, IQ-Core CM facilitates remote and distributed management through the ability to perform CSfC-related management tasks from anywhere in the world. Finally, IQ-Core CM streamlines innovation through the integration of a broad range of tactical and enterprise CSfC-certified communications hardware and systems, simplifying upgrades and adoption of new COTS technologies at the edge.
IQ-Core CM is field-proven and works in conjunction with IQ-Core Network Communications Manager (NCM) and IQ-Core Remote Operations and Management (ROAM) software, automating many other security, configuration management, and continuous monitoring tasks, enabling armed forces to meet policy and process requirements for secure systems transmitting critical information up to Top Secret.