National Academies Press: OpenBook

C4ISR for Future Naval Strike Groups (2006)

Chapter: Appendix C Information Assurance

« Previous: Appendix B Agendas for Committee Meetings
Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×

C
Information Assurance

The Navy’s communications architecture must be consistent with the Department of Defense (DOD) Information Assurance (IA) policy and its implementations. This presents a challenge, as IA plans and policies are still evolving and have significant issues that need to be resolved. The IA policy is formally known as the “Information Assurance (IA) Component of the GIG Integrated Architecture, Version 1.0.”1 “Increment 1 (2008) and elements of the end state” of the GIG IA policy were approved on the basis of a memorandum of January 24, 2005, signed by Patrick M. Kern, Senior Systems Engineer, Net Centric Initiatives, Office of the Assistant Secretary of Defense for Networks and Information Integration, with the request to the Services to “please include a prioritized list of the top IA technical, affordability and operational risk areas your organization would like to see the GIG community address during 2005 and 2006.”2 The naval operational elements, the

1  

The National Security Agency developers of the overarching IA policy invited a Senior Industry Review Group (SIRG) to make recommendations and comments. The SIRG’s December 9, 2004, observations include the following: (1) “A near-term, detailed Architecture is Non-existent: It’s a really bad idea to do IA for a non existing architecture (or a set of architectural constraints and its evolvability.” (2) “Implementations are Problematic: Requires management of vast quantities of information never attempted before (identities and labels, etc.).” (3) “Survivability and Robustness are not addressed: Minimal description of data/system integrity and service availability, in the face of all meaningful threats. [need for] Fault tolerance and failure modes.” (4) “Risk is unbounded within the GIG vision: Catastrophic failures could occur. Lack of hard architectural boundaries allow for cascading failure.” Senior Industry Review Group. 2004. “Senior Industry Review Group (SIRG) Recommendations and Observations,” GIG Architecture Implications for IA Products and Services [conference], Kossiakoff Center, Johns Hopkins University/Applied Physics Laboratory, Laurel, Md., December 9.

2  

The attachment to the Kern memorandum of January 24, 2005, describes Version 1.0 as a “stra

Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×

communications elements, and science and technology (S&T) elements must provide inputs into this important policy in the context of the emerging doctrine and operational performance metrics.

As a part of developing inputs to this IA policy and for the naval forces architectures, benefit versus risk trade-offs should be conducted considering the effects of network-centric attacks. The security issues associated with the Internet Protocol (IP) should be included.

Network-centric capabilities build on the IP. There is no doubt that using the IP is very important for the naval forces; however, debate develops over how universal IP should be as a protocol. This is an area of intense debate, but the trade-offs need to be done to ensure that whatever protocol is chosen, there is a net gain in supporting the mission under both peace and wartime conditions. The DOD is migrating from a widely diverse, noninteroperable set of military protocols to a commercial IP. The original heterogeneous mixture of protocols had an advantage: something done to one system would not impact another system. Since cross-system interaction was almost nonexistent, there were no synergistic gains, which are the heart of network-centric operations, although attacks in one area did not affect another.

At the other extreme is a monoculture of using only the IP. With monocultures, an attack can spread with exponentially increasing speed. This rapid propagation across monocultures is why chicken farmers isolate their monoculture chicken flocks. The bottom line is that there are issues with both uncontrolled heterogeneity and “all IP.” The advantages of IP are extremely attractive, and the DOD has established a policy that makes Internet Protocol, version 6 (IPv6) the universal protocol. Some of the disadvantages of IP have shown up, such as the denial of service and other attacks on the Internet. However, it is important to realize that the attacks so far are relatively unsophisticated, (presumably) carried out by individual hackers, and not representative of what could be mounted by a nation-state attack.3 Methods of isolation and IP monitoring and control capabilities must be developed to handle these potentially adverse cases.

As discussed in Chapter 3 of this report, High Assurance Internet Protocol Encryption (HAIPE) is being developed by the National Security Agency for the Global Information Grid (GIG). An issue with HAIPE-encrypted IP arises when bandwidth is constrained, such as in tactical wireless and satellite communications. HAIPE-encrypted IP (Voice over Secure IP [VoSIP]) is not as efficient for

   

tegic compass,” and “defers more significant changes to future increments to allow technology to mature and provide adequate opportunities for trades between IA approaches, operational performance and affordability.”

3  

The Chinese treatise on modern strategy, Unrestricted War, by People’s Liberation Army Senior Colonels Qiao Liang and Wang Xiangsui, published in 1999 by the People’s Liberation Army Arts Publishers, Beijing, February, describes China’s consideration of a fourth military service for Information War.

Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×

functions such as encrypting voice as are other approaches, such as the use of the Future Narrow Band Digital Terminal (FNBDT).4 Both approaches will carry voice traffic; the trade-off to be made involves how important the efficient use of the available bandwidth is. Spectrum, signal-to-noise, and bandwidth, among other factors, should determine which approach is used. For example, in a bandwidth-constrained environment, the FNBDT is more efficient than either the current HAIPE 1.0 or 2.0 versions and the proposed HAIPE 3.0 version. Another part of the monoculture issue is the use of Voice over Internet Protocol (VoIP) with the converged data and control planes, compared with the totally separated conventional telephone system using Signaling System 7 or the in-between Voice over Asynchronous Transfer Mode (VoATM).5 A number of groups have raised security and other issues that need to be resolved.6

Other areas for the examination of whether IP should be used include com-

4  

FNBDT is a higher-level protocol that supports many functions, ranging from secure telephones and cellular telephones to almost any type of low-speed data exchange. It can be carried across almost any protocol, including Transmission Control Protocol/Internet Protocol (TCP/IP), asynchronous transfer mode (ATM), digital subscriber line (DSL), V.120, and cellular.

5  

ATM has been wrongly described as being only a circuit-switched technology. It is much more flexible, according to the CISCO, 2005, Internetworking Technologies Handbook, 4th ed., p. 494: “ATM is a cell-switching and multiplying technology that combines the benefits of circuit switching (guaranteed capacity and constant transmission delay) with those of packet switching (flexibility and efficiency for intermittent traffic.)” ATM is widely used in DOD networks today, carrying approximately two-thirds of the secure traffic for DOD. For example, it is the layer-two networks (Multi-Protocol Label Switching is the new approach for the Global Information Grid-Bandwidth Expansion) carrying traffic across the approximately 700 sites of the Defense Information Support Network (DISN) ATM System (DATMS) that have been used in Operation Iraqi Freedom. Typically the IP, time division multiplexing, and other protocols are carried over it. ATM encryptors are available at speeds up to 10 Gbps (MPLS has no encryption), so it can provide link encryption protection. Further, it carries TCP/IP traffic effectively.

6  

National Institute of Standards and Technology (NIST) Publication 800-58, Security Considerations for Voice Over IP Systems, by Richard Kuhn, Thomas Walsh, Steffen Fries, Gaithersburg, Maryland, January 5, 2005; also, NIST publication, NIST Suggests VOIP Caution, Gaithersburg, Maryland, May 10, 2004. The Institute of Electrical and Electronics Engineers workshop on VoIP Security: Challenges and Solutions, December 3, 2004, had invited papers on “Voice Spamming and Worms,” “Call Hijacking,” “DOS Attacks on IP Phones …,” “Mobility and Security in the Voice Over WLAN (VoWLAN).” The risk is further highlighted by the CISCO posting on its Website on January 19, 2005, of a VoIP flaw in its IOS’s Skinny Call Control Protocol. Mark Seery of RHK, Inc., commented on this as follows: “The type of packet inspection you have to do is much deeper. You have to get the applications layer and parse the SIP information. That’s a step beyond the transport-level security used to prevent most IP-based DOS attacks.” Discussions in Light Reading, January 24, 2005, and October 1, 2004, raised concerns. In the June 24, 2004, issue of Light Reading, Tom Gage of VeriSign said, “In a more VOIP-oriented business, your ports are open all the time, so you have the potential for receiving errant packets that cause network disruption.” Approaches are emerging to mitigate some of these issues, such as having isolated VoIP routing functions, adding more processing power and doing the extra filtering. However, these are not yet standardized and not in most vendors’ products.

Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×

munications that have critical timing or demand high assurance of performance, such as weapons release or nuclear control. At least over the near term, if the speed of securely moving information is important, it can be sent using IP over ATM at speeds up to 10 Gbps. IP over ATM (which is what the Defense Information Systems Agency and others used in the networks that successfully supported Operation Iraqi Freedom) provides a very assured way of isolating and controlling the IP network that is almost immune to outsider attacks. Lastly, if quality of service (QoS) is important, there are a number of options that provide QoS, including Frame Relay, ATM, and various Time Division Multiplexed systems.

In addition to security and performance issues, IP and supporting protocols continue to evolve. This change is compounded by ongoing changes to the HAIPE encryption. The good news is that more capabilities are emerging to improve network-centric capabilities. The bad news is that changes, will continue until at least 2008 and, as discussed below, coupled with other IA changes may extend to 2012 or 2016.

IP encryptors go back to the 1970s,7 but the versions are still changing over shorter periods than the equipment-refreshment time of large organizations. For example, since the Navy/Marine Corps Intranet (NMCI) was started in 2000, five versions of IP encryption have been introduced: Taclane, HAIPE versions I, II, and III, and work is now starting on features for HAIPE IV. These versions address issues such as commercialization, the transition to IPv6, reducing the encryption overhead for bandwidth-constrained communications links, “black to black” network exchanges, scalable multicast, and QoS features. For these and other issues, a number of competing approaches must be resolved and incorporated into the HAIPE encryptors before a stable baseline will exist. Since only one generation of backward compatibility is required, this is a challenge for interoperability, procurement, and upgrade planning.

Lastly, as cited earlier with the Kern memorandum, IA is in flux at both the policy level and the technology level. “Future versions (2.0, 3.0, etc.) will address details of Increment 2 (2012) and Increment 3 (2016) of the IA component of the GIG architecture.”8 The Kern memorandum goes on: “for 2005-2006 End-to-End System Engineering Advisory Activity work will address: Technology risk and solutions to technical concerns, affordability risk and program synchronization, as well as operational performance and doctrine concerns.”9 The implications of these issues must be allowed for in the architecture to ensure that the

7  

See Steven Kent and others’ summaries of encryption developments, at “Network Encryption-History and Patents” at <http://www.toad.com/gnu/netcrypt.html>. Accessed March 31, 2005.

8  

Patrick M. Kern, Office of the Assistant Secretary of Defense for Networks and Information Integration memorandum of January 24, 2005.

9  

Patrick M. Kern, Office of the Assistant Secretary of Defense for Networks and Information Integration memorandum of January 24, 2005.

Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×

naval forces dependent on network-centric operations are adequately protected during this period of protocol and IA evolution. This will not be easy and will require a comprehensive understanding of the issues. For example, in VoSIP, one of the challenges in developing the security features is to converge on common standards to ensure interoperability across the various vendor products and with that, ensure that the security features are carried across all vendors’ telephones with which the naval users will interact.10 Another area is mobile communications, which has issues that are being worked through.

10  

There are multiple VoIP architectures, including three commercial versions (Section Initiated Protocol [SIP], International Telecommunications Unions [ITU] H.323, ITU/proprietary Cisco Signaling Connection Control Part [SCCP]), as well as military versions that are still evolving.

Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×
Page 245
Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×
Page 246
Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×
Page 247
Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×
Page 248
Suggested Citation:"Appendix C Information Assurance." National Research Council. 2006. C4ISR for Future Naval Strike Groups. Washington, DC: The National Academies Press. doi: 10.17226/11605.
×
Page 249
Next: Appendix D Some Key ISR Assets, Current and Planned »
C4ISR for Future Naval Strike Groups Get This Book
×
Buy Paperback | $65.00 Buy Ebook | $54.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

The Navy has put forth a new construct for its strike forces that enables more effective forward deterrence and rapid response. A key aspect of this construct is the need for flexible, adaptive command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) systems. To assist development of this capability, the Navy asked the NRC to examine C4ISR for carrier, expeditionary, and strike and missile defense strike groups, and for expeditionary strike forces. This report provides an assessment of C4ISR capabilities for each type of strike group; recommendations for C4ISR architecture for use in major combat operations; promising technology trends; and an examination of organizational improvements that can enable the recommended architecture.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!