Advertisement

One Box, One Wire: CENTCOM's software revolution will change information sharing

By
SHAUN WATERMAN, UPI Homeland and National Security Editor

WASHINGTON, Jan. 28 (UPI) -- New software being tested by U.S. Central Command would enable military computers for the first time ever to be connected at the same time to both classified and unclassified networks -- including the public Internet.

Officials say the technology, if it proves secure, could save more than $200 million for CENTCOM and eliminate the need to use workarounds like thumb drives to move data between networks at different levels of classification -- which can facilitate the spread of viruses and other malware.

Advertisement

"It has been called the Holy Grail," Elwood "Bud" Jones, a program manager for multinational information sharing at CENTCOM, told United Press International.

Jones said CENTCOM is engaged in a piloting and testing process called a Joint Capabilities Technology Demonstration Project, code-named "One Box, One Wire," or OB1, which would end after three years with the rollout of the software throughout CENTCOM.

Currently, the 14 different computer networks that CENTCOM uses in its operations have to be physically separate, said Michael Liacko, executive vice president for business strategy at Integrity Global Security, the company that makes the new software.

"The way they are separating different networks (at different levels of classification) … is to literally have a physically separate connection, a separate wire and a separate computer," he told UPI.

Advertisement

"We have many networks that we operate on," explained Jones, including U.S. networks at various levels of classification, secret, top-secret and so on, and separate networks for each of the coalitions that CENTCOM is part of in Iraq and Afghanistan.

"As a result, you can have a lot of computers sitting around your desk, and it's not very efficient for sharing information," he said, adding, "A lot of users have two, three, four, even five computers sitting around their desk, and we have to use a switch box to switch from network to network, and we can't use multiple networks at a single time.

"OB1 allows us to reduce that infrastructure to one box, one wire; hence the name."

Eliminating the requirement for physical separation will "give us the ability to reduce our desktop infrastructure," said Jones. It "will be more efficient; it will save us money."

"Instead of having four computers for a user, you only need one, you only need one wire," he continued. "When we are deploying forward, it reduces our (air-)lift (requirements), it reduces our power requirements, it reduces our staff costs."

Jones said a "back-of-the-envelope business case analysis" he had developed showed the new technology could save "potentially in excess of $230 million" over a three-year rollout period.

Advertisement

In addition to being expensive, Jones said, the requirement for physical separation is inefficient and encourages the use of potentially dangerous workarounds. Military officials would develop plans or information on the U.S.-only networks, "but if they want to share it (with foreign partners) … they have to use a thumb drive or Flash drive to move it over to the coalition networks," he said.

"Likewise, if information comes in on (one of) the coalition network(s) and they want to share it with people who don't have access to those networks, they have to move it up to the classified network," Jones continued.

With access to multiple networks from a single box, "They can create information where it needs to be shared, rather than creating it someplace (else) and then trying to move it."

Last year the U.S. military banned the use of removable media like thumb and Flash drives after a worm spread on such devices infected CENTCOM computers.

"Through a Flash drive, a worm or a virus is introduced," said Liacko, "and moving data physically like that opens up the door, and once the door is open, it can propagate and the whole network can be compromised. Integrity stops that."

Advertisement

Retired U.S. Air Force Gen. Eugene Habiger, a member of the company's advisory board, is blunter. "Had this operating system been used within the systems (that were compromised by the worm), this would not have happened."

Habiger, a former head of cybersecurity at the Department of Energy, said the technology on which the new software was based had been certified by the National Security Agency.

"The fact that the NSA has given this certification to Integrity and its software after, as I understand it, a very intensive, exhaustive two-plus years of analysis … that speaks volumes for its reliability and security.

"This operating system is revolutionary," he concluded. "The technology is revolutionary."

The key to Integrity's game-changing character, said Jones, is known as the separation kernel, a piece of software "guaranteed to keep the different networks separate … all the way from the unclassified to the top-secret level."

The software, Liacko explained, creates "what we call security domains … in essence virtual machines or virtual servers … each one of them is impregnable. Even viruses that operate at the very deepest level of the operating system cannot get around the new software, he said.

"We sit literally on the bare metal … on the microprocessor. What we create is a secure platform, and on top of that platform you can run Windows or Linux … inside of a securely separated domain, where … your top-secret or confidential corporate data … can be protected and cannot be accessed by an intruder" from any one of the other domains.

Advertisement

Specialists at the NSA tested the system for three years, said Liacko. "We had to give source codes and blueprints to the NSA, and they began a multiyear process of doing mathematic and physical penetration testing. … They were not able to penetrate it."

The technology would already be used in embedded software in new U.S. military aircraft, said Jones, "the F-22 and the F-35 have this software on board," but now the new product, and its use in the OB1 project, also has to be certified.

"The technology is developed to the point where we actually have a working model," he said. "We have to go through a process of getting that certified … so we can actually put (those networks) on the same box … on the same wire.

"We will probably not put it on our active networks until we get the certification," he said, adding, "The purpose of that is to ensure that the software really does what it says it can."

The testing and certification process would be led for CENTCOM by the space and naval warfare center, known as SPAWAR-Atlantic, in Charleston, S.C.

Jones said the technology also would give military commanders "more flexibility in adding or deploying networks … so instead of having to create a complete infrastructure, laying wire and buying more computers, we can create something at the desktop," like a temporary network for single operations.

Advertisement

Latest Headlines