ABERDEEN PROVING GROUND, Md. (November 1, 2016) - Ongoing collaboration between the U.S. Army and the National Security Agency has led to increased developments in cryptographic modernization, information security and tactical network protection.
The U.S. Army Materiel Command’s Communications-Electronics Research, Development and Engineering Center, or CERDEC, Space and Terrestrial Communications Directorate, or S&TCD, Cyber Security and Information Assurance, or CSIA, Division is at the forefront of several NSA partnerships in support of the Soldier and industry.
CSIA’s role as a leader in Army cryptographic modernization, information security, and tactical network protection has led to CERDEC and NSA defining a cooperative approach to expediting cryptographic product fielding, in which the CSIA division will support many of the certification functions normally performed by U.S. NSA to ensure products like software-defined tactical radios meet strict NSA security requirements and quality standards.
“CSIA’s expertise, capabilities and ingenuity have been the underpinnings of continued support to the NSA's national security mission,” said Michael Monteleone, S&TCD CSIA Division chief. “This partnership will positively affect the C4ISR community, as well as the joint services by accelerating a critical process required to provide the most secure, advanced capabilities to our Service members.”
S&TCD signed an August 2016 Memorandum of Agreement, or MOA, to become an NSA Evaluation Service Laboratory, or ESL, supporting the evaluation of Government Off-the-Shelf, or GOTS, systems seeking NSA certification.
S&TCD will act as a supplement to Type 1 certification, a process that includes testing and formal analysis of the security of a product, which will vastly accelerate the time required to attain a certification decision.
Under the agreement, CERDEC will work directly with the Original Equipment Manufacturer, or OEM, to provide security guidance and assessment of the OEM's GOTS deliverables prior to NSA technical approval and certification. CERDEC’s ESL-certification efforts will help the NSA reduce the growing list of GOTS products requiring certification to meet fielding schedules, but will ultimately expedite Type 1 devices into the hands of Soldiers, said Matthew Lazzaro, S&TCD CSIA Cryptographic Modernization Branch chief.
“When the body of evidence required for Type 1 certification is fully examined right the first time, it saves time and money so that CERDEC and the Army can get Type 1 solutions into the hands of Soldiers quicker and cheaper,” said Lazzaro.
In June 2016, the Unified Cross Domain Services Management Office signed a memorandum concurring with NSA’s recommendation that CSIA met all requirements to perform Cross Domain Solutions, Lab Based Security Assessments. The LBSA focuses on assuring the robustness of designed, architected, and configured CDS security capabilities.
According to Jon Santos, S&TCD CSIA Information Security Branch chief, this achievement allows the DOD to increase the capacity to test cross domain solutions reducing a backlog and common delay in testing schedule (and therefore fielding) for CDS customers.
“Customers needed to get their products tested, but there was always a backlog as far as requirements,” Santos said. “This is not only an Army benefit, but a DOD-wide benefit as the certification will allow for accelerated schedules.”
CSIA recently held a ribbon cutting ceremony to commemorate their designation as an approved CDS test laboratory.
In 2015, NSA named S&TCD’s Cryptographic Modernization Branch as a Trusted Integrator for Commercial Solutions for Classified, or CSfC. The CSfC program is a series of vendor-agnostic, high-level security Capability Packages that provide guidance and configurations to implement secure solutions using layered Commercial Off-the-Shelf products.
The branch has worked closely with NSA to evaluate several CSfC prototype systems in order to develop risk profiles and help to create the accompanying Capability Packages.
Historically, there has been a push to use commercial encryption on military technologies and the idea was to build a device with two layers of encryption, which would adequately protect data, according to Eric Gursky, electronics engineer and CSfC team lead.
“The benefit to the Soldier is advanced capability and taking advantage of the latest and greatest technology,” said Gursky. “We build and test systems specifically for the military and tactical needs and make it available so that Battalions in the field can use our blueprints and configurations and apply it themselves.”
The Cryptographic Modernization Branch became the first CSfC Trusted Integrator in the government and currently remains the only one in the Army, said Gursky.
CERDEC’s NSA partnership will provide cyber assets to the C4ISR community and support the Army's cyber mission.