Download PDF - Department of Navy Chief Information Officer - U.S. ...

More documents

Recommendations

Info

Navy Ship-to-Shore via Wireless ConnectionSPAWAR Systems Center Atlantic and Commander, Navy Installations Commandcollaborate with Joint Interoperability Test CommandBy Heather Meredith, Greg Blanche, Jackie Mastin and Chris WatsonFor many years, Navy ships pulling intoport had to drape fiber optic “umbilical”cables over the side from the ship deckbox to a pier riser for access to the shoreinfrastructure. Secure transport of shipboardvoice and data communicationsfrom Navy ships to the Network OperationsCenter occurs through these cables.But corrosion and mishandling of thecables and damage to pier risers havecaused communication outages and recurringmaintenance costs, and duringbad weather, ship communications couldbe delayed for hours if not days.But a solution to this problem is underway— the Wireless Pier Connection System.WPCS was developed by the Spaceand Naval Warfare Systems Center (SSC)Charleston (now realigned under SPAWARSystems Center Atlantic) and sponsoredby Commander, Navy Installations Command(CNIC).WPCS focuses on installation effectivenessand improvements in shore installationmanagement. This in turn reducesmanpower and support costs, as well asinstallation costs.Wireless TechnologyThe WPCS uses 802.11a and 802.11gtechnology to provide a reliable Wi-Fibridge between ships and shore networks.Wi-Fi provides a viable means ofextending communications betweenpoints where wired connections are restricteddue to costs, difficulty, or areaswhere wire deployment is just not feasible,for example, in locations near airfields,or across battlefields and expansesof water. Utilizing this wireless solution,WPCS allows Navy ships to initiate connectivityto the pier while still up to threemiles out at sea.The WPCS system includes three radioslocated on the ship: a dedicated bridgeradio, attached to an omnidirectional antennafor scanning, and two additionalradios for primary and secondary connectionsto shore. It uses auto-configurationmesh software that facilitates a reliableand continuous connection with theshore network.Shore-side equipment includes severalBelAir wireless nodes that provide connectivityinto the shore network architecture.Each WPCS system fits in a six-unithard case and requires one electrical outlet.The size and mobility are ideal for thelimited space onboard ships.The dockside unit is movable and easilymounted. Designed for all-weather conditions,BelAir wireless nodes are water anddust-proof and can withstand temperatureextremes from -40 to 122 F.Defense-in-DepthSecurity can be a problem with wirelesstechnology. Radio frequencies can beintercepted by anyone within range withthe right equipment. Because wirelessnodes can allow possible unauthorizedaccess to networks, network and data securitymust be incorporated into the wirelesssolution.The WPCS addresses this issue with acomprehensive defense-in-depth strategyutilizing wireless security solutionsthat include Air Fortress Gateway devicesand the AirDefense Wireless IntrusionPrevention System. Figure 1 illustrates theWPCS topology.Type I encryption, proprietary framestructures and a specific IP assignmentare used before applying 256-bit AdvancedEncryption Standards (AES) layer2 encryption. AES is the encryption standardfor the U.S. government and NationalSecurity Agency.Type 1 encryption refers to a deviceDuring the WPCSForum at Indian Head,Md., attendees discusstopics such as the use ofcommercial waveforms,military frequencies andbridging devices withinthe DoD. At the forum,subject matter expertsprovide a demonstrationof WPCS capabilitiesto Capt. Jon Kennedy,chief of the OSD WirelessDirectorate.or system certified by the NSA for use incryptographically securing classified U.S.government information. Type 1 certificationis a rigorous process that includestesting and formal analysis of cryptographicsecurity, functional security, tamperresistance, emissions security (EMSEC/TEMPEST) and security of the productmanufacturing and distribution process.Layer 2 encryption introduces virtually nolatency or overhead to the network.Network security considerations include:MAC filtering, fixed MAC addressscheme, Remote Authentication Dial InUser Service (RADIUS), BelAir proprietaryframe structure and WPA2 AES over-theairencryption using Wi-Fi Protected AccessPre-Shared Key (PSK) authentication.MAC, also known as Medium AccessControl, is a sublayer of the data linklayer specified in the seven-layer OpenSystem Interconnection model (layer 2).The MAC layer addressing mechanism iscalled physical address or MAC address.This is a unique serial number assigned toeach network adapter, making it possibleto deliver data packets to a destinationwithin a subnetwork.Network protection features includemonitoring and locating rouge nodes(rogue devices or data packets) and interferencesources within the WPCS airspace.The AirDefense Enterprise Wireless IntrusionDetection System provides intrusionscanning detection with continuousalarm notification.To comply with Defense Departmentpolicies, SSC Atlantic requested the assistanceof the Defense Information SystemsAgency's Joint Interoperability TestCommand to assess and certify WPCS.For more than two decades, SPAWAR haspartnered with JITC during the development,acceptance testing and subsequent58 CHIPS www.chips.navy.mil Dedicated to Sharing Information - Technology - Experience
Figure 1. WPCS topology.fielding of critical shipboard and shorebasedcommunications systems.As designated by the Joint Chiefs ofStaff, JITC is the only DoD organizationwith the mandate and authority to certifythat DoD IT and National Security Systems(IT/NSS) meet interoperability andnet-readiness requirements for joint militaryoperations.To do this, JITC follows the processesoutlined in Chairman of the Joint Chiefsof Staff Instruction 6212.01D, "Interoperabilityand Supportability of InformationTechnology and National Security Systems."This document establishes policiesand procedures for developing, coordinating,reviewing and approving IT/NSSinteroperability needs.In addition, JITC employs testingmethodologies that conform with DoDDirective (DoDD) 8500.01E, "InformationAssurance" which states that all DoD informationsystems “shall maintain anappropriate level of confidentiality, integrity,authentication, non-repudiationand availability that reflects a balanceamong the importance and sensitivity ofthe information and assets; documentedthreats and vulnerabilities; the trustworthinessof users and interconnecting systems;the impact of impairment or destructionto the DoD information system;and cost-effectiveness.”WPCS assessment activities were conductedat the JITC Indian Head, Md., testfacility from November 2007 throughJanuary 2008. During this period, JITCteamed with SSC Atlantic developers andintegrators. To ensure that WPCS met DoDrequirements, JITC’s evaluation consistedof standards conformance, performance,interoperability and information assurancetest scenarios.During the standards conformancephase, JITC evaluated WPCS componentsin an isolated environment and used testequipment to generate traffic through theWPCS to ascertain whether it conforms toapplicable standards contained in the DefenseInformation Standards Registry.During the performance and interoperabilityphases, JITC integrated the WPCSinto a representative DoD network, andagain used unique test tools to generatetraffic across the network to assess thesystem’s ability to exchange informationwithin an integrated architecture.During the information assurancephase, the JITC assessment team testedWPCS security and its compliance with IApolicies and requirements to allow connectionto a combatant command, DoDnetwork and the Global Information Grid.This test effort validated that the WPCScan interoperate with both the GIG andNavy legacy messaging networks in accordancewith DoD doctrine and policy.The assessment also verified that theWPCS architecture follows a robust defense-in-depthdesign methodology withcareful attention given to maintaining aclear separation of user traffic from managementtraffic.In June 2008, JITC hosted a “WPCSForum” at the Indian Head facility withrepresentation from the Office of the AssistantSecretary of Defense (Networksand Information Integration)/Chief InformationOfficer (ASD(NII)/CIO) WirelessDirectorate, Office of the Chief of NavalOperations, SSC Atlantic, CNIC and NSA.During the meeting, discussion pointsincluded DoD’s use of commercial waveformsand military frequencies withinwireless implementations; the use ofbridging devices in the DoD; future changesto the overarching DoD wireless policy;as well as WPCS testing milestones.JITC testers and subject matter expertsalso provided a demonstration ofthe WPCS capabilities in the JITC wirelesslaboratory.At the forum, Navy Capt. Jon Kennedy,chief of the wireless directorate, statedthat it appears WPCS meets all the DoDwireless local area network requirementsin accordance with DoDD 8100.02, "Useof Commercial Wireless Devices, Services,and Technologies in the Department ofDefense (DoD) Global Information Grid(GIG)." He indicated that the Navy shouldmove forward with the implementationof the system.Kennedy also encouraged JITC and theforum attendees to participate in futureOSD-sponsored wireless working groups.All attendees agreed that the recentWPCS assessment effort clearly serves asa model for future WLAN test events. Asa result, SPAWAR and CNIC will continueto collaborate with JITC for the developmentand certification of future versionsof the WPCS configuration.Heather Meredith serves as a corporate communicationssupport assistant to the JITC outreachdirector.Greg Blanche is the lead test engineer for theWPCS interoperability assessment, as well as otherwireless LAN evaluations.Jackie Mastin is an information systems projectofficer within the JITC GIG infrastructure branchand test lead for WPCS interoperability test efforts.Chris Watson is the JITC outreach director. Heperforms initial oversight of new programs andagreements between JITC and the DoD, federalgovernment and industry partners.CHIPS October – December 2008 59
Page 2 and 3:
CHIPS October - December 2008Volume
Page 4 and 5:
Editor’s NotebookThis issue we fe
Page 6 and 7:
Talking with Rear Admiral Wendi B.
Page 8 and 9: in less of a production role and mo
Page 10 and 11: "The Navy has conducted irregular w
Page 12 and 13: and Preventive Medicine; and Joint
Page 14 and 15: We are also working on patient trac
Page 16 and 17: Empowering the Information Systems
Page 18 and 19: "The good thing about the ENMS syst
Page 20 and 21: “We Will Never Forget”Pentagon
Page 22 and 23: SSC Atlantic Commissioned in Charle
Page 24 and 25: SSC Pacific’s Josh CaplanReceives
Page 26 and 27: Welcome to SSC Atlantic’s New Orl
Page 28 and 29: SSC Atlantic sites partner to provi
Page 30 and 31: Presenting SSC Pacific: A new name
Page 32 and 33: constraints associated with smaller
Page 34 and 35: End-to-End Systems Engineering LabS
Page 36 and 37: SSC Norfolk Workforce Excellence Co
Page 38 and 39: DON DIACAP TransitionTransitioning
Page 40 and 41: CAST requirements include the abili
Page 42 and 43: Success Stories from Naval Surface
Page 44 and 45: SWE Takes Action in Supportof Surfa
Page 46 and 47: of ownership of the process stalled
Page 48 and 49: Data as a ServiceThe new paradigm f
Page 50 and 51: encouraging the reuse of informatio
Page 52 and 53: Operationalizing Military Support t
Page 54 and 55: DoD ESI Celebrates its 10th Anniver
Page 56 and 57: and conditions pre-negotiated with
Page 60 and 61: Navy Warfare Training SystemBy U.S.
Page 62 and 63: endeavor and worth the coordination
Page 64 and 65: Tackling one of the most critical a
Page 66 and 67: 5. Which of the following is the mo
Page 68 and 69: you are searching while the rootkit
Page 70 and 71: MercuryMercury Software - Provides
Page 72 and 73: Quest ProductsQuest Products - Prov
Page 74 and 75: Office SystemsAdobeAdobe Products -
show all

Download PDF - Department of Navy Chief Information Officer - U.S. ...

Create successful ePaper yourself

Delete template?

Save as template?