C4 Marine Brig. Gen. Kevin J. Nally - KMI Media Group

he continued. “We have to do more in terms
of protecting data on a device that is lost. We
have a whole lot of things to make it easier
when these things are in hostile environment
either to rekey them or disable them.”
The same technology could also be applied
to commercial non-government users, whose
laptops are often stolen. ViaSat is already
beginning to install the same technology on
company laptops to ensure the security of
proprietary data.
ViaSat also has an array of Type 1 encryption
technology for data in transit. These
inline network encryptors (INE) utilize a
common encryption technology called
PSIAM. This embedded crypto module is also
offered as a system to companies who need
cybersecurity technology and can incorporate
PSIAM into their computing and communications
devices. The module went through
the final security verification approval process
by NSA in December.
“That will be a fully certified instantiation
of PSIAM,” Wren said. “We are working with
handset and tablet manufacturers and want
to enable them to communicate securely. We
are seeing a lot of play in that because vendors
don’t like being tied to one ASIC and ASIC
supplier. With PSIAM FPGA-based technology
they can implement a new algorithm and
change whatever needs to be changed to keep
the product moving forward. We are hitting
power and size requirements that compete
with ASIC architectures because the PSIAM
technology is going so well.”
The KG-250X, ViaSat’s latest INE, also
uses the PSIAM crypto engine and has been
certified by NSA for Top Secret data. An
uncertified version of the device has already
been demonstrated to customers across the
services. In addition to being smaller than
any currently available INE, additional functionality
has been added as well as ruggedization
and additional processing power for
future capabilities.
Wren expects to deliver units early this
year. “We are ramping up production now
and you will see this almost pocket-sized
encryptor device, using the same technology
that we have developed in the KG-250.”
Another innovative solution for the tactical
edge is the IPS-250, which is HAIPE
compliant and interoperable with the existing
fielded Type 1 network infrastructure. “That
gets a lot of play in the services because now
it doesn’t need to be treated like a COMSEC
device,” Wren explained. “Instead, it has to be
treated only as a high value item, although
that is still important. The IPS-250 is the first
28 | MIT 15.1
and only instantiation of an NSA certified
CHVP INE out there today.”
“HAIPE encryption is moving out to the
edge. If you have a device that is mobile
and you want to get it onto the grid, doing
that in a secure manner is a big challenge.
Nonetheless, we have been able to do that
because we have built up the knowhow over
many years,” he said, adding, “The IPS-250
can be used for NATO communications, and
supports HAIPE 3.1.2 and HAIPE-to-HAIPE
keying.”
non-ClassIfIed Box
The latest update to General Dynamics’
TACLANE KG-175 family of IA products has
been the NSA certification of HAIPE 3.1.2,
which started delivery in October. This gives
users a simultaneous capability in IPv4 and
IPv6, allowing users to have a staged migration
from the former to the latter. The software
will be shipped with all new TACLANE
products and is being made available as a free
download via NSA’s SIPRNet website or a CD-
ROM, and takes 15 minutes to install.
The presence of the TACLANE product line
is substantial, with about 60,000 TACLANE-
Micro devices in service. This is supported
by roughly 60,000 TACLANE Classics and
E-100s and a further 15,000 KG-175D-Minis
and 12,000 KG-175A TACLANE-GigE, which
provide a gigabit Ethernet capability.
“They are used just about anywhere,”
explained Mike Guzelian, vice president of
secure voice and data products for General
Dynamics C4 Systems. “They could be in
a command center, a tent in the battlefield
or data closets to secure LAN connectivity
in secure building. They are used all over
SIPRNet, JWICS, GCCS, the departments of
state and homeland security and for other
federal customers and on other classified networks.
They are also pretty widely deployed in
Canada, Australia and New Zealand.”
Another key feature of 3.1.2 is what is
called HAIPE-to-HAIPE keying, allowing a
user to download the encryption keys into
one device for the entire network and rekey
all the other devices on the network, even
from the other side of the world. Previously
the key fill would have had to be physically
inputted at each device by hand.
Beyond 3.1.2, General Dynamics C4
Systems is working on hardware and software
upgrades for TACLANE to support a
new mode that NSA calls Internet Protocol
Minimum Essential Interoperability Requirements
(IPMEIR).
“This is a second mode in the box using
all commercial protocols and algorithms
next to the government HAIPE mode,” Guzelian
explained. “The reason for doing this is
to enable the deployment of TACLANEs to
non-classified networks. As part of that software
release, we are coming out with a new
piece of hardware called TACLANE-C100,
which is an unclassified device, not a CCI.
There is new designation NSA gives it, called
Crypto High Value Product (CHVP). Basically
that will run this new IPMEIR mode only in
that hardware.
“Because it is a non-classified box, it can
be deployed to other federal agencies and
state and local government. TACLANEs with
both modes will interoperate with all the
existing devices in a classified network, but
will also have a highly secure solution that
is now easy to field to other agencies. It also
protects communications with very strong
security, but again, without needing someone
to obtain Type 1 keys and to operate in a
Type 1 environment,” he continued.
The goal is to deliver the new solution
ready for certification in April 2012. A second
option would be to use it in NATO and allied
countries so that in Afghanistan, for example,
the CHVP devices can be used in current networks.
But because they are non-CCI items,
they can be left in situ when the United States
turns over control to the local authorities.
In addition to the TACLANE INEs, in the
cellular world the Sectéra Edge is being continually
improved both to maintain security
and also to enhance ruggedization to better
enable its reliable use on the battlefields of
the near future.
The Sectéra Edge is essentially two PDAs
in one via NSA’s Secure Mobile Environment
Portable Electronic Device (SME PED) program.
Even though there is only one display
and one keyboard on the device, it is actually
two physically separate PDAs, not two different
modes. There are two separate chips in
the device plus a variety of measures in place
to ensure that data between the two processors
never meets.
Guzelian explained, “There is an unclassified
PDA that allows you to go to Google
or Yahoo or any website on the Internet you
want. Then there is a classified PDA that can
talk Secret or Top Secret on the network.
Now I can get my classified e-mail on one
PDA and my unclassified e-mail on the other.
It runs a Windows operating environment
capable of downloading imagery and video.”
At the forward edge, the device has
been selected to meet the requirement for
www.MIT-kmi.com