By Alexander Schellong, VP Global Business, INFODAS
Highly sensitive systems and data assets (domains) are often separated from the Internet or less critical systems. Separation is achieved through isolation, commonly referenced as an air gap. While isolation significantly increases the barrier for data exfiltration or malware infection, Cyberattacks can still happen in various ways. The Stuxnet attack of the Iranian nuclear program is a prominent case in point. However, keeping isolated systems updated with patches or important data and sharing selected data from those systems with others requires time and manual labor (“swivel chair” or “sneaker” networks). In other words, system and data silos—isolation—contradicts the benefits and needs of digitization such as real-time data sharing in geographically dispersed operating and IT environments.
Accordingly, cross-domain solutions (CDS) were developed over the past 10-15 years that allow the manual or automatic transfer, access or exchange of data across segmented domains of different classification levels. Data can only be shared when necessary and sharing is combined with redaction or validation requirements. CDS are not Firewalls or about encryption.
Outside of military, intelligence, homeland security and some critical infrastructure industry circles many IT professionals are not aware of CDS which also has to adapt to new end-user requirements and technology trends.
What makes Cross Domain Solutions unique?
Most cross-domain solutions are accredited by government information security authorities through rigorous multi-year testing. They need to fulfill a complex set of requirements as highly trusted components for the most sensitive environments. This includes security cleared development resources and component supply chain transparency. Moreover, hardware and software security architecture elements such as a hardened operating system, hardware-level separation, tamper-proof enclosure or enhanced secure logging. CDS functionalities include manual or automatic control of the flow of information between domains, the possibility to add customized filters (parsers) for certain data types or the capability to operate in complex environments (e.g. heat, shock, dust, humidity). Consequently, very few companies have developed CDS and CDS products tend to be higher priced.
Cross-Domain Solutions at a glance
Within the Cybersecurity solution market, CDS represents a niche within the data security, DLP, and network security space. Currently, CDS are always hardware-based solutions (security appliances). Classically CDS are boundary devices that are combined with Firewalls to protect two domains. The domain that needs to be protected or holds more sensitive data is usually referred to as HIGH while the other domain of lesser sensitivity is referred to as LOW.
The most common solution is data diodes. They ensure data flow is only possible in one direction which is mostly achieved through the use of hardware of software. To achieve this functionality, the majority of vendors use a fiber optic cable which leads to a galvanic separation between domains similar to the semiconductor of the same name. Within the public sector, data diodes are utilized to provide data to a classified network. In critical infrastructure (e.g. power plants, oil refineries, manufacturing) data diodes are used to send data out of an industrial control network to safeguard its integrity and availability while taking advantage of it for predictive maintenance. Hardware-based diodes come in different form factors but many of them are limited in transmission speed or the protocols they support. Some may include pre-defined data filters or malware protection but usually, they don’t. There are around 30-40 vendors worldwide that offer data diodes.
High Assurance Data Guards (HAG / HADG), Information Exchange Gateways (IEG) or Security Gateways have commonly used terms for security appliances that allow for controlled bi-directional data exchange between two domains. Their main purpose is to protect any accidental or purposeful leakage of classified data from a HIGH to a LOW domain. Filters check all data transfers down to the binary level. Some Security Gateways are combined with Firewalls features, optimized for streaming or emailing. There are around 10 vendors worldwide that offer these types of CDS.
Finally, CDS are complemented by solutions to securely classify data objects. These can be security appliances, virtual machines or applications. Many applications allow to tag or classify data manually or automatically. Some labels are markings inside documents, some happen through other labels are small external files. Classifications can follow regulatory compliance or a government’s classification guidelines (e.g. Confidential, Secret, Top Secret). However, when the label becomes the critical element for downstream release decisions, it needs to be protected against manipulation. In these cases, labels are cryptographically bound. There are around 5-6 vendors worldwide that offer government level data classification with secure labels.
Next steps in Cross Domain Solutions
Due to the government accreditation requirements and testing cycles, CDS tend to trail behind technology trends. These government accreditations also create market entry barriers so that vendors can ask for higher prices, even when the technology might already be outdated or offering reduced functionality. Among the areas of CDS that will require improvements are:
- Higher data volumes and lower latency
- Virtual CDS instance (Cloud CDS)
- Improved data discovery and classification (e.g. via Artificial Intelligence)
- Easier deployment
- Easier filters / parsers / Out-of-the-box filters of structured data forats
- Multi-asset management (Dashboard)
- Formfactor miniaturization
Future use-cases might be expanded to other industries within the critical infrastructure (e.g. Financial Services) and mobility (e.g. Connected Car, Planes) as the struggle of data custodians and security architects for the right balance between zero trusts, protection (“Need to Know”) and sharing continues (“Need to Share”)
The infodas approach to Cross Domain Solutions
Over 10 years ago infodas were asked by the German military to develop a bi-directional CDS for an IT-service management use-case. Machine data had to be shared from a classified environment with IT service providers such as IBM so that they could monitor and manage the machines without having access to classified data. infodas worked and continues to work closely with the German Federal Office for Information Security BSI to maintain the accreditation status for its products. Now, infodas is one of the few vendors in the world that offers products for all CDS scenarios for unidirectional transfer, bi-directional exchange and data classification between HIGH and LOW domains in the SDoT Product Family (Secure Domain Transition). All of the SDoT products feature a unique hardware and software architecture with a microkernel OS following the security by design principle. Fully evaluated and with only 15,000 lines of code, the SDoT Microkernel OS differs significantly from secure Linux OS currently used in most trusted CDS on the market.
The SDoT Diode is also the only software-based data diode in the world with 9.1 Gbit/s with a NATO, EU and German Secret accreditations. The bi-directional SDoT Security Gateway and Security Gateway Express also gained NATO, EU, and German Secret accreditations. UDP, TCP, SMTP/S, and HTTP/S can be used for transmission in each 1U 19” rack space appliance without additional proxies. The SDoT Labelling Service can be integrated into most applications to create tamper-proof NATO Stanag 4774/8 compliant XML security labels. This makes it easy to integrate the manual classification process in the workflow of whitelisted personnel. The security appliances are used in Navy vessels, weapon systems, data centers or containers around the world.
About the Author
Dr. Alexander Schellong, VP Global Business, INFODAS. As a member of the infodas management board, Alexander leads all international activities. He has extensive experience in strategic consulting, business development, general management, business unit leadership, and mission-critical international project and operations management in Europe, Middle East, Africa, and Asia for the U.S. government, the German government, and other commercial clients. His domain expertise covers among others eGovernment, Cybersecurity, Cloud, BPO or digital transformation. He has authored one book on CRM in the public sector and over 60 articles on a variety of topics at the intersection of technology, society, and organizations. He holds a Masters’s and PhD. He studied and taught at Goethe-University Frankfurt am Main, Harvard Kennedy School, The University of Tokyo and Stanford University.