Friday, July 16, 2010

Making Sure Non-Compliant PDS Survives Growing Network Security Demands

In our meetings and discussions with military network operators, we often hear concerns about bringing PDS into compliance and maintaining Authority to Operate (ATO). Operational requirements to expand secure connections have caused many DAAs to re-evaluate existing waivers for secure network infrastructure being protected by a non-compliant PDS. Many units are struggling to come up with a cost-effective, easy-to-implement solution.

While C4 networks are a critical asset and enabler for U.S. military and government operations, they are becoming more and more of a target for our enemies as well. Due to the increased reliance and dependence of military personnel on C4 networks to conduct operations, maintaining the security and availability of these networks is essential – which is why many historical waivers for PDS systems are being rescinded or scheduled to expire. As a result, many network security managers are facing the question of how to meet stringent new requirements with limited budgets and short timelines.

In many cases, the options for bringing network security up to standard present a choice between the use of encryption or making significant changes to the cable infrastructure and pathways. These approaches can be completely disruptive to existing operations and/or can cost a significant amount of money.

The Interceptor alarmed carrier PDS offers an easy and cost effective way to bring classified networks such as SIPRNet and JWICS into compliance.

The Interceptor is ideal for both outside plant and indoor applications. When monitoring building-to-building links, it provides persistent network security and eliminates the need for daily, mandatory manhole inspections and in locations where required, the need to encase the duct banks in concrete.

Inside the building, Interceptor can be added to existing cables carried in legacy hardened PDS and mitigates most issues of non-compliance due to its persistent monitoring for intrusions into the PDS. An added benefit is that the need for daily visual inspections is eliminated because the system is now considered an Alarmed Carrier Hardened Distribution System (Reference NSTISSI 7003).

How does this help with waivers that will not be renewed? With plug-and-play capability, Interceptor can be rapidly added to new or existing network infrastructure – making migration from a waivered PDS system to a fully compliant PDS system quick and cost effective.

For more information about Interceptor as a means for bringing PDS into compliance, visit http://www.networkintegritysystems.com/Non-Compliance%20PDS%20Emailer.pdf, and consult with your CTTA to ensure that any proposed system – hardened or alarmed – provides the necessary protection for unencrypted, classified national security information based upon your specific deployment.

Thursday, March 25, 2010

Marine Corps IA conference coming up next week

We’ll be heading to Palm Springs for the U.S. Marine Corp Information Assurance expo March 29-31, 2010. Visit us at booth #208 to see the Interceptor in action.

Representatives from Tyco Electronics will also be on hand to talk about their AMPTRAC intelligent infrastructure management system (IIMS). Network Integrity Systems is teaming with Tyco Electronics to provide advanced network infrastructure security. Come see Interceptor and AMPTRAC, and find out how they can be integrated to form a total solution.

More about the conference at http://www.technologyforums.com/10MC/.

Tuesday, March 16, 2010

Visit us at FOSE March 23-25

Network Integrity Systems will be at the FOSE 2010 conference next week, March 23-25, in Washington, D.C. Stop by our booth #1325 to find out what’s new in alarmed carrier PDS technology and to see a live demo of the Interceptor PDS.

While at FOSE, be sure to visit Tyco Electronics at booth #2531. Tyco is now offering the Interceptor PDS to complement Tyco’s AMPTRAC intelligent infrastructure management system. Together, these systems deliver an unprecedented level of security for classified government networks.

For more information about FOSE, go to http://www.fose.com/.

Tuesday, February 16, 2010

Interceptor demo installed at General Dynamics Executive Briefing Center

If you've been looking for an opportunity to see the Interceptor alarmed carrier PDS in action, now is your chance. A demo system has just been installed as an IT solution in the General Dynamics Executive Briefing Center in Rosslyn, Virginia. Network Integrity Systems worked with Global Com Inc., an installer of structured cabling systems, to integrate Interceptor at the facility.

The Executive Briefing Center was created to host state-of-the-art multi-media presentations and leading-edge technology demonstrations for customers and partners of General Dynamics located in the Capitol District. Interceptor, an alarmed carrier PDS that ensures the protection and availability of SIPRNet, JWICS and other classified networks transmitting national security information, is a good fit for the facility. The device facilitates increased collaboration and information sharing for anti-terrorism activities and ensures COOP and availability of command and control networks.

If you're not in the D.C. area but would like to see how the Interceptor works, we'll demo the device at a number of tradeshows this year. Look for us at:

FOSE
USMC-IA
PM NSC
LandWarNet
TechNet Asia-Pacific
NGB JITC

Friday, February 5, 2010

Fact Friday #3

I’ll address FAQs Part 3:

Q. Am I required to contain the cables being protected by Interceptor inside a hardened carrier system (i.e. rigid metallic conduit, EMT or commercial raceway)? A: It depends on the organization. Air Force updated its PDS policy in 2009 to permit flexible interlocking armored optical cables monitored by Interceptor as a PDS (up to TS-CONUS, Secret-OCONUS). Army and Navy will consider the same solution on a project-by-project basis. This allows cables to be distributed in existing conveyance (wire basket, ladder rack) or suspended from D-rings, J-Hooks, etc., resulting in tremendous cost savings and construction complexity reduction. For non-armored cables, Interceptor permits at a minimum the installation of the conduit above the ceiling or below the floor since the requirement for periodic visual inspections is eliminated when an alarmed carrier PDS is used. The benefits are still significant: more reliable inspection of the PDS (performed by the Interceptor 24/7), and much better facility aesthetics.

Q. What types of management or software tools are required to manage the Interceptor? A: The Interceptor can be locally managed by serial console, and remotely managed by Telnet or Secure Shell (SSH). The INTERCEPTOR can be accessed via terminal programs such as HyperTerminal or TeraTerm.

Q. Doesn’t the requirement to respond to alarms create an additional need for manpower? A: Since Interceptor eliminates the requirements to perform daily visual inspections of the PDS, the resources formerly used to conduct that task are no longer needed. A key thing to remember is that Interceptor prompts you when to conduct an inspection versus conducting them day-in-and-day-out whether a threat to the network exists or not. Therefore the use of Interceptor actually reduces the manpower necessary to secure a network.

Q. Who typically monitors the Interceptor and how do they receive the alarms generated? A: Monitoring responsibility is established on an organization-by-organization basis. Typically it is performed by Secu¬rity/Military Police, IT Help Desks or Network Operations & Security Centers (NOSCs). If Security/Military Police forces are used, then the Interceptor is usually integrated via dry contact interfaces into the existing building security system, which those forces routinely monitor. If monitored by IT departments or NOSCs, then the alarms are usually received via SNMP traps.

Q. Which organizations have deployed Interceptor? A: As of this printing Interceptor has been deployed by the US Air Force, US Army, US Coast Guard, US Marine Corps, CENTCOM, Department of Homeland Security, Defense Intelligence Agency, Department of Justice, DoD Department of Inspector General, Naval Surface Weapons Center, Naval Undersea Warfare Center, National Reconnaissance Office, SPAWAR, STRATCOM, The Pentagon, numerous large and small systems integrators, major defense contractors.

If you have specific questions about Interceptor or alarmed carrier PDS, email me at Amanda@networkintegritysystems.com.

Friday, January 29, 2010

Fact Friday #2

Welcome to the NIS Blog. Today’s entry contains FAQs Part 2:

Q. Does the Interceptor have an impact on the bandwidth of the network?  A: Interceptor is a physical layer device, and does not touch, process or verify the network data or the National Security Information, therefore no bandwidth bottlenecks are created allowing full utilization of the network – up to 10Gbps and beyond.

Q. Is it necessary to perform an auto-configuration before Interceptor can start protecting a network?  A: The Interceptor is set at the factory with a default profile that enables it to be placed into service and protect the network immediately. Once installed, performing an autoconfiguration while the unit continues to monitor optimizes the protection profile.

Q. Which organizations have approved Interceptor?  A: As an alarmed carrier hardened Protected Distribution System (PDS) compliant with the requirements of NSTISSI 7003, the instruction that governs the transmission of unencrypted National Security Information, INTERCEPTOR™ is a fully approved PDS option. INTERCEPTOR also complies with requirements AFI 33-201 (Air Force), AR 25-2 (Army) and NAVSO P-5239-22 (Navy). It is also listed on the US Air Force CTTA Approved Product List for PDS Alarm Systems as well as the US Navy TEMPEST PDS Approved Product list. INTERCEPTOR has been reviewed by the DISA DSAWG and confirmed as a viable tool for SIPRNet protection subject to approval by local approval authorities.

If you have specific questions you would like us to address, feel free to email me at Amanda@networkintegritysystems.com.

Friday, January 22, 2010

Fact Friday #1

We get a lot of the same questions from our customers and partners about how Interceptor works. My next few blog posts will attempt to address some of the most commonly asked questions. Here’s FAQs Part 1:


Q. How does Interceptor™ detect an intrusion into a fiber optic cable?
A: Interceptor launches a monitoring signal into a pair of fibers of the optical cable being protected, which turns the entire cable (up to 144 fibers) into a sensor. When any component of the cable is abnormally handled, for instance during an intrusion attempt, the monitored fibers sense the disturbance and Interceptor reports the event.

Q. How does Interceptor distinguish between true intrusions and everyday events that may cause nuisance alarms?
A: Interceptor incorporates a patented Smart Filtering™ technology to “auto-configure” itself and learn a baseline of normal, routine, benign, non-threatening affects upon the cable system. These normal events are thereafter ignored resulting in the elimination of false alarms.

Q. What type of fiber does Interceptor require for monitoring?
A: Interceptor uses the standard communications fibers inside the cable to perform the monitoring, and models are available for dark (unused) or active (transmitting data) fibers.

Q. Does Interceptor protect the cable or just individual fibers?
A: For most cable designs, monitoring as few as 2 fibers within the cable can protect an entire 144-fiber cable. If ingress into the cable is attempted, the protected fibers will sense the disturbance and issue an alarm.

Q. Is an Interceptor required at both ends of the cable run being protected?
A: In the case of dark fiber monitoring, a single Interceptor is required at one end of the cable. For monitoring active fibers, a single Interceptor Plus™ is required at one end of the cable along with a small passive device (Remote Termination Unit) at the far end.

Q. To how many separate buildings or drops can a single Interceptor provide a secure connection?
A: A single Interceptor can provide a secure connection to a minimum of four locations and typically, based upon the network architecture, to as many as sixteen and sometimes up to thirty-two.

If you have specific questions you would like us to address, feel free to email me at Amanda@networkintegritysystems.com.