 |
1.1 |
Flexible Multilevel Secure Environment for Changing Work Responsibilities |
|
1.2 |
Identification of Available MLS Technology Resources |
|
1.3 |
Oak Ridge MLS Testbed |
|
1.4 |
Scope of this Paper |
| 1.1 |
Flexible Multilevel Secure Environment for Changing Work Responsibilities |
Within the Department of Energy (DOE), there is a need to create, store, process, and transmit classified and unclassified information within the same general work environment. This is currently being done using separate networks and stand-alone systems. Within the separate classified and unclassified networks, there is also a need to process different classification/sensitivity levels of information, to support users with different security clearance levels, and to restrict access to the appropriate levels of information. Although currently necessary for reasons of security, maintaining separate systems is more expensive and restrictive in terms of information flow. Recognizing the need to evolve from multiple, system-high networks to a single multilevel secure (MLS) network, DOE tasked Lockheed Martin Energy Systems (LMES) to develop a testbed for evaluation of MLS products in support of the Office of Security Affairs (NN-50) Demonstration Networks.
The transition of NN-50 to an MLS network is expected to occur over several years, depending on available technology and user requirements to justify the commitment of resources to the initiative. Benefits of the MLS network are expected to outweigh the associated initial costs. The MLS network will provide a flexible, expanded information flow and connectivity in an environment of anticipated downsizing and expanded user work responsibilities.
 |
to Sect. 1 menu |
One potential source of new MLS technologies is the Multilevel Information Systems Security Initiative (MISSI), which is sponsored by the National Security Agency (NSA) and the Defense Information Systems Agency (DISA). MISSI is not the only technology that will be evaluated for use in NN-50; but it does represent a planned and currently supported path to MLS.
Technology from other developmental sources will also be considered for implementation in the NN-50 network environment. With the significant research investment required for the development of MLS mechanisms, it is anticipated that most new technology will come from MISSI or other related research and development initiatives, rather than the commercial sector.
|
to Sect. 1 menu |
The purpose of the Oak Ridge MLS Testbed is to provide a controlled environment where MLS technologies can be tested and evaluated without having an adverse impact on the NN-50 production networks. Those technologies that proved to be of use in migrating the NN-50 networks from separate local area networks (LANs) to a unified MLS LAN could then be implemented at DOE Headquarters with a minimum of risk or interruption.
To accomplish this goal, the Oak Ridge MLS Testbed needs to be as accurate an emulation of the NN-50 LAN environment as possible in terms of hardware, software, and functionality. While no attempt was made to install all the applications on the MLS Testbed that the NN-50 LAN supports, enough functionality was present to ensure an accurate forecast of performance on the NN-50 LANs.
|
to Sect. 1 menu |
This fiscal year the MLS Testbed, located in Oak Ridge, Tennessee, is testing products in support of Phases 2 and 3 of the transition from separate unclassified and classified system-high LANs to full MLS. The primary technology change in Phase 2 is the connection of the unclassified and classified LANs through a controlled interface, which will support one-way information flow [i.e., electronic mail (E-mail) with attachments] from the unclassified LAN to the classified LAN. Secure Computing Corporation's Secure Network Server (SNS), also known as the Standard Mail Guard, will be used for this controlled interface to provide a strong assurance that no information from the classified LAN will be able to reach the unclassified LAN. In Phase 3, the SNS will permit two-way information flow and the connection of the classified LAN with external classified networks, including Secure Information Management Exchange System (SIMEX) and the Office of Arms Control and Nonproliferation (NN-40). Production Fortezza cards and several commercial products with Fortezza-ready applications will also be tested to provide standards-compliant digital signatures. This paper discusses the testing for Phases 2 and 3.
 |
for Article |
 |
Section |
|
to Conference Proceedings Page |