Defense and intelligence agencies depend on the timely sharing of critical national security information.
But in order to pass data between disparate networks, those agencies have long relied on “cross-domain solutions” to help control the flow of information between networks with different levels of classification.
John Meyer, vice president and general manager of software ventures and services at Arcfield, describes the technology as a “tollgate” that will allow agencies to quickly pull up the drawbridge if an inbound document is found to contain malware or an insider threat is trying to send sensitive data outside the network.
“You have an island, which is a network that is isolated outside of this cross domain service that sits at the boundary, and that allows the traffic to flow in and the traffic to flow out,” Meyer said on Federal News Network.
The memo “raises the bar for the cybersecurity of our most sensitive systems,” according to a summary of the document.
And among other actions, it requires defense and intelligence agencies to take inventory of their “cross-domain solutions,” which are “tools that transfer data between classified and unclassified systems.” The National Security Agency is responsible for establishing security standards and testing requirements for such systems.
Meyer said agencies have invested in approaches like “pre-filtering” that can strip malware out of a document or email before it’s allowed to continue into a network.
“Today, you get an email, and it has ransomware, maybe it’s quarantined,” Meyer said. “With the technology that’s being implemented in these cross domain services, they have the capacity to cleanse the document. And what that means is, it doesn’t stop, it doesn’t sit in a quarantine. And these are all based on the agency’s guides. They’ve invested a lot of money on research, looking at how you can cleanse a document once it’s actually been infected by malware or ransomware. And then allow it to continue its journey so the business process doesn’t break.”
Defense and intelligence agencies are also increasing adopting cloud services, especially after the Defense Department awarded Joint Warfighting Cloud Capability contracts to major cloud providers last year.
Meyer says the nature of cloud services and infrastructure lends itself well to pre-filtering and filtering content in “real time.”
“In the cloud, given its scalability, its built-in security elements, organizations would rather, instead of having cross domain services at those [gateways], be able to do what we call filtering in real time, which is looking at complex document types that are moving within the environment,” he said. “So, this notion of pre-filtering or real-time vetting of documents in the traffic is something that will be much more capable to do in the cloud, the agencies will be I’m sure they’ll be looking more intently at that, and how to gain efficiency.”
Defense and intelligence agencies are also looking at how they adopt integrate many legacy security technologies as well as newer approaches under the auspices of a “zero trust architecture.”
Meyer emphasizes that zero trust is not a single technology solution.
“It’s going to require lots of different products coming together, glued together under the zero trust architecture to make that work,” he said.