In an era marked by rapid technological advancements and increasing connectivity, cyber space has become an even more relevant domain. Today’s cyber threats target data and systems that extend past banking information, personal devices or records, and identity fraud. Adversaries are looking to get access to national security assets – intelligence, weapons of mass destruction, or attack critical infrastructure like power grids, water supplies, and hospitals to gain strategic advantages.
For the Department of Defense (DOD) and Intelligence Community (IC), cybersecurity objectives across multi-domain operations call for increased network resilience and threat deterrence. The DOD’s Joint All-Domain Command and Control (JADC2) strategy includes usability and security. Usability applies to increasing information collection, analysis, and ease of sharing. Security focuses on the ability to mitigate risks posed to national security networks from persistent threats.
As companies and countries strive to protect their assets, cybersecurity is not merely a technical concern relegated to IT departments, it’s a national strategic imperative. This is where cybersecurity technologies and cross domain solutions (CDS) come into play.
Bridging secure networks with cross-domain solutions
CDS provide a proactive approach to prevent, detect, and respond to cyber threats in real time. Contrary to how a traditional firewall operates, CDS implement multiple layers of hardware and software-based redundancies and fail safes. A collection of carefully designed and stringently tested components enforce a pre-defined policy for highly sensitive network boundaries.
For defense and intelligence communities, these products are a key component of a defense-in-depth approach to cybersecurity, specifically for network boundary protection. They mitigate threats to highly sensitive networks where information sharing in an all-domain environment must be seamless. These systems of systems employ guidance and best practices set forth by the DOD and IC through layering policy enforcement mechanisms, data filtration, and monitoring without delay or physical interference when transferring information.
Every network plays a role in the ecosystem of cybersecurity. Outside of defense, industries like healthcare, banking, commercial aviation, and utility industries are just as much at risk to persistent malicious actors. The same concepts that apply to protecting military networks should also be applied to these less regulated, higher-risk networks to protect our national security posture.
Rethinking cybersecurity risk
Cybersecurity preparedness can be summarized as “not if, but when” in reference to a breach. This is true for both military networks and the private sector. When you think cybersecurity, you might picture software algorithms running on computers. You assume data is locked behind complex mathematical ciphers, rendering it unreadable without the correct decryption key. While encryption is essential, it is only a piece of the puzzle when reducing risk to secure networks. Software-based systems alone are prone to compromise due to the inherit complexities of applications and the operating systems they are built on.
The introduction of hardware-based cybersecurity solutions provides a higher level of assurance. Field-programmable gateway arrays (FPGAs) are the building blocks for hardware-based solutions. As an integrated and versatile circuit, they allow security protocols to be customized for specific needs around data flow enforcement and filtering. FPGAs increase the reliability and throughput of CDS to keep up with the pace of demanding data rates.
Why hardware matters: Setting a higher standard
Integrating FPGAs in advanced CDS technologies like hardware-enforced data diodes and other one-way transfer (OWT) devices ensure information flows in only one direction – reducing the risk of exfiltration or infiltration. Data diodes physically separate two networks and OWT devices transfer information from a “sender” to a “receiver.” These devices prevent content from flowing backward from a lower-security network to a higher-security network.
FPGAs can also be easily integrated into existing infrastructure to provide intricate protection, which enables secure communication across networks without disrupting operations. Information is safeguarded while allowing for collaboration across trusted domains. Even if malicious content is present on the receiving side, the OWT device will physically prevent it from being transmitted back.
Custom solutions to anticipate future threats
With today’s evolving and complex cybersecurity challenges, a holistic approach across the entire IT infrastructure environments is required – from endpoints and networks to applications and the cloud. It’s not just about detecting and defending threats, it’s also about anticipating them.
BAE Systems is at the forefront of developing cybersecurity products and CDS that meet the highest security standards for defense, intelligence, and commercial applications. These products lead the industry, including ultra-secure operating systems (OS), bi-directional guards, OWT devices, and future-ready FPGAs. The company utilizes its own STOP™ OS to build applications that address a wide range of customer needs. Products are interchangeable to solve a variety of problems and are designed to handle both enterprise-level and highly sensitive, mission-critical operations in rugged environments.
BAE Systems’ new XTS-IRIS – Large Scale Enterprise Platform solution is a hardware-based CDS to protect customers’ most critical assets. The advanced FPGA processing blades host key security controls and filters that provide the assurance that data (and nothing else) is securely transferred across domains. It can also be integrated with other cybersecurity products to provide custom solutions.
In an age where every digital exchange could be a potential vulnerability, BAE Systems is fortifying the future of cybersecurity.
