By Geoff Fein

General Dynamics [GD] has developed the Trusted Virtual Environment (TVE) to solve a long-term problem of being able to take multiple computers with top secret, secret, and unclassified networks and collapse them into a single platform in a cost effective and flexible manner, a company official said.

Advances in technology enabled General Dynamics Command Control Computers and Communications (C4) systems to be able to neck down the number of computers an operator might need.

“The real reason we can do it today in a cost effective and flexible manner is two fold. One, it is the advent and maturation of technologies associated with virtual machines…virtualization…it’s kind of a hot commodity…hot technology in industry today that the commercial sector is investing heavily in. So we are exploiting virtualization,” Bill Ross, director of information assurance systems and programs, told Defense Daily in a recent interview.

“The second is the whole concept and the commercial investments being made in digital rights management. The fact they need to be able to protect their content out there in the wilds of the Internet…taking those core technologies that the commercial sector is investing in. And both virtualization and digital rights management are kind of the two catalysts for allowing in us now, in a cost effective and flexible manner, to take multiple computers and collapse them down to a single machine,” he said.

Users have told Ross about having had upward of seven different computers on their desk, and having to operate each one of those systems simultaneously.

“Obviously, there is the operational issue with having to deal with seven computer monitors in front of you, but there is also the size, weight, power and…the issues with just managing seven different boxes on each individual desk,” he explained.

The technology to collapse multiple computers into one system just wasn’t mature enough to have a reasonable level of assurance that a single computer could access different network domains simultaneously, Ross said.

“That has always been the challenge. But now given the advent of virtualization, given the advent of technology associated with digital rights management in the COTS (commercial-off-the-shelf) world, we are now able to exploit those and demonstrate that we do have the assurance we can integrate these COTS components…we can make them sufficiently manageable in a transparent fashion such that we can exploit this COTS investment,” he said.

GD has a number of its TVE systems deployed today, spread over eight to 10 different agencies, Ross noted.

“As with any new technology, they try before they buy. They look at this technology, how it intersects with their existing infrastructure, with their existing business processes, and then develop policies and procedures to integrate this new capability in, and then they deploy it,” Ross added. “So I think we are in the early adopter phase of this technology, but certainly it has proven itself in a handful of operational environments.”

But moving between top secret and secret or secret and unclassified in the same computer system does present its share of challenges, Ross noted.

“That is where we come in. We have been able to take this technology and go through the certification, accreditation, and security testing requirements [set] by the government and NSA (National Security Agency),” he said. “We have designed all the requirements and completed all the testing required to certify with assurance that bleed over cannot occur between these domains.”

At some point in time, General Dynamics wants to be able, in a controlled and auditable fashion, to transfer information between these network domains on the computer itself, Ross said. “That is something that is in current development and is planned as part of future releases.”

General Dynamics’ current solution is not certified to support top secret all the way down to unclassified Internet on the same box, Ross noted. The current certification is top secret and secret on the same box or secret and unclassified on the same box…effectively adjacent domains, he added.

“Right now, the ability to span top secret to unclassified is an issue of policy more than it is of technology,” Ross said. “Right now, the policy is such that we are limited to adjacent security classifications not spanning the entire spectrum.”

The current configuration is one computer that has one or more network connections into it, for example an unclassified and secret network connection on the back of the computer, Ross explained.

“In that box, we have isolated the secret domain from the unclassified domain such that no data leakage can occur,” he said. “By guaranteeing or assuring isolation, we are effectively protecting the secret domain from hostile attacks from the unclassified domain, and we can limit any damage or exposure we have to just that unclassified virtual machine that is servicing that unclassified network. Really, what we are doing, is isolating and reducing the size of our attack surface.”

And that is the objective Ross said, to limit the extent of a threat and limit the extent of damage.

Ross also sees the potential for TVE to expand beyond military use.

There has been lots of interest from the financial sector, he said, as well as from the health care sector in regard to the Health Insurance Portability and Accountability Act (HIPAA) requirements for patient confidentiality.

“Anywhere you need to effectively be able to get out into the wild of the Internet but still stay safe within your enterprise or corporate domain,” Ross said. “It’s definitely applicable to that use case. We call it Safe Browsing…I can get out but I can limit any reach back from any hostile threats out there in the wild Internet. I can limit my exposure and my threat surface and protect my corporate assets.

“This is breaking new ground in flexible, cost effective, trusted computing. Trusted computing has always been an arcane costly dead-end technology trail, historically speaking,” Ross said. “What we are hoping to get across to users is that this is entirely in sync with commercial industry technology and the investments they are making. Hence, it has a long lifecycle ahead of it and it won’t be orphaned as kind of a one off GOTS (government off-the-shelf) solution. That’s been the first principle on this program from day one…let’s be true to the commercial road maps because the government user needs to leverage those investments for long-term success.”