DoD’s Secure Network Goes Virtual

(Photo: Shutterstock)

The Defense Information Systems Agency (DISA) has completed the transition of the Secret Internet Protocol Router Network (SIPRNet) to a virtual network, which increases its bandwidth tenfold, while supporting plans to extend SIPRNet to the very edges of the network via the commercial cloud.

The migration of SIPRNet from a point-to-point network will boost bandwidth from 1G to 10G capacity, and help bring more customers into the Joint Information Environment (JIE) fold by allowing them to use the Secret-Joint Regional Security Stacks (S-JRSS), DISA said in an announcement.

“This transition makes mission partners ready for S-JRSS transport,” Mark Williams, DISA’s Classified IP Portfolio manager, said. One of the Department of Defense’s (DoD) established goals is to tap into the cloud and mobile devices to extend secure communications to mission partners such as deployed forces, including dismounted soldiers operating as units in the field.

SIPRNet is DoD’s network for securely transmitting classified information up to the Secret level, running alongside, but separately from the more widespread Non-Secure Internet Protocol Router Network, or NIPRNet, for non-secure communications.

By moving SIPRNet to a virtual environment, DISA not only increases bandwidth, but reduces the size of the network, which increases flexibility in accepting or changing connections with mission partners and, with Joint Regional Security Stacks (JRSS), shrinking the attack surface for cyber intrusions. Virtualization will also support future improvements, DISA said, such as converged access and software-defined networking.

While the security of communications is the key factor, cost is always a concern. A significant element in the SIPRNet switch is that DISA now provides high-assurance encryptors (Advanced Crypto Compliant, or ACC) on SIPRNet nodes, which will cut the cost of encryption for partners, “so when mission partners are ready for S-JRSS, they will only need to make router changes,” Williams said. Mission partners have to pay for their connections to the classified network. By upgrading SIPRNet nodes so they have the ACC High Assurance IP Encryptor (HAIPE) enterprise devices already in place, customers need only acquire encryption at the local site on their end. In fact, DISA started the project by upgrading mission partner’s encryption devices, so they now just have to upgrade them as needed.

Moving SIPRNet to a virtual environment lets DISA get the most out of technologies that support intelligence networks, such as Multi-Protocol Label Switching (MPLS), which speeds up the transport of data between nodes regardless of the network protocols they use. “This means that more than 10,000 users can connect virtually to one router on the DISA side. The new encryption devices allow this connection to happen,” Williams said.

In the bigger picture, DoD is pushing for accelerated adoption of commercial cloud computing as the most cost-effective and efficient way to tie systems together securely and allow for faster upgrades of new technologies.

The Joint Information Environment–which will provide a common, cloud-based environment for the military services, other DOD components, and allied partners that make up a joint force–is emblematic of the move toward cloud computing, though the ride so far hasn’t been entirely smooth. JIE security relies on JRSS, which centralizes security from hundreds or even thousands of military bases and outposts into a handful of regional architectures using commercial technology.

A report in January by DoD’s Director of Operational Test and Evaluation was sharply critical of JRSS’ performance to date, recommending that DoD hold off on any further deployments until it improves staffing and training and maps out a clearer plan for deployment. Despite those criticisms, DoD maintains that JRSS is still the most secure way forward.

Recent