The mission must continue – and that means networks must be up and secure, no matter what. Now more than ever before, networks can provide visibility at every layer, so agencies can identify and respond to service interruptions immediately. Network-as-a-sensor capabilities enable this deep awareness.
We sat down with Steve Alexander, senior vice president and CTO of Ciena, and George Holland, vice president and general manager, Ciena Government Solutions, to discuss how network-as-a-sensor capabilities can improve network security and resiliency to support current and future mission requirements.
MeriTalk: For those who may not be familiar, how do you define network as a sensor?
Steve Alexander: When we talk about network as a sensor, it’s really about using the network as a mechanism to pull information about the customer experience. It’s a way to provide deep insights about the current and future performance of the network without needing a set of external devices to gather that data. In the past, this would have required bolting lots of sensors and firewalls and other products onto the network. Now agencies can gain insights with the network elements themselves.
MeriTalk: Why is network as a sensor an important concept for Federal agencies, and what are the drivers for it in the Federal government?
Alexander: Networks continue to rapidly grow in capacity, complexity, and flexibility, and the historical approach of bolting sensors on doesn’t really scale in terms of cost or manpower to operate the network. And it’s hard for bolted-on equipment to evolve with the network. Having sensor capabilities built in means the network itself can grow and provide the visibility necessary to support future mission capabilities in government.
George Holland: Network as a sensor helps agencies address several priorities. First, they want to converge the layers of the network for better visibility, all the way down to the fiber.
Second, agencies are taking cybersecurity much, much more seriously. To Steve’s point, they’re just not looking to strap on some firewalls or intrusion detection prevention systems. They want the network to actually become a sensor and eventually an enforcer that is capable of protecting itself.
Third, agencies want resilient networks that can work around a network outage or failure so that the mission continues. Having a network with sensor capability built in from the ground up is a key component to achieving the very high availability and resiliency that they require.
Holland: The big thing we’ve been working on is visualizing and bringing all of that intelligence together in a single system. We also give agencies the ability to create “birth certificates” for new services, which provide a baseline of performance characteristics on day one. Agencies can monitor for deviations over time, whether in the fiber plant, latency, or anything else.
MeriTalk: What are some of the practical applications of the network as a sensor?
Holland: Using Ciena’s Adaptive IP™ Apps at Layer 3, for example, we can look at all of the network flows. We can record the IP protocols that the routers are exchanging and save that data for analysis. Not only can we get a real-time picture of how data is flowing across the network, but we can also do a really good job of network forensics. If you’re getting latency or jitter, or you’re dropping packets, you can figure out what changed in the network to cause that problem. Being able to do that is really important to maintain the performance of the network. These tools give you visibility that you didn’t have before.
At Layer 1 and Layer 0, we can look at how the system performs over time. We can begin to identify trends to see if a particular part in the network is generating more errors than it should. By analyzing the trends, we can predict when a component is going to fail, and we can give the operators the ability to make proactive changes before that happens.
MeriTalk: Why is visibility at the lower layers so important?
Alexander: We’re focused on Layer 3 and down, which historically hasn’t gotten much attention from a cyber perspective. People think the lower layers are just pipes, they just connect the bits, which then magically show up at the routers, right? Well, not exactly. A lot of science and technology goes on underneath, and because the lower layers haven’t gotten a lot of attention, there are some substantial places that bad guys could get in. To secure the network, you can’t leave any part out of touch.
MeriTalk: What differentiates Ciena in how it enables the network as a sensor?
Alexander: Ciena has several significant technological differentiators. The key technology that enables our capabilities at Layer 0, which is the photonic layer, is the substantial investment that we have in coherent optical modems. Coherent optical modems allow you to get 800 gigabits worth of traffic onto a single wavelength, which allows us to see the type of fiber, as well as any stress on it – or if the fiber is bent or broken.
The technology also allows us to determine the exact location of a break, to gauge how far the signal has gone, and to identify any changes in the fiber type, fiber characteristics, distance of propagation, or the signal itself. These capabilities help agencies quickly respond to problems – which might be simple equipment failure or a sign of nefarious action.
That’s where our encryption capabilities come in, so even if somebody tampered with the fiber, we can encrypt it so they can’t get any useful information. Our encryption is at wire speed, meaning no extra overhead and no extra latency. At Layer 2 and Layer 3, it’s all about our awareness of the various protocols and being able to use that knowledge to figure out how information is flowing across the network. We can see when it’s taking jitter or extra latency because part of the network is saturated, or information is moving without permission. The technology is different for each of the layers, but we have fully instrumented all the layers that we participate in.