Home >> November 2010 Edition >> Intel... Securing Tactical Mobile Networks
Intel... Securing Tactical Mobile Networks
author: Martin Roesch, CTO, Sourcefire

Network Centric Warfare has played a transformative role in military operations during the first decade of the new millennium. Fueled by major advances in information technology, at the core of this new paradigm is an ever-expanding network infrastructure that enables ubiquitous, real-time communications by connecting every person and every device for superior military operations. The result is enhanced real-time situational awareness by being able to exchange more information with those in the field from a host of devices and ad-hoc networks.


At the same time, this extensive infrastructure has made network security a challenge and created difficulties in achieving Information Assurance. Not only do these vast networks contain and transmit sensitive information but they also connect to larger Department of Defense (DoD) data centers that house sensitive as well as classified information. The desire for network-centric systems has exposed infrastructure and devices to unprecedented, and often unintended, information access.

An increase in the number and sophistication of Advanced Persistent Threats (APTs) has compounded the need for swift and effective security measures at all potentially vulnerable points. An adversary with an interest in obtaining and maintaining a foothold in a target organization for an extended length of time, an APT has at its disposal sufficient resources — money, equipment and skill — to evolve attacks in direct response to detection capabilities of the target. These groups are typically state-sponsored and interested in data to support political, military and economic objectives.
The Comprehensive National Security Initiative (CNCI) launched by President George W. Bush and expanded by President Obama to include support for an updated U.S. cybersecurity strategy emphasizes the need to secure classified networks. Defense in Depth programs demand a comprehensive security approach that includes layered defenses with various security technologies deployed from the data centers to the network backbone and all the way to the field level.

To date, it has been extremely challenging to extend Defense in Depth programs and comply with CNCI to protect mobile networks in the field. Ad-hoc, tactical networks lack the physical resources to implement the same security infrastructure as the larger networks they must access. There is a dearth of security solutions that offer a small form factor, can scale to support growing networks, satisfy budget requirements and meet military specifications.

In the face of these challenges, military organizations and operations are enhancing the security posture of tactical field networks by deploying hardware-based, or physical, security solutions that can integrate with highly mobile field-based communications systems already in use. Sourcefire is partnering with systems integrators to bring its leading intrusion prevention and detection capabilities to the tactical edge with solutions being fielded with various agencies.

Physical security solutions are quite effective in minimizing threats but identifying solutions with the flexibility to meet stringent size, ruggedized design, weight, and power restrictions of field-deployable systems can be challenging. They also have to be physically shipped to their eventual location which is not possible for certain remote and hostile destinations.

Enter virtualization security (VirtSec) solutions. Virtualization has been widely touted for its many benefits including reduced operating costs, increased flexibility, and energy efficiency. For tactical mobile networks these benefits translate into increased security options and the ability to support a Defense in Depth strategy. VirtSec solutions are hosted on virtual machines, not separate hardware appliances, which, in turn, can be hosted on existing ruggedized, lightweight military specification hardware already deployed at the tactical edge. Because they don’t require a separate form factor, VirtSec solutions can be quickly deployed and start protecting networks right away. They can extend to the far corners of the network, where IT security resources don’t exist or the deployment of physical security hardware is impractical. To take advantage of the benefits that virtualization provides, Sourcefire has adapted its physical network security solutions to deliver comprehensive virtual intrusion detection and prevention capabilities.

VirtSec solutions bring security to areas that were previously difficult to reach and protect. For example, tactical LANs and ad-hoc SATCOM environments staged within a matter of hours to provide missioncritical communications in the field can now be monitored by virtual security solutions deployed from a centralized operations center.


Virtual security solutions provide flexible, near instantaneous network monitoring and protection. This makes them ideal for supporting initiatives across every branch of the military, increasing protection of their on-themove, high-speed, high-capacity backbone communications networks.

A few potential networks that could benefit from this approach include the Army’s Warfighter Information Network – Tactical (WIN-T), the Navy’s Consolidated Afloat Networks and Enterprise Services (CANES), the Air Force’s Theater Deployable Communications Integrated Communications Access Packages (TDC ICAP) and Special Operations. In addition, the scalability of a virtualized approach could also help protect the vast and dynamically changing endpoints of the DoD Global Information Grid from continuously evolving security threats.

VirtSec solutions inherently support key objectives of Network Centric Warfare specifically by helping to achieve situational awareness, providing global visibility of networks all the way to the field level, and delivering forensic information about breaches occurring at the edge. But in order to provide these robust capabilities virtual security technologies must offer continuous network intelligence and full network visibility in the following three areas:
    »» Events: Analyze network traffic and either block attacks or alert IT security resources to compromise; provide detailed forensics to help investigate security events.

    »» Users: Quickly link user identity (name, division, contact information) to security events for trace back.

    »» Devices: Provide awareness of all network assets including operating systems, client applications and services; detect configuration changes and traffic anomalies to help identify friendly and non-friendly network behavior.


In addition, because IT security experts aren’t typically deployed in the field, the ability for VirtSec technology to deliver information back to security resources for attribution and action through a centralized management console is essential.

sourcefire_about_msm111210 With America’s digital infrastructure increasingly under attack the need to protect our military digital assets has never been more important. As all branches of the military continue to align their policies in practice, securing tactical mobile networks in the field should emerge as a major focus for the next decade.

VirtSec solutions will play a critical role in supporting a Defense in Depth strategy for Information Assurance and complying with the CNCI to secure all classified networks including locations or network segments that may have been impossible to monitor before.