Page 13 - The MIL Connection: Summer 2024
P. 13

Advancing CDS for DoD and the Navy
        Chyau Shen has carried on with his innovative solutions development work during his time at
        MIL—this time focusing on the area of cross domain communications. See how Chyau describes
        his groundbreaking work..
        Cross Domain Solution (CDS) is a security processor and software system that allows data
        communications across different security domains (e.g., Unclass, Secret, Top Secret). This is
        accomplished through the incorporation of a security “guard” processor that examines, in real
        time, data going across security domains and automatically removes data that does not pass
        security scrutiny for the intended security domain. The issue with these CDS security guards
        is that they have to meet very stringent National Security Agency (NSA) guidelines and tests
        in order to be certified for use. The process usually requires a year or more. Any new data
        protocol/format or even slight modifications to the existing format will require guard software
        modification, typically a proprietary effort by the guard vender, followed by another year long
        re-certification process. This is costly, time consuming and, more importantly, significantly
        reduces the “speed of delivery” to the warfighter.
        I conceived the idea of a flexible cross domain solution to reduce re-certification time from
        about a year to a few weeks or month. The idea is the development of a guard data normalizer
        processor and software that “normalizes” external data to a format recognized by the guard
        such that the guard will be able accept and properly exam the data content without outright
        blocking any unrecognized but valid data such as from a newly developed advanced sensor,
        new operational data protocol, or necessary data format changes. Use of the normalizer
        reduces the CDS re-certification time from a year to weeks/month because the guard is not
        modified in any way and therefore does not need to go through the NSA process. In this way,
        new data protocol or format can be quickly adapted and integrated for operational use and,
        because the normalizer has a furnished non-proprietary software interface, it can be integrated
        with any off-the-shelf security guard and therefore is guard “agnostic.” Thus, the normalizer
        equipped CDS results in significant cost and time savings to DoD.
        With support from the MIL executive management, I took the idea to the Office of the
        Secretary of Defense (OSD) and received endorsement and funding to demonstrate the concept.
        I then formulated a partnership with a specialty software business and assembled a MIL led
        team. The conceptual prototype solution was successfully demonstrated to OSD, NAVAIR, and
        Special Warfare personnel and led to the current NAVAIR Flexible Cross Domain Solution
        project.




        Creating trust through containment
        Turkish American electronics engineer, inventor, and entrepreneur Melih Abdulhayoğlu is
        an AANHPI innovator in the field of cybersecurity. His company, Comodo Group, has been
        a leader in internet security for over 25 years, introducing and refining a number of cyber
        technologies. One of those innovations, containment technology, pushed endpoint security
        forward by creating virtual isolation tools for digital and mobile devices and app management.
        Abdulhayoğlu is also credited with founding the Certification Authority (CA) Browser
        Forum—a consortium of 40 certificate authorities, operating system vendors, and internet
        browser developers—assembled to ensure secure communications by advancing industry best
        practices across CA organizations.
        What exactly is “containment technology” and why is it an effective approach to vulnerability
        management? And do we really need digital certificates to be cyber secure? Let’s ask MIL
        Senior M365 and cyber expert Jurgens Vestil how containment and CA organizations help keep
        our digital assets safer.
        What is containment technology and how does it work to protect digital assets?
        Jurgens: Containment technology creates a safe space for any potentially harmful software
        to run in. Think of it as an “isolation area” on your device that you can use to run suspicious
        programs or open files without risking your entire system. This technology uses virtualization
        to keep these activities separate from your main operating system. Any security threat like
        malware stays confined to this virtual environment and can’t cause any harm.
        One of the great things about containment technology is that it’s proactive rather than reactive.

                                                                       summer 2024  | the MIL connection | 13
   8   9   10   11   12   13   14   15   16   17   18