ABERDEEN PROVING GROUND, Md. (February 28, 2024) – To reverse an old adage, sometimes the best offense is a good defense.
One of the most effective defensive maneuvers attributed to the U.S. Army depends upon the security of its highly advanced information networks, which are protected by cryptographic technologies and policies that block attacks of potential adversaries,
The digital armor protecting network enabled weapons systems is the cryptographic key material, provided by the National Security Agency (NSA) via the Key Management Infrastructure (KMI), which generates the unique keys. The NSA keys must be delivered to Army users wherever secure communications are required. Traditionally, Communications Security (COMSEC) personnel securely download the keys in safe locations and then loaded the keys onto portable storage devices, called Simple Key Loaders (SKLs), for transport to end users.
However, the process for delivering and managing keys to an operational environment is complex, leading to delays, safety concerns for the couriers and opportunities for adversaries to physically intercept this mission critical information.
“Nothing could be more critical than assuring commanders have the most secure and relevant information from which to base their decisions,” said Mike Badger, product lead for COMSEC, assigned to the Program Executive Office Command, Control, Communications-Tactical (PEO C3T). “The Army’s COMSEC modernization effort is systematically addressing these concerns, with two networked KMI capabilities available today that are easing the burden, and peril of COMSEC key delivery and management.”
The first, Intermediary Application (iApp), is a tested and proven key management software-only application that securely manages and distributes Over the Network Key (OTNK) to geographically separated users for real-time, networked Encrypted Key Distribution (EKD).
The Army co-funds the development of the Navy-developed iApp.
“Historically, the SKLs were hand carried to the encryption device, which could be as easy as walking across the hall or as arduous as traveling across the world, putting both the carrier and encrypted information at risk with each passing mile – especially if those miles cross a combat zone,” said Jeremy Pilkington, deputy product lead for PdL COMSEC.
Soldiers who hand carried an SKL to the weapon system, satellite modem, radio, or command vehicle loaded the keys onto the end user device for encryption and decryption of mission critical information.
“With iApp, we don’t have to go to a KMI account manager, which provides us the advantage of speed and takes away the opportunity for physical interception,” said Brian Finley, assistant program manager for Army Key Management Infrastructure, assigned to PdL COMSEC.
The OTNK capabilities of iApp are used by all the DOD and civil agencies that perform crypto key distribution, including U.S. Southern Command, Joint Special Operations Command, U. S. Indo-Pacific Command, and Special Operations Command, supporting more than 200 elements. It is available for download to any crypto key managers and users through the Army’s Mission Command Support Center.
iApp was put into practice during Typhoon Khanun, which was a powerful and long-lasting tropical cyclone that moved along Okinawa, Japan and the west coast of the Korean Peninsula in August 2023.
As a result of the storm, the 78th Signal Battalion in Camp Zama, Japan, experienced a KMI outage, which prevented them from receiving COMSEC keys through the traditional hand-carried method.
“As a workaround, the Network Enterprise Center in Okinawa, Japan used iApp to deliver COMSEC keys using iApp’s OTNK capabilities to the 78th Signal Battalion, which ensured the continued operation of secure communications for the unit’s Pacific area of operations,” Finley said.
Complimenting iApp’s rapid and safe OTNK transfer is the second COMSEC key-related capability, called the Common High-Assurance Internet Protocol Encryptor (HAIPE) Interoperable Manager for Efficient Remote Administration (CHIMERA).
For economic competitiveness, the Army procures INEs from three encryption vendors, each with their own proprietary management software and interfaces. The CHIMERA dashboard simplifies key management by providing a common user interface for remotely managing these three unique families of encryptors, reducing complexity for the user and overall costs.
“This is the single pane of glass, or in this case, the single app at a single location that allows users to determine how the network is functioning according to NSA high assurance defense networking products for both classified and unclassified network and assets,” said Kimoanh Le, assistant product manager for COMSEC Cryptographic Systems PdL COMSEC.
CHIMERA quickly identifies and remedies network threats and outages to provide situational awareness of the entire cryptographic network from a single host. Like iApp, CHIMERA enhances user safety since a single operator can operate complex INE-heterogeneous networks from one location.
“Without CHIMERA, users had to piece together bits of network information from across all three vendor-proprietary networked laptops,” Le said.
Information includes error warnings such as battery life or key expiration dates. With one interface, users can perform device-to-device key transfers, with immediate confirmation of the transfer.
As a government off the shelf product, CHIMERA is free for any U.S Government organization.
Providing secure and interoperable cryptographic key generation, distribution, and management capabilities that support mission-critical systems is a continual requirement for the Army’s COMSEC professionals.
“In cryptography the adversary is always advancing,” Badger said. “It’s a force-on-force engagement where they are trying to decrypt your information and undermine your confidentiality,” Badger said. “Networked KMI is one of the defenses the Army will use to stay ahead of the threat.”
---
The U.S. Army Program Executive Office Command, Control and Communications-Tactical (PEO C3T) develops, acquires, fields and supports the Army's Unified Network (Tactical and Enterprise) to ensure force readiness in both current missions and potential future large scale combat operations. This critical Army modernization priority delivers resilient terrestrial and satellite communications capabilities to ensure commanders and Soldiers remain connected and informed at all times, even in the most austere and hostile environments. PEO C3T is delivering an integrated Unified Network to regions around the globe, enabling high-speed, high-capacity voice, data and video communications to an Army user base that includes joint, coalition and other mission partners.
Social Sharing