DEFENSE MESSAGE SYSTEM-ARMY IPR for BG Cuviello 20 …
Download
Report
Transcript DEFENSE MESSAGE SYSTEM-ARMY IPR for BG Cuviello 20 …
Project Manager, Defense Message System - Army
DMS-Army
Classified Messaging
Concept
0
10
70
60
20
50
30
40
02/26/98 Page 1
Project Manager, Defense Message System - Army
Introduction
• To Get Off AUTODIN, must have up to
TS/SCI DMS messaging capability
• Classified messaging is a small but
critical C2 segment of total Army DMS
traffic
– Most “classified” DMS users receive only a small volume
of classified traffic on an infrequent basis
• 18,000+ Army DMS users will require
access to classified messaging
– (approximately 5% of total user population)
02/26/98 Page 2
Project Manager, Defense Message System - Army
DMS Vision vs. Reality
Original DMS Concept
Writer-to-Reader messaging at
multiple security levels
Current DMS Reality
Writer-to-Reader messaging
SBU to TS/SCI
SBU to TS/SCI
Over a single system high DISN
communications network
Over 3+ communications networks
operating at different security levels
NIPRNET
DISN
Using security products to provide
authentication, non-repudiation, and
confidentiality at the workstation
F
F+
SBU
Secret
Applique
TS/SCI
Protected by electronic guards
Secure
Network
Server
S
N
S
Standard
Mail
Guard
S
M
G
SIPRNET
JWICS
Using Fortezza cards
F
F+
Applique
Protected by new electronic guards
High
Assurance
Guard
H
A
G
Running on networks equipped with
firewalls
Firewall
02/26/98 Page 3
Project Manager, Defense Message System - Army
Classified Messaging Concepts
• Army DMS users will access their
classified messages via:
– SIPRNET LAN connections
– SIRPNET Dial-Up (D/U) connections
– Advanced security networking technologies
– A combination of the above
• DMS classified messaging components
will be fielded at:
– Army ACCs
– Installations with more than 50 users
02/26/98 Page 4
Project Manager, Defense Message System - Army
Incremental Capability
• Initial Classified Operational Capability
– Provide access to Secret classified message traffic
in a garrison environment using existing DMS and
MISSI products, policies, and procedures
• Full Classified Operational Capability
– Extend classified messaging capability to all
operational environments (garrison/tactical)
– Extend classified messaging capabilities to include
TS/SCI
Multi-level security is not available
today nor in the foreseeable future
02/26/98 Page 5
Project Manager, Defense Message System - Army
SIPRNET Access Is Critical
to Classified Messaging
To receive classified messages using DMS...
A user must have access to SIPRNET…
Current Army SIPRNET access is very limited...
Extend SIPRNET
access to users by
– Extending current LANs
– Fielding STU-3s
– Employing INEs (Fastlane,
Dragonfly, NES)
– Using emerging technologies
Field DMS common
user workstations at
selected installations
(CommCenter Model)
OR USE A SMART COMBINATION
OF ALL AVAILABLE OPTIONS
02/26/98 Page 6
Project Manager, Defense Message System - Army
Implementation Options
• Based on available products, three different
implementation options have been developed
Dial-Up Connections
DMS CommCenter
Classified
Messaging
F
ACC
SIPRNET
ACC
DMS Common User
Workstation
SIPRNET
0
10
70
60
Current TCC
Operators
20
50
30
40
AUTODIN
ASC
Existing AUTODIN/TCC
Equipment
LMTA
X.400
Primary S
GroupwareM
Server TP
Firewall
PUA MLA
MFI SMS
(option)(option)(option)(UA)
LMTA
Native
PUA
MLA
SMS
MFI
(option)(option) (option) (UA)
Native
Groupware
Server
DOIM
Native
Groupware
Server
X.400
Primary S
M
Groupware
Server TP
Native
INE
Virtual Network
INE
F
F
F
F
Secure Enclave
F
F
Secret LAN
Secure LAN Connections
02/26/98 Page 7
Project Manager, Defense Message System - Army
Classified Messaging
Topologies
PUA
SMS
MLA
MFI
(option) (option) (option) (UA)
LMTA
Dial-Up (164)
X.400
Primary S
GroupwareM
T
Server P
Dial-Up
F
F
Native
Groupware
Server
ACC (5)
Native
SIPRNET
NIPRNET
Installation (124)
LMTA
X.400
Primary S
GroupwareM
T
Server P
Firewall
PUA MLA
MFI SMS
(option)(option)(option)(UA)
LMTA
Native
PUA
SMS
MLA
MFI
(option) (option) (option) (UA)
Native
Groupware
Server
DOIM
Native
Groupware
Server
X.400
Primary S
M
Groupware
Server TP
Native
INE
Virtual Network
INE
FF
F
F
F
F
Secure Enclave
FF
Secret LAN
02/26/98 Page 8
Project Manager, Defense Message System - Army
Mitigating Implementation
Risks
• Find the right balance of solutions that will
reduce risks to schedule and cost
New SIPRNET Networks
New Technology
C
O
S
T
CommCenters
Dial-Ups
LAN Connections
DO NOTHING
T I M E & CAPABILITY
02/26/98 Page 9
Project Manager, Defense Message System - Army
Implementation
Approaches
• #1 - Barebones implementation
– Put a single DMS common user workstation at every
location (CommCenter Model)
• #2 - Balanced capability implementation
– Field DMS infrastructure and extend SIPRNET connectivity
to installations with >50 users
• Based on geographical location, operational criticality, and/or number
of users, smaller (<50 users) installations may receive SIPRNET
access and infrastructure components, e.g. Kwajalein, Ft Knox, or
Dhahran
• Installations with <50 users get the barebones approach with over
the counter service
– Installations with <10 users will get a single DMS
workstation and individual SIPRNET accounts to access
their classified messages
02/26/98 Page 10
Project Manager, Defense Message System - Army
Worldwide “Barebones”
Implementation
F
F
F
CommCenter
- 124 Installations
- 15,676 Users supported
- $856,964 (installation)
- $979,284 (fees/year)
- $3,724,340 (personnel/year)
0
10
70
60
Dial-Up
- 164 Installations
- 2,680 Users supported
- $448,540 (installation)
- $53,136 (fees/year)
All Solutions
20
50
30
40
- 288 Installations
- 18,356 Users supported
- $1,305,504 (installation)
- $1,032,420 (fees/year)
- $3,724,340 (personnel/year)
02/26/98 Page 11
Project Manager, Defense Message System - Army
Worldwide “Balanced”
Implementation
F
F
F
Dial-Up
CommCenter*
- 55 Installations
- 1,491 Users supported
- $380,105 (installation)
- $681,780 (fees/year)
- $1,651,925 (personnel/year)
- 164 Installations
- 2,680 Users supported
- $448,540 (installation)
- $53,136 (fees/year)
0
10
70
60
F
Virtual Nets
- 69 Installations
- 14,185 Users supported
- $25,615,555 (installation)
- $297,504 (fees/year)
All Solutions
20
50
30
40
- 288 Installations
- 18,356 Users supported
- $26,444,200 (installation)
- $1,032,420 (fees/year)
- $1,651,925 (personnel/year)
* CommCenter supports 10-50 users
02/26/98 Page 12
Project Manager, Defense Message System - Army
Mitigating Implementation
Risks
• Find the right balance of solutions that will
reduce risks to schedule and cost
Balanced
Capability
C
O
S
T
New SIPRNET Networks
Initial Support
Costs Costs
Barebones
Capability
Initial Support
Costs Costs
DO NOTHING
T I M E & CAPABILITY
02/26/98 Page 13
Project Manager, Defense Message System - Army
DMS CommCenter
• DMS Workstation replaces
existing AUTODIN TCC
equipment and circuits with
DMS components and
SIPRNET connectivity
• Customers will receive
their classified message
traffic over the counter
• Dedicated 56Kbps
SIPRNET connection
F
ACC
SIPRNET
DMS Common User
Workstation
Current TCC
Operators
AUTODIN
ASC
Existing AUTODIN/TCC
Equipment
02/26/98 Page 14
Project Manager, Defense Message System - Army
Dial-Up Capability (D/U)
• D/U access requires that a
SIPRNET dial-up account be
established and used to
access classified messages
• Can be deployed using
existing computers and
SIPRNET connections
ACC
SIPRNET
– Computer configuration and
accreditation must be verified
• D/U configuration will
normally be used to support
from one and ten users
02/26/98 Page 15
Project Manager, Defense Message System - Army
Virtual Networking
Capability (VN)
• Uses advanced security products to pass
classified messages over existing local
unclassified LANs and the NIPRNET
• Can be deployed using existing computers
and network connections
• VN configuration designed to support a single
workstation which in turn can support multiple
users
ACC
Installation DOIM
Native
Groupware
Server
SBU to Secret
via SIPRNET and
SBU via NIPRNET
F
X.400
Primary S
GroupwareM
Server TP
Native
SIPRNET
PUA MLA
SMS
MFI
(option)(option) (option) (UA)
LMTA
H
A
G
F
SBU via NIPRNET
Firewall
PUA MLA
SMS
MFI
(option)(option) (option) (UA)
LMTA
Note: Concept based on Cryptek Secure Communications,
LLC. dynamic virtual private networks
Native
Groupware
Server
X.400
Primary S
GroupwareM
Server TP
Native
NIPRNET
02/26/98 Page 16
Project Manager, Defense Message System - Army
Virtual Networking Topology
SBU to Secret
via SIPRNET and
SBU via NIPRNET
F
F
B2 certified virtual networking
allows networks of differing
security levels to be connected
over the same physical cable
Installation DOIM
F
F
Native
Groupware
Server
SBU via NIPRNET
X.400
Primary S
GroupwareM
T
Server P
Native
SIPRNET
PUA
SMS
MLA
MFI
(option) (option) (option) (UA)
SBU to Secret
via SIPRNET
LMTA
F
F
H
A
G
F
F
SBU via NIPRNET
Firewall
PUA
SMS
MLA
MFI
(option) (option) (option) (UA)
LMTA
NIPRNET
Native
Groupware
Server
X.400
Primary S
GroupwareM
T
Server P
Native
Note: Concept based on Cryptek Secure Communications,
LLC. dynamic virtual private networks
02/26/98 Page 17
Project Manager, Defense Message System - Army
Preliminary Installation Cost
Estimates (1 of 2)
Virtual Network Connection
Dial-Up Terminal
F
Computer
STU-III (Mdl 1910)
Fortezza Card
PC Card Reader
Hookup Charges
Other
F
No Cost
$2145
No Cost
No Cost
$ 50
$ 540
$2735
Note: Unlimited dial-up SIPRNET
access costs $27 per month
Computer
HD Upgrade & Convert
Network Card
Fortezza Card
PC Card Reader
Other
No Cost
$ 475
$1000
No Cost
No Cost
$ 328
$1803
Note: System requires one administrator
console per 5,000 users at $10K per console
Assumptions - 1. Since the user already
processes secret and SBU material no
further PC upgrade will be required. 2. D/Us
will be used to support less than ten users
Assumption - LAN access is provided at no cost
Other charges include installation, test, initial
consumables, transportation, and training
Other charges include engineering and installation,
training, and support
02/26/98 Page 18
Project Manager, Defense Message System - Army
Preliminary Installation
Cost Estimates (2 of 2)
DMS Workstation
(Dedicated SIPRNET Access)
F
Computer
Printer
Fortezza Card
PC Card Reader
Hookup Charges
Other
$2500
$ 800
No Cost
No Cost
$2500
$ 911
$6911
Notes: 1. Hookup charges include CSU/DSU,
KGs, and key material 2. 56Kpbs SIPRNET
access costs $1033 per month
Assumptions - 1. Computer will be dedicated to
providing classified messaging services 2. SEC
is capable of handling XX messages per 8 hours
Other charges include engineering and installation,
training, and support
02/26/98 Page 19