Dave Missal (Oracle – National Security Group)
Keywords: SSA
Abstract:
The Intelligence Reform and Terrorism Prevention Act, passed by Congress in 2004, established the expectation that the vast intelligence enterprise of the United States would become more unified, coordinated, and effective. This law charged the intelligence community and government agencies to integrate foreign intelligence and domestic US intelligence components to reduce gaps in understanding threats to our national security and to improve our reaction. This intelligence strategy designed to provide more comprehensive and accurate intelligence analysissubstantially increases requirements for secure data sharing capabilities. An information system must be Certified & Accredited (C&A) by the appropriate Accreditation Authority in accordance with each Authoritys prescribed compliance requirements and governance. Cross-Domain Solutions (CDSs) can provide the ability to share data between multiple operating domains (e.g. among users on Top Secret and Secret networks). However, sharing sensitive data across security domains and networks has been impeded by both technical and cultural challenges. A viable CDS requires a tremendous investment for initial C&A and many solutions are limited with respect to the integration of an organizations applications. As a result, most of todays highly secured systems have been designed to restrict access to entire user populations rather than implement data sharing on the basis of mandatory access controls and an individuals need-to-know. Most CDSs today are based on one-way replication through data transfer guards that copy data from one network to another. This model inherently builds in additional and extensive Operations and Maintenance (O&M) costs. Oracles National Security Group challenged its top engineers and security architects to engineer the first Cross-Domain database providing a practical and robust solution to the Cross-Domain security problem. The result is the MLSpOC, which is deployed, fielded, and accredited today at multiple sites both CONUS and OCONUS. It is designed to assist information systems developers achieve DCID 6/3 Protection Level 4 or 5 (PL4 or PL5) or DoD SABI C&A for SECRET-to-UNCLASSIFIED systems (PL3). The product is on the DoD/DNI Unified Cross-domain Management Offices (UCDMO) Baseline of accredited solutions, and is the only solution on the Baseline which the Government considers to be an All-in-One approach to the Cross-domain Security challenge. Our solution is also the only PL-4 Cloud in existence and that is deployed and operational in the entire world today (at DIA). The Space marketplace is a very unique cross-domain challenge, as a need exists for Unclassified SSA Data Sharing at a deeper and more fundamental level than anywhere else in the IC or DoD. For instance, certain Agencies and/or Programs have a requirement to share information with Partner Nations that are not considered to be friendly (e.g. China). Our Solution is the ONLY solution in the world today thats achieved C&A, and that is uniquely positioned to enable the Multi-level Space Operations Center (MLSpOC) of the Future.
Date of Conference: September 11-14, 2012
Track: Poster