A cross-domain solution (CDS) is a means of information assurance that provides the ability to manually or automatically access or transfer information between two or more differing security domains. The three main elements are CIA Triad
If you’re an IT professional who minds about security, you probably should care. Although cross-domain isn’t part of your life today, there’s a good chance it will be in the future.
Let me try and persuade you.
Pretty much the definition of a classified system is one where security is paramount. If an attacker gets access to a classified system, the results will be messy. As a result, classified IT systems are architected around extremely high levels of security. Unfortunately, the usual side-effect of that high security is that efficiency suffers. Cross-domain technologies are all about re-introducing efficiency into those high-security classified environments.
This is almost the reverse of the mainstream IT environment. Here, efficiency has historically been paramount. But the result has been that security has suffered. With a now increased threat level, mainstream commercial IT is busy trying to increase security. In principle, one way of doing that might be to adopt the sort of techniques used by classified IT systems. In practice however, the impact on efficiency usually makes this a non-starter.
The classified IT environment
In principle, if security is paramount, all IT systems ought to be engineered to be super-secure.
In practice, high security engineering is difficult. Users of classified systems need innovative new applications and can’t afford to wait for decades for those to be delivered using high security engineering. As a result, classified IT environments often run standard-issue software that’s just as vulnerable as the software within mainstream IT environments.
So in order to meet the security requirements, classified IT environments turn instead to the use of isolation – starting from the principle of complete physical air-gapped isolation. And the really critical implication that makes classified IT fundamentally different from mainstream IT is this: completely different physical terminals (PCs, laptops, etc) need to be used to access different information and systems. You can’t use the same terminal to access information on different isolated networks, because this would break the whole isolation principle: the terminal could get compromised when accessing systems on network A and then the compromised terminal could allow the attacker to get access to systems on network B.
Isolation doesn’t provide perfect security, but it’s a pretty good starting point for security that’s vastly stronger than that found in mainstream IT. The problem is – as said earlier – that the implications for efficiency are horrible. Users might need to have multiple different physical terminals on their desks to give them access to all the different systems they need to work with, and a lot of work needs to proceed using what’s often known as “swivel chair integration” – because the brain of the human user is the only place where information from different isolated networks can be brought together.
The role of cross-domain technology is to break down some of those efficiency barriers by allowing connectivity between isolated networks, without destroying the strong security model that was introduced by the isolation.
In principle of course, that’s impossible – you can’t connect and disconnect things at the same time! In practice however cross-domain technology is a core part of the way high security IT environments operate, and there are some exciting approaches that at least come close to doing the impossible.
The first challenge for cross-domain technology is to eliminate the need for multiple physical terminals. That means coming up with technologies that allow a terminal to access systems on another network in such a way that – with a very, very high degree of confidence – we can have confidence that the terminal cannot be compromised.
The second challenge for cross-domain technology is to minimise the need for swivel-chair integration. That means defining allowed flows of data from one network to another and putting technical controls in place to ensure that only permissible data can flow and that we can have a very, very high degree of confidence that the data flow cannot be used as a means of compromising the network that’s receiving it.
How does such technology get built?
Firstly, that while it’s not economically feasible to build all IT using high-security engineering techniques, it is appropriate to use these techniques for cross-domain solutions.
Secondly, that solution design should start from an assumption that nothing is permitted, and add permissions at the most granular level possible. Thus, where a traditional IT control might permit “UDP traffic on port 7789” a cross domain solution would define specific permitted business messages (for example, latitude-longitude pairs in a predefined format) and be precise about exactly what the format should be of each of the fields in each message.
In practice, there’s already a lot of the commercial IT environment that looks like cross-domain technology – even a firewall is, at heart, a basic cross-domain solution. In some cases, bringing higher security to the commercial world is just about revisiting some of these implementations using “cross-domain” principles.
Where the really big difference lies is in the use of multiple terminals. In the commercial world, the use of different terminals for accessing different systems is almost unheard of. It is above all here that both sides are changing.
Conclusion ! Opening the door for future
It’ll be interesting to see in 10 years’ time how much convergence there will have been. Will “remote browsing” remain primarily as a technology for providing access to risky web sites, or will commercial IT environments have added additional layers of isolation so that users will be relying on “browse-down” approaches for a much wider range of activities