Close

HPE Aruba Networking Blogs

Defending the Supply Line

1.pngIn almost all wars the best-supplied combatant will emerge the victor. In this century we have history that shows shoeless and hungry soldiers don't fight very well and weaponless soldiers don't fight at all. For these reasons and many more it is apparent that a key tenant for supporting any successful strategic deployment must have a strategy for protecting the supply line that provides the basic needs of the fighting force. In a digital world the same can be said for protecting high value information. We witness the ongoing battle with hackers and foreign governments bent on chaos or espionage daily in our national news. In these battles a new tactic has been introduced wherein wireless networks eliminate the need to physically protect the supply line and greatly reduce the cost to protect the transport layer. The following will discuss the benefits of using encryption in place of physical protection methods and the cost reductions associated with this new style of defending the supply line.

For the Department of Defense and the Civilian government, protecting state secrets and personally identifiable information of its citizens is of the highest importance, but comes at a great cost to the taxpayer. Access to the physical infrastructure that supplies the channels of communication between endpoints provides opportunities for classic tapping and intercept of network traffic. In order to combat this type of attack on the supply line, a strategy called Protective Distribution System is deployed wherein the physical wires and circuits for a network are placed inside locked channels, cases, and in some cases covered concrete trenches (see Holocom PDS installation image). Depending on the sensitivity of the information, further protections are often put in place like 24/7 monitoring of the PDS via inspection or closed circuit television. As one might expect, the physical cost of installation can quickly dwarf the equipment and cabling cost associated with a network.

2.jpg

An example of a finished conference room with Holocom PDS systems.

Centrally encrypted wireless networks provide a unique method for defending the physical layer of a high security network. By relying on encryption methodologies rather than physically protecting wires with PDS, the air can be used as the supply chain for a local area network, point-to-point fiber replacement, or even a multi-hop mesh network. Abstracting the physical layer into the air assumes that all information will be captured, but the encryption is such that it can withstand a parallel computing attack that would outlive the information's useful shelf life when being used by a persistent attacker. Current day cryptographic methods utilizing elliptical curves (**suiteb) are currently being approved for high security networks that can eliminate the PDS requirement.

Aruba Networks provides the Advanced Cryptography Module  (***ACR) as a licensable feature on an Aruba wireless controller. This module allows the use of suiteb cryptography to protect the information being processed across the air as well as for VPN sessions across the wire. When properly deployed ACR protects the supply line digitally, thus eliminating the need for PDS to protect the physical distribution layer of the network. The research and development of the software, as well as the very high cost of maintaining the required certifications to meet the government's stringent requirements, make ACR the most expensive licensable features Aruba Networks offers.  However, when the cost of ACR is weighed against the cost associated with PDS installation and ongoing review, the ACR license results in a significant savings to the taxpayer in overall cost of the system both at install and during the lifecycle of the network. It becomes quickly apparent that reducing the profile of the supply line by utilizing modern encryption methods is not only a great cost savings but also great strategy for current and future transport layer protection for the government customer.