CSIAC

Cyber Security and Information Systems Information Analysis Center

/ Journal Issues / Focus on Air Force Research Laboratory’s Information Directorate / Cross-domain Transfer: Information Support Server Environment (ISSE)

Cross-domain Transfer: Information Support Server Environment (ISSE)

Published in Journal of Cyber Security and Information Systems
Volume: 4 Number: 1 - Focus on Air Force Research Laboratory’s Information Directorate
Authors: Alex Gwin and Richard Barrett
| Leave a Comment

C. Evolving Systems

When it was first accredited in 1995, ISSE was purely point-to-point and served one data transfer method, e.g. email or file drop, per installation. Version 3.4 enabled multiple organizations to transfer between two domains, and version 3.6.1 enabled multiple organizations to transfer between two or more domains. It is this v3.6.1 which is considered to be “enterprise” in today’s terms. At its highest point, ISSE was fielded in 160 operational locations. Since the advent of the enterprise construct, this number has been reduced, as expected. By counting the total number of threads, we can arrive at a realistic estimate of the capabilities delivered by ISSE systems. An inventory in September 2015 placed ISSE operating on an impressive 734 threads in 73 systems worldwide. This represents 46 percent fewer systems while supporting the flow of 298 percent more data.

ISSE has evolved from its first use as a point-to-point solution to be compatible with the enterprise construct which is prevalent today. This approach to the crossdomain business makes sense for financial reasons. For an organization with cross-domain needs, being incorporated into an enterprise system saves money by reducing the installation costs and manpower costs associated with system administration. Organizations housing the enterprise systems can charge user fees to the tenant organizations and staff one or more full-time administrators who oversee the operations of the system. The major disadvantage of the enterprise construct is that many organizations are tied into one system; if that system fails, the operational consequences are farther reaching than if the organization hosted its own CDS. Despite this concern, albeit a minor one, the enterprise construct is expected to become even more prevalent as new customers come online and some existing customers transfer to enterprise.

As an example of the conversion to enterprise, one such organization migrated from 18 point-to-point systems among seven sites to three enterprise systems among three sites. This major effort resulted in real cost savings in engineering support, licensing costs, power, administrative overhead, and 50 percent less hardware, while increasing the availability of mission critical data. The organization also upgraded their ISSE systems, and the improved transfer rates from the synergistic effects of combining upgrades and enterprise consolidation resulted in more than one billion files annually, not to mention the added security and connectivity to additional security domains.

An unremitting problem for the ISSE PMO is hardware obsolescence. From inception to fielding, a major version of ISSE is several years in the making. By the time a version is fully developed, tested by the engineers, tested by the government, final configurations are made, and certification is completed, several years have passed. (Minor versions can be fielded in several months—if enough manpower is applied to the effort.) Because the new version’s operating system is only compatible with certain hardware, the problem then arises that when hardware is no longer supported, there is a hardware obsolescence problem looming in the horizon. ISSE uses Oracle’s Solaris operating system (OS) which has excellent security attributes. Solaris is used heavily by the bank, stock market, and insurance industries [7]. Despite this solid user base, there exists some concern about Solaris’ diminishing user base and future supportability, a concern that is not necessarily shared by the PMO. A third-party study was completed to investigate whether ISSE should move to another operating system. In order to transfer (“port”) to another operating system, significant funds and manpower would be required to accomplish this effort in parallel with other development and maintenance schedules. Additionally, there was no significantly compelling reason to port to another OS, since hardware obsolescence is persistent for all OSs. The ISSE PMO determined that the best alternative was to stay with Solaris and integrate new OS versions and test with beta versions whenever possible.

There is one other approach to mitigating hardware obsolescence the PMO is currently investigating. This involves placing ISSE on a cross-domain access solution. These are secure systems with virtualized security domains. Each domain is separate and therefore very secure within a small amount of hardware. The advantage of this approach is that x86 hardware can be used for the access solution, which will be supported for the foreseeable future. The Solaris OS is interfaced with a virtual machine of the access solution. As a corollary, if successful, the resultant hybrid ISSE will require fewer pieces of hardware and less power to operate. This effort is currently being completed for three domains and several mission applications on SecureView, which is a program also overseen by the Information Handling Branch of AFRL in Rome, New York.

D. Conclusion

The Information Support Server Environment (ISSE) is a cross-domain transfer solution that is used by numerous U.S. government organizations and coalition partners. It is an electronic capability which securely transfers data between separate networks. Since its initial fielding in 1995, it has become a premier cross-domain solution that has continued to meet users’ needs by evolving to the enterprise construct and providing advanced mission applications. It continues to stay relevant by anticipating the changing cross-domain landscape. For more information about ISSE, please contact the ISSE PMO atrrs.isse.pmo@us.af.mil or 315-330-7838.

References

[1] Maus, Cathy N. (July 1996). U.S. Department of Energy OpenNet. “Office of Classification: History of Classification and Declassification” [online].https://www.osti.gov

[2] Peters, Gerhard and John T. Woolley (2015). The American Presidency Project. “Executive Order 8381 – Defining Certain Vital Military and Naval Installations and Equipment [online]”. http://www.presidency.ucsb.edu/ ws/?pid=78426

[3] Joseph, Channing (Sep 2007). New York The Sun. “WikiLeaks Releases Secret Report on Military Equipment [online]”.http://www.nysun.com/foreign/wikileaks-releases- secret-report-on-military/62236

[4] Khatchadourian, Raffi (April 2010). The New Yorker. “The Use of Force [online].” http://www.newyorker.com/news/ news-desk/the-use-of-force

[5] Finn, Peter and Sari Horwitz (June 2013). The Washington Post. “U.S. charges Snowden with espionage [online]”.https://www.washingtonpost.com/ world/national-security/us-charges-snowden-withespionage/ 2013/06/21/507497d8-dab1-11e2-a016- 92547bf094cc_story.html

[6] North Atlantic Treaty Organization (May 2014). “More than just information gathering: Giving commanders the edge [online]”.http://www.nato.int/cps/en/natolive/ news_110351.htm

[7] Oracle. “Financial Services: Overview [online]”. http:// www.oracle.com/za/industries/financial-services/overview/ index.html

RELEASE STATEMENT

Distribution A. Approved for Public Release: [88ABW-2015-4666] Distribution Unlimited.

Authors

Alex Gwin
Alex Gwin
Alex Gwin is currently the deputy program manager of ISSEat Air Force Research Laboratory - Information Directorate(AFRL/RI) in Rome, New York. He is currently a captainin the United States Air Force. He has previously servedas an engineer and executive officer at Kirtland AFB inAlbuquerque, New Mexico, and as a master’s student atWright-Patterson AFB in Dayton, Ohio. Captain Gwinhas a Master of Science in Electrical Engineering from theAir Force Institute of Technology and a Bachelor of Sciencefrom Texas Christian University.
Richard Barrett
Richard Barrett
Richard Barrett is currently the Systems Engineer for ISSEat Air Force Research Laboratory - Information Directorate(AFRL/RI) in Rome, New York. He has over 26 years ofexperience leading systems engineering and acquisitionactivities, plus four years leading U.S. Air Force ICBMoperations. His systems engineering experience includeslaser weapons, avionics, manufacturing equipment,fiber-optics, network communications, and cross-domainsolutions. He is a retired officer from the Air ForceReserves. Mr. Barrett has a Master’s of AdministrativeSciences (MBA-equivalent with Information ManagementSystems emphasis) from University of Montana, and aBachelor of Science in Electrical Engineering (Quantumdevices and Communication Systems emphasis) fromPolytechnic University (now, New York UniversityPolytechnic School of Engineering).

Reader Interactions

Leave a Comment