Cross-domain GEOINT solutions are designed to allow users to access or transfer important data, manually or automatically, between two or more incompatible security domains or levels of classification. Creating a secure and seamless cross-domain infrastructure is becoming ever more important as military and intelligence operations increasingly depend on timely information sharing.
Achieving reliable GEOINT access across the extended national security community requires data from various networks of differing classifications to come together seamlessly. The military's stated goal for effective cross-domain sharing is 2017. To enable the Department of Defense and the intelligence community (IC) to achieve this objective, an array of vendors — including BAE Systems, General Dynamics, Harris Corporation and Raytheon — are addressing a series of unique and formidable challenges.
"The challenge is really the magnitude and variety of information becoming available," said Peder Jungck, vice president and chief technology officer for BAE Systems' Intelligence and Security sector, based in Arlington, Virginia. "You're constantly getting new data from airplanes, spacecraft, commercial companies or government sources. The challenge is putting these sources together, making sense of them, visualizing them in a form that provides something of value, and then bringing them into an environment where the war fighter can gain access to them."
New initiatives and standards promise to make data more easily shareable across networks of different classifications while maintaining stringent security. "With the ongoing development of systems to meet Joint Information Environment [JIE] and Intelligence Community Information Technology Enterprise [ICITE] goals, government users expect systems deployment to be scalable and capable of cloud deployment, compliant with interoperability standards, and able to reduce imagery and multi-INT data into actionable intelligence," said Bill Gattle, vice president and general manager of Harris Government Communications Systems' National Systems business unit.
Automation Needed
As the DoD and IC look toward the goal of seamless collaboration, the essential nature of GEOINT data is undergoing transformation. "With the proliferation of new digital intelligence sources, the amount of big data being collected has made it nearly impossible to track and identify suspicious activities and potential security threats solely through human analytical processes," Jungck observed.
"Today's users want more than just geospatial data; they want answers to specific questions," Gattle said. Several vendors are addressing this challenge with activity-based intelligence (ABI), a computer-assisted problem solving methodology that aims to help the military and IC streamline the processing, exploitation and distribution of vast amounts of collected intelligence data.
"Properly processing data to extract feature, time and geospatially relevant information will provide analysts with persistent views over time, which provides enhanced insights," said Gattle.
Even as military and IC users gain the ability to work cooperatively in many areas, however, they will still be forced to work manually with GEOINT information before JIE and ICITE enterprise systems evolve to enabling workflows to automate many of today's manual tasks, Gattle said.
Rethinking Security
As efforts to achieve cross-domain GEOINT move forward, the military's and IC's attitude toward security is evolving. "Security used to be locking down the system — locking down the application and controlling the user," Jungck said. "What's now occurring is the shift toward data-focused security."
According to Gattle, four fundamental needs must be addressed to enable data to cross security domain boundaries: tagging of the data set and associated metadata; the use of standards-based access services; the use of an agreed identity-management and access-control system; and the use of guard systems to inspect data and messaging crossing domain boundaries. "The security tagging of all datasets is fundamental to allowing access control to function," he said. The service interface is required to allow the identity-management system to interact with the user data request, and an identity-management and access-control system is required to determine the characteristics of the user and determine his or her data-access rights. The guard system and associated rules are necessary to ensure data does not cross restricted domain boundaries.
"The technical problem to maintaining security is fairly well understood," Gattle said. However, elements that are impacting cross-domain sharing include budget constraints and the need for more mature trust relationships.
