Picture yourself in a Homeland Security Operations Center in the midst of a mission to safeguard a public event. You are surrounded by displays, each feeding information from various multiple classified networks. Some information is visual, some textual, and some is a mix of both. You are surrounded by a flood of information flow that demands instantaneous reaction time to ensure public safety.
Operational efficiency is paramount. Data is being served up from multiple computers at each operator station, some with as many as four separate computers with four sets of keyboards and mice. For security purposes, data from different classified and non-classified networks cannot be commingled, so a separate set of mouse and keyboard peripherals is deployed at each computer. As you watch changing conditions and message alerts on your displays from various classified sources, you must physically move from one set of keyboards and mice to another set to interact with the information flowing in from that particular network.
However, rather than operate from four sets of peripherals, an alternative is to use a four port Secure KVM (keyboard, video, mouse) or KM (keyboard/mouse) switch to improve the effectiveness of the operator’s ability to navigate from one network source to another. A single set of mouse and keyboard peripherals is shared across multiple network sources and is selected with a push of a button or a click of a mouse to improve reaction time and natural workflow and increase situational awareness.
Traversing multiple domains with a mouse click
Specialized KVM designs have received National Information Assurance Partnership (NIAP) and Common Criteria certifications for many years. A new secure desktop technology has emerged to address the need to deliver high degrees of situational awareness in stress filled command and control center environments. This technology – called Secure KM switching – recently obtained NIAP Protection Profile 3.0 certifications (PP3.0 for short), the newest and highest information assurance security standard for KVM and KM switching products. PP3.0 now supersedes the older EAL4+ Protection Profile 1.2 and EAL2+ Protection Profile 2.1 certifications. Security is defined as complete prevention of data migration from one network to another. With KVM/KM technology, this separation is achieved by using one-time programmable IC’s, isolated paths per KVM port, uni-directional optical data diodes, anti-tamper triggers, no memory buffers, and much more.
For the first time, thanks to PP3.0 certifications, information assurance officers can authorize IT managers to use KM switching in highly volatile crisis centers. KM switching allows a mission operator to traverse multiple classified networks simply by moving the mouse onto the target display with which he/she wants to interact. After the mouse crosses into the display screen, keyboard and sound instantly follow. Where initially the user was on an unclassified network doing an Internet search, by moving his/her mouse to the display connected to a classified network, the analyst is now viewing a directive from his commanding officer concerning an altercation in a global hot spot.
Of course, display orientation on a command center desktop can have wide-ranging variables that involve as few as two, or as many as 32 displays: side by side; up and down; portrait and landscape orientations; with different sized displays and various wall mount positioning.
To make installation straightforward, 40 common display orientations are pre-programmed into the KM switch installation set-up that address about 98 percent of the field use cases. However, for the remaining two percent, additional customized orientations can be created by the network administrator using an optional software tool provided with the KM switch.
Eliminating mice, keyboards, desktop clutter
The Secure KM switch can take on additional highly sought-after features by connecting it to new 43” quad displays that are entering the market. This combination, like adding chocolate chips to vanilla ice cream, elevates two good products into a better product – the chocolate chip ice cream equivalent for secure desktop designs.
Multiple input displays have the unique ability to connect four input devices. That ability enables the single display to be segmented into quadrants where each quadrant has a separate video feed from its unique source. The sources can be PCs, thin clients and zero clients. In the case of classified and unclassified networks, each of the four screen segments can represent a unique network – the Non-Secure Internet Protocol Router NETwork, DOD’s networkfor exchanging "sensitive but unclassified" information; DOD’s Secret Internet Protocol Router Network for the exchange of classified information and messages at the SECRET level; the Joint Worldwide Intelligence Communications System, a Top Secret/SCI network run by the Defense Intelligence Agency and used across DOD and the Departments ofState, Homeland Security and Justice; and the Combined Enterprise Regional Information Exchange System, which is a collection of classified coalition networks called enclaves that enable information sharing through the use of email and Web services, instant messaging or chat, the Common Operational Picture service and Voice over IP.
Although four sources may be shown simultaneously, the limitation is that only one segment is active and the other three are passive, like picture-in-picture television. Thus, if one keyboard and one mouse are used from one source, one segment is active and the other three are passive. The operator can view the outputs, but he/she cannot interact with three of the four. To interact with any of the quadrants, keyboards and mice must be provided for each. Therefore, eight peripherals need to be placed in front of the operator to achieve full functionality.
Introduce a four port Secure KM switch into the equation and the three passive screens become three active screens. A single keyboard and mouse is connected to the KM switch. The PC, thin client or zero client keyboard and mouse USB outputs connect to the KM’s inputs. The secure KM switch allows keyboard and mouse switching between the source devices.
The benefits are instantly recognized. The operator can move his mouse into any quadrant and when he/she clicks the mouse, keyboard and sound follow into that quadrant. The operator is now fully interactive with that network. Moving to the next network to interact with its programs is as simple as moving the mouse and clicking.
The large 43” display canvas allows a tremendous amount of flexibility. Depending on changes dictated by the mission at hand, the display feeds can be sized to fit the requirement. If full screen is needed to see exacting detail, one quadrant can be expanded to full screen with a button push on the display.
Four domains on one display
Full situational awareness does come with a real estate cost to deliver persistent visualization. All screens, all information feeds, are visible all the time, which means four networks need four displays, minimally.
If the command center will not support that many displays per operator, an alternative that still delivers full situational awareness is Windowing KVM technology. With a Windowing KVM, all four separate network domains are displayed on one or two displays in Window tiles. The display real estate is subdivided to accommodate four equally sized quadrants on one display. Or, on two displays, the primary screen can show one network while the second display can exhibit three secondary window tiles. Since source information is fed from each separate domain, the Window tile carries the source background designation. Thus an unclassified network may have a green background, secret may be red, top secret may be orange, etc. Administrators can define different colors as well if desired.
The window sizing for each network can be changed by the administrator and saved via three profiles, which is especially handy if the desktop will be used by multiple people throughout the workday. It is important to note that the video feed is real-time for each network, regardless if the analyst is working in that network. This is important, as many consumer type solutions use Picture-In-Picture (PIP) video feed which does not allow the viewing of real-time video occurring on each network.
Moving from network to network is similar to KM behavior in that the mouse location in the desired tile determines the network with which the keyboard, sound and mouse interact.
Selection is done by using a five button mouse; the extra buttons are used to enter and exit a network, versus moving a cursor from one display to the next as with the KM. The tradeoff, as compared with using a KM switch, is the analyst gets a portion of available display real estate to command with a Windowing KVM. Using a dual display set up, whatever network is selected can be viewed on the primary screen (entire screen for the selected network) with networks 2, 3 and 4 in small windows on the secondary screen. That is acceptable in many situations but may not be acceptable with applications that require a lot of detailed visual imagery. The most important aspect that Windowing KVMs overcome is space limitations. If the work assignment is on a submarine, in a Humvee, emergency response vehicle or the like, space is at a premium. There may only be room for one or two displays.
Increasing work efficiencies and reducing fatigue
Rounding out the secure desktop options is the traditional Secure KVM switch. This is the most prevalent type deployed in the federal government, primarily because a secure KVM switch addresses the more common work load of a DoD or Intelligence Community employee. Not everyone works on command center watch floors in crisis situations that demand full situational awareness. In multiple level security environments that have more relaxed reaction time demands, operators switch their displays, keyboard, and mouse from network to network by pushing a selector button on the KVM switch. Although not as elegant as moving a mouse to traverse networks, pushing a button to select the desired network feed from a comfortable stationary viewing position still allows a quicker response time and is far superior to swiveling from one keyboard/mouse location to another location all day long.
New PP3.0 certified KVM and KM technologies even address the NIPR/SIPR unclass/class desktop – the most ubiquitous combination in the federal government today. Features such as extended push button control for switching between networks and transparent network migration of keyboard, mouse and sound with the click of a mouse are now available for entry level Multiple Level Security projects with the use of FLIP KVM/KM products. The starting price range for the entry level Secure KVMs is about $350 and as COTS products they are available on GSA, SEWP, NETCENTS, CHESS and other contract vehicles.
Command centers that do not use KVM, KM, or Windowing KVM products pay a costly price. Four separate domains demand four separate sets of peripherals – displays, mice and keyboards. Valuable desk space is consumed with that many peripherals, the clutter becomes a distraction and operational efficiency is not optimum. Moving back and forth from one set of mice and keyboards to as many as three others is cumbersome, ergonomically challenging and fatiguing from constant swiveling between peripherals.
Remember that Homeland Security Operations Centers’ mission is to safeguard a public event? Eliminating fatigue improves reaction time, and with mission critical exercises, the ability to react as fast as possible to an alert is a primary objective.
Jim Zakzeski is currently with Belkin Federal’s Cybersecurity Division and has delivered secure desktop solutions to the federal community for more than 25 years. He was formerly VP, sales and marketing for Clearcube Technology and Cubix Corporation.
