Interoperability path opens
When your job is training ground and air crews for the Air Force and the lives of those crews may depend on what they learn in the exercises you’re conducting, the service’s mantra — Train the
way we plan to fight — takes on new weight.
As the largest instrumented air, ground and electronic combat training range in the world, the Pacific Alaska Range Complex (PARC) wants the best, most realistic training conditions possible. But with disparate secrecy classification levels among aircraft, weapons and systems within the service, let alone throughout the Defense Department or with allies, joint combat training operations have been limited, even at PARC.
To push back those limits, the Pacific Air Force (PACAF) turned to Trusted Computer Solutions (TCS).
PARC’s extensive Air Combat Training System (ACTS) provides real-time air-to-air, air-to-ground and ground-to-air mission capture, monitoring and playback for air crew visual feedback and performance self-evaluation. Major training exercises at PARC are live, virtual and constructive, said Romil Sharma, a secure-systems engineer at TCS.
In live training, real people operate real systems. In virtual training, the people are real but the systems are virtual, typically involving advanced 3-D simulators. In constructive training solutions, real people provide input to a computer system to let simulated people operate simulated systems. “You could construct entities like an
enemy plane or even an entire army of enemy aircraft,” Sharma said.
And “all three have to be interoperable and as close to real-time as you can get,” Sharma said. PARC ACTS is built on the Test and Training Enabling Architecture (TENA), used mainly in training exercises by DOD to communicate with live range equipment such as radar and real — as opposed to virtual — aircraft, Sharma said.
“Pretty much the entire PARC is going to TENA,” said Helen Foor, a civilian engineer with the 353rd Combat Training Squadron technical support element at Eielson Air Force Base, Alaska. Even though everything at PARC is being made TENA-compliant, Foor said, underlying architectures might differ. Simulation technology generally follows Distributed Interactive Simulation or High Level Architecture (HLA) protocols, for example.
The Air Force also needed a way to let devices that have different secrecy classifications communicate with one another securely. “We have classified, unclassified, secret — the whole range — and they have to stay segregated,” Foor said.
For example, Sharma said, “the Air Force may have training equipment — aircraft or missiles, say — that might be secret or classified entities, and they might be doing a training exercise with the Army, which uses mostly unclassified equipment. What they had to have is a way to do that without, essentially, leaking
information. And that’s hard because the devices themselves are communicating.”
The solution needed to be able to specify information that should or should not be shared.
But the big challenge was speed, Sharma said. “Performance requirements meant it had to be near real time. If latency is even one second, it’s no good.”
TCS’ solution: a TENA version of its SimShield product for HLA. The TENA SimShield is a cross-domain solution that allows secure communications among distributed live test and training networks operating under different security classifications and between classified assets and the rest of the TENA community.
The solution has two major components: Trusted Bridge enables communications, and Policy Editor specifies what data may be shared.
Using Policy Editor, “the rule sets can be developed by the customer’s data domain experts,” Sharma said. “The people who know about the data don’t necessarily know C++, [so] a graphical user interface lets them just point and click to construct them.”
The editor offers broad flexibility in defining the rule sets, which are stored in the open-source Postgres database with role-based access. The user can hide all information or selected parts of it while permitting near real-time two-way communication.
For example, an aircraft or missile with the higher security classification can be completely hidden or disguised. “They could modify the data the missile is emitting so the low side doesn’t see it at or sees it as a completely different, unclassified missile,” Sharma said.
The rule sets enforce separate communication filter rules, and incoming data for low and high sides are kept in separate caches. Because they must be pre-approved by the National Security Agency or local DOD certification and authentication authorities, rule sets are created and tested long before the exercises take place.
For security, the TENA guard runs on one computer, and the rule sets are developed on a separate, stand-alone computer. Both run on trusted operating systems: Trusted Solaris 8 or Red Hat Enterprise Linux 5, both of which meet the Common Criteria’s Labeled Security Protection Profile.
INTO THE FUTURE
Development has gone smoothly, Foor said. “I think the biggest challenge to us has been getting it through [the DOD Information Technology Security Certification and Accreditation Process] and the accreditation and certification process,” she said.
The system has been tested at Fort Huachuca, Ariz., Foor said, “and we’re hoping to use it for Northern Edge,” a joint services training exercise scheduled for May.
Although, at press time, the TENA SimShield had not yet won NSA accreditation, Sharma said he felt confident that the agency would grant an interim authority to operate for two weeks during the exercise and a final authority to operate was likely by late summer.
The Air Force and TCS are planning for the next step, however. “We’re the owners of the first” TENA SimShield, Foor said, “but we’ll be training other bases on our system.”
TCS is looking forward to joint exercises with U.S. allies, Sharma said. “We’re going to Australia — next week, I think — and we’ll be discussing the TENA SimShield.”