Skip to navigation Skip to content

DoD Agency Secures its Supply Chain

The Agency sought the most affordable, agile, secure, and high-bandwidth VPN tunneling and network intelligence solution for use at the edge.

Download PDF

Background

Client Profile

An agency within the Department of Defense which has responsibility for protecting our country and its strategic interests, Allies and critical research & development.

Challenge

As part of daily operations, the U.S. Government Defense Agency sends and receives communications from suppliers and partners across the globe. These communications contain sensitive information critical to the Agency’s mission.

Eighty percent of all reported cyber breaches come through the supply chain. Remotely-located network devices and/or personnel using untrusted, unclassified, Internet based networks (public/free WiFi, foreign telco networks, etc.) are all vulnerable to network attacks and threats.

The Agency does not control supplier or partner equipment and relies on the end user to adhere to established security policies. Unfortunately, most suppliers do not have the security personnel or robust security systems to thwart sophisticated or nation state attacks.

Unclassified information systems remain a primary attack vector for cyber-adversaries, the results of which can translate into millions of dollars in losses, as well as posing a clear and present threat to our national security.

Solution

dimentions

 

Rather than restrict the use of Internet networks and lose the advantages of speed, convenience and security, the Agency sought an agile, simple and highly secure solution to modernize their legacy infrastructure. The GoSilent Firewall and VPN was determined to be the easiest-to-configure and most portable hardware VPN solution to secure the data transport and site-to-site network communications from suppliers’ personnel in the field.

access-icon

Highly Secure

Top Secret level encryption, NIAP certification, enterprise-grade firewall.

click-icon

Plug-and-Play

Works instantly with any IP-enabled device, ease of use for non-technical users

icon--powerful-chip

Portable

Fits in the palm of your hand. (2.5x2x1 inch, 3oz).

audit-log

Invisible

IP address obfuscation for all in and outbound data.

firewall-icon

Isolated

Full PC isolation from Captive Portal exploits.

dollar-icon

Affordable

Highly cost effective when compared to other solutions or device re-configuration.

roles-icon

Deployment

Via cloud or on-premise. Self-provisioning automatically applies enterprise policies to any device.

How They Did It

The processing and sharing of information across unencrypted links from remote or offsite locations is a major concern for all Defense Industrial Base (DIB) partners. Internet based communications offer the advantage of speed and availability, but the channels carry an inherently unacceptable security risk.

Solutions to these challenges typically revolve around three scenarios:

  1. Prohibit the use of unclassified network communications.
  2. Issue devices re-configured to thwart cyber threat.
  3. Implement an add-on solution.

Prohibition of use fails due to enforcement limitations in addition to the loss of a fast and convenient form of communication.

Issuing newly configured devices is cumbersome, difficult to interoperate, manage and is cost prohibitive. With the market’s rapid rollout and wide diversity of devices, aftermarket reconfiguration will always lag behind.

With GoSilent, the Agency meets the criteria of implementing an out-of-the-box solution. The Agency also satisfied the demanding characteristics that government grade security must provide, such as:

  • PC Protection – Filters all data traffic, unsolicited data request denied. Protection from cyber-attacks, identity theft & malware.
  • Commercial National Security Algorithm (CNSA) Suite (aka Suite B) – Built-in Top Secret level cryptography.
  • Captive Portal Isolation – Isolates PCs from malicious WiFi malware downloads.
  • IP Obfuscation – Masks IP address of all in and outbound data traffic.
“Legacy and IoT equipment required an easy-to-configure and managed network security solution that can be retrofit and remain transparent to the systems they secure.”

Conclusion

As the cyber attacks become more aggressive and sophisticated, government agencies require solutions that can be layered in quickly, work well behind the scenes, and offer the highest level of security.

As the GoSilent solution is deployed to DIB facilities, the Agency will seamlessly upgrade its entire network security footprint without compromising daily business operations.

Furthermore, no DIB will be required to update their legacy equipment. With GoSilent, the U.S. Defense Agency choose an agile and robust response to cyber risks now and will remain confident in the security of its supply chain worldwide.

Notes & Diagrams

DIB Secure Transport

DIB-Secure-Transport

U.S. Defense Agency ultimately selected GoSilent based on the following key provisions:

1. CNSA (Suite-B) Quantum-Resistant Encryption - TS/SCI “quality” encryption for unclassified systems.

GoSilent Cyber Security Provisions

cybersecurity-provisions

3. Industry leading performance per watt, 90 MegaBit/Sec Throughput

4. Captive Portal Bypass - Secure authentication through public WiFi access points (coffee shops, airports, hotels, etc.).

5. Over-the-Air Update - Push-button device firmware update.

6. Applies NSA and DoD – Top-secret level - Approved Best Practices.

7. NIAP and Common Criteria (CC) certification pending for the following Protection Profiles (PP) to appropriately cover Attila’s products for use by enterprise and government National Security Systems: Firewall - CPP_FW_V2.0E and VPN Gateway - EP_VPN_GW_V2.1.