Portable, hand-held devices such as digital cameras and smart phones improve battlefield situational awareness and intelligence collection capabilities for dismounted personnel. Information collected using these devices, particularly images, may be transferred to systems such as the Force XXI Battle Command Brigade and Below (FBCB2), Joint Battle Command Platform (JBC-P) and the Tactical Ground Reporting System (TIGR).
Commercial Off-the-Shelf (COTS) portable devices are inexpensive and provide great utility. However, they often lack security features essential to military operations and their use must be limited to unclassified information. Such devices are also a threat vector, providing a conduit for malware to be introduced into critical Command, Control, Communication, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) systems. Moreover, battlefield C4ISR systems generally operate at the Secret security classification level or higher.
A Cross Domain Solution (CDS) allows the secure transfer of information between two or more differing security domains. For example, a CDS may serve as the conduit for moving a data file from a computer system connected to the Non-secure Internet Protocol Router Network (NIPRNet), an Unclassified-level security domain, to the Secure Internet Protocol Router Network (SIPRNet), which is a Secret-level security domain
A CDS may include a Cross Domain Gateway (CDG) to automate transferring information between security domains (a.k.a., enclaves). The Cross Domain Gateway (CDG) acts as a network gateway device, physically interfacing the computer networks constituting the security domains.
Conventional CDGs are continuously connected to both networks. The CDG may be connected simultaneously via Ethernet to both the lower security classification and higher security classification computer networks. Since the connection is continuous, such CDGs must filter transferred data based on user-programmable rule sets. Data may be sent through the CDG unaltered, redacted during transfer, or blocked entirely. This places a substantial burden on CDG hardware design and software, particularly in view of the need to update the user-programmable rule sets to counter the most recent computer security threats.