When it comes to cybersecurity, it often seems the best prevention is to follow a litany of security “do’s” and “don’ts.”  A former colleague once recalled that at one organization where he worked, this approach led to such a long list of guidance that the cybersecurity function was playfully referred to as a famous James Bond villain: Dr. No! 

However, when done right, cybersecurity shouldn’t be a hurdle to mission outcomes, but rather a trusted enabler to build a more secure and more capable network architecture, allowing organizations to build common operating pictures and accelerate mission outcomes while remaining secure. One of the best examples of cybersecurity as an enabler are Cross Domain Solutions (CDS), an often overlooked but mission critical capability.

Cross Domain Solutions: The Best-Hidden Enabler in Government

As emerging technologies like artificial intelligence (AI) and military initiatives such as Combined Joint All Domain Command and Control (CJADC2) demand increasing availability and velocity of data at all classification levels, mission owners at all levels should realize “the art of the possible” in government system architecture. 

Cross Domain Solutions act as a trusted enabler to broker data transfer and systems access across network boundaries that many have traditionally treated as sacrosanct. As the U.S. and its allies push toward common operating pictures and environments, these technologies are critical to maintaining the information advantage, and thereby the strategic advantage, in a century in which data is our currency and velocity is our leverage.

Speaking broadly, CDS are designed to do one of two things: to allow users to move data from a less trusted network or enclave to a more trusted network or enclave (a task known as cross domain transfer) or to allow users to reference data, applications or entire desktops in a less trusted network or enclave (a task known as cross domain access). Both tasks would normally involve an extraordinary level of security risk, which is why both the technology used in CDS and the systems into which they’re architected are carefully vetted by a team of experts led by the National Security Agency’s National Cross Domain Strategy and Management Office (NCDSMO). 

Cross Domain Transfer: Keep the Information, Ditch the Risk

When transferring data across domains, CDS aim to maintain the operational, intelligence and/or business value of the content in a document (such as the numbers in a spreadsheet or the images and text in a PDF) while mitigating the risk of malicious hidden content in the same document (such as Excel macros or malware embedded in a PDF). They do this through careful inspection and sometimes reformatting of content presented to the CDS, often converting files into accepted formats and data structures for inspection and ingest.

When executed correctly, cross domain transfer enables mission owners to quickly move data into a more trusted environment where it can contribute to a common operating picture, centralized analytic environment or similar database. In this more trusted (and often higher classification) environment, the transferred data can be combined with data from other sources or advanced analytic techniques with much less risk of classification by compilation (the mosaic effect) or analytic overlay.

Cross Domain Access: Pixels In, Keystrokes and Input Out – Not Data

When providing access across domains, CDS must provide audio/video feeds to a trusted environment and user input to less-trusted environments without introducing the risk of arbitrary, unvetted data moving across the boundary. CDS mitigate this risk by creating logical or – in the case of High Threat Networks (HTNs) like the open Internet – physical breaks between the two network environments while using rendering technologies to bring them back together in the same desktop environment. 

When implemented well, access technologies can bring together tactical insights at the secret level, open source and media feeds at the unclassified level, and an intelligence environment at the top secret level into a single environment. Moreover, they can do so without the user hurdles associated with multiple computers while minimizing the overhead associated with the network and desktop sprawl resulting from having to maintain separate networks all the way to the end user. 

Resetting the Narrative Around Cybersecurity

As agencies operationalize AI, partial datasets limited by classification boundaries mean partial models – and partial models mean imperfect decisions. Mission owners should consider flipping the script on cyber awareness by asking how cybersecurity technology can break down traditional barriers and increase IT efficiency via trusted enablers like CDS instead of asking what they need to avoid doing to stay within cybersecurity guidelines. 

The same goes for cybersecurity professionals: if we only tell users what’s forbidden, they’ll see us as blockers rather than enablers and find ways to sidestep policy. Instead, we should take the opportunity presented by AI and other data-centric technologies to educate users on how cybersecurity can unlock better decisions and increase mission velocity.

As AI accelerates our adversaries’ capabilities, the risk of slow decisions or decisions based on partial data is one that no mission can afford. It’s better to focus on how cybersecurity tools like CDS can mitigate not only traditional technical risks, but also the bigger strategic risks of inaction, stovepipes, and technological stagnation.