RISSC™ gives the Naval Air Warfare Center Weapons Division at China Lake, CA, the security necessary to protect highly classified information on its secured networks. "Nothing else like RISSC™ is out there", states head electronics technician at China Lake, Ross Seybold. We knew something had to be better than our current computer security system and subsequently went on a serious scavenger hunt to find it. Little did we know we would end up having to develop that system ourselves, with the cooperation of two major manufacturers, that is, one being Radionics, Inc. out of Salinas, CA and the other being Market Central, Inc. out of Houston, PA. RISSC™ was created under a cooperative research and development agreement (CRADA) between the above-mentioned parties and is currently installed here on location.
Main Reasons for Development of RISSC™
For China Lake, there was a tremendous need to find a security system that would protect its secured networks and not hog precious hard drive memory space as a default. Its previous security program, like others on the market, resided in the memory on its computers' hard drives. What this resulted in was a slowing down of the computer, eventually leading to the destruction of its hard drive. As a matter of fact, Ross explains that the late Steve Bouthillier, former assistant special security officer for SCI ADP/Physical Security at China Lake, and major contributor to the development of RISSC™, had stacks and stacks of hard drives that had actually been corrupted to the point where the data was no longer retrievable.
It was this ever-growing hard-drive graveyard that was the main impetus to creating a computer security system that would not take up memory space on a computer's hard drive. As for software programs, it was concluded that for every software programmer that could invent a computer security program, there would be another one right after that could get in the back door. Therefore, they knew they had to develop a system that could be physically disconnected — a completely shielded hardware solution. Ross and Steve figured that, "if you can't get to the computer, you certainly can't hack it." They then decided to incorporate this with Radionics' Readykey® package because of, "its completely open architecture and the support we get from Radionics on that. Since we've been involved with them, even when we come up with little questions about items in their software, they take it back to their factory, review our issues and come out with new revisions, which is really unheard of in the industry today. You usually take what you can get and you're stuck with it — if you don't like it, it's too bad." Just as our physical access control system controls the doors to buildings on our base, we had an urgent need for a computer security system that would control the "doors" to information on our computers and networks. With Radionics' Readykey and Market Central's tamper-proof switches, we knew we were well on our way to creating the best computer security system available today.
Installation at China Lake
The Naval Air Weapons Station China Lake is where the Navy and Marine Corps have developed or tested nearly every significant airborne weapon system in the past five decades. China Lake, like its counterparts around the world, must be able to communicate high levels of classified data with one another in a totally secured environment. A RISSC™ system entails Readykey® for Windows™, a Data Relay Switch (DRS), a Power Relay Switch (PRS), a proximity reader to be located on the computer and another to be located on the DRS. In addition, a door controller is required for every two computers. To keep this network secure, RISSC™ is installed on the two workstations in Ross' building, where access to the secured network is possible. One workstation is on a Mac platform, while the other is on a PC. Since RISSC™ works with any platform, this was not a barrier to installation. Budgets being tighter in the government, spending, of course, is limited. However, in order for its secured network to be secure at each access point, RISSC™ will ideally be installed on each workstation that is connected to the secured network.
Before RISSC™
Besides having software security programs installed, it was imperative the workstations connected to the secured network be tightly guarded. Radionics' Readykey® access control system had been installed throughout the building. To enter the room where the workstations were located, a proximity card would be presented to the reader at the door, giving anyone with an authorized card access to the room. Log sheets had to be signed before booting up one of the computers, and any information downloaded onto a disk had to be stored in a safe or similar location under lock and key. It was a cumbersome process, but necessary for protecting the classified data on the network. Foolproof it was not. Data retrieval was a nightmare. If the IS department needed to know what activities had taken place with a particular workstation, say three or four months back, for example, Ross would literally have to go to the records room, dig up the appropriately dated banker's boxes filled with log sheets, and deliver them. That was the best they could do as far as an audit trail was concerned.
RISSC™ Controlled Entirely by Readykey® System Administrator Computer
Ross is no longer worried about his computer hard drives being overloaded by security programs. He states there are two points of an ever-evolving information system technology that will never change _control of power to a computer platform and control of external connections from a computer platform to networks. The computer security requirements of password protection, authentication, discretionary access control, audit trail and network configuration management, are directly tied to each computer system's power supply and external network connections, which are monitored and controlled by a Readykey System Administrator. This means these basic computer security features no longer reside on each individual computer platform. In other words, as technology advances with new editions to software applications and upgrades to operating systems, the Readykey computer security system will never require upgrading. For the government, and most commercial businesses with tight budgets as well, this is heaven to their ears.
Another benefit to having RISSC™ security functions not installed on individual computers is that the System Administrator computer supervises the access to the computer systems, yet remains totally invisible to the connected user community. Important to Steve was that this freed-up available computer memory could now be better utilized by National Security Agency and National Institute Standards Technology encryption chip methodology to further protect vital government and commercial information while it's being transferred in cyberspace.
Working with RISSC™
Currently, 40 proximity cards have been issued to authorized personnel for these workstations. Just as with physical access control proximity cards, different levels of access can be assigned to different people. Some only have access to the computer itself, while others only have access to the secured network at specific times. The System Administrator says, "it gives me a lot of confidence that no one is going to be able to break into the network from this end of it." With Readykey at the heart of the system, audit trails can be printed instantly. Ross says he can now supply IS with detailed activity reports on these computers at any time and in real time.
To boot up the computer, the attempting user must present his/her card near a reader located on a computer that activates RISSC™'s PRS. If authorized, the user will be able to power up the computer. If not, an alarm is sent to the System Administrator reporting that someone without the proper credentials has just tried to gain access to one of the secured computers. When the user is required to make a connection to the outside secured network, he/she physically turns the DRS to the outside position. Once in this position, the internal LAN is protected from the outside by a physical gap, or "deadbolt" created by the DRS.
The user then presents his/her card to the reader located on the DRS. Again, the system identifies who the user is via an eight-digit, alpha-numeric password, randomly generated at the time of manufacture and embedded in the card. If authorized, the user's name, time, date and network link is sent to the System Administrator, and the network connection is made. If the user is not authorized to access the network, an alarm is generated and sent to the System Administrator, reporting the time, date, computer and name of user attempting entry.
Ross is thrilled with the reliability and level of security RISSC™ brings to his stressful job, and savors the time and energy salvaged from him having to worry about and guard the secured networks' workstations. In addition to these benefits, there is one more that Ross is extremely pleased with, and that is RISSC™'s one-time cost -- "a dream when it comes to staying on a budget".
Windows is a registered trademark of Microsoft Corporation. RISSC is a registered trademark of Radionics, Inc. Readykey is registered with Radionics, Inc. All rights reserved.