General Micro Systems (GMS) has officially announced the launch of four cross-domain systems (CDS).
According to certain reports, the stated cross-domain systems pack together an airborne 3-domain CDS, two ground-based CDS systems, and a ¼ ATR OpenVPX-based CDS.
More on the same would reveal how each CDS is based on the X9 distributed computing architecture, capable of delivering mission processing, secure storage and authentication, encryption, networking, and options for SATCOM, AI and data diodes. Furthermore, every single system in play here supports GMS’ new Enhanced SecureDNA™ cyber suite. In case that wasn’t enough, then we must mention how they will also be TEMPEST certified.
CDS effectively provide the gateway between highly secure, classified systems and insecure, often public, systems and networks. You see, they are understood to be well-equipped in the context of providing higher levels of security than multi-domain, such as via data diodes for rules-based routing, and beefier crypto and sanitization for data-at-rest within storage devices.
Next up, we must dig into how cross-domain systems come decked up with an ability to filter the data, make decisions about what data can pass between the domains, and encrypt/de-crypt data on-the-fly, as well as at-rest on storage drives. Making this proposition all the more impressive is a fact that it all happens in real time.
Another detail worth a mention talks to how CDS must also prepare for the eventuality that the vehicle, platform or location coming under enemy control. Hence, it must sanitize and eradicate its data in all kinds of circumstances, often autonomously with no operator ever pushing the big red button.
“In an era of interconnected systems and sensors, ‘joint’ operations between the services, and increasing cooperation between the US and NATO (and other allies)—data is being slung around the battlefield at gigabit rates,” said Ben Sharfi, CEO and Chief Architect of General Micro Systems. “With more and more ‘at the edge’ and embedded processing ‘at the tip of the spear,’ data comes in different colors – red for classified and black for unclassified. Keeping this data correctly categorized while sharing it between machines and allies requires robust cross-domain systems like the four we’re announcing at AUSA. No systems have ever been done like this before.”
We referred to all systems enjoying the high TRL X9 architecture, but what we haven’t mentioned yet is that they can also do so in either Spider small form factor or Venom OpenVPX. Furthermore, given the architecture, GMS was able to make its new systems at a much faster clip. The setup even allowed the company to integrate features like network ports, including fiber optic 100GigE, legacy I/O including MIL-STD-1553, mission processors and AI, plus removable storage using NSA encrypted, NIAP-listed FIPS-140-2 SSDs, and CSfC offerings.
Among other things, we ought to acknowledge that each Domain IO controller has two removable drives: one R/W drive for large data sets and one drive programmable as read-only, intended to store the operating system or mission profile(s). Complimenting the same is GMS’ decision to seal all drives, turning them virtually indestructible. The internal I/O also uses fiber optic connections to minimize EMI, relying on Intel’s Thunderbolt™ 4-over-fiber connection. Here, incoming power is basically isolated and each domain sports has its own power supply, including 3-phase/400Hz AC options and MIL-STD-1275 DC for vehicle power. As for I/O to the outside world, it is opto-isolated and the domains are shielded Faraday boxes.
Turning our attention towards GMS’ improved SecureDNA cyber suite, as before, it allows all storage to be erased along with the system’s firmware and BIOS via button-press, software call, or external input, such as general-purpose input/output (GPIO). The now upgraded suite integrates a Domain IO Controller with CAC authentication card (SIPR token for the Red) for each domain to provide differing enclave security profiles, and a chassis-level System Information Module with daisy-chained physical connection to all modules for preventing removal or tampering.
