European Defence Contractor: Military Messaging

Granular security policies and in-depth content filtering for the military messaging backbone of a new NATO BRASS EO HF communications solution.

Business Challenge

Ship to Shore/Ship Communications System

Military and defence organisations need to securely share information, both internally and with NATO, non-NATO nations and partner organisations such as International and Non-Government Organisations. To facilitate this as easily and cost-effectively as possible, the systems used by these organisations need to conform to NATO’s published standards and recommendations.

This defence contractor designed a new military messaging backbone for a NATO Broadcast and Ship to Shore (BRASS) Enhancement One (EO) High Frequency (HF) communications solution.

The highly innovative design combined the rigour and formal structure of military P772 message content with the ubiquity and ease of configuration of SMTP (Internet) email. Mindful of the threat posed by cyber attackers, the contractor needed a high assurance cyber security product capable enforcing security policies on P772 military messages that are carried over SMTP.

Solution

Content Filtering for Military Messaging Backbone

The contractor chose Deep Secure to provide the security component of the next generation military messaging backbone and is currently working with their naval client to roll the solution out across the fleet.

Deep Secure Mail Guards apply complex content filtering policies including sender/recipient checking, file type and content checks, signature, encryption and precedence checks on the P772 military message content.

"Deep Secure’s agile and responsive approach to supporting the new messaging backbone and the ease with which complex security policies can be modelled, configured and enforced were both key factors in selecting Deep Secure."

Results

Secure Information Sharing

Deep Secure Mail Guards form an integral part of the messaging backbone. Military messages exchanged between shore and ship as well as ship to ship can be checked for the presence of the appropriate STANAG 4406 security labels and policy applied according to highly granular policies.

The guards also provide assured separation, ensuring that all communication between the connected domains is controlled and cannot bypass the content filters. They act as application layer proxies, reducing the threat of protocol based attacks by terminating the connection on one side of the guard and creating a new connection on the other side of the guard. They perform deep content inspection, reducing the threat of attacks hidden inside complex data formats.

Taken together these capabilities enable the contractor to offer the client a state-of-the-art, standards-based messaging backbone that enables them to share information securely.

Back