 |
 |
 |
 |
| |
|||||
|
|
 |
The Global Combat Support System for the Commander in Chief and Joint Task Force Commander (GCSS(CINC/JTF)) is member of the GCSS family of systems that addresses the age-old need for accurate, timely, and complete combat support information to aid in making command decisions. GCSS will be the means by which the CINC/JTF commander accesses disparate data stored in a variety of formats on a number of theater and global data sources, manipulates and converts the data to useful information, and displays it in a manner that assists the commander in making warfighting decisions. Though still in the relatively early stages of its development, several prototype versions of GCSS(CINC/JTF) have proved useful, over the last three years, during military exercises in the Pacific Command (PACOM) Area of Responsibility. With MITRE leading the engineering teams addressing technical and data challenges, GCSS(CINC/JTF) prototypes have been successfully demonstrated to the Chairman of the Joint Chiefs of Staff and other high-ranking Pentagon officials during military and humanitarian operations in Bosnia and Kosovo. When completely mature, GCSS(CINC/JTF) will provide the warfighter with a powerful new decision support capability. GCSS(CINC/JTF) will be approved for operational use on the Secret Internet Protocol Router Network (SIPRNET) this year. This transition to operational use has major implications for the GCSS(CINC/JTF) program beyond those normally associated with turning a prototype into an operational system. MITRE has provided guidance to the Department of Defense (DoD) in making GCSS(CINC/JTF) a worldwide capability, particularly in the areas of user access to data sources and security. The system provides users with access to data sources from both a traditional heavyweight client and web browsers in a secure environment. For client access, public key certificates and Lightweight Directory Access Protocol (LDAP) directories support user authentication and access control. Users must have a certificate issued by the DoD Public Key Infrastructure (PKI) to establish a GCSS(CINC/JTF) account. Certificates and directory data are imported from the DoD PKI into a GCSS(CINC/JTF) LDAP directory, which is replicated to GCSS(CINC/JTF) server sites worldwide. Users access GCSS(CINC/JTF) web servers over Secure Sockets Layer connections. GCSS(CINC/JTF) uses its LDAP directory to authenticate the user and check the user’s privileges. GCSS(CINC/JTF) will be the first DoD IT system using DoD PKI certificates on the SIPRNET to become operational worldwide, making the establishment of an operational DoD PKI supporting classified users, complete with clearly defined processes and security community acceptance, an important priority. Hence, part of the GCSS(CINC/JTF) fielding process must be to work out the roles and responsibilities for user validation at each of the sites where GCSS(CINC/JTF) will be fielded. User and site responsibilities for certificate protection must be identified and supported by users. It has become very clear that, while worldwide capability obviously entails both hardware and software, both people and procedures are also critical components. Security approval of GCSS(CINC/JTF) software and servers has proven to be another challenge. Web servers and data access middleware servers will be deployed worldwide, with five regional servers planned. Heavy client software is installed on Global Command and Control System (GCCS) client workstations because GCSS(CINC/JTF) extends GCCS capabilities. Thus the client software must be approved by GCCS accreditors and certifiers, while the accrediting and certification of the regional servers require both local site and global approval by the Joint Staff. It has been a challenge to reach agreement on who should be the type and site Designated Approval Authorities for GCSS(CINC/JTF). GCSS(CINC/JTF) currently runs only on SIPRNET and can access only data sources that also reside on that network. However, much of the data needed to support warfighter requirements only exists on unclassified networks. To access data on unclassified servers, a high assurance guard must be inserted between the unclassified and classified networks to ensure that data transferred from the unclassified side to the classified side compromises neither the integrity of the classified network nor the data on it. Most available guard technologies use file-based transfer protocols that limit the integration of the networks to data replication. This leads to potential data timeliness issues because of replication delay and resource cost for maintaining the replicated information on the high side. New guard technologies using socket-based connections are evolving and may allow for a dynamic query capability from clients on the high side to servers on the low side. There are significant issues regarding either approach that will lead to significant changes in the existing GCSS(CINC/JTF) operational concept. MITRE security experts have had significant involvement with GCSS(CINC/JTF) for some time. MITRE has identified security requirements, design alternatives, and potential issues with software testing, operational deployment, and future capabilities. They recommended that GCSS(CINC/JTF) address security issues and involve the agencies who would do security testing and accreditation as soon as possible. MITRE has monitored evolving Joint Staff policies on GCCS security, PKI, directories, and related concerns and advised DISA on their impacts and approaches to complying with those policies. Worldwide fielding causes challenges for providing information to the warfighter. Many data sources contain only data of interest to a specific region or CINC. For example, the ‘XYZ’ data base in European Command (EUCOM) will contain data relevant to EUCOM; a different data base with the same name and structure in the PACOM will contain data relevant to PACOM; and there will be still other data bases with the same name and structure and with different data yet. This presents a challenge in providing a global view of a particular Combat Support situation. The commercial software packages and custom software components GCSS(CINC/JTF) uses do not currently support access to multiple data bases having the same name and structure but different contents. GCSS(CINC/JTF) can access only one instance of such a database, providing the user with a view of the data that is specific to a particular region or CINC that owns the data base. MITRE believes that military operations are no longer isolated theater actions, especially in the worldwide supply-chain management environment of GCSS(CINC/JTF). Future versions of GCSS(CINC/JTF) must access all the databases, fuse the data, and provide a consolidated view to the user, allowing global access to data. MITRE Systems Engineering is leading the effort to revise the GCSS(CINC/JTF) architecture and software to provide this more robust global view of information. With MITRE’s System Engineering and Integration assistance, GCSS(CINC/JTF) will continue to enhance its architecture in an effort to respond to the needs of the Combat Support community for both regional and global users at all echelons and in both an unclassified and classified environment. For more information, please contact Joyce Nickelson using the employee directory. |
Solutions That Make a Difference.® |
|
|
