by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : September 2013
GCN SEPTEMBER 2013 • GCN.COM 31 "C onnecting the dots" has become an in- creasingly public and controversial practice, as re- cent headlines will attest, but it has always been a primary goal of the intelligence community, and it got more complex after the terror attacks of Sept. 11, 2001. When the 9/11 Commission highlighted the critical impor- tance of collaboration between intelligence-gathering agencies, it still insisted that, for security reasons, the information feeds analysts received from differ- ent networks remain completely separate from each other. At first, that meant analysts needed a dedicated, stand-alone computer, monitor and keyboard for each feed they worked with. Secure KVM switches began to pare the desktop clutter down a bit, but with 17 different net- works in the intelligence com- munity, analysts needed several separate, secure computers just for basic functionality. While it's unlikely that indi- vidual analysts would need ac- cess to every single network, John Woodruff, program man- ager of the Air Force Research Laboratory's Cross Domain So- lutions, Operations and Innova- tions team, has seen some com- plex setups. "It was not unusual at all to find an analyst with six to eight computers on his desk, with each one sitting on a differ- ent network," he said. The solution involved more than decluttering desktops; it had to meet seemingly conflict- ing security and performance requirements. It had to tie all the networks into a single comput- er, but under no circumstances could data on any one network jump to another. And the solu- tion had to support high-perfor- mance applications like video streaming without degrading the performance of the host agency's network. Oh, and it also had to be able to be configured for individual analysts within four hours. After six months of testing, Woodruff and the AFRL team found a solution. Working with Citrix Systems and Intel, they came up with a security plan based on the bare metal hypervi- sor platform, which was able to handle high-performance work- loads and graphically intense applications. To create the program, dubbed SecureView, AFRL took Citrix's XenClient and modified it into XenClient XT so that it delivers the "client-side virtualization of XenClient in a multilevel secure local virtual desktop solution with the highest levels of isola- tion and security," according to Citrix. This modification required setting up a trusted boot process inside dom0 ("domain zero," the first domain created) of the hypervisor. The Xen hypervisor, which runs the virtual machines, can then boot from a secure state. The network stack was also moved into a separate virtu- al machine, so that it would act like any other operating system or network that the hypervisor is responsible for -- ensuring that no data can be sent to it, or leak from it, to any other network. Finally, SELinux was added to dom0 with a custom set of poli- cies to harden the operating sys- tem even further. SecureView will run on any system that supports Intel vPro technology, and supports almost every operating system, includ- ing all flavors of Windows and Linux. Air Force lab teams with industry on the groundbreaking SecurevView, which puts multiple intell feeds on one screen while keeping all the data protected How to share classi ed data and protect it at the same time BY JOHN BREEDEN II CASE STUDY CYBERSECURITY